linux conf australia 2017 - hobart running production ... · openstack® summit austin 2016 linux...
TRANSCRIPT
![Page 1: Linux Conf Australia 2017 - Hobart Running Production ... · OpenStack® Summit Austin 2016 Linux Conf Australia 2017 - Hobart Running Production Workloads in a Programmable Infrastructure](https://reader033.vdocuments.net/reader033/viewer/2022042308/5ed507ad86b2b20c6b0fdaff/html5/thumbnails/1.jpg)
OpenStack® Summit Austin 2016Linux Conf Australia 2017 - Hobart
Running Production Workloads in a Programmable Infrastructure
Alex Tesch Cloud Consultant
![Page 2: Linux Conf Australia 2017 - Hobart Running Production ... · OpenStack® Summit Austin 2016 Linux Conf Australia 2017 - Hobart Running Production Workloads in a Programmable Infrastructure](https://reader033.vdocuments.net/reader033/viewer/2022042308/5ed507ad86b2b20c6b0fdaff/html5/thumbnails/2.jpg)
Advanced OpenStack use casesWhat will we cover ?
– Orchestration for a Two-Tier environment
– LBaaS – Proactive auto Scaling
– FWaaS – Dynamic security
– Data cloning as a service
2
![Page 3: Linux Conf Australia 2017 - Hobart Running Production ... · OpenStack® Summit Austin 2016 Linux Conf Australia 2017 - Hobart Running Production Workloads in a Programmable Infrastructure](https://reader033.vdocuments.net/reader033/viewer/2022042308/5ed507ad86b2b20c6b0fdaff/html5/thumbnails/3.jpg)
Live OpenStack Use Case Demos4 Live Demos… What could possibly go wrong????
3
![Page 4: Linux Conf Australia 2017 - Hobart Running Production ... · OpenStack® Summit Austin 2016 Linux Conf Australia 2017 - Hobart Running Production Workloads in a Programmable Infrastructure](https://reader033.vdocuments.net/reader033/viewer/2022042308/5ed507ad86b2b20c6b0fdaff/html5/thumbnails/4.jpg)
Orchestration Demo
4
![Page 5: Linux Conf Australia 2017 - Hobart Running Production ... · OpenStack® Summit Austin 2016 Linux Conf Australia 2017 - Hobart Running Production Workloads in a Programmable Infrastructure](https://reader033.vdocuments.net/reader033/viewer/2022042308/5ed507ad86b2b20c6b0fdaff/html5/thumbnails/5.jpg)
What we will build
– A DMZ Network with two Tomcat servers and a Load Balancer – A DB Network with an Oracle Server attached to a Cinder Volume
– A Neutron Router to allow access from EXT-NET to the app
5
![Page 6: Linux Conf Australia 2017 - Hobart Running Production ... · OpenStack® Summit Austin 2016 Linux Conf Australia 2017 - Hobart Running Production Workloads in a Programmable Infrastructure](https://reader033.vdocuments.net/reader033/viewer/2022042308/5ed507ad86b2b20c6b0fdaff/html5/thumbnails/6.jpg)
LBaaS
Load Balancer as a Service
6
![Page 7: Linux Conf Australia 2017 - Hobart Running Production ... · OpenStack® Summit Austin 2016 Linux Conf Australia 2017 - Hobart Running Production Workloads in a Programmable Infrastructure](https://reader033.vdocuments.net/reader033/viewer/2022042308/5ed507ad86b2b20c6b0fdaff/html5/thumbnails/7.jpg)
Load Balancer as a Service
– Auto scaling via threshold
– Variety of load balancers supported (Amphoras, Kernel NS, F5, etc)
– Control load balancers by code
7
![Page 8: Linux Conf Australia 2017 - Hobart Running Production ... · OpenStack® Summit Austin 2016 Linux Conf Australia 2017 - Hobart Running Production Workloads in a Programmable Infrastructure](https://reader033.vdocuments.net/reader033/viewer/2022042308/5ed507ad86b2b20c6b0fdaff/html5/thumbnails/8.jpg)
Current Neutron LimitationsHow do we overcome them?
LBaaS v2 Limitations in current enterprise distros– No HA capabilities for LBaaS v2 control plane
– Although the Data Plane HA has been addressed with Octavia in the Mitaka Release (we can loose an amphora in the group and HAproxy will continue to work on the next available amphora)
– Loosing the Neutron Controller running the LBaaS controlplane will hinder the LBaaS functionality.
8
![Page 9: Linux Conf Australia 2017 - Hobart Running Production ... · OpenStack® Summit Austin 2016 Linux Conf Australia 2017 - Hobart Running Production Workloads in a Programmable Infrastructure](https://reader033.vdocuments.net/reader033/viewer/2022042308/5ed507ad86b2b20c6b0fdaff/html5/thumbnails/9.jpg)
LBaaS / Autoscaling demo
9
![Page 10: Linux Conf Australia 2017 - Hobart Running Production ... · OpenStack® Summit Austin 2016 Linux Conf Australia 2017 - Hobart Running Production Workloads in a Programmable Infrastructure](https://reader033.vdocuments.net/reader033/viewer/2022042308/5ed507ad86b2b20c6b0fdaff/html5/thumbnails/10.jpg)
FWaaS
Fire Wall as a Service
10
![Page 11: Linux Conf Australia 2017 - Hobart Running Production ... · OpenStack® Summit Austin 2016 Linux Conf Australia 2017 - Hobart Running Production Workloads in a Programmable Infrastructure](https://reader033.vdocuments.net/reader033/viewer/2022042308/5ed507ad86b2b20c6b0fdaff/html5/thumbnails/11.jpg)
Firewall as a Service
11
FWaaSkeytakeaways:
•The Firewall-as-a-Service (FWaaS) plug-in adds perimeter firewall management to OpenStack Networking (neutron).
•FWaaSSupports one firewall policy and logical firewall instance per project.
•FWaaS operates at the perimeter by filtering traffic at the OpenStack Networking (neutron) router. This distinguishes it from security groups, which operate at the instance / OpenVSwitch level.
•The example diagram on the right illustrates the flow of ingress and egress traffic for the VM2 instance
![Page 12: Linux Conf Australia 2017 - Hobart Running Production ... · OpenStack® Summit Austin 2016 Linux Conf Australia 2017 - Hobart Running Production Workloads in a Programmable Infrastructure](https://reader033.vdocuments.net/reader033/viewer/2022042308/5ed507ad86b2b20c6b0fdaff/html5/thumbnails/12.jpg)
Firewall as a Service
12
FWaaSkeytakeaways:
•FWaaS uses iptables to apply firewall policy to all virtual routers within a project.
![Page 13: Linux Conf Australia 2017 - Hobart Running Production ... · OpenStack® Summit Austin 2016 Linux Conf Australia 2017 - Hobart Running Production Workloads in a Programmable Infrastructure](https://reader033.vdocuments.net/reader033/viewer/2022042308/5ed507ad86b2b20c6b0fdaff/html5/thumbnails/13.jpg)
Firewall as a Service
13
SecurityGroupkeytakeaways:
•TheyareimplementedintheOpenvSwitchlayer(L2)andenforcedbyiptablesintheovsportfortheinstance
![Page 14: Linux Conf Australia 2017 - Hobart Running Production ... · OpenStack® Summit Austin 2016 Linux Conf Australia 2017 - Hobart Running Production Workloads in a Programmable Infrastructure](https://reader033.vdocuments.net/reader033/viewer/2022042308/5ed507ad86b2b20c6b0fdaff/html5/thumbnails/14.jpg)
FWaaS Demo
14
![Page 15: Linux Conf Australia 2017 - Hobart Running Production ... · OpenStack® Summit Austin 2016 Linux Conf Australia 2017 - Hobart Running Production Workloads in a Programmable Infrastructure](https://reader033.vdocuments.net/reader033/viewer/2022042308/5ed507ad86b2b20c6b0fdaff/html5/thumbnails/15.jpg)
Data Cloning as a Service Developers can now make use of the latest production data to run their tests.
– Since the Oracle server is under OpenStack control, fully automating the database cloning by code becomes possible.
– Standing up a test environment with up-to-date can be added to the CI/CD rig.
– Faster development cycles which translate in faster go to market features.
– All automated by code
15
![Page 16: Linux Conf Australia 2017 - Hobart Running Production ... · OpenStack® Summit Austin 2016 Linux Conf Australia 2017 - Hobart Running Production Workloads in a Programmable Infrastructure](https://reader033.vdocuments.net/reader033/viewer/2022042308/5ed507ad86b2b20c6b0fdaff/html5/thumbnails/16.jpg)
Data Cloning as a Service Demo
16
![Page 17: Linux Conf Australia 2017 - Hobart Running Production ... · OpenStack® Summit Austin 2016 Linux Conf Australia 2017 - Hobart Running Production Workloads in a Programmable Infrastructure](https://reader033.vdocuments.net/reader033/viewer/2022042308/5ed507ad86b2b20c6b0fdaff/html5/thumbnails/17.jpg)
17
Stage 1:
![Page 18: Linux Conf Australia 2017 - Hobart Running Production ... · OpenStack® Summit Austin 2016 Linux Conf Australia 2017 - Hobart Running Production Workloads in a Programmable Infrastructure](https://reader033.vdocuments.net/reader033/viewer/2022042308/5ed507ad86b2b20c6b0fdaff/html5/thumbnails/18.jpg)
18
Stage 2:
![Page 19: Linux Conf Australia 2017 - Hobart Running Production ... · OpenStack® Summit Austin 2016 Linux Conf Australia 2017 - Hobart Running Production Workloads in a Programmable Infrastructure](https://reader033.vdocuments.net/reader033/viewer/2022042308/5ed507ad86b2b20c6b0fdaff/html5/thumbnails/19.jpg)
19
Stage 3:
![Page 20: Linux Conf Australia 2017 - Hobart Running Production ... · OpenStack® Summit Austin 2016 Linux Conf Australia 2017 - Hobart Running Production Workloads in a Programmable Infrastructure](https://reader033.vdocuments.net/reader033/viewer/2022042308/5ed507ad86b2b20c6b0fdaff/html5/thumbnails/20.jpg)
20
Stage 4:
![Page 21: Linux Conf Australia 2017 - Hobart Running Production ... · OpenStack® Summit Austin 2016 Linux Conf Australia 2017 - Hobart Running Production Workloads in a Programmable Infrastructure](https://reader033.vdocuments.net/reader033/viewer/2022042308/5ed507ad86b2b20c6b0fdaff/html5/thumbnails/21.jpg)
Thank you21
![Page 22: Linux Conf Australia 2017 - Hobart Running Production ... · OpenStack® Summit Austin 2016 Linux Conf Australia 2017 - Hobart Running Production Workloads in a Programmable Infrastructure](https://reader033.vdocuments.net/reader033/viewer/2022042308/5ed507ad86b2b20c6b0fdaff/html5/thumbnails/22.jpg)
22
Github repo: