cern it department ch-1211 genève 23 switzerland pes 1 ermis service for dns load balancer...

CERN IT DepartmentCH-1211 Genève 23

Switzerlandwww.cern.ch/it

Ermis service for DNS Load Balancer configuration

HEPiX Fall 2014

Aris Angelogiannopoulos, CERN IT-PES/PSIgnacio Reguero, CERN IT-PES/PS

Outline

• Core concepts

• DNS Load Balancing at CERN

• Motivation and Purpose

• Ermis Gateway

• Ermis Gateway Architecture

• Miscellaneous

Core Concepts (Just in case)

Load Balancing● Scale a single service by spreading it to multiple back-end nodes

High Availability● The end user must always “see” the service as functional

● Service should be up even if some front or back-end nodes fail

Core Concepts (2/2)

Service Manager's concerns:

● Implement High Availability at the application Layer No single point of failure

Replicate physical nodes among independent subnets

Replicate VM s among different availability zones

● Service components are expected to fail Hardware failures ( HDD, Switches, NIC's, Electricity etc )

Software failures ( Bugs )

Human Errors

DNS Load Balancing at CERN (1/4)

We use a client server architecture: LBD Master: Server reports to DNS service

LB Client: Runs in the hosts, triggered by SNMP request

1. LB Clients in the host provide LBD Master(through SNMP) with:

• load metrics

• availability checks

2. The LBD Master decides which IP should be pointed by an LB Alias

3. The LBD Master sends dynamic DNS requests to update the IP

address pointed by the LB Alias

● The LBD Master uses a fail-over slave server for high availability

• Service is provided for 258 (and rising) different aliases

Motivation and Purpose

Motivation Creating new DNS Aliases in the cloud is time-consuming

Ticket to Config team -> Ticket to Network Ops

Lots of verbal and time-consuming communication

Waiting time for both can be high

Purpose Goal is to provide LBaaS to the end users of the cloud

Fast CRUD of LB Aliases in the CERN cloud No more tickets to the Network Group Simplifies the procedure of creating LB Aliases

Ermis Gateway

What is it?

RESTful service that manages the configuration of DNS LB

● Django-Tastypie● SOAP interface to Network Group● CRUD of LB Aliases● Aim is to provide LBaaS to the cloud end users● Developed and tested using Agile techniques

Ermis Gateway Architecture (1/2)

● Design● Model includes information about an Alias● Alias associated with a hostgroup or tenant● CRUD on model data

● Authentication● Kerberos ticket

● Authorization Egroups (CERN interface for managing groups of people) Openstack

Use of the Openstack identity service (keystone)

Foreman (under development) Alias creation for machines on the same hostgroup

LBD configuration

● LBD configuration Config file is created via the Ermis data

Miscellaneous

● Miscellaneous API endpoint

● REST calls to the service available

CLI available

Web Front available● https://aiermis.cern.ch (Internal only)

Thank you!

Questions?

cern it department ch-1211 genève 23 switzerland pes 1 ermis service for dns load balancer...

Documents

cern it department ch-1211 genève 23 switzerland t r&d...

cern it department ch-1211 genève 23 switzerland t itil at...

ihepccc/hepix benchmarking wg

cern - it department ch-1211 genève 23 switzerland t ois...

hepix spring 2013 report

ermis - general surgery

a new face for hepix peter van der reest hepix board...

mobility at cern 29/10/2013 hepix fall 20132...

cern it department ch-1211 genève 23 switzerland t...

htcondor at hepix, wlcg and cern – status and outlook ·...

ermis osteosynthesis implants and instruments

cern - it department ch-1211 genève 23 switzerland castor...

ermis: extracting knowledge from unstructured big data for...

hepix bit-preservation wg

ermis - regional action plans

the hepix ipv6 working group

the hepix ipv6 working group david kelsey (stfc-ral) hepix...

hepix fall 2007 storage openafs

hepix bit-preservation wg dmitry ozerov/desy germán...

hepix from the beginning