Shulou(Shulou.com)06/03 Report--

Cloud computing overview of OpenStack basic theory cloud computing in a narrow sense refers to the delivery and usage model of IT infrastructure cloud computing in a broad sense refers to service delivery and usage model cloud resources network resources storage resources server resources cloud computing service model IaaS (infrastructure as a service) provides underlying IT infrastructure services Including processing power, storage space, Network resources and other general object-oriented is IT managers PaaS (platform as a service) to install the development environment of the system platform as a service to users through the Internet generally object-oriented is the developer SaaS (Software as a Service) to provide software and application services directly to users through the Internet generally oriented object is the general user OpenStack overview of a cloud computing model A project NASA and Rackspace jointly developed and launched a free software and open source project licensed under the Apache license, an open source project aimed at providing software for the construction and management of public and private clouds covers the network, OpenStack service framework for virtualization, operating system, server, etc.

Service project name describes Compute (Computing Service) Nove is responsible for instance life cycle management, computing resource units. Block Hypervisor, support a variety of virtualization technologies (red hat defaults to KVM), support scale-out Network (network service) Neutron is responsible for the management of virtual network, and create a network topology for the instance. Is a tenant-oriented network management, you can define your own network, each tenant does not affect each other Identity (identity authentication service) Keystone is similar to LDAP service, authenticates and authorizes users, tenants, roles and services, and supports multi-authentication mechanism Dashboard (control panel service) Horizon provides a WEB management interface Interacting with OpenStack underlying service Image Service (mirror service) Glance provides registration and management of virtual machine image templates, copies the finished operating system into image templates, which can be directly used when creating virtual machines, and can support multi-format image Block Storage (block storage service) Cinder is responsible for providing persistent fast storage devices for running instances, which can be easily extended and paid on demand. Support multiple back-end storage Object Storage (object storage service) Swift provides basic cloud elastic storage for OpenStack, and cluster no single point of failure Telemetry (metering service) Ceilometer is used to measure, monitor and control the centralized source of data resources. Important components of OpenStack introduce OpenStack Authentication Service (Keystone)

Keystone provides authentication and access policy services for all OpenStack components. It relies on its own REST (based on Identity API) system to work. It mainly authenticates and authorizes Swift, Glance, Nova and so on. In fact, authorization authenticates the legality of the request of the action source. The following figure shows the authentication service flowchart:

Keystone uses two authorization methods, one based on username / password, the other based on token (Token).

In addition, Keystone provides the following three services:

Token service: contains authorization information for authorized users

Directory service: a list of available services that contain legitimate actions by the user

Policy service: use Keystone to specify certain access rights of users or groups

Note for keystone authentication service: service entry: each OpenStack service, such as Nova, Swift and Glance, has a specified port and a dedicated URL, which is called endpoints. Location: in a data center, a location specifies a physical location. In a typical cloud architecture, it is also called location if not all services access distributed data centers or servers. User: Keystone authorized user

PS: represents an individual, and OpenStack authorizes services to them in the form of users. The user has a certificate (credentials) and may be assigned to one or more tenants. After authentication, a specific token is provided for each individual tenant.

Services: in general, any component that is connected or managed through Keystone is called a service. For example, we can call Glance a service of Keystone.

Roles: in order to maintain security restrictions, the roles associated with that user are very important in terms of actions that can be performed by a specific user in the cloud.

PS: a role is a collection of permissions applied to a tenant to allow a specified user to access or use a specific action. A role is a logical grouping of permissions that allows common permissions to be simply grouped and bound to users associated with a given tenant.

Rental room: a rental room refers to a project with all service entrances and specific member roles.

PS: a lease room is mapped to a "project-id" of a Nova. In object storage, a lease room can have multiple containers. Depending on how it is installed, a rental room can represent a customer, account, organization, or project. OpenStack computing facility-Nova

Nova is a flexible controller for OpenStack computing. All the actions required for the lifetime of OpenStack cloud instances will be processed and supported by Nova, which means that Nova takes the stage as a management platform and is responsible for managing computing resources, network, authorization and measurement of the entire cloud. Although Nova itself does not provide any virtual capabilities, it will use libvirt API to interact with the host of the virtual machine. Nova provides processing interfaces through the Web service API, and these interfaces are compatible with Amazon's Web service interface.

Functions and features: instance life cycle management, computing resource management network and authorization management. REST-based API asynchronous continuous communication supports a variety of hosts: Xen, XenServer/XCP, KVM, UML, VMware vSphere and Hyper-VNova Elastic Cloud (OpenStack computing component) consists of the following main components: API Server (nova-api) message queuing (rabbit-mq server) Computing Workstation (nova-compute) Network Controller (nova-network) Volume Management (nova-volume) Scheduler (nova-scheduler): 1) API Server (nova-api)

API server provides the interface between cloud facilities and the outside world, and it is the only channel for outside users to manage the cloud. The API of various EC2 is called by using web service, and then the API server sends the request to the target facility in the cloud through message queue for processing. As an alternative to EC2-api, users can also use OpenStack's native API, which we call "OpenStack API".

2) message queuing (Rabbit MQ Server)

OpenStack uses message queuing to communicate on the basis of AMQP (Advanced message queuing Protocol). Nova makes an asynchronous call to the request reply and triggers a callback as soon as the request is received. Due to the use of asynchronous communication, no user's actions are placed in a waiting state for a long time. For example, the process of starting an instance or uploading a mirror is time-consuming, and the API call will wait for the result to be returned without affecting other operations, where asynchronous communication plays an important role and makes the whole system more efficient.

3) dispatcher (nova-scheduler)

The scheduler is responsible for delivering the nova-API call to the target. The scheduler runs as a daemon called "nova-schedule" and selects the arithmetic server appropriately from the pool of available resources based on the scheduling algorithm. There are many factors that can affect the scheduling result, such as load, memory, distance of child nodes, CPU architecture, and so on. What is powerful is that the nova scheduler uses a pluggable architecture.

At present, nova scheduler uses several basic scheduling algorithms:

Randomization: the host randomly selects available nodes; availability: similar to random, except that the range of random selection is specified; simplification: in this way, the host chooses the one with the least load to run the instance. Load data can be obtained from elsewhere, such as load balancing servers. 4) Computing workstation (nova-compute)

The main task of the computing workstation is to manage the entire life cycle of the instance. They receive requests through message queues and execute them, thus performing various operations on the instance. In a typical actual production environment, many computing workstations will be set up. According to the scheduling algorithm, an instance can be deployed on any available computing workstation.

5) Network Controller (nova-network)

The network controller handles the network configuration of the host, such as IP address assignment, configuring the project VLAN, setting security groups, and configuring the network for compute nodes.

6) Volume workstation (nova-volume)

The volume workstation manages LVM-based instance volumes, which can create, delete, attach, or detach volumes from an instance. Why is volume management so important? Because it provides a means to maintain the continuous storage of an instance, for example, if the root partition is non-persistent after the end of an instance, any changes to it will be lost. However, if you separate a volume from an instance, or attach a volume to that instance, the data is saved even if the instance is closed. This data can be reaccessed by attaching the volume to the original instance or other instance.

Therefore, for future access, important data must be written to the volume. This application is particularly important for the storage of data server instances.

OpenStack image server-Glance

OpenStack image server is a virtual machine image discovery, registration and retrieval system. We can store the image in any of the following storage:

Local file system (default) S3 direct storage S3 object storage (as an intermediate channel for S3 access) OpenStack object storage and so on. Functions and features: provide mirroring related services. Glance components: 1) Glance-API:

It is mainly responsible for receiving Restful requests in response to mirror management commands, analyzing message request information and distributing its commands (such as add, delete, update, etc.). The default binding port is 9292. 2) Glance-Registry:

It is mainly responsible for receiving Restful requests in response to mirror metadata commands. Analyze the message request information and distribute the commands it carries (such as obtaining metadata, updating metadata, etc.). The default bound port is 9191. OpenStack storage facility-Swift

Swift provides a distributed, persistent virtual object storage for OpenStack, which is similar to Amazon Web Service's S3 simple storage service. Swift has the ability to store hundreds of objects across nodes. Swift has built-in redundancy and failure backup management, and can also handle archiving and media streams, especially for big data (gigabyte) and high-capacity (multi-object number) measurements.

Swift functions and features: massive object storage large file (object) storage data redundancy management archiving capability-processing big data set provides data containers for virtual machines and cloud applications processing streaming media objects secure storage backup and archiving good scalability Swift component Swift account Swift container Swift object Swift proxy Swift RING

Swift proxy server

Users interact with the proxy server through Swift-API. The proxy server is the doorman that receives external requests. It detects the location of legitimate entities and routes their requests.

In addition, the proxy server also processes the failed entity to route the request repeatedly when the entity fails and transfers.

Swift object server

Object server is a kind of binary storage, which is responsible for the storage, retrieval and deletion of object data in local storage. Objects are typical binary files stored in the file system, metadata with extended file attributes (xattr).

Note: the xattr format is supported by ext3/4,XFS,Btrfs,JFS and ReiserFS in Linux, but there are no valid tests to prove that it works well under XFS,JFS,ReiserFS,Reiser4 and ZFS. However, XFS is considered to be the best option right now.

Swift Container Server

The container server will list all the objects in a container, and the default list of objects will be stored as a SQLite file. (note: it can also be changed to MySQL, which is the example of MySQL in the installation). The container server also counts the number of objects contained in the container and the storage space consumption of the container.

Swift account server

The account server is similar to the container server in that it lists objects in the container.

Ring (index ring)

The Ring container records the location information of physical storage objects in Swift, which is a virtual mapping of entity names of real physical storage locations, similar to an indexing service that finds and locates the real physical locations of entities in different clusters. Here, entities refer to accounts, containers, and objects, all of which have their own different Rings.

Web interface managed by OpenStack-Horizon

Horizon is a Web control panel for managing and controlling OpenStack services. It can manage instances, mirror images, create key pairs, add volumes to instances, manipulate Swift containers, and so on. In addition, users can use the terminal (console) or VNC to access the instance directly in the control panel.

In short, Horizon has the following features: instance management: creating and terminating instances, viewing terminal logs, VNC connections, adding volumes and other access and security management: creating security groups, managing key pairs Set preferences such as floating IP: different preferences for virtual hardware templates: image management: edit or delete image view service directory management user, quota and project usage user management: create user volume management: create volume and snapshot object storage processing: create and delete containers and objects download environment variables Openstack network structure diagram for the project

The whole OpenStack is composed of four parts: control node, computing node, network node and storage node. (these four nodes can also be installed on a single machine and deployed on a stand-alone)

Where:

The control node is responsible for controlling the rest of the nodes, including virtual machine establishment, migration, network allocation, storage allocation, etc.

The compute node is responsible for running the virtual machine.

The network node is responsible for the communication between the external network and the internal network.

Storage node is responsible for additional storage management of virtual machines, and so on.

# Control node architecture: control node includes the following services-Management support Service-basic Management Service-extended Management Service # 1) Management support Service includes two services: MySQL and Qpid-MySQL: where the database is stored as the data generated by the basic / extension service-Qpid: message broker (also known as message middleware) for various other services Provides a unified message communication service # 2) basic management services include Keystone Glance,Nova,Neutron,Horizon five services-Keystone: authentication management service, which provides the management, creation, modification, etc. of authentication information / tokens for all remaining components. Using MySQL as a unified database-Glance: image management service, it provides the management of images that can be provided when virtual machines are deployed, including the import and format of images, and the creation of corresponding templates-Nova: computing management services Provides the management of the Nova of computing nodes, using Nova-API for communication-Neutron: network management service, provides network topology management of network nodes, and provides the management panel of Neutron in Horizon-Horizon: console service, which provides the management of all services of all nodes in the form of Web. This service is often referred to as DashBoard #) extended management service includes Cinder,Swift,Trove,Heat Centimeter five services-Cinder: provides Cinder correlation for managing storage nodes, and provides Cinder management panel in Horizon-Swift: provides Swift correlation for managing storage nodes, and provides Swift management panel in Horizon-Trove: provides Trove correlation for managing database nodes, and provides Trove management panel in Horizon-Heat: provides template-based resource initialization and dependency processing in cloud environment. Basic operations such as deployment can also solve advanced features such as automatic shrinkage and load balancing. -Centimeter: provides monitoring of physical and virtual resources, records the data, analyzes the data, and triggers the corresponding actions under certain conditions # generally speaking, the control node only needs one network port for communicating / managing each node # Network node architecture # Network node only contains Neutron service Neutron: responsible for managing the communication between private and public network segments And managing communication / topology between virtual machine networks Managing fire protection on virtual machines, etc. # Network node contains three network ports-eth0: for communication with control nodes-eth2: for communication with computing / storage nodes other than control nodes-eth3: for communication between external virtual machines and corresponding networks # # Compute Node Architecture # Compute nodes contain Nova,Neutron Telemeter three services 1) basic services-Nova: provide virtual machine creation, operation, migration, snapshot and other services around the virtual machine, and provide API docking with the control node, the control node sends tasks-Neutron: provide communication services between the computing node and the network node 2) extended services-Telmeter: provide the monitoring agent of the computing node and feedback the situation of the virtual machine to the control node Is Centimeter proxy service # Compute node contains at least two network ports-eth0: communicate with control node, unified deployment of controlled node-eth2: communicate with network node and storage node # # Storage node architecture # Storage node includes services such as Cinder,Swift-Cinder: block storage service, provide corresponding block storage, to put it simply, it is to virtualize a disk It can be mounted to the corresponding virtual machine without being affected by the file system and other factors. For the virtual machine, this operation is like adding a new hard disk, which can complete any operation on the disk, including mounting, unmounting, formatting, converting the file system, etc., mostly applied to the space expansion in the case of insufficient virtual machine space, etc.-Swift: object storage service, providing corresponding object storage To put it simply, it is a virtual disk space in which files can be stored, only files can be stored, and file systems cannot be formatted. Most of them are used in cloud disks / files # storage nodes contain at least two network interfaces-eth0: communicate with control nodes and accept control node tasks Unified provisioning of controlled nodes-eth2: communicate with computing / network nodes to complete all kinds of tasks issued by the control node

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.