程辉-openstack建设公有云平台实践.pdf

在这里写上你的标题 副标题文字副标题文字 作者名字/日期 副标题副标题副标题 DevOps in OpenStack Public Cloud Presented at OpenStack Summit, Fall 2012, San Diego Hui Cheng freedomhui@ | Community Manager of COSUG Technical Manager in Sina Corporation 2012/10/17 Why OpenStack? Why OpenStack? 00 01 02 03 04 05 写上你的文字你的文字 目录Open Source Apache 2 License 00 01 02 03 04 05 写上你的文字你的文字 目录Open Design Grizzly Design Summit 00 01 02 03 04 05 写上你的文字你的文字 目录Open Development Propose features in launchpad 00 01 02 03 04 05 写上你的文字你的文字 目录Open Development Code Review 00 01 02 03 04 05 写上你的文字你的文字 目录 OpenStack is the #2 FOSS foundation 1.The Linux Foundation = $9.6M 2.Openstack = $6M 3.Mozilla Foundation = $1.9M 4.The Apache Foundation - $0.53M 00 01 02 03 04 05 写上你的文字你的文字 目录Open Foundation Board Platinum Members(8) Gold Members(8) DreamHost, Cloudscaling, ITRI/CCAT, DELL, Piston, Mirantis, Yahoo!, Cisco 00 01 02 03 04 05 写上你的文字你的文字 目录Open Foundation Board Individual Members(8) “No one company may control more than two board seats” 00 01 02 03 04 05 写上你的文字你的文字 目录OpenStack Public Cloud However They never tell you how to operate their public cloud based on OpenStack! Content SinaCloud Introduction Challenges to build a OpenStack Public Cloud 1.Network topology 2.Security Enhancement 3.Storage Solution 4.Identity Integration 5.Billing & Monitoring 6.Dashboard Improvement Operate an production OpenStack 7.Platform stack 8.Automated Deployment 9.Continuous Integration 10. Project Management StackLab: A community OpenStack Public Cloud Summary 00 01 02 03 04 05 写上你的文字你的文字 目录 Cloud Requirement S •Largest infotainment web portal in China •Provides various on-line services, like news, Finance, video, email, blog hosting, etc. •Needs unified infrastructure & app platform to host heterogeneous services and apps. Sina Weibo •twitter-like microblog service •over350musers, #1 SNS in China. •huge influence on China's society •Weibo Open Platform to build a social ecosystem through Open API and cloud environmental. We are building a reliable, scalable and secure cloud platform to support our business and external customers. 00 01 02 03 04 05 写上你的文字你的文字 目录 •First and most popular PaaS cloud in China, launched in 2009 •Support PHP, Python and Java runtime. •250,000 developers, 380,000 apps running on SAE. First OpenStack based public IaaS cloud in China First commercial cloud app market in China. SaaS cloud based on SAE tech. Design for the common users, 1-Click purchase and install apps. SinaCloud Portfolio (Sina Cloud Market) 00 01 02 03 04 05 写上你的文字你的文字 目录 Sina OpenStack dev Team More info: http://www.openstack.org/blog/2012/10/how-sina-contributes-to-openstack/ For Community Top 9 contributor by bugfix at Essex Top 4 contributor either by changeset or bugfix at Folsom Contribute community project Dough, Kanyun addressing Monitoring and Billing Develop Island as Cinder would-be plugin Lead COSUG to be largest OpenStack user group Content SinaCloud Introduction Challenges to build a OpenStack Public Cloud 1.Network topology 2.Security Enhancement 3.Storage Solution 4.Identity Integration 5.Billing & Monitoring 6.Dashboard Improvement Operate an production OpenStack 7.Platform stack 8.Automated Deployment 9.Continuous Integration 10. Project Management StackLab: A community OpenStack Public Cloud Summary 00 01 02 03 04 05 写上你的文字你的文字 目录 Network Topology Nova-network vs Quantum Multi host Multi Talent Flat, FlatDHCP TunnelingSDNSec Group Dashboard Support Nova-Network Quantum Nova-Network is simple, robust and reliable, except lack of some advanced features. Quantum is not ready for production use, it’s OVS plugin has great potential to be open-source NVP solution. I would suggestion to continue use nova-network for production deployment until next release. 00 01 02 03 04 05 写上你的文字你的文字 目录 Nova-Network Flat Need external DHCP Server, and human intervention, not flexible, hardly use in practical deployment. FlatDHCP Like Amazon EC2 networking(not VPC, VPC corresponds to Quantum), VM get IP from single network pools. Simple, easy to hack. Widely used in public cloud, also preferred topology in many scenarios. VLAN A little complex, hardware configuration may be involved. Not suggest to use except strong requirement of tenant isolation, Network Topology —— Real User Case Nova Network(FlatDHCP+Multi-host) Capability: •Accessibility of all VMs in the fixed IP range •VM is able to access public network •VM can be accessible from public network Bonus: •Totally distributed architecture avoid single-point failure. •Multiple gateway eliminates NAT bottleneck •High speed between OS regions Drawback: •Tenant isolation lessens •Need security facility(SWS-filter) to protect intranet 00 01 02 03 04 05 写上你的文字你的文字 目录 Security Enhancement SWS Filter: a extension to security group in nova-network Used to filter egress traffic from VM to internal network Define whose traffic could be able to reach which internal network IP/segment. 00 01 02 03 04 05 写上你的文字你的文字 目录 。