openstack meetup: bootstrapping openstack to corporate it

Agenda

• OpenStack adoption for Mirantis IT• Mirantis IT overview• Integration with legacy LDAP• Advanced Network features• Disaster recovery mechanisms

• OpenStack development in Mirantis• Community roadmap

Mirantis IT overview

• 5 sites around the world• 4-6 servers in each site• Bunch of projects with its own requirements• Single users/projects authentication

Mirantis IT Requirements

Requirement OpenStack support

Availability Zones limited




Multiple NICs no




Multiple NICs no

Disk and flavor resize no




Multiple NICs no


VMs info in LDAP no




Multiple NICs no


VMs info in LDAP no

VNC via browser yes




Multiple NICs no


VMs info in LDAP no

VNC via browser yes

Instance snapshotting yes




Multiple NICs no


VMs info in LDAP no

VNC via browser yes


Specify node to run instance on limited




Multiple NICs no


VMs info in LDAP no

VNC via browser yes



Quotas limited




Multiple NICs no


VMs info in LDAP no

VNC via browser yes



Quotas limited

RPM packages for Fedora yes




Multiple NICs no


VMs info in LDAP no

VNC via browser yes



Quotas limited

RPM packages for Fedora yes

Requested disk space in root partition no

Deployment schema

Key bottlenecks

• Integration with existing LDAP• Advanced Network features• Disaster recovery mechanisms

LDAP auth

Current OpenStack support:• Management of users• Management of projects• Management of roles

LDAP auth


Issue:• Support of existing accounts management system

(GOsa)

LDAP auth


Issue:• Support of existing accounts management system

(GOsa)

Solution: GOsa plugin https://github.com/Mirantis/gosa-openstack.

https://github.com/Mirantis/gosa-openstack

https://github.com/Mirantis/gosa-openstack

LDAP server info injection

Created Server in GOsa

Results

• LDAP authentication and authorization• DNS records are managed by existing LDAP

schema• Access to VMs is granted based on existing LDAP

mechanisms

Key bottlenecks

• Integration with legacy LDAP• Advanced Network features• Disaster recovery mechanisms

OpenStack networking

Supported topologies:• Flat• FlatDHCP• VlanManager

Public IPs, FlatDHCP

Goal:• Assign public IP addresses to VMs• Make VMs routable from Internet• Allow one of the network IP be set on the router

to use OSPF


Goal:• Assign public IP addresses to VMs• Make VMs routable from Internet• Allow one of the network IP be set on the router

to use OSPFIssue:• FlatDHCP manager assigns the first IP of net to

the bridge and leases all other IPs for VMs


How to configure/fix:• Add in nova.conf:

--public_interface=em1

--flat_interface=em1.89

• Assign any IP of net except the first one to router IP to use OSPF

• Mark this IP in the database as “reserved”:UPDATE `nova`.`fixed_ips` SET `reserved` =

'1' WHERE `fixed_ips`.`address` ="x.x.x.x";

VlanManager modifications

Goal:Run private cloud on the Vlan’ed network with limitations:• 1st,2nd,3rd IP addresses are reserved for VRRP• First IP is default gateway for the network


Goal:Run private cloud on the Vlan’ed network with limitations:• 1st,2nd,3rd IP addresses are reserved for VRRP• First IP is default gateway for the networkIssues with current implementation:• 1st IP address is assigned to the bridge• Bridge IP is used as default gateway for VMs


Goal:Run private cloud on the Vlan’ed network with limitations:• 1st,2nd,3rd IP addresses are reserved for VRRP• First IP is default gateway for the networkIssues with current implementation:• 1st IP address is assigned to the bridge• Bridge IP is used as default gateway for VMsWe changed:• Fourth IP is assigned to the bridge• First IP for default VMs gateway

Results

• Patch OpenStack to support public IP addresses in the context of existing IT setup

• Create a workaround, given first 3 IPs were unavailable

Key bottlenecks

• Integration with legacy LDAP• Advanced Network features• Disaster recovery mechanisms

Compute node failure

Disaster recovery

Possible scenario Status

Compute node has crashed or rebooted,we want to rerun VM on it

implemented

Compute node has crashed or rebooted,we want to rerun VM on another node with shared storage

implemented

Before node crash VM was migrated on it,we want to rerun VM on it or another node with shared storage

In progress

See blogpost at

bit.ly/lb4wJ9

To recover VM, run./nova-compute <instance_id>

http://bit.ly/lb4wJ9

http://bit.ly/lb4wJ9

OpenStack Disaster Recovery Summary

• Addressed compute node failures with custom script• Our script still has limitations

• CloudController failures are a problem under research• For instance, no highly available networking

• No current self-healing mechanisms

OpenStack Modifications Summary

• VNC console via browser


• VNC console via browser• RPMs Nova, Glance, Dashboard for Fedora


• VNC console via browser• RPMs Nova, Glance, Dashboard for Fedora• Injection server info and DNS records into existing

LDAP



LDAP• Assignment network to the project manually



LDAP• Assignment network to the project manually• Projects support in nova client



LDAP• Assignment network to the project manually• Projects support in nova client• LDAP speed up



LDAP• Assignment network to the project manually• Projects support in nova client• LDAP speed up• Instance name in Dashboard Launch dialog



LDAP• Assignment network to the project manually• Projects support in nova client• LDAP speed up• Instance name in Dashboard Launch dialog• FQDN based on instance name

Roadmap

Requirement OpenStack MirantisBoot from Block Storage In progress In progress

Roadmap

Requirement OpenStack MirantisBoot from Block Storage In progress In progressLive Migration over non-shared storage In progress In progress

Roadmap

Requirement OpenStack MirantisBoot from Block Storage In progress In progressLive Migration over non-shared storage In progress In progressLDAP identity store for Keystone Planned In progress

Roadmap

Requirement OpenStack MirantisBoot from Block Storage In progress In progressLive Migration over non-shared storage In progress In progressLDAP identity store for Keystone Planned In progressRequested disk size should be in root partition, not as additional block device

? In progress

Roadmap


? In progress

Self-healing ? Planned

Roadmap


? In progress

Self-healing ? PlannedFlavor and disk resize Planned Planned

Roadmap


? In progress


Several networks per project Will be in Diablo Planned

Roadmap


? In progress



Availability Zones support from nova client, Dashboard

? Planned

Roadmap


? In progress



Availability Zones support from nova client, Dashboard

? Planned

Live migration between projects ? Planned

Lessons Learned

• Have to get your hands dirty to understand OpenStack limitations

• OpenStack development != Python programming• Go to production early

Where to find our work

• https://code.launchpad.net/~mirantis• https://github.com/Mirantis• http://mirantis.blogspot.com/

https://code.launchpad.net/~mirantis

https://code.launchpad.net/~mirantis

https://github.com/Mirantis

https://github.com/Mirantis

http://mirantis.blogspot.com/



openstack meetup: bootstrapping openstack to corporate it

Technology