|
| 1 | +--- |
| 2 | +title: 'Storage Architecture' |
| 3 | +--- |
| 4 | + |
| 5 | +import { Link } from '/snippets/link.mdx'; |
| 6 | + |
| 7 | +Ubicloud provides encrypted, non-replicated storage for each VM. To do this, we use |
| 8 | +<Link title="SPDK" url="https://spdk.io/"/> (Storage Performance Development Toolkit). |
| 9 | +SPDK is an open-source set of tools and libraries for building high-performance, scalable, |
| 10 | +and efficient storage applications. SPDK uses a layered block device (bdev) framework, |
| 11 | +where each layer provides a specific function like file access, NVMe access, encryption, |
| 12 | +or compression. |
| 13 | + |
| 14 | +Each VM can have multiple disks. Disks are indexed starting at zero. A disk |
| 15 | +can be based on an OS image. OS images are stored at `/var/storage/images/`. Files |
| 16 | +specific to each disk is stored at `/var/storage/${vm_name}/${disk_index}`. This directory |
| 17 | +has 3 files: |
| 18 | + |
| 19 | +* `disk.raw`: Disk's actual data. Same size as the disk. |
| 20 | +* `data_encryption_key.json`: Encryption parameters of the disk. Keys inside this file |
| 21 | + are encrypted using KEK (Key Encryption Key). See <Link title="this blogpost" url="https://www.ubicloud.com/blog/ubicloud-block-storage-encryption"/> |
| 22 | + for more details. |
| 23 | +* `vhost.sock`: Unix domain socket which is used for communication betweet the VMM (Virtual |
| 24 | + Machine Monitor) and SPDK. We use Cloud-Hypervisor as the VMM. |
| 25 | + |
| 26 | +In SPDK we create the following objects for each disk: |
| 27 | + |
| 28 | +* **The file access bdev**: this is used to read from and write to `disk.raw`, and is |
| 29 | + created using the `bdev_aio_create` SPDK json-rpc command. |
| 30 | +* **The encrption key**: which is named `${vm_name}_${disk_index}_key`. This is created |
| 31 | + using the `accel_crypto_key_create` SPDK json-rpc command. |
| 32 | +* **The encryption bdev**: which is layerd on top of the file access bdev, and is |
| 33 | + created using the `bdev_crypto_create` SPDK json-rpc command. |
| 34 | +* **The copy-on-write layer**: which is layerd on top of the encryption bdev & provides |
| 35 | + copy-on-write from an OS image. This is created using the `bdev_ubi_create` json-rpc |
| 36 | + command. |
| 37 | +* **The vhost controller**: which is used to create the `vhost.sock` unix domain socket. |
| 38 | + |
| 39 | +Finally, we add the following argument to Cloud-Hyperisor's command line, which attaches |
| 40 | +the disk to the VM: `--disk vhost_user=true,socket=#{vhost_socket_path},num_queues=1,queue_size=256`. |
0 commit comments