Course Outline
1. Introduction to OpenStack - 2 hours
● Historical evolution of the cloud and OpenStack
● Key cloud features
● Cloud deployment models
○ Private, public, and hybrid clouds
○ On-premise, IaaS, PaaS, and SaaS
● OpenStack-based public and private cloud deployments
● Open-source and commercial OpenStack distributions
● OpenStack deployment architectures
● The OpenStack ecosystem
○ Core modules
○ Foundational tools
○ Integration capabilities
● OpenStack lifecycle management
● OpenStack certification pathways
● OpenStack lab (VM) setup for this course
2. Practical OpenStack Administration Workshop
● Overview of OpenStack Components ~0.5 hours
○ Core services: Keystone, Glance, Nova, Neutron, Cinder, Swift, and Heat
○ Interacting with the OpenStack cloud interface
○ OpenStack daemons and API communication workflows
● Keystone - Identity Management Service ~1 hour
○ Keystone architectural design
○ Authentication mechanisms and supported backends
○ Token types and management strategies
○ Authorization frameworks in OpenStack - roles and oslo.policy
○ Keystone entities - domains, projects, and users
○ Configuring CLI clients using openrc and clouds.yaml
○ The OpenStack service catalog
○ Onboarding new OpenStack services
○ OpenStack quota systems
● Glance - Image Service ~1.5 hours
○ Cloud-optimized image formats
○ Image attributes (properties, metadata, format, container)
○ Procedures for uploading and downloading images
○ Image sharing mechanisms
○ Glance image storage backends
○ Protected image management
○ Managing image service quotas
○ Verifying Glance service health
● Neutron - Networking Service ~2-3 hours
○ Neutron architecture and associated services
○ The ML2 plugin mechanism
○ Networking analysis on compute nodes
○ Networking concepts and tools utilized by Neutron
○ Fundamental Neutron network resource types
○ Configuring tenant networks and subnets
○ Managing security groups and associated rules
○ East-West routing
○ Network namespace implementation
○ Configuring external/provider networks
○ North-South routing
○ Floating IP management
○ Managing network quotas
○ Fundamental network troubleshooting (namespaces, tcpdump, etc.)
○ Network quota policies
○ Verifying Neutron service status
● Nova - Compute Service ~2-3 hours
○ Interfaces to hypervisors
○ Key pair management
○ Flavor management
○ Flavors and CPU topology configurations
○ Instance parameter settings
○ Procedures for creating instances
○ Verification of spawned instances
○ Snapshotting capabilities
○ Instance lifecycle management
○ Resizing instances
○ Assigning floating IPs
○ Interactive consoles and console logs
○ Assigning security groups
○ Compute quotas
○ Retrieving statistics from Nova
○ Placement API and Nova Cells v2
○ Placement API and instance scheduling logic
○ Placement API client commands
○ Verifying Nova service health
● Cinder - Block Storage Service ~2-3 hours
○ Volume parameters and definitions
○ Creating volumes
○ Managing volumes
○ Attaching volumes to Nova instances
○ Managing volume snapshots
○ Managing volume backups
○ Internals of snapshots and backups within Cinder
○ Transferring volumes between projects
○ Restoring backups
○ Managing volume quotas
○ Integrating new storage backends
○ QoS (limits) configurations in Cinder
○ LVM, storage arrays, and Ceph storage backends
○ Ceph integration within OpenStack
○ Integrating Ceph with Cinder
○ Best practices for Ceph deployments
○ Verifying Cinder service health
● Barbican - Key Management Service ~2 hours
○ Barbican architecture
○ Storing passphrases securely
○ Generating and storing symmetric encryption keys
○ Volume encryption mechanisms
○ Configuring Cinder storage types for volume encryption
○ Limitations of volume encryption
○ Storing X.509 certificate bundles
● Swift - Object Storage (Quick Review for COA Exam) < 1 hour
○ Swift components and operational processes
○ Managing containers and objects
○ Managing access control lists
○ Setting up object expiration policies
○ The Ring structure and storage policies
○ Monitoring available storage capacity
○ Setting up quotas
○ Verifying Swift service health
● Octavia - Load Balancing as a Service ~2-3 hours
○ Architecture overview
○ Objects and request flow patterns
○ Octavia flavors
○ Octavia Availability Zones
○ Creating HTTP load balancers
○ Creating TCP load balancers
○ Creating HTTPS passthrough load balancers
○ Listeners, Pools, and Health Monitors
○ Layer 7 load balancing in Octavia
○ Building Amphora images
○ Load Balancer Failover
○ Networking and monitoring details
○ Troubleshooting Octavia issues
● Heat - Orchestration Service ~1-2 hours
● Heat Orchestration Template and its components
● Creating Heat stacks
● Verifying Heat stack status
● Updating Heat stacks
● Verifying Heat service health
● Fundamental Troubleshooting ~2 hours
● Analyzing log files
● Implementing centralized logging
● Debugging OpenStack client queries
● Managing the OpenStack database
● Backing up OpenStack configurations
● Analyzing compute node status
● Analyzing instance status
● Analyzing the AMQP broker (RabbitMQ)
● Metadata services
● General diagnostic approaches for OpenStack issues
● Troubleshooting network problems
● Troubleshooting network performance issues
● Instance backup and recovery procedures
3. Advanced Topics
● Hardware Considerations and Capacity Planning ~2 hours
● Compute hardware requirements
● Network design principles
● Storage design strategies
● Flavor sizing calculations
● Resource overcommitment policies
● Role System - Authorization in OpenStack ~2 hours
● Creating new roles as member role extensions
● policy.yaml - API call authorization rules
● Highly Available Control Plane ~1 hour
● HA implementation in OpenStack services
● HA database configurations
● HA message queue setups
● Cloud Partitioning and Scheduler Filters ~1 hour
● Rationale and implementation of cloud partitions (host-aggregates)
● Nova scheduler filters
● Workload Migration ~1 hour
● Cold and live migration techniques
● Tweaking live migration processes
● OpenStack Monitoring and Telemetry < 1 hour
● Ceilometer service overview
● External monitoring integration
● Advanced Cloud/Hypervisor Features < 1 hour
● CPU pinning and NUMA architecture
● SR-IOV implementation
● Cloud-init and Image Customization < 1 hour
● Metadata service usage
● Block Storage Backends < 1 hour
● LVM configurations
● Ceph RBD storage
● Physical appliances
● Storage network considerations
● Upgrading OpenStack < 1 hour
● Upgrade strategies and procedures
● Zero-downtime upgrade techniques
● Bare-metal Provisioning with OpenStack < 1 hour
● Ironic module functionality
● Undercloud and overcloud concepts
● The future evolution of OpenStack
4. Deep-dive into Neutron and OVN Backend - ~6-8 hours
● OVN architecture overview
● OVN component breakdown
● ML2 - OVN vs. OvS driver comparisons
● Top-down OVN networking model
○ OpenStack logic (Neutron database)
○ Northbound database interactions
○ Southbound database interactions
○ Logical datapath pipelines
○ Logical flows
○ OpenFlow flows
● Neutron network and OVN logical switch integration
○ Logical ports and their types
○ Switching flows
● Neutron router and OVN logical router management
○ NAT types
○ Routing flows
● Neutron subnet and native DHCP
○ DHCP flows
● Security groups in OVN
○ ACLs and Port Groups
○ Security group flows
○ Port security in OVN
● Summary of OVN Northbound tables
● Information flow in OVN
○ Neutron DB, OVN NB and SB DB, OpenFlow at OvS
● Logical flow tracing
○ Defining microflows
○ L2 tracing
○ L3 tracing
○ DHCP tracing
● Physical flows - OpenFlow
○ Physical live-cycle of VM-originated packets
● Physical tracing
○ Tracing for hypothetical packets
○ Tracing for real packets
● Displaying Open vSwitch database and resources
Testimonials (3)
I found new things.
Cristian
Course - OpenStack Security
communication, knowledge from experience, solve problems,
Marcin Walewski - Intel Technology Poland Sp. z o.o.
Course - OpenStack Bootcamp
The varied topics
