NOVA basics

Transcript

1. Nova: Openstack Compute-as-a-service Pratik Bandarkar [email protected] Red Hat FUDCon PUNE

   2015 MIT Pune

2. ➢ Agenda • What is NOVA ? • NOVA architecture

   • How instance are spawned in Openstack ? • Interaction of nova with other openstack projects like neutron, glance and cinder.

3. ➢ What is Openstack ? ◦ OpenStack is a free

   and open-source operating system for IAAS.

4. ➢ OpenStack Components:

5. ➢ What is NOVA ? ◦ Nova is one of

   the major component in Openstack which is responsible for the life cycle management of instance. ◦ Nova is built on a shared-nothing, messaging-based architecture. ◦ Supports multiple hypervisors (KVM, Xen, LXC, Hyper-V, ESX) ◦ Nova itself is not any virtualization software.

6. ➢ NOVA components: NOVA API NOVA Conductor NOVA Compute NOVA

   ConsoleAuth NOVA novncproxy NOVA Scheduler message queue • Supported queueing backends: RabbitMQ, Qpid and ZeroMQ

7. ➢ NOVA API: ◦ nova-api is responsible to provide an

   API for users and services to interact with NOVA ◦ For ex. Spawning the instance from Horizon / NOVA CLI.

8. ➢ NOVA Scheduler: ◦ Using Filters dispatches requests for new

   virtual machines to the correct node.

9. ➢ openstack-nova-compute: ◦ life cycle management of instance from creation

   to deletion. Interacts with the Hypervisor to bring up new instances, and ensures that the state is maintained in the Compute database.

10. ➢ openstack-nova-conductor: Provides database-access support for Compute nodes (thereby reducing

    security risks). ➢ openstack-nova-consoleauth: Handles console authentication. ➢ openstack-nova-novncproxy: Provides a VNC proxy for browsers (enabling VNC consoles to access virtual machines).

11. Launch New Instance from Horizon

12. What is flavor ? ➢ Virtual hardware templates are called

    "flavors" in OpenStack, defining sizes for RAM, disk, number of cores, and so on..

13. Launch New Instance from Horizon

14. What is keypair and security group ? ➢ Keypair: On

    standard cloud images of Linux operating systems like Ubuntu and Fedora SSH access is restricted to public key authentication. Instead of authenticating with a password you authenticate with a private key that corresponds to a public key that is installed on the instance. ➢ Security groups are sets of IP filter rules that are applied to an instance's networking. i.e. we can filter the network traffic which should allow/deny. For ex. Deny “ssh” access to any specific instance.They are project specific, and project members can edit the default rules for their group and add new rules sets. All projects have a "default" security group, which is applied to instances that have no other security group defined.

15. Launch New Instance from Horizon

16. REQ: curl -i 'http://10.65.234.1:5000/v2.0/tokens' -X POST -H "Accept: application/json" -H

    "Content-Type: application/json" -H "User-Agent: python-novaclient" -d '{"auth": {"tenantName": "admin", "passwordCredentials": {"username": "admin", "password": "{SHA1}121c3faea23dd4467fc992f1b77f6eacf8587ed5"}}}' ➢ NOVA call for authentication with keystone: ◦ It provides authentication token along with service catalog.

17. ➢ Keystone response(token + service catalog) : RESP BODY: {"access":

    {"token": {"issued_at": "2015-05-30T11:05:03.054462", "expires": "2015-05-30T12:05:03Z", "id": "{SHA1} 7781e321bfbfbf909ae44027ef60cb92ccce8f2e", "tenant": {"enabled": true, "description": "admin tenant", "name": "admin", "id": "97787e34dc0d4f2b8fc04034eed3594c"}, "serviceCatalog": [{"endpoints_links": [], "endpoints": [{"adminURL": "http://10.65.234.1:8774/v2/97787e34dc0d4f2b8fc04034eed3594c", "region": "RegionOne", "publicURL": "http://10.65.234.1:8774/v2/97787e34dc0d4f2b8fc04034eed3594c", "internalURL": "http://10.65.234.1:8774/v2/97787e34dc0d4f2b8fc04034eed3594c", "id": "42142cca01fd4bc382ac9f95c204e116"}], "type": "compute", "name": "nova"}, {"endpoints_links": [], "endpoints": [{"adminURL": "http://10.65.234.1:9696/", "region": "RegionOne", "publicURL": "http://10.65.234.1:9696/", "internalURL": "http://10.65.234.1: 9696/", "id": "466354cac1094127ac0617cf75dd1494"}], "type": "network", "name": "neutron"}, {"endpoints_links": [], "endpoints": [{"adminURL": "http://10.65.234.1:9292", "region": "RegionOne", "publicURL": "http://10.65.234.1:9292", "internalURL": "http://10.65.234.1: 9292", "id": "43c49fe7dd8f4315af848b48a53021c1"}], "type": "image", "name": "glance"}, {"endpoints_links": [], "endpoints": [{"adminURL": "http://10.65.234.1:8776/v1/97787e34dc0d4f2b8fc04034eed3594c", "region": "RegionOne", "publicURL": "http://10.65.234.1: 8776/v1/97787e34dc0d4f2b8fc04034eed3594c", "internalURL": "http://10.65.234.1:8776/v1/97787e34dc0d4f2b8fc04034eed3594c", "id": "30ce33a6d05e4a80b8a0e22ada52abdb"}], "type": "volume", "name": "cinder"}, [...]

18. ➢ Required details to boot instance: ◦ instance name ◦

    glance image ◦ flavor ID ◦ network ID ◦ security group [root@dhcp209-220 ~]# nova boot --flavor 1 --image 2d946232-5773-48df-b8bb-7677f8b6e0fe --nic net- id=97bd405a-77e3-4ef8-836e-8ad1ddb3ee63 --security-groups default pratik_test_instance [...] REQ: curl -i 'http://10.65.209.220:8774/v2/27513fe577364ce594d48f629f7b74fd/servers' -X POST -H "Accept: application/json" -H "Content-Type: application/json" -H "User-Agent: python-novaclient" -H "X- Auth-Project-Id: admin" -H "X-Auth-Token: {SHA1}fde39ed28acaf2d30788fced000970f9c7f65dfb" -d '{"server": {"name": "pratik_test_instance", "imageRef": "2d946232-5773-48df-b8bb-7677f8b6e0fe", "flavorRef": "1", "max_count": 1, "min_count": 1, "networks": [{"uuid": "97bd405a-77e3-4ef8-836e- 8ad1ddb3ee63"}], "security_groups": [{"name": "default"}]}}' [...] ➢ NOVA call to boot an instance:
19. None

20. ➢ What can be different options to store instance disk

    ? ◦ Locally on the compute node ◦ NFS ◦ CEPH ______________________________________________________________________________________ [root@dhcp209-220 ~(keystone_admin)]# ls /var/lib/nova/instances/f79f233c-d8a6-44ca-9b3b-334752b9f2f3/ console.log disk disk.info libvirt.xml [root@dhcp209-220 ~(keystone_admin)]# qemu-img info disk image: disk file format: qcow2 virtual size: 1.0G (1073741824 bytes) disk size: 2.5M cluster_size: 65536 backing file: /var/lib/nova/instances/_base/1c7dfed9069cbb5d99fe7ebfb8f45bbc5ab93585 Format specific information: compat: 1.1 lazy refcounts: false

21. Horizon NOVA API NOVA Conductor 1. Sending API request Keystone

    2.Authentication request 3.Authentication ACK & validates if provided data is correct. 5. Update DB NOVA Scheduler 4 6 Database NOVA Compute ‘A’ NOVA Compute ‘B’ NOVA Compute ‘C’ 7. Selects compute Host 9. Request for glance im age 10. glance im age download 11. create port(allocate MAC - IP) 12. notify l2 agent Glance Server Cinder Server Neutron Server -openstack-glance- api -openstack-glance- registry -openstack-cinder- api -openstack-cinder- scheduler -openstack-cinder- volume -neutron-server -neutron-l3-agent -neutron-dhcp- agent -l2 agent -openstack-nova-compute 13. configure local VLAN, OVS flows 14. send port up notification (RPC: l2 agent to Neutron) 15. port up(RPC: Neutron to NOVA) 16. instance booted. 8. Update DB

22. ➢ Do you want to get familiar with Open Stack

    dashboard ? Join http://trystack.org/: If you connect to "OpenStack Grizzly on x86/RHEL", you will be connecting to a public sandboxed instance of RDO, on hardware which has been contributed by Red Hat, and installed and maintained by Dan Radez, a member of Red Hat's OpenStack team.
23. None