Master of Science in Telecommunication Systems October 2017 Enhancing OpenStack clouds using P2P technologies Robin Philip Joseph Faculty of Computing Blekinge Institute of Technology SE371 79 Karlskrona, Sweden This thesis is submitted to the Faculty of Computing at Blekinge Institute of Technology in partial fulllment of the requirements for the degree of Master of Science in Telecommunication Systems. The thesis is equivalent to 20 weeks of full time studies. Contact Information: Author: Robin Philip Joseph E-mail: [email protected] University advisor: Dr. Kurt Tutschku Department of Computer Science (DIDD) Faculty of Computing Internet : www.bth.se Blekinge Institute of Technology Phone : +46 455 38 50 00 SE371 79 Karlskrona, Sweden Fax : +46 455 38 50 57 Abstract It was known for a long time that OpenStack has issues with scal- ability. Peer-to-Peer systems, on the other hand, have proven to scale well without signicant reduction of performance. The objectives of this thesis are to study the challenges associated with P2P-enhanced clouds and present solutions for overcoming them. As a case study, we take the architecture of the P2P-enhanced OpenStack implemented at Ericsson that uses the CYCLON P2P protocol. We study the OpenStack architecture and P2P tech- nologies and nally propose solutions and provide possibilities in addressing the challenges that are faced by P2P-enhanced Open- Stack clouds. We emphasize mainly on a decentralized identity service and management of Virtual machine images. This work also investigates the characterization of P2P architec- tures for their use in P2P-enhanced OpenStack clouds. The results section shows that the proposed solution enables the existing P2P system to scale beyond what was originally possible. We also show that the P2P-enhanced system performs better than the standard OpenStack. Keywords: Cloud Computing, OpenStack, P2P, Scalability i Acknowledgements Firstly, I would like to thank my family for bringing me this far in life. I am immensely grateful to my professor at BTH, Dr. Kurt Tutchku and my supervisor at Ericsson, Dr. Fetahi Wuhib. This work would not be possible without their guidance, insights and their patience. I am thankful to Dr. João Monteiro and Vinay Yadav from Ericsson Cloud Research, for providing support and boosting my morale. I am also grateful to Ericsson for providing resources and experiences. I would also like to express my unending gratitude to my friends and colleagues for supporting me and encouraging me in my work. ii Contents Abstract i Acknowledgements ii 1 Introduction 1 1.1 Concepts . 1 1.1.1 OpenStack . 1 1.1.2 Peer-to-Peer Technologies . 2 1.1.3 P2P-enhanced OpenStack clouds . 3 1.2 Problem description . 3 1.3 Motivation . 4 1.4 Research Questions . 4 2 Conceptual Background 5 2.1 Summary of the existing P2P-enhanced OpenStack . 5 2.2 Keystone and Federated Identity . 7 2.2.1 Keystone . 7 2.2.2 Federated Identity . 8 2.2.3 External Identity Providers (IDP) . 9 2.2.4 Keystone as an IDP . 9 2.2.5 Mapping . 10 2.3 Container Technology . 10 2.3.1 LXD . 10 2.3.2 Docker . 10 3 Related Work 12 4 Method 14 4.1 Overview of the applied methods . 14 4.2 Analysis of Basic Functional Requirements in OpenStack . 14 4.2.1 Identity service . 15 4.2.2 Image management . 16 4.2.3 Scheduling of Virtual Resources . 16 4.2.4 Networking Service . 17 iii 4.3 Functional Analysis of capabilities of Peer-to-Peer technologies for OpenStack . 17 4.4 Analysis of Numerical Scalability and Performance of Features of P2P Architectures . 20 4.5 Inference Phase . 22 4.5.1 Keystone solution decision . 22 4.5.2 Image management solution decisions . 23 4.6 Implementation and Verication . 24 4.6.1 Image management solution . 24 4.6.2 Decentralized Identity Service solution . 24 5 Results 28 5.1 Decentralized Identity Solution . 28 5.2 Peer-to-Peer System . 29 6 Analysis and Discussion 32 6.1 How can Peer-to-Peer architectures be characterized for their suit- ability in P2P-based OpenStack clouds? . 32 6.2 How can P2P technology be used for decentralized identity service in OpenStack clouds and which P2P-technology should be applied for high scalability of this service? . 33 7 Conclusions and Future Work 34 References 35 iv List of Figures 1.1 OpenStack Services Outline . 1 2.1 Architecture of the existing implementation of P2P-enhanced Open- Stack . 6 2.2 Architecture of the P2P-OpenStack agent . 6 2.3 Keystone Backends . 8 2.4 Mapping of remote user to local user . 11 4.1 Outline of phases and methods employed in the thesis . 15 4.2 Flow of image between OpenStack clouds . 16 4.3 Functional design space of P2P service overlays . 18 4.4 View of the Additional Dimension of the Functional Design space 19 4.5 Architecture of the Identity service solution . 25 4.6 Flow of Requests between Agents for Tokens . 26 5.1 Average Response times for 64 requests . 28 5.2 Average area under cputime curve for 64 requests . 29 5.3 Averages of Response times versus Number of requests and number of SPs . 30 5.4 VM startup time and fail rate of the standard and P2P systems with increasing system size and load . 31 5.5 VM failure rate of the standard and P2P systems (size 32) with increasing concurrent VM requests . 31 v Chapter 1 Introduction 1.1 Concepts Peer-to-Peer technologies oer a highly scalable and eective alternative to the server-client model. These technologies, when incorporated into clouds, can pro- vide enhanced versions of clouds that are ecient, scalable and overcome the limitations of the server-client paradigm. 1.1.1 OpenStack OpenStack is an open-source Cloud operating system which provisions virtual resources and services. The core functionality of OpenStack is delivered through the services that it oers. The OpenStack services among others include the compute service, identity management, networking and image management. Fig 1.1.1 taken from the ocial OpenStack documentation [10] presents the Open- Stack services and their primary functions. Each service of OpenStack provides a separate functionality and is exposed to the end-user via REST APIs. Below is a brief outline of the OpenStack services. Figure 1.1: OpenStack Services Outline 1 Chapter 1. Introduction 2 Nova (Compute service) This service provides the management of virtual machines through an abstraction layer for compute drivers that interfaces with supported hypervisors. Multiple hypervisors are supported by OpenStack including Kernel-based Virtual Machine (KVM), Xen, Hyper-V and Linux Containers (LXC). Neutron (Networking Service) Previously named Quantum, this service provides various networking functions like creating and deleting networks, subnets. It also provides additional functions for management of IP address, DNS, DHCP, load balancing etc., Keystone (Identity Service) Authentication and authorization throughout the OpenStack infrastructure are provided by Keystone. This service is pluggable and integral in the secure com- munication of the dierent services of OpenStack. Glance (Image Service) Glance Image service manages the discovery, registration and the distribution of virtual machine images (VMI) to the OpenStack compute nodes. Horizon (Dashboard Service) This service provides a web-based interface for managing, monitoring and provi- sioning of the OpenStack resources. 1.1.2 Peer-to-Peer Technologies Generally, P2P systems are highly scalable, highly distributed and self-organizing, which implement P2P services and functions to perform tasks in an altruistic sense. In other words, each peer in the system is involved in transactions that do not directly benet itself but benets the system on the whole. Every peer in a strictly P2P system is equal in terms of functionality and must be able to take the role of both the server as well as the client, simultaneously. A P2P protocol provides the function to join and leave the P2P overlay as well as to insert, delete, discover and retrieve the resources and also service-specic functions that are highly distributed. The term Peer-to-Peer (P2P) is often perceived as "not client/server" and has utility in systems, protocols, mechanisms, architectures, services and applications [34]. In modern applications, the border between P2P and client-server paradigms are not very clear. While some architectures can be considered to fully comply Chapter 1. Introduction 3 with the P2P paradigm, others can be in between client-server and P2P depending on the denition of P2P being considered. Thus, we rst dene what we mean by P2P in our paper. We borrow this denition from [7]. "A system is considered to be P2P if the elements that form the system share their resources in order to render the service that the system is designed to provide. The elements in the system both provide services to other elements and request services from other elements." In practical applications, a system can be considered Peer-to-Peer even if few of its elements do not strictly follow this criterion. This denition is within the context of a single service and hence in complex systems which oer multiple services, some of the services can be P2P while others can be client-server. P2P services are designed to overcome the limitations of the client-server model in terms of fault tolerance, scalability and self-organization. Thus, as the number of nodes increases, the performance of the P2P systems will not degrade as much as that of the client-server systems. 1.1.3 P2P-enhanced OpenStack clouds Multiple OpenStack clouds can be associated together to form a P2P system and to co-operate and function as a single cloud. The performance of this P2P- enhanced OpenStack cloud was shown to be better than the standard OpenStack cloud when we considered the scale of the compute nodes [12].