Project

General

Profile

Task #6869

Updated by Nico Schottelius almost 5 years ago

{{toc}} 

 h2. Introduction 

 For proper growth and stability, we need to challenge our setup. We will try to replace opennebula with ucloud and at the same time challenge OpenStack. 

 This is not only a technical, but also a public project, which Sanghee will write the public story of. 

 ucloud supports IPv6 first and might only support IPv4 via NAT64 or proxying. 

 h2. General Requirements: 

 * a fully portable cloud management system that is API based, exposes all internals w/o secret keys 
 ** supporting console via guacamole 
 ** users in ldap 
 ** api authentication in ungleich-otp 
 ** firewalling in ufirewall (or similar) 
 * A great team 
 * To be built in less than 100 days 


 h2. Technology stack 

 * python3 
 ** easy to read 
 * flask 
 ** easy to understand 
 * ldap 
 ** well known 
 * ungleich-otp 
 ** for API authentication 
 * etcd 
 ** storing VMs, networks, etc. 
 * nft (Linux), pf (BSD) 
 * JSON 
 ** describing the data, easy to handle 
 * Prometheus 
 ** For monitoring hosts and VMs 
 * VXLAN 
 ** For networks 

 h2. Technical requirements 

 * ucloud should be portable 
 ** While the primary target is Linux, it should run on FreeBSD/OpenBSD as well 
 * There should be no single point of failure 
 ** APIs should be announced via BGP to the routers 
 ** Switches will then use ECMP to load balance 
 ** All APIs write to a distributed data store (v1: etcd) -> all data is distributed, too. 
 * Fast dead host detection 
 ** Dead hosts should be detected fast, VMs should be rescheduled fast 


 h2. Components 

 h3. Scheduler 

 The scheduler knows about hosts, their capacities and their usage. The scheduler decides which VM gets scheduled where. The scheduler is also responsible for rescheduling VMs (f.i. due to another host becoming better for a specific VM). 

 h3. VM manager 

 Starts and stops VMs. Reacts on information from the scheduler. This component needs to support qemu on Linux and bhyve and co. on OpenBSD/FreeBSD. 

 h3. Network manager 

 Creates and manages virtual layer 2 networks. Basically does the following: 

 * Create VXLAN with correct IPv6 multicast address 

 h3. IPAM 

 Network address manager. Provides dhcpd/dhcp6d/router advertisements. 

 h3. Legacy IP supporter Metadata 

 For Provides access to to  

 * public ssh keys 
 * other data users who require legacy IP (IPv4), add a  

 provide 


 h3. Firewall 

 The VMs should not be able to interfere with other VMs or hosts in a malicious way. The following protective measures need to be implemented: 

 * prevent dhcpd answers in public networks 
 * prevent router advertisements in public networks 
 * prevent VM from using incorrect mac address 
 * prevent VM from using incorrect ipv6 addresses 


 

 Note to Nico: ping reyk for possible involvement 


 h3. Metadata 

 Provides access to to  

 * public ssh keys 
 * other data users provide 

 h3. Payment service 

 If a user requests a service and the service is not free, the user will be asked to pay for it. 

Back