Integrating VMware with OpenStack

Experiences from the trenches

Simon BriggsEMEA Cloud Technical Strategist at SUSEsimon@suse.com

Orhan AliciSales Engineer SUSE Beneluxorhan.alici@suse.com

We talked about this…...

2

Cloud MUST be for more than New!

● Services cannot be delivered at scale without Industrialisation

● Software Defined is the key

BUT……...

● All but the newest organisations have invested in established technology stacks

● Unrealistic to restart from year Zero

SO ……..

● Traditional Services must benefit from the Cloud

At OpenStack Summit Austin 2016 this was recognised by Jonathan Bryce3

But isn’t OpenStack all about NEW?

4

● YES

● In the 2016 OpenStack User survey 93% of respondents use KVM

● Only 8% use ESX

BUT……..

● Docker was only 9%

● If following the “Think Big but start Small” model, new workloads that suite KVM will be first onto OpenStack

● SUSE’s experience is most organisations want to prove VMWare investment can be integrated

What VMWare Offers?

● VMWare have integration for ESXi to OpenStack NOVA

● Only via vCenter

● Available from V4.1 though V5.1 (update 1) exposed most functionality

● All resources in VMWare seen as a pool

*Only one integration per OpenStack instance is supported

This means all logic for workload placement within Hypervisor Farm is absolved from OpenStack to VMWare

5

Watch your step though!

● Only one vCenter link is single point of failure

● Full DRS must be enabled for resilient Instances

● API does not expose more advanced features

● VMWare do not support combination of OpenStack managed and VMWare Managed VM’s

● OpenStack must be single version of the truth

● VMWare Glance Images must move to ESX host

● Only shared storage for DataStores is supported

6

See:http://docs.openstack.org/liberty/config-reference/content/vmware.html

Glance to the DataStore

● Hypervisor Needs VM’s to exist in DataStores (VMFS) for ESXi to read

● Copy of Image from Glance (non VMFS) via network can be slow

● Caching after initial copy helps

● Format of the VMDK has impact, convert to thin provisioned or preallocated disk before loading it to Glance,

– Use qemu-img util see http://docs.openstack.org/image-guide/convert-images.html

● For shared cache location define cache_prefix variable in the nova.conf

● Recommended to boot VM as Linked Clone

8

Networking

VMWare API supports two networking methods:

● Nova-networking – Managed via either FlatManager or FlatDHCP Manager OpenStack network managers.

● Danger here is no L2 VM isolation between hosts. ● To configure create port group with same name as the flat_network_bridge

value in the nova.conf file and bind it as ephemeral

● OpenStack Networking managed with VLANmanager. Must create Port Group named vmware.integration_bridge value in nova.conf (default is br-int), we suggest using VLAN 500 for the 192.168.123.0 network, with security settings - “Promiscuous Mode set to Override Accept” and “MAC Address Changes Override Access Accept”

● NOTE OpenStack Security Groups (effectively a software firewall for VM’s) only available if OpenStack Networking Service is used with NSX

9

Security

● For VNC access to the VM’s you need to modify the ESXi firewall but for these to persist you will need to create a vSphere Installation Bundle (VIB) and apply this to the ESXi server builds. See VMWare documentation for details.

● The vCentre service account does need minimum permissions applied at the Datacentre root object with the setting to Propagate to Child Objects set.

10

11

● Note that the VMWare API ignores Instance name template, so the VM will have a driver generated name

● Nova.conf: recommended to change reserved_host_memory_mb option value to 0 from 512 MB and

● It is good practice to periodically urge unused images from Glance via the nova.conf settings:

– “remove_unused_base_images” = TRUE

– This uses “remove_unused_original_minimum_age_seconds” setting for how long image is dormant

Enter the Chameleon

12

SUSE OpenStack Cloud

Using the Crowbar installation framework you can set-up a VMWare and KVM compute tier rapidly.

13

SUSE OpenStack Cloud

Then Enter the variables for the vCenter

● Note: This node acts as single node proxy for vCenter link. To make HA set a VMWare base Compute Node (DRS will deal with it ;0)

14

Deployment UI

Admin Server

SUSE Linux

Chef Server

Crowbar

Software mirror

DHCP/TFTP

Control Node

SUSE Linux

Database

Message queue

Identity

Image store

Cinder

Neutron

Dashboard

Scheduler

Other

Hyper-V

OpenStack compute

IBM System Z

OpenStack compute

SUSE Linux

OpenStack compute +

Vmware Proxy

SUSE Linux

KVM/XEN/DockerOpenStack

compute

Cloud UI

z/VM

SUSE OpenStack Cloud VMWare Proxy

Appendix

16

Configure New vCenter Cluster

Create Port Group – Step 1

Create Port Group – Step 2

Create Port Group – Step 3

Check Port Group

Set VMnics to fail-over

Set Security on Port Group

Unpublished Work of SUSE. All Rights Reserved.This work is an unpublished work and contains confidential, proprietary, and trade secret information of SUSE. Access to this work is restricted to SUSE employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of SUSE. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. SUSE makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for SUSE products remains at the sole discretion of SUSE. Further, SUSE reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All SUSE marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

+49 911 740 53 0 (Worldwide)www.suse.com

Corporate HeadquartersMaxfeldstrasse 590409 NurembergGermany

Join us on:www.opensuse.org