<!-- .slide: data-background="https://codimd.web.cern.ch/uploads/upload_ad068bde3c2957f72bad8b1dc7a4b5ee.jpg"; data-background-opacity=".5" --> ## Core Compute Services #### Cloud & IaaS ###### Giacomo Tenaglia - CSC on IT Services - 2024-11-05 --- <!-- .slide: data-background="https://codimd.web.cern.ch/uploads/upload_c4199c0a96ef5fbf23788ae6287d94fc.jpg"; data-background-opacity=".3" --> ## Who am I * :spaghetti: MSc Computer Science * :computer: Joined CERN in 2007 (TECH) * :male-construction-worker: Config Services @CERN IT-CD-CC * :blue_heart: CERN OSPO founder & IT representative * :penguin: since 1999 --- <!-- .slide: data-background="https://codimd.web.cern.ch/uploads/upload_5fdc3aec08e10c2282db882fbf5b3141.jpg"; data-background-opacity=".3" --> ## My assumptions on you * Love interrupting when things are not clear. * Have an `ssh` client installed on your laptop. * Are familiar with Linux administration concepts. --- <!-- .slide: data-background="https://codimd.web.cern.ch/uploads/upload_9cd12fd09fdd6a04b6288dbeb26faad8.png"; data-background-opacity=".3" --> ## Traditional computing models --- <!-- .slide: data-background="https://codimd.web.cern.ch/uploads/upload_fc7f9d4483f0019a2348fd36f865ee28.jpg"; --> --- <!-- .slide: data-background="https://codimd.web.cern.ch/uploads/upload_7abedcf6cac512d182fa70db14aa7ec0.JPG"; --> --- <!-- .slide: data-background="https://codimd.web.cern.ch/uploads/upload_78be3a49b67b2d07e98fb87f3cb4c7b8.jpg"; data-background-opacity=".2" --> ## Cloud computing --- <!-- .slide: data-background="https://codimd.web.cern.ch/uploads/upload_4f8468da8172c5506c23b236a8af84a6.png"; data-background-size="contain" --> --- <!-- .slide: data-background="https://codimd.web.cern.ch/uploads/upload_f35fbb8972eec711e12629f7a133d99c.png"; data-background-size="contain" --> --- <!-- .slide: data-background="https://codimd.web.cern.ch/uploads/upload_4a0c14aeea6ae6face34cd12142d5ceb.jpg"; --> --- <!-- .slide: data-background="https://codimd.web.cern.ch/uploads/upload_76f5dc29b82d8226f36441e4fd8bea68.png"; data-background-size="contain" --> --- <!-- .slide: data-background="https://codimd.web.cern.ch/uploads/upload_d1f52423e8447b6519cfd35569ee55f4.png"; ata-background-size="contain" data-background-opacity=".2" --> ## The CERN Private Cloud * Full-blown IaaS in production since 2013: * Hosted at CERN; * Self-service, programmable, elastic, efficient; * Based on [Openstack](https://www.openstack.org/) (open-source); * Integrated with CERN infra (network/LanDB, authentication, Linux/Windows, ...). * https://cern.ch/clouddocs --- ## Exercise 0.1 ###### Get the environment setup ``` ssh lxplus.cern.ch openstack help openstack project list env | grep OS_ export OS_PROJECT_NAME="CSC IT Services" openstack server list ``` * Notes: * We use `bash` (sorry I'm a boomer). * `bash` completion for `openstack` is awesome. Does it work? * `--fit-width` helps. --- ## Exercise 0.2 ###### Get the environment setup * Horizon UI: https://openstack.cern.ch/ * Locate the `CSC IT Services` project and inspect its quota. * Locate `hello-csc-2024.cern.ch` and its properties. --- <!-- .slide: data-background="https://codimd.web.cern.ch/uploads/upload_18c211758b0f190f8bf3bc41c4b128f3.jpg"; ata-background-size="contain" data-background-opacity=".2" --> ## Compute instance management ###### Openstack Nova * Create and manage VMs. --- ## Exercise 1.1 ###### Instance management * Create a `keypair` (Horizon/CLI) or import an existing one. * Create an instance (`openstack server create`) with the following specs: * Flavour: `m2.small` * Image: `RHEL9 - x86_64` * Name: `$USER-csc-2024` * Your key-pair * Verify in Horizon that the instance is being created. * [ASYNC] Access the instance as `root` via SSH. --- <!-- .slide: data-background="https://codimd.web.cern.ch/uploads/upload_18c211758b0f190f8bf3bc41c4b128f3.jpg"; ata-background-size="contain" data-background-opacity=".2" --> ## Instance management: extras * [LanDB properties](https://clouddocs.web.cern.ch/using_openstack/properties.html#other-cern-specific-properties) * Setting properties: "Main user", "Responsible", "IPv6 ready", ... * [VM placement](https://clouddocs.web.cern.ch/availability_techniques/vm_placement.html): * Availability zones: a, b, c (Meyrin) * Different local network switch and power inputs. * Data centre: `cern` vs `pdc` (need dedicated resource request). * Server groups: affinity/anti-affinity (host/rack, `pdc` first). --- <!-- .slide: data-background="https://codimd.web.cern.ch/uploads/upload_aa849104bb455a743973a8126cfb97ac.jpg"; data-background-opacity=".3" --> ## A word on [data centres](https://clouddocs.web.cern.ch/datacentre.html#differences-between-datacentres) * Meyrin Data Centre (MDC, Building 513): `OS_REGION_NAME=cern` * Prévessin Data Centre (PDC, Building 775): `OS_REGION_NAME=pdc` --- <!-- .slide: data-background="https://codimd.web.cern.ch/uploads/upload_bd0c0515fd4bcd4240e448db4b5008a8.png"; data-background-size="contain" --> --- <!-- .slide: data-background="https://codimd.web.cern.ch/uploads/upload_e27f52bc64bf3730bf50cb1b736fa0d1.JPG"; data-background-opacity=".3" --> ## Image management ###### Openstack Glance * Predominant format: `qcow2` (QEMU CoW). * CERN-supported image library: * Alma, RHEL, Windows, ... * `openstack image list` * *Golden* images management: * Reference/master image to help standardisation. * Complementary to config management. * Backup/restore: * Regular vs ad-hoc. --- <!-- .slide: data-background="https://codimd.web.cern.ch/uploads/upload_5ec56ab90deda68f65f32f3fa9e32ef7.jpg"; data-background-opacity=".3" --> ## Block storage management ###### Openstack Cinder * Persistent virtualised block devices independent of any particular instance. * Can only be attached to a single instance at a time. * Several [volume types](https://clouddocs.web.cern.ch/block_storage/create_block_volumes.html#available-volume-types): * Performances, location, placement. * Use-cases: "Boot from volume", snapshots, backups. * At CERN: using IT-SD Ceph service (RBD): * HDD: replica x3, SSD: erasure-coding 8+3. * *NOTE: please do not do SW RAID!* --- <!-- .slide: data-background="https://codimd.web.cern.ch/uploads/upload_56e5e36c6cc54424f82393944f1cc456.jpg"; data-background-opacity=".3" --> ## File shares management ###### Openstack Manila * Network accessible filesystem for Linux. * Mountable from several clients at once. * Several [share types](https://clouddocs.web.cern.ch/file_shares/share_types.html): * HDD/SSD, location. * At CERN: using IT-SD Ceph service (CephFS). --- <!-- .slide: data-background="https://codimd.web.cern.ch/uploads/upload_bca61b76f5d1e24b54d2a243ec915f65.jpg"; data-background-opacity=".3" --> ## Other Openstack components * Ironic: bare-metal machines management. * Magnum: containers/k8s as a service. --- ## Exercise 2.1 ###### Image management: clone an instance * Install the Apache web-server: ``` dnf install -y httpd systemctl enable httpd systemctl start httpd firewall-cmd --permanent --zone=public --add-port=80/tcp ``` * Drop a file in `/var/www/html`: ``` echo "My CSC test" > /var/www/html/content ``` * Make sure you can access it: ``` curl http://${USER}-csc-2024.cern.ch/content ``` --- ## Exercise 2.2 ###### Image management: clone an instance (Linux only!) * Create a snapshot: ``` openstack server image create --name $USER-snapshot --wait $USER-csc-2024 ``` * Download the image: ``` mkdir /tmp/$USER # should already exist openstack image save --file /tmp/$USER/my-snapshot.qcow2 $USER-snapshot ``` * Clean it up (note: use actual `username`): ``` LIBGUESTFS_BACKEND=direct virt-sysprep \ --add /tmp/gtenagli/my-snapshot.qcow2 --delete /etc/krb5.keytab \ --delete /var/lib/cern-private-cloud-addons/state ``` * (Bonus) inspect: ``` LIBGUESTFS_BACKEND=direct guestfish -i --ro -a /tmp/gtenagli/my-snapshot.qcow2 ``` --- ## Exercise 2.3 ###### Image management: clone an instance (Linux only!) * Upload the image: ``` openstack image create \ --file /tmp/$USER/my-snapshot.qcow2 \ --property os=LINUX --disk-format=qcow2 \ --container-format=bare $USER-snapshot-clean ``` * Create an instance from the clean image: ``` openstack server create --key-name your_key_name \ --flavor m2.small --image $USER-snapshot-clean \ $USER-clone-1 ``` * [ASYNC] Check the web content is available on the newly created instance: ``` curl http://${USER}-clone-1.cern.ch/content ``` --- ## Exercise 3.1 ###### Block storage: attach an extra disk * Create a volume and attach it: ``` openstack volume create --description "CSC Test volume" --size 5 $USER-vol openstack server add volume $USER-csc-2024 $USER-vol ``` * Inspect the volume from the VM (?) * Format and mount: ``` # mkfs -t ext4 -L csc-test /dev/vdb # mount -L csc-test /mnt ``` --- ## Exercise 3.2 ###### Block storage: extend a volume * Fill the volume (hint: `df -k && fallocate -l`) * Extend the volume (new! note the magic API version call): ``` openstack --os-volume-api-version 3.42 volume set $USER-vol --size 6 # resize2fs /dev/vdb ``` --- ## Thanks! ---