12. OpenStack Community Awards
Stacy Véronneau – ‘Does Anyone Actually Use This’
Trophy
‘He helped to reboot and fuel the Canadian OpenStack
community. He is our first ambassador and also a
mentor with the OSF mentor program.
He deserves recognition because he has put a lot of
effort and time into our community and still does.’
---- OpenStack Foundation
13. SuperUser Award - OICR - The Cube Interview
https://youtu.be/lhzIr3K9Kgs
14. The Cube - Kontron and Canonical Interview
https://youtu.be/a886g5B2LIc
16. Canadian Speakers Sessions
● KEYNOTE: Integration testing on an OpenStack public cloud --- Mohammed Naser from VexxHost
○ https://www.openstack.org/videos/vancouver-2018/integration-testing-on-an-openstack-public-cloud
● OpenStack Days and MeetUps across Canada - A Community Story --- Noura Daadaa and Jason Sones
from Nokia and Stacy Veronneau from CloudOps
○ https://www.openstack.org/videos/vancouver-2018/openstack-days-and-meetups-across-canada-a-co
mmunity-story
● We tried OpenStack Passport - Here's what we found out... --- John Studarus from JHL Consulting and
Stacy Véronneau from CloudOps
○ https://www.openstack.org/videos/vancouver-2018/we-tried-openstack-passport-heres-what-we-found-
out
● In-depth monitoring for Openstack services --- George Mihaiescu and Jared Baker from OICR
○ https://www.openstack.org/videos/vancouver-2018/in-depth-monitoring-for-openstack-services
17. Canadian Speakers Sessions
● Enabling Security for OpenStack Guests - TPM Support for VMs at the Edge --- Ian Jolliffe and Kam Nasim
from Wind River
○ https://www.openstack.org/videos/vancouver-2018/enabling-security-for-openstack-guests-tpm-suppor
t-for-vms-at-the-edge
● StarlingX: cloud infrastructure for high-performance, low latency applications --- Dean Troyer (Intel), Brent
Rowsell and Ian Jolliffe (Wind River)
○ https://www.openstack.org/videos/vancouver-2018/starlingx-cloud-infrastructure-for-high-performance-
low-latency-applications
● Extend Horizon Headers for easy monitoring and fault detection - and more --- Ian Jolliffe and Tyler Smith
from Wind River
○ https://www.openstack.org/videos/vancouver-2018/extend-horizon-headers-for-easy-monitoring-and-fa
ult-detection-and-more
18. Canadian Speakers Sessions
● Integration of Multiple OpenStack Clouds with a Core MPLS Network --- Curtis Collicutt and Rahul Kumar
from IDX
○ https://www.openstack.org/videos/vancouver-2018/integration-of-multiple-openstack-clouds-with-a-cor
e-mpls-network
● KEYNOTE: 5G Network Slicing and OpenStack --- Curtis Collicutt and Corey Erickson from IDX
○ https://www.openstack.org/videos/vancouver-2018/keynote-5g-network-slicing-and-openstack
● 5G Network Slicing and OpenStack --- Curtis Collicutt and Corey Erickson from IDX
○ https://www.openstack.org/videos/vancouver-2018/5g-network-slicing-and-openstack
● Friendly coexistence of Virtual Machines and Containers on Kubernetes using KubeVirt --- Stu Gott and
Stephen Gordon from Red Hat
○ https://www.openstack.org/videos/vancouver-2018/friendly-coexistence-of-virtual-machines-and-contai
ners-on-kubernetes-using-kubevirt
19. Canadian Speakers Sessions
● OpenDev CI/CD - Ansible Community Meetup --- David Moreau Simard from Red Hat
○ https://www.openstack.org/summit/vancouver-2018/summit-schedule/events/21724/ansible-communit
y-meetup
● OpenDev CI/CD - Productizing Open Source Through CI --- David Moreau Simard from Red Hat
○ https://www.openstack.org/summit/vancouver-2018/summit-schedule/events/21698/productizing-open
-source-through-ci
● OpenDev CI/CD - Infra - Project Onboarding --- Clark Boylan (OpenStack Foundation) and David Moreau
Simard (Red Hat)
○ https://www.openstack.org/summit/vancouver-2018/summit-schedule/events/21631/infra-project-onbo
arding
● How to use OPNFV Testing tools to test/validate an openstack provided by a vendor --- Valentin Boucher
(Kontron) and Morgan Richomme (Orange Labs)
○ https://www.openstack.org/videos/vancouver-2018/how-to-use-opnfv-testing-tools-to-testvalidate-an-o
penstack-provided-by-a-vendor
20. Canadian Speakers Sessions
● DPDK: Putting Neutron in the fast lane --- Mohamed Elsakhawy from Compute Canada
○ https://www.openstack.org/videos/vancouver-2018/dpdk-putting-neutron-in-the-fast-lane
● Rio de Janeiro Hackathon Winner: Team Alirou --- Marcelo Dieder (Santander Getnet) and Bertin Colpron
(Kontron) and João C D Freire Ribeiro (INOVAX)
○ https://www.openstack.org/videos/vancouver-2018/rio-de-janeiro-hackathon-winner-team-alirou
● Ambassador Meet & Greet at the OpenInfra Mixer --- Stacy Véronneau (CloudOps) and all the other
Ambassadors present
○ https://www.openstack.org/summit/vancouver-2018/summit-schedule/events/21865/ambassador-meet
-and-greet-at-the-openinfra-mixer
21. Reach out to your organizers for talk submission,
sponsorship or any MeetUp related topics.
22. Join us on Slack!
https://bit.ly/openstack-canada
41. www.computingstack.com
About ComputingStack.com
ComputingStack is a development and engineering focused business. We
contribute to upstream Open Source, create our own package and deliver
the services of those to enterprise user for those data and cloud solution. In
meanwhile we partner up with solution providers to accelerate their solution
portfolios.
IntOS is a self-maintained package by ComputingStack, composed of IntOS
OpenStack, Ceph Storage, Kubernetes as well IntOS Cloud Management.
The ground up packaging with “0” dependencies on third parties
compoment makes it possible to depoy anywhere anytime any device.
95% generic upstream codes of openstack, ceph, K8s, monitoring, high
availability components
5% in-house developed codes: automation, packaging , bug fix, HA ,
security engineering, customizations, tools
IntOS targets at Enterprise Ready for high complex cloud, while
incrementally incorporating Cloud 2.0 services for NFV, Edge, IoT etc.
42. www.computingstack.com
Pre-Conclusions
Benefits:
- No EXPENSIVE $€£¥$ public cloud
- Magnum+Octavia+Barbican provide super experience of Kubernetes
clustering: High Secure, Scalable, and High Available
- A comparable to AWS EKS
- Just a natural step forward, when OpenStack in place,
- Truly community driven “OPEN”: issues resolvable
Drawbacks:
- Integration is not a small work, expert openstack + solid Kubernetes
knowledge, but with community, it can be simple
- Both OpenStack and Kubernetes are dynamic, so keeping changing is a
challenge for reaching a best balance (functionality vs stability) of this
marriage.
- Octavia is over HAProxy, a rather stable, approachable, usable backend
45. www.computingstack.com
Understand the complexity of building such
Installer
40%
High Availbility
Impl
20%
Confiugre files *.conf
20%
Security Impl
10%
Underlying Linux
integration
5%
Codes bug
2%
User Operation
knowledge
2%
Hardware
1%
Other
5%
Where efforts go
Installer High Availbility Impl Confiugre files *.conf Security Impl
Underlying Linux integration Codes bug User Operation knowledge Hardware
Kolla
Helms
Ansible
IntOS
Redhat OSP
Mirantis MOS
Ubuntu conjure up
Yum package
Apt package
Vendor specific:
Rackspace,
Wind River
Huawei etc
47. www.computingstack.com
Three Versions of load balancers by
OpenStack
LBAAS V1 LBAASV2 OCTAVIA
Deprecated in Liberty Deprecated in Pike Only option of Load
Balancer in Queens
Agent support:
neutron_lbaas.services.loadbal
ancer.plugin.LoadBalancerPlugi
nv2
neutron_lbaas.drivers.haproxy.p
lugin_driver.HaproxyOnHostPlu
ginDriver:default
Agent support:
neutron_lbaas.services.loadbal
ancer.plugin.LoadBalancerPlugi
nv2
neutron_lbaas.drivers.haproxy.p
lugin_driver.HaproxyOnHostPlu
ginDriver:default
Octavia Support:
neutron_lbaas.services.loadbal
ancer.plugin.LoadBalancerPlugi
nv2
LOADBALANCERV2:Octavia:n
eutron_lbaas.drivers.octavia.dri
ver.OctaviaDriver:default
ZERO neutron
dependencies
48. www.computingstack.com
Queens Version Major Change
Queens has no significant change, but is a cut off alike change, as
it is separated completely from Neutron
- stopped github/neutron-lbaas repo
- stopped github/neutron-lbaas-dashbaord
- Continue: github/octavia
- New: github/octavia-dashboard
- Stopped as plugin/service provider to neutron, but level 1 service
- Stopped cli: neutron-lbaas-xxxx
- Octavia doesnot read neutron.conf
- Api CALL change
- CLI: only ocatavia neutron-lbaas
- How is it causing compatibility problem?
- Configuration
- Database
- Upgrading
- Magnum
49. www.computingstack.com
Network and Image Prep
LB COMSUMES a lot of IP and Compute
resources!!!
Lb-mgmt-net has to be a public network, through
which Octavia conductor talks with LB instances
In dev, external_network (which floating-ip uses) can
be used as lb-mgmt-net
Image: amphora with: tags: amphora
Flavor: amphora is Ubuntu, so can’t be too small,
but our env shows 1 core 2G ram performs well
50. www.computingstack.com
Certificates in Octavia
Notes: Certificates dealing can be daunting
The bi-directional TLS authentication is only security measure for network
between HAproxy and OpenStack controller, hence a must, either CA signed
or self-signed.
https://github.com/openstack/octavia/blob/master/bin/create_certificates.sh
works
openssl genrsa -passout pass:foobar -des3 -out private/cakey.pem (A)2048
openssl req -x509 -passin pass:foobar(B) -new -nodes -key private/cakey.pem
-config $OPEN_SSL_CONF
-subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com"
-days $VALIDITY_DAYS
-out ca_01.pem (C)
openssl x509 -in ca_01.pem -text -noout
openssl req
-newkey rsa:2048 -nodes -keyout client.key (D)
-subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com"
-out client.csr (E)
openssl ca -passin pass:foobar -config $OPEN_SSL_CONF -in client.csr
-days $VALIDITY_DAYS -out client-.pem -batch
cat client-.pem client.key > client.pem (F)
Vi /etc/Octavia/Octavia.conf
[certificates]
ca_private_key = /home/intos/certificates/private/cakey.pem (A)
ca_private_key_passphrase = foobar(B)
[haproxy_amphora]
client_cert = /etc/octavia/certs/server_ca.pem (F)
server_ca = /etc/octavia/certs/client.pem (C)
[amphora_agent]
agent_server_ca = /etc/octavia/certs/client_ca.pem(D)
agent_server_cert = /etc/octavia/certs/server.pem(F)
51. www.computingstack.com
Migration to Octavia from
neutron-lbaas: work around
https://wiki.openstack.org/wiki/Neutron/LBaaS/
Deprecation
Octavia DB replaces previous neutron DB
addon
Manual deletion might be needed on neutron
db, but it won’t hurt
neutron.conf: no service_provider, no plugin
52. www.computingstack.com
Integration with Magnum
- Octavia is a MUST for kubernetes over
OpenStack
- Integration might be straightforward as only API
call in between
- However:
- Magnum k8s master: kube-controller-
manager.service may not be well compatible
with new API change of Octavia to create
external LB service to expose pods
- Manual LB works well
- Workaround: service_plugins = router,lbaasv2-
proxy
53. www.computingstack.com
Some lessons
- OpenStack is far beyond
network/computing/storage, but SERVICES
- OpenStack Doc provides an idea, but far from
being correct, sometimes misleading
- Codes, codes, dive more, more insights!
- DevStack is fairly easy to learn many codes
details, highly recommended as a tool handy
- OpenStack is high complex, and be prepared for
long install journey, but eventually worth it
- Fortunately we have community and support