Tweaking openstack

34
© 2013 Nebula, Inc. All rights reserved. Vishvananda Ishaya, Director of Open Source, Nebula Inc. Private Cloud Toolkit: Tweaking OpenStack

description

 

Transcript of Tweaking openstack

Page 1: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved.

Vishvananda Ishaya, Director of Open Source, Nebula Inc.

Private Cloud Toolkit:Tweaking OpenStack

Page 2: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved. 2

Who am I?• OpenStack Technical Committee

Member

• Started at NASA the dayNova was created

• Nova Technical Lead for thefirst two years of its existence

• Designed and deployed multipleprivate clouds with OpenStack

Page 3: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved.

The ProblemInsert photo here

Page 4: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved. 4

A Perfect World

$ _

Page 5: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved. 5

A Perfect World

$ (apt-get|yum) install openstack

Page 6: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved. 6

A Perfect World

$ (apt-get|yum) install openstack...

Page 7: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved. 7

A Perfect World

$ (apt-get|yum) install openstack...openstack installed successfully!$ _

Page 8: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved. 8

The Real World

$ _

Page 9: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved. 9

The Real World

$ (apt-get|yum) install openstack

Page 10: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved. 10

The Real World

$ (apt-get|yum) install openstackunknown command$ _

Page 11: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved. 11

The Real World

$ (apt-get|yum) install openstackunknown command$ _

Page 12: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved. 12

The Real World

$ (apt-get|yum) install openstackunknown command$ _

Page 13: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved. 13

The Real World

$ (apt-get|yum) install openstackunknown command$ _

Page 14: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved. 14

The Real World

$ _

Page 15: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved. 15

The Real World

$ git clone git::/github.com......$ cd devstack$ ./stack.sh

Page 16: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved. 16

The Real World

$ git clone git::/github.com......$ cd devstack$ ./stack.sh

Page 17: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved. 17

OpenStack is Configurable• Tiny to very large scale

• Pluggable backends

• Multiple components

Page 18: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved. 18

OpenStack is Configurable• Tiny to very large scale

• Pluggable backends

• Multiple components

WAT!?

Page 19: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved.

ChoicesInsert photo here

Page 20: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved. 20

Network Configuration• Neutron OVS

• Neutron Vendor

• Nova-network vlan

• Nova-network flat

Page 21: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved. 21

Hypervisor Choice• KVM

• Xen

• Hyper-V

• ESX

• Other

Page 22: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved. 22

Object Storage• Swift

• Ceph

Page 23: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved. 23

Block Storage Backend• Default LVM

• Ceph

• Solidfire

• Netapp

Page 24: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved. 24

Suggested Projects Small Scale• Compute (nova)

• Object Storage (swift)

• Image Service (glance)

• Identity (keystone)

• Dashboard (horizon)

• Networking (neutron)

• Block Storage (cinder)

• Metering (ceilometer)

• Orchestration (heat)

Page 25: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved. 25

• Compute (nova)

• Object Storage (swift)

• Image Service (glance)

• Identity (keystone)

• Dashboard (horizon)

• Networking (neutron)

• Block Storage (cinder)

• Metering (ceilometer)

• Orchestration (heat)

Suggested Projects Large Scale

Page 26: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved.

Nova TweaksInsert photo here

Page 27: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved. 27

Nova-network Tweaks• force_dhcp_release=true

• defer_iptables_apply=true

• multi_host=true

• share_dhcp_address=true

• dnsmasq_config_file=/path/to/file(configure dnsmasq to pass external gateway)

Page 28: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved. 28

Nova-compute Tweaks• force_raw_images=False

• use_cow_images=False

• resume_guests_state_on_host_boot=True

• running_deleted_instance_action=reap

Page 29: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved. 29

Network Stack Performance• Turn on jumbo frames

• Increase tx queue length

• Tweak guest tcp settings

• http://buriedlede.blogspot.com/2012/11/driving-100-gigabit-network-with.html

Page 30: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved.

SecurityInsert photo here

Page 31: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved. 31

Lock down the host machines• Normal linux hardening applies

• Control access to the host machines

• Keep software up-to-date

• Don’t have services listen on 0.0.0.0

• Separate mgmt and guest traffic

• http://aa4698cc2bf4ab7e5907-ed3df21bb39de4e57eec9a20aa0b8711.r41.cf2.rackcdn.com/OpenStackSecurityGuide.epub

Page 32: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved. 32

Nova Security Considerations• Only enable api extensions your users need

• Only enable scheduler filters your users need

• Customize policy for administrative actions

• Use HTTPS in front of api services

• Consider disabling instance migration

Page 33: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved.

Questions?Insert photo here

Page 34: Tweaking openstack

© 2013 Nebula, Inc. All rights reserved.

Thank you.Thank you.