Course Outline

1. Introduction to OpenStack

  • History of the cloud and OpenStack
  • Cloud features
  • Cloud models
    • private, public, hybrid
    • on-premise, IaaS, PaaS, SaaS
  • Public and private cloud deployments based on OpenStack
  • Open source and commercial OpenStack distributions
  • OpenStack deployment models
  • OpenStack ecosystem
    • Modules
    • Underlying tools
    • Integrations
  • OpenStack lifecycle
  • OpenStack certification
  • OpenStack lab (VM) for this course

2. Hands-on OpenStack administration workshop 

  • Getting to know OpenStack 
    • OpenStack components (Keystone, Glance, Nova, Neutron, Cinder, Swift, Heat)
    • Interaction with OpenStack cloud
    • OpenStack daemons and API communication flow
  • Keystone - Identity management service
    • Keystone architecture
    • Authentication and available backends
    • Token types and token management
    • Authorization in OpenStack - roles and oslo.policy
    • Keystone resources - domains, projects, users
    • Openrc and clouds.yaml - CLI clients configuration
    • OpenStack service catalog
    • Adding new OpenStack service
    • Quota system in OpenStack
  • Glance - Image service
    • Images adjusted to the cloud
    • Image features (properties, metadata, format, container)
    • Uploading and downloading image
    • Sharing images
    • Glance image stores
    • Protected images
    • Manage quotas for image service
    • Verification of Glance services
  • Neutron - Networking
    • Architecture and Neutron services
    • The ML2 plugin
    • Networking in compute node - analysis
    • Networking concepts and tools used by Neutron
    • Basic Neutron network resource types
    • Manage tenant networks, subnets, 
    • Manage security groups and rules
    • East-West routing
    • Network namespaces
    • Manage external/provider networks
    • North-South routing
    • Floating IPs management
    • Role-based access control in Neutron
    • Manage network quotas
    • Internals of SDN and NFV (iptables, ip route, OVS)
    • Basic network troubleshooting (namespaces, tcpdump, etc.)
    • Networking quotas
    • Verification of Neutron services
  • Nova - Compute service
    • Interfaces to hypervisors
    • Keypair management
    • Flavour management
    • Flavors and CPU topology
    • Instance parameters
    • Creating an instance
    • Verification of spawned instances
    • Snapshotting
    • Instance management
    • Resizing instances
    • Assigning floating IPs
    • Interactive console and console log
    • Security groups assignment
    • Internals of security groups and port-security features (iptables)
    • Internals of L3 routers
    • Compute quotas
    • Getting statistics from Nova
    • Placement API and Nova Cells v2
    • Placement API and instance scheduling
    • Placement API client commands
    • Verification of Nova services
  • Cinder - Block Storage
    • Volume parameters
    • Creating volume
    • Manage volume
    • Attaching volume to Nova instance
    • Managing volume snapshots
    • Managing volume backups
    • Internals of snapshots and backups in Cinder
    • Transferring volumes between projects
    • Restoring backups
    • Managing volume quotas
    • Adding new storage backend
    • QoS in Cinder
    • LVM, storage array and Ceph storage backends
    • Ceph in OpenStack
    • Integrating Ceph and Cinder
    • Good practices for Ceph deployments
    • Verification of Cinder services
  • Barbican - Key Management Service
    • Barbican architecture
    • Storing passphrases
    • Generating and storing symmetric encryption keys
    • Volume encryption mechanisms
    • Configuring Cinder storage type for volume encryption
    • Limitations of volume encryption
    • Storing X.509 certificate bundles
  • Swift - Object Storage
    • Swift components and processes
    • Managing containers and objects
    • Managing access control lists
    • Setting up object expiration
    • The Ring and storage policies
    • Monitoring available storage space
    • Setting up quotas
    • Verification of Swift services
  • Heat - Orchestration
    • Heat Orchestration Template and its components
    • Creating Heat stack
    • Verification of Heat stack
    • Updating Heat stack
    • Verification of Heat services
  • Basic troubleshooting
    • Analyzing log files
    • Centralized logging
    • Debugging OpenStack client queries
    • Managing OpenStack database
    • Extracting information from service databases
    • Backing up OpenStack
    • Analyzing compute node status
    • Analyzing instance status
    • Troubleshooting instances at the compute node (libvirt)
    • Analyzing AMQP broker (RabbitMQ)
    • Troubleshooting RabbitMQ
    • Metadata services
    • General way of diagnosing OpenStack issues
    • Troubleshooting network problems
    • Troubleshooting network performance
    • Instance backup and recovery

2. Advanced Topics

  • Octavia - Load Balancing-as-a-service
    • Architecture
    • Objects and request flow
    • Octavia flavors
    • Octavia Availability Zones
    • Creating the HTTP load balancer
    • Creating the TCP load balancer
    • Creating HTTPS passthrough load balancer
    • Listeners, Pools and Health Monitors
    • Layer 7 load balancing in Octavia
    • Building Amphora image
    • LB Failover
    • Networking and Monitoring details
    • Troubleshooting Octavia
  • Hardware considerations and capacity planning
    • Compute hardware
    • Network design
    • Storage design
    • Flavour sizing
    • Resource overcommitment
  • Highly Available control plane
    • HA in OpenStack services
    • HA database
    • HA message queue
    • Active-Active vs Active-Passive deployments
    • Multi-region deployments
  • Cloud partitioning and scheduler filters
    • Why and how implement cloud partitions (host-aggregates)
    • Nova scheduler filters
    • Dive into filter's code
  • Workload migration
    • Cold and live migration
    • Live migration tweaking
    • Migration excercises and troubleshooting
  • Policies and authorization in OpenStack
    • Oslo.policy
    • Creating a new meaningful role with policy files
    • Verifying API access for the specific user
  • In-depth OpenStack networking (SDN) (2-3h)
    • Types of network (local, flat, vlan, vxlan, gre)
    • Detailed netowork flow and architecture in various neutron deployments
      • East-West traffic in tenant networks
      • North-South traffic in tenant networks
      • Traffic in provider-only deployments
    • Neutron plugins
      • Linux Bridge
      • Open vSwitch
    • OVS troubleshooting and excercises
    • Troubleshooting security groups (iptables, tcpdump)
    • Port-security adjustments and vIP management
    • Distributed Virtual Routers
    • LBaaS + Octavia project
    • VPNaaS
  • OpenStack monitoring and telemetry
    • Ceilometer service
    • External monitoring
  • Advances cloud/hypervisor features
    • CPU pinning / NUMA architecture
    • SR-IOV
  • Cloud-init and image customization
    • Metadata Service
    • Getting information from metadata service
  • Block storage backends
    • LVM
    • Ceph RBD
    • Physical appliances
    • Storage network considerations
  • Upgrading OpenStack
    • Upgrade strategies and procedures
    • Zero-downtime upgrade
  • Bare-metal provisioning with OpenStack
    • Ironic module
    • Undercloud and overcloud concepts
  • Various excercises on troubleshooting OpenStack cluster
  • Example examination tasks
  • Future of OpenStack

Requirements

  • Basic Linux administration skills
  • Basic networking knowledge
  • Basic knowledge of cloud computing paradigm
 35 Hours

Number of participants



Price per participant

Testimonials (4)

Related Categories