Benefit is claimed under 35 U.S.C. 119(a)-(d) to Foreign Application Serial No. 202241038018 filed in India entitled “CUSTOM RESOURCE DEFINITION BASED CONFIGURATION MANAGEMENT”, on Jul. 1, 2022, by VMware, Inc., which is herein incorporated in its entirety by reference for all purposes.
In a software-defined data center (SDDC), virtual infrastructure, which includes virtual machines (VMs) and virtualized storage and networking resources, is provisioned from hardware infrastructure that includes a plurality of host computers (hereinafter also referred to simply as “hosts”), storage devices, and networking devices. The provisioning of the virtual infrastructure is carried out by SDDC management software that is deployed on management appliances, such as a VMware vCenter Server® appliance and a VMware NSX® appliance, from VMware, Inc. The SDDC management software communicates with virtualization software (e.g., a hypervisor) installed in the hosts to manage the virtual infrastructure.
It has become common for multiple SDDCs to be deployed across multiple clusters of hosts. Each cluster is a group of hosts that are managed together by the management software to provide cluster-level functions, such as load balancing across the cluster through VM migration between the hosts, distributed power management, dynamic VM placement according to affinity and anti-affinity rules, and high availability (HA). The management software also manages a shared storage device to provision storage resources for the cluster from the shared storage device, and a software-defined network through which the VMs communicate with each other. For some customers, their SDDCs are deployed across different geographical regions, and may even be deployed in a hybrid manner, e.g., on-premise, in a public cloud, and/or as a service. “SDDCs deployed on-premise” means that the SDDCs are provisioned in a private data center that is controlled by a particular organization. “SDDCs deployed in a public cloud” means that SDDCs of a particular organization are provisioned in a public data center along with SDDCs of other organizations. “SDDCs deployed as a service” means that the SDDCs are provided to the organization as a service on a subscription basis. As a result, the organization does not have to carry out management operations on the SDDC, such as configuration, upgrading, and patching, and the availability of the SDDCs is provided according to the service level agreement of the subscription.
As described in U.S. patent application Ser. No. 17/464,733, filed on Sep. 2, 2021, the entire contents of which are incorporated by reference herein, the desired state of the SDDC, which specifies the configuration of the SDDC (e.g., number of clusters, hosts that each cluster would manage, and whether or not certain features, such as distributed resource scheduling, high availability, and workload control plane, are enabled), may be defined in a declarative document, and the SDDC is deployed or upgraded according to the desired state defined in the declarative document.
The declarative approach has simplified the deployment and upgrading of the SDDCs, but may still be insufficient by itself to meet the needs of customers who have multiple SDDCs deployed across different geographical regions, and deployed in a hybrid manner, e.g., on-premise, in a public cloud, or as a service. These customers want to ensure that all of their SDDCs are compliant with company policies, and are looking for an easier way to monitor their SDDCs for compliance with the company policies and manage the upgrade and remediation of such SDDCs.
In a software-defined data center (SDDC), virtual infrastructure, which includes virtual machines (VMs) and virtualized storage and networking resources, is provisioned from hardware infrastructure that includes a plurality of host computers (hereinafter also referred to simply as “hosts”), storage devices, and networking devices. The provisioning of the virtual infrastructure is carried out by SDDC management software that is deployed on management appliances, such as a VMware vCenter Server® appliance and a VMware NSX® appliance, from VMware, Inc. The SDDC management software communicates with virtualization software (e.g., a hypervisor) installed in the hosts to manage the virtual infrastructure.
One or more embodiments provide a cloud platform from which various services, referred to herein as “cloud services” are delivered to the SDDCs through agents of the cloud services that are running in an appliance (referred to herein as an “agent platform appliance”). The cloud platform is a computing platform that hosts containers or virtual machines corresponding to the cloud services that are delivered from the cloud platform. The agent platform appliance is deployed in the same customer environment, e.g., a private data center, as the management appliances of the SDDCs. In one embodiment, the cloud platform is provisioned in a public cloud and the agent platform appliance is provisioned as a virtual machine, and the two are connected over a public network, such as the Internet. In addition, the agent platform appliance and the management appliances are connected to each other over a private physical network, e.g., a local area network. One of the cloud services that are delivered includes an SDDC configuration service, and the SDDC configuration service has a corresponding SDDC configuration agent deployed on the agent platform appliance. All communication between the SDDC configuration service and the management software of the SDDC is carried out through the SDDC configuration agent.
A method of managing configurations of an SDDC, according to an embodiment, includes: retrieving a current configuration of a first management appliance of the SDDC and a current configuration of a second management appliance of the SDDC; calling a first custom resource object of a container orchestration platform to acquire a desired configuration of the first management appliance and calling a second custom resource object of the container orchestration platform to acquire a desired configuration of the second management appliance; determining a difference between the current configuration of the first management appliance and the desired configuration of the first management appliance and instructing the first management appliance to apply the desired configuration of the first management appliance; and determining a difference between the current configuration of the second management appliance and the desired configuration of the second management appliance and instructing the second management appliance to apply the desired configuration of the second management appliance.
Further embodiments include a non-transitory computer-readable storage medium comprising instructions that cause a computer system to carry out the above method, as well as a computer system configured to carry out the above method.
In the embodiments, the desired state of an SDDC is specified in a plurality of custom resource objects of a container orchestration platform. As used herein, an SDDC is a virtual computing environment provisioned from a plurality of host computers, storage devices, and networking devices by management software for the virtual computing environment that communicates with hypervisors running in the host computers. Also, a container orchestration platform, as used herein, is a platform that automates the operational effort required to run containerized workloads and services. The operational effort includes provisioning, deployment, scaling (up and down), networking, load balancing and the like. Kubernetes® is an example of a container orchestration platform. A custom resource definition (CRD) is a set of definitions for a customer resource object which, as used herein, is an object that allows a user of the container orchestration platform to introduce custom application programming interfaces (APIs) to the container orchestration platform.
Each of the custom resource objects is created from a desired state document and corresponds to one of a plurality of management appliances that have been deployed to manage the SDDC. In the embodiment illustrated herein, the desired state document is created in the form of a human readable and editable file, e.g., a JSON (JavaScript Object Notation) file. After the custom resource objects are created, controllers of the container orchestration platform monitor the running state of the SDDC and issue commands to the management appliances to bring the running state of the SDDC into compliance with the desired state specified in the custom resource objects.
A plurality of SDDCs is depicted in
The management appliances in each customer environment communicate with an agent platform (AP) appliance, which hosts agents that communicate with cloud platform 12 to deliver cloud services to the corresponding customer environment. The communication is over a local area network of the customer environment where the AP appliance is deployed. For example, management appliances 51 in customer environment 21 communicate with AP appliance 31 over a local area network of customer environment 21. Similarly, management appliances 52 in customer environment 22 communicate with AP appliance 32 over a local area network of customer environment 22, and management appliances 53 in customer environment 23 communicate with AP appliance 33 over a local area network of customer environment 23.
As used herein, a “customer environment” means one or more private data centers managed by the customer, which is commonly referred to as “on-prem,” a private cloud managed by the customer, a public cloud managed for the customer by another organization, or any combination of these. In addition, the SDDCs of any one customer may be deployed in a hybrid manner, e.g., on-premise, in a public cloud, or as a service, and across different geographical regions.
In the embodiments, each of the agent platform appliances and the management appliances is a VM instantiated on one or more physical host computers having a conventional hardware platform that includes one or more CPUs, system memory (e.g., static and/or dynamic random access memory), one or more network interface controllers, and a storage interface such as a host bus adapter for connection to a storage area network and/or a local storage device, such as a hard disk drive or a solid state drive. In some embodiments, any of the agent platform appliances and the management appliances may be implemented as a physical host computer having the conventional hardware platform described above.
Cloud platform 12 includes a group of services running in virtual infrastructure of public cloud 10 through which a customer can manage the desired state of its group of SDDCs by issuing commands through UI/API 11. SDDC configuration service 140 is responsible for accepting configuration commands made through UI/API 11 and dispatching configuration tasks to a particular customer environment through message broker (MB) service 150. MB service 150 is responsible for exchanging messages with message broker (MB) agents deployed in different customer environments upon receiving a request to exchange messages from the MB agents. The communication between MB service 150 and the different MB agents is, for example, over a public network such as the Internet. SDDC profile manager service 160 is responsible for storing desired state documents in data store 165 (e.g., a virtual disk or a depot accessible using a URL) and, for each of the SDDCs, tracks the history of the desired state document associated therewith, e.g., using a relational database (hereinafter referred to as “desired state tracking database”).
In one embodiment, each of the cloud services is a microservice that is implemented as one or more container images executed on a virtual infrastructure of public cloud 10. Similarly, each of the agents and services deployed on the AP appliances is a microservice that is implemented as one or more container images executing in the AP appliances.
AP appliance 31 in customer environment 21 has various agents of cloud services running in cloud platform 12 deployed thereon. The two agents depicted in
In one embodiment, the message that includes the configuration task to apply the desired state also includes a desired state document that contains the desired states of different management appliances of customer environment 21.
VIM server appliance 51A has various services running therein for managing the configuration thereof and the configuration of the SDDC managed thereby. These services include: (1) an API endpoint 250 for configuration API calls made to VIM server appliance 51A; (2) a personality manager 251, which is responsible for applying the desired image of the virtualization software to a cluster of hosts 240 according to the desired state; (3) host profiles manager 252, which is responsible for applying the desired configurations of a cluster of hosts 260 according to the desired state; and (4) virtual infrastructure (VI) profiles manager 253, which is responsible for applying the desired configuration of the virtual infrastructure managed by VIM server appliance 51A (e.g., the number of clusters, the hosts that each cluster would manage, etc.) and the desired configuration of various features provided by software services running in VIM server appliance 51A (e.g., distributed resource scheduling (DRS), high availability (HA), and workload control plane), according to the desired state. Network management appliance 51B and other managements appliances 51C also have similar services running therein for managing the configuration thereof and the configuration of the SDDC managed thereby.
Upon receiving the message that includes configuration task to apply the desired state, SDDC configuration agent 220 executes the steps of a method that are depicted in
At step 510, SDDC configuration agent 220 extracts desired states for each of the different management appliances from the desired state document. Then, at step 520, SDDC configuration agent 220 selects the desired state of one of the management appliances for converting into a CRD object. At step 530, SDDC configuration agent 220 makes an API call to API server 231 to create the CRD object corresponding to the selected desired state. In the API call, SDDC configuration agent 220 specifies the name of the CRD object, the desired state (which specifies desired values for different configurable properties of one of the management appliances), and a CRD schema against which the desired state is validated. For example, the CRD schema defines constraints (range, minimum/maximum, etc.) for each of the different configurable properties, and values that do not meet the constraints fail the validation and trigger an error message. At step 540, SDDC configuration agent 220 determines if the desired states of all management appliances have been converted to CRD objects. If so, the method ends. If not, the method returns to step 520.
In the embodiment illustrated herein, the steps depicted in
At step S4, MB service 150 transmits the message to MB agent 210 of AP appliance 31 upon receiving a request to exchange messages from MB agent 210. MB agent 210 is responsible for routing messages from MB service 150 to the other agents deployed on AP appliance 31 and at step S5 routes the message containing the configuration task and the desired state document to SDDC configuration agent 220 of AP appliance 31. Then, SDDC configuration agent 220 carries out the steps of
In general, controllers of Kubernetes control plane 230 are responsible for checking (at a user-configurable frequency) that the current state of objects they are managing match their desired states. If not, the controllers execute a reconciliation loop to bring the current state into compliance with the desired state. Controller 241 operates in this manner to bring the current state of VIM server appliance 51A into compliance with the desired state of VIM server appliance 51A. Similarly, controllers 242, 243 operate in this manner to bring the current state of network management appliance 51B and other management appliance 51C into compliance with their desired states.
The triggering and the execution of the reconciliation loop of each of controllers 241, 242, 243 are depicted in
Returning to
The embodiments described herein may employ various computer-implemented operations involving data stored in computer systems. For example, these operations may require physical manipulation of physical quantities. Usually, though not necessarily, these quantities may take the form of electrical or magnetic signals, where the quantities or representations of the quantities can be stored, transferred, combined, compared, or otherwise manipulated. Such manipulations are often referred to in terms such as producing, identifying, determining, or comparing. Any operations described herein that form part of one or more embodiments may be useful machine operations.
One or more embodiments of the invention also relate to a device or an apparatus for performing these operations. The apparatus may be specially constructed for required purposes, or the apparatus may be a general-purpose computer selectively activated or configured by a computer program stored in the computer. Various general-purpose machines may be used with computer programs written in accordance with the teachings herein, or it may be more convenient to construct a more specialized apparatus to perform the required operations.
The embodiments described herein may be practiced with other computer system configurations including hand-held devices, microprocessor systems, microprocessor-based or programmable consumer electronics, minicomputers, mainframe computers, etc.
One or more embodiments of the present invention may be implemented as one or more computer programs or as one or more computer program modules embodied in computer readable media. The term computer readable medium refers to any data storage device that can store data which can thereafter be input to a computer system. Computer readable media may be based on any existing or subsequently developed technology that embodies computer programs in a manner that enables a computer to read the programs. Examples of computer readable media are hard drives, NAS systems, read-only memory (ROM), RAM, compact disks (CDs), digital versatile disks (DVDs), magnetic tapes, and other optical and non-optical data storage devices. A computer readable medium can also be distributed over a network-coupled computer system so that the computer readable code is stored and executed in a distributed fashion.
Although one or more embodiments of the present invention have been described in some detail for clarity of understanding, certain changes may be made within the scope of the claims. Accordingly, the described embodiments are to be considered as illustrative and not restrictive, and the scope of the claims is not to be limited to details given herein but may be modified within the scope and equivalents of the claims. In the claims, elements and/or steps do not imply any particular order of operation unless explicitly stated in the claims.
Virtualization systems in accordance with the various embodiments may be implemented as hosted embodiments, non-hosted embodiments, or as embodiments that blur distinctions between the two. Furthermore, various virtualization operations may be wholly or partially implemented in hardware. For example, a hardware implementation may employ a look-up table for modification of storage access requests to secure non-disk data.
Many variations, additions, and improvements are possible, regardless of the degree of virtualization. The virtualization software can therefore include components of a host, console, or guest OS that perform virtualization functions.
Plural instances may be provided for components, operations, or structures described herein as a single instance. Boundaries between components, operations, and data stores are somewhat arbitrary, and particular operations are illustrated in the context of specific illustrative configurations. Other allocations of functionality are envisioned and may fall within the scope of the invention. In general, structures and functionalities presented as separate components in exemplary configurations may be implemented as a combined structure or component. Similarly, structures and functionalities presented as a single component may be implemented as separate components. These and other variations, additions, and improvements may fall within the scope of the appended claims.
Number | Date | Country | Kind |
---|---|---|---|
202241038018 | Jul 2022 | IN | national |