在这里写上你的标题副标题文字副标题文字作者名字/日期副标题副标题副标题DevOpsinOpenStackPublicCloudPresentedatOpenStackSummit,Fall2012,SanDiegoHuiChengfreedomhui@gmail.com|freedomhui.comCommunityManagerofCOSUGTechnicalManagerinSinaCorporation2012/10/17WhyOpenStack?WhyOpenStack?000102030405写上你的文字你的文字目录OpenSourceApache2License000102030405写上你的文字你的文字目录OpenDesignGrizzlyDesignSummit000102030405写上你的文字你的文字目录OpenDevelopmentProposefeaturesinlaunchpad000102030405写上你的文字你的文字目录OpenDevelopmentCodeReview000102030405写上你的文字你的文字目录OpenStackisthe#2FOSSfoundation1.TheLinuxFoundation=$9.6M2.Openstack=$6M3.MozillaFoundation=$1.9M4.TheApacheFoundation-$0.53M000102030405写上你的文字你的文字目录OpenFoundationBoardPlatinumMembers(8)GoldMembers(8)DreamHost,Cloudscaling,ITRI/CCAT,DELL,Piston,Mirantis,Yahoo!,Cisco000102030405写上你的文字你的文字目录OpenFoundationBoardIndividualMembers(8)“Noonecompanymaycontrolmorethantwoboardseats”000102030405写上你的文字你的文字目录OpenStackPublicCloudHoweverTheynevertellyouhowtooperatetheirpubliccloudbasedonOpenStack!ContentSinaCloudIntroductionChallengestobuildaOpenStackPublicCloud1.Networktopology2.SecurityEnhancement3.StorageSolution4.IdentityIntegration5.Billing&Monitoring6.DashboardImprovementOperateanproductionOpenStack7.Platformstack8.AutomatedDeployment9.ContinuousIntegration10.ProjectManagementStackLab:AcommunityOpenStackPublicCloudSummary000102030405写上你的文字你的文字目录CloudRequirementSina.com•LargestinfotainmentwebportalinChina•Providesvariouson-lineservices,likenews,Finance,video,email,bloghosting,etc.•Needsunifiedinfrastructure&appplatformtohostheterogeneousservicesandapps.SinaWeibo•twitter-likemicroblogservice•over350musers,#1SNSinChina.•hugeinfluenceonChina'ssociety•WeiboOpenPlatformtobuildasocialecosystemthroughOpenAPIandcloudenvironmental.Wearebuildingareliable,scalableandsecurecloudplatformtosupportourbusinessandexternalcustomers.000102030405写上你的文字你的文字目录•FirstandmostpopularPaaScloudinChina,launchedin2009•SupportPHP,PythonandJavaruntime.•250,000developers,380,000appsrunningonSAE.FirstOpenStackbasedpublicIaaScloudinChinaFirstcommercialcloudappmarketinChina.SaaScloudbasedonSAEtech.Designforthecommonusers,1-Clickpurchaseandinstallapps.SinaCloudPortfolio(SinaCloudMarket)000102030405写上你的文字你的文字目录SinaOpenStackdevTeamMoreinfo:ForCommunityTop9contributorbybugfixatEssexTop4contributoreitherbychangesetorbugfixatFolsomContributecommunityprojectDough,KanyunaddressingMonitoringandBillingDevelopIslandasCinderwould-bepluginLeadCOSUGtobelargestOpenStackusergroupContentSinaCloudIntroductionChallengestobuildaOpenStackPublicCloud1.Networktopology2.SecurityEnhancement3.StorageSolution4.IdentityIntegration5.Billing&Monitoring6.DashboardImprovementOperateanproductionOpenStack7.Platformstack8.AutomatedDeployment9.ContinuousIntegration10.ProjectManagementStackLab:AcommunityOpenStackPublicCloudSummary000102030405写上你的文字你的文字目录NetworkTopologyNova-networkvsQuantumMultihostMultiTalentFlat,FlatDHCPTunnelingSDNSecGroupDashboardSupportNova-NetworkQuantumNova-Networkissimple,robustandreliable,exceptlackofsomeadvancedfeatures.Quantumisnotreadyforproductionuse,it’sOVSpluginhasgreatpotentialtobeopen-sourceNVPsolution.Iwouldsuggestiontocontinueusenova-networkforproductiondeploymentuntilnextrelease.000102030405写上你的文字你的文字目录Nova-NetworkFlatNeedexternalDHCPServer,andhumanintervention,notflexible,hardlyuseinpracticaldeployment.FlatDHCPLikeAmazonEC2networking(notVPC,VPCcorrespondstoQuantum),VMgetIPfromsinglenetworkpools.Simple,easytohack.Widelyusedinpubliccloud,alsopreferredtopologyinmanyscenarios.VLANAlittlecomplex,hardwareconfigurationmaybeinvolved.Notsuggesttouseexceptstrongrequirementoftenantisolation,NetworkTopology——RealUserCaseNovaNetwork(FlatDHCP+Multi-host)Capability:•AccessibilityofallVMsinthefixedIPrange•VMisabletoaccesspublicnetwork•VMcanbeaccessiblefrompublicnetworkBonus:•Totallydistributedarchitectureavoidsingle-pointfailure.•MultiplegatewayeliminatesNATbottleneck•HighspeedbetweenOSregionsDrawback:•Tenantisolationlessens•Needsecurityfacility(SWS-filter)toprotectintranet000102030405写上你的文字你的文字目录SecurityEnhancementSWSFilter:aextensiontosecuritygroupinnova-networkUsedtofilteregresstrafficfromVMtointernalnetworkDefinewhosetrafficcouldbeabletoreachwhichinternalnetworkIP/segment.000102030405写上你的文字你的文字目录StorageSolutionObjectStorage:DefinitelywechooseSwiftBlockStorageCinderisnotAmazonEBS,justaframeworktoincludemultipleopen-source/commercialstoragesolution.Nova-volume/Cinder(iSCSI)isnotapplicabletopubliccloud.Sheepdog/Gluster/Cephpluginsneedtimetobestable.Island:LocalStorageVolumepluginforCinderiscoming.HighperformancelocalstorageIncremental&independentsnapshotSnapshotstoreinswift000102030405写上你的文字你的文字目录SwiftArchitectureLoadBalancerProxyServerObjectServerContainerServerAccountServerZone1ProxyServerObjectServerContainerServerAccountServerZone2ProxyServerObjectServerContainerServerAccountServerZone3ProxyServerObjectServerContainerServerAccountServerZone4ProxyServerObjectServerContainerServerA