highly resilient multi region keystone deployments
play

Highly resilient, multi-region Keystone deployments Michael - PowerPoint PPT Presentation

Mar 31, 2023 •8 likes •528 views

Highly resilient, multi-region Keystone deployments Michael Richardson // 22 May 2018 1 2.1 3 Purpose Caveats SQL-backed deployment All regions are considered equal "Standard" regions, not singular Edge nodes 4 Compute Storage

  1. Highly resilient, multi-region Keystone deployments Michael Richardson // 22 May 2018 1

  2. 2.1

  4. 3

  5. Purpose Caveats SQL-backed deployment All regions are considered equal "Standard" regions, not singular Edge nodes 4

  6. Compute Storage Network Images Dashboard Billing VPNaaS LBaaS Orchestration GPUs CaaS BYON BYOIP Region1 5

  7. Compute Storage Network Images Dashboard Billing VPNaaS Identity LBaaS Orchestration GPUs CaaS BYON BYOIP Region1 6

  8. Compute Storage Network Compute Storage Network Images Dashboard Billing Images Dashboard Billing VPNaaS Identity LBaaS VPNaaS LBaaS Identity Orchestration Orchestration GPUs CaaS BYON BYOIP GPUs CaaS BYON BYOIP Region1 Region2 7

  9. Compute Storage Network Images Dashboard Billing VPNaaS Identity LBaaS Orchestration GPUs CaaS BYON BYOIP Region1 Compute Storage Network Compute Storage Network Images Dashboard Billing Images Dashboard Billing VPNaaS Identity LBaaS VPNaaS Identity LBaaS Orchestration Orchestration GPUs CaaS BYON BYOIP GPUs CaaS BYON BYOIP Region3 Region2 8

  10. 9

  11. 10

  12. 11

  13. What if Keystone should fail? No API requests No Dashboard No metrics collection Data plane AOK No orchestration 12

  14. Keystone (then) UWSGI + Nginx, HAProxy, Memcached MariaDB Galera cluster Giftwrapped python virtualenv Kilo, UUID tokens 13

  15. The Internets External proxies API node1 API node2 API node3 Memcache Memecache Memcache node1 node2 node3 Internal proxies DB node1 DB node2 DB node3 14

  16. Requirements Loss of a region should not affect the operation of any other region Major partition must continue as before Minor partition may continue in read-only mode All users and project data should be available in each region Self-healing 15

  17. Options 16

  18. Multiple Keystones A single Keystone 17

  19. Federation Solves a different problem. 18

  20. CockroachDB Too soon. http://lists.openstack.org/pipermail/openstack- dev/2017-May/117018.html 19

  21. Master-slave replication Asynchronous. 20

  22. Circular replication Ye-olde multi-master. 21

  23. Galera site-to-site replication No benefit at this scale. 22

  24. Design A single, inter-region Galera cluster, with an odd number of nodes Nodes in all regions Providing data for all regions One Keystone database Synchronous replication Inserts/updates/locks must be negligable Fernet tokens 23

  25. Design Distinct authentication endpoints in each region, that back onto the same DB cluster. Other regions must be able to take over if all nodes are down Frontend, backend proxy configuration Region-specific service (Nova, neutron etc.) DB clusters But, pointing to the inter-region Keystone service 24

  26. Implementation 25

  27. Keystone upgrade Upgrade the Keystone APIs Kilo to Mitaka One release, micro-(scheduled)-outage Straightforward 26

  28. Keystone configuration Multiple Keystone API nodes per region As before (Nginx + UWSGI) All sitting behind redundant HAProxy nodes 27

  29. Multi-factor authentication Password plus TOTP Can be enabled per account by users Works with the APIs https://github.com/catalyst-cloud/adjutant-mfa 28

  30. 29

  31. 30

  32. 31

  33. What's inside? curl $keystone_endpoint:35357/v3/auth/tokens \ -H "X-Subject-Token: {{ fernet_token }}" \ -H "X-Auth-Token: {{ admin_token }}" \ | python -m json.tool 32

  34. 33

  35. Inter-region Galera cluster Redundant links between regions Odd number of nodes per region wsrep_dirty_reads = 1 wsrep_sync_wait = 0 wsrep_slave_threads = "n. cores" max_connections = "high" 34

  36. Inter-node connectivity mysql = tcp/3306 galera replication = {tcp,udp}/4567 galera IST = tcp/4568 galera SST = tcp/4444 35

  37. Testing Lock/load test across all regions pseudo-code { while true; do check cluster size, cluster status for each in region A B C; do locking-operation in region ${each} for region in A B C; do read and verify from ${region} done done done } 36

  38. Memcache configuration One thread per core 512 MB for storage Objects cached for 60 minutes 37

  39. 38

  40. Proxies and endpoints Final cutover Internal, external proxies updated Migrate to new cluster Endpoints in each region were now active, but not advertised. Services in each region were re-pointed to the local endpoint Additional endpoints now added to the Catalog Endpoints "unversioned" 39

  41. Proxies and endpoints External proxy configuration Local endpoints utilise remote regions endpoints as backup servers Allows the other regions to take over Transparent failover 40

  43. The Internets External proxies API node1 API node2 Memcache node1 API node3 Memecache node2 Memcache DB node1 Internal proxies node3 DB node2 DB node3 API node3 Memcache DB node3 node3 The Internets External proxies Internal proxies API node2 Memecache DB node2 node2 DB node1 API node1 Memcache node1 DB node1 DB node2 node1 Memcache Internal proxies DB node3 node2 API node1 Memecache node3 API node2 Memcache External proxies API node3 The Internets 41

  44. 42

  45. 43

  46. 44

  47. 45

  48. Where to from here? Global endpoints MFA in/from master Keystone from $release n-1. 46

  49. Summary Keystone: Fernet with caching Galera: single DB, geo-distributed, redundant paths 47

  50. Summary External proxies Other regions must be present as backup servers Keepalived DNS round-robin between multiple VRRP addresses Configure each to have one master, the others as backup 48

  51. Thank you 49

  52. 50

Recommend

Highly available cross-region deployments with Kubernetes Bastian Hofmann @BastianHofmann

Highly available cross-region deployments with Kubernetes Bastian Hofmann @BastianHofmann

Highly available cross-region deployments with Kubernetes Bastian Hofmann @BastianHofmann Container orchestration platform Deploy, run and scale your services in isolated containers No vendor lock in Standardized APIs Runs on Your laptop

2.39k views • 139 slides
Planning for a Resilient Houston Planning for a Resilient Houston - Galveston Region Galveston

Planning for a Resilient Houston Planning for a Resilient Houston - Galveston Region Galveston

Planning for a Resilient Houston Planning for a Resilient Houston - Galveston Region Galveston Region Addressing Resiliency in Regional Transportation Plans Workshop Kristina Ronneberg June 26, 2019 1 Resiliency Planning Resiliency Planning

550 views • 14 slides
Build Highly Resilient Applications with Redis Enterprise Clustering MAY 2019 | MANUEL HURTADO

Build Highly Resilient Applications with Redis Enterprise Clustering MAY 2019 | MANUEL HURTADO

Build Highly Resilient Applications with Redis Enterprise Clustering MAY 2019 | MANUEL HURTADO Redis Introduction Most Loved Databases 2017, 2018 & 2019 Stack Overflow survey, among >100K developers % of devs who expressed interest in

364 views • 35 slides
All DC Inverter Multi VRF In 2012, Gree highly promoted GMV5 All DC Inverter Multi VRF New

All DC Inverter Multi VRF In 2012, Gree highly promoted GMV5 All DC Inverter Multi VRF New

All DC Inverter Multi VRF In 2012, Gree highly promoted GMV5 All DC Inverter Multi VRF New breakthrough in comfort ability, intelligent control and design. Eight More power product series More powerful product series prominent advantages More

1.63k views • 75 slides
to Critical Information Infrastructure Haythem EL MIR, CISSP CEO, keystone Group & CISRT.tn

to Critical Information Infrastructure Haythem EL MIR, CISSP CEO, keystone Group & CISRT.tn

Building the Digital Keystone Cyber Threats to Critical Information Infrastructure Haythem EL MIR, CISSP CEO, keystone Group & CISRT.tn www.keystone.tn Building the Digital Keystone State Sponsored Attacks Political Warfare

519 views • 37 slides
2 Resilient lient grow owth h in n the he fac ace e of of glob obal al an and region

2 Resilient lient grow owth h in n the he fac ace e of of glob obal al an and region

2 Resilient lient grow owth h in n the he fac ace e of of glob obal al an and region ional al he head adwinds winds Drivers of Africas growth GDP growth (%) 10 Strong public investment in infrastructure 8 6 Asia Pacific

768 views • 58 slides
March 10, 2017 FY 2016 Operational and Financial Results FY 2016: A Highly Resilient Stance in a

March 10, 2017 FY 2016 Operational and Financial Results FY 2016: A Highly Resilient Stance in a

FY 2016 Earnings Presentation March 10, 2017 FY 2016 Operational and Financial Results FY 2016: A Highly Resilient Stance in a Year of Perfect Storm... Superior operational and financial performance marked by Passenger, Revenue and EBITDA

298 views • 14 slides
Keystone and SAML in multi-tenant environments Two concepts get together Alex Alex Stel

Keystone and SAML in multi-tenant environments Two concepts get together Alex Alex Stel

Keystone and SAML in multi-tenant environments Two concepts get together Alex Alex Stel ellwag, Open Telekom Cloud Architect ,T-Systems Yue uefen eng Pan an, Senior Cloud Solutions Architect, Huawei Open Telekom Cloud 26.06.2017 1

294 views • 28 slides
ReSIST NoE ReSIST Resilience for Survivability in IST Resilient Computing: a multi-disciplinary

ReSIST NoE ReSIST Resilience for Survivability in IST Resilient Computing: a multi-disciplinary

ReSIST NoE ReSIST Resilience for Survivability in IST Resilient Computing: a multi-disciplinary MSc Curriculum Luca Simoncini Professor of Computer Engineering Faculty of Engineering, University of Pisa, Italy 2009/10/8-9 Paris, France

215 views • 17 slides
Bridging Clouds with Keystone to Keystone Federation Vishakha Agarwal Colleen Murphy Who are

Bridging Clouds with Keystone to Keystone Federation Vishakha Agarwal Colleen Murphy Who are

Bridging Clouds with Keystone to Keystone Federation Vishakha Agarwal Colleen Murphy Who are we? Vishakha Agarwal (vishakha) Senior Member Technical Staff at NEC Keystone contributor Colleen Murphy (cmurphy)

568 views • 30 slides
Coordinating Multi-region and Multi-stakeholder Research Presentation by: Angela Kaida, Allison

Coordinating Multi-region and Multi-stakeholder Research Presentation by: Angela Kaida, Allison

Coordinating Multi-region and Multi-stakeholder Research Presentation by: Angela Kaida, Allison Carter, and Valerie Nicholson At: Gathering of Spirits: Canadian women, trans people, and girls HIV research collaborative Special Session at

280 views • 10 slides
KEYSTONE: the last missing framework for Reverse Engineering www.keystone-engine.org NGUYEN Anh

KEYSTONE: the last missing framework for Reverse Engineering www.keystone-engine.org NGUYEN Anh

KEYSTONE: the last missing framework for Reverse Engineering www.keystone-engine.org NGUYEN Anh Quynh <aquynh -at- gmail.com> RECON - June 19th, 2016 1 / 48 NGUYEN Anh Quynh KEYSTONE: the last missing framework for Reverse Engineering

731 views • 48 slides
Keystone Policy Series CENSUS 2020 Update for PA Funders Welcome! Keystone Policy Series

Keystone Policy Series CENSUS 2020 Update for PA Funders Welcome! Keystone Policy Series

Keystone Policy Series CENSUS 2020 Update for PA Funders Welcome! Keystone Policy Series This webinar is being recorded and will available for distribution following todays program. All lines will be muted during this call, please

341 views • 30 slides
I-SEM Rules Liaison Group Day-ahead market (MRC) 21 st January 2015 MRC Multi-Region Coupling

I-SEM Rules Liaison Group Day-ahead market (MRC) 21 st January 2015 MRC Multi-Region Coupling

I-SEM Rules Liaison Group Day-ahead market (MRC) 21 st January 2015 MRC Multi-Region Coupling Price Coupling of Regions (PCR) started as regional implementation (e.g., NWE, CWE, etc.) Multi-Region Coupling (MRC) represents merging of

487 views • 13 slides
FTSE 250 E&P Company Focused On The Highly Attractive Eastern Mediterranean Region Vision :

FTSE 250 E&P Company Focused On The Highly Attractive Eastern Mediterranean Region Vision :

June 2018 FTSE 250 E&P Company Focused On The Highly Attractive Eastern Mediterranean Region Vision : Premier Eastern Mediterranean Independent E&P Player 2 2 Energean At A Glance Delivering a 2.4 Tcf Project in Israel Management

645 views • 26 slides
Champion Meeting #2 January 15, 2013 Welcome! R5DC Resilient Region Plan Is a Community Driven

Champion Meeting #2 January 15, 2013 Welcome! R5DC Resilient Region Plan Is a Community Driven

Champion Meeting #2 January 15, 2013 Welcome! R5DC Resilient Region Plan Is a Community Driven University Assisted Partnership Pursuing E 2 Economic and Environmental Vitality January 15 th Champions Meeting Slide 1 Slide 2 2 Mission

172 views • 4 slides
Fil illi ling th the gap ap a keystone for r th the Pan European Priv rivate Plac

Fil illi ling th the gap ap a keystone for r th the Pan European Priv rivate Plac

Fil illi ling th the gap ap a keystone for r th the Pan European Priv rivate Plac lacement mark rket Tues esday, 14 14 Apri ril l 20 2015 15 Lo London Filling the gap a keystone for the Pan European Private Placement market

319 views • 29 slides
Multi-Label Learning with Highly Incomplete Data via Collaborative Embedding Yufei Han 1 , Guolei

Multi-Label Learning with Highly Incomplete Data via Collaborative Embedding Yufei Han 1 , Guolei

Multi-Label Learning with Highly Incomplete Data via Collaborative Embedding Yufei Han 1 , Guolei Sun 2 , Yun Shen 1 , Xiangliang Zhang 2 1. Symantec Research Labs 2. King Abdullah University of Science and Technology Outline Introduction

549 views • 32 slides
A modified mini-primer set for the mtDNA control region sequence analysis from highly degraded

A modified mini-primer set for the mtDNA control region sequence analysis from highly degraded

A modified mini-primer set for the mtDNA control region sequence analysis from highly degraded forensic remains Na Young Kim, Hwan Young Lee, Myung Jin Park, Woo Ick Yang, Kyoung-Jin Shin Department of Forensic Medicine, Yonsei University

300 views • 7 slides
Next Generation Vitrimers 2 types of plastics Thermoplastics : highly re-processable, not very

Next Generation Vitrimers 2 types of plastics Thermoplastics : highly re-processable, not very

Chris Bates Jeff Self Next Generation Vitrimers 2 types of plastics Thermoplastics : highly re-processable, not very resilient Thermosets : Tough, good chemical/thermal resistance, not re-processable (cross-linked) Vitrimers Exchangeable

186 views • 15 slides
Browsing Highly Interconnected Humanities Databases Through Multi- Result Faceted Browsers

Browsing Highly Interconnected Humanities Databases Through Multi- Result Faceted Browsers

Browsing Highly Interconnected Humanities Databases Through Multi- Result Faceted Browsers Michele Pasin Department of Digital Humanities Kings College, London michele.pasin@kcl.ac.uk www.michelepasin.org/software/djfacet Summary 1.

696 views • 20 slides
Bringing Memory-Safety to Keystone Enclave Mingshen Sun Baidu X-Lab Open-Source Enclaves Workshop

Bringing Memory-Safety to Keystone Enclave Mingshen Sun Baidu X-Lab Open-Source Enclaves Workshop

Bringing Memory-Safety to Keystone Enclave Mingshen Sun Baidu X-Lab Open-Source Enclaves Workshop (OSEW 2019) Berkeley, July 2019 https://mesatee.org Rust and Keystone Enclave Open-Source Enclave (RISC-V Hardware/Keystone Enclave) :

662 views • 32 slides
The Keystone for Primary Care? Benjamin F. Crabtree, PhD Department of Family Medicine &

The Keystone for Primary Care? Benjamin F. Crabtree, PhD Department of Family Medicine &

Patient-Centered Medical Home: The Keystone for Primary Care? Benjamin F. Crabtree, PhD Department of Family Medicine & Community Health April 29, 2017 keystone How well is Australias health care doing? Treating sinusitis?

1.37k views • 55 slides
gholzmann@acm.org ISO 26262: highly recommended EN 50128: highly recommended IEC 61508: highly

gholzmann@acm.org ISO 26262: highly recommended EN 50128: highly recommended IEC 61508: highly

Gerard Holzmann Nimble Research gholzmann@acm.org ISO 26262: highly recommended EN 50128: highly recommended IEC 61508: highly recommended DO 178C: required as opposed to testing only expected behavior, or randomly poking the code with

635 views • 18 slides

More recommend