Shulou(Shulou.com)06/02 Report--

This article introduces the relevant knowledge of "What is the OpenStack architecture design method". In the operation process of actual cases, many people will encounter such difficulties. Next, let Xiaobian lead you to learn how to deal with these situations! I hope you can read carefully and learn something!

OpenStack is an open source cloud computing platform that supports multiple virtualization environments, and its service components provide API interfaces for secondary development.

OpenStack provides Infrastructure-as-a-Service (IaaS) solutions through a variety of complementary services. Each service provides an application Programming Interface (API) for easy integration.

openstack logical architecture

OpenStack itself is a distributed system. Not only can individual services be deployed, but components in services can also be deployed. This distributed nature makes OpenStack extremely flexible, scalable, and highly available. Of course, from another perspective, this also makes OpenStack more complex than the average system and more difficult to learn.

In the following chapters, we will learn more about Keystone, Glance, Nova, Neutron, and Cinder, which are the most important and core services of OpenStack.

The main projects of openstack core and extension are as follows:

OpenStack Compute (code-name Nova) Compute Services

OpenStack Networking (code-name Neutron) Network Services

OpenStack Object Storage (code-name Swift)

OpenStack Block Storage (code-name Cinder) Block Device Storage Service

OpenStack Identity (code-name Keystone) authentication service

OpenStack Image Service (code-name Glance)

OpenStack Dashboard (code-name Horizon) Dashboard Services

OpenStack Telemetry (code-name Ceilometer) Alert Service

OpenStack Orchestration (code-name Heat) Process Services

OpenStack Database (code-name Trove) Database Services

OpenStack services are loosely coupled through unified REST-style API calls. The figure above is an overview of API calls between OpenStack services, where solid lines represent client API calls and dashed lines represent communication between components via rpc calls. The advantage of a loosely-coupled architecture is that developers of individual components can focus only on their respective domains, and changes to their respective domains do not affect other developers. However, on the other hand, this loosely coupled architecture also brings certain difficulties to the maintenance of the entire system, and the operation and maintenance personnel need to master more system-related knowledge to debug the problematic components. So it's essential for developers and maintainers to understand how components call each other.

For experienced OpenStack users new to Linux, openstack is easy to use and will be introduced step by step in subsequent openstack articles.

OpenStack projects and components

OpenStack services

Dashboard Horizon provides a web-based self-service portal that interacts with OpenStack's underlying services, such as launching an instance, assigning IP addresses, and configuring access controls.

Compute Nova Compute instance lifecycle management in an OpenStack environment. On-demand response includes generating, scheduling, reclaiming virtual machines, and more.

Networking [Neutron] ensures network connectivity as a service for other OpenStack services, such as OpenStack computing. Provide API for users to define networks and usage. Plug-in based architecture that supports a wide range of network providers and technologies.

Object Storage Swift stores and retrieves unstructured data objects arbitrarily through a RESTful, HTTP-based API. It has a high fault tolerance mechanism, based on data replication and scalable architecture. Its implementation does not look like a file server that needs to mount directories. In this way, it writes objects and files to multiple hard disks to ensure that the data is replicated across multiple servers within the cluster.

Block Storage [Cinder] Persistent block storage provided for running instances. Its pluggable drive architecture features help create and manage block storage devices.

Identity service [Keystone] provides authentication and authorization services for other OpenStack services and an endpoint directory for all OpenStack services.

Image service Glance stores and retrieves VM disk images, which OpenStack computing uses when deploying instances.

Telemetry service Ceilometer provides monitoring and metering for billing, benchmarking, scalability, and statistical purposes for OpenStack clouds.

Orchestration service [Heat service] Orchestration service supports diversified comprehensive cloud applications. By calling OpenStack-native REST API and CloudForm-compatible Query API, it supports HOT format templates or AWS CloudFormation format templates.

An introduction to these components will help us understand the role of each component in subsequent content to facilitate troubleshooting, and after you are familiar with the basic installation, configuration, operation, and troubleshooting, you should consider deploying according to the production architecture.

Production Deployment Architecture

It is recommended to use automated deployment tools such as Ansible, Chef, Puppet, or Salt to automate deployment and manage production environments.

This example architecture requires at least 2 (host) nodes to start the underlying service virtual machine or instance. Services such as block storage services and object storage services require additional nodes.

the network agent resides on a control node rather than on one or more dedicated network nodes.

Overlay traffic for Private Cloud passes through managed network instead of private network

controller

Control nodes run authentication services, mirror services, administrative parts of compute services, administrative parts of network services, various network agents, and dashboards. Support services such as SQL Database, term: Message Queue, and NTP are also included.

Optionally, partial block storage, object storage, Orchestration, and Telemetry services can be run on compute nodes.

At least two network cards are required on the compute node.

computing

The hypervisor portion of a compute service that manages instances runs on compute nodes. By default, compute services use KVM.

You can deploy more than one compute node. Each settlement node requires at least two network cards.

block device storage

Optional block storage nodes contain disks that block storage services and shared file systems provide to instances.

For simplicity, service traffic between compute nodes and local nodes uses a management network. A separate storage network should be deployed in production environments to enhance performance and security.

You can deploy more than one block storage node. Each block storage node requires at least one NIC.

object storage

Optional object storage nodes contain disks. Object storage services use these disks to store accounts, containers, and objects.

For simplicity, service traffic between compute nodes and local nodes uses a management network. A separate storage network should be deployed in production environments to enhance performance and security.

This service requires two nodes. Each node requires at least one NIC. You can deploy more than two object storage nodes.

network

Openstack network is very complex, and also supports a variety of modes which support GRE, VLAN,VXLAN, etc. In openstack network is provided through a component Neutron, Neutron manages network resources including the following.

A network is an isolated Layer 2 broadcast domain. Neutron supports many types of networks, including local, flat, VLAN, VxLAN and GRE.

Local networks are isolated from other networks and nodes. An instance in a local network can only communicate with an instance in the same network on the same node, and local networks are mainly used for stand-alone testing.

Flat networks are networks without vlan tagging. An instance in a flat network can communicate with an instance in the same network and can span multiple nodes.

A vlan network is a network with 802.1q tagging. VLAN is a two-layer broadcast domain, instances in the same VLAN can communicate, and different VLANs can only communicate through routers. Vlan networks can span nodes and are the most widely used type of network.

vxlan is an overlay network based on tunneling technology. A vxlan network is distinguished from other vxlan networks by a unique segmentation ID (also called VNI). Packets in vxlan are encapsulated into UPD packets by VNI for transmission. Because layer 2 packets are encapsulated in layer 3, they overcome vlan and physical network infrastructure limitations.

Gre is an overlay network similar to vxlan. The main difference is that IP packets are used instead of UDP for encapsulation. Different networks are isolated on the second layer. For example, network A and network B are assigned different VLAN IDs, which ensures that broadcast packets in network A do not travel to network B. Of course, the isolation here refers to the isolation on the second layer, and it is possible to communicate on the third layer with different networks through routers. A network must belong to a Project (tenant), and multiple networks can be created in a Project. There is a one-to-many relationship between network and Project.

A subnet is an IPv4 or IPv6 address segment. The IP of instance is allocated from subnet. Each subnet needs to define the range and mask of IP addresses.

A port can be viewed as a port on a virtual switch. MAC address and IP address are defined on the port. When the virtual network interface (VIF) of instance is bound to the port, the port assigns MAC and IP to VIF. Port and subnet are one-to-many relationships. A port must belong to a subnet; a subnet can have multiple ports.

As shown in the figure above, it is the communication mode of network nodes in VLAN mode.

In our subsequent implementation of the installation, choose to use VXLAN network mode, let's focus on VXLAN mode.

VXLAN network mode, can isolate broadcast storm, do not need to configure the switch chunk port, solve the number of VLAN ID limit, solve the problem of too many gre point-to-point tunnels, achieve a large layer 2 network, can make vm seamless migration between rooms, easy to deploy across rooms. The disadvantage is that vxlan increases the ip header size and needs to reduce the mtu value of vm, and the transmission efficiency will decrease slightly.

Linux networking technologies involved

Neutron's design goal is to realize "network as a service." In order to achieve this goal, Neutron follows the principle of network virtualization based on "software-defined network" in design, and makes full use of various network-related technologies on Linux system in implementation. Understanding these concepts on Linux systems will help you quickly understand the principles and implementation of Neutron.

Bridge: bridge, Linux is used to represent a virtual device that can connect different network devices, linux traditional implementation of the bridge is similar to a hub device, and ovs-managed bridges are generally similar to switches.

br-int: bridge-integration, often used to indicate a bridge that implements a major internal network function.

br-ex: bridge-external, usually refers to a bridge responsible for communicating with an external network.

GRE: General Routing Encapsulation, a way to implement tunneling through encapsulation. In openstack, it is generally gre based on L3, i.e. original pkt/GRE/IP/Ethernet.

VETH: Virtual ethernet interface, usually in the form of a pair, packets sent from one end will be received by the other end, which can form a channel between two bridges.

qvb：neutron veth, Linux Bridge-side

qvo：neutron veth, OVS-side

TAP Device: Emulates a Layer 2 network device that can receive and send Layer 2 packets.

TUN Device: Emulates a Layer 3 network device that can receive and send Layer 3 packets.

iptables: Firewall software commonly used on Linux to implement security policies.

Vlan: Virtual Lan, separated by labels under the same physical Lan, available numbers 1-4094.

VXLAN: An Overlay implementation using UDP as the underlying transport protocol. It is generally considered as an extension or replacement of VLan technology.

namespace: A mechanism used to achieve isolation so that resources in different namespaces are invisible to each other.

The content of "What is OpenStack architecture design method" is introduced here. Thank you for reading. If you want to know more about industry-related knowledge, you can pay attention to the website. Xiaobian will output more high-quality practical articles for everyone!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.