a technical overview in four steps - red hatpeople.redhat.com/jamisonm/big_safari/red hat openstack...
Post on 08-Mar-2018
276 Views
Preview:
TRANSCRIPT
Technical Overview
Ted BrunellPrincipal Solution Architect, DoD Programs@DoDCloudGuytbrunell@redhat.com
10
Red Hat OpenStack Platform2
Core Director Integration Advanced
A Technical Overview in Four Steps
Red Hat OpenStack Platform3
AgendaCore Components● Compute● Networking● Block Storage● Object Storage● VM Image Storage● Identity and access control● Orchestration engine● Telemetry● Baremetal● Dashboard● Data Processing● Shared Filesystem● DNS
Director● Overview● Upgrades/Updates● Graphical User Interface● Control Plane High Availability● Composable roles● NFV Installations
Integration● With RHEL● With 3rd Party plugins● With CloudForms (infra and cloud provider)● With Ceph and Ceph Console● With OpenDaylight● With Operational Tools● With Identity Management● With Insights and Customer Portal● With Satellite● With Ansible● With OpenShift● With Red Hat Cloud Suite
Advanced and Tech Previews● NFV Solution● Hyper Converged deployments● Neutron DVR● Rally● Containerized Installation (in Tech Preview)● Neutron Tech Preview features● Other features in Tech Preview● SR-IOV and OVS+DPDK● RT_KVM● VMWare Support
Red Hat OpenStack Platform
Core
Red Hat OpenStack Platform5
Core Components in version 10 (Newton)
IaaS+
IaaS
TELEMETRY ORCHESTRATION
CEILOMETER SAHARA HEAT
DATAPROCESSING
COMPUTE
NOVA
NETWORKING
NEUTRON IRONICCINDER GLANCE SWIFT
STORAGE
BLOCK IMAGE OBJECT
BARE-METALPROVISIONING
HORIZON TRIPLEO
DASHBOARD
SHARED SERVICES
IDENTITY
KEYSTONE
DIRECTOR
DEPLOYMENTand
MANAGEMENT
MANILA
SHARED FILESYSTEM
Certified Red Hat OpenStack Platform plugins: https://access.redhat.com/articles/1535373
Red Hat OpenStack Platform6
OpenStack connects two worlds
Operato r viewTe
nant
vie
w
Developers Administrators
Red Hat OpenStack Platform7
Tenant view – the actual OpenStack IaaS user
Limited by what the Operator decides to offer in that cloud
Operator view – often the same role that has root access to the systems
Combines configuration files and API actions to create a working environment for his tenants.
Operato r viewTe
nant
vie
w
OpenStack connects two worlds
Red Hat OpenStack Platform8
OpenStack connects two worldsBoth can use Horizon, the CLI tools, a library (such as os_cloud in Ansible or boto in Python) or directly the API using HTTP and JSON/XML via curl/wget.
OpenStack policy engine (Policy.json in Keystone) will filter which API calls require administrative privileges (i.e. the operator) or regular tenant privileges.
The use of Keystone Domains (in v3) allows an intermediate role: domain_admin
CloudForms also offers a Cloud Admin view and a User Portal with the available services.
Red Hat OpenStack Platform9
Operato r viewTe
nant
vie
w
Compute (Nova)
● I need VMs, anytime● How many can I have?● It must be secure● SSH and VNC please?
● I have hardware capacity available
● This is how you consume it● I set usage quotas● I design for performance and
scalability
Red Hat OpenStack Platform10
Operato r viewTe
nant
vie
w
Similar to Amazon EC2Self-service VMs: Boot an instance of a selected of flavor (vCPU, RAM, disk size), OS image (from Glance), SSH keypair, host-aggregate or availability zone (AZ), custom metadata, user-data, security-groups, with/without ephemeral disk.
Reboot, stop, resize, terminate
See the console log of his instance, open VNC/RDP session, change VM root password (if OS supports)
Reserve, assign and release floating Ips
Manage keypairs and security-groups
Check quota usage
Select which Neutron network or portOther Neutron/Cinder shortcuts for network and volume management
No need to manage hypervisors individually, due to distributed design of OpenStack, at any scale. Supports KVM and VMWare (vCenter)
Defines which choices are available to tenants: flavors offering specific capabilities and carefully planned capacity and overcommit ratios.Easier maintenance and operations with support for node evacuation, mark “host down” and instance live-migration.
Define host-aggregates and AZs with specific meta-data to allow advanced scheduling and request filtering.Set NFV specific flavors including vCPU pinning, Large pages, vCPU, RAM, and I/O device NUMA awareness, SR-IOV/PCI Passthrough
Instance HA, transparent to tenants, if enabled
Compute (Nova)
Red Hat OpenStack Platform11
Compute (Nova)
Red Hat OpenStack Platform12
Operato r viewTe
nant
vie
w
Networking (Neutron)
● I need my own network, isolated from others
● Some private IPs, some public IPs
● These are my QoS specs● Let me share networks with
others
● I design a network overlay and provide external access
● I have very few Public IPs● I set rules, policies, quotas● With SDN, I can centrally manage
and monitor it all
Red Hat OpenStack Platform13
Similar to Amazon VPC, ELBCreate,Remove,Update,Delete (CRUD) networks, subnets and ports, for basic L2 and L3 with IP Address Management (DHCP)Define a tenant network (overlay)
Additionally:● Provider networks ● Quotas● Security Groups (per port)● East/West L3 routing with tenant-defined routers● External gateway, NAT, floating IPs● Load balancing, VPN and Firewall
IPv6 tenant network management
QoS (rate limit policies) per port, per network
RBAC for granular sharing of tenant networks
Defines provider networks, manually set-up in Neutron by the operator, representing a pre-existing network (i.e. VLAN). Useful to point to corporate DNS or Gateways with multiple routes
Multiple simultaneous L2 technologies on a single installation via ML2
Default OpenVSwitch, or choose from dozens of commercial SDN vendors
Configures SSL/TLS backend for LBaaS
Define floating IP ranges, normally for publicly routable IPv4 addressess
Offer/ delegate IPv6 tenant networks (SLAAC, DHCP)
Define and enforce QoS (currently only egress flows)
VXLAN offloading to HW available (up to 4x throughput)
Distributed Virtual Routing (DVR) for better scalability
L2Pop and Responder to mitigate ARP flooding at scale
Networking (Neutron)
Operato r viewTe
nant
vie
w
Red Hat OpenStack Platform14
Networking (Neutron)
Red Hat OpenStack Platform15
Operato r viewTe
nant
vie
w
Block Storage (Cinder)
● Too much data in my VMs!● I need permanent storage● Can I snapshot and
backup/rollback?● Encrypted, please
● I constantly buy storage● I must allocate space to tenants● I can combine different tiers of
technologies (NAS, SAN)● I set rules, policies, quotas
Red Hat OpenStack Platform16
Similar to Amazon EBS
CRUD additional hard drives to an instance, as Block volumes: require tenant VMs to format with a filesystem.
Persistent storage, can be cloned, snapshotted, replicated or imported/exported to another AZ (also public storage like Google Cloud Storage *)
Encryption available via LUKS (if enabled by ops)
Hot-unplug from one instance and re-attach to another instance
Non-disruptive and Incremental snapshot: ideal for backup/restore and DR use-cases
QoS available (total IOPS)
If exposed, vendor-specific features (mirroring, compresion, replication, thin provisioning)
Uses Red Hat Ceph storage as default
Multiple backends(LVM, iSCSI, NFS, ScaleIO, etc) including proprietary ones with more specific features
Faster provisioning via over-subscription, thin-provisioning and Generic image cache
ISCSI multi-path support for extra reliability
Private volume types for premium levels of service (SSD, thick_provisioned)
Simplified operations, DR and backup with Generic Volume Migration & replication (sync/async, with N number of replicas) between different storage backends
Storage Policies for simpler management
Block Storage (Cinder)
Operato r viewTe
nant
vie
w
*Tech Preview features are subject to change in GA release
Red Hat OpenStack Platform17
Block Storage (Cinder)
Red Hat OpenStack Platform18
Operato r viewTe
nant
vie
w
Object Storage (Swift)
● My application needs object storage (files, media)
● I can use HTTP(s) ● Stateless please! No time for
mounting filesystems
● I will offer a private S3-like experience
● I must scale without limits● I want advanced features
Red Hat OpenStack Platform19
Similar to Amazon S3 (a modern version of FTP, WebDAV)
CRUD objects in containers, per account
Ideal to store static objects (media, web files, email)
Only useful if the application understands the Swift/S3 API
Also useful to store Glance image backups
Not meant to be used as POSIX filesystem
Fast-POST allows fast-efficient updates of metadata without re-upload of the content.
Very few dependencies with other OpenStack modules, mostly Keystone for RBAC
Scales horizontally up to petabytes
Replication for global clusters
Advanced Swift features: middleware for API processing, temporary URLs, URL rewrite
Swift requires his own storage space, not integrated with CephReduced availability for further storage efficiency with Erasure Coding
Object Storage (Swift)
Operato r viewTe
nant
vie
w
Red Hat OpenStack Platform20
Object Storage (Swift)
Red Hat OpenStack Platform21
Operato r viewTe
nant
vie
w
VM Image Storage (Glance)
● What operating systems can I use?
● This is my own version, store it just for me
● Is the OS image genuine?● Take this VMWare template
and import it
● Only approved OS can be used in my cloud
● Centrally offer updated OS● Leverage storage integration to
reduce network usage
Red Hat OpenStack Platform22
Similar to Amazon AMIs
CRUD images (VM templates, a bootable OS) and snapshots (VM backup)
Private or public images
Upload from file or from URL
Metadata can host any key-value pair, useful to document OS version, date...
Multiple disk-formats (QCOW2, RAW, ISO, VDI, VMDK) and container-format (bare, OVF, AMI, ARI)
Checksum and signature verification for extra security
Best-practice: offer “golden images” to tenants via public glance images.
Store images using Cinder as backend.
If not using Ceph, Director configures Swift as a Glance image store.
If using Ceph, Glance will leverage advanced RBD features (cache, thin-provisioning, immediate snapshot)
Automatic Nova/Libvirt/KVM optimization depending on guest OS via os_name attribute
VM Image Storage (Glance)
Operato r viewTe
nant
vie
w
Red Hat OpenStack Platform23
VM Image Storage (Glance)
Red Hat OpenStack Platform24
Operato r viewTe
nant
vie
w
Identity and Access Control (Keystone)
● I am not a hacker, believe me!● My boss just gave me permission
to ask for VMs● Where are all the services?● I am a project lead, I must be
admin of my project
● Who are you?● Let me validate with LDAP● I must integrate with my
company’s SSO● I must secure entry points with
TLS Certificates
Red Hat OpenStack Platform25
Similar to Amazon IAM
Authenticates and gives Authorization to users. Provides them session tokens that will be used for all OpenStack actions
CRUD user, tenants (project), roles (as long as Operator allows it)
Change password, also download credentials file (RC) with EC2 keys
Discover OpenStack endpoints via catalog
Kerberos for SSO in both Web (Horizon) and in CLI on client systems with SSSD
Federated Identity*: same user/password across multiple OpenStack providers
CRUD user, tenants (project), roles, and domains (for v3) for better RBAC.
SAML Federation* for authentication with external providers (pre-existing) or other clouds, via Red Hat SSO*Multiple identity backends: LDAP, ActiveDirectory, FreeIPA, PAM, etc
Preferred authorization backend is MariaDB
Lightweight tokens (Fernet) for better performance and scalability
Logs in standard CADF auditable format
Public endpoint protection with SSL/TLS
Identity and Access Control (Keystone)
Operato r viewTe
nant
vie
w
*Tech Preview features are subject to change in GA release
Red Hat OpenStack Platform26
Identity and Access Control (Keystone)
Red Hat OpenStack Platform27
Operato r viewTe
nant
vie
w
Orchestration engine (Heat)
● This is the blueprint of my application deployment: dependencies, config, etc
● Can you run this for me?● Scale it out when this threshold
is reached
● To compete with public clouds, I should offer an orchestration engine
● Auto-scaling, load balancers and quotas allow me to monitor and predict demand
Red Hat OpenStack Platform28
Similar to Amazon Cloudformations, and ELB
CRUD templates (stacks), that can be stopped and resumed.
Instructs OpenStack to automate deployment of resources as defined in HOT or CloudFormations (CFN) language
Already on its 6th version, HOT offers more modularity and flexibility improvements (i.e. resource chains, pre-delete hooks, etc)
Very useful when combined with Ceilometer and LBaaS. Example use-case is instance auto-scaling, by creating another VM when cluster load reaches 80% CPU.
Heat may require minor tuning to ensure enough CPU and RAM is assigned to it
Can offer shared templates, approved by IT
Excellent integration with CloudForms to create a advanced service catalog to end-users, with policies and customized quota and capacity management.
Orchestration engine (Heat)
Operato r viewTe
nant
vie
w
Red Hat OpenStack Platform29
Orchestration engine (Heat)
Red Hat OpenStack Platform30
Operato r viewTe
nant
vie
w
Telemetry (Ceilometer)
● How much CPU, RAM, disk am I using, i.e. per hour?
● Notify me of any alarm here ● I wish I could charge back / show back how much every user is consuming
● This is useful for my own internal usage!
Red Hat OpenStack Platform31
Similar to Amazon CloudWatch
Metrics (CPU, RAM usage) and Events (e.g instance is created) can be only be listed.
Alarms (e.g CPU threshold reached) can also be triggered. Alarm threshold can be custom-defined, all via the Aodh API (pronounced “hey”)
Querying for historical values are available.
Historically, Ceilometer required tuning at scale, to allow tenants polling historical values. MongoDB was the only backend.
Now Ceilometer offers much better performance and scalability, thanks to the split of its components.
Gnocchi stores/indexes time-series metrics
Aodh does the same for alarms
Panko is the event engine (to be deprecated)
Connects with CloudForms for Capacity monitoring and management.
Telemetry (Ceilometer)
Operato r viewTe
nant
vie
w
Red Hat OpenStack Platform32
Telemetry (Ceilometer)
Red Hat OpenStack Platform33
Operato r viewTe
nant
vie
w
Baremetal for tenants (Ironic)
● I need a physical VM for a while, with a generic OS
● I don’t have many security or isolation concerns, nor network protection needs
● I have some spare nodes in a separate cluster, with shared network
● I will offer them to trusted users groups
● I will provide the OS image
Red Hat OpenStack Platform34
Similar to Amazon Dedicated EC2 Servers
Nova commands are used against a existing baremetal Host-Aggregate
After Ironic reserves a baremetal node, Nova is used to provision the instanceOnly works with glance images tagged “hypervisor_type=ironic”
Can deploy Linux or Windows VMs (requires extra steps)
Basic “baremetal to tenant” experience offered in OSP 10
Allocates a pool of nodes to be entirely allocated to certain tenants, on demand
Requires careful design for tenant-facing service (network isolation, security...)
Defines nova Host-Aggregates with key-value “baremetal” and a flavor with key hypervisor_type="ironic"
Quotas and capacity planning are needed
Good integration (thanks to specific certification) with most hardware vendors: Dell, Cisco, HP…
Introspection process to detect HW capabilities
Requires many Nova and Neutron changes (i.e. Flat Networking for PXE provisioning)
Baremetal for tenants (Ironic)
Operato r viewTe
nant
vie
w
Red Hat OpenStack Platform35
Baremetal for tenants (Ironic)
Red Hat OpenStack Platform36
Operato r viewTe
nant
vie
w
Dashboard (Horizon)
● I need a UI to manage my workloads or troubleshoot
● I don’t like the CLI● I want to see my Heat
topologies ● Quickly display my quota usage
and default options
● I want an admin panel● I want a quick access to my Red
Hat Access account● I want to see all Neutron
networks and routers
Red Hat OpenStack Platform37
Dashboard (Horizon)
Red Hat OpenStack Platform38
Operato r viewTe
nant
vie
w
Data Processing (Sahara)
● I need a hadoop cluster for a few hours
● I need to try different Big Data platforms
● I want my clusters to scale automatically
● I don’t have the manpower to customize big data platforms to all my tenants
● I will get 3rd party providers and deliver their stack as a service
Red Hat OpenStack Platform39
Similar to Amazon Elastic MapReduce (EMR)
Run Hadoop workloads in few clicks without expertise in Hadoop operations
Simple parameters such as Hadoop version, cluster topology, and node count
Data can be hosted elsewhere (S3, Swift...)
Rapid provisioning of Hadoop clusters for Dev and QA
“Analytics-as-a-Service” for bursty or ad-hoc workloadsUser documentation here
Utilization of unused compute power from a general purpose OpenStack cloud to perform Data Processing tasksSupports Hadoop distributions on CentOS and RHEL 7:
● Cloudera● HortonWorks● Ambari ● MapR
Plugin Image Packaging Tool, to validate custom plugins, package them and generate clusters from clean, versioned, OS-only images.Installation procedure here (OSP9-manual, OSP10-director)
Data Processing (Sahara)
Operato r viewTe
nant
vie
w
Red Hat OpenStack Platform40
Data Processing (Sahara)
Red Hat OpenStack Platform41
Operato r viewTe
nant
vie
w
Shared File System (Manila)
● I need a network folder to share files between VMs
● Sometimes I’ll share it with other users in my team
● I don’t want to manage the folder (permissions, quotas)
● I don’t have the time to create temporary shares and enable network security
● I wish I could automatically leverage OpenStack users and groups
Red Hat OpenStack Platform42
Similar to Amazon Elastic File System but not just NFS, also CIFS
Creates a network file share, available in a Neutron shared network
Can be shared with other tenants (RBAC), including mappings to LDAP entities
User-defined quotas, policies, replication, snapshots, extend/shrink capacity
VM Operating System must connect to the share using whatever network protocol has been set (NFS, CIFS)
Significantly reduces operational burden
Delegates storage management to end users with clearly defined limits and boundaries
● NFS (access by IP address or subnet)● CIFS (authentication by user)
In OSP, Manila is GA, deployed via Director● Only NetApp driver is GA● CephFS driver is Tech Preview
Shared File System (Manila)
Operato r viewTe
nant
vie
w
Red Hat OpenStack Platform43
Shared File System (Manila)
Red Hat OpenStack Platform44
Designate* is similar to Amazon Route53, provides DNS-as-a-Service
Trove is similar to Amazon RDS – no longer available in Red Hat OpenStack Platform
They all provide high-level IaaS services, to reduce the effort of cloud adoption to users
Each service requires their own fine-tuning, and vendor-specific configuration (or license)
Requires network and storage planning
Very useful when tenants require standarized service offerings and a seamless user experience
Drastically reduce service requests (happier developers)
Trove: only available via preferred partner Tesora, they support many SQL and NoSQL backends
Designate backends: PowerDNS, BIND
Designate*, Trove (via Tesora)
Operato r viewTe
nant
vie
w
*Tech Preview features are subject to change in GA release
Red Hat OpenStack Platform
Director
Red Hat OpenStack Platform46
Red Hat OpenStack Platform Director
● Based on TripleO● Graphical Interface● Deployment Validations● Simplified Control Plane HA● Default roles● Composable roles● Custom Services
● Generic node deployment (separate hardware deploy phase)
● Automatic hardware profile tagging● Post-deployment customizations● Scaling, Updating and Upgrading● 3rd party integration
Red Hat OpenStack Platform47
Red Hat OpenStack Platform DirectorAPI driven deployment (and management) of Red Hat OpenStack Platform, allows CloudForms integration
Safely upgrade and update production OpenStack deployments
Configuration stored as YAML code, where Operator configure the datacenters attributes accordingly (e.g VLAN, IP ranges). CLI based on standard OpenStack interfaces.
Leverages best practices and reference architectures from our extensive field experience.
Out-of-the-box Control Plane HA thanks to Pacemaker. External load balancer support.
Ceph deployment and configuration as storage backend. Can connect to existing Ceph.
Supported partner hardware integration (Ironic, Cinder, Neutron)● Cisco UCS, Dell, Intel, HP, Fujitsu, SeaMicro, and Open CloudServer
● Cisco Nexus 1000v (networking) and other SDNs
● Netapp Data ONTAP (Cinder storage) and other Storage
Red Hat OpenStack Platform48
Scales to hundreds of nodes, automating the whole hardware lifecycle.
Ready state configuration for selected hardware, that automatically configures RAID, BIOS, Network bonding, etc.
Pattern-based automatic discovery and selection of appropriate nodes from hardware inventory. Automatic Health Check can execute performance test before deployment to identify possible misconfigurations or faulty servers.
Ability to validate installation post deployment using Tempest.
Easy to scale up and down - add compute and storage capacity (see deployment limits)
Enhanced management via CloudForms, for both tenants and administrators.
Director: building scalable clouds
Red Hat OpenStack Platform49
Director is based on upstream OpenStack deployment program – TripleOOperator uses a Undercloud OpenStack installation to deploy/update the Production OpenStack Overcloud via Heat and Ironic. See these two blog posts.
TripleO: OpenStack on OpenStack
Red Hat OpenStack Platform50
Director Graphical User Interface (undercloud)
Red Hat OpenStack Platform51
Director Validations (undercloud)
Ansible-driven solution to catch potential hardware, networking and deployment issues will reduce deployment failures
Simplify the burden on IT staff by providing recommended configuration solution settings when issues are detected
Help customers to achieve production-ready deployments through entire process● Pre-installation (prior to starting deployment) ● During installation – RHOSP 11+● Post-installation (checks after deployment)● Upstream project: http://docs.openstack.org/developer/tripleo-validations/
Red Hat OpenStack Platform52
Uses the Heat service of the Undercloud OpenStack installation to trigger deployments, updates, upgrades and scaling in/out.Inventory of nodes via Ironic and a discovery live systemHeat requests Ironic to bootstrap the servers (controller, compute, storage), via IPMI for power management and PXE provisioning network.Nova and Neutron keeps track of the details (e.g server Ips)Once deployed, Director returns the Overcloud credentials file (overcloudrc)
Director TripleO: Lifecycle
Red Hat OpenStack Platform53
Other installation options
● Packstack:● Only for Development and small PoCs● Lacks upgrades, integration, validation● Not recommended in general● https://access.redhat.com/articles/2477851
● https://access.redhat.com/articles/1140323
● QuickStart Cloud Installer● Unified UI to deploy Red Hat Virtualization,
Red Hat OpenStack Platform and Red Hat Cloudforms, from a central Red Hat Satellite server.
● Uses Director under the hood
Red Hat OpenStack Platform54
Default Roles (Ref.Arch)5 default roles:
● Controller● Compute● Storage node (cinder)● Ceph node (OSD)● Swift node
2 set of templates as reference: ● 1 controllers, N compute, no ceph (external NFS),
VLAN networks● 3 controllers, N compute, 3+ ceph (Mon+OSD),
VXLAN networks (preferred for production)Operators can easily customize and override with their own templates
Underlying puppet modules can also be customized
Further tuning available as post-installation scripts
Red Hat OpenStack Platform55
Control Plane High Availability Most OpenStack HA services and VIPs must be launched/managed by Pacemaker or HAProxy. However, some can be managed via systemctl thanks to the simplification of pacemaker constraints introduced in version 9 and 10.
Red Hat OpenStack Platform56
Composable Roles and Custom ServicesImportant: only new OSP10 deployments can have composable roles or new custom services. It cannot upgrade OSP9 “monolithic” to OSP10 “composable”, nor it cannot change OSP10 “monolithic” to “composable”. This is a roadmap item for OSP11
Red Hat OpenStack Platform57
NFV Installations with DirectorDirector can define advanced resource partitioning : NUMA/CPU pinning, Hugepages, IRQ isolation, etc)It also provide the required SR-IOV or OVS+DPDK configurations in Nova and Neutron
SR-IOV Deployment (DPDK guest) OVS+DPDK Deployment (DPDK guest)
Integration
Red Hat OpenStack Platform59
Co-engineered with RHEL
Windows Windows WindowsLinuxLinux
SUPPORTED GUESTS
OpenStack
RHEL + KVM Ceph OVS
Storage Network
SERVERS
Virtualization Security Ecosystem Network Storage
KVM Network Stack
Device Drivers
LINUX KERNEL
Security Enhanced Linux (SELinux)
Red Hat OpenStack Platform60
Ecosystem of certified Partner Plugins
List of certified components, Catalog of 3rd party products and Support policy
Specific portal for partners and detailed documentation with the certification instructions.
Red Hat OpenStack Platform61
SDN – Software Defined NetworkingDozens of SDN partners, Neutron certified
Director can automatically configure Cisco, Nuage, PLUMgrid. More to come
Two main models:● Software centric - hardware is general-purpose
● Hardware centric - specific network hardware is required
Can extend Neutron via ML2 drivers, core plugins or advanced services.
Red Hat OpenStack Platform62
Integration with CloudFormsTwo complementary options:
● OpenStack workload management (w/ Red Hat OpenStack Platform) ● admin/tenant facing
● OpenStack infrastructure management (w/ director)● operator facing● correlation with Red Hat OpenStack Platform deployment
● deployment details, service monitoring, drift history● scaling
● power of combining policies and infrastructure management
For more information, visit the QuickStart Guide or this series of videos
Red Hat OpenStack Platform63
Management and operations via CloudFormsSee the following videos for more examples
● Power, Provision & Console: https://youtu.be/ByeCXMM-5z4 ● Capacity and Utilization: https://youtu.be/Qe-sDxENXF8 ● SmartState and Genealogy: https://youtu.be/ysMDeqSddQ4 ● Manual Scale: https://youtu.be/vzO90uuRjO8 ● OverCloud AUTO Scale: https://youtu.be/bcJo7Bj7ho4 ● Heat/Cloudformations Templates: https://youtu.be/qiKrrGi51HU
Red Hat OpenStack Platform64
Integrated with Red Hat Ceph StorageDefault backend for Red Hat OpenStack Platform, which now comes with 64TB of Ceph Enterprise
Manual installation of Red Hat Storage Console available (Ceph 2 management tool)
Ceph Rados Object Gateway can be enabled by Director (as an option)
Director can connect to an externally-managed Ceph cluster. It can also install/deploy/update Ceph
Red Hat OpenStack Platform65
OpenDaylight *Minimalistic release, not meant to compete with SDN vendors (Tech Preview)
Main focus is on providing NetVirt and SFC for OpenStack by using the OpenDaylight ML2 plug-in
Latest OpenDaylight release (Boron SR1 – estimated Jan 2017), deployed via Director
Feature List: ● Distributed L2: VLAN, NVGRE, VXLAN
● Distributed L3: east/west routing, floating IPs
● No support for NAPT (aka SNAT)
● No support for IPv6
● DHCPv4 using Neutron’s DHCP agent
● Network namespaces with dnsmasq
● Metadata (cloud-init) support through DHCP namespace
● Security-groups when OVS Conntrack * enabled
● Supports Neutron port-security extensions
● Simplified architecture; no l2-agent or l3-agent
*Tech Preview features are subject to change in GA release
Red Hat OpenStack Platform66
Operational Tools OverviewClients/Agents are now fully supported in Red Hat OpenStack Platforms (except collectd – Tech Preview).
The server packages are kept on an upstream community repo (CentOS OpsTools SIG), with Ansible playbooks for a easy but manual install
Performance/Capacity Centralized Logging Availability Monitoring
Red Hat OpenStack Platform67
Operational Tools in DetailCentralized Logging Suite
● Centralized EFK Stack: Fluentd, Kibana and ElasticSearch● All nodes come with a fluentd log collection agent
Availability Monitoring Suite● Sensu (for alert monitoring) and Uchiwa (for web UI)● Redis and RabbitMQ as backends● All nodes can be deployed with a Sensu monitoring agent● Better alternative to Nagios+NRPE (which are also supported)
Performance Monitoring Suite● Graphite (for metric collection) and grafana (for web UI)● All nodes can be deployed with a collectd agent * (Tech Preview)
It is recommended to host the management Server on a node outside of the OpenStack installation
*Tech Preview features are subject to change in GA release
Red Hat OpenStack Platform68
Red Hat Identity ManagementFor advanced features like LDAP Authentication and password policies, Single Sign On *, Federated Identity *, TLS Certificate management, etc. More information in Red Hat OSP+IDM documentation
*Tech Preview features are subject to change in GA release
Red Hat OpenStack Platform69
Insights and Red Hat AccessThe Red Hat Access tab in Horizon allows you to search for and read articles or solutions from the Red Hat Customer Portal, view logs from your instances and diagnose them, and work with your customer support cases.
Red Hat® Insights increases visibility into IT environments and provides trusted guidance to help businesses avoid disruption and optimize performance of their IT operations.
Red Hat OpenStack Platform provides Insights integration as an option out of the box.
Red Hat OpenStack Platform70
SatelliteIntegration with Satellite 6 enables advanced management of node content (packages):
● subscription management (for Satellite 5, only through RHN channels),● review of content (packages) on nodes,● new content notification, errata overview,● management of which packages are available to nodes.
It can also provision nodes on Red Hat OpenStack automatically, see Provisioning Guide
For certain SKUs with RHEL guest support (or for Virtual Datacenter), the use of virt-who can also help with subscription management
Red Hat OpenStack Platform71
OpenShift Container Platform as a workloadRed Hat does not support upstream projects that offer limited management for container platforms to tenants as new OpenStack APIs (like Magnum, Murano).
Red Hat has a complete Reference Architecture, easy to install, for OpenShift Container Platform as a guest:● Kubernetes integrates with OpenStack Networking and Storage.
● Automatically provision kubernetes nodes via the OpenStack cloud provider plug-in (kubelet --cloud-provider=openstack ).
● Check out the Red Hat Cloud Suite for an integrated product.
https://access.redhat.com/articles/2743631
Red Hat OpenStack Platform72
Ansible Core and Ansible TowerAnsible Core supports native OpenStack orchestration since 2.0 via the shade library (examples here), as a simple alternative to Heat templates
Ansible Tower brings more advanced features● Heat can define WaitConditions to hook with Tower and
pause/resume a Heat template until it receives a API callback from Tower
● Tower can dynamically discover openstack instances, remove old ones
● More powerful than cloud-init, easier than puppet
More examples in this excellent blog post
Red Hat OpenStack Platform73
Red Hat Cloud Suite
Advanced Topics
Red Hat OpenStack Platform75
NFV – Network Functions Virtualization
Red Hat NFV Solution is based on 100% Open-Source components, also certified VNFs
Extensive Partner Ecosystem for a production-ready, supported ETSI NFV compliant platform
Extensively documented in our Documentation page and Telco
Red Hat OpenStack Platform76
Hyper Converged Infrastructure*Co-locates Ceph OSDs in the Compute nodes
Requires NUMA and performance tuning https://pnt.redhat.com/pnt/p-971153/
Previous Reference Archiecture to automatically deploy HCI via Director and Ceph-ansible, with OSP8 and Ceph1.3, with the above tuning included: https://pnt.redhat.com/pnt/p-1088663/
*Tech Preview features are subject to change in GA release
Red Hat OpenStack Platform77
Neutron: DVR
Red Hat OpenStack Platform78
Neutron: DVRDistributed Virtual Routing, with ML2/OVS, makes Compute node
● Route east/west L3 traffic locally (better scale, no congestion) ● Perform NAT for floating IPs ● Respond to cloud-init/metadata service ● However, DHCP and Default SNAT (PAT) are still centralized
Director: single option to choose centralized routing (default) or DVR ● Customers are encouraged to review pros/cons of each and choose based on their topology
and workload requirements. ● See documentation (here and here) for caveats/considerations, e.g:
● External network connectivity in required on each Compute node for DVR● IPv6 traffic is still centralized, even if DVR is enabled● L3HA won’t work (until OSP11)
Red Hat OpenStack Platform79
Rally
Benchmarking tool that automates and unifies multi-node OpenStack deployment, cloud verification, benchmarking and profiling. It can be used as a basic tool for an OpenStack CI/CD system that would continuously improve its SLA, performance and stability. It consists of the following core components:
● Server Providers - provide a unified interface for interaction with different virtualization technologies and cloud suppliers. It does so via ssh access and in one L3 network
● Deploy Engines - deploy an OpenStack distribution before any benchmarking procedures take place, using servers retrieved from Server Providers
● Verification - runs specific set of tests against the deployed cloud to check that it works correctly, collects results & presents them in human readable form
● Benchmark Engine - write parameterized benchmark scenarios & run them against the cloud.
Performance Guide available (currently about Red Hat OpenStack Platform version 7)
Open source project Browbeat: a set of scripts and Ansible playbooks to help determine different performance characteristics of OpenStack
*Tech Preview features are subject to change in GA release
Red Hat OpenStack Platform80
Containerized OpenStack infrastructure*Who does this help? OpenStack Administrators. End-users get no benefit from a containerized Host
Currently: Containerized Compute nodes (Tech Preview)● Openstack components and dependencies packaged as dockerfiles
● Uses RHEL Atomic as host OS. Cannot be upgraded with Director.
Red Hat is working on a roadmap for fully-containerized OpenStack ● Faster updates and upgrades (even CI/CD)
● Limited rollback capabilities (depends on upstream project)
● Easier management of HA dependencies, troubleshooting
● Most technical challenges involve improvements to Kubernetes networking and baremetal deployment
● Goal is to offer automatic upgrade to hundreds of existing customers
*Tech Preview features are subject to change in GA release
Red Hat OpenStack Platform81Red Hat OpenStack Platform
Neutron features in Tech PreviewNeutron features available with manual configuration
Not fully supported yet
Automatic Network Topologies
Also called “get me a network”
Firewall - aaS
On-demand L3/L4 iptables-based gateway with custom firewall policies at the edgeRe-implemented in DVR
Conntrack-based firewall in OVS
Removes the need for integration bridges, better performance
Virtual Private Networks – aaS
On-demand IPSec/IKE policies, tunnel configuration based on LibreSWAN
Autonetwork
VPNaaS
FWaaS
Conntrack
*Tech Preview features are subject to change in GA release
Red Hat OpenStack Platform82Red Hat OpenStack Platform
Other features in Tech PreviewFeatures available with manual configuration
Not fully supported yet
Google Cloud Storage backup
Cinder driver to store volume backups, useful for Disaster Recovery
Red Hat Single-Sign-On
Helps configure Apache SAML provider for Keycloak
Nova Cells v2.0
Scale over hundreds of compute nodes with Nova API sgementation
Data At-Rest Encryption
Encrypts objects in the filesystem using AES in CTR mode with 256-bit keys
At-rest
SSO
Cells
*Tech Preview features are subject to change in GA release
Red Hat OpenStack Platform83
SR-IOVPartitions high-performance network cards (NIC) in Virtual Functions (VF), each with its own PCI IDs.
Some NICs support hardware-based VLAN tagging and other offload techniques (IOMMU, etc)
Nova doesn’t understand SRIOV VFs, so in the past it could only perform a basic PCI Passthrough
With Neutron, we can perform two things (not simultaneously, mutually exclusive)
● VF passthrough: Nova tells KVM to passthrough all IO from a VM to the unique PCI ID of the VF. Each active VM gets a fraction of NIC bandwidth
● PF passthrough: Nova will only allow one VM to use the NIC, thanks to passthrough of the root PCI ID. That VM gets all the physical bandwidth
VM must use the NIC-specific driver. More info here
Red Hat OpenStack Platform84
DPDK-Accelerated OVSThe Hypervisor now has a user-space only version of OVS accelerated by DPDK, transparent to tenants. It’s an alternative to classical OVS (kernel datapath)
It allocates a NIC and a CPU to execute the “Poll Mode Driver”, bypassing the kernel, dramatically increasing the overall performance
It achieves maximum throughput with low latency, even with small packet sizes, for both net-to-VM (uses VFIO) and VM-to-VM traffic (uses virtio vhost-user)
Requires hugepages and CPU pinning
No security-groups, linux-bridge, QoS, etc
Flat or VLAN only. VXLAN not recommended
Only certain NICs supported
Deployed by Director in OSP10, from Fast Datapath repo
Red Hat OpenStack Platform85
Real-Time KVM*
* Testing available only to selected partners/customers
Predictable and deterministic scheduling of VM execution (VM should be RT too)
Runs on Red Hat Enterprise Linux for Real Time, which is a different kernel than regular RHEL.
Low average latency and no jitter for VM IO operations, like sending/receiving packets
Requires Hypervisor CPU isolation and NUMA pinning of devices: one socket for housekeeping, one socket for Real-Time
Not integrated in Director yet as it requires careful capacity planning and resource reservation for the compute nodes.
*Tech Preview features are subject to change in GA release
Red Hat OpenStack Platform86
VMWare support
Red Hat OpenStack Platform supports the VMware vCenter hypervisor driver.
See the VMware Integration Guide
Networking must be provided by a combination of either Neutron/NSX or Neutron/Nuage https://access.redhat.com/articles/2172831
Red Hat does not provide support for other Compute virtualization drivers such as the deprecated VMware "direct-to-ESX" hypervisor, and non-KVM libvirt hypervisors.
Red Hat OpenStack Platform87
Summary of Tech Preview Features
For the official list of Tech Previews per version, visit the Release Noteshttps://access.redhat.com/documentation/en/red-hat-openstack-platform/10/single/release-notes/
https://access.redhat.com/documentation/en/red-hat-openstack-platform/9/single/release-notes/
https://access.redhat.com/documentation/en/red-hat-openstack-platform/8/single/release-notes/
THANK YOUplus.google.com/+RedHat
linkedin.com/company/red-hat
youtube.com/user/RedHatVideos
facebook.com/redhatinc
twitter.com/RedHatNews
top related