© 2013 Nebula, Inc. All rights reserved.
Vishvananda Ishaya, Director of Open Source, Nebula Inc.
© 2013 Nebula, Inc. All rights reserved. 2
• OpenStack Technical Committee
Member
• Started at NASA the day
Nova was creat...
© 2013 Nebula, Inc. All rights reserved.
© 2013 Nebula, Inc. All rights reserved. 4
$ _
© 2013 Nebula, Inc. All rights reserved. 5
$ (apt-get|yum) install openstack
© 2013 Nebula, Inc. All rights reserved. 6
$ (apt-get|yum) install openstack
...
© 2013 Nebula, Inc. All rights reserved. 7
$ (apt-get|yum) install openstack
...
openstack installed successfully!
$ _
© 2013 Nebula, Inc. All rights reserved. 8
$ _
© 2013 Nebula, Inc. All rights reserved. 9
$ (apt-get|yum) install openstack
© 2013 Nebula, Inc. All rights reserved. 10
$ (apt-get|yum) install openstack
unknown command
$ _
© 2013 Nebula, Inc. All rights reserved. 11
$ (apt-get|yum) install openstack
unknown command
$ _
© 2013 Nebula, Inc. All rights reserved. 12
$ (apt-get|yum) install openstack
unknown command
$ _
© 2013 Nebula, Inc. All rights reserved. 13
$ (apt-get|yum) install openstack
unknown command
$ _
© 2013 Nebula, Inc. All rights reserved. 14
$ _
© 2013 Nebula, Inc. All rights reserved. 15
$ git clone git::/github.com...
...
$ cd devstack
$ ./stack.sh
© 2013 Nebula, Inc. All rights reserved. 16
$ git clone git::/github.com...
...
$ cd devstack
$ ./stack.sh
© 2013 Nebula, Inc. All rights reserved. 17
• Tiny to very large scale
• Pluggable backends
• Multiple components
© 2013 Nebula, Inc. All rights reserved. 18
• Tiny to very large scale
• Pluggable backends
• Multiple components
WAT!?
© 2013 Nebula, Inc. All rights reserved.
© 2013 Nebula, Inc. All rights reserved. 20
• Neutron OVS
• Neutron Vendor
• Nova-network vlan
• Nova-network flat
© 2013 Nebula, Inc. All rights reserved. 21
• KVM
• Xen
• Hyper-V
• ESX
• Other
© 2013 Nebula, Inc. All rights reserved. 22
• Swift
• Ceph
© 2013 Nebula, Inc. All rights reserved. 23
• Default LVM
• Ceph
• Solidfire
• Netapp
© 2013 Nebula, Inc. All rights reserved. 24
• Compute (nova)
• Object Storage (swift)
• Image Service (glance)
• Identity ...
© 2013 Nebula, Inc. All rights reserved. 25
• Compute (nova)
• Object Storage (swift)
• Image Service (glance)
• Identity ...
© 2013 Nebula, Inc. All rights reserved.
© 2013 Nebula, Inc. All rights reserved. 27
• force_dhcp_release=true
• defer_iptables_apply=true
• multi_host=true
• shar...
© 2013 Nebula, Inc. All rights reserved. 28
• force_raw_images=False
• use_cow_images=False
• resume_guests_state_on_host_...
© 2013 Nebula, Inc. All rights reserved. 29
• Turn on jumbo frames
• Increase tx queue length
• Tweak guest tcp settings
•...
© 2013 Nebula, Inc. All rights reserved.
© 2013 Nebula, Inc. All rights reserved. 31
• Normal linux hardening applies
• Control access to the host machines
• Keep ...
© 2013 Nebula, Inc. All rights reserved. 32
• Only enable api extensions your users need
• Only enable scheduler filters y...
© 2013 Nebula, Inc. All rights reserved.
© 2013 Nebula, Inc. All rights reserved.
Thank you.Thank you.
Upcoming SlideShare
Loading in …5
×

Tweaking openstack

1,001 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,001
On SlideShare
0
From Embeds
0
Number of Embeds
12
Actions
Shares
0
Downloads
24
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Swift has some great characteristics, but its hard to argue against the two for the price of one (object and block storage) that ceph provides.
  • Once again the two-for-one is valuable unless you have existing investment in a storage solution.
  • Ceilometer requires quite a bit of manual configuration and coding to be useful. It doesn’t yet provide a lot out-of-the-box.
  • Swift has proved its value at really large scale and the default neutron backend still has a few performance and HA drawbacks.
  • Tweaking openstack

    1. 1. © 2013 Nebula, Inc. All rights reserved. Vishvananda Ishaya, Director of Open Source, Nebula Inc.
    2. 2. © 2013 Nebula, Inc. All rights reserved. 2 • OpenStack Technical Committee Member • Started at NASA the day Nova was created • Nova Technical Lead for the first two years of its existence • Designed and deployed multiple private clouds with OpenStack
    3. 3. © 2013 Nebula, Inc. All rights reserved.
    4. 4. © 2013 Nebula, Inc. All rights reserved. 4 $ _
    5. 5. © 2013 Nebula, Inc. All rights reserved. 5 $ (apt-get|yum) install openstack
    6. 6. © 2013 Nebula, Inc. All rights reserved. 6 $ (apt-get|yum) install openstack ...
    7. 7. © 2013 Nebula, Inc. All rights reserved. 7 $ (apt-get|yum) install openstack ... openstack installed successfully! $ _
    8. 8. © 2013 Nebula, Inc. All rights reserved. 8 $ _
    9. 9. © 2013 Nebula, Inc. All rights reserved. 9 $ (apt-get|yum) install openstack
    10. 10. © 2013 Nebula, Inc. All rights reserved. 10 $ (apt-get|yum) install openstack unknown command $ _
    11. 11. © 2013 Nebula, Inc. All rights reserved. 11 $ (apt-get|yum) install openstack unknown command $ _
    12. 12. © 2013 Nebula, Inc. All rights reserved. 12 $ (apt-get|yum) install openstack unknown command $ _
    13. 13. © 2013 Nebula, Inc. All rights reserved. 13 $ (apt-get|yum) install openstack unknown command $ _
    14. 14. © 2013 Nebula, Inc. All rights reserved. 14 $ _
    15. 15. © 2013 Nebula, Inc. All rights reserved. 15 $ git clone git::/github.com... ... $ cd devstack $ ./stack.sh
    16. 16. © 2013 Nebula, Inc. All rights reserved. 16 $ git clone git::/github.com... ... $ cd devstack $ ./stack.sh
    17. 17. © 2013 Nebula, Inc. All rights reserved. 17 • Tiny to very large scale • Pluggable backends • Multiple components
    18. 18. © 2013 Nebula, Inc. All rights reserved. 18 • Tiny to very large scale • Pluggable backends • Multiple components WAT!?
    19. 19. © 2013 Nebula, Inc. All rights reserved.
    20. 20. © 2013 Nebula, Inc. All rights reserved. 20 • Neutron OVS • Neutron Vendor • Nova-network vlan • Nova-network flat
    21. 21. © 2013 Nebula, Inc. All rights reserved. 21 • KVM • Xen • Hyper-V • ESX • Other
    22. 22. © 2013 Nebula, Inc. All rights reserved. 22 • Swift • Ceph
    23. 23. © 2013 Nebula, Inc. All rights reserved. 23 • Default LVM • Ceph • Solidfire • Netapp
    24. 24. © 2013 Nebula, Inc. All rights reserved. 24 • Compute (nova) • Object Storage (swift) • Image Service (glance) • Identity (keystone) • Dashboard (horizon) • Networking (neutron) • Block Storage (cinder) • Metering (ceilometer) • Orchestration (heat)
    25. 25. © 2013 Nebula, Inc. All rights reserved. 25 • Compute (nova) • Object Storage (swift) • Image Service (glance) • Identity (keystone) • Dashboard (horizon) • Networking (neutron) • Block Storage (cinder) • Metering (ceilometer) • Orchestration (heat)
    26. 26. © 2013 Nebula, Inc. All rights reserved.
    27. 27. © 2013 Nebula, Inc. All rights reserved. 27 • force_dhcp_release=true • defer_iptables_apply=true • multi_host=true • share_dhcp_address=true • dnsmasq_config_file=/path/to/file (configure dnsmasq to pass external gateway)
    28. 28. © 2013 Nebula, Inc. All rights reserved. 28 • force_raw_images=False • use_cow_images=False • resume_guests_state_on_host_boot=True • running_deleted_instance_action=reap
    29. 29. © 2013 Nebula, Inc. All rights reserved. 29 • Turn on jumbo frames • Increase tx queue length • Tweak guest tcp settings • http://buriedlede.blogspot.com/2012/11/driving-100-gigabit-network- with.html
    30. 30. © 2013 Nebula, Inc. All rights reserved.
    31. 31. © 2013 Nebula, Inc. All rights reserved. 31 • Normal linux hardening applies • Control access to the host machines • Keep software up-to-date • Don’t have services listen on 0.0.0.0 • Separate mgmt and guest traffic • http://aa4698cc2bf4ab7e5907- ed3df21bb39de4e57eec9a20aa0b8711.r41.cf2.rackcdn.com/Ope nStackSecurityGuide.epub
    32. 32. © 2013 Nebula, Inc. All rights reserved. 32 • Only enable api extensions your users need • Only enable scheduler filters your users need • Customize policy for administrative actions • Use HTTPS in front of api services • Consider disabling instance migration
    33. 33. © 2013 Nebula, Inc. All rights reserved.
    34. 34. © 2013 Nebula, Inc. All rights reserved. Thank you.Thank you.

    ×