hâpy - opennebula gnu/linux distribution for two french...
TRANSCRIPT
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
HâpyOpenNebula GNU/Linux distribution for two french ministries
Daniel Dehennin
Pôle de Compétences Logiciels Libres
OpenNebula TechDay Paris 2015cc by-nc-sa 2.0-fr
D. Dehennin (pcll) Hâpy 8 July 2015 1 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Pôle de Compétences Logiciels Libresfoss and agility in french Minister of National Education
Main mission is to maintain the EOLE GNU/Linux meta-distributionCeCILL / GPL software licensingAgile consulting for other development teams
D. Dehennin (pcll) Hâpy 8 July 2015 2 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
The EOLE GNU/Linux meta-distribution
D. Dehennin (pcll) Hâpy 8 July 2015 3 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
EOLE: GNU/Linux meta-distributionEnsemble Ouvert Libre et Évolutif
Local project in educational constituency of Dijon in 2000National project in 2001 to protect students and administrative datasBased on Mandrake LinuxSwitched to Ubuntu GNU/Linux in 2007
D. Dehennin (pcll) Hâpy 8 July 2015 4 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Turnkey solutions for national educationOne ISO to rule them all
From elementary to high school
Zéphir: Centralised server managementAmon: Firewall, proxy and IPSec VPNSphynx: VPN concentratorHorus: Administrative staff Samba serverScribe: Student communication and file serverAmonEcole: Merge Amon and Scribe functionalities with containersEclair: LTSP serverSeshat: Centralised MTA and web SSOThot: Centralised LDAP
D. Dehennin (pcll) Hâpy 8 July 2015 5 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Highly adaptablePatch and extend
Variables declared in XML filesPython Cheetah templates of configuration filesPre/post scripts (ex: populate database)
Adapt or create your own derivatives to fit your needs
D. Dehennin (pcll) Hâpy 8 July 2015 6 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
MEDDE derivativesVariation and new servers
Ministère de l’écologie, du développement durable et de l’environnement(MEDDE) created their own derivatives
eSSL: variant of firewall Amon (2009)eCDL: NT domain controller (2011)eSBL: file server, plugged on eCDL (2011)
D. Dehennin (pcll) Hâpy 8 July 2015 7 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Largely deployedEven on a boat, not on the map ;-)
D. Dehennin (pcll) Hâpy 8 July 2015 8 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Bare metal to configured server in 30 mn3 little steps for humans
1 Installation from ISO2 Configuration3 Deployment
Each step can be done by different people
D. Dehennin (pcll) Hâpy 8 July 2015 9 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Automatic installation from hybrid ISOOEM like install
D. Dehennin (pcll) Hâpy 8 July 2015 10 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
A web interface for configurationLocal on the server or central on Zéphir
D. Dehennin (pcll) Hâpy 8 July 2015 11 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Instantiate the serverGenerate config files and start services
1 Register the server on Zéphir2 Retrieve the configuration3 Run instance
D. Dehennin (pcll) Hâpy 8 July 2015 12 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Manage and monitor the servercommand line or web interface
D. Dehennin (pcll) Hâpy 8 July 2015 13 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Road to a new galaxy
D. Dehennin (pcll) Hâpy 8 July 2015 14 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Why did we get to OpenNebula?Bare metal elastic limit is too low
Testing our OS was done on physical desktop computersSome “lucky” developers could have at most 2 VMs on theirworkstation
EOLE development needed elasticity
D. Dehennin (pcll) Hâpy 8 July 2015 15 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Looking for virtualisation infrastructureMany choices: too big, not enough flexible or immature
2012: two new quite powerful workstations ⇒ testing party
Proxmox needed a reboot to add a new networkArchipel barely emergedGaneti was promisingOpenStack was already too much
Start with OpenNebula 3.8
D. Dehennin (pcll) Hâpy 8 July 2015 16 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Complete virtual infrastructure per user
Standard network namesVLAN isolated networksOne user == one gatewayGenerated with Jenkins
Sharing VM templates requires avoiding UNAME on networks
D. Dehennin (pcll) Hâpy 8 July 2015 17 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Pilot OpenNebula from JenkinsContinuous integration of OS
Check installation from ISOCheck default configurationsCheck daily upgrade to find broken packagesCheck user database import
D. Dehennin (pcll) Hâpy 8 July 2015 18 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Jenkins jobs produce ready to use VMsReduce environment setup time
D. Dehennin (pcll) Hâpy 8 July 2015 19 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Remove physical limitationsTest beds was burning
The two dedicated workstations was fine for testingBumped memory to 2x32GB
NFS access on workgroup NAS was too slow
Two 24 CPU 96GB RAM Blades with 3TB GFS2 on SAN
D. Dehennin (pcll) Hâpy 8 July 2015 20 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Road to Hâpy-ness
D. Dehennin (pcll) Hâpy 8 July 2015 21 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
2013: talk at our annual seminaryTeasing inside
General presentation of OpenNebula
High interest from our community to add it on the ISO
D. Dehennin (pcll) Hâpy 8 July 2015 22 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
First steps to OpenNebula distributionThe community wanted it, the community did it
Common elaboration between
Cad les
D. Dehennin (pcll) Hâpy 8 July 2015 23 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Hypervisor
D. Dehennin (pcll) Hâpy 8 July 2015 24 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Virtual network
D. Dehennin (pcll) Hâpy 8 July 2015 25 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
2014: presentation of the work in progressShow must go on
Only the first part was fundedSingle node OpenNebulaPreparation of virtual networks from ZéphirPreparation of datastores from ZéphirAutomated deployment of EOLE servers based on Zéphir
Engagement of MEDDE to finalise it
D. Dehennin (pcll) Hâpy 8 July 2015 26 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
2015: Hâpy new distributions
Deification of annual flooding of the Nile
Integrated on ISOMissing community feedback ⇒ tagged experimental
Several distributions depending on the working mode
D. Dehennin (pcll) Hâpy 8 July 2015 27 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Single node server
HâpyHâpy
OpenNebula Sunstone
Open vSwitchOvSnode market( )
D. Dehennin (pcll) Hâpy 8 July 2015 28 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Cluster: the frontend
HâpyMaster
HâpyMaster
D. Dehennin (pcll) Hâpy 8 July 2015 29 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Cluster: the nodes
nodeHâpyNodeHâpyNode
D. Dehennin (pcll) Hâpy 8 July 2015 30 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Hâpy deploymentLa Réunion is the hâpy leader
10 schools deployed120 schools in 3 years4 virtual machines per Hâpy (Amon, horus, 2 proprietary OS)12 cores CPU, 64GB RAM, 1.2TB SAS internal disks2TB for backup (VMs + ONE database)
D. Dehennin (pcll) Hâpy 8 July 2015 31 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Summary
HâpyHâpy=
=Hâpy
MasterHâpy
Master
+ HâpyNodeHâpyNode
HâpyNodeHâpyNode
HâpyNodeHâpyNode
HâpyNodeHâpyNode
D. Dehennin (pcll) Hâpy 8 July 2015 32 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Evolutivity
=+ +HâpyNodeHâpyNode
HâpyNodeHâpyNode
HâpyNodeHâpyNode
HâpyNodeHâpyNode
HâpyHâpy
D. Dehennin (pcll) Hâpy 8 July 2015 33 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Outlook
Integrate latest OpenNebula versionAutomatic migration of database on upgradeUse MySQL by defaultSupport a distributed file systemBetter market support
Manage hundred of remote OpenNebula from a central console
D. Dehennin (pcll) Hâpy 8 July 2015 34 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Questions?
D. Dehennin (pcll) Hâpy 8 July 2015 35 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Thanks
Many thanks to the FOSS community for all the great software. So fewthings would exists without them.
This talk was realised with the help of the following libre software:
Composition system LATEX TeX LiveThe most powerful text editor available today GNU/EmacsThe Awesome window managerThe Universal Operating System Debian GNU/Linux
D. Dehennin (pcll) Hâpy 8 July 2015 36 / 37
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
...
.
Licence
The slides are licensed under Creative Commons by-nc-sa 2.0-fr
AttributionNon Commercial
Share alikeFrance
You can obtain a copy of the license
by Internethttp://creativecommons.org/licenses/by-nc-sa/2.0/fr
by snail mailCreative Commons444 Castro Street, Suite 900 Mountain View,California, 94041, USA.
D. Dehennin (pcll) Hâpy 8 July 2015 37 / 37