Technical Overview

Ted BrunellPrincipal Solution Architect, DoD Programs@DoDCloudGuytbrunell@redhat.com

10

Red Hat OpenStack Platform2

Core Director Integration Advanced

A Technical Overview in Four Steps

Red Hat OpenStack Platform3

AgendaCore Components● Compute● Networking● Block Storage● Object Storage● VM Image Storage● Identity and access control● Orchestration engine● Telemetry● Baremetal● Dashboard● Data Processing● Shared Filesystem● DNS

Director● Overview● Upgrades/Updates● Graphical User Interface● Control Plane High Availability● Composable roles● NFV Installations

Integration● With RHEL● With 3rd Party plugins● With CloudForms (infra and cloud provider)● With Ceph and Ceph Console● With OpenDaylight● With Operational Tools● With Identity Management● With Insights and Customer Portal● With Satellite● With Ansible● With OpenShift● With Red Hat Cloud Suite

Advanced and Tech Previews● NFV Solution● Hyper Converged deployments● Neutron DVR● Rally● Containerized Installation (in Tech Preview)● Neutron Tech Preview features● Other features in Tech Preview● SR-IOV and OVS+DPDK● RT_KVM● VMWare Support

Red Hat OpenStack Platform

Core

Red Hat OpenStack Platform5

Core Components in version 10 (Newton)

IaaS+

IaaS

TELEMETRY ORCHESTRATION

CEILOMETER SAHARA HEAT

DATAPROCESSING

COMPUTE

NOVA

NETWORKING

NEUTRON IRONICCINDER GLANCE SWIFT

STORAGE

BLOCK IMAGE OBJECT

BARE-METALPROVISIONING

HORIZON TRIPLEO

DASHBOARD

SHARED SERVICES

IDENTITY

KEYSTONE

DIRECTOR

DEPLOYMENTand

MANAGEMENT

MANILA

SHARED FILESYSTEM

Certified Red Hat OpenStack Platform plugins: https://access.redhat.com/articles/1535373

Red Hat OpenStack Platform6

OpenStack connects two worlds

Operato r viewTe

nant

vie

w

Developers Administrators

Red Hat OpenStack Platform7

Tenant view – the actual OpenStack IaaS user

Limited by what the Operator decides to offer in that cloud

Operator view – often the same role that has root access to the systems

Combines configuration files and API actions to create a working environment for his tenants.

Operato r viewTe

nant

vie

w

OpenStack connects two worlds

Red Hat OpenStack Platform8

OpenStack connects two worldsBoth can use Horizon, the CLI tools, a library (such as os_cloud in Ansible or boto in Python) or directly the API using HTTP and JSON/XML via curl/wget.

OpenStack policy engine (Policy.json in Keystone) will filter which API calls require administrative privileges (i.e. the operator) or regular tenant privileges.

The use of Keystone Domains (in v3) allows an intermediate role: domain_admin

CloudForms also offers a Cloud Admin view and a User Portal with the available services.

Red Hat OpenStack Platform9

Operato r viewTe

nant

vie

w

Compute (Nova)

● I need VMs, anytime● How many can I have?● It must be secure● SSH and VNC please?

● I have hardware capacity available

● This is how you consume it● I set usage quotas● I design for performance and

scalability

Red Hat OpenStack Platform10

Operato r viewTe

nant

vie

w

Similar to Amazon EC2Self-service VMs: Boot an instance of a selected of flavor (vCPU, RAM, disk size), OS image (from Glance), SSH keypair, host-aggregate or availability zone (AZ), custom metadata, user-data, security-groups, with/without ephemeral disk.

Reboot, stop, resize, terminate

See the console log of his instance, open VNC/RDP session, change VM root password (if OS supports)

Reserve, assign and release floating Ips

Manage keypairs and security-groups

Check quota usage

Select which Neutron network or portOther Neutron/Cinder shortcuts for network and volume management

No need to manage hypervisors individually, due to distributed design of OpenStack, at any scale. Supports KVM and VMWare (vCenter)

Defines which choices are available to tenants: flavors offering specific capabilities and carefully planned capacity and overcommit ratios.Easier maintenance and operations with support for node evacuation, mark “host down” and instance live-migration.

Define host-aggregates and AZs with specific meta-data to allow advanced scheduling and request filtering.Set NFV specific flavors including vCPU pinning, Large pages, vCPU, RAM, and I/O device NUMA awareness, SR-IOV/PCI Passthrough

Instance HA, transparent to tenants, if enabled

Compute (Nova)

Red Hat OpenStack Platform11

Compute (Nova)

Red Hat OpenStack Platform12

Operato r viewTe

nant

vie

w

Networking (Neutron)

● I need my own network, isolated from others

● Some private IPs, some public IPs

● These are my QoS specs● Let me share networks with

others

● I design a network overlay and provide external access

● I have very few Public IPs● I set rules, policies, quotas● With SDN, I can centrally manage

and monitor it all

Red Hat OpenStack Platform13

Similar to Amazon VPC, ELBCreate,Remove,Update,Delete (CRUD) networks, subnets and ports, for basic L2 and L3 with IP Address Management (DHCP)Define a tenant network (overlay)

Additionally:● Provider networks ● Quotas● Security Groups (per port)● East/West L3 routing with tenant-defined routers● External gateway, NAT, floating IPs● Load balancing, VPN and Firewall

IPv6 tenant network management

QoS (rate limit policies) per port, per network

RBAC for granular sharing of tenant networks

Defines provider networks, manually set-up in Neutron by the operator, representing a pre-existing network (i.e. VLAN). Useful to point to corporate DNS or Gateways with multiple routes

Multiple simultaneous L2 technologies on a single installation via ML2

Default OpenVSwitch, or choose from dozens of commercial SDN vendors

Configures SSL/TLS backend for LBaaS

Define floating IP ranges, normally for publicly routable IPv4 addressess

Offer/ delegate IPv6 tenant networks (SLAAC, DHCP)

Define and enforce QoS (currently only egress flows)

VXLAN offloading to HW available (up to 4x throughput)

Distributed Virtual Routing (DVR) for better scalability

L2Pop and Responder to mitigate ARP flooding at scale

Networking (Neutron)

Operato r viewTe

nant

vie

w

Red Hat OpenStack Platform14

Networking (Neutron)

Red Hat OpenStack Platform15

Operato r viewTe

nant

vie

w

Block Storage (Cinder)

● Too much data in my VMs!● I need permanent storage● Can I snapshot and

backup/rollback?● Encrypted, please

● I constantly buy storage● I must allocate space to tenants● I can combine different tiers of

technologies (NAS, SAN)● I set rules, policies, quotas

Red Hat OpenStack Platform16

Similar to Amazon EBS

CRUD additional hard drives to an instance, as Block volumes: require tenant VMs to format with a filesystem.

Persistent storage, can be cloned, snapshotted, replicated or imported/exported to another AZ (also public storage like Google Cloud Storage *)

Encryption available via LUKS (if enabled by ops)

Hot-unplug from one instance and re-attach to another instance

Non-disruptive and Incremental snapshot: ideal for backup/restore and DR use-cases

QoS available (total IOPS)

If exposed, vendor-specific features (mirroring, compresion, replication, thin provisioning)

Uses Red Hat Ceph storage as default

Multiple backends(LVM, iSCSI, NFS, ScaleIO, etc) including proprietary ones with more specific features

Faster provisioning via over-subscription, thin-provisioning and Generic image cache

ISCSI multi-path support for extra reliability

Private volume types for premium levels of service (SSD, thick_provisioned)

Simplified operations, DR and backup with Generic Volume Migration & replication (sync/async, with N number of replicas) between different storage backends

Storage Policies for simpler management

Block Storage (Cinder)

Operato r viewTe

nant

vie

w

*Tech Preview features are subject to change in GA release

Red Hat OpenStack Platform17

Block Storage (Cinder)

Red Hat OpenStack Platform18

Operato r viewTe

nant

vie

w

Object Storage (Swift)

● My application needs object storage (files, media)

● I can use HTTP(s) ● Stateless please! No time for

mounting filesystems

● I will offer a private S3-like experience

● I must scale without limits● I want advanced features

Red Hat OpenStack Platform19

Similar to Amazon S3 (a modern version of FTP, WebDAV)

CRUD objects in containers, per account

Ideal to store static objects (media, web files, email)

Only useful if the application understands the Swift/S3 API

Also useful to store Glance image backups

Not meant to be used as POSIX filesystem

Fast-POST allows fast-efficient updates of metadata without re-upload of the content.

Very few dependencies with other OpenStack modules, mostly Keystone for RBAC

Scales horizontally up to petabytes

Replication for global clusters

Advanced Swift features: middleware for API processing, temporary URLs, URL rewrite

Swift requires his own storage space, not integrated with CephReduced availability for further storage efficiency with Erasure Coding

Object Storage (Swift)

Operato r viewTe

nant

vie

w

Red Hat OpenStack Platform20

Object Storage (Swift)

Red Hat OpenStack Platform21

Operato r viewTe

nant

vie

w

VM Image Storage (Glance)

● What operating systems can I use?

● This is my own version, store it just for me

● Is the OS image genuine?● Take this VMWare template

and import it

● Only approved OS can be used in my cloud

● Centrally offer updated OS● Leverage storage integration to

reduce network usage

Red Hat OpenStack Platform22

Similar to Amazon AMIs

CRUD images (VM templates, a bootable OS) and snapshots (VM backup)

Private or public images

Upload from file or from URL

Metadata can host any key-value pair, useful to document OS version, date...

Multiple disk-formats (QCOW2, RAW, ISO, VDI, VMDK) and container-format (bare, OVF, AMI, ARI)

Checksum and signature verification for extra security

Best-practice: offer “golden images” to tenants via public glance images.

Store images using Cinder as backend.

If not using Ceph, Director configures Swift as a Glance image store.

If using Ceph, Glance will leverage advanced RBD features (cache, thin-provisioning, immediate snapshot)

Automatic Nova/Libvirt/KVM optimization depending on guest OS via os_name attribute

VM Image Storage (Glance)

Operato r viewTe

nant

vie

w

Red Hat OpenStack Platform23

VM Image Storage (Glance)

Red Hat OpenStack Platform24

Operato r viewTe

nant

vie

w

Identity and Access Control (Keystone)

● I am not a hacker, believe me!● My boss just gave me permission

to ask for VMs● Where are all the services?● I am a project lead, I must be

admin of my project

● Who are you?● Let me validate with LDAP● I must integrate with my

company’s SSO● I must secure entry points with

TLS Certificates

Red Hat OpenStack Platform25

Similar to Amazon IAM

Authenticates and gives Authorization to users. Provides them session tokens that will be used for all OpenStack actions

CRUD user, tenants (project), roles (as long as Operator allows it)

Change password, also download credentials file (RC) with EC2 keys

Discover OpenStack endpoints via catalog

Kerberos for SSO in both Web (Horizon) and in CLI on client systems with SSSD

Federated Identity*: same user/password across multiple OpenStack providers

CRUD user, tenants (project), roles, and domains (for v3) for better RBAC.

SAML Federation* for authentication with external providers (pre-existing) or other clouds, via Red Hat SSO*Multiple identity backends: LDAP, ActiveDirectory, FreeIPA, PAM, etc

Preferred authorization backend is MariaDB

Lightweight tokens (Fernet) for better performance and scalability

Logs in standard CADF auditable format

Public endpoint protection with SSL/TLS

Identity and Access Control (Keystone)

Operato r viewTe

nant

vie

w

*Tech Preview features are subject to change in GA release

Red Hat OpenStack Platform26

Identity and Access Control (Keystone)

Red Hat OpenStack Platform27

Operato r viewTe

nant

vie

w

Orchestration engine (Heat)

● This is the blueprint of my application deployment: dependencies, config, etc

● Can you run this for me?● Scale it out when this threshold

is reached

● To compete with public clouds, I should offer an orchestration engine

● Auto-scaling, load balancers and quotas allow me to monitor and predict demand

Red Hat OpenStack Platform28

Similar to Amazon Cloudformations, and ELB

CRUD templates (stacks), that can be stopped and resumed.

Instructs OpenStack to automate deployment of resources as defined in HOT or CloudFormations (CFN) language

Already on its 6th version, HOT offers more modularity and flexibility improvements (i.e. resource chains, pre-delete hooks, etc)

Very useful when combined with Ceilometer and LBaaS. Example use-case is instance auto-scaling, by creating another VM when cluster load reaches 80% CPU.

Heat may require minor tuning to ensure enough CPU and RAM is assigned to it

Can offer shared templates, approved by IT

Excellent integration with CloudForms to create a advanced service catalog to end-users, with policies and customized quota and capacity management.

Orchestration engine (Heat)

Operato r viewTe

nant

vie

w

Red Hat OpenStack Platform29

Orchestration engine (Heat)

Red Hat OpenStack Platform30

Operato r viewTe

nant

vie

w

Telemetry (Ceilometer)

● How much CPU, RAM, disk am I using, i.e. per hour?

● Notify me of any alarm here ● I wish I could charge back / show back how much every user is consuming

● This is useful for my own internal usage!

Red Hat OpenStack Platform31

Similar to Amazon CloudWatch

Metrics (CPU, RAM usage) and Events (e.g instance is created) can be only be listed.

Alarms (e.g CPU threshold reached) can also be triggered. Alarm threshold can be custom-defined, all via the Aodh API (pronounced “hey”)

Querying for historical values are available.

Historically, Ceilometer required tuning at scale, to allow tenants polling historical values. MongoDB was the only backend.

Now Ceilometer offers much better performance and scalability, thanks to the split of its components.

Gnocchi stores/indexes time-series metrics

Aodh does the same for alarms

Panko is the event engine (to be deprecated)

Connects with CloudForms for Capacity monitoring and management.

Telemetry (Ceilometer)

Operato r viewTe

nant

vie

w

Red Hat OpenStack Platform32

Telemetry (Ceilometer)

Red Hat OpenStack Platform33

Operato r viewTe

nant

vie

w

Baremetal for tenants (Ironic)

● I need a physical VM for a while, with a generic OS

● I don’t have many security or isolation concerns, nor network protection needs

● I have some spare nodes in a separate cluster, with shared network

● I will offer them to trusted users groups

● I will provide the OS image

Red Hat OpenStack Platform34

Similar to Amazon Dedicated EC2 Servers

Nova commands are used against a existing baremetal Host-Aggregate

After Ironic reserves a baremetal node, Nova is used to provision the instanceOnly works with glance images tagged “hypervisor_type=ironic”

Can deploy Linux or Windows VMs (requires extra steps)

Basic “baremetal to tenant” experience offered in OSP 10

Allocates a pool of nodes to be entirely allocated to certain tenants, on demand

Requires careful design for tenant-facing service (network isolation, security...)

Defines nova Host-Aggregates with key-value “baremetal” and a flavor with key hypervisor_type="ironic"

Quotas and capacity planning are needed

Good integration (thanks to specific certification) with most hardware vendors: Dell, Cisco, HP…

Introspection process to detect HW capabilities

Requires many Nova and Neutron changes (i.e. Flat Networking for PXE provisioning)

Baremetal for tenants (Ironic)

Operato r viewTe

nant

vie

w

Red Hat OpenStack Platform35

Baremetal for tenants (Ironic)

Red Hat OpenStack Platform36

Operato r viewTe

nant

vie

w

Dashboard (Horizon)

● I need a UI to manage my workloads or troubleshoot

● I don’t like the CLI● I want to see my Heat

topologies ● Quickly display my quota usage

and default options

● I want an admin panel● I want a quick access to my Red

Hat Access account● I want to see all Neutron

networks and routers

Red Hat OpenStack Platform37

Dashboard (Horizon)

Red Hat OpenStack Platform38

Operato r viewTe

nant

vie

w

Data Processing (Sahara)

● I need a hadoop cluster for a few hours

● I need to try different Big Data platforms

● I want my clusters to scale automatically

● I don’t have the manpower to customize big data platforms to all my tenants

● I will get 3rd party providers and deliver their stack as a service

Red Hat OpenStack Platform39

Similar to Amazon Elastic MapReduce (EMR)

Run Hadoop workloads in few clicks without expertise in Hadoop operations

Simple parameters such as Hadoop version, cluster topology, and node count

Data can be hosted elsewhere (S3, Swift...)

Rapid provisioning of Hadoop clusters for Dev and QA

“Analytics-as-a-Service” for bursty or ad-hoc workloadsUser documentation here

Utilization of unused compute power from a general purpose OpenStack cloud to perform Data Processing tasksSupports Hadoop distributions on CentOS and RHEL 7:

● Cloudera● HortonWorks● Ambari ● MapR

Plugin Image Packaging Tool, to validate custom plugins, package them and generate clusters from clean, versioned, OS-only images.Installation procedure here (OSP9-manual, OSP10-director)

Data Processing (Sahara)

Operato r viewTe

nant

vie

w

Red Hat OpenStack Platform40

Data Processing (Sahara)

Red Hat OpenStack Platform41

Operato r viewTe

nant

vie

w

Shared File System (Manila)

● I need a network folder to share files between VMs

● Sometimes I’ll share it with other users in my team

● I don’t want to manage the folder (permissions, quotas)

● I don’t have the time to create temporary shares and enable network security

● I wish I could automatically leverage OpenStack users and groups

Red Hat OpenStack Platform42

Similar to Amazon Elastic File System but not just NFS, also CIFS

Creates a network file share, available in a Neutron shared network

Can be shared with other tenants (RBAC), including mappings to LDAP entities

User-defined quotas, policies, replication, snapshots, extend/shrink capacity

VM Operating System must connect to the share using whatever network protocol has been set (NFS, CIFS)

Significantly reduces operational burden

Delegates storage management to end users with clearly defined limits and boundaries

● NFS (access by IP address or subnet)● CIFS (authentication by user)

In OSP, Manila is GA, deployed via Director● Only NetApp driver is GA● CephFS driver is Tech Preview

Shared File System (Manila)

Operato r viewTe

nant

vie

w

Red Hat OpenStack Platform43

Shared File System (Manila)

Red Hat OpenStack Platform44

Designate* is similar to Amazon Route53, provides DNS-as-a-Service

Trove is similar to Amazon RDS – no longer available in Red Hat OpenStack Platform

They all provide high-level IaaS services, to reduce the effort of cloud adoption to users

Each service requires their own fine-tuning, and vendor-specific configuration (or license)

Requires network and storage planning

Very useful when tenants require standarized service offerings and a seamless user experience

Drastically reduce service requests (happier developers)

Trove: only available via preferred partner Tesora, they support many SQL and NoSQL backends

Designate backends: PowerDNS, BIND

Designate*, Trove (via Tesora)

Operato r viewTe

nant

vie

w

*Tech Preview features are subject to change in GA release

Red Hat OpenStack Platform

Director

Red Hat OpenStack Platform46

Red Hat OpenStack Platform Director

● Based on TripleO● Graphical Interface● Deployment Validations● Simplified Control Plane HA● Default roles● Composable roles● Custom Services

● Generic node deployment (separate hardware deploy phase)

● Automatic hardware profile tagging● Post-deployment customizations● Scaling, Updating and Upgrading● 3rd party integration

Red Hat OpenStack Platform47

Red Hat OpenStack Platform DirectorAPI driven deployment (and management) of Red Hat OpenStack Platform, allows CloudForms integration

Safely upgrade and update production OpenStack deployments

Configuration stored as YAML code, where Operator configure the datacenters attributes accordingly (e.g VLAN, IP ranges). CLI based on standard OpenStack interfaces.

Leverages best practices and reference architectures from our extensive field experience.

Out-of-the-box Control Plane HA thanks to Pacemaker. External load balancer support.

Ceph deployment and configuration as storage backend. Can connect to existing Ceph.

Supported partner hardware integration (Ironic, Cinder, Neutron)● Cisco UCS, Dell, Intel, HP, Fujitsu, SeaMicro, and Open CloudServer

● Cisco Nexus 1000v (networking) and other SDNs

● Netapp Data ONTAP (Cinder storage) and other Storage

Red Hat OpenStack Platform48

Scales to hundreds of nodes, automating the whole hardware lifecycle.

Ready state configuration for selected hardware, that automatically configures RAID, BIOS, Network bonding, etc.

Pattern-based automatic discovery and selection of appropriate nodes from hardware inventory. Automatic Health Check can execute performance test before deployment to identify possible misconfigurations or faulty servers.

Ability to validate installation post deployment using Tempest.

Easy to scale up and down - add compute and storage capacity (see deployment limits)

Enhanced management via CloudForms, for both tenants and administrators.

Director: building scalable clouds

Red Hat OpenStack Platform49

Director is based on upstream OpenStack deployment program – TripleOOperator uses a Undercloud OpenStack installation to deploy/update the Production OpenStack Overcloud via Heat and Ironic. See these two blog posts.

TripleO: OpenStack on OpenStack

Red Hat OpenStack Platform50

Director Graphical User Interface (undercloud)

Red Hat OpenStack Platform51

Director Validations (undercloud)

Ansible-driven solution to catch potential hardware, networking and deployment issues will reduce deployment failures

Simplify the burden on IT staff by providing recommended configuration solution settings when issues are detected

Help customers to achieve production-ready deployments through entire process● Pre-installation (prior to starting deployment) ● During installation – RHOSP 11+● Post-installation (checks after deployment)● Upstream project: http://docs.openstack.org/developer/tripleo-validations/

Red Hat OpenStack Platform52

Uses the Heat service of the Undercloud OpenStack installation to trigger deployments, updates, upgrades and scaling in/out.Inventory of nodes via Ironic and a discovery live systemHeat requests Ironic to bootstrap the servers (controller, compute, storage), via IPMI for power management and PXE provisioning network.Nova and Neutron keeps track of the details (e.g server Ips)Once deployed, Director returns the Overcloud credentials file (overcloudrc)

Director TripleO: Lifecycle

Red Hat OpenStack Platform53

Other installation options

● Packstack:● Only for Development and small PoCs● Lacks upgrades, integration, validation● Not recommended in general● https://access.redhat.com/articles/2477851

● https://access.redhat.com/articles/1140323

● QuickStart Cloud Installer● Unified UI to deploy Red Hat Virtualization,

Red Hat OpenStack Platform and Red Hat Cloudforms, from a central Red Hat Satellite server.

● Uses Director under the hood

Red Hat OpenStack Platform54

Default Roles (Ref.Arch)5 default roles:

● Controller● Compute● Storage node (cinder)● Ceph node (OSD)● Swift node

2 set of templates as reference: ● 1 controllers, N compute, no ceph (external NFS),

VLAN networks● 3 controllers, N compute, 3+ ceph (Mon+OSD),

VXLAN networks (preferred for production)Operators can easily customize and override with their own templates

Underlying puppet modules can also be customized

Further tuning available as post-installation scripts

Red Hat OpenStack Platform55

Control Plane High Availability Most OpenStack HA services and VIPs must be launched/managed by Pacemaker or HAProxy. However, some can be managed via systemctl thanks to the simplification of pacemaker constraints introduced in version 9 and 10.

Red Hat OpenStack Platform56

Composable Roles and Custom ServicesImportant: only new OSP10 deployments can have composable roles or new custom services. It cannot upgrade OSP9 “monolithic” to OSP10 “composable”, nor it cannot change OSP10 “monolithic” to “composable”. This is a roadmap item for OSP11

Red Hat OpenStack Platform57

NFV Installations with DirectorDirector can define advanced resource partitioning : NUMA/CPU pinning, Hugepages, IRQ isolation, etc)It also provide the required SR-IOV or OVS+DPDK configurations in Nova and Neutron

SR-IOV Deployment (DPDK guest) OVS+DPDK Deployment (DPDK guest)

Integration

Red Hat OpenStack Platform59

Co-engineered with RHEL

Windows Windows WindowsLinuxLinux

SUPPORTED GUESTS

OpenStack

RHEL + KVM Ceph OVS

Storage Network

SERVERS

Virtualization Security Ecosystem Network Storage

KVM Network Stack

Device Drivers

LINUX KERNEL

Security Enhanced Linux (SELinux)

Red Hat OpenStack Platform60

Ecosystem of certified Partner Plugins

List of certified components, Catalog of 3rd party products and Support policy

Specific portal for partners and detailed documentation with the certification instructions.

Red Hat OpenStack Platform61

SDN – Software Defined NetworkingDozens of SDN partners, Neutron certified

Director can automatically configure Cisco, Nuage, PLUMgrid. More to come

Two main models:● Software centric - hardware is general-purpose

● Hardware centric - specific network hardware is required

Can extend Neutron via ML2 drivers, core plugins or advanced services.

Red Hat OpenStack Platform62

Integration with CloudFormsTwo complementary options:

● OpenStack workload management (w/ Red Hat OpenStack Platform) ● admin/tenant facing

● OpenStack infrastructure management (w/ director)● operator facing● correlation with Red Hat OpenStack Platform deployment

● deployment details, service monitoring, drift history● scaling

● power of combining policies and infrastructure management

For more information, visit the QuickStart Guide or this series of videos

Red Hat OpenStack Platform63

Management and operations via CloudFormsSee the following videos for more examples

● Power, Provision & Console: https://youtu.be/ByeCXMM-5z4 ● Capacity and Utilization: https://youtu.be/Qe-sDxENXF8 ● SmartState and Genealogy: https://youtu.be/ysMDeqSddQ4 ● Manual Scale: https://youtu.be/vzO90uuRjO8 ● OverCloud AUTO Scale: https://youtu.be/bcJo7Bj7ho4 ● Heat/Cloudformations Templates: https://youtu.be/qiKrrGi51HU

Red Hat OpenStack Platform64

Integrated with Red Hat Ceph StorageDefault backend for Red Hat OpenStack Platform, which now comes with 64TB of Ceph Enterprise

Manual installation of Red Hat Storage Console available (Ceph 2 management tool)

Ceph Rados Object Gateway can be enabled by Director (as an option)

Director can connect to an externally-managed Ceph cluster. It can also install/deploy/update Ceph

Red Hat OpenStack Platform65

OpenDaylight *Minimalistic release, not meant to compete with SDN vendors (Tech Preview)

Main focus is on providing NetVirt and SFC for OpenStack by using the OpenDaylight ML2 plug-in

Latest OpenDaylight release (Boron SR1 – estimated Jan 2017), deployed via Director

Feature List: ● Distributed L2: VLAN, NVGRE, VXLAN

● Distributed L3: east/west routing, floating IPs

● No support for NAPT (aka SNAT)

● No support for IPv6

● DHCPv4 using Neutron’s DHCP agent

● Network namespaces with dnsmasq

● Metadata (cloud-init) support through DHCP namespace

● Security-groups when OVS Conntrack * enabled

● Supports Neutron port-security extensions

● Simplified architecture; no l2-agent or l3-agent

*Tech Preview features are subject to change in GA release

Red Hat OpenStack Platform66

Operational Tools OverviewClients/Agents are now fully supported in Red Hat OpenStack Platforms (except collectd – Tech Preview).

The server packages are kept on an upstream community repo (CentOS OpsTools SIG), with Ansible playbooks for a easy but manual install

Performance/Capacity Centralized Logging Availability Monitoring

Red Hat OpenStack Platform67

Operational Tools in DetailCentralized Logging Suite

● Centralized EFK Stack: Fluentd, Kibana and ElasticSearch● All nodes come with a fluentd log collection agent

Availability Monitoring Suite● Sensu (for alert monitoring) and Uchiwa (for web UI)● Redis and RabbitMQ as backends● All nodes can be deployed with a Sensu monitoring agent● Better alternative to Nagios+NRPE (which are also supported)

Performance Monitoring Suite● Graphite (for metric collection) and grafana (for web UI)● All nodes can be deployed with a collectd agent * (Tech Preview)

It is recommended to host the management Server on a node outside of the OpenStack installation

*Tech Preview features are subject to change in GA release

Red Hat OpenStack Platform68

Red Hat Identity ManagementFor advanced features like LDAP Authentication and password policies, Single Sign On *, Federated Identity *, TLS Certificate management, etc. More information in Red Hat OSP+IDM documentation

*Tech Preview features are subject to change in GA release

Red Hat OpenStack Platform69

Insights and Red Hat AccessThe Red Hat Access tab in Horizon allows you to search for and read articles or solutions from the Red Hat Customer Portal, view logs from your instances and diagnose them, and work with your customer support cases.

Red Hat® Insights increases visibility into IT environments and provides trusted guidance to help businesses avoid disruption and optimize performance of their IT operations.

Red Hat OpenStack Platform provides Insights integration as an option out of the box.

Red Hat OpenStack Platform70

SatelliteIntegration with Satellite 6 enables advanced management of node content (packages):

● subscription management (for Satellite 5, only through RHN channels),● review of content (packages) on nodes,● new content notification, errata overview,● management of which packages are available to nodes.

It can also provision nodes on Red Hat OpenStack automatically, see Provisioning Guide

For certain SKUs with RHEL guest support (or for Virtual Datacenter), the use of virt-who can also help with subscription management

Red Hat OpenStack Platform71

OpenShift Container Platform as a workloadRed Hat does not support upstream projects that offer limited management for container platforms to tenants as new OpenStack APIs (like Magnum, Murano).

Red Hat has a complete Reference Architecture, easy to install, for OpenShift Container Platform as a guest:● Kubernetes integrates with OpenStack Networking and Storage.

● Automatically provision kubernetes nodes via the OpenStack cloud provider plug-in (kubelet --cloud-provider=openstack ).

● Check out the Red Hat Cloud Suite for an integrated product.

https://access.redhat.com/articles/2743631

Red Hat OpenStack Platform72

Ansible Core and Ansible TowerAnsible Core supports native OpenStack orchestration since 2.0 via the shade library (examples here), as a simple alternative to Heat templates

Ansible Tower brings more advanced features● Heat can define WaitConditions to hook with Tower and

pause/resume a Heat template until it receives a API callback from Tower

● Tower can dynamically discover openstack instances, remove old ones

● More powerful than cloud-init, easier than puppet

More examples in this excellent blog post

Red Hat OpenStack Platform73

Red Hat Cloud Suite

Advanced Topics

Red Hat OpenStack Platform75

NFV – Network Functions Virtualization

Red Hat NFV Solution is based on 100% Open-Source components, also certified VNFs

Extensive Partner Ecosystem for a production-ready, supported ETSI NFV compliant platform

Extensively documented in our Documentation page and Telco

Red Hat OpenStack Platform76

Hyper Converged Infrastructure*Co-locates Ceph OSDs in the Compute nodes

Requires NUMA and performance tuning  https://pnt.redhat.com/pnt/p-971153/

Previous Reference Archiecture to automatically deploy HCI via Director and Ceph-ansible, with OSP8 and Ceph1.3, with the above tuning included:   https://pnt.redhat.com/pnt/p-1088663/

*Tech Preview features are subject to change in GA release

Red Hat OpenStack Platform77

Neutron: DVR

Red Hat OpenStack Platform78

Neutron: DVRDistributed Virtual Routing, with ML2/OVS, makes Compute node

● Route east/west L3 traffic locally (better scale, no congestion) ● Perform NAT for floating IPs ● Respond to cloud-init/metadata service ● However, DHCP and Default SNAT (PAT) are still centralized

Director: single option to choose centralized routing (default) or DVR ● Customers are encouraged to review pros/cons of each and choose based on their topology

and workload requirements. ● See documentation (here and here) for caveats/considerations, e.g:

● External network connectivity in required on each Compute node for DVR● IPv6 traffic is still centralized, even if DVR is enabled● L3HA won’t work (until OSP11)

Red Hat OpenStack Platform79

Rally

Benchmarking tool that automates and unifies multi-node OpenStack deployment, cloud verification, benchmarking and profiling. It can be used as a basic tool for an OpenStack CI/CD system that would continuously improve its SLA, performance and stability. It consists of the following core components:

● Server Providers - provide a unified interface for interaction with different virtualization technologies and cloud suppliers. It does so via ssh access and in one L3 network

● Deploy Engines - deploy an OpenStack distribution before any benchmarking procedures take place, using servers retrieved from Server Providers

● Verification - runs specific set of tests against the deployed cloud to check that it works correctly, collects results & presents them in human readable form

● Benchmark Engine - write parameterized benchmark scenarios & run them against the cloud.

Performance Guide available (currently about Red Hat OpenStack Platform version 7)

Open source project Browbeat: a set of scripts and Ansible playbooks to help determine different performance characteristics of OpenStack

*Tech Preview features are subject to change in GA release

Red Hat OpenStack Platform80

Containerized OpenStack infrastructure*Who does this help? OpenStack Administrators. End-users get no benefit from a containerized Host

Currently: Containerized Compute nodes (Tech Preview)● Openstack components and dependencies packaged as dockerfiles

● Uses RHEL Atomic as host OS. Cannot be upgraded with Director.

Red Hat is working on a roadmap for fully-containerized OpenStack ● Faster updates and upgrades (even CI/CD)

● Limited rollback capabilities (depends on upstream project)

● Easier management of HA dependencies, troubleshooting

● Most technical challenges involve improvements to Kubernetes networking and baremetal deployment

● Goal is to offer automatic upgrade to hundreds of existing customers

*Tech Preview features are subject to change in GA release

Red Hat OpenStack Platform81Red Hat OpenStack Platform

Neutron features in Tech PreviewNeutron features available with manual configuration

Not fully supported yet

Automatic Network Topologies

Also called “get me a network”

Firewall - aaS

On-demand L3/L4 iptables-based gateway with custom firewall policies at the edgeRe-implemented in DVR

Conntrack-based firewall in OVS

Removes the need for integration bridges, better performance

Virtual Private Networks – aaS

On-demand IPSec/IKE policies, tunnel configuration based on LibreSWAN

Autonetwork

VPNaaS

FWaaS

Conntrack

*Tech Preview features are subject to change in GA release

Red Hat OpenStack Platform82Red Hat OpenStack Platform

Other features in Tech PreviewFeatures available with manual configuration

Not fully supported yet

Google Cloud Storage backup

Cinder driver to store volume backups, useful for Disaster Recovery

Red Hat Single-Sign-On

Helps configure Apache SAML provider for Keycloak

Nova Cells v2.0

Scale over hundreds of compute nodes with Nova API sgementation

Data At-Rest Encryption

Encrypts objects in the filesystem using AES in CTR mode with 256-bit keys

At-rest

SSO

Cells

*Tech Preview features are subject to change in GA release

Red Hat OpenStack Platform83

SR-IOVPartitions high-performance network cards (NIC) in Virtual Functions (VF), each with its own PCI IDs.

Some NICs support hardware-based VLAN tagging and other offload techniques (IOMMU, etc)

Nova doesn’t understand SRIOV VFs, so in the past it could only perform a basic PCI Passthrough

With Neutron, we can perform two things (not simultaneously, mutually exclusive)

● VF passthrough: Nova tells KVM to passthrough all IO from a VM to the unique PCI ID of the VF. Each active VM gets a fraction of NIC bandwidth

● PF passthrough: Nova will only allow one VM to use the NIC, thanks to passthrough of the root PCI ID. That VM gets all the physical bandwidth

VM must use the NIC-specific driver. More info here

Red Hat OpenStack Platform84

DPDK-Accelerated OVSThe Hypervisor now has a user-space only version of OVS accelerated by DPDK, transparent to tenants. It’s an alternative to classical OVS (kernel datapath)

It allocates a NIC and a CPU to execute the “Poll Mode Driver”, bypassing the kernel, dramatically increasing the overall performance

It achieves maximum throughput with low latency, even with small packet sizes, for both net-to-VM (uses VFIO) and VM-to-VM traffic (uses virtio vhost-user)

Requires hugepages and CPU pinning

No security-groups, linux-bridge, QoS, etc

Flat or VLAN only. VXLAN not recommended

Only certain NICs supported

Deployed by Director in OSP10, from Fast Datapath repo

Red Hat OpenStack Platform85

Real-Time KVM*

* Testing available only to selected partners/customers

Predictable and deterministic scheduling of VM execution (VM should be RT too)

Runs on Red Hat Enterprise Linux for Real Time, which is a different kernel than regular RHEL.

Low average latency and no jitter for VM IO operations, like sending/receiving packets

Requires Hypervisor CPU isolation and NUMA pinning of devices: one socket for housekeeping, one socket for Real-Time

Not integrated in Director yet as it requires careful capacity planning and resource reservation for the compute nodes.

*Tech Preview features are subject to change in GA release

Red Hat OpenStack Platform86

VMWare support

Red Hat OpenStack Platform supports the VMware vCenter hypervisor driver.

See the VMware Integration Guide

Networking must be provided by a combination of either Neutron/NSX or Neutron/Nuage https://access.redhat.com/articles/2172831

Red Hat does not provide support for other Compute virtualization drivers such as the deprecated VMware "direct-to-ESX" hypervisor, and non-KVM libvirt hypervisors.

Red Hat OpenStack Platform87

Summary of Tech Preview Features

For the official list of Tech Previews per version, visit the Release Noteshttps://access.redhat.com/documentation/en/red-hat-openstack-platform/10/single/release-notes/

https://access.redhat.com/documentation/en/red-hat-openstack-platform/9/single/release-notes/

https://access.redhat.com/documentation/en/red-hat-openstack-platform/8/single/release-notes/

THANK YOUplus.google.com/+RedHat

linkedin.com/company/red-hat

youtube.com/user/RedHatVideos

facebook.com/redhatinc

twitter.com/RedHatNews