[OpenStack Day in Korea 2015] Track 1-6 - 갈라파고스의 이구아나, 인프라에 오픈소스를 올리다. 그래서 보이는 오픈 스택

갈라파고스의 이구아나
인프라에 오픈소스를 올리다.
그래서 보이는 오픈스택
장재민

스마일서브
● IDC 운영 지식공유
– http://idchowto.com
● 화사대표 도메인
– http://cloudv.kr
● 게임엔진서비스
– http://igamev.com
● 2002.06
● 69 : 60

목차
● 베어메탈 서버 배포
● 서버환경
– 전원관리
– 콘솔
● 배포할 운영체제
● 운영체제 배포
● 네트워크
● 네트워크 보안
● ARM Server 그리고 POE

전원 관리
● Power on
– IPMI 2.0 / wol
– apt-get install ipmitool wakeonlan
● Power off
– Ipmitool / shutdown(?)
● Power reset
– ipmitool

Key Features
1. Intel® Xeon® X3400 / L3400 series,
Core™ i3 & Pentium® processors
with LGA 1156 socket2. Intel® 3420 Chipset3. Up to 32GB DDR3
1333/1066/800MHz
ECC Registered DIMM / 16GB
Unbuffered DIMM4. Dual Intel® 82574L Gigabit Ethernet
Controllers5. 6x SATA (3 Gbps) Ports
RAID 0, 1, 5, 106. 2 (x8) PCI-Express 2.0,
1 (x4) PCI-Express (using x8 slot),
1 32-bit PCI slot7. Integrated IPMI 2.0 with KVM and
Dedicated LAN8. 7x USB (2 rear, 1 on-board, 2 headers)

VNC vs SPICE
● NoVNC
– vncproxy
● Spice : HTML5
– Spice + websockfy

구분 버전
CentOS 32bit 5.X, 6.X, 7.X (Final version)
64bit 5.X, 6.X, 7.X (Final version)
Fedora 32bit 15, 16, 17, 18, 19, 20
64bit 15, 16, 17, 18, 19, 20
Redhat 32bit 7, 8, 9
64bit 제공되지 않음.
SULinux 32bit 1.0, 1.5, 2.0
64bit 2.0
OpenSuse 32bit 10.3, 11.4, 12.1
64bit 10.3, 11.4, 12.1
Ubuntu 32bit 10.X, 11.X, 12.X, 13.X
64bit 10.X, 11.X, 12.X, 13.X, 14.X
Debian 32bit 5.X, 6.X
64bit 5.X, 6.X
FreeBSD 32bit 6.X, 7.X, 8.X, 9.X
64bit 6.X, 7.X, 8.X, 9.X
Gentoo 32bit 2011, 2012, 2013
64bit 2011, 2012, 2013
안녕Linux 32bit 제공되지 않음
64bit 1.2, 1.3, 1.3-R2, 1.3-R3, 1.3-R4, 1.3-R5
ArchLinux 32bit 2012.10.06, 2013.11.01
64bit 2012.10.06, 2013.11.01
AsteriskNOW 32bit / 64bit 3.0.0
12/6712/67

배포할 운영체제 이미지

● Kickstart Installation
● Preinstalled OS Image
– Sysprep
● debootstrap
● yumbootstrap
– tool for installing Yum-based distributions (Red Hat, CentOS, Fedora)
in a chroot directory
– https://github.com/dozzie/yumbootstrap
● http://ftp.cloudv.kr
– http://ftp.cloudv.kr/openstack-image

● Ubuntu Cloud Image
– Ubuntu Cloud Images are pre-installed disk images that have been customized by
Ubuntu engineering to run on cloud-platforms
– https://cloud-images.ubuntu.com/
● Redhat Cloud Image
– Downloading Pre-Built Images for OpenStack
● https://openstack.redhat.com/Image_resources
– Image builder
● Diskimage-builder
● Image factory
– http://imgfac.org/
● Openstack
– Get Images
● http://docs.openstack.org/image-guide/content/ch_obtaining_images.html
– Linux Image Requirements
● Disk partitions and resize root partition on boot (cloud-init)
– Cloud-intiramfs-growroot
● No hard-coded MAC address information
● Disable Firewall and ssh server running

dhcpd
tftpd
Iscsi target
1) request to deploy
Node-controller
Baremetal DB
Image DB
4) Power on
5) DHCP request
6) DHCP reply with bootparams
7) Download boot image
8) connect iscsi
10) iscsi boot
11) copy image to local
12) fix the ip address
3) enable pxe
2) Select Barebone
Preinstalled OS Image DB
11) copied and reboot
12) disable pxe
Fixed IP
NIC or MB : iscsi support

dhcpd
tftpd
Iscsi target
1) request to deploy
Node-controller
Baremetal DB
Image DB
4) Power on
5) DHCP request
6) DHCP reply with bootparams
7) Download boot image
8) connect iscsi
10) iscsi boot
3) enable pxe
2) Select Barebone
Preinstalled OS Image DB
11) deployed
12) disable pxe
Fixed IP
NIC or MB : iscsi support

quantumglance nova-scheduler
Bare Metal Nodes
nova-computer
6) fetch images 5) plug VIFs 2) apply filters &
find available node
1) nova boot ...
nova-api
message
queues
nova-conductor
Nova
Database
Baremetal
Database
4) get info & claim mode
12) update instance state
11) update status of node
9 ) write image
10) reboot
Nova-baremetal-deploy-helper
3) ComputeManager calls
driver.spwan()
IPMI + PXE
Deployment (PXE)

Build Information
ARP, routing protocols,
MAC learning
Store Information
L2/L3 Information
Forwarding
Decision
Forwarding Path
Port1
Port2
Control Plane Data Plane
Network Switch

● Ports
– 10GbE SFP+ 48 Ports. 10GbE or 1GbE
– 40GbE QSFP 4 Ports. 40GbE or 4x10GbE
● Performance
– Forwarding 960 Mpps
– Throughput 1.28 Tbps line rate L2 and L3 switching
● Software
– Installer Loaded with Open Network Install Environment (ONIE)
– SwitchOS Compatible with Cumulus Linux r1.5.1 and later

Open Network Install Environment
● Combines a boot loader with a modern Linux kernel
and BusyBox
● Disruptive, liberating users from a captive, pre-installed
network OS
● Manage your switches like you manage your Linux
servers
● Provides an environment for installing any network OS
● Helps automate large scale data center switch
provisioning

Pica8 PicOS
●
Network operation system using user space standard Debian Linux environment
● Leverage vast array of standard Linux tools as a common management and operations
framework
●
Zero Touch Provisioning (ZTP) functionality coupled with ONIE delivers a true bare metal
to application environment.
●
Rich Layer-2 protocol stack with MLAG, seamlessly integrating into existing architectures
●
Full Layer-2 & Layer-3 ACL support
●
IPv4 & IPv6 Static Routing
●
Open vSwitch (OVS) Mode provides Industry-leading OpenFlow 1.3 support and
integration with open networking software like OpenStack
https://github.com/Pica8/Openstack-Neutron/wiki
ml2_conf.ini mechanism_drivers = openvswitch,pica8

Netfilter
Stateful firewall
Conntrack
table full, dropping packet

Elcap firewall service
● Netfilter control hub
– Geoip, ipset
– Stateless firewall
– Global ruleset
– Network traffic meter
● IDC내 트래픽 무료
● 클라우드 솔루션 / 클러스터 솔루션 설치
– Ikvm gateway

Speed Bits/sec Bytes/second Max PPS
10Mbps 10,000,000 1,250,000 14,881
100Mbps 100,000,000 12,500,000 148,810
1Gbps 1,000,000,000 125,000,000 1,488,095
10Gbps 10,000,000,000 1,250,000,000 14,880,952

Intel DPDK
● Netfilter ?
– DPDK is a user-mode tcp/ip stack and replaces the entirety of the
kernel stack including netfilter and iptables.
● Intel DPDK + OVS
– Requirements
● Intel Xeon Processor E5 Family / Intel Atom Porcessor C2000 Family
– Intel DPDK 1.7.1
– https://github.com/01org/dpdk-ovs
– https://wiki.linaro.org/LNG/Engineering/OVSDPDKOnUbuntu
● Netvm
https://www.usenix.org/conference/nsdi14/technical-sessions/presentation/hwang

netflow vs sflow
● Fprobe-ng
● Packet sampling => pseudo sflow
– # -A -m statistic - - mode nth 10 -j ULOG
– # apt-get install fprobe-ng

Openstack, Linux, Netfilter
DDOS Attack

OVS + Conntrack
VS
Bridge + iptables
http://www.slideshare.net/ThomasGraf5/ovs-41973875
https://github.com/justinpettit/ovs/tree/conntrack
# iptable -t raw -I PREROUTING
-m phydev –physdev-in eth1
-m set --set BLACK_HOLE src -j DROP

Openstack and arp posioning
. ebtables manager
Netfilter
ebtables -A FORWARD -p IPv4 --ip-src
172.16.1.4 -s ! 00:11:22:33:44:55 -j DROP
iptables -A FORWARD -s 172.16.1.4 -m mac !
--mac-source 00:11:22:33:44:55 -j DROP
https://github.com/openstack/neutron-specs/blob/master/specs/kilo/arp-spoof-filtering-ebtables.rst
https://launchpadlibrarian.net/164709417/iptables_firewall_basic_spoofing.patch

CPU Freescale i.MX6 1 GHz Quad Core
Memory 1 Gybtes
Flash 4 Gbytes
LAN : 10/100/1000 Mbps
Power : POE 전용 / 802.3AF
OS : Ubuntu linaro 11.x / 12.04
Kernel : 3.0.35.custom

Nework namespace
● CLONE_NEWNET
● CONFIG_NET_NS since LINUX 2.6.29
● Separate network stack
– network addresses
– nftables/netfilter rules
– loopback interface for name space
● veth intreface(CONFIG_VETH), ip netns

Install Guides
Operations And Administration Guides
Cloud Administrator Guide
High Availability Guide
Operations Guide
Security Guide
Virtual Machine Image Guide
Architecture Design Guide
Configuration Guides
Architecture Design Guide
Configuration Reference
Cloud Administrator Guide
High Availability Guide
Operations Guide
Security Guide
Virtual Machine Image Guide
User Guides
API Quick Start
End User Guide (includes Python SDK)
Admin User Guide
Command-Line Interface Reference
Open source software for application development

[OpenStack Day in Korea 2015] Track 1-6 - 갈라파고스의 이구아나, 인프라에 오픈소스를 올리다. 그래서 보이는 오픈 스택

Related slideshows

More Related Content

[OpenStack Day in Korea 2015] Track 1-6 - 갈라파고스의 이구아나, 인프라에 오픈소스를 올리다. 그래서 보이는 오픈 스택