Development for Fully-Automated Bare Metal …...Title Development for Fully-Automated Bare Metal...

Copyright 2015 FUJITSU LIMITED

Development for

Fully-Automated Bare Metal

Provisioning in OpenStack

June 5, 2015

Hironori Shiina

Fujitsu Limited

0


OpenStack Ironic overview

Our development for baremetal provisioning

Automated provisioning with multi tenancy

Network isolation with automated network configuration

Agenda

1

OpenStack Ironic overview

Copyright 2015 FUJITSU LIMITED2

Demands for baremetal cloud

Workloads requiring high performance are unsuited for VMs(e.g. Enterprise database)

Some users cannot allow to be affected by other users

Easy deployment is required for baremetal like VM deployment

Automated setup

On demand deployment


OpenStack Ironic

Ironic provides baremetal provisioning

Officially released since OpenStack Kilo (Apr, 2015)

Users can request baremetal instances with the same interface as VM instances


VM VM VM Baremetal Baremetal

Request VM Request baremetal

deploy deploy

Nova

Hypervisor

Nova

Ironic

4

Architecture of Ironic


Baremetal node

Baremetal node

Baremetal node

Request baremetal deployment

Get OS image

Connect network

Control baremetal nodes

Ironic

Nova

Ironic API

Neutron

Glance

Ironic Conductor

Driver

5

Drivers

Provides interface between Ironic and baremetal nodes

Default diver controls nodes with IPMI (commonly available)

Hardware vendors implement their own drivers to provide improved performance and additional functions

iRMC driver (Fujitsu)

iLO driver (HP)

DRAC driver (Dell)

etc...

Various deployment methods are implemented by drivers

PXE boot

Ironic Python Agent

Virtual media deployment


System overview


Controller node

Network node

Compute node

Management Network

Baremetal node Baremetal node

OOB Network

BMC BMC

Data Network

User Traffic

Power Management

External

Network

Control OpenStack

Nova Neutron

Glance

Neutron Agents

DHCP L3 Nova Ironic

Each node represents a physical server

7

Set up Ironic

Before Deployment, administrator needs setup

Enroll baremetal nodes to Ironic

Register node specs (CPU number, Memory size, etc...)

Register MAC address as a port

Register a driver and enroll BMC access information

Create flavors for baremetal deployment(User requests a baremetal node by selecting a flavor)

Create disk images for baremetal

Deployment image (only used for deployment)

• bm-deploy-kernel and bm-deploy-ramdisk

User OS image

• user-image, user-image-vmlinuz and user-image-initrd


Overview of Deployment

1. Ironic powers on a baremetal node using a driver

2. The baremetal node gets a deployment image

3. The deployment image configures iSCSI target

4. Ironic copies a user OS image to the baremetal node

5. Ironic reboots the baremetal node

6. The baremetal is booted by the user image


Baremetal node

Ironic

Compute node

tftp

Network node

dhcp

Power management

user OS image

IP address

deployment image

iSCSI target

9

Our development for automated provisioning


More advanced features are required

Current Ironic function

Power management

Deploy OS

Ironic community continues enhancing Ironic functions

More features are necessary to use baremetal nodes like VMs

Multi tenancy

Attach virtual volumes (cinder integration)

Security groups

Etc...

We focus on multi tenancy in this presentation


Our Goal

For the multi tenancy, network isolation is necessary

Network isolation requires some configuration to physical switches

We will automate network configuration for multi tenancy


Baremetal

Switch

Baremetal

Baremetal Baremetal

Tenant1

Tenant2

VLAN100

VLAN200

Automated

configurationMulti

Tenancy

12

First idea

First, we thought of dividing network with VLAN simply

When deploying, all baremetal nodes need to get OS image from Ironic


BaremetalIronic

Switch

Baremetal

Baremetal

Tenant1

Tenant2

VLAN100

VLAN200

Need to access Ironic

for deployment

13

Next idea

Could we add a Ironic node to another tenant?


BaremetalIronic

Switch

Baremetal

IronicBaremetal Baremetal

Tenant1

Tenant2

VLAN100

VLAN200

14

Should each tenant have a node for Ironic?

The idea is not practical because it consumes too many nodes for Ironic


Ironic

・・・

Baremetal Baremetal

Ironic Baremetal Baremetal

Ironic Baremetal Baremetal

15

Our solution

One Ironic manages multiple tenants

Use two types of VLAN

Deployment VLAN

• Created by administrator as a Neutron network

• Ironic compute node is connected to this VLAN

• Each baremetal node connects to this VLAN only when deployment

Tenant VLAN

• Created by a tenant user as a Neutron network

• Baremetal nodes in a tenant connect to this type of VLAN after deployment

Switch VLAN types before and after deployment


Control physical switches

Control switches by Neutron plugin

Configure VLAN of a port in our solution

We’re planning to implement this plugin as a ML2 mechanism driver


Physical Switch

Request configuring VLAN

Configure VLAN

Ironic Conductor Neutron Server

Neutron plugin

(ML2 mechanism driver)

Ironic Neutron

17

Our solution overview (1/4)

A baremetal node is deployed by using the deployment VLAN


Ironic

Untagged

VLAN 100

Switch

Untagged

VLAN 100

Untagged

VLAN 200

Copy OS imageBaremetal

(Deploying)

Baremetal

(Deployed)

Tenant 1

Deployment VLAN

VLAN ID

100:Deployment

200:Tenant1

18


After deployment, Ironic changes the VLAN ID so that the baremetal node connects to the tenant VLAN


Ironic

Untagged

VLAN 100

Switch

Untagged

VLAN 200

Untagged

VLAN 200

Baremetal

(Deployed)

Baremetal

(Deployed)

Tenant 1

Change VLAN IDTenant VLAN

Neutron

Plug in

VLAN ID

100:Deployment

200:Tenant1

19


A baremetal node of another tenant also can be deployed by using the deployment VLAN


Ironic

Untagged

VLAN 100

Switch

Untagged

VLAN 200

Untagged

VLAN 200

Baremetal

(Deployed)

Baremetal

(Deployed)

Tenant 1

Baremetal

(Deploying)

Untagged

VLAN 100

Tenant 2

Copy OS image

VLAN ID

100:Deployment

200:Tenant1

300:Tenant2

20


By switching VLANs, Ironic can manage all tenants


Ironic

Untagged

VLAN 100

Switch

Untagged

VLAN 200

Untagged

VLAN 200

Baremetal

(Deployed)

Baremetal

(Deployed)

Tenant 1

Baremetal

(Deployed)

Untagged

VLAN 300

Tenant 2

Baremetal

(Deployed)

Untagged

VLAN 300

Communicate

in a tenant

Communicate

in a tenant

Multi

Tenancy

VLAN ID

100:Deployment

200:Tenant1

300:Tenant2

21

Deployment flow (preparation)

Administrator operations

1. Create a Neutron network (Deployment VLAN)Then, Neutron creates a DHCP server on the network

2. Set untagged VLAN for the Ironic compute node


Baremetal node

BMCNetwork nodeCompute node

Switch

Ironic

OOB Network

NIC

tftp

NIC

br-eth

br-int

dhcp

(deploy)

NIC

trunkuntagged VLAN

(deployment)

Data Network

1

2

22

Deployment flow (1/6)

1. Tenant user creates a network (tenant VLAN)Then, Neutron creates a DHCP server for the network

2. The user requests baremetal provisioning on the network


Baremetal node


Switch

Ironic

OOB Network

NIC

tftp

Data Network

NIC

br-eth

br-int

dhcp

(deploy)

NIC

trunkuntagged VLAN

(deployment)

dhcp

(tenant)

1

23


3. Ironic configures an untagged VLAN ID of deployment VLAN to the port connected to the baremetal node

4. Ironic powers on the baremetal node


Baremetal node


Switch

Ironic

OOB Network

NIC

tftp

NIC

br-eth

br-int

dhcp

(deploy)

NIC

trunkuntagged VLAN

(deployment)

dhcp

(tenant)

Power on

Data Network

3

4

untagged VLAN

(deployment)

Neutron

Plugin

24


5. The baremetal node gets an IP address from the DCHP server on the deployment VLAN

6. The baremetal loads a deployment image from the tftp server


Baremetal node


Switch

Ironic

OOB Network

NIC

tftp

NIC

br-eth

br-int

dhcp

(deploy)

NIC

trunkuntagged VLAN

(deployment)

dhcp

(tenant)

deployment

image

Data Network

5

6untagged VLAN

(deployment)

25


7. The deployment image prepares an iSCSI target and sends a notification to Ironic

8. Receiving notification from the baremetal node, Ironic copies a user OS image to the baremetal node


Baremetal node


Switch

Ironic

OOB Network

NIC

tftp

NIC

br-eth

br-int

dhcp

(deploy)

NIC

trunkuntagged VLAN

(deployment)

dhcp

(tenant)

Data Network

8

Notification

untagged VLAN

(deployment)

iSCSI target

7

26


9. Ironic configures an untagged VLAN ID of the tenant VLAN to the port connected to the baremetal node

10. Ironic reboots the baremetal node


Baremetal node


Switch

Ironic

OOB Network

NIC

tftp

NIC

br-eth

br-int

dhcp

(deploy)

NIC

trunkuntagged VLAN

(deployment)

dhcp

(tenant)

Reboot

9

10

Data Network

untagged VLAN

(tenant)

Neutron

Plugin

27


11.After rebooted, the baremetal node gets an IP address from DCHP server on the tenant VLAN

12.The baremetal node is provided to the user


Baremetal node


Switch

Ironic

OOB Network

NIC

tftp

NIC

br-eth

br-int

dhcp

(deploy)

NIC

trunkuntagged VLAN

(deployment)

dhcp

(tenant)

Data Network

11

untagged VLAN

(tenant)

28

Community approach

OpenStack Summit was held

May 18–22 in Vancouver

The issue was discussed at Design Summit

Neutron/Ironic integration

We confirmed our solution does not conflict with the approach of the community

We will contribute to the community by discussing the design and implementing our plugin

We proposed a blueprinthttps://blueprints.launchpad.net/neutron/+spec/fujitsu-ism-ml2-mechanism-driver


https://blueprints.launchpad.net/neutron/+spec/fujitsu-ism-ml2-mechanism-driver

Development for Fully-Automated Bare Metal …...Title Development for Fully-Automated Bare Metal...

Documents

Transcript of Development for Fully-Automated Bare Metal …...Title Development for Fully-Automated Bare Metal...