Cloud VPS currently runs in a single data center in Ashburn, Virginia. In the future, it will span two or more data centers, with a slightly different configuration in each.
Slides from a brief presentation about WMCS OpenStack architecture
Cloud VPS Eqiad (Ashburn, VA)
We have one region: eqiad1-r (also referred to as eqiad1).
Most users will manage their virtual servers using Horizon
. Horizon is an upstream OpenStack web interface for the OpenStack APIs. Our Horizon site also includes several custom dashboards to access special WMCS features not available in stock Horizon.
Individual user accounts on WMCS can also be created via Striker which is at https://toolsadmin.wikimedia.org
. Currently, any account created there is automatically added to the Tools project.
The OpenStack controller box cloudcontrol1003 runs the Glance and Keystone services, as well as nova-conductor and nova-scheduler. It is also the preferred place to access the OpenStack command-line client.
A second server, cloudcontrol1004 is present as well.
In the eqiad1-r
region, we use Openstack Neutron
which runs on servers cloudnet1003
See the deployments
page for a list of hypervisors per region and their current status.
Cloudvirt hosts (also known as hypervisors) are pooled or depooled using the profile::openstack::eqiad1::nova::scheduler_pool key in Puppet Hiera.
Most Cloud VPS projects do not use shared NFS storage. If they need NFS, these are the available options:
- Each member of a project has a project-wide shared home directory.
- The project has a public shared volume, generally mounted to /data/project
All of the above are hosted on various NFS servers (labstore* and cloudstore*).
Most OpenStack-related services are monitored in Icinga just like other production services.
VMs in the tools
projects are monitored with Shinken
LDAP is used for services throughout the WMF. The same LDAP database keeps track of project management and SSH keys for logins on VPS servers. LDAP is hosted on seaborgium and neptunium; The LDAP server software is OpenLDAP.
Each Cloud VPS instance has an /etc/ldap.conf file (managed by Puppet) with setting on how to access the LDAP servers.
DNS is handled by PowerDNS. Private DNS entries (e.g. foo.eqiad1.wikimedia.cloud) are created via Designate Sink and stored in a PDNS server using a MySQL backend. Public DNS entries are created via Horizon and the Designate API.
Last edited on 29 September 2020, at 17:02
Content is available under CC BY-SA 3.0
unless otherwise noted.