




























































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Suse OpenStack administrator guide cloud 7
Typology: Study Guides, Projects, Research
1 / 776
This page cannot be seen from the preview
Don't miss anything!





























































































ABSTRACT
Publication Date: 08/04/
SUSE LLC 10 Canal Park Drive Suite 200 Cambridge MA 02141 USA https://www.suse.com/documentation
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License : http://creativecommons.org/licenses/by/3.0/legalcode
iv OpenStack Administrator Guide
Identity LDAP server set up 39 • Integrate Identity back end with LDAP 41 • Secure the OpenStack Identity service connection to an LDAP back end 46
Authorization scopes 48 • Token providers 49
What are the different types of keys? 51 • So, how does a staged key help me and why do I care about it? 52 • Where do I put my key repository? 52 • What is the recommended way to rotate and distribute keys? 53 • Do fernet tokens still expire? 53 • Why should I choose fernet tokens over UUID tokens? 53 • Why should I choose fernet tokens over PKI or PKIZ tokens? 53 • Should I rotate and distribute keys from the same keystone node every rotation? 54 • How do I add new keystone nodes to a deployment? 54 • How should I approach key distribution? 54 • How long should I keep my keys around? 56 • Is a fernet token still a bearer token? 56 • What if I need to revoke all my tokens? 56 • What can an attacker do if they compromise a fernet key in my deployment? 56 • I rotated keys and now tokens are invalidating early, what did I do? 57
Caching for tokens and tokens validation 61 • Caching for non-token resources 62 • Configure the Memcached back end example 62
Setting the account lockout threshold 63 • Disabling inactive users 64 • Configuring password expiration 64 • Indicating password strength requirements 64 • Requiring a unique password history 65
Logging 67 • User CRUD 67
Create a share type 97 • Update share type 97 • Delete share
Ring data structure 238 • Partition assignment
viii OpenStack Administrator Guide
Drive failure 259 • Server failure 259 • Detect failed drives 260 • Emergency recovery of ring builder files 261
7 Block Storage 264
Boot from volume 266 • Configure an NFS storage back end 266 • Configure a GlusterFS back end 269 • Configure multiple-storage back ends 273 • Back up Block Storage service disks 277 • Migrate volumes 282 • Gracefully remove a GlusterFS volume from usage 286 • Back up and restore volumes and snapshots 286 • Export and import backup metadata 290 • Use LIO iSCSI support 291 • Configure and use volume number weigher 291 • Consistency groups 293 • Configure and use driver filter and weighing for scheduler 300 • Rate-limit volume copy bandwidth 307 • Oversubscription in thin provisioning 308 • Image- Volume cache 311 • Volume-backed image 314 • Get capabilities 315 • Generic volume groups 321
Troubleshoot the Block Storage configuration 329 • Multipath call failed exit 334 • Addressing discrepancies in reported volume sizes for EqualLogic storage 334 • Failed to Attach Volume, Missing sg_scan 339 • HTTP bad request in cinder volume log 339 • Duplicate 3PAR host 341 • Failed to attach volume after detaching 341 • Failed to attach volume, systool is not installed 342 • Failed to connect volume in FC SAN 343 • Cannot find suitable emulator for x86_64 343 • Non-existent host 344 • Non-existent VLUN 344
8 Shared File Systems 345
x OpenStack Administrator Guide
9 Networking 419
Networking API 419 • Configure SSL support for networking API 420 • Load-Balancer-as-a-Service (LBaaS) overview 421 • Firewall-as- a-Service (FWaaS) overview 422 • Allowed-address-pairs 422 • Virtual- Private-Network-as-a-Service (VPNaaS) 423
Overview 424 • VMware NSX integration 425
Configure Big Switch (Floodlight REST Proxy) plug-in 428 • Configure Brocade plug-in 428 • Configure NSX-mh plug-in 429 • Configure PLUMgrid plug- in 432
Configure data-forwarding nodes 433 • Configure DHCP agent 434 • Configure L3 agent 436 • Configure metering agent 439 • Configure Load-Balancer-as-a-Service (LBaaS v2) 439 • Configure Hyper-V L2 agent 441 • Basic operations on agents 442
Compute 445 • Networking API and credential configuration 445 • Configure security groups 447 • Configure metadata 448 • Example nova.conf (for nova-compute and nova-api) 449
L3 metering agent 449
Core Networking API features 451 • Use Compute with Networking 454
Provider networks 457 • L3 routing and NAT 461 • Security groups 464 • Basic Load-Balancer-as-a-Service operations 465 • Plug-in specific extensions 466 • L3 metering 473
xi OpenStack Administrator Guide
Logging settings 474 • Notifications 475
10 Telemetry 483
Supported databases 485 • Supported hypervisors 486 • Supported networking services 486 • Users, roles, and projects 487
Notifications 488 • Polling 492 • Support for HA deployment 494 • Send samples to Telemetry 497 • Block Storage audit script setup to get notifications 500 • Storing samples 501
Pipeline configuration 504
Telemetry v2 API 511 • Telemetry command-line client and SDK 514 • Publishers 523
Alarm definitions 526 • Alarm dimensioning 527 • Alarm evaluation 527 • Using alarms 528
OpenStack Compute 534 • Bare metal service 543 • IPMI based meters 544 • SNMP based meters 546 • OpenStack Image service 548 • OpenStack Block Storage 548 • OpenStack Object Storage 550 • Ceph Object Storage 551 • OpenStack Identity 552 • OpenStack Networking 554 • SDN controllers 555 • Load-Balancer-as-a-Service (LBaaS v1) 557 • Load- Balancer-as-a-Service (LBaaS v2) 559 • VPN-as-a-Service (VPNaaS) 560 • Firewall-as-a-Service (FWaaS) 562 • Orchestration service 563 • Data processing service for OpenStack 563 • Key Value Store module 564 • Energy 564
xiii OpenStack Administrator Guide
Stack domain users configuration 595 • Usage workflow 596
14 OpenStack command-line clients 598
Unified command-line client 598 • Individual command-line clients 598
Install the prerequisite software 601 • Install the OpenStack client 603 • Upgrade or remove clients 606 • What's next 606
Download and source the OpenStack RC file 607 • Create and source the OpenStack RC file 607 • Override environment variable values 609
Projects 610 • Users 612 • Roles and role assignments 613
List and view current security groups 617 • Create a security group 618 • Delete a security group 621 • Create security group rules for a cluster of instances 621
Create and manage services and service users 622 • Manage Compute services 625
List or get details for images (glance) 626 • Create or update an image (glance) 628 • Troubleshoot image creation 631
Migrate a volume 632 • Create a volume 632 • Create a volume from specified volume type 634 • Attach a volume to an instance 636 • Resize a volume 638 • Delete a volume 638 • Transfer a volume 639 • Manage and unmanage a snapshot 643
xiv OpenStack Administrator Guide
Migrate a share 645
Create a flavor 647 • Delete a flavor 649
Select hosts where instances are launched 649 • Consider NUMA topology when booting instances 650 • Evacuate instances 651 • Migrate a single instance to another compute host 652 • Configure SSH between compute nodes 653 • Manage IP addresses 655 • Launch and manage stacks using the CLI 657
Manage Compute service quotas 659 • Manage Block Storage service quotas 664 • Manage Networking service quotas 667
Upload and analyze log files 673 • Download and analyze an object 675
Example Usages 677
15 Cross-project features 679
Enabling CORS with configuration 679 • Enabling CORS with PasteDeploy 680 • Security concerns 681 • Troubleshooting 681
16 Appendix 684
Documentation 684 • ask.openstack.org 685 • OpenStack mailing lists 686 • The OpenStack wiki 686 • The Launchpad Bugs area 686 • The OpenStack IRC channel 688 • Documentation feedback 688 • OpenStack distribution packages 688
Glossary 690
2 SUSE OpenStack Cloud 7
2 Get started with OpenStack
TABLE 2.1: OPENSTACK SERVICES
Dashboard (http:// www.openstack.org/ software/ releases/ newton/ components/ horizon)
Horizon (http:// docs.openstack.org/ developer/ horizon/)
Compute (http:// www.openstack.org/ software/ releases/ newton/ components/ nova)
Nova (http:// docs.openstack.org/ developer/ nova/)
Networking (http:// www.openstack.org/ software/ releases/
Neutron (http:// docs.openstack.org/ developer/ neutron/)
3 SUSE OpenStack Cloud 7
newton/ components/ neutron)
Object Storage (http:// www.openstack.org/ software/ releases/ newton/ components/ swift)
Swift (http:// docs.openstack.org/ developer/ swift/)
Block Storage (http:// www.openstack.org/ software/ releases/ newton/ components/ cinder)
Cinder (http:// docs.openstack.org/ developer/ cinder/)
Identity service (http:// www.openstack.org/ software/ releases/ newton/ components/ keystone)
Keystone (http:// docs.openstack.org/ developer/ keystone/)
5 SUSE OpenStack Cloud 7
newton/ components/ trove)
Data processing service (http:// www.openstack.org/ software/ releases/ newton/ components/ sahara)
Sahara (http:// docs.openstack.org/ developer/ sahara/)
6 Conceptual architecture SUSE OpenStack Cloud 7
2.1 Conceptual architecture
2.2 Logical architecture