You are browsing a read-only backup copy of Wikitech. The live site can be found at wikitech.wikimedia.org

Portal:Cloud VPS/Infrastructure: Difference between revisions

From Wikitech-static
Jump to navigation Jump to search
imported>John Erling Blad
imported>Arturo Borrero Gonzalez
(drop references to main)
Line 8: Line 8:


== Cloud VPS Eqiad (Ashburn, VA) ==
== Cloud VPS Eqiad (Ashburn, VA) ==
=== Regions ===
We have one region: <code>eqiad1-r</code> (also referred to as <code>eqiad1</code>).
The <code>eqiad</code> name is based on the [[Infrastructure_naming_conventions#Server_clusters|naming convention]] for clusters.


=== Horizon ===
=== Horizon ===
Line 15: Line 21:
Horizon is hosted on labweb1001.wikimedia.org and labweb1002.wikimedia.org and can be accessed at https://horizon.wikimedia.org.
Horizon is hosted on labweb1001.wikimedia.org and labweb1002.wikimedia.org and can be accessed at https://horizon.wikimedia.org.


Individual user accounts on WMCS can also be created via Striker which is at https://toolsadmin.wikimedia.org.  Currently any account created there is automatically added to the Tools project.
Individual user accounts on WMCS can also be created via Striker which is at https://toolsadmin.wikimedia.org.  Currently, any account created there is automatically added to the Tools project.


=== Controller ===
=== Controller ===


The OpenStack controller box (currently named 'labcontrol1001') runs the Glance and Keystone services, as well as nova-conductor and nova-scheduler.  It is also the preferred place to access the OpenStack command-line client.
The OpenStack controller box <code>cloudcontrol1003</code> runs the Glance and Keystone services, as well as nova-conductor and nova-scheduler.  It is also the preferred place to access the OpenStack command-line client.


A second server, labcontrol1002, serves as a hot spare for labcontrol1001.
A second server, <code>cloudcontrol1004</code> is present as well.


=== Network ===
=== Network ===


The network node ('labnet1001') hosts the nova-network service.  We currently run a single cloud-wide network that supports all lab nodes and projects.  In the near future we will move to [http://docs.openstack.org/developer/neutron/ Openstack Neutron] for our network setup.
In the <code>eqiad1-r</code> region, we use [http://docs.openstack.org/developer/neutron/ Openstack Neutron] which runs on servers <code>cloudnet1003</code> and <code>cloudnet1004</code>.
 
Labnet1001 also hosts the nova-api service.
 
Labnet1002 serves as a hot-spare for labnet1001.  Switching network service between the two hosts causes cloud-wide network downtime and requires several [[Portal:Cloud_VPS/Admin/Troubleshooting#Fail-over | delicate steps]].


=== Virtualization ===
=== Virtualization ===


There are currently 22 virtualization nodes, named labvirt1001-1022, all running in eqiad:
See the [[Portal:Cloud VPS/Admin/Deployments|deployments]] page for a list of hypervisors per region and their current status.


* 1001-1009 are high-powered multi-CPU [[HP_DL380p | HP servers]]; each of them hosts dozens of virtual machines.
Cloudvirt hosts (also known as hypervisors) are pooled or depooled using the <code>profile::openstack::eqiad1::nova::scheduler_pool</code> key in Puppet Hiera.
* 1010-1022 are similar to 1001-1009 but with large SSD raids.
* 1019 and 1020 are used to host VMs that are themselves part of the Cloud infrastructure (e.g. database servers).
* Some labvirts (as of 2015-05-10, labvirt1018, 1021, and 1022) are always reserved as emergency spares; we try to keep around 10% excess capacity at all times.
 
Labvirt hosts can be pooled or depooled in Puppet Hiera using the profile::openstack::main::nova::scheduler_pool setting.


=== Storage ===
=== Storage ===


Some VPS projects use shared NFS storage; most do not. Options for each project are:
Most Cloud VPS projects do not use shared NFS storage. If they need NFS, these are the available options:


* Each member of a project has a project-wide shared home directory.
* Each member of a project has a project-wide shared home directory.
* The project has a public shared volume, generally mounted to /data/project
* The project has a public shared volume, generally mounted to /data/project


All of the above are hosted on various NFS servers, labstore1xxx.
All of the above are hosted on various NFS servers (labstore* and cloudstore*).
 
=== Monitoring ===


=== monitoring ===
Most OpenStack-related services are monitored in Icinga just like other production services.
Most OpenStack services and related things are monitored in icinga just like other production services.


VMs in the 'Tools' and 'Deployment-Prep' projects are monitored with [http://shinken.wmflabs.org Shinken].
VMs in the <code>tools</code> and <code>deployment-prep</code> projects are monitored with [http://shinken.wmflabs.org Shinken].


=== ldap ===
=== LDAP ===


Ldap is used for services throughout the WMF; the same Ldap database keeps track of project management and ssh keys for logins on VPS servers.  Ldap is hosted on seaborgium and neptunium; The LDAP server software is openldap.
LDAP is used for services throughout the WMF. The same LDAP database keeps track of project management and SSH keys for logins on VPS servers.  LDAP is hosted on seaborgium and neptunium; The LDAP server software is OpenLDAP.


Each CPS instance has an /etc/ldap.conf file (managed by puppet) that maintains info about the ldap servers.
Each Cloud VPS instance has an <code>/etc/ldap.conf</code> file (managed by Puppet) with setting on how to access the LDAP servers.


=== dns ===
=== DNS ===


[[Portal:Cloud_VPS/DNS|DNS]] is handled by PowerDNS.  Private DNS entries (e.g. foo.eqiad.wmflabs) are created via Designate Sink and stored in a PDNS server using a mysql backend.  Public DNS entries are created via Horizon and the designate API.
[[Portal:Cloud_VPS/DNS|DNS]] is handled by PowerDNS.  Private DNS entries (e.g. foo.eqiad.wmflabs) are created via Designate Sink and stored in a PDNS server using a MySQL backend.  Public DNS entries are created via Horizon and the Designate API.


[[File:Wmcs dns.pdf|thumb|DNS in WMCS]]
[[File:Wmcs dns.pdf|thumb|DNS in WMCS]]

Revision as of 13:25, 3 June 2019

Cloud VPS is a virtualization cloud that uses OpenStack Compute. Base images are managed with Glance and authentication uses LDAP-backed Keystone.

Cloud VPS currently runs in a single datacenter in Ashburn, Virginia. In the future it will span two or more datacenters, with a slightly different configuration in each.

For troubleshooting immediate issues, visit Portal:Cloud_VPS/Admin/Troubleshooting.

File:OpenStack at WMCS.pdf

Cloud VPS Eqiad (Ashburn, VA)

Regions

We have one region: eqiad1-r (also referred to as eqiad1).

The eqiad name is based on the naming convention for clusters.

Horizon

Most users will manage their virtual servers using Horizon. Horizon is an upstream OpenStack web interface for the OpenStack APIs. Our Horizon site also includes several custom dashboards to access special WMCS features not available in stock Horizon.

Horizon is hosted on labweb1001.wikimedia.org and labweb1002.wikimedia.org and can be accessed at https://horizon.wikimedia.org.

Individual user accounts on WMCS can also be created via Striker which is at https://toolsadmin.wikimedia.org. Currently, any account created there is automatically added to the Tools project.

Controller

The OpenStack controller box cloudcontrol1003 runs the Glance and Keystone services, as well as nova-conductor and nova-scheduler. It is also the preferred place to access the OpenStack command-line client.

A second server, cloudcontrol1004 is present as well.

Network

In the eqiad1-r region, we use Openstack Neutron which runs on servers cloudnet1003 and cloudnet1004.

Virtualization

See the deployments page for a list of hypervisors per region and their current status.

Cloudvirt hosts (also known as hypervisors) are pooled or depooled using the profile::openstack::eqiad1::nova::scheduler_pool key in Puppet Hiera.

Storage

Most Cloud VPS projects do not use shared NFS storage. If they need NFS, these are the available options:

  • Each member of a project has a project-wide shared home directory.
  • The project has a public shared volume, generally mounted to /data/project

All of the above are hosted on various NFS servers (labstore* and cloudstore*).

Monitoring

Most OpenStack-related services are monitored in Icinga just like other production services.

VMs in the tools and deployment-prep projects are monitored with Shinken.

LDAP

LDAP is used for services throughout the WMF. The same LDAP database keeps track of project management and SSH keys for logins on VPS servers. LDAP is hosted on seaborgium and neptunium; The LDAP server software is OpenLDAP.

Each Cloud VPS instance has an /etc/ldap.conf file (managed by Puppet) with setting on how to access the LDAP servers.

DNS

DNS is handled by PowerDNS. Private DNS entries (e.g. foo.eqiad.wmflabs) are created via Designate Sink and stored in a PDNS server using a MySQL backend. Public DNS entries are created via Horizon and the Designate API.

File:Wmcs dns.pdf

Retrieved from "https://wikitech-static.wikimedia.org/w/index.php?title=Portal:Cloud_VPS/Infrastructure&oldid=309659"