How we operate an OpenStack public cloud

Transcript

1. How we operate an OpenStack Public Cloud Jan Peschke ·

   Teamlead Cloud @ SysEleven GmbH Steffen Neubauer · Cloud Architect @ SysEleven GmbH

2. Meltdown Spectre L1 Terminal Fault

3. Easy fix: Update 3 1. Install update 2. Reboot your

   computer 3. Repeat Right?

4. Customer expectation 4 1. Always available 2. Secure

5. (Spoiler alert) 2500 reboots per year

6. Never change a
 running system? 6 - Because of security

   threats, we have to change it constantly! - Regular small changes are better than rare, huge changes

7. Humans are smarter than machines? 7 - Humans make mistakes

   when doing repetitive tasks - Example: - When accidentally rebooting two servers, storage is down

8. How to reboot 2500 times?

9. Always be aware of the cluster state! 9 - Should-be

   state: Configuration management - Actual state: Consul

10. 10 Ist-Zustand vs. Soll-Zustand - Soll-Zustand: Konfigurationsmanagement

11. 1. Every node checks regularly, if a reboot is necessary

    2. If yes, it gets a lock (so nobody else can reboot) 3. If successful, it asks Consul if all cluster services are OK 4. Local tasks are executed (e.g. live-migrate VMs) 5. Create monitoring downtime (consul maintenance) 6. Run reboot command 7. Once the node is back: 8. Remove the downtime 9. Run local tasks (e.g. re-enable nova compute) 10.Check if all services are OK again 11. Release the lock

12. 12

13. Open source since today: GitHub.com/syseleven/rebootmgr