Txlf2012
- 1. How to Create Your Own Cloud:
Using Apache CloudStack
Joe Brockmeier
Open Source Cloud Computing Evangelist
jzb@zonker.net
- 2. Licensing: Share and Enjoy
This presentation is based on prior CloudStack
presentations by David Nalley and Mark
Hinkle. It’s available under a Creative
Commons (CC BY-SA 3.0) and/or Apache
Software License 2.0 (at your discretion).
- 3. Five Characteristics of Clouds
• On-Demand Self-Service
• Broad Network Access
• Resource Pooling
• Rapid Elasticity
• Measured Service
- 4. Cloud Service Models
USER CLOUD a.k.a. SOFTWARE AS A SERVICE
Single application, multi-tenancy, network-based, one-to-many delivery of
applications, all users have same access to features.
Examples: Salesforce.com, Google Docs, Red Hat Network/RHEL
DEVELOPMENT CLOUD a.k.a. PLATFORM-AS-A-SERVICE
Application developer model, Application deployed to an elastic service that
autoscales, low administrative overhead. No concept of virtual machines or
operating system. Code it and deploy it.
Examples: VMware CloudFoundry, Google AppEngine, Windows Azure,
Rackspace Sites, Red Hat OpenShift, Active State Stackato, Appfog
SYSTEMS CLOUD a.k.a INFRASTRUCTURE-AS-A-SERVICE
Servers and storage are made available in a scalable way over a network.
Examples: EC2,Rackspace CloudFiles, OpenStack, CloudStack,
Eucalyptus, OpenNebula
- 6. Why Open Source?
• User-driven solutions to real problems
• Lower barrier to participation
• Larger user base of users helping users
• Aggressive release cycles stay current with the
state-of-the-art
• Choice of infrastructure
• Control of data and security
• Avoid lock-in
• Open data, open standards, open APIs
- 7. The Long Road to Apache
• CloudStack began as VMOps (2008)
• Released as CloudStack under GPLv3 (May
2010)
• Cloud.com acquired by Citrix (July 2011)
• Entirely open source (August 2011)
• Relicensed & proposed to Apache (April 3,
2012)
• Accepted as incubating project (April 16, 2012)
- 8. What is Apache CloudStack?
Apache CloudStack is an open source IaaS
that supports multiple hypervisors, high
availability, complex networking, firewall, load
balancer, and VPN configurations in a multi-
tenant environment.
- 9. What is it, Really?
A set of applications that:
• Provide separation between tenants
• Handle allocating compute resources (inc.
custom allocators)
• Let users provision compute resources
• Manage High Availability
• Massively scalable (thousands of nodes)
• Resource usage accounting
- 10. Hypervisor Support
• KVM
• XenServer
• Xen Cloud Platform
• Oracle VM
• VMware via vCenter
• Bare Metal
- 12. Networking
• CloudStack manages
– DHCP
– VLAN allocation
– Firewall
– NAT/Port forwarding
– Routing
– VPN
– Load Balancing
• CloudStack can manage physical network
hardware (F5-Big IP, NetScaler, Juniper SRX)
- 13. Security Groups
• Traditional isolation has been via VLAN
• VLANs provide isolation, but at the cost of
scaling
– Standard limit is 4,096 VLANs
– Hardware that supports upper limit is expensive
– What happens with 4,097?
• Amazon and others use Layer 3 isolation
(Security Groups)
- 14. Security Groups
• Assumes a quasi-trusted Layer 2 network
• Filtering/isolation happens at the bridge
level (think ebtables)
• Deny by default
- 15. High Availability
• RFMTTR – “really fast mean time to
recovery.”
• CloudStack is not (alone) a magical HA
solution.
• Watches HA-enabled VMs to ensure they’re
up, and that the hypervisor it’s on is up. Will
restart on another if the hypervisor goes
down.
• Redundant router.
- 16. CloudStack Allocation
• How are VMs placed, storage allocated, etc.?
• CloudStack has several defaults
– First fit
– Fill first
– Disperse
• Don’t like those? Create your own!
• Allows over-provsioning
• OS Preference
- 17. Usage Accounting
• Provides stats that can be used for billing
(but is not a billing solution)
• Usage stats show: VM count, CPU usage,
disk allocation and use, network usage over
time.
• Integration howtos for importing to Excel,
Ubersmith, Amysta, and Cloud Portal.
- 19. Zone
• Generally used to designate a specific
geographic location
• Shares secondary storage across the entire
zone
• Has a single network model for the entire
zone
- 21. Cluster
• Usually a maximum of 8-15 machines per
cluster
• Homogeneity is required
– Same hypervisor (incl. same version)
– Same CPUs
– Same networking
• Primary storage is cluster specific
- 22. Secondary Storage
• Stores templates, ISOs, and snapshots
• Historically NFS – added the option of object
storage recently
– Includes Swift, GlusterFS, Ceph and others (in
various states of production readiness)
• Managed by Secondary Storage VM –
– Manages moving templates and snapshots
from/to primary storage, aging out snapshots,
etc.
- 23. Primary Storage
• Supports NFS, iSCSI, and Clustered Logical
Volume Manager (CLVM)
• Requires a shared mountpoint that the
hypervisors can mount and write to
• Can use local storage but that means no HA,
live migration, etc.
- 24. CloudStack Networks
• Management Network: Used by hypervisors and
management server to communicate
• Private Network: Default network for system
VMs (virtual router, secondary storage VM,
console proxy VM)
• Public Network: Public-facing (e.g. the Internet)
• Guest Network: Network VMs are provisioned
on
• Link-local Network: Network used for
communication between hypervisor and system
VMs. (RFC 3927)
- 25. Management Server
• UI/API bits are stateless (state is stored in a
MySQL database)
• All UI functionality is available as an API call
• Restful API
– Unauthenticated API on 8096 for localhost
(disabled by default)
– Authenticated on port 8080
– Responses in XML or JSON