Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Openstack meetup: Bootstrapping OpenStack to Corporate IT

3,210 views

Published on

Bootstrapping OpenStack to the requirements of a typical, corporate IT department. It may be straightforward to start using OpenStack out of the box; fitting OpenStack to corporate IT with its many compliance and security standards can, however, present some challenges.

Published in: Technology
  • Sex in your area is here: ❤❤❤ http://bit.ly/369VOVb ❤❤❤
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Dating for everyone is here: ❤❤❤ http://bit.ly/369VOVb ❤❤❤
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Openstack meetup: Bootstrapping OpenStack to Corporate IT

  1. 1.
  2. 2. Agenda<br />OpenStack adoption for Mirantis IT<br />Mirantis IT overview<br />Integration with legacy LDAP<br />Advanced Network features<br />Disaster recovery mechanisms<br />OpenStack development in Mirantis<br />Community roadmap<br />
  3. 3. Mirantis IT overview<br />5 sites around the world<br />4-6 servers in each site<br />Bunch of projects with its own requirements<br />Single users/projects authentication<br />
  4. 4. MirantisIT Requirements<br />
  5. 5. Mirantis IT Requirements<br />
  6. 6. Mirantis IT Requirements<br />
  7. 7. Mirantis IT Requirements<br />
  8. 8. Mirantis IT Requirements<br />
  9. 9. Mirantis IT Requirements<br />
  10. 10. Mirantis IT Requirements<br />
  11. 11. Mirantis IT Requirements<br />
  12. 12. Mirantis IT Requirements<br />
  13. 13. Mirantis IT Requirements<br />
  14. 14. Deployment schema<br />
  15. 15. Key bottlenecks<br />Integration with existingLDAP<br />Advanced Network features<br />Disaster recovery mechanisms<br />
  16. 16. LDAP auth<br />Current OpenStack support:<br />Management of users<br />Management of projects<br />Management of roles<br />
  17. 17. LDAP auth<br />Current OpenStack support:<br />Management of users<br />Management of projects<br />Management of roles<br />Issue:<br />Supportofexisting accounts managementsystem (GOsa)<br />
  18. 18. LDAP auth<br />Current OpenStack support:<br />Management of users<br />Management of projects<br />Management of roles<br />Issue:<br />Supportofexisting accounts managementsystem (GOsa)<br />Solution: GOsaplugin https://github.com/Mirantis/gosa-openstack. <br />
  19. 19. LDAP server info injection<br />
  20. 20. Created Server in GOsa<br />
  21. 21. Results<br /><ul><li>LDAP authentication and authorization
  22. 22. DNS records are managed by existing LDAP schema
  23. 23. Access to VMs is granted based on existing LDAP mechanisms</li></li></ul><li>Key bottlenecks<br />Integration with legacy LDAP<br />Advanced Network features<br />Disaster recovery mechanisms<br />
  24. 24. OpenStack networking<br />Supported topologies:<br />Flat<br />FlatDHCP<br />VlanManager<br />
  25. 25. Public IPs, FlatDHCP<br />Goal:<br />Assign public IP addresses to VMs<br />Make VMs routable from Internet<br />Allow one of the network IP be set on the router to use OSPF<br />
  26. 26. Public IPs, FlatDHCP<br />Goal:<br />Assign public IP addresses to VMs<br />Make VMs routable from Internet<br />Allow one of the network IP be set on the router to use OSPF<br />Issue:<br />FlatDHCP manager assigns the first IP of net to the bridge and leases all other IPsforVMs<br />
  27. 27. Public IPs, FlatDHCP<br />How to configure/fix:<br />Add in nova.conf:<br />--public_interface=em1<br /> --flat_interface=em1.89<br />Assign any IP of net except the first one to router IP to use OSPF<br />Mark this IP in the database as “reserved”:<br /> UPDATE `nova`.`fixed_ips` SET `reserved` = '1' WHERE `fixed_ips`.`address` ="x.x.x.x";<br />
  28. 28. VlanManager modifications<br />Goal:<br />Run private cloud on the Vlan’ed network with limitations:<br />1st,2nd,3rd IP addresses are reserved for VRRP<br />First IP is default gateway for the network<br />
  29. 29. VlanManager modifications<br />Goal:<br />Run private cloud on the Vlan’ed network with limitations:<br />1st,2nd,3rd IP addresses are reserved for VRRP<br />First IP is default gateway for the network<br />Issues with current implementation:<br />1st IP address is assigned to the bridge<br />Bridge IP is used as default gateway for VMs<br />
  30. 30. VlanManager modifications<br />Goal:<br />Run private cloud on the Vlan’ed network with limitations:<br />1st,2nd,3rd IP addresses are reserved for VRRP<br />First IP is default gateway for the network<br />Issues with current implementation:<br />1st IP address is assigned to the bridge<br />Bridge IP is used as default gateway for VMs<br />We changed:<br />Fourth IP is assigned to the bridge<br />First IP for default VMs gateway<br />
  31. 31. Results<br /><ul><li>Patch OpenStack to support public IP addresses in the context of existing IT setup
  32. 32. Create a workaround, given first 3 IPswereunavailable</li></li></ul><li>Key bottlenecks<br />Integration with legacy LDAP<br />Advanced Network features<br />Disaster recovery mechanisms<br />
  33. 33. Compute node failure<br />
  34. 34. Disaster recovery<br />To recover VM, run<br />./nova-compute <instance_id><br />Seeblogpost at <br />bit.ly/lb4wJ9<br />
  35. 35. OpenStackDisasterRecoverySummary<br />Addressed compute node failures with custom script<br />Our script still has limitations<br />CloudControllerfailures are a problem under research<br />For instance, no highly available networking <br />No current self-healing mechanisms<br />
  36. 36. OpenStack Modifications Summary<br />VNC console via browser<br />
  37. 37. OpenStack Modifications Summary<br />VNC console via browser<br />RPMs Nova, Glance, Dashboard for Fedora<br />
  38. 38. OpenStack Modifications Summary<br />VNC console via browser<br />RPMs Nova, Glance, Dashboard for Fedora<br />Injection server info and DNS records into existing LDAP<br />
  39. 39. OpenStack Modifications Summary<br />VNC console via browser<br />RPMs Nova, Glance, Dashboard for Fedora<br />Injection server info and DNS records into existing LDAP<br />Assignment network to the project manually<br />
  40. 40. OpenStack Modifications Summary<br />VNC console via browser<br />RPMs Nova, Glance, Dashboard for Fedora<br />Injection server info and DNS records into existing LDAP<br />Assignment network to the project manually<br />Projects support in nova client<br />
  41. 41. OpenStack Modifications Summary<br />VNC console via browser<br />RPMs Nova, Glance, Dashboard for Fedora<br />Injection server info and DNS records into existing LDAP<br />Assignment network to the project manually<br />Projects support in nova client<br />LDAP speed up<br />
  42. 42. OpenStack ModificationsSummary<br />VNC console via browser<br />RPMs Nova, Glance, Dashboard for Fedora<br />Injection server info and DNS records into existing LDAP<br />Assignment network to the project manually<br />Projects support in nova client<br />LDAP speed up<br />Instance name in Dashboard Launch dialog<br />
  43. 43. OpenStack Modifications Summary<br />VNC console via browser<br />RPMs Nova, Glance, Dashboard for Fedora<br />Injection server info and DNS records into existing LDAP<br />Assignment network to the project manually<br />Projects support in nova client<br />LDAP speed up<br />Instance name in Dashboard Launch dialog<br />FQDN based on instance name<br />
  44. 44. Roadmap<br />
  45. 45. Roadmap<br />
  46. 46. Roadmap<br />
  47. 47. Roadmap<br />
  48. 48. Roadmap<br />
  49. 49. Roadmap<br />
  50. 50. Roadmap<br />
  51. 51. Roadmap<br />
  52. 52. Roadmap<br />
  53. 53. Lessons Learned<br />Have to get your hands dirty to understand OpenStack limitations<br />OpenStack development != Python programming<br />Go to production early<br />
  54. 54. Where to find our work<br />https://code.launchpad.net/~mirantis<br />https://github.com/Mirantis<br />http://mirantis.blogspot.com/<br />

×