Openstack DevOps Challenges outlines the journey of CloudRX, a fictitious company, to setup a production-grade Openstack cloud using DevOps practices. It discusses challenges faced in implementing continuous integration/delivery pipelines for Openstack and its heterogeneous components, managing configurations, automated testing of environments, packaging applications, and baremetal server management.
Software Defined networking - An overview
OpenStack Neutron Overview
OpenVswitch - Overview
Neutron-VXLAN-GRE-OVS : behind the scenes
neutron Packet flow to external network
neutron Packet flow from VM to VM
OpenStack “Liberty,” due for imminent release, represents the 12th release of the open source computing platform for public and private clouds. Recent OpenStack releases have focused on improving stability and enhancing the operator experience. This is still the case with Liberty, but there are still new features to consider.
Join Sean Cohen and Steve Gordon to review notable features of this new OpenStack release, including:
Network quality of service (QoS) support via a new extensible API for dynamically defining per-port and per-network QoS policies.
Mark host down API enhancement in support of external high-availability solutions, including pacemaker, providing resilient instances in the event of compute node failure.
Enhanced Security Assertion Markup Language (SAML) support including dashboard integration, Ipsilon, and OpenID Connect support.
Role-based access control (RBAC) for networks, providing fine-grained permissions for sharing networks between tenants.
Dashboard support for database-as-a-service (Trove), subnet allocation, floating IP assignment, and volume migration.
Generic volume migration—adding the ability to migrate workloads from iSCSI to non-iSCSI back ends.
New Cinder replication API to allow block level replication between back ends.
Nondisruptive backup to allow backup while the volume is still attached, by performing backup from a temporary attached snapshot.
New Image signing and encryption to guarantee integrity by supporting signing and signature validation of bootable images.
In addition we’ll discuss the state of emerging projects including Manila and Zaqar.
Software Defined networking - An overview
OpenStack Neutron Overview
OpenVswitch - Overview
Neutron-VXLAN-GRE-OVS : behind the scenes
neutron Packet flow to external network
neutron Packet flow from VM to VM
OpenStack “Liberty,” due for imminent release, represents the 12th release of the open source computing platform for public and private clouds. Recent OpenStack releases have focused on improving stability and enhancing the operator experience. This is still the case with Liberty, but there are still new features to consider.
Join Sean Cohen and Steve Gordon to review notable features of this new OpenStack release, including:
Network quality of service (QoS) support via a new extensible API for dynamically defining per-port and per-network QoS policies.
Mark host down API enhancement in support of external high-availability solutions, including pacemaker, providing resilient instances in the event of compute node failure.
Enhanced Security Assertion Markup Language (SAML) support including dashboard integration, Ipsilon, and OpenID Connect support.
Role-based access control (RBAC) for networks, providing fine-grained permissions for sharing networks between tenants.
Dashboard support for database-as-a-service (Trove), subnet allocation, floating IP assignment, and volume migration.
Generic volume migration—adding the ability to migrate workloads from iSCSI to non-iSCSI back ends.
New Cinder replication API to allow block level replication between back ends.
Nondisruptive backup to allow backup while the volume is still attached, by performing backup from a temporary attached snapshot.
New Image signing and encryption to guarantee integrity by supporting signing and signature validation of bootable images.
In addition we’ll discuss the state of emerging projects including Manila and Zaqar.
Ceph & OpenStack talk given @ OpenStack Meetup @ Bangalore, June 2015Deepak Shetty
Talk that showcases the advantages of using Ceph as the storage of choice in openstack. It shows how Ceph integrates with all openstack storage services and the adv of using Ceph as __the__ Unified Storage solution for Openstack
Build cloud like Rackspace with OpenStack AnsibleJirayut Nimsaeng
Build cloud like Rackspace with OpenStack Ansible Workshop in 2nd Cloud OpenStack-Container Conference and Workshop 2016 at Grand Postal Building, Bangrak, Bangkok on September 22-23, 2016
Containers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStackOpenStack
Containers and OpenStack
Audience: Intermediate
Topic: Infrastructure
Abstract: Containers are the new darling of the development world, and many are calling for an end of the IaaS world. But there are still key reasons that IaaS is important even as Container based development becomes the desired path for the development community. We will review containers in the context of their growth in popularity, and look at how OpenStack both continues to support and enable Container solutions, and the latest developments in OpenStack as a containerized solution directly.
Speaker Bio: Marc Van Hoof, Kumulus
Marc van Hoof has been in the technology industry for over 20 years, focused on developing, deploying, and scaling internet applications. He was part of a team that built the first internet data centre in Australia, has worked on some of the largest online real-time events, and advises companies on how to take advantage of the true benefits of migrating to the cloud.
OpenStack Australia Day Government - Canberra 2016
https://events.aptira.com/openstack-australia-day-canberra-2016/
The Battle of the distros - OS Summit Atlanta2014Edgar Magana
OpenStack is a powerful open-source cloud management system. Multiple services, databases, configuration files, messaging queues and runtime agents are needed to realize its full potential. This is obviously not easy to deploy in production and, even more important, to monitor and troubleshoot potential issues.
OpenStack distributions provide a solution to all the above-mentioned problems. But which one is the best for your cloud?
For the past 5 years, Canonical has engaged with dozens of communications service providers to design, build and operate virtualization infrastructure for network functions -- for the acronym lovers, delivering NFVI for VNFs. This presentation goes over the approach, challenges and learnings from multiple NFVI projects supporting multiple telco use cases.
Ceph & OpenStack talk given @ OpenStack Meetup @ Bangalore, June 2015Deepak Shetty
Talk that showcases the advantages of using Ceph as the storage of choice in openstack. It shows how Ceph integrates with all openstack storage services and the adv of using Ceph as __the__ Unified Storage solution for Openstack
Build cloud like Rackspace with OpenStack AnsibleJirayut Nimsaeng
Build cloud like Rackspace with OpenStack Ansible Workshop in 2nd Cloud OpenStack-Container Conference and Workshop 2016 at Grand Postal Building, Bangrak, Bangkok on September 22-23, 2016
Containers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStackOpenStack
Containers and OpenStack
Audience: Intermediate
Topic: Infrastructure
Abstract: Containers are the new darling of the development world, and many are calling for an end of the IaaS world. But there are still key reasons that IaaS is important even as Container based development becomes the desired path for the development community. We will review containers in the context of their growth in popularity, and look at how OpenStack both continues to support and enable Container solutions, and the latest developments in OpenStack as a containerized solution directly.
Speaker Bio: Marc Van Hoof, Kumulus
Marc van Hoof has been in the technology industry for over 20 years, focused on developing, deploying, and scaling internet applications. He was part of a team that built the first internet data centre in Australia, has worked on some of the largest online real-time events, and advises companies on how to take advantage of the true benefits of migrating to the cloud.
OpenStack Australia Day Government - Canberra 2016
https://events.aptira.com/openstack-australia-day-canberra-2016/
The Battle of the distros - OS Summit Atlanta2014Edgar Magana
OpenStack is a powerful open-source cloud management system. Multiple services, databases, configuration files, messaging queues and runtime agents are needed to realize its full potential. This is obviously not easy to deploy in production and, even more important, to monitor and troubleshoot potential issues.
OpenStack distributions provide a solution to all the above-mentioned problems. But which one is the best for your cloud?
For the past 5 years, Canonical has engaged with dozens of communications service providers to design, build and operate virtualization infrastructure for network functions -- for the acronym lovers, delivering NFVI for VNFs. This presentation goes over the approach, challenges and learnings from multiple NFVI projects supporting multiple telco use cases.
Openstack is one of the largest OSS projects today with hundreds of commits flowing in daily. This high rate of change requires an advanced CI infrastructure. The purpose of the talk is to provide an overview of this infrastructure, explaining the role of each tool and the pipelines along which changes have to travel before they find their way into the approved Openstack codebase.
Talk delivered at Openstack Day Israel 2016 : http://www.openstack-israel.org/#!agenda/cjg9
Barak Merimovich (GIgaSpaces) & Gal Moav (Ravello) - Devstack on Demand, Open...Cloud Native Day Tel Aviv
Devstack is an opinionated installed for Openstack. Gigaspaces Cloudify uses the Ravello cloud to run multiple instances of Devstack, with nested virutalization, each with a different openstack version and configurationץ
Craig Peters, Director of Product Management at Mirantis gave a great talk on Application Management in OpenStack with the use of their Murano App Catalog at the latest OpenStack Israel Meetup.
Tout au long de l’année, le réseau Twisto accompagne les habitants de l’Agglomération caennaise en leur proposant des solutions de mobilité pour se rendre aux diverses manifestations. La Foire Internationale de Caen fait partie de ces évènements incontournables.
Author: Rico Lin
Intro:
Dive in detail about a big task in Heat: To optimize application experiences in OpenStack.
This task aim to provide datacenter ready Orchestration service on OpenStack and make heat,
murano, sahara, tripleO and anyother services (used heat) to have trusted and stable Orchestration over cloud.
Performance of Microservice Frameworks on different JVMsMaarten Smeets
A lot is happening in world of JVMs lately. Oracle changed its support policy roadmap for the Oracle JDK. GraalVM has been open sourced. AdoptOpenJDK provides binaries and is supported by (among others) Azul Systems, IBM and Microsoft. Large software vendors provide their own supported OpenJDK distributions such as Amazon (Coretto), RedHat and SAP. Next to OpenJDK there are also different JVM implementations such as Eclipse OpenJ9, Azul Systems Zing and GraalVM (which allows creation of native images). Other variables include different versions of the JDK used and whether you are running the JDK directly on the OS or within a container. Next to that, JVMs support different garbage collection algorithms which influence your application behavior. There are many options for running your Java application and choosing the right ones matters! Performance is often an important factor to take into consideration when choosing your JVM. How do the different JVMs compare with respect to performance when running different Microservice implementations? Does a specific framework provide best performance on a specific JVM implementation? I've performed elaborate measures of (among other things) start-up times, response times, CPU usage, memory usage, garbage collection behavior for these different JVMs with several different frameworks such as Reactive Spring Boot, regular Spring Boot, MicroProfile, Quarkus, Vert.x, Akka. During this presentation I will describe the test setup used and will show you some remarkable differences between the different JVM implementations and Microservice frameworks. Also differences between running a JAR or a native image are shown and the effects of running inside a container. This will help choosing the JVM with the right characteristics for your specific use-case!
OSGi DevCon 2013
OSGi and Cloud Computing go very well together. Previously held OSGi Cloud Workshops have shown that many people are using or planning to use OSGi in the Cloud. This session focuses how OSGi can really help in a Cloud environment, taking advantage of OSGi's dynamism and services model.
The session will show how you can use OSGi to create a complex cloud deployment, which is made up from a number of different entities on different Cloud nodes. These entities are working together to form a logical application. This is what is being called an 'OSGi Cloud Ecosystem'.
The session shows concepts such as dynamic provisioning, dynamic discovery, dynamic scaling and dynamic failover all from the OSGi programming model. I will also talk about cloud-related specification work that is currently an active topic in the OSGi Enterprise Expert Group.
Choosing to migrate to Kubernetes can be a tough decision, and even tougher to execute. We at Kash Corp took the plunge just over a year ago with Kubernetes 1.2, and haven't looked back. This talk will detail some of our solutions to dealing with Configuration Management, Continuous Delivery, Monitoring, Maintenance, as well as talk about mistakes, frustrations and lessons learned along the way, and where we're going next.
Sanger, upcoming Openstack for Bio-informaticiansPeter Clapham
Delivery of a new Bio-informatics infrastructure at the Wellcome Trust Sanger Center. We include how to programatically create, manage and provide providence for images used both at Sanger and elsewhere using open source tools and continuous integration.
In this session I discuss how we at Instaclustr integrate Docker containers in combination with modern linux technologies, including systemd and journald, to run an enterprise cloud-based hosting solution for DataStax Enterprise and Apache Cassandra. I will discuss the merits of containerisation and how to complete integration with systemd required writing an additional Java Agent that is loaded into the Cassandra JVM.
Build and deployment of SOA Composites for enterprise organizations can get complex. While building you have to take into account the architecture, development guidelines, other projects, platform release and component lifecycles. Next to this you have to work with the differences in deployment procedures for several versions of Oracle Fusion Middleware. In this session we will showcase some of the best practices and dirty tricks to create an effective and future proof build and deployment process for Oracle Middleware. We will showcase practical demos in for SOA components in Bamboo, Nexus and XLDeploy for a large scale enterprise application landscape.
Tips to deploy a production grade Kubernetes cluster using SUSE CaaS Platfrom v3.
Created joinly with my colleague Martin Weiss to be used on SUSECON 2019
Infra / Cont delivery - 3rd party automationShay Cohen
An overview of the methods, applications an common practices of automating the procedures for creating an infrastructure (normally includes db, app, web services etc)
Automate all aspects of your software development, deployment and infrastructure systems. Learn why it is important for developers to take DevOps seriously and embrace Agile Infrastructure for their projects.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Leading Change strategies and insights for effective change management pdf 1.pdf
Openstack devops challenges
1. Openstack DevOps Challenges
A Journey from dumb baremetals to production grade Openstack cloud system
Harish Kumar (hkumar@d4devops.org)
Ritesh Raj Sarraf (rrs@researchut.com)
2. An Adventurous Journey Begins..
● CloudRX - A fictitious company who want to setup openstack
production cloud
● Implement using DevOps culture
● A production grade cloud have so many heterogeneous components
Openstack Components
Non-Openstack
Components
Storage systems like cepph,
Glusterfs, SDN like onos,
opencontrail, opendaylight
Other Support systems
Dns, Dhcp, Monitoring,
Log aggregation etc
Baremetal systems
Hardware config,
OS Provisioning,
Network device setup
Openstack Components
3. Components in Cloud system
● Multi-node Openstack controllers
– All APIs, schedulers, message queues
● Multi-node Ceph cluster
● Number of compute nodes
● Database servers
● SDN Controllers
● Load balancers
● Other supporting systems like DNS, monitoring, etc
4. CICD Pipeline
Commit changes
to branch
Unit tests Gate tests
Packages Created
And pushed to
Unstable repo
Create repo snapshot
(v100) and select
for further testing
v100 - Acceptance,
integration, upgrade
testing
Promote v100
based on test results
and pushed to
staging/prod repo
Staging Production
5. CICD – general guidelines
● Gate all applications before part of pipeline
● Use same tools on all phases of pipeline to avoid change
in behavior
● Try to reduce assumptions and hard-coded configurations
to make it adaptable
● Handle scalable, distributed systems
● Handle heterogeneous applications which have different
release cycle and dependencies
6. Initial Challenges
● Implement a build and test pipeline various other jobs to support
– Jenkins was the answer without a second thought
● Manage Config management and automation
– Options
● Puppet
● Chef
● Ansible
– We choose puppet
● Puppet had most complete plugins for the technology stack
we have
7. Challenges on initial pipeline phases
● Need parallel test environments so we can gate/at in
parallel
● Should be easily provisioned and removed
● Virtual environments an answer to it
– Provision a miniature of cloud on top of a cloud
– Built a tool to provision test cloud on top of an
Openstack cloud based on spec provided
– Easy to provision, easy to delete, use apis to build
openstack virtual test cloud on top of openstack
8. Automated environment setup Challenges
● Bootstrapping such distributed system like an openstack
cloud system is complicated
– Bootstrap the whole openstack cloud
– Bootstrap clusters like rabbitmq, mysql, ceph clusters
– Handle inter-service deps on multi-node environment
● How to validate that system is ready for testing
9. Automated environment setup Continues
●
Introduction of service discovery tool
– Options – etcd, consul, zookeeper
– We chose consul
– What and why consul
●
We built orchestration system around consul
– All nodes provisioned with userdata which install puppet, consul etc
– Configure themselves with puppet according to role
– Each service come up will register themselves to consul
– Dependants will wait till dependency available before configure
– Leader election with consul session locking to bootstrap clusters
10. Automated environment setup Continues
● All services will have healthcheck registered in consul, so
only healthy services would be exposed to the network
● Each facility deployed will install validation script
● Each node continuously run validations and write its own
state to consul kv
● An external system can query centrally to get system state
● Consul kv to record various other things like orchestration,
operational tooling
16. Staging and production
● Baremetal management is very much complicated
– Have to work with heterogeneous physical systems
– Different ways for hardware configuration in different
vendors/models
– Operating system provisioning with different hardware
configuration can be complicated
– Different systems may need different capabilities
● Rolling upgrades possible?
● Handling upgrade failures
● Possible rollback in certain situations
17. Baremetal server management
● Undercloud controller with openstack ironic
– All-in-one openstack system with nova with ironic, neutron with flat
provider network, glance, keystone
– Easy to provision, delete and rebuild baremetals - the undercloud
– Enable to use same tooling on dev/test virtual environments and
staging/production physical environments
● Tools to do various baremetal management tasks
– Hardware configurations, like raid setup
– Automated server enrollment to ironic
– Recording server locations to ironic which can be used in various places
like in ceph crushmap
● Some ideas about rolling upgrades, easier rollback support etc