Professional Documents
Culture Documents
(COA)
Course Introduction
This course is designed to prepare you for the OpenStack Foundation’s Certified OpenStack Administrator exam.
In order to assist you in passing the exam, the course will have the following elements:
• Overview of OpenStack and related services
• Hands-on Labs to give you practical experience with tasks
• Troubleshooting
• Practice Exam
When taking the exam, it is assumed that the student has six months of hands-on experience as an OpenStack
administrator. It is OK not to meet this requirement as our course covers all the required hands-on OpenStack
knowledge. However, the following courses are highly recommended:
• Linux Essentials
• OpenStack Essentials
Getting to Know OpenStack – 3% • Understand the components that make up the cloud
• Use the OpenStack API/CLI
Dashboard – 3%
Networking – 16%
Networking – 16%
Heat/Orchestration – 8%
Networking – 16%
Heat/Orchestration – 8%
Troubleshooting – 13%
Networking – 16%
Heat/Orchestration – 8%
Troubleshooting – 13%
Compute – 15%
Object Storage – 10%
Block Storage – 10%
Networking – 16%
Heat/Orchestration – 8%
Troubleshooting – 13%
Image Management – 10%
OpenStack Overview
20+ Million
676 Lines of Code
Organizations
Projects Services
Catalog
Catalog
Project
Project
User
Role
Role
Token
Endpoint
Catalog
Project
User
Role
Token
Group
Service Data that is known only by the user that proves who they
are; such as a username and password, a username and API
Endpoint key, or an authentication token.
Catalog
Project
User
Role
Token
Group
Credential
• Glance is the component that discovers, registers, and retrieves virtual machine images
• Capabilities of the Image Service:
• Administrators can create base templates from which their users can start new compute instances
• Users can choose from available images or create their own from existing servers
• Snapshots can be stored in the Image Service so that virtual machines can be backed up quickly
Self-service Networks
Subnets
Provider Networks End users normally can create subnets with any valid IP
addresses without other restrictions.
Routed Provider Networks
Self-service Networks
Subnets
Subnet Pools
Provider Networks Routers provide virtual layer 3 services such as routing and
NAT between self-service and provider networks or among
Routed Provider Networks self-service networks belonging to a project.
Self-service Networks
Subnets
Subnet Pools
Routers
Provider Networks Security groups provide a container for virtual firewall rules
that control ingress (inbound to instances) and egress
Routed Provider Networks (outbound from instances) network traffic at the port level.
Self-service Networks Security groups use a default deny policy and only contain
rules that allow specific traffic.
Subnets
Each port can reference one or more security groups in an
Subnet Pools additive fashion.
Routers
Security Groups
Subnet Pools
Routers
Security Groups
DHCP
Nova API The Compute API, run by the nova-api daemon, is the
component of OpenStack Compute that receives and
responds to user requests, whether they are direct API calls
or via the CLI tools or dashboard
Nova API This daemon primarily creates and terminates VMs via
Hypervisor API
Nova Scheduler
It allows multiple hypervisor types per cloud
Nova Conductor
Libvirt/KVM and QEMU are the most commonly used in
Nova Compute deployments
Nova API The Nova database stores the current state of all objects in
the compute cluster
Nova Scheduler
The database is usually MySQL, but SQLite and PostgreSQL
Nova Conductor can also be used
Nova Compute The nova-conductor service is the only service that writes
to the database. The other Compute services access the
Nova Database database through the nova-conductor service
Nova Compute
Nova Database
Message Queue
Cells v2
Nova Compute
Nova Database
Message Queue
Cells v2
• DISK_GB
• MEMORY_MB
• VCPU
• Object Storage (Swift) is a robust, highly-scalable, and fault-tolerant storage platform for unstructured data
such as objects
• It is commonly used to archive and back up data, with use cases in virtual machine image, photo, video, and
music storage
• Provides a high degree of availability, throughput, and performance with its scale-out architecture
Enforced Eventual
Consistency Consistency
• No vendor lock-in
• Leverages commodity hardware • Self-healing, reliable, data redundancy that protects from
failures
• HDD/node failure agnostic
• Detects drive failures, preventing data corruption
• Leverages commodity hardware • Cluster can be scaled out both horizontally and vertically
• HDD/node failure agnostic • New nodes and drives can be added with no downtime
• Leverages commodity hardware • Users can set an expiration time or a TTL on an object to
control access
• HDD/node failure agnostic
• Unlimited Storage
• Object Expiration
• HDD/node failure agnostic • Object data can be located anywhere in the cluster
• Unlimited Storage
• Object Expiration
swift-proxy
OBJECT
handy
Swift ACLs
• Users interact with block storage by attaching volumes to their running VM instances
• Sometimes referred to as volume storage
• The running VM’s attached to these volumes are persistent
• They can be detached from one instance and re-attached to another, and the data remains intact
A Heat template describes the infrastructure for a cloud application in a text file that is readable and writable by
humans and can be checked into version control and used with, for example, Git.
Infrastructure resources that can be described include:
• Servers
• Floating IPs
• Volumes
• Security groups
• Users
heat_template_version: 2013-05-23
parameter_groups:
description constraints:
- length: {min: 2}
parameter_groups
constraints:
parameters - allowed_values:
- m1.tiny
Additional parameters - m1.small
default: m1.tiny
heat_template_version The outputs are how you receive information about the
stack from your Heat Orchestration Template
description
outputs:
parameter_groups private_ip:
description: Allocated IP
parameters value: {get_attr : [server_vm, first_address]}
Additional parameters
resources
outputs
Get Certified
• Cost $300
• Cost You will have 1 year from the time you pay for the
exam to take it.
• Time from Registration
• System Requirements
• Duration
• ID Requirements
• System Requirements
• Duration
• ID Requirements
• Format
• Duration
• ID Requirements
• Format
• Scoring
• System Requirements
• Duration
• ID Requirements
• Format
• Scoring
• Certification Period
• System Requirements
• Duration
• ID Requirements
• Format
• Scoring
• Certification Period
• Language
• Not everything can be accomplished in the dashboard, make a note of those things and be prepared to use
the CLI
• The OpenStack docs are available through the interface, but try not to need them.
• Use --help if you’re unsure about a command on the CLI, pipe to less, and grep to avoid page scroll.
• If the OpenStack CLI doesn’t have the functionality you need, fall back to the project client like we did using
swift. Utilize their help as well.
Where to Next?
Containers:
l Kubernetes
l Docker
l LXC/LXD
Python