A session given at OpenStack Israel 2014 with some thoughts about what you should still look at if you are interested in deploying OpenStack as an Enterprise solution,
OpenStack in the EnterpriseMaish Saidel-KeesingPlatform Architect - CiscoJune 2, 2014Are you ready?
View Slide
2© 2013-2014 Cisco and/or its affiliates. All rights reserved. @maishsk Technodrone (http://technodrone.blogspot.com)A little bit about me
3© 2013-2014 Cisco and/or its affiliates. All rights reserved. This is not an OpenStack Bashing session I really like OpenStack This is supposed to be an eye-opener And have I said I really like OpenStack?Disclaimer
4© 2013-2014 Cisco and/or its affiliates. All rights reserved. Where are we today? Enterprise Deployments Place for improvementToday’s Agenda
5© 2013-2014 Cisco and/or its affiliates. All rights reserved. OpenStack has grown up 9th Release OpenStack Summit ~4,500 attendeesWhere are we today?
6© 2013-2014 Cisco and/or its affiliates. All rights reserved. Multiple deployments/distro’s Cisco (COI) HP (Helion) Redhat (RHOS) Mirantis (Fuel) Piston RackSpace (Private Cloud) IBM (Smartcloud)Where are we today? #2
7© 2013-2014 Cisco and/or its affiliates. All rights reserved.• How do I keep myManagement stackrunning smoothly?• How do I upgrade?• Rapid release cycles(every 6 months)• No Downtime duringupgrades• Support
8© 2013-2014 Cisco and/or its affiliates. All rights reserved. The bible(Introduction to OpenStack High Availability) The manual process is not simple Automation tools alleviate this (partially) HA is not the same for all components Active/Active Active/Passive There is no single best way to do itOpenStack HA
9© 2013-2014 Cisco and/or its affiliates. All rights reserved. An OpenStack service that provides HA forunderlying components New service graduates from incubation Adding HA is a breezeEventually... Hopefully… One day…IncubatedprojectInstallcomponentOpenStack HAService Componentis HA
10© 2013-2014 Cisco and/or its affiliates. All rights reserved. Not a smooth process It is getting better (Nova improvements in Icehouse) Not always backward compatible Upgrade paths between older versionsdon’t always work It is not uncommon to see people running:Cactus, Diablo, Essex, Folsom, Grizzly,IcehouseAll in one datacenter.Ready for an upgrade?
11© 2013-2014 Cisco and/or its affiliates. All rights reserved. Patches are provided for 2 previousreleases Perhaps an LTS version in the future?(Redhat are already going in that direction) Introduction of a new release Testing Deployment plan Implementation StabilizeRelease Cycles and Why We Are Chasing Our Tails?And there is a new version every 6 months
12© 2013-2014 Cisco and/or its affiliates. All rights reserved. Enterprises – want Enterprisesupport Not everyone can provide thesupport themselves If your environment crashed – you will wantsomeone on the lineYesterday!!Who do I release my wrath upon?
13© 2013-2014 Cisco and/or its affiliates. All rights reserved.Is your enterprise Cloud ready?
14© 2013-2014 Cisco and/or its affiliates. All rights reserved.
15© 2013-2014 Cisco and/or its affiliates. All rights reserved. Backup The management cluster should be relatively simple torebuild – with automation Tenants and their workloads Is this an issue? Replication Not something that can be easily provided today(There are things in the works) DR Nothing today.Services provided by you today.
16© 2013-2014 Cisco and/or its affiliates. All rights reserved. MonitoringCeilometerHow do I get the relevant information out of it.Not everything is being measured Volume metrics Cumulative uptimeServices provided by you today.
17© 2013-2014 Cisco and/or its affiliates. All rights reserved.General rules for loglevels: Critical: Shit's on fire, yo. Expected, known issue where things will break andbad. Error: Standard unexpected error trap - final, top-level error trap shoulddump the message to ERROR. Also, known error cases that someone should handle that aren't necessarily"the world is exploding" Warn: expected error conditions that might be an issue, but not hugeproblems. Example at session: Glance's error at startup that it can't find astorage device ID (which is currently error, should be warn) Info: Standard operational logging: VM request received, scheduled to launchon hypervisor X Debug: What's going on under the hood. So you can trace down origins oferrors - shouldn't have to be on by default Trace: Super debug. Method-level logging, or some otherwise extra-detailedinfo like slightly sanitized api conversationsLogging as an example
18© 2013-2014 Cisco and/or its affiliates. All rights reserved. Auditing & Compliance Who did what And when“detecting the tenants who added "allow all" rules to essentiallyturn off security groups” Can this workload run in this cluster? If not – then what? Shut it down? Move to correct location? Notify the president?????Services provided by you today.
19© 2013-2014 Cisco and/or its affiliates. All rights reserved.• There are several gaps that need tobe addressed• Great work is being done -there is still more to accomplish• It is all a question of how much youare willing to be flexible?How much responsibility you arewilling to take upon yourself?• Not everything should (or can) run inOpenStack
Thank you!