CERN IT Department CH-1211 Genève 23 Switzerland PES 1 Ermis service for DNS Load Balancer...

CERN IT DepartmentCH-1211 Genève 23

Switzerlandwww.cern.ch/it

PES

1

Ermis service for DNS Load Balancer configuration

HEPiX Fall 2014

Aris Angelogiannopoulos, CERN IT-PES/PSIgnacio Reguero, CERN IT-PES/PS



PES

2

Outline

• Core concepts

• DNS Load Balancing at CERN

• Motivation and Purpose

• Ermis Gateway

• Ermis Gateway Architecture

• Miscellaneous



PES

3

Core Concepts (Just in case)

Load Balancing● Scale a single service by spreading it to multiple back-end nodes

High Availability● The end user must always “see” the service as functional

● Service should be up even if some front or back-end nodes fail



PES

4

Core Concepts (2/2)

Service Manager's concerns:

● Implement High Availability at the application Layer No single point of failure

Replicate physical nodes among independent subnets

Replicate VM s among different availability zones

● Service components are expected to fail Hardware failures ( HDD, Switches, NIC's, Electricity etc )

Software failures ( Bugs )

Human Errors



PES

5

DNS Load Balancing at CERN (1/4)



PES

6


We use a client server architecture: LBD Master: Server reports to DNS service

LB Client: Runs in the hosts, triggered by SNMP request



PES

7


1. LB Clients in the host provide LBD Master(through SNMP) with:

• load metrics

• availability checks

2. The LBD Master decides which IP should be pointed by an LB Alias

3. The LBD Master sends dynamic DNS requests to update the IP

address pointed by the LB Alias

● The LBD Master uses a fail-over slave server for high availability



PES

8


• Service is provided for 258 (and rising) different aliases



PES

9

Motivation and Purpose

Motivation Creating new DNS Aliases in the cloud is time-consuming

Ticket to Config team -> Ticket to Network Ops

Lots of verbal and time-consuming communication

Waiting time for both can be high

Purpose Goal is to provide LBaaS to the end users of the cloud

Fast CRUD of LB Aliases in the CERN cloud No more tickets to the Network Group Simplifies the procedure of creating LB Aliases



PES

10

Ermis Gateway

What is it?

RESTful service that manages the configuration of DNS LB

● Django-Tastypie● SOAP interface to Network Group● CRUD of LB Aliases● Aim is to provide LBaaS to the cloud end users● Developed and tested using Agile techniques



PES

11

Ermis Gateway Architecture (1/2)

● Design● Model includes information about an Alias● Alias associated with a hostgroup or tenant● CRUD on model data

● Authentication● Kerberos ticket



PES

12


● Authorization Egroups (CERN interface for managing groups of people) Openstack

Use of the Openstack identity service (keystone)

Foreman (under development) Alias creation for machines on the same hostgroup



PES

13




PES

14

LBD configuration

● LBD configuration Config file is created via the Ermis data



PES

15

Miscellaneous

● Miscellaneous API endpoint

● REST calls to the service available

CLI available

Web Front available● https://aiermis.cern.ch (Internal only)

https://aiermis.cern.ch/



PES

16

Thank you!

Questions?

CERN IT Department CH-1211 Genève 23 Switzerland PES 1 Ermis service for DNS Load Balancer...

Documents

Transcript of CERN IT Department CH-1211 Genève 23 Switzerland PES 1 Ermis service for DNS Load Balancer...