OPENSTACK-USER

1

ABOUT THESE TRAINING MATERIALS

2 . 1

TRAINING MATERIALS WRITTEN BY ALTER WAY CLOUDCONSULTING

ex Osones -

Copyright © 2014 - 2019 alter way CloudConsultingLicense: Sources: HTML/PDF:

Creative Commons BY-SA 4.0 license

https://cloud-consulting.alterway.fr

Creative Commons BY-SA 4.0https://github.com/Alterway/formations/

https://osones.com/formations/

2 . 2

INTRODUCTION

3 . 1

GOALS OF THE TRAINING: CLOUDUnderstand concepts and benefits of cloudKnow the vocabulary related to cloudOverview of cloud market players and focus on AWS andOpenStackKnow how to take advantage of IaaSBe able to decide what is cloud compatible or notAdapt its system administration and development methodsto a cloud environment

3 . 2

GOALS OF THE TRAINING: OPENSTACKDiscover OpenStack and use its different servicesKnow how the project works and its capabilitiesUnderstand the internals of each OpenStack componentBe able to make the right configuration choicesBe capable of manually deploying an OpenStack cloudproviding IaaSKnow the best practices for deploying OpenStackBe able to track down the cause of an error in OpenStackBe able how to react in front of a bug and know the fixprocess

3 . 3

REQUIREMENTSAdvanced sys admin skills for Linux such as Ubuntu, Red Hator Debian, including:

Package managementConfiguration files and services handlingLVM (Logical Volume Management) and filesystems

Notions:Virtualization: KVM (Kernel-based Virtual Machine), libvirtNetwork: iptables, namespacesSQL

Optional:Comfortable in a Python environment

3 . 4

CLOUD, OVERVIEW

4 . 1

FORMAL DEFINITION

4 . 2

SPECIFICATIONSProvide one or more service(s)...

Self serviceThrough thenetworkSharing resourcesFast elasticityMetering

Inspired by the NIST definitionhttps://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-

145.pdf

4 . 3

SELF SERVICEUser goes directly to the serviceNo humain intermediaryImmediate responsesServices catalog for theirdiscovery

4 . 4

THROUGH THE NETWORKUser uses the service through the networkThe service provider is remote to the consumerNetwork = internet or notUsage of standard network protocols (typically:HTTP)

4 . 5

SHARING RESSOURCESA cloud provided services to multiple users/organizations(multi-tenant)Tenant or project: logical isolation of resourcesResources are available in large quantities (consideredunlimited)Resources usage is not visibleAccurate location of resources is not visible

4 . 6

FAST ELASTICITYProvisionning and deletion of resources almostinstantaneousEnables scalingAbility to automate these scaling actionsVirtually no limit to this elasticity

4 . 7

METERINGUsage of cloud resources is monitored by the providerThe provider can do capacity planning and billing from theseinformationsUser is therefore billed depending on accurate usage ofresourcesUser can take advantage of these informations

4 . 8

MODELSservice models: IaaS, PaaS, SaaSdeployment models: public, private,hybrid

4 . 9

IAASInfrastructure as a ServiceInfrastructure:ComputeStorageNetworkTarget users: administrators (system, storage,network)

4 . 10

PAASPlatform as a ServiceTwo concepts:Environment to develop/deploy an application(language/framework specific - example: Python/Django)Higher level resources than infrastructure, example: DBMSTarget users: application developers

4 . 11

SAASSoftware as a ServiceTarget users: end usersNot to be confused with the economic definition ofSaaS

4 . 12

SOMETHING AS A SERVICE?Load balancing as a Service (Infra)Database as a Service (Platform)MyApplication as a Service(Software)etc.

4 . 13

SERVICE MODELS IN ONE DIAGRAM

IaaS - PaaS - SaaS (source: Wikipedia)

4 . 14

PUBLIC OR PRIVATE CLOUD?Who is it for?

Public: everyone, available on internetPrivate: to an organization, available on itsnetwork

4 . 15

HYBRID CLOUDUsage of multiple public and/or private cloudsAttractive concept but implementation is hard a prioriSome use cases fit perfectlyContinuous integration (CI)Incentives:Avoid lock-inCloud bursting

4 . 16

VIRTUALIZATION INSTANTLet's make it clear.

Virtualization is a technology that can implement thecompute functionA cloud providing compute resources can use virtualizationBut it can also use:Bare-metalContainers

4 . 17

APIS ARE KEYReminder: API stands for Application Programming InterfaceIn the software sense: Interface for a program to use a libraryIn the cloud sense: Interface for a program to use a service(XaaS)Programming interface (through the network, often HTTP)Explicit boundary between the provider and the userDefines how the user interacts with the cloud to manage theirresourcesManages: CRUD (Create, Read, Update, Delete)

4 . 18

API RESTOne ressource == one URI (Uniform Resource Identifier)Usage of HTTP verbs to define operations (CRUD)GETPOSTPUTDELETEUsage of HTTP return codesResources are represented in the HTTP responses'body

4 . 19

REST - EXAMPLESGET http://endpoint/volumes/GET http://endpoint/volumes/?size=10POST http://endpoint/volumes/DELETE http://endpoint/volumes/xyz

4 . 20

REAL EXAMPLEGET /v2.0/networks/d32019d3-bc6e-4319-9c1d-6722fc136a22{ "network":{ "status":"ACTIVE", "subnets":[ "54d6f61d-db07-451c-9ab3-b9609b6b6f0b" ], "name":"private-network", "provider:physical_network":null, "admin_state_up":true, "tenant_id":"4fd44f30292945e481c7b8a0c8908869", "provider:network_type":"local", "router:external":true, "shared":true, "id":"d32019d3-bc6e-4319-9c1d-6722fc136a22", "provider:segmentation_id":null }}

4 . 21

WHY CLOUD? ECONOMICAL POINT OF VIEWConsider IT resources as service provider resourcesShift the "investment" budget (Capex) to the "operation"budget (Opex)Cut costs by sharing resources, and maybe with economies ofscaleReduce delivery timesMatch costs to the real usage of resources

4 . 22

WHY CLOUD? TECHNICAL POINT OF VIEWAbstract from the lower layers (server, network, OS, storage)Get rid of the technical administration of resources andservices (DB, firewalls, load-balancing, etc.)Design infrastructures which can scale on the flyAct on resources through lines of code and manageinfrastructures "as code"

4 . 23

MARKET

4 . 24

AMAZON WEB SERVICES (AWS), LEADER

AWS logoStarted in 2006At first: "e-commerce" web services fordevelopersThen: other services for developersAnd finally: infrastructure resourcesRecently, SaaS

4 . 25

PUBLIC IAAS ALTERNATIVES TO AWSGoogle Cloud PlatformGoogle Cloud PlatformMicrosoft AzureMicrosoft AzureRackspaceDreamHostDigitalOceanIn France:Cloudwatt (Orange BusinessServices)Numergy (SFR)OVHIkoulaScalewayOutscale

4 . 26

PRIVATE IAASOpenStackOpenStackCloudStackEucalyptusOpenNebula

4 . 27

OPENSTACK IN A FEW WORDS

OpenStack logoWas born in 2010OpenStack Foundation since 2012Written in Python and distributed under Apache 2.0 licenseLarge support from the industry and various contributions

4 . 28

PUBLIC PAAS EXAMPLESAmazon Elastic Beanstalk( )Google App Engine ( )Heroku ( )

https://aws.amazon.com/fr/elasticbeanstalkhttps://cloud.google.com/appengine

https://www.heroku.com

4 . 29

PRIVATE PAAS SOLUTIONSCloud Foundry, Foundation ( )OpenShift, Red Hat ( )Solum, OpenStack ( )

https://www.cloudfoundry.orghttps://www.openshift.org

https://wiki.openstack.org/wiki/Solum

4 . 30

INFRASTRUCTURE AS A SERVICE CONCEPTS

4 . 31

BASICSInfrastructure:ComputeStorageNetwork

4 . 32

COMPUTE RESOURCESInstanceImageFlavorKeypair (SSH)

4 . 33

INSTANCEDedicated to computeShort typical lifetime, to be consideredephemeralShould not store persistent dataNon persistent root diskBased on an image

4 . 34

CLOUD IMAGEDisk image containing an already installed OSInfinitely instanciableCan talk to the metadata API

4 . 35

METADATA APIhttp://169.254.169.254Available from the instanceProvides informations about the instanceExposes userdataThe cloud-init tool helps take advantage of thisAPI

4 . 36

FLAVORInstance type in AWSDefines an instance model regarding CPU, RAM, disk (root),ephemeral diskThe ephemeral disk has, like the root disk, the advantage ofoften being local and thus fast

4 . 37

KEYPAIRSSH public key + private keyCloud manages and stores the public keyThis public key is used to give SSH access to theinstances

4 . 38

NETWORK RESOURCES 1/2L2 networkNetwork portL3 networkRouterFloating IPSecurity group

4 . 39

NETWORK RESOURCES 2/2Load Balancing as aServiceVPN as a ServiceFirewall as a Service

4 . 40

STORAGE RESOURCESCloud provides two kinds of storage

BlockObject

4 . 41

BLOCK STORAGEVolumesVolumes that can be attached to an instanceAccess to raw devices such as /dev/vdbAbility to use any kind of file systemAbility to use LVM, encryption, etc.Compatible with all existing applicationsRequires provisioning space by defining volumesize

4 . 42

SHARED STORAGE?Block storage is notnot a shared storage solution likeNFSNFS is at a higher layer: file systemA volume is a priori connected to a single host

4 . 43

"BOOT FROM VOLUME"Starting an instance with its root disk on a volumevolume

Root disk data persistenceGets similar to classicalserver

4 . 44

OBJECT STORAGEAPI: CRUD on dataPush and retrieve objectsobjects in/from a containercontainer/bucketNo data hierachy, no directories, no file systemRead/write access through APIs onlyNo provisioning necessaryApplication must be designed to take advantage of objectstorage

4 . 45

ORCHESTRATIONOrchestrate creation and management of resources in thecloudArchitecture definition in a templatetemplateResources created from a templatetemplate make a stackstackThere are also orchestration tools (rather than services)

4 . 46

USAGE BEST PRACTICES

4 . 47

WHY BEST PRACTICES?Two differents possible views:

Don't change anythingRisk not meeting expectationsLimit usage to test & dev use caseAdapt to new cloud compliant practices to take advantage ofit

4 . 48

HIGH AVAILABILITY (HA)Cloud control plane (APIs) is HAManaged resources might notbe

4 . 49

PET VS CATTLEHow to consider instances?

PetCattle

4 . 50

INFRASTRUCTURE AS CODEWith code

Provision infrastructure resourcesConfigure said resources, instances inparticular

The job is changing: Infrastructure Developer

4 . 51

SCALINGScale out rather than Scale upScale out: horizontal scalingScale up: vertical scalingAuto-scalingManaged by the cloudManaged by an externalcomponent

4 . 52

CLOUD READY APPLICATIONSStore their data in an appropriateplaceAre architected to be fault tolerantEtc.

Cf. https://12factor.net/

4 . 53

BEHIND CLOUD

4 . 54

HOW TO IMPLEMENT A COMPUTE SERVICEVirtualization(system) ContainersBare metal

4 . 55

STORAGE IMPLEMENTATION: (SOFTWARE DEFINED STORAGE)SDS

WarningWarning: not to be confused with the block vs object topic

Use of commodity hardwareNo hardware RAIDSoftware is responsible for the dataHardware failures are taken into account and managedThe CephCeph project and the OpenStack SwiftOpenStack Swift componentimplement SDS

See also ScalityScality4 . 56

SDS - CAP THEOREM

Consistency - Availability - Partition tolerance

4 . 57

RÉCAPITULATIF VOCABULAIRE

4 . 58

NOTIONS ET VOCABULAIRE IAAS 1/4Identité et accès

Tenant/Projet (Project) : locataire du cloud, propriétairede ressources.Utilisateur (User) : compte autorisé à utiliser les APIOpenStack.Quota : contrôle l’utilisation des ressources (vcpu, ram, fip,security groups,...) dans un tenant.Catalogue (de services) : services disponibles etaccessibles via les API.Endpoint : URL permettant l’accès à une API. Un endpointpar service.

4 . 59

NOTIONS ET VOCABULAIRE IAAS 2/4Calcul/Serveurs (Compute)

Image : généralement, un OS bootable et “cloud ready”.Instance : forme dynamique d’une image.Type d’instance (flavor) : mensurations d’une instance(cpu, ram, capacité disque,...).Metadata et user data : informations gérées par le IaaS etmises à disposition de l’instance.Cloud-init, cloud-config : mécanismes permettant laconfiguration finale automatique d’une instance.

4 . 60

NOTIONS ET VOCABULAIRE IAAS 3/4Stockage (Storage)

Volume : disque virtuel accessible par les instances(stockage “block”).Conteneur (Container) : entités logiques pour le stockagede fichiers et accessibles via une URL (stockage “objet”).

Réseau et sécurité (Network, Security)Groupe de sécurité (Security groups) : ensemble de règlesde filtrage de flux appliqué à l’entrée des instances.Paire de clés (Keypairs) : clé privée + clé publiquepermettant les connexions aux instances via SSH.IP flottantes (Floating IP) : adresse IP allouée à la demandeet utilisée par les instances pour communiquer avec leréseau “externe”.

4 . 61

NOTIONS ET VOCABULAIRE IAAS 4/4Orchestration

Stack : ensemble des ressources IaaS utilisées par uneapplication.Template : fichier texte contenant la description d’unestack.

4 . 62

OPENSTACK: THE PROJECT

5 . 1

OVERVIEW

5 . 2

HIGH LEVEL

Simple version

5 . 3

HISTORYStarted in 2010Goal: the Free Open Source Cloud Operating SystemMerge of two projects from Rackspace (Storage) and NASA(Compute)Free software distributed under Apache 2.0 licenseBirth of the Foundation in 2012

5 . 4

MISSION STATEMENTTo produce a ubiquitous Open Source Cloud Computing platform that is easy to use, simple to implement, interoperable between deployments, works well at all scales, and meets the needs of users and operators of both public and private clouds.

5 . 5

RELEASESAustin (2010.1)Bexar (2011.1), Cactus (2011.2), Diablo (2011.3)Essex (2012.1), Folsom (2012.2)Grizzly (2013.1), Havana (2013.2)Icehouse (2014.1), Juno (2014.2)Kilo (2015.1), Liberty (2015.2)Mitaka (2016.1), Newton (2016.2)Ocata (2017.1), Pike (2017.2)Queens (2018.1), RockyRocky (2018.2)Stein (2019.1), Train (2019.2)Early 2020: Ussuri

5 . 6

SOME OF THE SUPPORTERS/CONTRIBUTORS ...Editors: Red Hat, Suse, Canonical, Vmware, ...Hardware makers: IBM, HP, Dell, ...Hardware makers/network: Juniper, Cisco, ...Hardware makers/storage: NetApp, Hitachi, ...Also: NASA, Rackspace, Yahoo, OVH, Citrix, SAP, ...GoogleGoogle! (since July 2015)

https://www.openstack.org/foundation/companies/

5 . 7

... AND USERSAll the previously mentioned contributorsIn France: CloudwattCloudwatt and NumergyNumergyWikimediaCERNPaypalComcastBMWEtc. Not counting confidential deployments

https://www.openstack.org/user-stories/

5 . 8

THE DIFFERENT SUB-PROJECTS

OpenStack Compute - NovaOpenStack (Object) Storage - SwiftOpenStack Block Storage - CinderOpenStack Networking - NeutronOpenStack Image Service - GlanceOpenStack Identity Service -KeystoneOpenStack Dashboard - HorizonOpenStack Telemetry - CeilometerOpenStack Orchestration - Heat

https://www.openstack.org/software/project-navigator/

5 . 9

THE DIFFERENT SUB-PROJECTS (2)

But also:Bare metal (Ironic)Queue service (Zaqar)Database service (Trove)Data processing (Sahara)DNS service (Designate)Shared File Systems (Manila)Key management (Barbican)Container (Magnum)

OthersClient CLI and librariesOpenStack deployment toolsLibraries used by OpenStackTools used to developOpenStack 5 . 10

APISEach project supports its OpenStack APISome projects support the corresponding AWS API(Nova/EC2, Swift/S3)

5 . 11

THE 4 OPENSOpen SourceOpen DesignOpen DevelopmentOpen Community

https://governance.openstack.org/tc/reference/opens.html

https://www.openstack.org/four-opens/

5 . 12

THE OPENSTACK FOUNDATIONMain governance entity and legal representation of theprojectBoard members are part of the sponsoring companies andelected by individual membersEveryone can (freely) become an individual memberHuman resources: marketing, event managemement, releasemanagement, a few developers (mainly on infrastructure)600 organizations across the world80000 individual members in 170 countries

5 . 13

THE OPENSTACK FOUNDATION

Main entities of the Foundation

5 . 14

OPEN INFRASTRUCTURELately, the OpenStack Foundation expands to OpenOpenInfrastructureInfrastructureBeyond OpenStack, new projects:

Kata ContainersZuulAirshipStarlingX

5 . 15

RESOURCESAnnouncements (new versions, security advisories):

Documentation portal: API/SDK: Project governance: Releases: Support:

openstack-discuss@lists.openstack.org#openstack@Freenode

openstack-announce@lists.openstack.orghttps://docs.openstack.org/

https://developer.openstack.org/https://governance.openstack.org/

https://releases.openstack.org/

https://ask.openstack.org/

5 . 16

RESOURCESNews:

Official blog: Planet: Superuser:

Commercial resources: among others

Job board:

https://www.openstack.org/blog/http://planet.openstack.org/

http://superuser.openstack.org/

https://www.openstack.org/marketplace/https://www.openstack.org/community/jobs/

5 . 17

USER SURVEYRegular survey done by the Foundation (every 6 months)Targets deployers and usersUsable data: https://www.openstack.org/analytics

5 . 18

CERTIFIED OPENSTACK ADMINISTRATOR (COA)The only certification:

Approved by the OpenStack FoundationNot linked to a specific company

Content:Mainly OpenStack cloud user oriented

Practical aspects:Practical exam, remote, duration: 2.5 hoursCost: $300 (one re-take possible)

Ressources

Tips: Handbook: (unofficial) Exercises:

https://www.openstack.org/coa/requirements/

https://www.openstack.org/coa/https://www.openstack.org/coa/tips/

http://www.openstack.org/coa/handbookhttps://github.com/AJNOURI/COA

5 . 19

RESOURCES - FRENCH COMMUNITY AND ASSOCIATION

Logo OpenStack-fr -

Meetups: Paris, Lyon, Toulouse, Montréal, etc.OpenStack Days France (Paris):

Attending events such as Paris Open Source SummitCommunication channels:

openstack-fr@lists.openstack.org#openstack-fr@Freenode

https://openstack.fr/ https://asso.openstack.fr/

https://openstackdayfrance.fr

5 . 20

USING OPENSTACK

6 . 1

PRINCIPLEAll the features are available through the APIClients (including Horizon) go through the APICredentials are required, with the OpenStackAPI:userpasswordproject (tenant)domain

6 . 2

OPENSTACK APISOne API per OpenStack serviceVersioned, backwards compatiblity is guaranteedBody of requests and responses is formatted withJSONREST architectureManaged resources are specific to a project

https://developer.openstack.org/#api

6 . 3

API ACCESSDirect, using HTTP, with tools like curlWith a libraryOfficial implementations in PythonOpenStackSDKOther implementations, including for other languages(example: jclouds)Shade (Python library which includes business logic)With official command line toolsWith HorizonThrough higher-level third-party tools (example: Terraform)

6 . 4

OFFICIAL CLIENTSOpenStack provides official clientsHistorically: python-PROJECTclient (Python library andCLI)Today: openstackclient (CLI)CLI toolsAuthentication is done by passing credentials as parameters,environment variables or configuration fileThe --debug parameter shows the HTTP connection

6 . 5

OPENSTACK CLIENTUnified CLI clientopenstack <resource ><action > commands (interactive shellavailable)Aims at replacing specific CLI clientsProvides a more homogeneous user experienceclouds.yaml configuration file

https://docs.openstack.org/python-openstackclient/latest/configuration/index.html#clouds-yaml

6 . 6

KEYSTONE: AUTHENTICATION, AUTHORIZATION AND SERVICECATALOG

6 . 7

PRINCIPLESKeystone is responsible for authentication and authorization

and service catalog.

Standard user authenticates against KeystoneAdmin user often interacts with Keystone

6 . 8

APIAPI v3: port 5000Manages:UsersUsers, groupsgroupsProjectsProjects (tenants)RolesRoles (link between user and project)DomainsDomainsServicesServices and endpointsendpoints (service catalog)Provides:TokensTokens (authentication tokens)

6 . 9

SERVICE CATALOGFor each service, multiple endpoints are possible dependingon:regioninterface type (public, internal, admin)

6 . 10

TYPICAL USAGE SCENARIO

Interactions with Keystone

6 . 11

NOVA: COMPUTE

6 . 12

PRINCIPLESMainly manages instancesinstancesInstances are created from images provided by GlanceInstances' network interfaces are associated with NeutronportsBlock storage can be provided to instances by Cinder

6 . 13

INSTANCE PROPERTIESEphemeral, a priori not HADefined by a flavorBuilt from an imageOptional: volume attachmentsOptional: boot from volumeOptional: public SSH keyOptional: network ports

6 . 14

APIManaged resources:

InstancesInstancesFlavorsFlavors (instance types)KeypairsKeypairs: resources dedicated to each user (not part of aproject)

6 . 15

ACTIONS ON INSTANCESReboot /shutdownSnapshotLogsVNC accessResizeMigration (admin)

6 . 16

GLANCE: IMAGE REGISTRY

6 . 17

PRINCIPLESImage (and snapshot) registryImage properties

6 . 18

APIAPI v2: current version, manages images and snapshotsAPI artifacts: future version, more common

6 . 19

IMAGE TYPESGlance supports a wide range of image types, limited by Nova's

underlying technology support

rawqcow2amivmdkiso

6 . 20

IMAGE PROPERTIES IN GLANCEThe user can define a number of properties among which some

will be used at instance creation

Image typeArchitectureDistributionDistribution versionMinimum diskspaceMinimum RAM

6 . 21

IMAGE SHARINGPublic image: available to all projectsBy default, only the admin can make an image publicShared image: available to one or multiple other project(s)

6 . 22

DOWNLOADING IMAGESMost OS provide regularly updated images:

Ubuntu : Debian : CentOS :

https://cloud-images.ubuntu.com/https://cdimage.debian.org/cdimage/openstack/https://cloud.centos.org/centos/

6 . 23

NEUTRON: NETWORK

6 . 24

APIThe API exposes these main resources:

Network: layer 2Subnet: layer 3Port: can be attached to an instance interface, a load-balancer, etc.RouterFloating IP, security group

6 . 25

FLOATING IPSIn addition to fixed IPs which are set on instancesAllocation (reservation for the project) of an IP from a poolAssociation of an allocated IP to a port (of an instance, forexample)Not directly set on instances

6 . 26

SECURITY GROUPSSimilar to a firewall in front of each instaneAn instance can be associated to one or multiple securitygroupsIngress and egress access rulesRules per protocol (TCP/UDP/ICMP) and portTargets an IP address, a network or another security group

6 . 27

ADDITIONAL FEATURESBeyond the basic L2 and L3 networking features, Neutron may

provide other services:

Load BalancingFirewall: different from security groupsVPN: to reach a private network without floatingIPsQoS

6 . 28

CINDER: BLOCK STORAGE

6 . 29

PRINCIPLESProvides volumes (block storage) that can be attached toinstancesManages different volume typesManages volume snapshots and volume backups

6 . 30

USAGEAdditional volume (and persistent storage) on an instanceBoot from volume: OS is on the volumeBackup to object store (Swift ou Ceph) feature

6 . 31

HEAT: ORCHESTRATION

6 . 32

PRINCIPLESHeat is the native OpenStack solution, orchestration serviceHeat provides an API to manage stacksstacks from templatestemplatesA Heat template follows the HOT (Heat OrchestrationTemplate) format, based on YAML

6 . 33

A HEAT ORCHESTRATION TEMPLATE (HOT) TEMPLATEparameters - resources - outputs

heat_template_version: 2013-05-23description: Simple template to deploy a single compute instanceresources:my_instance: type: OS::Nova::Server properties: key_name: my_key image: F18-x86_64-cfntools flavor: m1.small

6 . 34

BUILD A TEMPLATE FROM EXISTING RESOURCESMultiple projects are being developed

Flame (Cloudwatt)HOT builderMerlin

6 . 35

HORIZON : WEB DASHBOARD

6 . 36

PRINCIPLESProvides a web interfaceUses existing APIs to provide a user interfaceAbility to log in without specifiying a project: Horizondetermines the list of available projects

6 . 37

USAGEOne interface per project (ability to switch)Availability of the service catalogDownload of a clouds.yaml config fileRestricted “admin” area

6 . 38

CLOUD-READY ARCHITECTURES

7 . 1

DESIGN AN APPLICATION FOR THE CLOUD

7 . 2

ADAPT OR THINK “CLOUD READY” APPLICATIONS 1/3See OpenStack project design tenets and Twelve-Factor

Distributed rather than monolithic architectureEases scalingLimits failure domain

Loose coupling between components

https://12factor.net/

7 . 3

ADAPT OR THINK “CLOUD READY” APPLICATIONS 2/3Message bus for inter-component communicationStateless: allows multiple access routes to the applicationDynamic: application must adapt to its environnement andreconfigure itself when necessaryAllow deployment and operation using automation tools

7 . 4

ADAPT OR THINK “CLOUD READY” APPLICATIONS 3/3Limit as much as possible hardware or software specificdependencies that may not work in a cloudIntegrated fault toleranceDo not store data locally, but rather:

DatabaseObject storage

Use standard logging tools

7 . 5

DESIGN AN INFRASTRUCTURE FOR THE CLOUD

7 . 6

AUTOMATIONAutomate infrastructure management:mandatoryResources creationResources configuration

7 . 7

INFRASTRUCTURE AS CODEWork like a developerDescribe your infrastructure as code (Heat/Terraform,Ansible)Track changes in a VCS (git)Set up code reviewUse testing mechanismsTake advantage of continuous integration and deploymentsystems

7 . 8

ORCHESTRATION NEEDManage all kind of resources through a uniqueentrypointInfrastructure description in a file (template)Heat (included in OpenStack), Terraform

7 . 9

TESTS AND CONTINUOUS INTEGRATIONCode styleSyntax validationUnit testsIntegration testsFull deploymenttests

7 . 10

FAULT TOLERANCETake advantage of application abilitiesDon't try to make the compute infrastructureHA

7 . 11

AUTOSCALING GROUPGroup of similar instancesVariable number of instancesAutomated scaling depending onmetricsEnables horizontal scaling

7 . 12

MONITORINGTake into account instances' lifecycle: DOWN != ALERTMonitor the service rather than the server

7 . 13

BACKUPBe able to recreate your instances (and the rest of theinfrastructure)Data (application, logs): block, object

7 . 14

HOW TO MANAGE IMAGES?Use of generic images and personalization at launchCreation of intermediary and/or completely personalizedimages:

Cold modification: libguestfs, virt-builder, virt-sysprepModification through an instance: automation possiblewith PackerBuild from scratch: diskimage-builder (TripleO)Build from scratch with distribution-specific tools(openstack-debian-images for Debian)

7 . 15

CONCLUSION

8 . 1

POUR CONCLURELe cloud révolutionne l’ITOpenStack est le projet libre phare sur la partie IaaSL’utilisation d’un cloud IaaS implique des changements depratiqueLes métiers d’architecture logicielle et infra évoluent

8 . 2