Bootstrapping OpenStack to the requirements of a typical, corporate IT department. It may be straightforward to start using OpenStack out of the box; fitting OpenStack to corporate IT with its many compliance and security standards can, however, present some challenges.
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Openstack meetup: Bootstrapping OpenStack to Corporate IT
1.
2. Agenda OpenStack adoption for Mirantis IT Mirantis IT overview Integration with legacy LDAP Advanced Network features Disaster recovery mechanisms OpenStack development in Mirantis Community roadmap
3. Mirantis IT overview 5 sites around the world 4-6 servers in each site Bunch of projects with its own requirements Single users/projects authentication
16. LDAP auth Current OpenStack support: Management of users Management of projects Management of roles
17. LDAP auth Current OpenStack support: Management of users Management of projects Management of roles Issue: Supportofexisting accounts managementsystem (GOsa)
18. LDAP auth Current OpenStack support: Management of users Management of projects Management of roles Issue: Supportofexisting accounts managementsystem (GOsa) Solution: GOsaplugin https://github.com/Mirantis/gosa-openstack.
25. Public IPs, FlatDHCP Goal: Assign public IP addresses to VMs Make VMs routable from Internet Allow one of the network IP be set on the router to use OSPF
26. Public IPs, FlatDHCP Goal: Assign public IP addresses to VMs Make VMs routable from Internet Allow one of the network IP be set on the router to use OSPF Issue: FlatDHCP manager assigns the first IP of net to the bridge and leases all other IPsforVMs
27. Public IPs, FlatDHCP How to configure/fix: Add in nova.conf: --public_interface=em1 --flat_interface=em1.89 Assign any IP of net except the first one to router IP to use OSPF Mark this IP in the database as “reserved”: UPDATE `nova`.`fixed_ips` SET `reserved` = '1' WHERE `fixed_ips`.`address` ="x.x.x.x";
28. VlanManager modifications Goal: Run private cloud on the Vlan’ed network with limitations: 1st,2nd,3rd IP addresses are reserved for VRRP First IP is default gateway for the network
29. VlanManager modifications Goal: Run private cloud on the Vlan’ed network with limitations: 1st,2nd,3rd IP addresses are reserved for VRRP First IP is default gateway for the network Issues with current implementation: 1st IP address is assigned to the bridge Bridge IP is used as default gateway for VMs
30. VlanManager modifications Goal: Run private cloud on the Vlan’ed network with limitations: 1st,2nd,3rd IP addresses are reserved for VRRP First IP is default gateway for the network Issues with current implementation: 1st IP address is assigned to the bridge Bridge IP is used as default gateway for VMs We changed: Fourth IP is assigned to the bridge First IP for default VMs gateway
34. Disaster recovery To recover VM, run ./nova-compute <instance_id> Seeblogpost at bit.ly/lb4wJ9
35. OpenStackDisasterRecoverySummary Addressed compute node failures with custom script Our script still has limitations CloudControllerfailures are a problem under research For instance, no highly available networking No current self-healing mechanisms
38. OpenStack Modifications Summary VNC console via browser RPMs Nova, Glance, Dashboard for Fedora Injection server info and DNS records into existing LDAP
39. OpenStack Modifications Summary VNC console via browser RPMs Nova, Glance, Dashboard for Fedora Injection server info and DNS records into existing LDAP Assignment network to the project manually
40. OpenStack Modifications Summary VNC console via browser RPMs Nova, Glance, Dashboard for Fedora Injection server info and DNS records into existing LDAP Assignment network to the project manually Projects support in nova client
41. OpenStack Modifications Summary VNC console via browser RPMs Nova, Glance, Dashboard for Fedora Injection server info and DNS records into existing LDAP Assignment network to the project manually Projects support in nova client LDAP speed up
42. OpenStack ModificationsSummary VNC console via browser RPMs Nova, Glance, Dashboard for Fedora Injection server info and DNS records into existing LDAP Assignment network to the project manually Projects support in nova client LDAP speed up Instance name in Dashboard Launch dialog
43. OpenStack Modifications Summary VNC console via browser RPMs Nova, Glance, Dashboard for Fedora Injection server info and DNS records into existing LDAP Assignment network to the project manually Projects support in nova client LDAP speed up Instance name in Dashboard Launch dialog FQDN based on instance name
53. Lessons Learned Have to get your hands dirty to understand OpenStack limitations OpenStack development != Python programming Go to production early
54. Where to find our work https://code.launchpad.net/~mirantis https://github.com/Mirantis http://mirantis.blogspot.com/