Cloudfoundry architecture
50 likes18,412 views
Cloud Foundry is an open platform as a service (PaaS) that supports building, deploying, and scaling applications. It uses a loosely coupled, distributed architecture with no single point of failure. The core components include cloud controllers, stagers, routers, execution agents, and services that communicate asynchronously through messaging. This allows the components to be scaled independently and provides a self-healing system.
![Access to services info
VCAP_SERVICES: {!
"postgresql-9.0": [{!
"name": "env-postgresql",!
"label": "postgresql-9.0",!
"plan": "free",!
"credentials": {!
"name": "de24667f9344b4eeaad6b5a2326d52faa",!
"host": "172.30.48.122",!
"port": 5432,!
"user": "u50ce600bba434bacbc99e034bb415644",!
"password": "pf4dca5bd449d4732841f0c4ae3f299d0"!
}!
}]!
}!](https://image.slidesharecdn.com/cloudfoundry-architecture-121018103044-phpapp02/85/Cloudfoundry-architecture-75-320.jpg)
Cloudfoundry architecture
- 1. Cloud Foundry Architecture Ramnivas Laddad @ramnivas © 2012 SpringOne 2GX. All rights reserved. Do not distribute without permission.
- 2. @ramnivas • Spring framework committer • Cloud Foundry committer • Main interests – Cloud computing – Aspect-oriented programming – Scala and functional programming • Author of books and articles – AspectJ in Action (1st and 2nd edition) • Speaker at many professional conferences – JavaOne, JavaPolis, SpringOne, Software Development, No Fluff Just Stuff, EclipseCon, O’Reilly OSCON etc. • Active involvement in AspectJ, Spring, and Cloud Foundry since their early form
- 3. Technologies “Я” Us Closure Java AMQP HTML5 Akka Mongo Spring Scala Redis JSF Grails Hibernate node.js RabbitMQ JDBC Lift Rails JMS Ruby Hadoop Sinatra Batch Job Django JTA Python MySQL Web Services JPA Caching LDAP Postgres Scripting Testing Security Neo4j REST
- 4. Technologies “Я” Us Closure Java AMQP HTML5 Akka Mongo Spring Scala Redis JSF Grails Hibernate node.js RabbitMQ JDBC Lift Rails JMS Ruby Hadoop Sinatra Batch Job Django JTA Python MySQL Web Services JPA Caching LDAP Postgres Scripting Testing Security Neo4j REST
- 5. Technologies “Я” Us Access logs Network Routing Hardware failures DNS Storage Load balancing Auditing Rolling Updates User management Security DoS Backups DBA OS Monitoring Patches
- 6. Technologies “Я” Us Access logs Network Routing Hardware failures DNS Storage Load balancing Auditing Rolling Updates User management Security DoS Backups DBA OS Monitoring Patches
- 7. Facets of complexity: Product § More functionality § Time to market pressure § Complex integration § Higher stake in quality
- 8. Facets of complexity: Development § Sound architecture: future proofing without overdoing § Unit and integration tests § Responding to changing business needs § Confusing technology landscape
- 9. Facets of complexity: Deployment and operation § Choosing the right hardware, operating system, web server § Monitoring applications § Responding to scalability needs § Dealing with hardware- and system-level failures § Upgrading without substantial down time
- 10. Inherent vs. Apparent Complexity Implementation
- 11. Inherent vs. Apparent Complexity Implementation Functional logic
- 12. Inherent vs. Apparent Complexity Implementation Functional logic Inherent complexity
- 13. Inherent vs. Apparent Complexity Implementation overhead Implementation Functional logic Inherent complexity
- 14. Inherent vs. Apparent Complexity Implementation overhead Apparent Implementation complexity Functional logic Inherent complexity
- 15. Inherent vs. Apparent Complexity What can we do about this? Implementation overhead Apparent Implementation complexity Functional logic Inherent complexity
- 16. What can we do? ?
- 17. Three layers of Cloud Computing SaaS Software as a Service PaaS Platform as a Service IaaS Infrastructure as a Service
- 18. Cloud Foundry open PaaS - Choice of clouds Data Services Private Clouds Msg Services Public Clouds Other Micro Services Clouds
- 19. Cloud Foundry open PaaS - Choice of clouds Data Services Private Clouds Msg Services Public Clouds Other Micro Services Clouds Apache2 license
- 20. Cloud Foundry open PaaS - Choice of clouds Data Services Private Clouds Partners Msg Services Public Clouds Other Micro Services Clouds Apache2 license
- 22. Architectural Goals • No single point of failure • Distributed state • Self healing • Horizontally scalable
- 23. Architectural Principles • Loose coupling • Event-driven • Asynchronous • Non-blocking • Idempotent • Eventually consistent • Language-independent communication
- 24. Cloud Foundry Layers Clients Inner Shell Outer Shell Infrastructure as a Service Hardware (CPU, Memory, Storage, Network)
- 25. Cloud Foundry Core Components The Inner Shell
- 26. Cloud Foundry Inner Shell and Up Developers Users Routers CloudControllers Stagers App App HealthManager Execution Agents Services (DEA) Pool Messaging
- 27. Zooming in… App meta data cloud stager health controller manager cc - db staging jobs package uaa - db cache dea dea redis dea dea blobstore dea uaa - AuthN dea staging logs © 2012 VMware, Inc. All rights reserved
- 28. Design Principles • Dynamically discoverable components • No inter-component dependencies – Launch in any order – Scale up and down independently • Monitor using HTTP end points
- 30. Cloud Foundry Inner Shell and Up Developers Users Routers CloudControllers Stagers App App HealthManager Execution Agents Services (DEA) Pool Messaging
- 31. Cloud Controller • Interface with the clients – VMC – STS – Portal • Provides REST interface to domain objects – Apps – Services – Orgs – Spaces
- 32. Cloud Controller REST API Demo
- 34. Cloud Foundry Inner Shell and Up Developers Users Routers CloudControllers Stagers App App HealthManager Execution Agents Services (DEA) Pool Messaging
- 35. Stager • Responsible for morphing user app into executable • Pluggable architecture – Each plugin understands a framework or a runtime • Allow the DEA to view applications uniformly
- 36. Stager’s role …………… …………… …………… Stager …………… …………… …………… …………… …………… …………… …………… …………… ………….. :::::::::: Spring Play Rails …
- 37. From bits to executable app app.war
- 38. From bits to executable app app.war
- 39. From bits to executable app app.war
- 40. From bits to executable app startup app.war stop
- 42. Cloud Foundry Inner Shell and Up Developers Users Routers CloudControllers Stagers App App HealthManager Services Messaging
- 43. Cloud Foundry Inner Shell and Up Developers Users Routers CloudControllers Stagers App App HealthManager Execution Agents Services (DEA) Pool Messaging
- 44. From bits to running app startup app.war stop
- 45. From bits to running app startup app.war stop
- 46. From bits to running app A startup g e app.war n t stop
- 47. From bits to running app A startup g e app.war n t stop
- 48. Droplet Execution Agent (DEA) • Responsible for running all apps • Monitors apps – Memory and disk quota – Stage changes • Uniform view of all apps – Runtime/framework differences sorted by the stager • Ensures app isolation
- 49. Application Isolation DEA Container API Host network Private network App Private File System Warden container
- 51. Cloud Foundry Inner Shell and Up Developers Users Routers CloudControllers Stagers App App HealthManager Execution Agents Services (DEA) Pool Messaging
- 52. Router • Responsible to route requests to – User apps – External-facing components • Cloud Controller • UAA
- 53. Application Routing Messaging
- 54. Application Routing Router Messaging
- 55. Application Routing Router url è host:port DEA Messaging
- 56. Application Routing HTTP Router url è host:port DEA Messaging
- 57. Application Routing HTTP Nginx (+Lua extension) Locator Services Router url è host:port DEA Messaging
- 58. Application Routing HTTP Nginx (+Lua extension) Locator Services Router url è host:port DEA Messaging
- 60. Cloud Foundry Inner Shell and Up Developers Users Routers CloudControllers Stagers App App Execution Agents Services (DEA) Pool Messaging
- 61. Cloud Foundry Inner Shell and Up Developers Users Routers CloudControllers Stagers App App HealthManager Execution Agents Services (DEA) Pool Messaging
- 62. Health Manager § Expected state: • Cloud Controller § Current state: • DEAs § Current state ç Expected state
- 64. UAA • Centralized Identity Management – Authenticates users from multiple sources – Presents a single standard protocol for consumers • User Account Management • Client Application Registration • OpenID Connect and Oauth2 – delegated authorization – Uses Spring Security
- 65. Oauth2 for Cloud Foundry CF Portal Client Cloud controller User Resource server Resource owner UAA Identity provider
- 66. Oauth2 for Cloud Foundry Who is this user What is he/she requesting Do I have the necessary authorization Accesses the portal CF Portal Client Cloud controller User Resource server Resource owner UAA Identity provider
- 67. Oauth2 for Cloud Foundry Who is this user What is he/she requesting Do I have the necessary authorization Accesses the portal CF Portal Client Authenticate me Assert - Portal can only Cloud controller User read my apps Authenticates user Resource server Resource owner Issues authorization code UAA Identity provider
- 68. Oauth2 for Cloud Foundry Who is this user What is he/she requesting Do I have the necessary authorization Accesses the portal CF Portal Client Redirect user along with the authcode Authenticate me Assert - Portal can only Cloud controller User read my apps Authenticates user Resource server Resource owner Issues authorization code UAA Identity provider
- 69. Oauth2 for Cloud Foundry Who is this user What is he/she requesting Do I have the necessary authorization Accesses the portal CF Portal Client Redirect user along with the authcode Exchange authcode for an access token Authenticate me Assert - Portal can only Cloud controller User read my apps Authenticates user Resource server Resource owner Issues authorization code Issue access token scoped to cloud_controller.apps.read UAA Identity provider
- 70. Oauth2 for Cloud Foundry Who is this user What is he/she requesting Do I have the necessary authorization Present token containing Accesses the portal CF Portal cloud_controller.apps.read Client Redirect user along with the authcode Exchange authcode for an access token Authenticate me Assert - Portal can only Cloud controller User read my apps Authenticates user Resource server Resource owner Issues authorization code Issue access token scoped to cloud_controller.apps.read UAA Identity provider
- 72. Cloud Foundry Inner Shell and Up Developers Users Routers CloudControllers Stagers App App HealthManager Execution Agents (DEA) Pool Messaging
- 73. Cloud Foundry Inner Shell and Up Developers Users Routers CloudControllers Stagers App App HealthManager Execution Agents Services (DEA) Pool Messaging
- 74. Service Provisioning • Service Gateway – Provisions and unprovisions services – Advertise service availability to CloudController • Service Nodes – Runs actual services – Scale independently
- 75. Access to services info VCAP_SERVICES: {! "postgresql-9.0": [{! "name": "env-postgresql",! "label": "postgresql-9.0",! "plan": "free",! "credentials": {! "name": "de24667f9344b4eeaad6b5a2326d52faa",! "host": "172.30.48.122",! "port": 5432,! "user": "u50ce600bba434bacbc99e034bb415644",! "password": "pf4dca5bd449d4732841f0c4ae3f299d0"! }! }]! }!
- 76. Operating Cloud Foundry The Outer Shell
- 77. Production Grade Cloud Foundry Clusters cloudfoundry.com § 500 – 5,000 VMs § 40+ unique node types § 75+ unique software packages § 2x/week cf.com updates § 24x7x365 non-stop operation § No-downtime deployments § Reliable, robust, repeatable deployments, updates, capacity adjustments § Small teams manage many production, staging, stress, qa, instances dev
- 78. What is BOSH? github.com/cloudfoundry/bosh Service Evolution Technology for Operating Cloud Foundry in Production Environments Automated Virtual Infrastructure • At Cloud Scale • Abstracted using a Cloud Provider Interface (CPI) Software Deployment, Configuration and Updates • Optimized to Minimize Downtime • Support for multiple VM roles Repeatable Process • Release Management with Versioning Active Monitoring and Alerting BOSH has been used to run CloudFoundry.com since launch
- 79. Cloud Foundry “BOSH” – Concepts "BOSH"
- 80. Cloud Foundry “BOSH” – Concepts Stemcell • Base OS • “BOSH” Agent "BOSH"
- 81. Cloud Foundry “BOSH” – Concepts Stemcell Release • Base OS • Name • “BOSH” Agent Jobs • Software Packages • Configuration Templates • Scripts "BOSH" Software Packages • Externally developed s/w • Internally developed s/w
- 82. Cloud Foundry “BOSH” – Concepts Deployment Manifest Stemcell Release • Release name and version • Base OS • Name • # VMs, params for each Job • “BOSH” Agent • Stemcells to use Jobs • Software Packages • Configuration Templates • Scripts "BOSH" Software Packages • Externally developed s/w • Internally developed s/w
- 83. Cloud Foundry “BOSH” – Concepts Deployment Manifest Stemcell Release • Release name and version • Base OS • Name • # VMs, params for each Job • “BOSH” Agent • Stemcells to use Jobs • Software Packages • Configuration Templates • Scripts "BOSH" Software Packages • Externally developed s/w • Internally developed s/w
- 84. Cloud Foundry “BOSH” – Concepts Deployment Manifest Stemcell Release • Release name and version • Base OS • Name • # VMs, params for each Job • “BOSH” Agent • Stemcells to use Jobs • Software Packages • Configuration Templates • Scripts "BOSH" Software Packages • Externally developed s/w • Internally developed s/w Environment Configuration Software Packages Stemcell
- 85. Rolling Update of a Stateless Component Incoming HTTP Incoming HTTP Incoming HTTP Requests Requests Requests Router Router Router Create Create Cloud Cloud Cloud Cloud Cloud Controller Controller Controller Controller Controller v1 v1 v2 v1 v2 Message Bus Message Bus Message Bus Starting with v1 Deploy a v2 VM If it works, add more v2 VMs (canary) VMs...
- 86. Example: Rolling Update of a Stateless Component Incoming HTTP Incoming HTTP Requests Router / LB Requests LB Router / End Result: We upgraded from v1 Destroy Create to v2 with no downtime by Cloud Cloud Cloud building new VMs and Controller Controller Controller v1 v2 v2 destroying old ones Message Bus Message Bus … while removing v1 … until all VMs are VMs… v2
- 87. Deployment § Parallel § Canaries § Eventual consistency
- 88. Under the Hood § Components • Director • Agent • CLI § Stemcell
- 89. Code Change
- 90. VM Update
- 91. VM Update
- 92. Cloud Provider Interface • Abstracts infrastructure – Stemcells • VM template – VMs – Disks – Networks
- 93. IaaS neutral by design vSphere: battle tested implementation, thousands of deployments CPI: code complete vCloud Director: “work in progress”, 2H 2012 functional status: “work in progress” Cloud Foundry BOSH Cloud Provider Interface (CPI) contribute: github.com/cloudfoundry/bosh
- 94. CPI Providers
- 95. Learn More. Stay Connected. Twitter • http://twitter.com/cloudfoundry • http://twitter.com/ramnivas Sign up online at cloudfoundry.com • Website: http://cloudfoundry.org • Blog: http://blog.cloudfoundry.com and http://blog.cloudfoundry.org • GitHub: http://github.com/cloudfoundry • YouTube: http://youtube.com/cloudfoundry
- 96. Questions?
- 97. Cloud Foundry Architecture Ramnivas Laddad @ramnivas © 2012 SpringOne 2GX. All rights reserved. Do not distribute without permission.