OpenShift Origin Internals
6 likes1,744 views
The document outlines the architecture and functionalities of OpenShift, a PaaS that operates on various infrastructure platforms like Amazon EC2 and OpenStack. It describes components like brokers, nodes, gears, and cartridges, as well as the communication methods and scaling options available. Additionally, it provides resources for community engagement and contributing to OpenShift's development.
OpenShift Origin Internals
- 1. OpenShift Community Day Internals Bill DeCoste Principal Software Engineer wdecoste@redhat.com 1
- 2. RUNS ON IaaS OpenShift Origin is a PaaS that runs on top of..... Infrastructure Amazon EC2 Rackspace Bare Metal OpenStack RHEV VMWare 2
- 3. BROKER An OpenShift Broker can manage multiple node hosts. Nodes are where User Applications live. Fedora/RHEL Fedora/RHEL Fedora/RHEL Brokers Node Node 3
- 4. BROKER The Broker is responsible for state, DNS, and authentication. 4
- 5. SELINUX SELinux Policies securely subdivide the Node instances. Fedora/RHEL Fedora/RHEL Brokers Node Node 5
- 6. GEARS OpenShift GEARS represent secure containers in RHEL Fedora/RHEL Fedora/RHEL Brokers Node Node 6
- 7. CARTRIDGES Web Console Eclipse IDE Cmd Line MYSQL JBOSS Fedora/RHEL Fedora/RHEL Brokers Node Node 7
- 8. CARTRIDGES Java MySQL PHP Postgres CUSTOM Python Etc. Ruby Etc. OpenShift Default Cartridges 8
- 9. SCALING HA-Proxy Code Code Code Java Java Java RHEL MySQL 9
- 10. COMMUNICATION Communication from external clients occurs through the REST API The Broker then communicates through the messaging service to nodes 10
- 11. HTTP FLOW 11
- 13. Easy to install on Fedora 18 ● Using Vagrant and Puppet ● http://www.krishnaraman.net/installing-openshift-origin-using-vagrant-and-puppet/ Also install on Fedora 17 ● Using kickstart ● http://www.krishnaraman.net/building-a-multi-node-openshift-origin-paas-from- source/ 13
- 14. GET INVOLVED! CHANNELS ● G+ Community https://plus.google.com/communities/114361859072744017486 ● E-Mail ● OpenShift Users: users@lists.openshift.redhat.com ● Origin Developers: dev@lists.openshift.redhat.com ● IRC: irc.freenode.net ● OpenShift Users: #openshift ● Origin Developers: #openshift-dev 14
- 15. GET INVOLVED! CHANNELS ● Forums http://openshift.redhat.com/community/forums/openshift ● Blogs https://openshift.redhat.com/community/blogs/ http://mattoncloud.org/ http://www.billdecoste.net http://www.krishnaraman.net http://cloud-mechanic.blogspot.com 15
- 16. GET INVOLVED! OPENSOURCE ● GitHub: https://github.com/openshift ● Origin: origin-server ● Internal Extensions: li ● OSE: enterprise-server ● Community Cartridges: origin-community-cartridges ● https://github.com/jwhonce/origin-server/tree/dev/cartridge_refactor ● Quickstarts, Examples ● Watch, Star, Contribute!!! 16
Editor's Notes
- #10: And, once the application is launched within the OpenShift PaaS, OpenShift provides the elasticity expected in a Cloud Application Platform by automatically scaling the application as needed to meet demand. When created, applications can be flagged as “Scalable” (some apps may not want to be scaled). When OpenShift sees this flag, it creates an additional Gear and places an HA-Proxy software load-balancer in front of the application. The HA-Proxy then monitors the incoming traffic to the application. When the number of connections to the application crosses a certain pre-defined threshold, OpenShift will then horizontally scale the application by replicating the application code tier of the application across multiple Gears. For JBoss applications, OpenShift will scale the application using JBoss Clustering which allows stateful or stateless applications to be scaled gracefully. For Ruby, PHP, Python, and other script-oriented languages, the application will need to be designed for stateless scaling where the application container is replicated across multiple gears. The Database tier is not scaled in OpenShift today. Automatic application scaling is a feature that is unique to OpenShift among the popular PaaS offerings that are out there. Automatic scaling of production applications is another example of how OpenShift applies automation technologies and a cloud architecture to make life better for both IT Operations and Development. <next slide>
- #12: OpenShift Origin - Port Proxy Linux handles the loopback interface's 127.0.0.0/8 address block specially: A request from an address in this block can only go to an address in the same block (put another way, a connection on the loopback interface is confined to the loopback interface). OpenShift uses this fact to contain hosted applications: a gear is prohibited by iptables from listening on an external network interface, and so a given gear can only respond to connections that come from processes on the same node. For the common case of Web connections, the system Apache instance acts as a reverse proxy, forwarding requests that come in on the external interface to the appropriate 127.x.y.z address; see the documentation on the node component. However, sometimes gears need to accept other types of connections. The two most common such scenarios are the following: A gear needs to connect to another gear (which may be on the same node or another node). A gear needs to listen for connections on a public interface besides HTTP connections to port 80. For example, a game server needs to expose a port to receive incoming connections from clients, and a database needs to expost a port so that other gears can connect to it. To meet these needs, OpenShift uses haproxy to proxy TCP connections between an external-facing network interface and the loopback interface. Each gear is assigned five exposable ports, and the gear may establish a forwarding rule for each of these ports to forward connections on the the port on the external interface to an arbitrary port on the gear's assigned loopback address. To provide haproxy with adequate ports, we shift the ephemeral port range down to 15000-35530, so that Linux will not use ports outside of this range for connections for which no port is given explicitly. This means that ports 35531-65535 will be available for haproxy's exclusive use. Note: Given that each gear is assigned 5 ports, this imposes a limit of 6000 gears per node. The interaction with haproxy is implemented on the cartridge side in cartridges/openshift-origin-cartridge-abstract/abstract/info/lib/network and: OpenShift Origin - Node Component Hosted applications are run in containers called "gears." These gears are run on hosts (which can be physical hosts or virtual machines) called "nodes." Each node runs a system Apache instance with mod_proxy that listens on port 80 on a public-facing network interface. Each gear is assigned an address in the 127.0.0.0/8 block, and a hosted Web application listens on port 8080 on its assigned private 127.x.y.z address. When a Web client requests a URL for a hosted Web application, the request goes to the node's system Apache instance. The system Apache instance examines the virtual-host header (the "Host:" HTTP header) and dispatches the request to the 127.x.y.z:8080 private address of the appropriate gear. For an explanation of how connections other than regular HTTP connections are handled, see the documentation on the port-proxy.