Portal:Cloud VPS/Infrastructure

Cloud VPS is a virtualization cloud that uses OpenStack Compute. Base images are managed with Glance, and authentication uses LDAP-backed Keystone.

Cloud VPS currently runs in a single data center in Ashburn, Virginia. We also have a second deployment in Dallas for test and development; this deployment is only usable by people with special permissions.

For troubleshooting immediate issues, visit Portal:Cloud_VPS/Admin/Troubleshooting.

We have one region: eqiad1-r (also referred to as eqiad1).

The eqiad name is based on the naming convention for data centers.

Most users will manage their virtual servers using Horizon. Horizon is an upstream OpenStack web interface for the OpenStack APIs. Our Horizon site also includes several custom dashboards to access special WMCS features not available in stock Horizon.

Horizon is hosted on cloudweb1003.wikimedia.org and cloudweb1004.wikimedia.org and can be accessed at https://horizon.wikimedia.org.

All of the services available on Horizon can also be accessed directly via API or command-line.

User accounts on WMCS can be created using the developer account workflow, or created via Striker which is at https://toolsadmin.wikimedia.org. Currently, any account created there is automatically added to the Tools project.

The OpenStack controller box cloudcontrol1011 runs the Glance and Keystone services, as well as nova-conductor and nova-scheduler. It is also the preferred place to access the OpenStack command-line client.

The other controller nodes cloudcontrol1006, cloudcontrol1007 are approximately identical.

All service APIs are accessed via haproxy which runs on cloudlb hosts.

The cloud-vps software-defined network is managed by Openstack Neutron which runs on servers cloudnet1005 and cloudnet1006.

Connections between cloud-vps networks and external networks (either WMF internal networks or the public internet) are made via cloudgw boxes.

See the deployments page for a list of hypervisors per region and their current status.

Cloudvirt hosts (also known as hypervisors) are pooled or depooled using host aggregates managed by custom cookbooks.

Most VMs use distributed ceph storage for their backing volumes; this means that VMs can be migrated between cloudvirts without downtime. The exception to this is etcd nodes, which run on special hypervisors that use local storage for increased disk performance. These hypervisors are named 'cloudvirtlocalXXXX'.

Root volumes are stored as ceph block devices in the eqiad1-compute pool.

Attachable block storage is managed by Openstack Cinder; the volumes are stored as ceph block devices in the eqiad1-cinder pool.

Cloud-vps exposes both Swift and S3 apis for object storage. In both cases the objects and containers are managed by the rados gateway and backed by Ceph, stored in pools with the name default.rgw.*

Most Cloud VPS projects do not use shared NFS storage. If they need NFS, these are the available options:

• Each member of a project has a project-wide shared home directory.
• The project has a public shared volume, generally mounted to /data/project

All of the above are hosted on various NFS servers (clouddumps* and cloudstore*).

Most OpenStack-related services are monitored in Icinga just like other production services.

LDAP is used for services throughout the WMF. The same LDAP database keeps track of project management and SSH keys for logins on VPS servers. LDAP is hosted on seaborgium and neptunium; The LDAP server software is OpenLDAP.

Each Cloud VPS instance has an /etc/ldap.conf file (managed by Puppet) with setting on how to access the LDAP servers.

DNS is handled by PowerDNS. Private DNS entries (e.g. foo.eqiad1.wikimedia.cloud) are created via Designate Sink and stored in a PDNS server using a MySQL backend. Public DNS entries are created via Horizon and the Designate API.