Openstack meetup: Bootstrapping OpenStack to Corporate IT

3,038 views

Published on

Bootstrapping OpenStack to the requirements of a typical, corporate IT department. It may be straightforward to start using OpenStack out of the box; fitting OpenStack to corporate IT with its many compliance and security standards can, however, present some challenges.

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,038
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
169
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Openstack meetup: Bootstrapping OpenStack to Corporate IT

  1. 1.
  2. 2. Agenda<br />OpenStack adoption for Mirantis IT<br />Mirantis IT overview<br />Integration with legacy LDAP<br />Advanced Network features<br />Disaster recovery mechanisms<br />OpenStack development in Mirantis<br />Community roadmap<br />
  3. 3. Mirantis IT overview<br />5 sites around the world<br />4-6 servers in each site<br />Bunch of projects with its own requirements<br />Single users/projects authentication<br />
  4. 4. MirantisIT Requirements<br />
  5. 5. Mirantis IT Requirements<br />
  6. 6. Mirantis IT Requirements<br />
  7. 7. Mirantis IT Requirements<br />
  8. 8. Mirantis IT Requirements<br />
  9. 9. Mirantis IT Requirements<br />
  10. 10. Mirantis IT Requirements<br />
  11. 11. Mirantis IT Requirements<br />
  12. 12. Mirantis IT Requirements<br />
  13. 13. Mirantis IT Requirements<br />
  14. 14. Deployment schema<br />
  15. 15. Key bottlenecks<br />Integration with existingLDAP<br />Advanced Network features<br />Disaster recovery mechanisms<br />
  16. 16. LDAP auth<br />Current OpenStack support:<br />Management of users<br />Management of projects<br />Management of roles<br />
  17. 17. LDAP auth<br />Current OpenStack support:<br />Management of users<br />Management of projects<br />Management of roles<br />Issue:<br />Supportofexisting accounts managementsystem (GOsa)<br />
  18. 18. LDAP auth<br />Current OpenStack support:<br />Management of users<br />Management of projects<br />Management of roles<br />Issue:<br />Supportofexisting accounts managementsystem (GOsa)<br />Solution: GOsaplugin https://github.com/Mirantis/gosa-openstack. <br />
  19. 19. LDAP server info injection<br />
  20. 20. Created Server in GOsa<br />
  21. 21. Results<br /><ul><li>LDAP authentication and authorization
  22. 22. DNS records are managed by existing LDAP schema
  23. 23. Access to VMs is granted based on existing LDAP mechanisms</li></li></ul><li>Key bottlenecks<br />Integration with legacy LDAP<br />Advanced Network features<br />Disaster recovery mechanisms<br />
  24. 24. OpenStack networking<br />Supported topologies:<br />Flat<br />FlatDHCP<br />VlanManager<br />
  25. 25. Public IPs, FlatDHCP<br />Goal:<br />Assign public IP addresses to VMs<br />Make VMs routable from Internet<br />Allow one of the network IP be set on the router to use OSPF<br />
  26. 26. Public IPs, FlatDHCP<br />Goal:<br />Assign public IP addresses to VMs<br />Make VMs routable from Internet<br />Allow one of the network IP be set on the router to use OSPF<br />Issue:<br />FlatDHCP manager assigns the first IP of net to the bridge and leases all other IPsforVMs<br />
  27. 27. Public IPs, FlatDHCP<br />How to configure/fix:<br />Add in nova.conf:<br />--public_interface=em1<br /> --flat_interface=em1.89<br />Assign any IP of net except the first one to router IP to use OSPF<br />Mark this IP in the database as “reserved”:<br /> UPDATE `nova`.`fixed_ips` SET `reserved` = '1' WHERE `fixed_ips`.`address` ="x.x.x.x";<br />
  28. 28. VlanManager modifications<br />Goal:<br />Run private cloud on the Vlan’ed network with limitations:<br />1st,2nd,3rd IP addresses are reserved for VRRP<br />First IP is default gateway for the network<br />
  29. 29. VlanManager modifications<br />Goal:<br />Run private cloud on the Vlan’ed network with limitations:<br />1st,2nd,3rd IP addresses are reserved for VRRP<br />First IP is default gateway for the network<br />Issues with current implementation:<br />1st IP address is assigned to the bridge<br />Bridge IP is used as default gateway for VMs<br />
  30. 30. VlanManager modifications<br />Goal:<br />Run private cloud on the Vlan’ed network with limitations:<br />1st,2nd,3rd IP addresses are reserved for VRRP<br />First IP is default gateway for the network<br />Issues with current implementation:<br />1st IP address is assigned to the bridge<br />Bridge IP is used as default gateway for VMs<br />We changed:<br />Fourth IP is assigned to the bridge<br />First IP for default VMs gateway<br />
  31. 31. Results<br /><ul><li>Patch OpenStack to support public IP addresses in the context of existing IT setup
  32. 32. Create a workaround, given first 3 IPswereunavailable</li></li></ul><li>Key bottlenecks<br />Integration with legacy LDAP<br />Advanced Network features<br />Disaster recovery mechanisms<br />
  33. 33. Compute node failure<br />
  34. 34. Disaster recovery<br />To recover VM, run<br />./nova-compute <instance_id><br />Seeblogpost at <br />bit.ly/lb4wJ9<br />
  35. 35. OpenStackDisasterRecoverySummary<br />Addressed compute node failures with custom script<br />Our script still has limitations<br />CloudControllerfailures are a problem under research<br />For instance, no highly available networking <br />No current self-healing mechanisms<br />
  36. 36. OpenStack Modifications Summary<br />VNC console via browser<br />
  37. 37. OpenStack Modifications Summary<br />VNC console via browser<br />RPMs Nova, Glance, Dashboard for Fedora<br />
  38. 38. OpenStack Modifications Summary<br />VNC console via browser<br />RPMs Nova, Glance, Dashboard for Fedora<br />Injection server info and DNS records into existing LDAP<br />
  39. 39. OpenStack Modifications Summary<br />VNC console via browser<br />RPMs Nova, Glance, Dashboard for Fedora<br />Injection server info and DNS records into existing LDAP<br />Assignment network to the project manually<br />
  40. 40. OpenStack Modifications Summary<br />VNC console via browser<br />RPMs Nova, Glance, Dashboard for Fedora<br />Injection server info and DNS records into existing LDAP<br />Assignment network to the project manually<br />Projects support in nova client<br />
  41. 41. OpenStack Modifications Summary<br />VNC console via browser<br />RPMs Nova, Glance, Dashboard for Fedora<br />Injection server info and DNS records into existing LDAP<br />Assignment network to the project manually<br />Projects support in nova client<br />LDAP speed up<br />
  42. 42. OpenStack ModificationsSummary<br />VNC console via browser<br />RPMs Nova, Glance, Dashboard for Fedora<br />Injection server info and DNS records into existing LDAP<br />Assignment network to the project manually<br />Projects support in nova client<br />LDAP speed up<br />Instance name in Dashboard Launch dialog<br />
  43. 43. OpenStack Modifications Summary<br />VNC console via browser<br />RPMs Nova, Glance, Dashboard for Fedora<br />Injection server info and DNS records into existing LDAP<br />Assignment network to the project manually<br />Projects support in nova client<br />LDAP speed up<br />Instance name in Dashboard Launch dialog<br />FQDN based on instance name<br />
  44. 44. Roadmap<br />
  45. 45. Roadmap<br />
  46. 46. Roadmap<br />
  47. 47. Roadmap<br />
  48. 48. Roadmap<br />
  49. 49. Roadmap<br />
  50. 50. Roadmap<br />
  51. 51. Roadmap<br />
  52. 52. Roadmap<br />
  53. 53. Lessons Learned<br />Have to get your hands dirty to understand OpenStack limitations<br />OpenStack development != Python programming<br />Go to production early<br />
  54. 54. Where to find our work<br />https://code.launchpad.net/~mirantis<br />https://github.com/Mirantis<br />http://mirantis.blogspot.com/<br />

×