Transcript OpenStack Central Florida Meetup

OpenStack
Central Florida
Host: Donnie Hamlett
Meeting: November 2015
Agenda
• Welcome Stackers! Nice to meet you
• Overview of OpenStack
• OpenStack in the News n’ Stuff
• OpenStack Liberty Release – What’s New?
• Intro to DevStack
• Training and Career Opportunities
• FamilyLab
• Next Meeting: Guest?
Welcome Stackers!
Nice to meet you
Overview of OpenStack
Overview of OpenStack
Who uses OpenStack?
Who Supports OpenStack
News n’ Stuff
• OpenStack Liberty October 16th (12th Release)
• Solaris has secure new release of OpenStack
• HP is leaving the Public Cloud business
News n’ Stuff cont…
• Red Hat acquires Ansible Dev Ops Tool
• Containers are continuing their momentum
• Solaris to support Linux Containers in 2016
• Rancher.com (Linux Container focused OS)
• Red Hat Atomic (Linux Container focused OS)
OpenStack Liberty Release
KEYSTONE
Identity
HORIZON
Dashboard
Sources:
OpenStack Features
https://en.wikipedia.org/wiki/OpenStack
https://wiki.openstack.org/wiki
What's New in Liberty
https://www.mirantis.com/blog/53-things-new-openstack-liberty
Services not discussed
• Manilla – Shared File System (Network Share)
• Designate – DNS as a Service (≈Amazon Route 59)
• Ironic – Bare Metal Provisioning of Server
• Mistral – Workflow (≈Amazon Workflow Services)
• MagenetoDB – No SQL, Key Value Database Service
(≈Amazon Dynamo DB)
Nova (compute)
• It is designed to manage and automate pools of
computer resources and can work with widely available
virtualization technologies, as well asbare
metal and high-performance computing (HPC)
configurations. KVM, VMware, and Xen are available
choices for hypervisor technology (virtual machine
monitor), together with Hyper-V and Linux container
technology such as LXC.
New in Nova
• NFV: Introduction of Network Function Virtualization
• Cells management: Cells enable the deployment of
larger OpenStack clouds by providing a way to group
together resources to be managed more easily.
Administrators can now partition existing resources into
cells and the system will know where to find them
Neutron (Network)
• OpenStack Networking (Neutron, formerly Quantum[48]) is a system for
managing networks and IP addresses. OpenStack Networking ensures the
network is not a bottleneck or limiting factor in a cloud deployment, and gives
users self-service ability, even over network configurations.
• OpenStack Networking provides networking models for different applications
or user groups. Standard models include flat networks or VLANs that separate
servers and traffic. OpenStack Networking manages IP addresses, allowing for
dedicated static IP addresses or DHCP. Floating IP addresses let traffic be
dynamically rerouted to any resources in the IT infrastructure, so users can
redirect traffic during maintenance or in case of a failure.
• Users can create their own networks, control traffic, and connect servers and
devices to one or more networks. Administrators can use software-defined
networking (SDN) technologies like OpenFlow to support high levels of multitenancy and massive scale. OpenStack Networking provides an extension
framework that can deploy and manage additional network services—such
as intrusion detection systems (IDS), load balancing, firewalls, and virtual
private networks (VPN).
https://en.wikipedia.org/wiki/OpenStack
New in Neutron
• IPv6:
• QoS: Administrators can now control bandwidth by
assigning quotas not just to projects, but to individual VMs.
• Security: Administrators can now control who has access to
specific networks using Role Based Access Control (RBAC).
• LBaaS: The LBaaS reference implementation is now based
on an operator-grade load balancer platform (Octavia).
• IPAM: Pluggable IP address management is now available,
enabling third-party IPAM.
Cinder (Block Storage [NAS])
• OpenStack Block Storage (Cinder) provides persistent block-level
storage devices for use with OpenStack compute instances. The block
storage system manages the creation, attaching and detaching of the
block devices to servers. Block storage volumes are fully integrated
into OpenStack Compute and the Dashboard allowing for cloud users to
manage their own storage needs. In addition to local Linux server
storage, it can use storage platforms
including Ceph, CloudByte, Coraid, EMC (ScaleIO, VMAX and
VNX), GlusterFS, Hitachi Data Systems, IBM Storage (Storwize
family, SAN Volume Controller, XIV Storage System, and GPFS), Linux
LIO, NetApp, Nexenta, Scality, SolidFire, HP (StoreVirtual and 3PAR
StoreServ families) and Pure Storage. Block storage is appropriate for
performance sensitive scenarios such as database storage, expandable
file systems, or providing a server with access to raw block level
storage. Snapshot management provides powerful functionality for
backing up data stored on block storage volumes. Snapshots can be
restored or used to create a new block storage volume.
New in Cinder
• Quotas: Support for quota enforcement in hierarchical
projects
• Caching: Commonly used images can now be cached,
improving performance as large images will no longer
need to be pulled over the network and enabling faster
creation of volumes from these images.
• Ease of use: The Cinder client can now request a list of
capabilities the backend provides, keeping users from
requesting unsupported actions.
Glance (Image Repository)
• OpenStack Image Service (Glance) provides discovery,
registration, and delivery services for disk and server
images. Stored images can be used as a template. It
can also be used to store and catalog an unlimited
number of backups. The Image Service can store disk
and server images in a variety of back-ends, including
OpenStack Object Storage. The Image Service API
provides a standard REST interface for querying
information about disk images and lets clients stream
the images to new servers.
New in Glance
• Image verification: Glance now enables users to sign an
image using their private key so that its integrity can be
verified to be sure no malicious code has been inserted.
• S3 proxy: Glance can now be used from multiple
networks with an S3 backend over an HTTP proxy.
Swift (Object Storage ≈ AWS S3)
• OpenStack Object Storage (Swift) is a scalable redundant
storage system. Objects and files are written to multiple disk
drives spread throughout servers in the data center, with the
OpenStack software responsible for ensuring data replication
and integrity across the cluster. Storage clusters scale
horizontally simply by adding new servers. Should a server or
hard drive fail, OpenStack replicates its content from other
active nodes to new locations in the cluster. Because
OpenStack uses software logic to ensure data replication and
distribution across different devices, inexpensive commodity
hard drives and servers can be used.
New in Swift
• Performance: Better performance when there are slow
drives, as well as removing latency spikes and limiting
data movement during cluster management.
• Ring operations: Operators can now use ring-builderanalyzer to test out different ring operations quickly.
• Bulk uploads: Users can now set “per object” metadata
for exploding archives.
• Erasure coding: Users can count on significant fixes and
improvements to erasure coding.
Keystone (Identity Management)
• OpenStack Identity (Keystone) provides a central directory
of users mapped to the OpenStack services they can access.
It acts as a common authentication system across the cloud
operating system and can integrate with existing backend
directory services like LDAP. It supports multiple forms of
authentication including standard username and password
credentials, token-based systems and AWS-style
(i.e. Amazon Web Services) logins. Additionally, the catalog
provides a queryable list of all of the services deployed in an
OpenStack cloud in a single registry. Users and third-party
tools can programmatically determine which resources they
can access.
New in Keystone
• Hybrid clouds: Multi-cloud federation requires much
greater control over Identity Providers (IDP). Liberty
makes it possible to control WebSSO for individual IDP
backends.
• More hybrid clouds: Distinguish between users who
come from different clouds but have the same
username.
Horizon (Dashboard)
• OpenStack Dashboard (Horizon) provides
administrators and users a graphical interface to
access, provision, and automate cloud-based resources.
The design accommodates third party products and
services, such as billing, monitoring, and additional
management tools. The dashboard was created by
Canonical (Ubuntu). The dashboard was built using the
DJANGO MVC Framework, and is brandable for service
providers and other commercial vendors who want to
make use of it. The dashboard is one of several ways
users can interact with OpenStack resources.
New in Horizon
• Launching an instance: Liberty includes a new launch
instance dialog.
• Managing networks: Very cool dynamic topology view
• Hybrid cloud management: Control IDP-specific
WebSSO from Horizon.
Heat (Orchestration & Templates)
• Heat is a service to orchestrate multiple composite
cloud applications using templates, through both an
OpenStack-native REST API and a CloudFormationcompatible Query API
New in Heat
• Convergence: Heat is transitioning to a new model that
the developers hope will result in a better experience
for users. Liberty includes a good deal of
implementation of the “convergence” architecture,
which is based more on workflow and observation.
• New resources: Heat can now control Keystone
endpoints and services, as well as Barbican and
Designate.
Magnum (Container Orchestration)
• Magnum is an OpenStack API service developed by
the OpenStack Containers Team making container
orchestration engines such as Docker and Kubernetes
available as first class resources in OpenStack. Magnum
uses Heat to orchestrate an OS image which contains
Docker and Kubernetes and runs that image in either
virtual machines or bare metal in a cluster
configuration.
New in Magnum
• Mesos support: Magnum now supports Mesos as a bay
type.
• High availability: Multi-master Kubernetes bay support
means you can now get highly available Kubernetes by
using Magnum
• Scalability: Kubernetes is now integrated with Neutron
load balancers.
Kolla (Container Repository)
• Kolla provides production-ready containers and
deployment tools for operating OpenStack clouds that
are scalable, fast, reliable, and upgradable using
community best practices.
New in Kolla
• Choices: Docker image building of ~90 containers of OpenStack
from CentOS, Fedora, Oracle Linux, Red Hat Enterprise Linux,
and Ubuntu container base images using RDO, RHOS, or Source.
• Deployment: Ansible deployment of a large chunk of those
containers on bare metal with full high availability using three or
more control nodes, up to one hundred compute nodes, up to
ten storage nodes, and one network node.
• Services: Docker + Ansible deployment of the following services:
HAProxy, Keepalived, MariaDB + Galera, RabbitMQ, memcached,
Keystone, Glance, Nova, Neutron (LinuxBridge or OVS), Heat,
Cinder (Ceph only) and Swift.
• Configuration: An opinionated deployment tool out of the box,
unless the operator has opinions, in which case the operator may
override any OpenStack configuration option.
Murano (OpenStack App Catalog)
• The Murano Project introduces an application catalog to
OpenStack, enabling application developers and cloud
administrators to publish various cloud-ready applications in a
browsable categorized catalog. Cloud users -- including
inexperienced ones -- can then use the catalog to compose
reliable application environments with the push of a button.
• The key goal is to provide UI and API which allows to compose
and deploy composite environments on the Application
abstraction level and then manage their lifecycle. The Service
should be able to orchestrate complex circular dependent cases
in order to setup complete environments with many dependent
applications and services. However, the actual deployment itself
will be done by the existing software orchestration tools (such
as Heat), while the Murano project will become an integration
point for various applications and services.
New in Murano
• Developer control: Murano now enables application
versioning, so apps can be updated.
• User control: Users can now select the network to be used
for the environment and application being deployed.
• Resource control: Environments can now be abandoned if
necessary.
• Infrastructure control: Murano now uses the Glance Artifact
Repository as its backend.
• Orchestration control: Heat templates and files can now be
deployed.
Ceilometer (Telemetry [Billing])
• OpenStack Telemetry Service (Ceilometer) provides a
Single Point Of Contact for billing systems, providing all
the counters they need to establish customer billing,
across all current and future OpenStack components.
The delivery of counters is traceable and auditable, the
counters must be easily extensible to support new
projects, and agents doing data collections should be
independent of the overall system.
New in Ceilometer
• Real-time monitoring: You can now trigger an alarm
based on incoming events in real time.
• Performance: Improved nova polling through resource
metadata caching, and with asynchronous handling of
new measures in Gnocchi.
• Ease of use: Most meters can now be created with a
yaml file rather than python code.
• Integration with other systems: Ceilometer can now
send metrics to the Gnocchi time series data storage
system, which can also be used to visualize
performance with Grafana.
Trove (Database as a Service)
• Trove is Database as a Service for OpenStack. It's
designed to run entirely on OpenStack, with the goal of
allowing users to quickly and easily utilize the features
of a relational or non-relational database without the
burden of handling complex administrative tasks. Cloud
users and database administrators can provision and
manage multiple database instances as needed.
Initially, the service will focus on providing resource
isolation at high performance while automating complex
administrative tasks including deployment,
configuration, patching, backups, restores, and
monitoring.
New in Trove
• MariaDB: Support for MariaDB itself, rather than relying
on MySQL drivers.
• Clustering: Better clustering support through Percona
integration.
• Redis: Improved Redis backup and replication support.
Sahara (Elastic Map Reduce)
• Sahara aims to provide users with simple means to
provision Hadoop clusters by specifying several
parameters like Hadoop version, cluster topology, nodes
hardware details and a few more. After a user fills all
the parameters, Sahara deploys the cluster in a few
minutes. Sahara also provides means to scale an
already-provisioned cluster by adding and removing
worker nodes on demand.
New in Sahara
• Flexibility: Reuse data sources by passing different
parameters in the data source URLs.
• Efficiency: Share data sources between different
tenants so that you don’t have to duplicate large
datasets.
• Increased support: Support for MapR 5.0.0, as well as
using Manila as a data source.
• Convenience: Create multiple clusters simultaneously.
Zaqar (Que\Notification Service)
• Zaqar is a multi-tenant cloud messaging service for Web
developers. It combines the ideas pioneered by Amazon's
SQS product with additional semantics to support event
broadcasting. The service features a fully RESTful API,
which developers can use to send messages between
various components of their SaaS and mobile applications
by using a variety of communication patterns. Underlying
this API is an efficient messaging engine designed with
scalability and security in mind. Other OpenStack
components can integrate with Zaqar to surface events to
end users and to communicate with guest agents that run in
the "over-cloud" layer. Cloud operators can leverage Zaqar
to provide equivalents of SQS and SNS to their customers.
Zaqar was formerly known as Marconi.
New in Zaqar
• Flexibility: Zaqar now supports pre-signed URLs, so it’s
possible to give an unauthenticated user or service
access to a particular queue without having to give
them access to the system as a whole.
• Security: The API is now secured using Role Based
Access Control, enabling you to decide exactly who has
access to what.
• Efficiency: Zaqar now supports Websocket transport,
enabling full duplex communication over a single
channel.
Barbican (Security API)
• Barbican is a REST API designed for the secure storage,
provisioning and management of secrets such as
passwords, encryption keys and X.509 Certificates. It is
aimed at being useful for all environments, including
large ephemeral Clouds.
New in Barbican
• Security: You can now rotate the Master Key used to
encrypt project-level keys, so you can use a new Master
Key to replace an old key should it be compromised.
• Administration: If you need more control over the
number of secrets a project — or even a specific user —
can upload, Barbican now includes this type of quota
support.
• Convenience: Project administrators can now create
project-specific Certificate Authorities, and then users
can then issue self-signed x.509 certificates from their
project’s CA.
Congress (Policy as a Service)
• Congress aims to provide an extensible open-source
framework for governance and regulatory compliance
across any cloud services (e.g. application, network,
compute and storage) within a dynamic infrastructure.
It is a cloud service whose sole responsibility is policy
enforcement.
New in Congress
• Flexibility: With manual reactive enforcement, users
write policy statements that both identify a policy
violation and dictate which API call should be executed
to correct that violation.
• In Liberty policies can correct violations using API calls
for Ceilometer, Cinder, Glance, Heat, Ironic, Keystone,
Murano, Neutron, Nova, and Swift.
• Congress now provides a list of the API calls that policy
writers can use to correct violations.
DevStack
Get your hands dirty with OpenStack now!
What is DevStack?
• DevStack is a scripted (non secure) install of OpenStack
that can be quickly deployed on a VM or on a Physical
Server
• DevStack as the name implies, was meant to simplify
the process of building environments for OpenStack
developers to use and test
• Great for developer, but if you are a Architect then you
need to know how to install OpenStack from scratch.
• Use it to learn how OpenStack Services work and to
practice configuring cloud environments.
Simple DevStack
1.
2.
3.
4.
5.
6.
http://docs.openstack.org/developer/devstack/
Linux Ubuntu 14.04, Fedora 21 or Centos/RHEL 7
Prepare your VM or Physical Server
Install Git
git clone https://git.openstack.org/openstack-dev/devstack
[INSTALL] cd devstack; ./stack.sh
7. Pick a simple consistent password and use throughout the
process or configuration file to completely automate the
process
DevStack
• Your devstack installation can be customized by using a
file called local.conf
• For more details please see the following
documentation
http://docs.openstack.org/developer/devstack/configuration.html#minimalconfiguration
http://docs.openstack.org/developer/devstack/faq.html
Training & Career
FamiLab
• Great gathering spot for technologist
• They may be an opportunity for us to their server room
to host server equipment for OSCFL Cloud
Next Meeting?
• Potential Guests
•
•
•
•
•
SME, Real World Deployment of OpenStack
Red Hat
Oracle Solaris
Chef
Rackspace
Get home safely and
looking forward to seeing
you at the next Meetup