1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
==============================
Multisite centralized service
==============================
Problem description
===================
Abstract
--------
a user should have one centralized service for resources management and/or
replication(sync tenant resources like images, ssh-keys, etc) across multiple
OpenStack clouds.
Description
------------
For multisite management use cases, some common requirements in term of
centralized or shared services over the multiple openstack instances could
be summarized here.
A user should be able to manage all their virtual resouces from one
centralized management interface, at least to have a summarized view of
the total resource capacity and the live utilization of their virtual
resources, for example:
- Centralized Quota Management
Currently all quotas are set for each region separataly. And different
services (Nova, Cinder, Neutron, Glance, ...) have different quota to
be set. The requirement is to provide global view for quota per tenant
across multiple regions, and soft/hard quotas based on current usage for
all regions for this tenant.
- A service to clone ssh keys across regions
A user may upload keypair to access the VMs allocated for her. But if her
VMs are spread in multiple regions, the user has to upload the keypair
seperatly to different region. Need a service to clone the SSH key to
desired OpenStack clouds.
- A service to sync images across regions
In multi-site scenario, a user has to upload image seperatly to different
region. There can be 4 cases need to be considered:
No image sync
Auto-sync of images
Lazy sync - clone the requested image on demand.
Controlled sync, where you can control propagation and rollback if
problems.
- Global view for tenant level IP address / mac address space management
If a tenant has networks in multiple region, and these networks are routable
(for example, connected with VPN), then, IP address may be duplicated. Need
a global view for IP address space management.
If IP v4 used, this issue needs to be considered. For IPv6, it should als
be managed. This requirement is important not only just for prevention of
duplicate address.
For security and other reasons it's important to know which IP Addresses
(IPv4 and IPv6) are used in which region.
Need to extend such requirement to floating and public IP Addresses.
- A service to clone security groups across regions
No appropriate service to security groups across multiple region if the
tenant has resources distributed, has to set the security groups in
different region manually.
- A user should be able to access all the logs and indicators produced by
multiple openstack instances, in a centralized way.
Requirement analysis
====================
All problems me here are not covered by existing projects in OpenStack.
Candidate solution analysis
---------------------------
- Kingbird[1][2]
Kingbird is an centralized OpenStack service that provides resource
operation and management across multiple OpenStack instances in a
multi-region OpenStack deployment. Kingbird provides features like
centralized quota management, centralized view for distributed virtual
resources, synchronisation of ssh keys, images, flavors etc. across regions.
- Tricircle[3][4]
Tricricle is to provide networking automation across Neutron in multi-region
OpenStack deployments. Tricircle can address the challenges mentioned here:
Tenant level IP/mac addresses management to avoid conflict across OpenStack
clouds, global L2 network segement management and cross OpenStack L2
networking, and make security group being sync-ed across OpenStack clouds.
Affected By
-----------
OPNFV multisite cloud.
Conclusion
----------
Kingbird and Tricircle are candidate solutions for these centralized
services in OpenStack multi-region clouds.
References
==========
[1] Kingbird repository: https://github.com/openstack/kingbird
[2] Kingbird launchpad: https://launchpad.net/kingbird
[3] Tricricle wiki: https://wiki.openstack.org/wiki/Tricircle
[4] Tricircle repository: https://github.com/openstack/tricircle/
|
