Proj-2012-2013-OAR-Cloud

From air
Jump to navigation Jump to search

OAR Cloud Project

This project aims at creating a light cloud computing architecture on top of the batch scheduler OAR. You can access to the Git repository on github.

Project Members

This project is proposed by:

Olivier Richard - Teacher and researcher in RICM's Polytech Grenoble training

Three students from RICM are working on it:

  • Jordan Calvi (RICM4)
  • Alexandre Maurice (RICM4)
  • Michael Mercier (RICM5)

State of the art

This project begins on January 2013. Here is the current state of the art concerning the cloud computing technologies and the underlying virtualization technologies.

Cloud computing

Definition

The cloud computing is the use computing and storing resources through a network. It is providing a stack of services, from the hardware to the applications, named "Something as a Service". You can read a more exhaustive definition on Wikipedia.

IaaS

The layer we are interested in, is the Infrastructure as a Service layer (IaaS). It provided access to computation resources with an hardware abstraction made by virtualization. The leader in this domain is Amazon EC2. There IaaS proprietary platform is considered as the industrial standard and almost every other cloud computing solution are compatible with it's API. They provide, through a Command Line Interface (CLI) and a Web interface, a simple way to deploy scaling web applications and services. This is an on-demand self-service and you pay only when you are using it. The main features of Amazon EC2 are (from the Amazon EC2 web site):

  • Select a pre-configured, templated Amazon Machine Image (AMI) to get up and running immediately. Or create an AMI containing your applications, libraries, data, and associated configuration settings.
  • Configure security and network access on your Amazon EC2 instance.
  • Choose which instance type(s) you want, then start, terminate, and monitor as many instances of your AMI as needed, using the web service APIs or the variety of management tools provided.
  • Determine whether you want to run in multiple locations, utilize static IP endpoints, or attach persistent block storage to your instances.
  • Pay only for the resources that you actually consume, like instance-hours or data transfer.

But there is lots of alternatives to Amazon. Several company provide the same kind of services using proprietary or open source solutions. You can see a comparison of some of these solutions here.

Virtualization technologies

Hardware virtualization

There is a lot of system virtualization technologies. For system virtualization Amazon is using the XEN virtualization technology like most of their competitors. As we are looking for open source technologies, there is two serious alternatives to consider: KVM and LXC.

Xen
Well known and used in big mainframe cloud solution, Xen is consider as reliable. It is a bare-metal (type1) hypervisor that lies directly on hardware. This means that every operating systems that runs on top of this hypervisor needs to be ported to fit with the paravirtualization API. It recently provide an hardware-assisted virtualization like KVM.
KVM
Included to the Linux Kernel, KVM (Kernel-based Virtual Machine) is using hardware-assisted virtualization for x86 processors with the virtualization extensions (Intel VT or AMD-V). It seems to be quite equivalent to Xen, but some say that it's quite easier to use.
LXC
The most recent one, LXC for LinuX Container use an other kind of virtualization technique based on isolation. The major drawback is that it works only for Linux OS or program. Also, the actual stable version (0.7.5) is still a work-in-progress and the API is not stabilize yet. There is lots of security issues not really solve for now[1] [2]. The major advantage is speed and the fact that LXC is directly accessible into the kernel.

We want to know if LXC can be a good alternative to Xen or KVM.

Network virtualization

In cloud computing infrastructure we need to connect the Virtual Machines (VMs). To achieve this, the network virtualization is used. In the Linux world the most common virtual network used the virtual interface named bridge. The bridge is forwarding packet at Layer 2, so it is independent of upper layer protocols. It can be manage via the brctl command. Advanced features, like filtering or firewalling, are done using the ebtable project.

A more complete tools named OpenVSwitch is open source and commonly used in lots of cloud computing solutions. It's basically a virtual switch that can handle VMs inside a node or between multiple node over real switch.

To fit our demand regarding the network we will try to use OpenVSwitch to build our solution.

Conception

Context

There is two kind of actors that are dealing with OAR cloud, users and administrators. The F.u* and the F.a* are the user and Administrator features describe below.

OAR Cloud Context Diagram

Features

User

Main features:

F.u.0 Connect to an account

F.u.1 Launch and configure one or more instances

F.u.2 Deploy an image on one or more instances

F.u.3 Modify and save images

F.u.4 Setup alarms based on rules using metrics

F.u.5 Being inform by e-mail and/or notification for interesting events

Advanced features:

F.u.6 Automated resize of an instance (adapt the resources) using predefined rules and schedule

F.u.7 Load balancing between several instances

F.u.8 Advanced Network configuration for user: ACL, subnets, VPN...

Administrator

F.a.0 Create/delete user account

F.a.1 Add/remove and manage resources

F.a.2 Visualize resources and instances states

F.a.3 Install and update nodes operating systems

F.a.4 Handle users access rights

F.a.5 Setup alarms based on rules using metrics

F.a.6 Being inform by e-mail and/or notification for interesting events

Logical View

Here is the logical view of the OAR Cloud system. Every component on this diagram represents a software component type. The links between these components represent the communication between them.

OAR Cloud Logical View

Description of the main components:

AccountManager
Handle users and admins access rights
AccessPoint
The system access point reached by the different access tools
InstanceManager
Manage the creation, configuration and deletion of instances all over the severals nodes. It also handles the appliances persistence and deployment
UserCLI & AdminCLI
Command line access tools for users and admins

Milestones

This table presents the milestones of the project. Each Milestones are described below.

Project milestones
OAR Resource reservation LXC libvirt OpenVSwitch VM SSH Access Access Security Network isolation Resource cleanup Client CLI Storage
M1 X X X
M2 X X X
M3 X X X X X X

M1

In an Ubuntu 12.04 LTS environement

  1. install and configure OAR
  2. install and configure LXC
  3. make OAR reservation
  4. launch one or more VM using LXC
  5. Connect to the VM
  6. check if killing the job do kill the VM
  7. script this!

The cigri devel appliance was used as an configuration example for this. The Ubuntu 12.04 LTS distribution has been chosen because it seems to be one of the few distributions where LXC works out-of-the-box.

Encountered problems

OAR settings

  • the job manager "job_resource_manager_cgroups.pl" generate cpuset errors
   
   [job_resource_manager_cgroups][41][DEBUG] init
   mount: special device none does not exist
   rm: cannot remove `/dev/cpuset': Is a directory
   ln: failed to create symbolic link `/dev/cpuset/oar_cgroups': Operation not permitted
   [job_resource_manager_cgroups][41][ERROR] Failed to mount cgroup pseudo filesystem
   
  • the job manager "job_resource_manager.pl" generate cpuset errors too
   
   [job_resource_manager][40][DEBUG] init
   [debug] [2013-02-21 20:03:15.153] [MetaSched] Start of meta scheduler
   sh: 1: cannot create /dev/cpuset//oar/cpu_exclusive: Permission denied
   [job_resource_manager][40][ERROR] Failed to create cpuset /oar
   
  • I thought the problem come from a database conflict so I tried to use
   
   % sudo  oar-database --reset
   Are you sure you want to reset your database ? (The database content will be lost) [y/N]: y
   resetting the database 'oar'...
   ERROR 1064 (42000) at line 2: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'schema' at line 1
   Fail to execute /usr/lib/oar/database/mysql_reset_structure.sql
   . at /usr/sbin/oar-database line 188, <FIN> line 1.
   
  • I tried to run the `update_cpuset_id.sh` script but it shows an error message either:
   
   % sudo /etc/oar/update_cpuset_id.sh 127.0.0.1
   The authenticity of host '[127.0.0.1]:6667 ([127.0.0.1]:6667)' can't be established.
   RSA key fingerprint is 72:91:a6:40:29:60:b2:c2:18:ba:b7:66:4a:c5:d7:2f.
   Are you sure you want to continue connecting (yes/no)? yes
   Warning: Permanently added '[127.0.0.1]:6667' (RSA) to the list of known hosts.
   Permission denied (publickey,keyboard-interactive).
   DBD::mysql::st execute failed: Unknown column 'ip' in 'where clause' at /usr/share/perl5/OAR/IO.pm line 4774.
   DBD::mysql::st fetchrow_hashref failed: fetch() without execute() at /usr/share/perl5/OAR/IO.pm line 4776.
   

The problem comes from the cgroup-lite service that run by default in an Ubuntu 12.04. Stop this service using

 service cgroup-lite stop

solve the problem for OAR but puts LXC down.

I find a trick to make OAR and LXC working together: I disable the cpuset feature of OAR. In the /etc/oar/oar.conf (there is a copy in the M1 folder) I have comment CPUSET_PATH and set to yes OARSUB_FORCE_JOB_KEY as it is provided in the CPUSET_PATH comment.

Thus, I could run an LXC container inside a job. The container was vanished when the job has been killed.

Questions

  • Is the OAR cpuset mandatory, even if the LXC manage it?

M2

In Ubuntu 12.04 LTS

  1. install and configure LXC, libvirt and OpenVswitch
  2. launch at least 2 VMs
  3. make the VMs to ping each others
  4. script this!

M3

TODO

Tools

Libvirt and LXC

LXC

LXC is a lightweight hypervisor allowing to run isolated appliances. Indeed, it provides a virtual environment that has its own process and network space. It is similar to a chroot. As LXC is implemented on given linux kernel, only operating systems that are compatible with the hosting kernel will be able to run. It is based on cgroups (control groups), a Linux kernel feature to manage ressources like CPU, memory and disk I/O by limiting resources, prioritizing groups, accounting (measuring), isolating (separate namespaces for groups, it means processes, network connections and files are not visible by other groups) and controling groups.


Installation

/!\ LXC as been set up succesfully on ubuntu 12.04 LTS as container launching does not works on Debian Wheeze testing OS. /!\


Packages installation

aptitude install lxc bridge-utils debootstrap
/?\ Conteners will be placed in /var/lib/lxc /?\


Mounting cgroups automatically : edit /etc/fstab and add the following

cgroup /sys/fs/cgroup cgroup defaults 0 0


Enabling previous modifications

mount -a


Checking everything is ok

lxc-checkconfig


Manipulation of containers

Creating a container running Ubuntu

lxc-create -t ubuntu -n ubuntu1
/!\ By default, the version of the guest OS is the same as the hosting one. /!\


Showing existing containers and thoses that are running

lxc-ls
/?\ The first line indicates existing containers and the second one thoses in running state. /?\


Obtaining information about ubuntu1

lxc-info -n ubuntu1


Starting the container

lxc-start -n ubuntu1


Connection to the container

lxc-console -n ubuntu1


Shutting down the container

lxc-stop -n ubuntu1


Exiting console

perform CTRL-a q


Deleting the container

virsh -c lxc:/// undefine ubuntu1


Configuring the container

At boot time, a virtual machines reads the file /var/lib/lxc/{VM-name}/config to set up its configuration (root file system, number of TTY, limites, etc).

lxc.network.type=veth
lxc.network.link=lxcbr0
lxc.network.flags=up
lxc.network.hwaddr = 00:16:3e:24:e5:9a
lxc.utsname = ubuntu1

lxc.devttydir = lxc
lxc.tty = 4
lxc.pts = 1024
lxc.rootfs = /var/lib/lxc/ubuntu1/rootfs
lxc.mount  = /var/lib/lxc/ubuntu1/fstab
lxc.arch = amd64
lxc.cap.drop = sys_module mac_admin
lxc.pivotdir = lxc_putold

# uncomment the next line to run the container unconfined:
#lxc.aa_profile = unconfined

lxc.cgroup.devices.deny = a
# Allow any mknod (but not using the node)
lxc.cgroup.devices.allow = c *:* m
lxc.cgroup.devices.allow = b *:* m
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
#lxc.cgroup.devices.allow = c 4:0 rwm
#lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm
#fuse
lxc.cgroup.devices.allow = c 10:229 rwm
#tun
lxc.cgroup.devices.allow = c 10:200 rwm
#full
lxc.cgroup.devices.allow = c 1:7 rwm
#hpet
lxc.cgroup.devices.allow = c 10:228 rwm
#kvm
lxc.cgroup.devices.allow = c 10:232 rwm


Configuring default network and switch

see:

/etc/default/lxc

Libvirt

Installation

Packages installation

apt-get install libvirt-bin


Creating an XML file configuration to import an existing container in libvirt

/!\ Notice that libvirt can not install am OS in a container. Therefore, an LXC container with an OS must have been set up previously (that was the we saw before). Then, the file system directory will be given to libvirt when importing the VM. /!\
In order to create a libvirt container, an XML file describing the VM we want to import must be filled. There is a sample of such an XML file that belong to VM "ubuntu1" we have just created :
<domain type='lxc'
  <name>ubuntu1</name>
  <memory>332768</memory>
  <os>
    <type>exe</type>
    <init>/sbin/init</init>
  </os>
  <vcpu>1</vcpu>
  <clock offset='utc'/>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>destroy</on_crash>
  <devices>
    <emulator>/usr/lib/libvirt/libvirt_lxc</emulator>
    <filesystem type='mount'>
      <source dir='/var/lib/lxc/ubuntu1/rootfs'/>
      <target dir='/'/>
    </filesystem>
    <interface type='network'>
      <source network='default'/>
    </interface>
    <console type='pty' />
  </devices>
</domain>


Setting the container as a libvirt one

virsh --connect lxc:/// define ubuntu1.xml


Booting the container

virsh -c lxc:/// start ubuntu1


Connecting to the container localy

virsh -c lxc:/// console ubuntu1


Connecting to the container remotly

virsh -c lxc+{IPDEST}:/// console ubuntu1


Shutting the container

virsh -c lxc:/// destroy ubuntu1


Deleting the container

virsh -c lxc:/// undefine ubuntu1


Problemes

  • Using Ubuntu as a host,when connecting to a libvirt VM running Debian, the guest appliance waits for the user to log in through two interfaces at a time (tty1 and console), so it is not possible to get identified.
  • Using Debian Wheeze as a host, when connecting to a libvirt VM, the console does not offer the user the possibility to log in. However, when using directly LXC there is no issue.

Open vSwitch

Internal links

External links

Journal

19/02

  • milestone definitions

04/02

  • We have specified the subject
  • Distribute the work between us.
    • Jordan: LXC and Libvirt
    • Alexandre: OpenVSwitch and Libvirt
    • Michael: OAR and global architecture