An Experiment in Data Centre Automation

An Experiment in Data Centre

Automation

SmartFrog Dependency-Based Orchestration and Model Distribution

Patrick Goldsack, Andrew Farrell, Paul Murray, Peter Toft

HP Laboratories, Bristol

SmartFrog is…

A framework for describing, deploying and managing

distributed live-model management components.

•A description

language

for describing live models

•A

runtime

for realising the model descriptions

•A

component model

for defining live model components

•Predefined

components

to model specific things

sfConfig extends WebService { WebServer extends Apache {

port 8080; }

AppServer extends Jboss; }

Live Models

live model

reality

may pre-exist (physical) or be created when model is created (virtual, software)

management relationship: •create, configure, modify, monitor, terminate, recover •co-located & shared fate or remote & resilient

models are:

•fine-grained compositional representations of desired and actual reality

•components collaborate to achieve state, including coordination of actions •components may provide APIs for interactions

The Context

DB backend

Abstract Problem

peer-to-peer federated management systems security domains no central point for management

Abstract Problem

Orchestration of

virtual machine creation

virtual network endpoint management virtual storage element management

Abstract Problem

Orchestration of software and service configuration

Distributed Automation Framework

•

A set of technologies aimed at providing

model-based orchestration in a distributed context

•

Break into two aspects:

−

Federation of management systems:

model exchange

−

Orchestration within a management system:

compositional fine-grained

live state models

overlaid

with

dependencies

•

Based on, and extends, SmartFrog runtime and

Federated Models

resource manager model injector model projector …

federation protocol endpoint

storage manager model yyy model xxx model VM0 model _model model

communications security and model-data provenance required.

VM0 model VM0

model

distribution through protocols with differing semantics for consistency

Security Issues

•

How do we authenticate model data?

•

signing

•

network layer

•

How do we delegate distribution?

•

signing that survives transformation

•

How do we guarantee model data freshness?

Local Orchestration

model

actuators or scripts parameterised live dependency model templates fine-grained live state components dependencies transform models create templates deploy/update/terminate interact with low-level actuators read/write model model data

injectors & projectors

protocol end-points

Live Models with Dependencies

•

Define live models with their live components

managing “reality”

•

Consider the states through which these live

components can transition

•

Consider pre-conditions for these transitions

−

e.g. dependencies on other components having already

transitioned to new states

•

Guard the live components with the

pre-conditions

−

Relevant for certain transitions

Example

size 500; create (targetVolumeState = “volCreated”); status “volNotCreated”;

targetVolumeState “volCreated”;

targetVMState “vmCreated”;

on by relevant  (targetVMState = “vmCreated”) enabled  (on:status = “volCreated”) memory 512; OS “win XP sp2”; install (targetVMState = “vmCreated”); status “vmNotCreated”; on by relevant  (targetVolumeState = “volNotCreated”) enabled  (on:status = “vmNotCreated”)

VM

volume

Example – Component View

!created Vol created _!created VM created

Properties

•

Composition of models

•

Abstraction and structural hiding

Model Checking SF Orchestrations

•

Models checked for safety and liveness

conditions

−

essential for confirming intuition of model authors

−

check for absence of deadlock, and

−

arbitrary domain-dependent conditions as CTL/LTL

propositions on component/model state, for example:

•

G(Xos:installed 

vm:created)

For the os to be installed, the vm must have already been created

•

Done at model parsing stage, prior to deployment

•

Uses NuSMV model checker

CMDB

CMDB

actuators or scripts parameterised live dependency model templates transform models create templates deploy/update/terminate interact with low-level actuators read/write model fine-grained live state components dependencies

Example 2

create (state in {“installed”, ”prepared”}) memory service:vm:mem; status “pending”; MAC “”; install (state in {“installed”, ”prepared”} ) os service:OS; MAC VM:MAC; installed false;

install (state in {“installed”}); package service:name; installed false; software OS VM Radia HP VMM

four possible desired states:

ready: components launched, no action

prepared: VM created, OS installed, no Application installed: VM created, OS and Application both installed removed: uninstall and the model removed

service extends {memory 512; name “apache”; OS “winXP”;} desiredState “installed”;

Example 2

create (state in {“installed”, ”prepared”}) memory service:vm:mem; status “pending”; MAC “”; install (state in {“installed”, ”prepared”} ) os service:OS; MAC VM:MAC; installed false;

install (state in {“installed”}); package service:name; installed false; software OS VM Radia HP VMM

service extends {memory 512; name “apache”; OS “winXP”;} desiredState “installed”;

state desiredState;

enabled 

on:status == “created” relevant 

Example 2

create (state in {“installed”, ”prepared”}) memory service:vm:mem; status “pending”; MAC “”; install (state in {“installed”, ”prepared”} ) os service:OS; MAC VM:MAC; installed false;

install (state in {“installed”}); package service:name; installed false; software OS VM Radia HP VMM

service extends {memory 512; name “apache”; OS “winXP”;} desiredState “installed”;

state desiredState;

enabled 

on:status == “created”

relevant 

state in {“installed”, “prepared”}

relevant 

state in {“installed”}

enabled  on:installed

Example 2

create (state in {“installed”, ”prepared”}) memory service:vm:mem; status “pending”; MAC “”; install (state in {“installed”, ”prepared”} ) os service:OS; MAC VM:MAC; installed false;

install (state in {“installed”}); package service:name; installed false; software OS VM Radia HP VMM

service extends {memory 512; name “apache”; OS “winXP”;} desiredState “installed”;

state desiredState;

enabled 

on:status == “created”

relevant 

state in {“installed”, “prepared”}

relevant 

state in {“installed”}

enabled  on:installed

relevant 

state in {“removed”, “ready”} enabled !on:installed

enabled !on:installed relevant 

Example 2

create (state in {“installed”, ”prepared”}) memory service:vm:mem; status “pending”; MAC “”; install (state in {“installed”, ”prepared”} ) os service:OS; MAC VM:MAC; installed false;

install (state in {“installed”}); package service:name; installed false; software OS VM Radia HP VMM

service extends {memory 512; name “apache”; OS “winXP”;} desiredState “installed”;

state desiredState;

enabled 

on:status == “created”

relevant 

state in {“installed”, “prepared”}

relevant  state in {“installed”} enabled  on:installed enabled !on:installed relevant 

state in {“removed”, “ready”}

relevant 

state in {“removed”, “ready”}

enabled !on:installed

relevant 

state in {“removed”} enabled  !on:created

Example 2 with failure handling

create (state in {“installed”, ”prepared”}) memory service:vm:mem; status “pending”; MAC “”; install (state in {“installed”, ”prepared”} ) os service:OS; MAC VM:MAC; installed false;

install (state in {“installed”}); package service:name; installed false; software OS VM Radia HP VMM

service extends {memory 512; name “apache”; OS “winXP”;} desiredState “installed”;

state (IF VM:status == “failed” THEN “ready” ELSE desiredState FI;

enabled 

on:status == “created”

relevant 

state in {“installed”, “prepared”}

relevant  state in {“installed”} enabled  on:installed enabled !on:installed relevant 

state in {“removed”, “ready”}

relevant 

state in {“removed”, “ready”}

enabled !on:installed

relevant 

state in {“removed”}

As SmartFrog Orchestration Model

ManageAppDeployment extends Model {

service extends StateComponent { dstate ...; ...}; vm extends StateComponent {

tCreate extends Transition {

dependency "!created && (service:dstate == installed || ...prepared)"; statefunction extends {status "created";}

} ... status “pending”; memory service:memory; MAC "xxx"; } os extends StateComponent {...}; app extends StateComponent {...};

sfTerminateCondition “service:dstate == removed && !vm:status == created“; } StateComponents Dependency condition Orchestration State Non-orchestration state



Model Termination Condition StateComponents



Transition

State function determines next values for attributes

Modelling

•

Data, not functional

•

Aggregation

•

Prototyping

•

Linking

•

Functions

•

Delayed binding

•

Assertions and

Schemas

•

Constraints

Define: • configuration data • system composition • templates • parameterisation Imagine:

…a syntactically simpler and semantically richer equivalent to

Modelling

•

Data, not functional

•

Aggregation

•

Prototyping

•

Linking

•

Functions

•

Delayed binding

•

Assertions and

Schemas

•

Constraints

WebServer extends { portNumber 80; maxThreads 50; vDirectories extends { pages “/usr/local/pages”; cgi “/usr/local/cgi”; photos “/usr/photos”; } }

Modelling

•

Data, not functional

•

Aggregation

•

Prototyping

•

Linking

•

Functions

•

Delayed binding

•

Assertions and

Schemas

•

Constraints

WebServer extends { … } System extends {

server1 extends WebServer { portNumber 8080;

}

server2 extends WebServer { maxThreads 10;

sfProcessHost “s2.hp.com” }

Modelling

•

Data, not functional

•

Aggregation

•

Prototyping

•

Linking

•

Functions

•

Delayed binding

•

Assertions and

Schemas

•

Constraints

WebServer extends { … } LoadBAlancer extends { … } System extends {

server extends WebServer { portNumber 80; } lb extends LoadBalancer { sPort server:portNumber; } }

Modelling

•

Data, not functional

•

Aggregation

•

Prototyping

•

Linking

•

Functions

•

Delayed binding

•

Assertions and

Schemas

•

Constraints

System extends { port 80;

server1 extends WebServer { portNumber port;

}

server2 extends WebServer { portNumber (port + 1); }

}

anotherSystem extends System {

port 8080; }

Modelling

•

Data, not functional

•

Aggregation

•

Prototyping

•

Linking

•

Functions

•

Delayed binding

•

Assertions and

Schemas

•

Constraints

System extends {

port LAZY PROPERTY webport;

server1 extends WebServer { portNumber port;

}

server2 extends WebServer { portNumber (port + 1); }

Modelling

•

Data, not functional

•

Aggregation

•

Prototyping

•

Linking

•

Functions

•

Delayed binding

•

Assertions and

Schemas

•

Constraints

WebService extends { noWebServers TBD; noAppServers TBD;

cardinalities extends Assertions { web (noWebServers > 0); app ((noAppServers > 0) &

(noAppServers < 5)); all ((noWebServers +

noAppServers) < 10); }

}

aWS extends WebService { noWebServers 2;

noAppServers 6; }

 

Modelling

•

Data, not functional

•

Aggregation

•

Prototyping

•

Linking

•

Functions

•

Delayed binding

•

Assertions and

Schemas

•

Constraints

A prototype capability… aSystem extends { x VAR; y VAR; z VAR; } #suchThat# x :: [1..3], y :: [2..5], z :: [1..2], allDifferent([x,y,z]) #

mySystem extends aSystem { x 2;

access tier web tier application tier database tier edge routers routing switches authentication, DNS, intrusion detect, VPN 1st level firewall 2nd level firewall load balancing switches web servers web page storage

(NAS) database SQL servers storage area network (SAN) application servers files (NAS) switches switches min/max no. of web servers

min no. of app servers specific EJB’s size of data, no. of tables Template parameters transaction rate response times

constructed from templates for web server

application server …

prototyping and aggregation example of multiple domains (sub-)system templates require

strong notion of validation collections of sub-templates are

a common feature

Deployment

appServer extends Jetty { db LAZY database; log LAZY logging; }

appServer

logging extends Log { level = 3;

dir = “/logs”; logging

database extends MySql { log LAZY logging;

users [ [“web, “”] [“admin”, “secReT”] ]; } database log _log db

System extends Compound { logging extends …;

database extends …; appServer extends …; }

Anubis: A Model Federation Protocol

Anubis

System Components

Anubis servers use UDP multicast to:

discover other nodes

time pair-wise communication

determine partitions and stability properties

Comp

Anubis Model Transfer

Anubis

System Components

X = { information }

X = { information }

Listener

Wants to

know X

Provider

knows X

Anubis servers establish TCP connections on demand to communicate time-sensitive messages

Leader election determines placement of location service: servers register provider and listener names locator binds providers and listeners

providers push model values to listeners

Comp

Comp

Content

•

Context: the Trusted Virtualised Data Centre

−

Understand the management system requirements

•

Model Federation

−

An approach to distributed management

•

Live Models

−

How this differs from task-based management

•

Dependencies