diablo keystone

Introduction to Diablo

DIABLO!

The “REAL” Diablo Release

ArchitectureHypervisorsNovaSwift/Storage(LunR)GlanceQuantum / MelangeDashboardKeystone

Diablo Architecture

Confidential 4

Basic SchedulerDynamic Hypervisor ManagerPower State Manager

Nova - Compute

Proxy Server

Object Server

Swift – Object Storage

Container Server

OpenStack API

EC2 /S3 API

API Server

Token Based Auth

Keystone

EBS style block storage

LunR – Block Storage

Router

IP Manager

Quantum - Network

Multi-Hypervisor Manager

Image Service

Glance – Imaging Svc.

User / Admin Interface

Dashboard - UI

Hypervisors

LXC OpenVZ

Diablo – Nova Enhancements

Key Features:

• Keystone Integration• Better KVM/QEMU Integration• Better Xen Integration• Nova Block Volumes• Dashboard Enabled• Event Notification• Distributed Scheduler• System Usage• Virtual Storage Arrays• Boot with Volume• Global Firewall Rules

Diablo – Swift/Storage Enhancements

Key Features:

• Keystone Integration• Dashboard Enabled• Improved client IP logging• Auto-account creation• Multi-cluster container sync• Option for replication

• Ceph• Sheepdog• Gluster

Diablo- Glance

Use: IaaS virtual machine image repository for provisioning base level or configured VMsKey Features

Configured to use standard command line and configuration option processing, making use of paste-deploy configuration

Registry database is under version control, with migration files allowing upgrade and downgrade of the registry database.

Versatile combination of "disk format" and "container format" fields, allowing more than just EC2-style image formats to be stored in the registry

New command line tool that allows user to interact with Image Service -- add and update images and image attributes, see public images, delete images, etc.

Support for checksumming images added to the server to verify image integrity

Extensive logging functionality to both the API and Registry servers, including the ability to configure logging separately from other options using Python's standard logging module configuration files

A functional test suite that starts and stops actual Glance servers and executes commands against those servers from the new command line client as well as a curl client

Quantum / Melange

Physical Constraints802.1Q

QnQ / MLAG

Security ConstraintsLayer 2 has no knowledge of identity– rely on switch/port config

DashboardIntegrated with KeystonePluggableRecently added as Top Level ProjectAdmin view / Customer ViewConcept of Role

Confidential

Keystone

Primary point of entry for every permissible openstack operationPluggableStarting out as Auth-N and Auth-Z (token based)

Confidential

Questions?

Confidential