using openstack to integrate non openstack service
play

USING OPENSTACK TO INTEGRATE NON-OPENSTACK SERVICE JUNHO YOON, - PowerPoint PPT Presentation

Oct 17, 2022 •471 likes •964 views

USING OPENSTACK TO INTEGRATE NON-OPENSTACK SERVICE JUNHO YOON, ANDREW LIU, JACK NING AGENDA INTRODUCTION MOTIVATIONS INTEGRATE AUTHN/AUTHZ INTEGRATE PLATFORM UI INTEGRATE PLATFORM COMMUNICATION CONTINOUS DEPLOYMENT WITH

  1. USING OPENSTACK TO INTEGRATE NON-OPENSTACK SERVICE JUNHO YOON, ANDREW LIU, JACK NING

  2. AGENDA • INTRODUCTION • MOTIVATIONS • INTEGRATE AUTHN/AUTHZ • INTEGRATE PLATFORM UI • INTEGRATE PLATFORM COMMUNICATION • CONTINOUS DEPLOYMENT WITH CUSTOMIZATION

  3. Introduction JUNHO YOON ANDREW LIU JACK NING Senior developer of Senior developer of Senior developer of NAVER NAVER China NAVER China

  4. Introduction • Established in 1999, South Korea • Handle more than half of internet search market in Korea • Have more than 8000 employees • Some apps have more than 100m users

  5. Introduction • Have a own IDC and a public cloud service https://www.ncloud.com • However NOT OpenStack based

  6. PASTA - IN-HOUSE PAAS 1000+ projects / 800+ daily user 10+ integrated platforms so far

  8. PASTA – Architecture Today’s Topic platforms platforms platforms PASTA-web Shipdock (In-house docker cluster) keystone Company SSO Users cinder horizon ceph Nova Experimental

  9. ADENDA • INTRODUCTION • MOTIVATIONS • INTEGRATE AUTHN/AUTHZ • INTEGRATE PLATFORM UI • INTEGRATE PLATFORM COMMUNICATION • CONTINOUS DEPLOYMENT WITH CUSTOMIZATION

  10. Motivations – Too many platforms • About 40 platforms – It’s impossible even to remember URL • No single entrance/catalog • No resource utilization • No common user experience • Reinvent wheel

  11. Motivations - authz / authn • Each platforms had its own authz/authn • Takes too much time for first access • Has different permission set • Requires even different user id/password sometimes Common problems in big company PlatformB PlatformA

  12. AWS comes to our sight • What does AWS provide • Integrated UI/UX - consistency • Organized services catalog • Separated PaaS UI with the main UI • Centralized user management - AWS IAM • We decide to make our platforms as a PaaS like AWS

  13. Component which enables PaaS PAAS DYNAMIC RESOURCE INTEGRATED CONSOLE PROVISIONING • Resource Provisioning on • Consistent UX demand • Integrated Authz/Authn • Docker Cluster? • Seamless integration b/w platforms https://www.slideshare.net/d eview/221-docker- orchestration

  14. • Make new from scratch? • Start from opensouce or commercial system? • Or OpenStack …

  15. Composable Infrastructure Decide to adopt openstack

  16. ADENDA • INTRODUCTION • MOTIVATIONS • INTEGRATE AUTHN/AUTHZ • INTEGRATE PLATFORM UI • MAKE PLATFORMS INTEROPERATE • PACKAGE/DEPLOY WITH CUSTOMIZATION

  17. Keystone • Authn/Authz in OpenStack • Feature • Configurable auth/identity backend • Easy to extend by Adding plugin for Authz/Authn • Abundant API interface OpenStack Services Keystone API Policy Token Catalog Identity Assignments Credentials Backend Backend Backend Backend Backend Backend

  18. Keystone Problem we are facing: • Need to integrate into our existing SSO • Need to identify not logged-in user as well • Want to avoid to save user’s ID/PW in our DB HORIZON 3) connect to ENDPOINT with X-AUTH-TOKEN 1) ID/PW 2) issue X-AUTH-TOKEN PROJECT OPENSTACK KEYSTONE COMPONENT 4) ask the X-AUTH-TOKEN info (PROJECT ID + ROLE + USER)

  19. extended Keystone v1 PASTA-WEB 4) ACCESS WITH X-AUTH-TOKEN (IN-HOUSE CONSOLE) 0) OAUTH Auth OAUTH2 PROVIDER 1) ID/OAUTH-TOKEN 3) ISSUE X-AUTH-TOKEN or ID/PASSWORD 5) verify X-AUTH-TOKEN KEYSTONE PLATFORMS 1.1) verify OAUTH-TOKEN 2) GET IDENTITY 1.2) verify PASSWORD AUTH PLUGIN LDAP IDENTITY PLUGIN IN-HOUSE LDAP USING COMPANY’S SSO USING COMPANY’S LDAP FOR IDENTITY

  20. Auth Plugin PASSWORD AUTH default identity auth AUTH PLUGIN Success DEFAULT LOGIN AUTH Fail Success SSO LOGIN AUTH SSO HTTP API /api/Auth/tokenInfo to verify token Fail LOGIN FAILED

  21. Auth Plugin • Keypoint is… ü Treat SSO token as password ü Try default auth method first. If failed, use auth using SSO next ü Extends auth handler Keystone.auth.plugins.password.Password • Keystone Configuration

  22. Extended Keystone v1 PASTA-WEB (IN-HOUSE CONSOLE) 0) OAUTH Auth OAUTH2 PROVIDER 1) ID/OAUTH-TOKEN 3) ISSUE X-AUTH-TOKEN 4) ACCESS WITH X-AUTH-TOKEN or ID/PASSWORD 5) verify X-AUTH-TOKEN KEYSTONE PLATFORMS 1.1) verify OAUTH-TOKEN 2) GET IDENTITY 1.2) verify PASSWORD AUTH PLUGIN LDAP PLUGIN Problem • Do not have right to save OpenStack system IN-HOUSE LDAP users in LDAP • Deadly slow when retrieving all users.

  23. Extended Keystone v2 PASTA-WEB (IN-HOUSE CONSOLE) 0) OAUTH Auth OAUTH2 PROVIDER 1) ID/OAUTH-TOKEN 3) ISSUE X-AUTH-TOKEN 4) ACCESS WITH X-AUTH-TOKEN or ID/PASSWORD 5) verify X-AUTH-TOKEN KEYSTONE PLATFORMS 1.1) verify OAUTH-TOKEN 2) GET IDENTITY 1.2) verify PASSWORD HYBRID IDENTITY PASTA PLUGIN AUTH HANDLER (AUTH + IDENTITY) IN-HOUSE LDAP SQL INTRODUCE HYBRID INDENTITY PLUGIN • Save new user in SQL • Read from only SQL when querying all users

  24. Hybrid Backend Plugin • About the auth part • Based on keystone-hybrid-backend IDENTITY AUTH ü Implement LDAP Indentity ü extending SQL Indentity Success SQL LOGIN Auth Failed Success LDAP LOGIN Auth Failed LOGIN FAILED

  25. Hybrid Backend Plugin • Identity ü For API like get/update user just like the auth flow • Why customzied for list large users LIST_USERS ü 2000+ LDAP USER ü List all user take 10~60s in horizon Yes Filter by SQL + LDAP ü No domain concept when adopting legacy platforms USERS Name No SQL USERS • Configuration

  26. ADENDA • INTRODUCTION • MOTIVATIONS • INTEGRATE PLATFORM AUTHN/AUTHZ • INTEGRATE PLATFORM UI • MAKE PLATFORMS INTEROPERATE • PACKAGE/DEPLOY WITH CUSTOMIZATION

  27. Previously our platforms…. • Have each own web based management console • No consistent user experience • Implemented using various tech set • Backend : Spring/Node.js/Golang (No python…) • Framework: Backbone.js/Angular/Vue.js/React/Jquery

  28. Openstack - Horizon Horizon Nova Nova UI Neutron Neutron UI Cinder Cinder UI Manilla Plugin Manilla BlarBlar Plugin Blar Blar Keystone

  29. Openstack - Horizon • Not fit for NAVER • Is not working very well with large user set • Seems “”little bit”” UGLY for us • Implemented with Python + Django • Need to restart and test whenever some platform’s UI upgraded • How to evenly distribute the UI development job to each platform’s developer guaranteeing consistency? • Make UI independently developed without forcing to use specific tech set

  30. Micro Service Architecture UI / Horizon Monolithic App Microservice Microservice Microservice Microservice Microservice Microservice Logic + Database

  31. Micro Service Architecture - modified UI PASTA Integrator Microservice+UI Microservice+UI </> </> Microservice+UI Microservice+UI Microservice+UI Microservice+UI </> </> </> </> Logic + Database

  32. Micro Service Architecture - modified UI integrator handles this part Each platform handles this part

  33. Spring Cloud – Netflix ZUUL HTTP Request “pre” filters “routing” filters “post” filters “custom” filters “error” filters BACKEND SERVER

  34. Realized Runtime Flow OAUTH-PROVIDER 7. User permission check using X-AUTH-TOKEN KEYSTONE (OPENSTACK) 3. OAUTH PlatformA 4. Service Permission Check & Issue X-AUTH-TOKEN 6. https//{{platform-host}}/platform-id/* X-AUTH-TOKEN 8. Render platform page 1. Prepare routing table 5. Decide where to route based on context path Pasta WEB ZUUL 2. Access service-id .pasta.navercorp.com/ platform-id /a.txt PlatformB 8. Final HTML Rendering PlatformC

  35. Platform Info Extension • Be able to keep each platform endpoint info in keystone’s Service catalog and endpoints • Service(Openstack Term) = Platform (PASTA Term) Use the platform name as a context path Pick internal interface URL for routing

  36. Platform Info Extension • Need extra room to store extra routing info • Ex) Platform Icons / Display order … • Need separate DB to store these? • Use description section with JSON

  37. Service Info Extension • Should store the project’s extra info into keystone • Project(Openstack Term) = Service (PASTA Term) • https://blueprints.launchpad.net/horizon/+spec/support-extra-prop- for-project-and-user • OpenStack4J

  38. ADENDA • INTRODUCTION • MOTIVATIONS • INTEGRATE AUTHN/AUTHZ • INTEGRATE PLATFORM UI • MAKE PLATFORMS INTEROPERATE • PACKAGE/DEPLOY WITH CUSTOMIZATION

  39. UI Level Interoperability • Already be able to call the other platform’s REST API • Because all platform UI share same authn/z in a user session http://sample.pasta-host/kaleido/ PLATFORM-A PLATFORM-B PLATFORM-C $.get(“/platform-a/api/functionA”) $.get(“/platform-b/api/functionB”) $.get(“/platform-c/api/functionC”)

  40. Backend Interoperability • Need special way to communicate each other • ex) Batch / Event Handler which run outside of the user session • ex) Run user’s platform interoperation code when event is triggered • Introduce Serverless Framework (openwisk) OPENWISK PlatformA PlatformB • Not cover detail here

  41. ADENDA • INTRODUCTION • MOTIVATIONS • INTEGRATE AUTHN/AUTHZ • INTEGRATE PLATFORM UI • MAKE PLATFORMS INTEROPERATE • PACKAGE/DEPLOY WITH CUSTOMIZATION

Recommend

Get a Python job, Work on OpenStack ! about:me Release Manager for OpenStack Chair of

Get a Python job, Work on OpenStack ! about:me Release Manager for OpenStack Chair of

Get a Python job, Work on OpenStack ! about:me Release Manager for OpenStack Chair of OpenStack Technical Committee Python Software Foundation member ttx @ tcarrez @ Cloud ? Buzzword Infrastructure as a service Compute,

700 views • 28 slides
Future of OpenStack Looking Forward to 2019 Alan.Clark@suse.com What and Why OpenStack

Future of OpenStack Looking Forward to 2019 Alan.Clark@suse.com What and Why OpenStack

Future of OpenStack Looking Forward to 2019 Alan.Clark@suse.com What and Why OpenStack OpenStack is an open source software platform for cloud computing. Mostly deployed as infrastructure-as-a-service (IaaS), whereby virtual servers and

464 views • 25 slides
What is OpenStack ? Hello! I am Thierry Carrez I work for the OpenStack Foundation. You can

What is OpenStack ? Hello! I am Thierry Carrez I work for the OpenStack Foundation. You can

What is OpenStack ? Hello! I am Thierry Carrez I work for the OpenStack Foundation. You can find me at @tcarrez on Twitter And ttx on IRC No, really What is OpenStack ? An open source project A common goal A coalition of

672 views • 33 slides
Best Practices for Deploying OpenStack Trove: An Inside look at Database as a Service Architecture

Best Practices for Deploying OpenStack Trove: An Inside look at Database as a Service Architecture

Best Practices for Deploying OpenStack Trove: An Inside look at Database as a Service Architecture OpenStack Summit at Barcelona, October 2016 Who are we? Sriram Kalyanasundaram, Director Implementations Tesora Inc. OpenStack Summit

812 views • 23 slides
BUILD YOUR FIRST OPENSTACK APPLICATION WITH OPENSTACK PYTHONSDK VICTORIA MARTINEZ DE LA CRUZ

BUILD YOUR FIRST OPENSTACK APPLICATION WITH OPENSTACK PYTHONSDK VICTORIA MARTINEZ DE LA CRUZ

BUILD YOUR FIRST OPENSTACK APPLICATION WITH OPENSTACK PYTHONSDK VICTORIA MARTINEZ DE LA CRUZ SOFTWARE ENGINEER AT RED HAT CO-FOUNDER LINUXCHIX ARGENTINA WHAT IS OPENSTACK? BRIEF OVERVIEW OPENSTACK OVERVIEW IAAS... AND MORE! + RUNNING

548 views • 36 slides
SUSE OpenStack Cloud 126 126 What is SUSE OpenStack Cloud You know of Cloud Compute right?

SUSE OpenStack Cloud 126 126 What is SUSE OpenStack Cloud You know of Cloud Compute right?

SUSE OpenStack Cloud 126 126 What is SUSE OpenStack Cloud You know of Cloud Compute right? Maybe you use AWS or Azure? Allowing pay-as-you-go model for IT infrastructure and toward dynamic software-defined service delivery.

168 views • 16 slides
OpenStack Summit Primer: The Who, What, Why, and How of OpenStack Presented by Ben Silverman,

OpenStack Summit Primer: The Who, What, Why, and How of OpenStack Presented by Ben Silverman,

OpenStack Summit Primer: The Who, What, Why, and How of OpenStack Presented by Ben Silverman, Cincinnati Bell Technology Services Monday, May 13, 2019 BS DETAILS 30+ years of IT experience 6+ years experience with OpenStack Former

376 views • 36 slides
Build your own Web Portal using OpenStack APIs and Services OpenStack Summit in Austin 2016

Build your own Web Portal using OpenStack APIs and Services OpenStack Summit in Austin 2016

Build your own Web Portal using OpenStack APIs and Services OpenStack Summit in Austin 2016 April 27, 2016 IBM Japan Systems Engineering Co.,Ltd. Machi Hoshino OpenStack Summit in Austin 2016 Outline Introduction What is OpenStack

685 views • 42 slides
Introduction to OpenStack Nabil Abdennadher, HES-SO What is OpenStack ? Free and

Introduction to OpenStack Nabil Abdennadher, HES-SO What is OpenStack ? Free and

Introduction to OpenStack Nabil Abdennadher, HES-SO What is OpenStack ? Free and open-source cloud-computing software platform. Provides services for managing a Cloud environment on the fly. Consists of a group of interrelated

781 views • 43 slides
Introduction to OpenStack Nabil Abdennadher, HES-SO What is OpenStack ? Free and

Introduction to OpenStack Nabil Abdennadher, HES-SO What is OpenStack ? Free and

Introduction to OpenStack Nabil Abdennadher, HES-SO What is OpenStack ? Free and open-source cloud-computing software platform. Provides services for managing a Cloud environment on the fly. Consists of a group of interrelated

742 views • 56 slides
GPU on OpenStack Masafumi Ohta @masafumiohta Who am I &gt; Working for System Integrator as

GPU on OpenStack Masafumi Ohta @masafumiohta Who am I &gt; Working for System Integrator as

GPU on OpenStack Masafumi Ohta @masafumiohta Who am I &gt; Working for System Integrator as Pre-Sales Engineer. Working on some OpenStack PoC projects. Proposing OpenStack system to a manufacturer Investigating OpenStack issues reading some

580 views • 32 slides
A Dropbox-like Personal Cloud for OpenStack Swift Pedro Garca Lpez OpenStack Summit Adrin

A Dropbox-like Personal Cloud for OpenStack Swift Pedro Garca Lpez OpenStack Summit Adrin

A Dropbox-like Personal Cloud for OpenStack Swift Pedro Garca Lpez OpenStack Summit Adrin Moreno Martnez May 2014 - Atlanta Cristian Cotes Gonzlez CloudSpaces project Open Service Platform for the Next Generation of Open

691 views • 37 slides
Coordination and Leadership challenges in producing OpenStack Thierry Carrez (@tcarrez) Release

Coordination and Leadership challenges in producing OpenStack Thierry Carrez (@tcarrez) Release

Coordination and Leadership challenges in producing OpenStack Thierry Carrez (@tcarrez) Release management PTL OpenStack is large &amp; growing 130 git repositories 1.8+ MLOC Stats by OpenStack is complex OpenStack is painful

597 views • 30 slides
Preventing craziness A deep dive into OpenStack testing automation Thierry Carrez (@tcarrez)

Preventing craziness A deep dive into OpenStack testing automation Thierry Carrez (@tcarrez)

Preventing craziness A deep dive into OpenStack testing automation Thierry Carrez (@tcarrez) Release manager, OpenStack OpenStack is large &amp; growing 95+ code repositories 1.9+ MLOC Stats by OpenStack is complex 9 integrated

497 views • 48 slides
OpenStack Charms Project Update, OpenStack Summit Vancouver James Page (jamespage) What are the

OpenStack Charms Project Update, OpenStack Summit Vancouver James Page (jamespage) What are the

May 2018 OpenStack Charms Project Update, OpenStack Summit Vancouver James Page (jamespage) What are the OpenStack Charms? commit 4b30ccbd044be76be66c1bb6f9669dba352147b6 Author: Adam Gandelman &lt;adamg@canonical.com&gt; Date: Tue Jul 5

403 views • 19 slides
OpenStack Hackathon Rio de Janeiro, Brazil - 2017 OpenStack Hackathons Help app developers

OpenStack Hackathon Rio de Janeiro, Brazil - 2017 OpenStack Hackathons Help app developers

OpenStack Hackathon Rio de Janeiro, Brazil - 2017 OpenStack Hackathons Help app developers build knowledge and skill for cloud-native applications Develop new relationships and discover new talent in your local community Practice

964 views • 22 slides
OpenStack and OVN Whats New with OVS 2.7 OpenStack Summit -- Boston 2017 Russell Bryant

OpenStack and OVN Whats New with OVS 2.7 OpenStack Summit -- Boston 2017 Russell Bryant

OpenStack and OVN Whats New with OVS 2.7 OpenStack Summit -- Boston 2017 Russell Bryant (@russellbryant) Justin Pettit (@Justin_D_Pettit) Ben Pfaff (@Ben_Pfaff) Virtual Networking Overview Provides a logical network abstraction on top of a

660 views • 26 slides
DNS in OpenStack What is the OpenStack DNS API? https://gra.ham.ie | @grahamhayes 1 Graham

DNS in OpenStack What is the OpenStack DNS API? https://gra.ham.ie | @grahamhayes 1 Graham

DNS in OpenStack What is the OpenStack DNS API? https://gra.ham.ie | @grahamhayes 1 Graham Hayes Principal Engineer @ Azure Ex Designate PTL OpenStack TC https://gra.ham.ie @grahamhayes gr@ham.ie https://gra.ham.ie | @grahamhayes

445 views • 21 slides
Moving SNE to the Cloud RP1i3 Sudesh Jethoe http://www.openstack.org/assets/openstack-logo/

Moving SNE to the Cloud RP1i3 Sudesh Jethoe http://www.openstack.org/assets/openstack-logo/

Moving SNE to the Cloud RP1i3 Sudesh Jethoe http://www.openstack.org/assets/openstack-logo/ Overview 1. Research Question 2. What's a cloud? 3. Cloud frameworks 4. OpenStack 5. Method 6. Problems 7. Conclusion 8. Discussion 9. Questions

432 views • 25 slides
Bringing Private Cloud to Australia OpenStack on VMware OpenStack Summit 2013 Introduction

Bringing Private Cloud to Australia OpenStack on VMware OpenStack Summit 2013 Introduction

Bringing Private Cloud to Australia OpenStack on VMware OpenStack Summit 2013 Introduction Aptira Leading OpenStack provider in Australia and APAC Private and Hybrid IaaS Cloud Solutions Technology consultancy for large providers

224 views • 21 slides
An overview of container related projects in OpenStack as a telco guy sees them in 10 minutes

An overview of container related projects in OpenStack as a telco guy sees them in 10 minutes

06.11.2017 An overview of container related projects in OpenStack as a telco guy sees them in 10 minutes GERGELY CSATARI An OpenStack service (the thing what does OpenStack) A container A VM A physical host An other physical host Runnig

215 views • 21 slides
OpenStack QA Project Update, OpenStack Summit Denver Ghanshyam Mann, IRC- gmann,

OpenStack QA Project Update, OpenStack Summit Denver Ghanshyam Mann, IRC- gmann,

May 2019 OpenStack QA Project Update, OpenStack Summit Denver Ghanshyam Mann, IRC- gmann, gmann@ghanshyammann.com Masayuki Igawa, IRC- masayukig masayuki@igawa.io What is OpenStack QA?? Official Mission Statement: Develop, maintain, and

465 views • 14 slides
Get behind your OpenStack and transform your adoption Cameron Seader Technology Strategist

Get behind your OpenStack and transform your adoption Cameron Seader Technology Strategist

Get behind your OpenStack and transform your adoption Cameron Seader Technology Strategist cs@suse.com Who here uses OpenStack? 2 What's the OpenStack value? 3 &quot;Being a flexible framework to build on is the most important aspect of

580 views • 28 slides
Octavia OpenStack Load Balancing New Features Deep Dive OpenStack Summit - Denver Adam Harwell -

Octavia OpenStack Load Balancing New Features Deep Dive OpenStack Summit - Denver Adam Harwell -

May 2019 Octavia OpenStack Load Balancing New Features Deep Dive OpenStack Summit - Denver Adam Harwell - Train PTL - Verizon Media Carlos Goncalves - Red Hat Michael Johnson - Red Hat What is Octavia? Network Load Balancing as a Service for

1.25k views • 16 slides

More recommend