diablo keystone
TRANSCRIPT
Introduction to Diablo
DIABLO!
The “REAL” Diablo Release
ArchitectureHypervisorsNovaSwift/Storage(LunR)GlanceQuantum / MelangeDashboardKeystone
Diablo Architecture
Confidential 4
Basic SchedulerDynamic Hypervisor ManagerPower State Manager
Nova - Compute
Proxy Server
Object Server
Swift – Object Storage
Container Server
OpenStack API
EC2 /S3 API
API Server
Token Based Auth
Keystone
EBS style block storage
LunR – Block Storage
Router
IP Manager
Quantum - Network
Multi-Hypervisor Manager
Image Service
Glance – Imaging Svc.
User / Admin Interface
Dashboard - UI
Hypervisors
LXC OpenVZ
Diablo – Nova Enhancements
Key Features:
• Keystone Integration• Better KVM/QEMU Integration• Better Xen Integration• Nova Block Volumes• Dashboard Enabled• Event Notification• Distributed Scheduler• System Usage• Virtual Storage Arrays• Boot with Volume• Global Firewall Rules
Diablo – Swift/Storage Enhancements
Key Features:
• Keystone Integration• Dashboard Enabled• Improved client IP logging• Auto-account creation• Multi-cluster container sync• Option for replication
• Ceph• Sheepdog• Gluster
Diablo- Glance
Use: IaaS virtual machine image repository for provisioning base level or configured VMsKey Features
Configured to use standard command line and configuration option processing, making use of paste-deploy configuration
Registry database is under version control, with migration files allowing upgrade and downgrade of the registry database.
Versatile combination of "disk format" and "container format" fields, allowing more than just EC2-style image formats to be stored in the registry
New command line tool that allows user to interact with Image Service -- add and update images and image attributes, see public images, delete images, etc.
Support for checksumming images added to the server to verify image integrity
Extensive logging functionality to both the API and Registry servers, including the ability to configure logging separately from other options using Python's standard logging module configuration files
A functional test suite that starts and stops actual Glance servers and executes commands against those servers from the new command line client as well as a curl client
Quantum / Melange
Physical Constraints802.1Q
QnQ / MLAG
Security ConstraintsLayer 2 has no knowledge of identity– rely on switch/port config
DashboardIntegrated with KeystonePluggableRecently added as Top Level ProjectAdmin view / Customer ViewConcept of Role
Confidential
Keystone
Primary point of entry for every permissible openstack operationPluggableStarting out as Auth-N and Auth-Z (token based)
Confidential
Questions?
Confidential