SlideShare ist ein Scribd-Unternehmen logo

Deep Dive Into the CERN Cloud Infrastructure - November, 2013

Belmiro Moreira
Belmiro Moreira

Deep Dive Into the CERN Cloud Infrastructure OpenStack Design Summit, Hong Kong - November, 2013

Technologie
1 von 48
Downloaden Sie, um offline zu lesen
Deep Dive into the CERN Cloud Infrastructure Openstack Design Summit – Hong Kong, 2013 Belmiro Moreira belmiro.moreira@cern.ch @belmiromoreira
What is CERN? •  Conseil Européen pour la Recherche Nucléaire – aka European Organization for Nuclear Research •  Founded in 1954 with an international treaty •  20 state members, other countries contribute to experiments •  Situated between Geneva and the Jura Mountains, straddling the Swiss-French border 3
What is CERN? 4 CERN Cloud Experiment
What is CERN? CERN provides particle accelerators and other infrastructure for high-energy physics research 5 faqLHC the guide LINAC 2 Gran Sasso North Area LINAC 3 Ions East Area TI2 TI8 TT41TT40 CTF3 TT2 TT10 TT60 e– ALICE ATLAS LHCb CMS CNGS neutrinos neutrons p p SPS ISOLDEBOOSTER AD LEIR n-ToF LHC PS
LHC - Large Hadron Collider 6 https://www.google.com/maps/views/streetview/cern?gl=us
LHC and Experiments 7 CMS detector
LHC and Experiments 8 Proton-lead collisions at ALICE detector
CERN - Computer Center - Geneva, Switzerland 9 •  3.5 Mega Watts •  ~91000 cores •  ~120 PB HDD •  ~100 PB Tape •  ~310 TB Memory
CERN - Computer Center - Budapest, Hungary 10 •  2.5 Mega Watts •  ~20000 cores •  ~6 PB HDD
Computer Centers location 11
CERN IT Infrastructure in 2011 •  ~10k servers •  Dedicated compute, dedicated disk server, dedicated service nodes •  Mostly running on real hardware •  Server consolidation of some service nodes using Microsoft HyperV/ SCVMM •  ~3400 VMs (~2000 Linux, ~1400 Windows) •  Various other virtualization projects around •  Many diverse applications (”clusters”) •  Managed by different teams (CERN IT + experiment groups) 12
CERN IT Infrastructure challenges in 2011 •  Expected new Computer Center in 2013 •  Need to manage twice the servers •  No increase in staff numbers •  Increasing number of users / computing requirements •  Legacy tools - high maintenance and brittle 13
Why Build CERN Cloud Improve operational efficiency •  Machine reception and testing •  Hardware interventions with long running programs •  Multiple operating system demand Improve resource efficiency •  Exploit idle resources •  Highly variable load such as interactive or build machines Improve responsiveness •  Self-service 14
Identify a new Tool Chain •  Identify the tools needed to build our Cloud Infrastructure •  Configuration Manager tool •  Cloud Manager tool •  Monitoring tools •  Storage Solution 15
Strategy to deploy OpenStack •  Configuration infrastructure based on Puppet •  Community Puppet modules for OpenStack •  SLC6 Operating System •  EPEL/RDO - RPM Packages 16
Strategy to deploy OpenStack •  Deliver a production IaaS service though a series of time- based pre-production services of increasing functionality and Quality-of-Service •  Budapest Computer Center hardware deployed as OpenStack compute nodes •  Have an OpenStack production service in the Q2 of 2013 17
Pre-Production Infrastructure 18 Essex Folsom "Guppy" "Hamster" "Ibex" - Deployed on Fedora 16 - Community OpenStack puppet modules - Used for functionality tests - Limited integration with CERN infrastructure - Open to early adopters - Deployed on SLC6 and Hyper-V - CERN Network DB integration - Keystone LDAP integration - Open to a wider community (ATLAS, CMS, LHCb, …) - Some OpenStack services in HA - ~14000 cores June, 2012 October, 2012 March, 2013
OpenStack at CERN - grizzly release 19
OpenStack at CERN - grizzly release •  +2 Children Cells – Geneva and Budapest Computer Centers •  HA+1 architecture •  Ceilometer deployed •  Integrated with CERN accounts and network infrastructure •  Monitoring OpenStack components status •  Glance - Ceph backend •  Cinder - Testing with Ceph backend 20
Infrastructure Overview •  Adding ~100 compute nodes every week •  Geneva, Switzerland Cell •  ~11000 cores •  Budapest, Hungary Cell •  ~10000 cores •  Today we have +2500 VMs •  Several VMs have more than 8 cores 21
compute-nodescontrollers compute-nodes Architecture Overview 22 Child Cell Geneva, Switzerland Child Cell Budapest, Hungary Top Cell - controllers Geneva, Switzerland Load Balancer Geneva, Switzerland controllers
Architecture Components 23 rabbitmq - Keystone - Nova api - Nova conductor - Nova scheduler - Nova network - Nova cells - Glance api - Ceilometer agent-central - Ceilometer collector Controller - Flume - Nova compute - Ceilometer agent-compute Compute node - Flume - HDFS - Elastic Search - Kibana - MySQL - MongoDB - Glance api - Glance registry - Keystone - Nova api - Nova consoleauth - Nova novncproxy - Nova cells - Horizon - Ceilometer api - Cinder api - Cinder volume - Cinder scheduler rabbitmq Controller Top Cell Children Cells - Stacktach - Ceph - Flume
Infrastructure Overview •  SLC6 and Microsoft Windows 2012 •  KVM and Microsoft HyperV •  All infrastructure “puppetized” (also, windows compute nodes!) •  Using stackforge OpenStack puppet modules •  Using CERN Foreman/Puppet configuration infrastructure •  Master, Client architecture •  Puppet managed VMs - share the same configuration infrastructure 24
Infrastructure Overview •  HAProxy as load balancer •  Master and Compute nodes •  3+ Master nodes per Cell •  O(1000) Compute nodes per Child Cell (KVM and HyperV) •  3 availability zones per Cell •  Rabbitmq •  At least 3 brokers per Cell •  Rabbitmq cluster with mirrored queues 25
Infrastructure Overview •  MySql instance per Cell •  MySql managed by CERN DB team •  Running on top of Oracle CRS •  active/slave configuration •  NetApp storage backend •  Backups every 6 hours 26
Nova Cells •  Why Cells? •  Scale transparently between different Computer Centers •  With cells we lost functionality •  Security groups •  Live migration •  "Parents" don't know about “children” compute •  Flavors not propagated to "children” cells 27
Nova Cells •  Scheduling •  Random cell selection on Grizzly •  Implemented simple scheduler based on project •  CERN Geneva only, CERN Wigner only, “both” •  “both” selects the cell with more available free memory •  Cell/Cell communication doesn’t support multiple Rabbitmq servers •  https://bugs.launchpad.net/nova/+bug/1178541 28
Nova Network •  CERN network infrastructure 29 IP MAC CERN network DB VM VM VM VM VM
Nova Network •  Implemented a Nova Network CERN driver •  Considers the “host” picked by nova-scheduler •  MAC address selected from pre-registered addresses of “host” IP Service •  Updates CERN network database address with instance hostname and responsible of the device •  Network constraints in some nova operations •  Resize, Live-Migration 30
Nova Scheduler •  ImagePropertiesFilter •  linux/windows hypervisors in the same infrastructure •  ProjectsToAggregateFilter •  Projects need dedicated resources •  Instances from defined projects are created in specific Aggregates •  Aggregates can be shared by a set of projects •  Availability Zones •  Implemented “default_schedule_zones” 31
Nova Conductor •  Reduces “dramatically” the number of DB connections •  Conductor “bottleneck” •  Only 3+ processes for “all” DB requests •  General “slowness” in the infrastructure •  Fixed with backport •  https://review.openstack.org/#/c/42342/ 32
Nova Compute •  KVM and Hyper-V compute nodes share the same infrastructure •  Hypervisor selection based on “Image” properties •  Hyper-V driver still lacks some functionality on Grizzly •  Console access, metadata support with nova-network, resize support, ephemeral disk support, ceilometer metrics support 33
Keystone •  CERN’s Active Directory infrastructure •  Unified identity management across the site •  +44000 users •  +29000 groups •  ~200 arrivals/departures per month •  Keystone integrated with CERN Active Directory •  LDAP backend 34
Keystone •  CERN user subscribes the "cloud service” •  Created "Personal Tenant" with limited quota •  Shared projects created by request •  Project life cycle •  owner, member, admin – roles •  "Personal project" disabled when user leaves •  Delete resources (VMs, Volumes, Images, …) •  User removed from "Shared Projects" 35
Ceilometer •  Users are not directly billed •  Metering needed to adjust Project quotas •  mongoDB backend – sharded and replicated •  Collector, Central-Agent •  Running on “children” Cells controllers •  Compute-Agent •  Uses nova-api running on “children” Cells controllers 36
Glance •  Glance API •  Using glance api v1 •  python-glanceclient doesn’t support completely v2 •  Glance Registry •  With v1 we need to keep Glance Registry •  Only runs in Top Cell behind the load balancer •  Glance backend •  File Store (AFS) •  Ceph 37
Glance •  Maintain small set of SLC5/6 images as default •  Difficult to offer only the most updated set of images •  Resize and Live Migration not available if image is deleted from Glance •  Users can upload images up to 25GB •  Users don’t pay storage! •  Glance in Grizzly doesn’t support quotas per Tenant! 38
Cinder •  Ceph backend •  Still in evaluation •  SLC6 with qemu-kvm patched by Inktank to support RBD •  Cinder doesn't support cells in Grizzly •  Fixed with backport: https://review.openstack.org/#/c/31561/ 39
Ceph as Storage Backend •  3 PB cluster available for Ceph •  48 OSDs servers •  5 Monitors servers •  Initial testing with FIO, libaio, bs 256k fio --size=4g --bs=256k –numjobs=1 --direct=1 --rw=randrw --ioengine=libaio --name=/mnt/vdb1/tmp4 Rand RW Rand R Rand W 99 MB/s 103 MB/s 108 MB/s 40
Ceph as Storage Backend •  ulimits •  With more than >1024 OSDs, we’re getting various errors where clients cannot create enough processes •  authx for security (key lifecycle is a challenge as always) •  need librbd (from EPEL) 41
Monitoring - Lemon •  Monitor “physical” and virtual “servers” with Lemon 42
Monitoring - Flume, Elastic Search, Kibana •  How to monitor OpenStack status in all nodes? •  ERRORs, WARNINGs – log visualization •  identify in “real time” possible problems •  preserve all logs for analytics •  visualization of cloud infrastructure status •  service managers •  resource managers •  users 43
Monitoring - Flume, Elastic Search, Kibana 44 HDFS Flume gateway elasticsearch Kibana OpenStack infrastructure
Monitoring - Kibana 45
Monitoring - Kibana 46
Challenges •  Moving resources to the infrastructure •  +100 compute nodes per week •  15000 servers – more than 300000 cores •  Migration from Grizzly to Havana •  Deploy Neutron •  Deploy Heat •  Kerberos, X.509 user certificate authentication •  Keystone Domains 47
belmiro.moreira@cern.ch @belmiromoreira

Empfohlen

Multi-Cell OpenStack: How to Evolve Your Cloud to Scale - November, 2014
Multi-Cell OpenStack: How to Evolve Your Cloud to Scale - November, 2014Multi-Cell OpenStack: How to Evolve Your Cloud to Scale - November, 2014
Multi-Cell OpenStack: How to Evolve Your Cloud to Scale - November, 2014
Belmiro Moreira
 
Unveiling CERN Cloud Architecture - October, 2015
Unveiling CERN Cloud Architecture - October, 2015Unveiling CERN Cloud Architecture - October, 2015
Unveiling CERN Cloud Architecture - October, 2015
Belmiro Moreira
 
Tips Tricks and Tactics with Cells and Scaling OpenStack - May, 2015
Tips Tricks and Tactics with Cells and Scaling OpenStack - May, 2015Tips Tricks and Tactics with Cells and Scaling OpenStack - May, 2015
Tips Tricks and Tactics with Cells and Scaling OpenStack - May, 2015
Belmiro Moreira
 
Cern Cloud Architecture - February, 2016
Cern Cloud Architecture - February, 2016Cern Cloud Architecture - February, 2016
Cern Cloud Architecture - February, 2016
Belmiro Moreira
 
CPU Optimizations in the CERN Cloud - February 2016
CPU Optimizations in the CERN Cloud - February 2016CPU Optimizations in the CERN Cloud - February 2016
CPU Optimizations in the CERN Cloud - February 2016
Belmiro Moreira
 
Learning to Scale OpenStack
Learning to Scale OpenStackLearning to Scale OpenStack
Learning to Scale OpenStack
Rainya Mosher
 
10 Years of OpenStack at CERN - From 0 to 300k cores
10 Years of OpenStack at CERN - From 0 to 300k cores10 Years of OpenStack at CERN - From 0 to 300k cores
10 Years of OpenStack at CERN - From 0 to 300k cores
Belmiro Moreira
 
CERN OpenStack Cloud Control Plane - From VMs to K8s
CERN OpenStack Cloud Control Plane - From VMs to K8sCERN OpenStack Cloud Control Plane - From VMs to K8s
CERN OpenStack Cloud Control Plane - From VMs to K8s
Belmiro Moreira
 

Empfohlen

Multi-Cell OpenStack: How to Evolve Your Cloud to Scale - November, 2014
Multi-Cell OpenStack: How to Evolve Your Cloud to Scale - November, 2014Multi-Cell OpenStack: How to Evolve Your Cloud to Scale - November, 2014
Multi-Cell OpenStack: How to Evolve Your Cloud to Scale - November, 2014
Belmiro Moreira
 
Unveiling CERN Cloud Architecture - October, 2015
Unveiling CERN Cloud Architecture - October, 2015Unveiling CERN Cloud Architecture - October, 2015
Unveiling CERN Cloud Architecture - October, 2015
Belmiro Moreira
 
Tips Tricks and Tactics with Cells and Scaling OpenStack - May, 2015
Tips Tricks and Tactics with Cells and Scaling OpenStack - May, 2015Tips Tricks and Tactics with Cells and Scaling OpenStack - May, 2015
Tips Tricks and Tactics with Cells and Scaling OpenStack - May, 2015
Belmiro Moreira
 
Cern Cloud Architecture - February, 2016
Cern Cloud Architecture - February, 2016Cern Cloud Architecture - February, 2016
Cern Cloud Architecture - February, 2016
Belmiro Moreira
 
CPU Optimizations in the CERN Cloud - February 2016
CPU Optimizations in the CERN Cloud - February 2016CPU Optimizations in the CERN Cloud - February 2016
CPU Optimizations in the CERN Cloud - February 2016
Belmiro Moreira
 
Learning to Scale OpenStack
Learning to Scale OpenStackLearning to Scale OpenStack
Learning to Scale OpenStack
Rainya Mosher
 
10 Years of OpenStack at CERN - From 0 to 300k cores
10 Years of OpenStack at CERN - From 0 to 300k cores10 Years of OpenStack at CERN - From 0 to 300k cores
10 Years of OpenStack at CERN - From 0 to 300k cores
Belmiro Moreira
 
CERN OpenStack Cloud Control Plane - From VMs to K8s
CERN OpenStack Cloud Control Plane - From VMs to K8sCERN OpenStack Cloud Control Plane - From VMs to K8s
CERN OpenStack Cloud Control Plane - From VMs to K8s
Belmiro Moreira
 
Future Science on Future OpenStack
Future Science on Future OpenStackFuture Science on Future OpenStack
Future Science on Future OpenStack
Belmiro Moreira
 
Evolution of Openstack Networking at CERN
Evolution of Openstack Networking at CERNEvolution of Openstack Networking at CERN
Evolution of Openstack Networking at CERN
Belmiro Moreira
 
CERN User Story
CERN User StoryCERN User Story
CERN User Story
Tim Bell
 
20121017 OpenStack CERN Accelerating Science
20121017 OpenStack CERN Accelerating Science20121017 OpenStack CERN Accelerating Science
20121017 OpenStack CERN Accelerating Science
Tim Bell
 
Bruno Silva - eMedLab: Merging HPC and Cloud for Biomedical Research
Bruno Silva - eMedLab: Merging HPC and Cloud for Biomedical ResearchBruno Silva - eMedLab: Merging HPC and Cloud for Biomedical Research
Bruno Silva - eMedLab: Merging HPC and Cloud for Biomedical Research
Danny Abukalam
 
Euro ht condor_alahiff
Euro ht condor_alahiffEuro ht condor_alahiff
Euro ht condor_alahiff
vandersantiago
 
20190620 accelerating containers v3
20190620 accelerating containers v320190620 accelerating containers v3
20190620 accelerating containers v3
Tim Bell
 
Containers on Baremetal and Preemptible VMs at CERN and SKA
Containers on Baremetal and Preemptible VMs at CERN and SKAContainers on Baremetal and Preemptible VMs at CERN and SKA
Containers on Baremetal and Preemptible VMs at CERN and SKA
Belmiro Moreira
 
OpenStack High Availability
OpenStack High AvailabilityOpenStack High Availability
OpenStack High Availability
Jakub Pavlik
 
OpenNebulaConf2015 2.05 OpenNebula at the Leibniz Supercomputing Centre - Mat...
OpenNebulaConf2015 2.05 OpenNebula at the Leibniz Supercomputing Centre - Mat...OpenNebulaConf2015 2.05 OpenNebula at the Leibniz Supercomputing Centre - Mat...
OpenNebulaConf2015 2.05 OpenNebula at the Leibniz Supercomputing Centre - Mat...
OpenNebula Project
 
TripleO
TripleO TripleO
TripleO
Kiran Murari
 
Ovn vancouver
Ovn vancouverOvn vancouver
Ovn vancouver
Mason Mei
 
OpenStack Data Processing ("Sahara") project update - December 2014
OpenStack Data Processing ("Sahara") project update - December 2014OpenStack Data Processing ("Sahara") project update - December 2014
OpenStack Data Processing ("Sahara") project update - December 2014
Sergey Lukjanov
 
What's new in OpenStack Liberty
What's new in OpenStack LibertyWhat's new in OpenStack Liberty
What's new in OpenStack Liberty
Stephen Gordon
 
Enabling Scientific Workflows on FermiCloud using OpenNebula
Enabling Scientific Workflows on FermiCloud using OpenNebulaEnabling Scientific Workflows on FermiCloud using OpenNebula
Enabling Scientific Workflows on FermiCloud using OpenNebula
NETWAYS
 
Enhancing OpenStack FWaaS for real world application
Enhancing OpenStack FWaaS for real world applicationEnhancing OpenStack FWaaS for real world application
Enhancing OpenStack FWaaS for real world application
openstackindia
 
Monitoring Large-scale Cloud Infrastructures with OpenNebula
Monitoring Large-scale Cloud Infrastructures with OpenNebulaMonitoring Large-scale Cloud Infrastructures with OpenNebula
Monitoring Large-scale Cloud Infrastructures with OpenNebula
NETWAYS
 
Hostvn ceph in production v1.1 dungtq
Hostvn ceph in production v1.1 dungtqHostvn ceph in production v1.1 dungtq
Hostvn ceph in production v1.1 dungtq
Viet Stack
 
Openstack In Real Life
Openstack In Real LifeOpenstack In Real Life
Openstack In Real Life
Paul Guth
 
Leverage Mesos for running Spark Streaming production jobs by Iulian Dragos a...
Leverage Mesos for running Spark Streaming production jobs by Iulian Dragos a...Leverage Mesos for running Spark Streaming production jobs by Iulian Dragos a...
Leverage Mesos for running Spark Streaming production jobs by Iulian Dragos a...
Spark Summit
 
The OpenStack Cloud at CERN - OpenStack Nordic
The OpenStack Cloud at CERN - OpenStack NordicThe OpenStack Cloud at CERN - OpenStack Nordic
The OpenStack Cloud at CERN - OpenStack Nordic
Tim Bell
 
All about open stack
All about open stackAll about open stack
All about open stack
DataCentred
 

Weitere ähnliche Inhalte

Was ist angesagt?

Future Science on Future OpenStack
Future Science on Future OpenStackFuture Science on Future OpenStack
Future Science on Future OpenStack
Belmiro Moreira
 
Evolution of Openstack Networking at CERN
Evolution of Openstack Networking at CERNEvolution of Openstack Networking at CERN
Evolution of Openstack Networking at CERN
Belmiro Moreira
 
Containers on Baremetal and Preemptible VMs at CERN and SKA
Containers on Baremetal and Preemptible VMs at CERN and SKAContainers on Baremetal and Preemptible VMs at CERN and SKA
Containers on Baremetal and Preemptible VMs at CERN and SKA
Belmiro Moreira
 
OpenNebulaConf2015 2.05 OpenNebula at the Leibniz Supercomputing Centre - Mat...
OpenNebulaConf2015 2.05 OpenNebula at the Leibniz Supercomputing Centre - Mat...OpenNebulaConf2015 2.05 OpenNebula at the Leibniz Supercomputing Centre - Mat...
OpenNebulaConf2015 2.05 OpenNebula at the Leibniz Supercomputing Centre - Mat...
OpenNebula Project
 
What's new in OpenStack Liberty
What's new in OpenStack LibertyWhat's new in OpenStack Liberty
What's new in OpenStack Liberty
Stephen Gordon
 
Enabling Scientific Workflows on FermiCloud using OpenNebula
Enabling Scientific Workflows on FermiCloud using OpenNebulaEnabling Scientific Workflows on FermiCloud using OpenNebula
Enabling Scientific Workflows on FermiCloud using OpenNebula
NETWAYS
 
Enhancing OpenStack FWaaS for real world application
Enhancing OpenStack FWaaS for real world applicationEnhancing OpenStack FWaaS for real world application
Enhancing OpenStack FWaaS for real world application
openstackindia
 

Was ist angesagt? (20)

Future Science on Future OpenStack
Future Science on Future OpenStackFuture Science on Future OpenStack
Future Science on Future OpenStack
 
Evolution of Openstack Networking at CERN
Evolution of Openstack Networking at CERNEvolution of Openstack Networking at CERN
Evolution of Openstack Networking at CERN
 
CERN User Story
CERN User StoryCERN User Story
CERN User Story
 
20121017 OpenStack CERN Accelerating Science
20121017 OpenStack CERN Accelerating Science20121017 OpenStack CERN Accelerating Science
20121017 OpenStack CERN Accelerating Science
 
Bruno Silva - eMedLab: Merging HPC and Cloud for Biomedical Research
Bruno Silva - eMedLab: Merging HPC and Cloud for Biomedical ResearchBruno Silva - eMedLab: Merging HPC and Cloud for Biomedical Research
Bruno Silva - eMedLab: Merging HPC and Cloud for Biomedical Research
 
Euro ht condor_alahiff
Euro ht condor_alahiffEuro ht condor_alahiff
Euro ht condor_alahiff
 
20190620 accelerating containers v3
20190620 accelerating containers v320190620 accelerating containers v3
20190620 accelerating containers v3
 
Containers on Baremetal and Preemptible VMs at CERN and SKA
Containers on Baremetal and Preemptible VMs at CERN and SKAContainers on Baremetal and Preemptible VMs at CERN and SKA
Containers on Baremetal and Preemptible VMs at CERN and SKA
 
OpenStack High Availability
OpenStack High AvailabilityOpenStack High Availability
OpenStack High Availability
 
OpenNebulaConf2015 2.05 OpenNebula at the Leibniz Supercomputing Centre - Mat...
OpenNebulaConf2015 2.05 OpenNebula at the Leibniz Supercomputing Centre - Mat...OpenNebulaConf2015 2.05 OpenNebula at the Leibniz Supercomputing Centre - Mat...
OpenNebulaConf2015 2.05 OpenNebula at the Leibniz Supercomputing Centre - Mat...
 
TripleO
TripleO TripleO
TripleO
 
Ovn vancouver
Ovn vancouverOvn vancouver
Ovn vancouver
 
OpenStack Data Processing ("Sahara") project update - December 2014
OpenStack Data Processing ("Sahara") project update - December 2014OpenStack Data Processing ("Sahara") project update - December 2014
OpenStack Data Processing ("Sahara") project update - December 2014
 
What's new in OpenStack Liberty
What's new in OpenStack LibertyWhat's new in OpenStack Liberty
What's new in OpenStack Liberty
 
Enabling Scientific Workflows on FermiCloud using OpenNebula
Enabling Scientific Workflows on FermiCloud using OpenNebulaEnabling Scientific Workflows on FermiCloud using OpenNebula
Enabling Scientific Workflows on FermiCloud using OpenNebula
 
Enhancing OpenStack FWaaS for real world application
Enhancing OpenStack FWaaS for real world applicationEnhancing OpenStack FWaaS for real world application
Enhancing OpenStack FWaaS for real world application
 
Monitoring Large-scale Cloud Infrastructures with OpenNebula
Monitoring Large-scale Cloud Infrastructures with OpenNebulaMonitoring Large-scale Cloud Infrastructures with OpenNebula
Monitoring Large-scale Cloud Infrastructures with OpenNebula
 
Hostvn ceph in production v1.1 dungtq
Hostvn ceph in production v1.1 dungtqHostvn ceph in production v1.1 dungtq
Hostvn ceph in production v1.1 dungtq
 
Openstack In Real Life
Openstack In Real LifeOpenstack In Real Life
Openstack In Real Life
 
Leverage Mesos for running Spark Streaming production jobs by Iulian Dragos a...
Leverage Mesos for running Spark Streaming production jobs by Iulian Dragos a...Leverage Mesos for running Spark Streaming production jobs by Iulian Dragos a...
Leverage Mesos for running Spark Streaming production jobs by Iulian Dragos a...
 

Ähnlich wie Deep Dive Into the CERN Cloud Infrastructure - November, 2013

Openstack presentation
Openstack presentationOpenstack presentation
Openstack presentation
Sankalp Jain
 
Openstack Cactus Survey
Openstack Cactus SurveyOpenstack Cactus Survey
Openstack Cactus Survey
Pjack Chen
 
20140509 cern open_stack_linuxtag_v3
20140509 cern open_stack_linuxtag_v320140509 cern open_stack_linuxtag_v3
20140509 cern open_stack_linuxtag_v3
Tim Bell
 

Ähnlich wie Deep Dive Into the CERN Cloud Infrastructure - November, 2013 (20)

The OpenStack Cloud at CERN - OpenStack Nordic
The OpenStack Cloud at CERN - OpenStack NordicThe OpenStack Cloud at CERN - OpenStack Nordic
The OpenStack Cloud at CERN - OpenStack Nordic
 
All about open stack
All about open stackAll about open stack
All about open stack
 
Sanger OpenStack presentation March 2017
Sanger OpenStack presentation March 2017Sanger OpenStack presentation March 2017
Sanger OpenStack presentation March 2017
 
Kubernetes for Enterprise DevOps
Kubernetes for Enterprise DevOpsKubernetes for Enterprise DevOps
Kubernetes for Enterprise DevOps
 
2011 Essex Summit: Openstack/Hyper-V clouds
2011 Essex Summit: Openstack/Hyper-V clouds2011 Essex Summit: Openstack/Hyper-V clouds
2011 Essex Summit: Openstack/Hyper-V clouds
 
OpenStack and Windows
OpenStack and WindowsOpenStack and Windows
OpenStack and Windows
 
OpenStack London Meetup, 18 Nov 2015
OpenStack London Meetup, 18 Nov 2015OpenStack London Meetup, 18 Nov 2015
OpenStack London Meetup, 18 Nov 2015
 
Kubernetes Walk Through from Technical View
Kubernetes Walk Through from Technical ViewKubernetes Walk Through from Technical View
Kubernetes Walk Through from Technical View
 
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
 
LISA2017 Kubernetes: Hit the Ground Running
LISA2017 Kubernetes: Hit the Ground RunningLISA2017 Kubernetes: Hit the Ground Running
LISA2017 Kubernetes: Hit the Ground Running
 
Openstack presentation
Openstack presentationOpenstack presentation
Openstack presentation
 
Kubernetes Internals
Kubernetes InternalsKubernetes Internals
Kubernetes Internals
 
Leonid Vasilyev "Building, deploying and running production code at Dropbox"
Leonid Vasilyev "Building, deploying and running production code at Dropbox"Leonid Vasilyev "Building, deploying and running production code at Dropbox"
Leonid Vasilyev "Building, deploying and running production code at Dropbox"
 
Openstack Cactus Survey
Openstack Cactus SurveyOpenstack Cactus Survey
Openstack Cactus Survey
 
Testing kubernetes and_open_shift_at_scale_20170209
Testing kubernetes and_open_shift_at_scale_20170209Testing kubernetes and_open_shift_at_scale_20170209
Testing kubernetes and_open_shift_at_scale_20170209
 
OpenContrail Implementations
OpenContrail ImplementationsOpenContrail Implementations
OpenContrail Implementations
 
20140509 cern open_stack_linuxtag_v3
20140509 cern open_stack_linuxtag_v320140509 cern open_stack_linuxtag_v3
20140509 cern open_stack_linuxtag_v3
 
Climb Technical Overview
Climb Technical OverviewClimb Technical Overview
Climb Technical Overview
 
Lessions from building a high available cloud foudry on top of open stack
Lessions from building a high available cloud foudry on top of open stackLessions from building a high available cloud foudry on top of open stack
Lessions from building a high available cloud foudry on top of open stack
 
Kubernetes Introduction & Whats new in Kubernetes 1.6
Kubernetes Introduction & Whats new in Kubernetes 1.6Kubernetes Introduction & Whats new in Kubernetes 1.6
Kubernetes Introduction & Whats new in Kubernetes 1.6
 

Kürzlich hochgeladen

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 

Kürzlich hochgeladen (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 

Deep Dive Into the CERN Cloud Infrastructure - November, 2013

  • 1.
  • 2. Deep Dive into the CERN Cloud Infrastructure Openstack Design Summit – Hong Kong, 2013 Belmiro Moreira belmiro.moreira@cern.ch @belmiromoreira
  • 3. What is CERN? •  Conseil Européen pour la Recherche Nucléaire – aka European Organization for Nuclear Research •  Founded in 1954 with an international treaty •  20 state members, other countries contribute to experiments •  Situated between Geneva and the Jura Mountains, straddling the Swiss-French border 3
  • 4. What is CERN? 4 CERN Cloud Experiment
  • 5. What is CERN? CERN provides particle accelerators and other infrastructure for high-energy physics research 5 faqLHC the guide LINAC 2 Gran Sasso North Area LINAC 3 Ions East Area TI2 TI8 TT41TT40 CTF3 TT2 TT10 TT60 e– ALICE ATLAS LHCb CMS CNGS neutrinos neutrons p p SPS ISOLDEBOOSTER AD LEIR n-ToF LHC PS
  • 6. LHC - Large Hadron Collider 6 https://www.google.com/maps/views/streetview/cern?gl=us
  • 8. LHC and Experiments 8 Proton-lead collisions at ALICE detector
  • 9. CERN - Computer Center - Geneva, Switzerland 9 •  3.5 Mega Watts •  ~91000 cores •  ~120 PB HDD •  ~100 PB Tape •  ~310 TB Memory
  • 10. CERN - Computer Center - Budapest, Hungary 10 •  2.5 Mega Watts •  ~20000 cores •  ~6 PB HDD
  • 12. CERN IT Infrastructure in 2011 •  ~10k servers •  Dedicated compute, dedicated disk server, dedicated service nodes •  Mostly running on real hardware •  Server consolidation of some service nodes using Microsoft HyperV/ SCVMM •  ~3400 VMs (~2000 Linux, ~1400 Windows) •  Various other virtualization projects around •  Many diverse applications (”clusters”) •  Managed by different teams (CERN IT + experiment groups) 12
  • 13. CERN IT Infrastructure challenges in 2011 •  Expected new Computer Center in 2013 •  Need to manage twice the servers •  No increase in staff numbers •  Increasing number of users / computing requirements •  Legacy tools - high maintenance and brittle 13
  • 14. Why Build CERN Cloud Improve operational efficiency •  Machine reception and testing •  Hardware interventions with long running programs •  Multiple operating system demand Improve resource efficiency •  Exploit idle resources •  Highly variable load such as interactive or build machines Improve responsiveness •  Self-service 14
  • 15. Identify a new Tool Chain •  Identify the tools needed to build our Cloud Infrastructure •  Configuration Manager tool •  Cloud Manager tool •  Monitoring tools •  Storage Solution 15
  • 16. Strategy to deploy OpenStack •  Configuration infrastructure based on Puppet •  Community Puppet modules for OpenStack •  SLC6 Operating System •  EPEL/RDO - RPM Packages 16
  • 17. Strategy to deploy OpenStack •  Deliver a production IaaS service though a series of time- based pre-production services of increasing functionality and Quality-of-Service •  Budapest Computer Center hardware deployed as OpenStack compute nodes •  Have an OpenStack production service in the Q2 of 2013 17
  • 18. Pre-Production Infrastructure 18 Essex Folsom "Guppy" "Hamster" "Ibex" - Deployed on Fedora 16 - Community OpenStack puppet modules - Used for functionality tests - Limited integration with CERN infrastructure - Open to early adopters - Deployed on SLC6 and Hyper-V - CERN Network DB integration - Keystone LDAP integration - Open to a wider community (ATLAS, CMS, LHCb, …) - Some OpenStack services in HA - ~14000 cores June, 2012 October, 2012 March, 2013
  • 19. OpenStack at CERN - grizzly release 19
  • 20. OpenStack at CERN - grizzly release •  +2 Children Cells – Geneva and Budapest Computer Centers •  HA+1 architecture •  Ceilometer deployed •  Integrated with CERN accounts and network infrastructure •  Monitoring OpenStack components status •  Glance - Ceph backend •  Cinder - Testing with Ceph backend 20
  • 21. Infrastructure Overview •  Adding ~100 compute nodes every week •  Geneva, Switzerland Cell •  ~11000 cores •  Budapest, Hungary Cell •  ~10000 cores •  Today we have +2500 VMs •  Several VMs have more than 8 cores 21
  • 22. compute-nodescontrollers compute-nodes Architecture Overview 22 Child Cell Geneva, Switzerland Child Cell Budapest, Hungary Top Cell - controllers Geneva, Switzerland Load Balancer Geneva, Switzerland controllers
  • 23. Architecture Components 23 rabbitmq - Keystone - Nova api - Nova conductor - Nova scheduler - Nova network - Nova cells - Glance api - Ceilometer agent-central - Ceilometer collector Controller - Flume - Nova compute - Ceilometer agent-compute Compute node - Flume - HDFS - Elastic Search - Kibana - MySQL - MongoDB - Glance api - Glance registry - Keystone - Nova api - Nova consoleauth - Nova novncproxy - Nova cells - Horizon - Ceilometer api - Cinder api - Cinder volume - Cinder scheduler rabbitmq Controller Top Cell Children Cells - Stacktach - Ceph - Flume
  • 24. Infrastructure Overview •  SLC6 and Microsoft Windows 2012 •  KVM and Microsoft HyperV •  All infrastructure “puppetized” (also, windows compute nodes!) •  Using stackforge OpenStack puppet modules •  Using CERN Foreman/Puppet configuration infrastructure •  Master, Client architecture •  Puppet managed VMs - share the same configuration infrastructure 24
  • 25. Infrastructure Overview •  HAProxy as load balancer •  Master and Compute nodes •  3+ Master nodes per Cell •  O(1000) Compute nodes per Child Cell (KVM and HyperV) •  3 availability zones per Cell •  Rabbitmq •  At least 3 brokers per Cell •  Rabbitmq cluster with mirrored queues 25
  • 26. Infrastructure Overview •  MySql instance per Cell •  MySql managed by CERN DB team •  Running on top of Oracle CRS •  active/slave configuration •  NetApp storage backend •  Backups every 6 hours 26
  • 27. Nova Cells •  Why Cells? •  Scale transparently between different Computer Centers •  With cells we lost functionality •  Security groups •  Live migration •  "Parents" don't know about “children” compute •  Flavors not propagated to "children” cells 27
  • 28. Nova Cells •  Scheduling •  Random cell selection on Grizzly •  Implemented simple scheduler based on project •  CERN Geneva only, CERN Wigner only, “both” •  “both” selects the cell with more available free memory •  Cell/Cell communication doesn’t support multiple Rabbitmq servers •  https://bugs.launchpad.net/nova/+bug/1178541 28
  • 29. Nova Network •  CERN network infrastructure 29 IP MAC CERN network DB VM VM VM VM VM
  • 30. Nova Network •  Implemented a Nova Network CERN driver •  Considers the “host” picked by nova-scheduler •  MAC address selected from pre-registered addresses of “host” IP Service •  Updates CERN network database address with instance hostname and responsible of the device •  Network constraints in some nova operations •  Resize, Live-Migration 30
  • 31. Nova Scheduler •  ImagePropertiesFilter •  linux/windows hypervisors in the same infrastructure •  ProjectsToAggregateFilter •  Projects need dedicated resources •  Instances from defined projects are created in specific Aggregates •  Aggregates can be shared by a set of projects •  Availability Zones •  Implemented “default_schedule_zones” 31
  • 32. Nova Conductor •  Reduces “dramatically” the number of DB connections •  Conductor “bottleneck” •  Only 3+ processes for “all” DB requests •  General “slowness” in the infrastructure •  Fixed with backport •  https://review.openstack.org/#/c/42342/ 32
  • 33. Nova Compute •  KVM and Hyper-V compute nodes share the same infrastructure •  Hypervisor selection based on “Image” properties •  Hyper-V driver still lacks some functionality on Grizzly •  Console access, metadata support with nova-network, resize support, ephemeral disk support, ceilometer metrics support 33
  • 34. Keystone •  CERN’s Active Directory infrastructure •  Unified identity management across the site •  +44000 users •  +29000 groups •  ~200 arrivals/departures per month •  Keystone integrated with CERN Active Directory •  LDAP backend 34
  • 35. Keystone •  CERN user subscribes the "cloud service” •  Created "Personal Tenant" with limited quota •  Shared projects created by request •  Project life cycle •  owner, member, admin – roles •  "Personal project" disabled when user leaves •  Delete resources (VMs, Volumes, Images, …) •  User removed from "Shared Projects" 35
  • 36. Ceilometer •  Users are not directly billed •  Metering needed to adjust Project quotas •  mongoDB backend – sharded and replicated •  Collector, Central-Agent •  Running on “children” Cells controllers •  Compute-Agent •  Uses nova-api running on “children” Cells controllers 36
  • 37. Glance •  Glance API •  Using glance api v1 •  python-glanceclient doesn’t support completely v2 •  Glance Registry •  With v1 we need to keep Glance Registry •  Only runs in Top Cell behind the load balancer •  Glance backend •  File Store (AFS) •  Ceph 37
  • 38. Glance •  Maintain small set of SLC5/6 images as default •  Difficult to offer only the most updated set of images •  Resize and Live Migration not available if image is deleted from Glance •  Users can upload images up to 25GB •  Users don’t pay storage! •  Glance in Grizzly doesn’t support quotas per Tenant! 38
  • 39. Cinder •  Ceph backend •  Still in evaluation •  SLC6 with qemu-kvm patched by Inktank to support RBD •  Cinder doesn't support cells in Grizzly •  Fixed with backport: https://review.openstack.org/#/c/31561/ 39
  • 40. Ceph as Storage Backend •  3 PB cluster available for Ceph •  48 OSDs servers •  5 Monitors servers •  Initial testing with FIO, libaio, bs 256k fio --size=4g --bs=256k –numjobs=1 --direct=1 --rw=randrw --ioengine=libaio --name=/mnt/vdb1/tmp4 Rand RW Rand R Rand W 99 MB/s 103 MB/s 108 MB/s 40
  • 41. Ceph as Storage Backend •  ulimits •  With more than >1024 OSDs, we’re getting various errors where clients cannot create enough processes •  authx for security (key lifecycle is a challenge as always) •  need librbd (from EPEL) 41
  • 42. Monitoring - Lemon •  Monitor “physical” and virtual “servers” with Lemon 42
  • 43. Monitoring - Flume, Elastic Search, Kibana •  How to monitor OpenStack status in all nodes? •  ERRORs, WARNINGs – log visualization •  identify in “real time” possible problems •  preserve all logs for analytics •  visualization of cloud infrastructure status •  service managers •  resource managers •  users 43
  • 44. Monitoring - Flume, Elastic Search, Kibana 44 HDFS Flume gateway elasticsearch Kibana OpenStack infrastructure
  • 47. Challenges •  Moving resources to the infrastructure •  +100 compute nodes per week •  15000 servers – more than 300000 cores •  Migration from Grizzly to Havana •  Deploy Neutron •  Deploy Heat •  Kerberos, X.509 user certificate authentication •  Keystone Domains 47