Red Hat OpenStack Platform 13 - Technical Update - 301 - TDM

Red Hat OpenStack Platform
Version 13
Technical Update
1
PRIVATE CLOUD FOR TODAY AND TOMORROW
Red Hat® OpenStack® Platform
ACCELERATE INNOVATE EMPOWER

Agile business with faster Innovation velocity that Enable IT teams to deliver the
delivery of applications and matches business velocity latest innovations with
services without vendor lock-in minimized risk
Powering DIGITAL TRANSFORMATION

PRIVATE CLOUD FOR ENTERPRISE TODAY AND TOMORROW
Red Hat® OpenStack® Platform
ACCELERATE INNOVATE EMPOWER
• Simplified day 1 and day 2 operations • The Power of Many • Deep integration with Linux
• Unified management enabling • Hardened, tested, proven private • Security and compliance
operational efficiency cloud software
• Flexible platform life-cycle management
• Automated resource optimization • 100% committed to the open
• Flexible subscription-based
and visibility source way
Consumption
• Leading Performance • Composable private cloud architecture
• Multiple purchasing options
(Plan and build your perfect cloud)
• Elastic Scalability
• Services options to help you plan, build,
• Extensible platform - Integration with
• Massively scalable integrated storage and support your perfect cloud
Red Hat OpenShift Container Platform
• Financial Transparency • Largest certified open source
• Containerized OpenStack Services
partner ecosystem
Enabling digital transformation with AGILE IT

RED HAT OPENSTACK PLATFORM
CORE DIRECTOR WHAT’S NEW: 13

Compute Overview Lifecycle
Networking Lifecycle Upgrades
Block Storage Graphical User Interface Fast Forwards
Object Storage Containerized OpenStack Services Storage
VM Image Storage Composability Security
Identity and access control Ansible Inside Networking
Orchestration engine Hyperconverged Deployments NFV
Telemetry Operations
Baremetal OpenShift on OpenStack
Dashboard Virtualized Management Infrastructure
Data Processing Partnerships
Shared Filesystems Tech Preview
Secrets
Load Balancing
CORE
Red Hat OpenStack Platform
Overview
SHARED DEPLOYMENT
DATA LOAD
MONITORING ORCHESTRATION SECRETS SHARED SERVICES and
ANALYTICS FILESYSTEM BALANCING MANAGEMENT
IDENTITY DIRECTOR
IaaS+
TELEMETRY OpenShift / Ceph MANILA HEAT BARBICAN OCTAVIA KEYSTONE
STORAGE DASHBOARD
COMPUTE NETWORKING BARE-METAL
BLOCK IMAGE OBJECT PROVISIONING
IaaS
NOVA CINDER GLANCE SWIFT NEUTRON IRONIC HORIZON TRIPLEO
Certified Red Hat OpenStack Platform plugins: https://access.redhat.com/articles/1535373

OpenStack connects two worlds
Operator view
Tenant view
DEVELOPERS ADMINISTRATORS
Tenant view – the actual OpenStack IaaS user Operator view – often the same role that has root
Limited by what the Operator decides to offer in access to the systems
that cloud Combines configuration files and API actions to
create a working environment for his tenants.
Operator view
Tenant view
● Both can use Horizon, the CLI tools, a library (such as os_cloud in
Ansible or boto in Python) or directly the API using HTTP and
JSON/XML via curl/wget.
● OpenStack policy engine (Policy.json in Keystone) will filter which API
calls require administrative privileges (i.e. the operator) or regular
tenant privileges.
● The use of Keystone Domains (in v3) allows an intermediate role:
domain_admin
● CloudForms also offers a Cloud Admin view and a User Portal with the
available services.
Compute
Upstream Project Name: Nova
● I need VMs, anytime

How many can I have?
Operator view
●
Tenant view
● It must be secure
● I have hardware capacity available
● SSH and VNC please?
● This is how you consume it
● I set usage quotas
● I design for performance and
scalability
Compute
● Similar to Amazon EC2 ● No need to manage hypervisors individual, due to

● Self-service VMs: Boot an instance using a selected distributed design of OpenStack, at any scale.
flavor (vCPU, RAM, disk size), OS image (from ● Supports KVM
Glance), SSH keypair, host-aggregate or availability ● Defines which choices are available to tenants:
Operator view
zone (AZ), custom metadata, user-data, flavors offering specific capabilities and carefully
Tenant view
security-groups, with/without ephemeral disk. planned capacity plus overcommit ratios.

● Reboot, stop, resize, terminate ● Easier maintenance and operations with support
● See the console log of his instance, open VNC/RDP for node evacuation.
session, change VM root password (if OS supports) ● Define host-aggregates and availability zones with
● Reserve, assign and release floating Ips specific metadata to allow advanced scheduling
● Manage keypairs and security-groups and request filtering.
● Check quota usage ● Set NFV specific flavors including vCPU pinning,
● Select which Neutron network or port large pages, vCPU, RAM, and I/O device NUMA
● Other Neutron/Cinder shortcuts for network and awareness, SR-IOV/PCI Passthrough
volume management
Compute
Networking
Upstream Project Name: Neutron
● I need my own network,

isolated from others
Operator view
Tenant view
● Some private IPs, some public

● I design a network overlay and
IPs
provide external access
● These are my QoS specs
● I have very few Public IPs
● Let me share networks with
● I set rules, policies, quotas
others
● With SDN, I can centrally manage
and monitor it all
Networking
● Similar to Amazon VPC, ELB ● Defines provider networks, manually set-up in

● Create, Remove, Update, Delete (CRUD) Neutron by the operator, representing a
networks, subnets and ports, for basic L2 and L3 pre-existing network (i.e. VLAN).
with IP Address Management (DHCP) ● Multiple simultaneous L2 technologies on a single
Operator view
● Define a tenant network (overlay) installation
Tenant view
● IPv6 tenant network management ● Open vSwitch or choose from dozens of

● QoS (rate limit policies) per port, per network commercial SDN vendors
● RBAC for granular sharing of tenant networks ● Define floating IP ranges for routable IPv4
● Provider networks addresses
● Quotas ● Offer/ delegate IPv6 tenant networks (SLAAC,
● Security Groups (per port) DHCP)
● East/West L3 routing with tenant-defined routers ● VXLAN offloading to HW available
● External gateway, NAT, floating IPs ● Distributed Virtual Routing (DVR) for better
● Load balancing, VPN and Firewall scalability
Networking
Block Storage
Upstream Project Name: Cinder
Too much data in my VMs!
Operator view
●
Tenant view
● I need permanent storage

● I constantly buy storage
● Can I snapshot and
● I must allocate space to tenants
backup/rollback?
● I can combine different tiers of
● Encrypted, please!
technologies (NAS, SAN, NFS)
● I set rules, policies, quotas
Block Storage
● Similar to Amazon EBS ● Integrates with Red Hat Ceph storage easily
● CRUD additional hard drives to an instance, as ● Multiple backends (LVM, iSCSI, NFS, ScaleIO,
Block volumes: require tenant VMs to format with etc) including proprietary ones with more
a filesystem. specific features
Operator view
● Persistent storage, can be cloned, snapshotted, ● Faster provisioning via over-subscription,
Tenant view
replicated or imported/exported to another AZ thin-provisioning and generic image cache

(also public storage like Google Cloud Storage *) ● ISCSI multi-path support for extra reliability
● Encryption available for some types ● Private volume types for premium levels of
● Hot-unplug from one instance and re-attach to service (SSD, thick_provisioned)
another instance ● Simplified operations, DR and backup with
● Non-disruptive and Incremental snapshot: ideal Generic Volume Migration & replication
for backup/restore and DR use-cases (sync/async, with N number of replicas)
● QoS available (total IOPS) between different storage backends
● If exposed, vendor-specific features (mirroring, ● Storage Policies for simpler management
compression, replication, thin provisioning)
Block Storage
Object Storage
Upstream Project Name: Swift
My application needs object
Operator view
●
Tenant view
storage (files, media)

● I will offer a private S3-like
● I can use HTTP(s)
experience
● Stateless please! No time for
● I must scale without limits
mounting filesystems
● I want advanced features
Object Storage
● Similar to Amazon S3 (a modern version of FTP, ● Very few dependencies with other OpenStack
WebDAV) modules, mostly Keystone for RBAC
● CRUD objects in containers, per account ● Scales horizontally up to petabytes
● Ideal to store static objects (media, web files, ● Replication for global clusters
Operator view
email) ● Advanced Swift features: middleware for API
Tenant view
● Very useful if the application understands the processing, temporary URLs, URL rewrite
Swift/S3 API ● Swift requires its own storage space
● Also useful to store Glance image backups ● Reduced availability for further storage
● Not meant to be used as POSIX filesystem efficiency with Erasure Coding
● Fast-POST allows fast-efficient updates of
metadata without re-upload of the content.
Object Storage
VM Image Storage
Upstream Project Name: Glance
● What OS’s can I use?
Operator view
Tenant view
● This is my own version, store it

just for me ● Only approved OS can be used in
● Is the OS image genuine? my cloud
● I need encrypted images. ● Centrally offer updated OS
● Leverage storage integration to
reduce network usage
VM Image Storage
● Similar to Amazon AMIs ● Choices: offer “golden images” to tenants via

● CRUD images (VM templates, a bootable OS) and public glance images.
snapshots (VM backup) ● Store images using Cinder as backend.
● Private or public images ● If not using Ceph, director configures Swift as
Operator view
● Upload from file or from URL a Glance image store.
Tenant view
● Metadata can host any key-value pair, useful to ● If using Ceph, Glance will leverage advanced
document OS version, date ... RBD features (cache, thin-provisioning,
● Multiple disk-formats (QCOW2, RAW, ISO, VDI, immediate snapshot)
VMDK) and container-format (bare, OVF, AMI, ● Automatic Nova/Libvirt/KVM optimization
ARI) depending on guest OS via os_name attribute
● Checksum and signature verification for extra
security
● Support for large uploads with Keystone Trusts
VM Image Storage
Identity and Access Control
Upstream Project Name: Keystone
● Trust my identity!
Operator view
Tenant view
● My boss just gave me permission

to ask for VMs ● Who are you?
● Where are all the services? ● Let me validate with LDAP
● I am a project lead, I must be ● I must integrate with my
admin of my project company’s SSO
● I must secure entry points with
TLS Certificates
● Similar to Amazon IAM ● CRUD user, tenants (project), roles, and

● Authenticates and gives Authorization to users. domains (for v3) for better RBAC.
Provides lightweight session tokens that will be ● SAML Federation for authentication with
used for all OpenStack actions external providers (pre-existing) or other
Operator view
● CRUD user, tenants (project), roles (as long as clouds, via Red Hat SSO
Tenant view
Operator allows it) Multiple identity backends: LDAP,

● Change password, also download credentials file ActiveDirectory, FreeIPA, PAM, etc
(RC) with EC2 keys ● Preferred authorization backend is MariaDB
● Discover OpenStack endpoints via catalog ● Lightweight tokens (Fernet) for better
● Kerberos for SSO in both Web (Horizon) and in performance and scalability
CLI on client systems with SSSD ● Logs in standard CADF auditable format
● Federated Identity: same user/password across ● Public endpoint protection with SSL/TLS
multiple OpenStack providers, fully documented.
Orchestration Engine
Upstream Project Name: Heat
● This is the blueprint of my
Operator view
Tenant view
application deployment:
dependencies, config, etc ● I want to automate as much as I
● Can you run this for me? can and offer public-cloud-like
● Scale it out when this threshold is efficiency
reached ● Auto-scaling, load balancers and
quotas allow me to monitor and
predict demand
● Similar to Amazon CloudFormation, and ELB ● Can offer shared templates, approved
● CRUD templates (stacks), that can be stopped by IT
and resumed. ● Excellent integration with CloudForms
● Instructs OpenStack to automate deployment of
to create a advanced service catalog to
Operator view
resources as defined in Heat Orchestration
Tenant view
Templates (HOT) end-users with policies and customized

● Well-defined and mature, HOT offers more quota and capacity management.
modularity and flexibility improvements (i.e.
resource chains, pre-delete hooks, etc)
● Very useful when combined with Ceilometer
(telemetry) and LBaaS. Example use-case is
instance auto-scaling, by creating another VM
when cluster load reaches 80% CPU.
Telemetry
Upstream Project Name: Telemetry
● How much CPU, RAM, and disk am
Operator view
Tenant view
I using, i.e. per hour, per week?

● Allow me to set alarms and use ● I wish I could charge back / show
my own infra to react back how much every user is
consuming
● This is useful for my own internal
usage!
Telemetry
Upstream Project Name: Telemetry*
● Similar to Amazon CloudWatch ● Historically, Telemetry was a single

● Provides tenant-level metrics for use in areas component called Ceilometer; it often
such as chargeback and showback suffered performance issues at scale.
○ Metrics (CPU, RAM usage) and Events (e.g ● Now Telemetry offers much better
Operator view
instance is created) can be only be listed. performance and scalability, thanks to being
Tenant view
○ Alarms (e.g CPU threshold reached) can split into multiple components: Gnocchi,
also be triggered. Alarm threshold can be Aodh, and Panko, and agents.
custom-defined, all via the Aodh API ● Gnocchi stores/indexes time-series metrics
(pronounced “ay”) and provides an API.
○ Querying for historical values is available. ● Aodh does the same for alarms
● OpenStack Telemetry is for user-level (tenant) ● Panko is an event engine which connects with
workloads and services - it’s not the solution for CloudForms for capacity monitoring and
operator/cloud level monitoring and system management.
availability requirements ● Ceilometer is now just a few compute agents.
● Gnocchi is default for undercloud.
* used to be known as Ceilometer

Telemetry
Upstream Project Name: Telemetry
Bare Metal
Upstream Project Name: Ironic
● I need a “physical” VM!
Operator view
Tenant view
● I have a trusted-tenant
environment where users aren't ● I have some spare nodes in a
fully isolated as they are on VMs separate cluster, with shared
network
● I will offer them to trusted users
groups
● I will provide the OS image
Bare Metal
● Similar to Amazon Dedicated EC2 Servers ● Allocate a pool of physical machines to

● Nova commands are used against an existing tenants just like with VMs
bare metal Host-Aggregate ● Permits detailed and sophisticated
● After Ironic reserves a bare metal node, Nova is architectures (network isolation, security ...)
Operator view
used to provision the instance ● Well integrated with many popular vendors
Tenant view
● Can deploy Linux or Windows VMs (requires extra (thanks to specific certification) with most
steps) hardware vendors: Dell, Cisco, HP…
● Graceful shutdown/reboot and NMI ● Introspection process to detect HW
(non-maskable interrupt, hard power off) control capabilities
for physical servers directly from the ironic CLI ● Most requirements and configuration
managed by director making deploying bare
metal easy
● Increasing integration with network vendors
to allow for flexible network topologies just
like VMs
Bare Metal
Dashboard
Upstream Project Name: Horizon
● I need a UI to manage my
Operator view
Tenant view
workloads or troubleshoot
● I prefer to use GUI’s or have staff ● I want an admin panel
who are learning ● I want a quick access to my Red
● I want to see my Heat topologies Hat Access account
● Quickly display my quota usage ● I want to see all Neutron networks
and default options and routers
Dashboard
Upstream Project Name: Horizon
Data Processing
Upstream Project Name: Sahara
● I need a Hadoop cluster for a few
Operator view
Tenant view
hours
● I need to try different Big Data ● I don’t have the manpower to
platforms customize big data platforms to all
● I want my clusters to scale my tenants
automatically ● I will get 3rd party providers and
deliver their stack as a service
Data Processing
● Similar to Amazon Elastic MapReduce (EMR) ● Utilization of unused compute power from a
● Run Hadoop workloads in few clicks without general purpose OpenStack cloud to perform
expertise in Hadoop operations Data Processing tasks
● Simple parameters such as Hadoop version, ● Supports Hadoop distributions on CentOS
Operator view
cluster topology, and node count and RHEL 7:
Tenant view
● Data can be hosted elsewhere (S3, Swift...) ○ Cloudera

● Rapid provisioning of Hadoop clusters for Dev and ○ HortonWorks
QA ○ Ambari
● “Analytics-as-a-Service” for bursty or ad-hoc ○ MapR
workloads ● Plugin Image Packaging Tool, to validate
● Updated versions of all components custom plugins, package them and generate
clusters from clean, versioned, OS-only
images.
Data Processing
Shared File System
Upstream Project Name: Manila
● I need a network folder to share
Operator view
Tenant view
files between VMs

● Sometimes I’ll share it with other ● I don’t have the time to create
users in my team temporary shares and enable
● I don’t want to manage the folder network security
(permissions, quotas) ● I prefer to automatically leverage
OpenStack users and groups
Shared File System
● Similar to Amazon Elastic File System but not ● Significantly reduces operational burden
just NFS, also CIFS ● Delegates storage management to end users
● Creates a network file share, available in a with clearly defined limits and boundaries
Neutron shared network ○ NFS (access by IP address or subnet)
Operator view
● Can be shared with other tenants (RBAC), ○ CIFS (authentication by user)
Tenant view
including mappings to LDAP entities ● Can be backed by CephFS

● User-defined quotas, policies, replication, ● Will be usable by Red Hat OpenShift
snapshots, extend/shrink capacity Container Platform for RWX once driver
● VM Operating System must connect to the share support is added.
using whatever network protocol has been set
(NFS, CIFS)
Shared File System
Shared Secrets
Upstream Project Name: Barbican
● I have strict requirements for
Operator view
Tenant view
security
● I need a way to easily store and ● My users have security
access my passwords, requirements that can be time
encryption keys and X.509 consuming for me to look after
Certificates manually
● I like to offer everything using
API-driven methods
Shared Secrets
Upstream Project Name: Barbican
● Barbican is the OpenStack Key Manager service. ● Significantly reduces operational burden
It provides secure storage, provisioning and ● Allows users to manage secrets securely and
management of secret data. This includes keying meet compliance requirements
material such as Symmetric Keys, Asymmetric ● Does not provide a secrets store just an
Operator view
Keys, Certificates and raw binary data. access method, via API, for one. An actual
Tenant view
● Users can store and retrieve their secrets via an store, such as a compliant Hardware Security
OpenStack-native API Module (HSM*) is required.
● Secrets can be kept in a number of backends
ranging from hardware solutions such as HSM’s*
to disk-based stores
● Barbican will, in time, integrate with other Red
Hat products, such as OpenShift!
* HSM support in a future version of Red Hat OpenStack Platform

Load Balancing
Upstream Project Name: Octavia
● I want to use load balancing like I
Operator view
Tenant view
do in AWS
● I need an LBaaS solution that ● My users expect LBaaS like they
scales and is stable through see in AWS.
upgrades and ops work ● I prefer to offer solutions that are
entirely API-driven and use
OpenStack services themselves.
Load Balancing
Upstream Project Name: Octavia
● Octavia is an operator-grade open source ● Octavia relies on OpenStack services to

scalable load balancer. provide load balancing solutions that are
● Octavia accomplishes its delivery of load truly cloud native. Octavia uses
balancing services by managing a fleet of virtual ○ Nova
Operator view
machines, containers, or bare metal ○ Neutron
Tenant view
servers—collectively known as amphorae— which ○ Barbican

it spins up on demand. ○ Keystone
● This on-demand, horizontal scaling feature ○ Glance
differentiates Octavia from other load balancing ○ Oslo
solutions, thereby making Octavia truly suited ● Octavia is LBaaS v2 compliant, but is its own
“for the cloud.” API that is being actively developed and
● Octavia allows for flexible, VM-driven, load enhanced
balancing solutions. ● Octavia is fully pluggable
● Octavia can integrate with OpenShift!
DIRECTOR
Red Hat OpenStack Platform Director
Overview
Based on Upstream TripleO
Builds Scalable Clouds
Detailed Lifecycle Management
Optional Graphical Interface
Fully Containerized OpenStack
Services
Ansible Powered
Deployment Validations
Composability
Ceph integration
OpenShift ready
Supports “fast forward upgrades”
Director is the centre of the Red Hat OpenStack Platform lifecycle and is a mandatory
requirement for most installs.
Overview
● API driven deployment (and management) of Red Hat OpenStack Platform.
● Safely upgrade and update production OpenStack deployments with modular roles and
upgrades.
● Integrated deeply with Ansible.
● Deploys a containerized OpenStack Services.
● Configuration stored as YAML code; Operators can configure the datacenter's attributes
accordingly (e.g VLAN, IP ranges). CLI based on standard OpenStack interfaces.
● Leverages best practices and reference architectures from our extensive field experience.
● Out-of-the-box Control Plane HA. External load balancer support.
● Ceph deployment and configuration as storage backend or connect to existing Ceph.
● Co-locate storage components on compute infrastructure - deploy Ceph OSD's on compute
hosts from director with full production support and tuning advice.
● Supported partner hardware integration (Ironic, Cinder, Neutron)
● Deployment, updates, and upgrade logic is available as an Ansible playbook
Overview
● Scales to many nodes helping with automating the hardware lifecycle.

● Pattern-based automatic discovery and selection of appropriate nodes from hardware
inventory. Automatic Health Check can execute performance test before deployment to
identify possible misconfigurations or faulty servers.
● Ability to validate installation post deployment using Tempest and Ansible scripting
● Easy to scale in and out - add compute and storage capacity
● Enhanced management via CloudForms, for both tenants and administrators.
● Increasing support for GUI-based deployments using the director UI.
● Flexibility to deploy HA services independently increasing architectural flexibility.
● Ability to create complex networking and deployment topologies through composable, roles,
upgrades, and networks.
● Increased usage of Ansible removing need to learn new languages
Architecture
OVERCLOUD
Controllers, computes, and all other roles are part of the larger production cloud. This is where
tenants, workloads, and users reside. The overcloud can run without the undercloud, but with
limited functionality. The overcloud is the Red Hat OpenStack Platform environment that users
interact with.
UNDERCLOUD
Director is also known as the “undercloud.” This is a operator-only reduced-size openstack

environment which bootstraps the overcloud. It does not host user workloads or tenants. The
undercloud is also called Red Hat OpenStack Platform director and is the lifecycle and
management tool for the entire deployment. It is solely for cloud operators, not users.
Containerised OpenStack Services
Benefit STABLE Benefit SECURE Benefit UPGRADES
Dependency Isolation - each Immutable Infrastructure - atomic Upgrade Flexibility - each service
service’s dependency stack is operations reduce complexity can be upgraded and rolled back
independent. independently
Benefit CONTROL Benefit FLEXIBLE Benefit SCALE
Resource Constraints - runtime Deployment Flexibility - easier to Scalability - scale individual service’s
configuration for strict resource move services around. quickly and easily.
control.
OCI Compliant RPM-based Operating

Containers System
DUAL MODE DEPLOYMENTS
What this means for operations

● Operators need skills in docker and ansible.
● Troubleshooting, logs, debugging processes are different for containers.
● Ability to deploy RPM-based services alongside containerised OpenStack services.
○ But time to look into containerizing your custom services!
● Availability and performance monitoring should be reviewed as deployment and what to monitor may
change.
director
openstack-service
tripleo-heat-templates
Container config
Bootstrap openstack-base
one heat-config-ansible
tasks Shot
RUNS LAST puppet
base docker-puppet.py ansible
config
logs
docker puppet
paunch baremetal
services
(rpms)
networks
Graphical User Interface
● Localization in 9 languages ● More details in node listings

● Enhanced inline help (tooltips) ● Improved validations panel with filtering
● Easier editing of service parameters
Improved validations
Increased localization Easier editing of service parameters
panel filtering
Ansible Inside
More and more

deployment and
upgrade tooling now
uses Ansible.
Validations Lifecycle Debug Operations

Ansible Inside: Validations
Ansible-driven solution to catch potential hardware, networking

and deployment issues - reduces deployment failures
Simplify the burden on IT staff by providing recommended

configuration solution settings when issues are detected
Helps to achieve production-ready deployments throughout the

entire process
● Pre-installation (prior to starting deployment)
● Post-installation (checks after deployment)
● Upstream project
● CLI and GUI compatibility
● Improved validations panel with filtering.
Composability
+ =
Composability provides components that can be selected and assembled in various

combinations to better enable complex user requirements to be met.
ROLES | UPGRADES | NETWORKS

Lifecycle and fully managed HCI Deployment
1
SKU LIFECYCLE SOLUTION RED HAT
HYPERCONVERGED
Reduced procurement
Ceph +
Spend time using your INFRASTRUCTURE
Long Life
costs and complexities
OpenStack
software, not buying it! FOR CLOUD
Integration with Operational Tools
collectd agent fluentd agent sensu agent

flow flow flow
Performance (collectd), logging (fluentd), and monitoring (sensu) agent deployments are fully supported in Red Hat
OpenStack Platform. You can deploy agents and clients directly from director using composable roles and services.
Server components are supported via upstream and vendor integrations.
WHAT’S NEW: 13
RED HAT OPENSTACK PLATFORM 13
UPGRADES STORAGE SECURITY NETWORKING NFV OPERATIONS
Choose to Full range More security Accommodate the Speed and Enhanced tools
upgrade now of supported options to help most demanding flexibility for high to accomplish
or later. storage solutions. meet compliance. requirements. performance more tasks.
environments.
The second Long Life File storage joins block Best practice for security Open source SDN More ways to meet Unified Openstack and
Release and object controller deterministic computing Container Networking
Programmatic secrets requirements
Upgrade through Encryption of more data management Enterprise LBaaS OpenShift on
multiple releases at Open source Software OpenStack support
once Hyperconverged Infra More encrypted endpoints Reliable, robust, virtual Defined Networking
SKU and high performance Consistent control over
Managed OS upgrades Supports industry networking all services
certifications
64
UPGRADES
65
UPGRADES
Choose to upgrade now or later.
OSP 13 (Queens) is our second Long Life Release
Every 6 months we release a version of Red Hat OpenStack Platform supported for 1 year; this is a
Sequential Release
Every 18 months we produce a version which customers can get support on for up to five years; this is a
Long Life Release
Long Life Long Life Long Life
RHOSP 8 RHOSP 9 RHOSP 10 RHOSP 11 RHOSP 12 RHOSP 13 RHOSP 14 RHOSP 15 RHOSP 16

Liberty Mitaka Newton Ocata Pike Queens Rocky Stein T...
3 years 3 years 3 years

3 years 3 years 1 year 1 year 1 year 1 year
(+2 years) (+2 years)* (+2 years)*
66
UPGRADES
Introducing the fast forward upgrade for Long Life to Long Life upgrades.
10
Newton
13
Queens
UPGRADES FOR LONG LIFE RELEASES
67
UPGRADES
Choose and understand the cadence
FAST FORWARD FAST FORWARD

Dec 2016 June 2018 10 End Maint. Late 2019? 13 End Maint.
LONG LIFE LONG LIFE LONG LIFE
RHOSP 8 RHOSP 9 RHOSP 10 RHOSP 11 RHOSP 12 RHOSP 13 RHOSP 14 RHOSP 15 RHOSP 16

Liberty Mitaka Newton Ocata Pike Queens Rocky Stein T...
3 years 3 years 3 years

3 years 3 years 1 year 1 year 1 year 1 year
(+2 years) (+2 years)* (+2 years)*
SEQUENTIAL SEQUENTIAL SEQUENTIAL SEQUENTIAL SEQUENTIAL SEQUENTIAL
May 17, 2018 Dec 12, 2018 Late 2019 Early 2020 Mid 2021
68
FAST FORWARD UPGRADES
FAST FORWARD UPGRADE
KEY POINTS
AVAILABLE AND FULLY SUPPORTED AT GA. FOR “LONG LIFE” TO “LONG LIFE” ONLY AND IS NOT
DEPENDENT ON SEQUENTIAL RELEASE EOL TIMINGS
IN PLACE UPGRADE. DOES NOT REQUIRE ADDITIONAL
HARDWARE. TRY IN A TEST ENVIRONMENT AND CONTACT CEE BEFORE
PRODUCTION.
INCURS SOME INTERRUPTION AS PER NORMAL MINOR
UPDATES WHEN REBOOT IS NECESSARY TO APPLY KERNEL THE ENTIRE PROCESS COMPREHENSIVELY DOCUMENTED
CHANGES INCLUDING RECOMMENDED BACKUP PROCEDURES
MAJOR OPERATIONAL CHANGE.

PREPARE ACCORDINGLY WITH TRAINING AND TESTING.
70
The fast forward upgrade and production.
Please Note: At GA we encourage customers to try the fast forward procedure on test
environments, and report any issues they find via the normal support procedure;
however, they should not proceed to production without approval from CEE and PM.
# Warning! The TripleO Fast Forward Upgrade workflow is currently considered under development.
In particular invocations of the ffwd-upgrade cli should be initially limited to
development/test environments. Once and if you decide to use ffwd-upgrade in production, ensure
you are adequately prepared with valid backup of your current deployment state.
Proceed with the fast forward upgrade? Type 'yes' to continue and anything else to cancel.
Consider using the --yes parameter if you wish to skip this warning in future.
yes|
71
OpenStack Summit Vancouver
Watch the Vancouver OpenStack Summit Presentation form

Maria Bracho and Lee Yarwood for more on the following slides:
https://www.openstack.org/videos/vancouver-2018/openstack-upgrades-strategy-the-fast-forward-upgrade
72
UNDERCLOUD AND OVERCLOUD

OVERCLOUD
Controllers, computes, and all other roles are part of the larger production cloud. This is where
tenants, workloads, and users reside. The overcloud can run without the undercloud, but with
limited functionality. The overcloud is the Red Hat OpenStack Platform environment that users
interact with.
UNDERCLOUD
Director is also known as the “undercloud.” This is a command and control tiny openstack
environment which bootstraps the larger cloud. It does not host user workloads or tenants. The
undercloud is also called Red Hat OpenStack Platform director and is the lifecycle and
management tool for the entire deployment. It is solely for cloud operators, not users.
73
Overview of environment
Undercloud
Overcloud 10
13
7.5
7.3
2.x
3.0
Workloads
74
The fast forward upgrade high level steps.
UNDER
ONE BACKUP TWO UPDATE THREE
CLOUD
FOUR PREPARE FIVE OVERCLOUD SIX CONVERGE
Steps one to four (in light blue) can happen in advance of the overcloud upgrade.
75
Director ONE BACKUP
● Ansible playbooks and manual backup steps for both

undercloud and undercloud backups will be provided
AVAILABILITY
ctrl-1
with the release of Red Hat OpenStack Platform 13.
● Extensive documentation will be published with the Director UP

ctrl-2
product.
Control UP
ctrl-3
● Extensive documentation has already been posted
upstream for TripleO: Data UP
○ https://docs.openstack.org/tripleo-docs/latest/install/con
trolplane_backup_restore/00_index.html Workloads UP
cpu-1 cpu-2
● Parts of this process should also be repeated later in
the fast forward process if enough time has elapsed.
ceph-1 ceph-2
76
$ sudo systemctl stop 'openstack-*' \

Director TWO UPDATE
'neutron-*' httpd
$ sudo yum update -y python-tripleoclient
$ openstack undercloud upgrade
$ sudo reboot
AVAILABILITY
ctrl-1
$ openstack overcloud deploy \
--update-plan-only --templates \
-e $ALL_ENVIRONMENTS_USED_TO_DEPLOY Director UP
ctrl-2
$ openstack overcloud update stack
Control UP
ctrl-3
Data UP
cpu-1 cpu-2 Workloads UP*

7.x 7.5
*- Workloads either
live migrate before
reboot or leverage
2.6 2.9 other failover method
ceph-1 ceph-2
77
Director TWO UPDATE
$ sudo
openstack
systemctl
overcloud
stop 'openstack-*'
deploy \ \
--update-plan-only --templates
'neutron-*'
\ httpd
AVAILABILITY
ctrl-1 -esudo
$ $ALL_ENVIRONMENTS_USED_TO_DEPLOY
yum update -y python-tripleoclient
$ openstack undercloud
overcloud update
upgrade
stack
Director UP
$ sudo reboot
ctrl-2
Control UP
ctrl-3
Data UP
cpu-1 cpu-2 Workloads UP*

7.x 7.5
*- Workloads either
live migrate before
reboot or leverage
2.6 2.9 other failover method
ceph-1 ceph-2
78 Red Hat OpenStack Platform 13 Field Update - INTERNAL ONLY

UNDER
THREE
11 12 13 CLOUD
$ sudo systemctl stop 'openstack-*' 'neutron-*' AVAILABILITY

ctrl-1 httpd
10 -N $ subscription-manager repos --enable $11
NO
11 -O $ sudo yum update -y python-tripleoclient Director
ctrl-2 MGMT
12 -P $ openstack undercloud upgrade
13 -Q
ctrl-3 Control UP
$ subscription-manager repos --enable $12

Data UP
$ sudo yum update -y python-tripleoclient
cpu-1 cpu-2 $ openstack undercloud upgrade
Workloads UP
$ subscription-manager repos --enable $13

ceph-1 ceph-2 $ sudo yum update -y python-tripleoclient
$ openstack undercloud upgrade
78
UNDER
Director THREE
13
12
11 CLOUD
$ subscription-manager
sudo systemctl stop 'openstack-*'
repos --enable
'neutron-*'
$12
$13
$
httpd
sudo yum update -y python-tripleoclient
AVAILABILITY
$ openstack
subscription-manager
undercloud upgrade
repos --enable $11
ctrl-1
10 -N $ sudo yum update -y instack-undercloud \
openstack-puppet-modules \ NO
11 -O Director
ctrl-2 MGMT
12 -P Openstack-tripleo-common \
13 -Q python-tripleoclient
ctrl-3 $ openstack undercloud upgrade Control UP
Data UP
cpu-1 cpu-2
Workloads UP
ceph-1 ceph-2
80 Red Hat OpenStack Platform 13 Field Update - INTERNAL ONLY

FOUR PREPARE
$ openstack overcloud container image prepare
$ openstack overcloud ffwd-upgrade prepare AVAILABILITY

ctrl-1 --templates \
10 -N -e $ALL_ENVIRONMENTS_USED_TO_DEPLOY \ NO
11 -O Director
ctrl-2 -e $HOME/cli_opts_params.yaml \ MGMT
12 -P
13 -Q -e $HOME/ffu_repos.yaml \
ctrl-3 --container-registry-file images.yaml Control UP
$ openstack overcloud config download

Data UP
cpu-1 cpu-2
Workloads UP
ceph-1 ceph-2
79
OVER
FIVE
CLOUD
$ openstack overcloud ffwd-upgrade run
✖ AVAILABILITY
10 -N
11 -O
ctrl-2
✖ Director
NO
12 -P MGMT
13 -Q
✖
ctrl-3 Control DOWN
Data UP
✖ ✖
cpu-1 cpu-2
Workloads UP
✖ OpenStack services stopped

ceph-1 ceph-2
80
OVER
FIVE
CLOUD
$ openstack overcloud upgrade --roles Controller
✖ AVAILABILITY
10 -N
11 -O ✖ Director
NO
12 -P MGMT
13 -Q
✖
Control UP*
Data UP
✖ ✖
cpu-1 cpu-2
Workloads UP
✖- OpenStack services stopped
ceph-1 ceph-2 * - Control Plane is degraded until all OpenStack

services are on RHOSP 13 (Queens)
81
OVER
FIVE
CLOUD
$ openstack overcloud upgrade --nodes cpu-1
$ openstack overcloud upgrade --roles Compute AVAILABILITY

10 -N
11 -O NO
Director
12 -P MGMT
13 -Q
Control UP
Data UP
✖ ✖
Workloads UP
✖ OpenStack services stopped

ceph-1 ceph-2
82
OVER
FIVE
CLOUD
$ openstack overcloud upgrade run --roles CephStorage \

--skip-tags validation
[..] AVAILABILITY
$ openstack overcloud ceph-upgrade run \
10 -N --templates \
11 -O NO
-e $ALL_ENVIRONMENTS_USED_TO_DEPLOY \ Director
12 -P MGMT
13 -Q -e $HOME/cli_opts_params.yaml \
-e $HOME/ceph-ansible-env.yaml \ Control UP
--container-registry-file $HOME/images.yaml \
--ceph-ansible-playbook $CONTAINER_PLAYBOOK Data UP
Workloads UP
83
SIX CONVERGE
$ openstack overcloud ffwd-upgrade converge --templates \

-e $ALL_ENVIRONMENTS_USED_TO_DEPLOY \
-e $HOME/cli_opts_params.yaml \ AVAILABILITY
-e $HOME/ceph-ansible-env.yaml \
10 -N -e $HOME/images.yaml
11 -O Director UP
12 -P
13 -Q Control UP
Data UP
Workloads UP
84
STORAGE
87
STORAGE
Full range of supported storage solutions.
KEY POINTS
● RED HAT HYPERCONVERGED INFRASTRUCTURE FOR CLOUD
● INCREASED RANGE OF STORAGE TYPES OFFERED WITH CEPHFS MANILA ADDED
● RESILIENT CEPH STORAGE
86
STORAGE
RED HAT HYPERCONVERGED INFRASTRUCTURE FOR CLOUD
1
Great for Telco!
SKU LIFECYCLE SOLUTION RED HAT

HYPERCONVERGED
Reduced procurement
Ceph +
Spend time using your INFRASTRUCTURE
Long Life
costs and complexities
OpenStack
software, not buying it! FOR CLOUD
87
STORAGE
FILE STORAGE SUPPORT ADDED WITH CEPHFS+MANILA

VM Devices
Database Shared file systems
S3-like
Image store backing Structured files
Container registries
Monitoring and Data Analytics
Developers
management
High I/O
OBJECT (Swift) BLOCK (Cinder) FILE (Manila)

Ensuring storage
choice by offering
NFS-Ganesha
RADOS GATEWAY RBD
comprehensive
CephFS Block, Object, and
File solutions.
Ceph Ceph Ceph
88
STORAGE
MORE STORAGE ENCRYPTION OPTIONS FOR DATA AT REST
SECURE VIRTUAL MACHINE FILESYSTEMS SECURE VIRTUAL MACHINE CATALOG IMAGES
CINDER VOLUME ENCRYPTION GLANCE IMAGE SIGNING
Allows LUKS-encrypted cinder volumes to be created Ensures that an image uploaded into Glance has not
and used in RBD/Cinder deployments. Keys are been changed or modified. Uses the Key management
managed securely in the Key management service, service to easily verify image signatures and security
creating an automated solution from top to bottom. automatically.
AUTOMATED MANAGEMENT
89
STORAGE
EASIER WAYS SAFEGUARD DATA IN OPENSTACK DEPLOYMENTS
CLUSTER ONE DR1
data data
OS
BLOCK BLOCK OS
images images
rbd-mirror
ceph-ansible
NATIVE STORAGE MIRRORING
director DEPLOYED WITH DIRECTOR
90
SECURITY
93
SECURITY
Data is safe, secure, and compliant in flight or at rest.
KEY POINTS
● PROGRAMMATIC SECRETS MANAGEMENT
● INCREASED INTERNAL ENDPOINT ENCRYPTION
● SECURITY LEADERSHIP
● READY FOR INDUSTRY CERTIFICATIONS
92
SECURITY
Data is safe, secure, and compliant.
PROGRAMMATIC SECRETS MANAGEMENT
Passwords Passwords
Encryption Keys Encryption Keys
X.509 X.509
Sym Keys Sym Keys
Asym Keys Asym Keys
Data Data
... ...
API
93
SECURITY
INCREASED INTERNAL ENDPOINT ENCRYPTION TO SECURE DATA IN FLIGHT
GENERALLY AVAILABLE FUTURE
BLOCK STORAGE (CINDER) BIG DATA (SAHARA)
SECRETS (BARBICAN) FILE SHARE (MANILA)
METRICS STORE (REDIS) CEPH
SDN CONTROLLER (OPEN DAYLIGHT) REMOTE SWIFT

(CEPH RADOS GW)
REMOTE CONSOLES (VNC)
94
SECURITY
RED HAT OPENSTACK PLATFORM SECURITY GUIDE
SECURITY LEADERSHIP
FOR COMMUNITY AND
ENTERPRISE
GUIDE AVAILABLE AT GA
95
SECURITY
COMPLIANCE ACROSS THE STACK
PARTNERS
Compliance Driven Approach
96
NETWORKING
99
NETWORKING
Accommodate the most demanding requirements.
KEY POINTS
● ENTERPRISE LOAD BALANCING
● ENHANCED, LAYER 2 AND LAYER 3 NETWORKING SUPPORT
● INCREASED SUPPORT FOR DEPLOYMENTS ON ROUTED NETWORKS
98
NETWORKING
ENTERPRISE LBAAS
Cloud ready, secure, scale for workloads.

99
NETWORKING
ENTERPRISE LBAAS
OCTAVIA OCTAVIA OCTAVIA OCTAVIA OCTAVIA

VM VM VM VM VM
Amphora fleet
OCTAVIA OCTAVIA WORK OCTAVIA OCTAVIA
VM VM LOAD VM VM
HA / SCALE
NOVA
Octavia uses OpenStack
KEYSTONE BARBICAN GLANCE
services to provide load
balancing via virtual
OCTAVIA API
machines with deep
NEUTRON integration into OpenStack.
100
NETWORKING
ENHANCED LAYER 2 AND LAYER 3 NETWORKING SUPPORT
NEUTRON
NOTE: OVN must be
NEUTRON
Distributed database-driven solution called specifically at
OpenStack only
Agent-based Agentless! deploy time.
Python specific Inclusion of security groups, routers, L2/L3 Upgrade tooling for
Cross-product (RHEL, RHV, OCP)
ML2 to OVN is
OVS/ML2
coming in future
OVN
OpenStack releases.
Bringing a more consistent customer experience across multiple Red Hat products.
101
NETWORKING
ENHANCED, STABLE LAYER 2 AND LAYER 3 NETWORKING SUPPORT
Open Virtual Networking (OVN)
Bringing a more consistent customer experience across multiple Red Hat products.
102
NETWORKING
INCREASED SUPPORT FOR DEPLOYMENTS ON ROUTED NETWORKS
10 & 11 12 13
COMPOSABLE ROLES COMPOSABLE NETWORKS DHCP RELAYS
Red Hat OpenStack Platform Composable networks are With new features added to the
director introduces added. Combed with undercloud, hardware
composable roles bringing composable roles this brings provisioning can now be done
flexibility to deployment more complex networking across L3 networks, allowing
architectures. topologies to Red Hat routed network topologies such
OpenStack deployments. as spine and leaf.
103
INCREASED SUPPORT FOR DEPLOYMENTS ON
ROUTED NETWORKS
ctlplane (across vlan)
PREVIOUSLY:
For provisioning, a common VLAN
can be used to span across all
switches, ensuring a common
network local to all TORs, as shown
here.
104
INCREASED SUPPORT FOR DEPLOYMENTS ON
ROUTED NETWORKS
ctlplane ctlplane ctlplane

TODAY:
Provisioning VLAN is replaced with
multiple ctlplane networks, unique
per leaf. The TOR’s then manage a
dhcp-relay dhcp-relay between the
deconstructed ctlplane segments.
Combined with Ironic’s ability to
map physical ports we can achieve
flexible, routed, L3 provisioning.
105
NFV
108
NFV
KEY POINTS
● AN OPEN SOURCE SDN CONTROLLER
● DETERMINISTIC COMPUTING OPTIONS
107
NFV
Speed and flexibility for high performance environments.
AN OPEN SOURCE SDN CONTROLLER
NOW GA WITH PRODUCTION SUPPORT!
Bringing an integrated SDN lifecycle to Red Hat OpenStack Platform.
108
NFV
Speed and flexibility for high performance environments.
VIRTUALIZED DETERMINISTIC COMPUTING
DIRECTOR +
TUNING +
RED HAT EXPERTISE
REAL TIME OVERCLOUD IMAGE

REAL TIME KVM KERNEL ENHANCEMENTS
REAL TIME
ENABLED KERNEL
109
OPERATIONS
112
OPERATIONS
Enhanced tools to accomplish more tasks.
KEY POINTS
OPERATOR TOOLS OPENSHIFT on OPENSTACK

● VIRTUALISED MANAGEMENT
● OPENSHIFT ON OPENSTACK
INFRASTRUCTURE SUPPORT
GETS SERIOUS
● 3RD PARTY MONITORING AND METRICS
● INTEGRATED CONTAINER AND
SERVER SUPPORT (OPSTOOLS)
OPENSTACK NETWORKING
● BARE METAL CERTIFICATION PROGRAM
● MORE OPENSHIFT STORAGE
OPTIONS ON OPENSTACK
● FULLY CONTAINERISED CONTROL PLANE
WITH INSTANCE HA SUPPORT
111
OPERATIONS
A FULLY MANAGED LIFECYCLE SOLUTION
100+ 1
OCI-COMPLIANT LIFECYCLE AND
CONTAINERS MANAGEMENT
100% CONTAINERISED DIRECTOR CONTROL
Neutron Ansible Accelerate
Cinder OpenShift Innovate
Manila Ceph Empower
Partners
112
OPERATIONS
HIGHLY AVAILABLE INSTANCES NOW SUPPORTED BY DIRECTOR
INSTANCE RECOVERY*
VM0 VM0
X Templates for Instance HA.
COMPUTE1 COMPUTE2 Survives an upgrade!

X
Supported and part of
operational lifecycle.
New implementations only;

existing Instance HA logic
must be removed and
redeployed with new Instance
director HA deployment from director.
* May not apply to all configuration types; consult CEE for full details before implementing.
113
OPENSHIFT ON OPENSTACK
OPENSHIFT ON OPENSTACK GETS SERIOUS
WORKLOAD
DRIVEN
DEEPLY
INTEGRATED
PROGRAMMATIC
SCALE-OUT
ACROSS
DATACENTRE
INFRASTRUCTURE
FULLY
MANAGED
SOLID
FOUNDATION
115
CONTAINER AND OPENSTACK NETWORKING TODAY
OPENSHIFT SOLUTIONS
Flannel
openshift-sdn
OPENSTACK SOLUTIONS
Neutron, OVS/OVN, VLAN/Provider, Vxlan ?
PARTNER SOLUTIONS
Certified plugin ecosystem for major
vendors’ Neutron integrations (Cisco, Juniper
Contrail, Nuage, etc.) as well as deep
OpenShift integration.
116
OPENSHIFT NETWORKING VENDOR PLUGINS
OPENSHIFT
KUBERNETES CNI
Tigera Cisco
Juniper VMware kuryr- Open
DEFAULT Flannel1 Nuage Calico & Contiv & Big Switch
Contrail NSX-T kubernetes Daylight
CNX Contiv-ACI
(CNI & Kuryr)
RH-OSP
openshift-s Neutron
OVN2 Validated Plugin In-Progress
dn
PLUGIN
1
Flannel is minimally verified and is supported only and exactly as deployed in the OpenShift on OpenStack reference architecture
2
Targeting OCP 3.13 GA
117
INTEGRATED CONTAINER AND OPENSTACK NETWORKING WITH KURYR

SIMPLIFIED NETWORKING LAYER
Kuryr aligns container and OpenStack networking into less-complex, more
manageable components. By providing interoperability between
kubernetes and neutron, operators can expect to remove complexities
such as double encapsulation caused by multiple network overlays. This
should also lead to better performance for high-bandwidth workloads.
VMS AND CONTAINERS

ON THE SAME NETWORK
Kuryr allows a container and a virtual machine instances
to exist on the same network segment.
INDUSTRY STANDARD APPROACH

Kuryr uses a CNI plugin plus a controller
container to integrate Neutron and Kubernetes.
118
OPENSHIFT ON OPENSTACK GETS SERIOUS - INTEGRATIONS
119
OPENSHIFT ON OPENSTACK GETS SERIOUS - INTEGRATIONS
openshift-ansible
VM VM VM VM BM BM
+
PROJECT
director
Networks | Ports | Firewalls | VMs | Bare Metal | Storage
Deploy Red Hat OpenShift Platform onto Red Hat OpenStack Platform with one easy installer.
120
121
122
VIRTUALIZED MANAGEMENT
INFRASTRUCTURE
OPERATIONS
VIRTUALIZED MANAGEMENT INFRASTRUCTURE SUPPORT
VIRT IS:
Scalable
Resilient
Versatile
Affordable
So can I use it for my Red Hat OpenStack Platform services without a

Support Exception?
124
OPERATIONS
VIRTUALISED MANAGEMENT INFRASTRUCTURE SUPPORT
TENANTS’ WORKLOADS
director Control Plane Compute and Storage

(undercloud) (overcloud) (overcloud) YES!
oVirt driver OSP Provisioning Engine (Ironic) bare metal drivers
You can now use the
features already in Red Hat
Enterprise Virtualization
for Red Hat OpenStack
Platform services.*
BARE METAL
* Does not provide RHV as a hypervisor
for OSP workloads.
125
OPERATIONS
ENSURING MANAGEMENT INFRASTRUCTURE IS SCALABLE
role role role
role role role
role role role
EXPAND: Scale and customise easily with composable roles
126
OPERATIONS
ENSURING MANAGEMENT INFRASTRUCTURE IS RESILIENT
controller controller controller
controller controller controller
hypervisor hypervisor hypervisor
RESILIENT: Move services using RHV Live Migration.

Backup services with RHV backups.
Gain enhanced control over control plane hosts.
127
OPERATIONS
ENSURING MANAGEMENT INFRASTRUCTURE IS VERSATILE
director logs monitors jumpost migrated migrated vmware vmware
CONVENIENT: Platform to virtualize supporting services as well as the OSP services.

And with RHV migration tooling you can bring your VMware workloads to the RHV platform.
Manage all your workloads in one place.
128
OPERATIONS
PROVIDING MORE VALUE
ENSURING MANAGEMENT INFRASTRUCTURE IS AFFORDABLE
RHV is bundled with existing

cloud-ready SKUs such as Red Hat
Cloud Suite and Red Hat Cloud
Integration. Many may own it already!
129
PARTNERING FOR EXCELLENCE
OPERATIONS
3RD PARTY MONITORING AND METRICS SERVER-SIDE SUPPORT
Opstools performance agent deployment (collectd) Dashboards for download or commercial support by Grafana
OpenStack expertise Server-side performance monitoring solution
Deployment lifecycle and operational tooling Lifecycle and documentation managed by Grafana
Partnering for expert solutions to customer requirements.
131
OPERATIONS
PARTNERING WITH TRILIO FOR OPENSTACK BACKUPS
An OpenStack-native backup and recovery Cloud-Native Data Protection

solution that gives your tenants the ability to
restore entire workloads on-demand.
Certified Red Hat Connect partner for Red Hat

Ceph Storage for Cinder, Red Hat Ceph Storage
as S3 target, and Red Hat OpenStack Platform
director.
132 * Certified and ready for Red Hat OpenStack Platform 13 soon after GA.
OPERATIONS
PARTNERING WITH TRILIO FOR OPENSTACK BACKUPS
BACKUP RECOVER MANAGE ✓ Virtual Machine

✓ Network Configuration
✓ Availability Zones
✓ Security Groups
✓ Storage Configuration
✓ OS Volume
✓ Cinder Volumes
Entire Production or Tenant and
workloads new environment Admin ✓ Application Aware
https://www.trilio.io/red-hat-openstack
133
OPERATIONS
BARE METAL CERTIFICATION PROGRAM
Partners must join the Red Hat Hardware Certification Partners must have a support relationship with Red Hat.
program This can be fulfilled through the multi-vendor support
Partners must already have a valid Red Hat Enterprise network of TSANet, or through a custom support
Linux hardware certification agreement
Partners must already have a valid Red Hat OpenStack
Platform Nova hardware certification
134
OPERATIONS
BARE METAL CERTIFICATION PROGRAM
Partner prepares the test

environment
Partner creates the certification

Red Hat Partner
Established relationship with Red
Hat Certification
request Certification
Red Hat certification review team Support
Prior certification achieved for creates official test plan
RHEL Hardware and RHOSP Nova
Fail/Resolve/Repeat
Partner runs all tests and submits
System under test (SUT) has been logs
certified
Red Hat reviews test logs
RHOSP test environment is setup
and verified with previously
certified hardware Published to Ecosystem
Page
Pass all / Certified
PROGRAM AND PRODUCT PUBLISH TO
REQUIREMENTS CERTIFICATION WORKFLOW
ECOSYSTEM PAGE
135
TECH PREVIEW
138
TECH PREVIEW
Coming soon
KEY POINTS
● MULTI-TENANT BMAAS
● NETWORK HARDWARE OFFLOAD (OVS 2.9)
137
TECH PREVIEW
Coming soon for OPERATIONS!
MULTI-TENANT BMAAS
138
TECH PREVIEW
Coming soon for TELCO!
More ways to increase throughput and scale - OVS Hardware Offload
Virtual Network Functions Virtual Network Functions

OVS 2.7 OVS 2.9
Physical Network
Card Offload*
Host Host
CPU CPU
Offload virtualized functions to the NIC, increasing overall processing abilities on the host.
139 * Guest requires a vendor specific VF driver (SR-IOV HW dependency)

THANK YOU
plus.google.com/+RedHat facebook.com/redhatinc
linkedin.com/company/red-hat twitter.com/RedHatNews
youtube.com/user/RedHatVideos
142

Red Hat OpenStack Platform 13 - Technical Update - 301 - TDM

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Red Hat OpenStack Platform 13 - Technical Update - 301 - TDM

Uploaded by

Copyright:

Available Formats

Red Hat OpenStack Platform

ACCELERATE INNOVATE EMPOWER

Powering DIGITAL TRANSFORMATION

Enabling digital transformation with AGILE IT

CORE DIRECTOR WHAT’S NEW: 13

TELEMETRY OpenShift / Ceph MANILA HEAT BARBICAN OCTAVIA KEYSTONE

NOVA CINDER GLANCE SWIFT NEUTRON IRONIC HORIZON TRIPLEO

Certiﬁed Red Hat OpenStack Platform plugins: https://access.redhat.com/articles/1535373

● I need VMs, anytime

● Similar to Amazon EC2 ● No need to manage hypervisors individual, due to

security-groups, with/without ephemeral disk. planned capacity plus overcommit ratios.

● I need my own network,

● Some private IPs, some public

● Similar to Amazon VPC, ELB ● Deﬁnes provider networks, manually set-up in

● IPv6 tenant network management ● Open vSwitch or choose from dozens of

Too much data in my VMs!

● I need permanent storage

replicated or imported/exported to another AZ thin-provisioning and generic image cache

My application needs object

storage (ﬁles, media)

● What OS’s can I use?

● This is my own version, store it

● Similar to Amazon AMIs ● Choices: offer “golden images” to tenants via

● My boss just gave me permission

● Similar to Amazon IAM ● CRUD user, tenants (project), roles, and

Operator allows it) Multiple identity backends: LDAP,

● This is the blueprint of my

Templates (HOT) end-users with policies and customized

● How much CPU, RAM, and disk am

I using, i.e. per hour, per week?

● Similar to Amazon CloudWatch ● Historically, Telemetry was a single

* used to be known as Ceilometer

● I need a “physical” VM!

● Similar to Amazon Dedicated EC2 Servers ● Allocate a pool of physical machines to

● I need a Hadoop cluster for a few

● Data can be hosted elsewhere (S3, Swift...) ○ Cloudera

● I need a network folder to share

ﬁles between VMs

including mappings to LDAP entities ● Can be backed by CephFS

● I have strict requirements for

* HSM support in a future version of Red Hat OpenStack Platform

● I want to use load balancing like I

● Octavia is an operator-grade open source ● Octavia relies on OpenStack services to

servers—collectively known as amphorae— which ○ Barbican

● Scales to many nodes helping with automating the hardware lifecycle.

Director is also known as the “undercloud.” This is a operator-only reduced-size openstack

Benefit STABLE Benefit SECURE Benefit UPGRADES

Benefit CONTROL Benefit FLEXIBLE Benefit SCALE

OCI Compliant RPM-based Operating

DUAL MODE DEPLOYMENTS

What this means for operations

● Localization in 9 languages ● More details in node listings

More and more

Validations Lifecycle Debug Operations

Ansible-driven solution to catch potential hardware, networking

Simplify the burden on IT staff by providing recommended

Helps to achieve production-ready deployments throughout the

Composability provides components that can be selected and assembled in various

ROLES | UPGRADES | NETWORKS

collectd agent ﬂuentd agent sensu agent

UPGRADES STORAGE SECURITY NETWORKING NFV OPERATIONS

OSP 13 (Queens) is our second Long Life Release

Long Life Long Life Long Life

RHOSP 8 RHOSP 9 RHOSP 10 RHOSP 11 RHOSP 12 RHOSP 13 RHOSP 14 RHOSP 15 RHOSP 16

$ sudo systemctl stop 'openstack-' 'neutron-' AVAILABILITY