OpenStack Bootcamp Extended ( osbootcampext | 35 hours )

• Basic Linux administration skills
• Basic networking knowledge
• Basic knowledge of cloud computing paradigm

The course is a comprehensive training on OpenStack, extended version of the OpenStack Bootcamp course includes extra excercises, troubleshooting and sample examination tasks. Extended content is highlited in bold in the course outline. It starts with the introduction to the system, then through hands-on workshops it gives practical knowledge on managing private clouds based on OpenStack, finally troubleshooting and advanced, architectural topics are present. The goal of this course is to familiarize with the OpenStack ecosystem as well as to give a strong background for further expansion and refinement of the OpenStack clouds. The course comprises all topics necessary to accomplish the Certificate OpenStack Administrator exam. 75% of the course is based on hands-on workshop in the real OpenStack training environment. After the course participants get all the materials and training environment for self-study and feature/troubleshooting excercises.

Customization options

The full course is to be meant for at least 5 days. It could be shortened if some of the topics are not relevant for the customer. In case the participants are beginners to OpenStack (slower pace) it is recommended to expand the course for 6 days or remove some advanced topics. The course can be also extended with 1 more day when OVN topics can be presented.

1. Introduction to OpenStack

• History of the cloud and OpenStack
• Cloud features
• Cloud models
  • private, public, hybrid
  • on-premise, IaaS, PaaS, SaaS
• Public and private cloud deployments based on OpenStack
• Open source and commercial OpenStack distributions
• OpenStack deployment models
• OpenStack ecosystem
  • Modules
  • Underlying tools
  • Integrations
• OpenStack lifecycle
• OpenStack certification
• OpenStack lab (VM) for this course

2. Hands-on OpenStack administration workshop 

• Getting to know OpenStack 
  • OpenStack components (Keystone, Glance, Nova, Neutron, Cinder, Swift, Heat)
  • Interaction with OpenStack cloud
  • OpenStack daemons and API communication flow
• Keystone - Identity management service
  • Keystone architecture
  • Authentication and available backends
  • Token types and token management
  • Authorization in OpenStack - roles and oslo.policy
  • Keystone resources - domains, projects, users
  • Openrc and clouds.yaml - CLI clients configuration
  • OpenStack service catalog
  • Adding new OpenStack service
  • Quota system in OpenStack
• Glance - Image service
  • Images adjusted to the cloud
  • Image features (properties, metadata, format, container)
  • Uploading and downloading image
  • Sharing images
  • Glance image stores
  • Protected images
  • Manage quotas for image service
  • Verification of Glance services
• Neutron - Networking
  • Architecture and Neutron services
  • The ML2 plugin
  • Networking in compute node - analysis
  • Networking concepts and tools used by Neutron
  • Basic Neutron network resource types
  • Manage tenant networks, subnets, 
  • Manage security groups and rules
  • East-West routing
  • Network namespaces
  • Manage external/provider networks
  • North-South routing
  • Floating IPs management
  • Role-based access control in Neutron
  • Manage network quotas
  • Internals of SDN and NFV (iptables, ip route, OVS)
  • Basic network troubleshooting (namespaces, tcpdump, etc.)
  • Networking quotas
  • Verification of Neutron services
• Nova - Compute service
  • Interfaces to hypervisors
  • Keypair management
  • Flavour management
  • Flavors and CPU topology
  • Instance parameters
  • Creating an instance
  • Verification of spawned instances
  • Snapshotting
  • Instance management
  • Resizing instances
  • Assigning floating IPs
  • Interactive console and console log
  • Security groups assignment
  • Internals of security groups and port-security features (iptables)
  • Internals of L3 routers
  • Compute quotas
  • Getting statistics from Nova
  • Placement API and Nova Cells v2
  • Placement API and instance scheduling
  • Placement API client commands
  • Verification of Nova services
• Cinder - Block Storage
  • Volume parameters
  • Creating volume
  • Manage volume
  • Attaching volume to Nova instance
  • Managing volume snapshots
  • Managing volume backups
  • Internals of snapshots and backups in Cinder
  • Transferring volumes between projects
  • Restoring backups
  • Managing volume quotas
  • Adding new storage backend
  • QoS in Cinder
  • LVM, storage array and Ceph storage backends
  • Ceph in OpenStack
  • Integrating Ceph and Cinder
  • Good practices for Ceph deployments
  • Verification of Cinder services
• Barbican - Key Management Service
  • Barbican architecture
  • Storing passphrases
  • Generating and storing symmetric encryption keys
  • Volume encryption mechanisms
  • Configuring Cinder storage type for volume encryption
  • Limitations of volume encryption
  • Storing X.509 certificate bundles
• Swift - Object Storage
  • Swift components and processes
  • Managing containers and objects
  • Managing access control lists
  • Setting up object expiration
  • The Ring and storage policies
  • Monitoring available storage space
  • Setting up quotas
  • Verification of Swift services
• Heat - Orchestration
  • Heat Orchestration Template and its components
  • Creating Heat stack
  • Verification of Heat stack
  • Updating Heat stack
  • Verification of Heat services
• Basic troubleshooting
  • Analyzing log files
  • Centralized logging
  • Debugging OpenStack client queries
  • Managing OpenStack database
  • Extracting information from service databases
  • Backing up OpenStack
  • Analyzing compute node status
  • Analyzing instance status
  • Troubleshooting instances at the compute node (libvirt)
  • Analyzing AMQP broker (RabbitMQ)
  • Troubleshooting RabbitMQ
  • Metadata services
  • General way of diagnosing OpenStack issues
  • Troubleshooting network problems
  • Troubleshooting network performance
  • Instance backup and recovery

2. Advanced Topics

• Octavia - Load Balancing-as-a-service
  • Architecture
  • Objects and request flow
  • Octavia flavors
  • Octavia Availability Zones
  • Creating the HTTP load balancer
  • Creating the TCP load balancer
  • Creating HTTPS passthrough load balancer
  • Listeners, Pools and Health Monitors
  • Layer 7 load balancing in Octavia
  • Building Amphora image
  • LB Failover
  • Networking and Monitoring details
  • Troubleshooting Octavia
• Hardware considerations and capacity planning
  • Compute hardware
  • Network design
  • Storage design
  • Flavour sizing
  • Resource overcommitment
• Highly Available control plane
  • HA in OpenStack services
  • HA database
  • HA message queue
  • Active-Active vs Active-Passive deployments
  • Multi-region deployments
• Cloud partitioning and scheduler filters
  • Why and how implement cloud partitions (host-aggregates)
  • Nova scheduler filters
  • Dive into filter's code
• Workload migration
  • Cold and live migration
  • Live migration tweaking
  • Migration excercises and troubleshooting
• Policies and authorization in OpenStack
  • Oslo.policy
  • Creating a new meaningful role with policy files
  • Verifying API access for the specific user
• In-depth OpenStack networking (SDN) (2-3h)
  • Types of network (local, flat, vlan, vxlan, gre)
  • Detailed netowork flow and architecture in various neutron deployments
    • East-West traffic in tenant networks
    • North-South traffic in tenant networks
    • Traffic in provider-only deployments
  • Neutron plugins
    • Linux Bridge
    • Open vSwitch
  • OVS troubleshooting and excercises
  • Troubleshooting security groups (iptables, tcpdump)
  • Port-security adjustments and vIP management
  • Distributed Virtual Routers
  • LBaaS + Octavia project
  • VPNaaS
• OpenStack monitoring and telemetry
  • Ceilometer service
  • External monitoring
• Advances cloud/hypervisor features
  • CPU pinning / NUMA architecture
  • SR-IOV
• Cloud-init and image customization
  • Metadata Service
  • Getting information from metadata service
• Block storage backends
  • LVM
  • Ceph RBD
  • Physical appliances
  • Storage network considerations
• Upgrading OpenStack
  • Upgrade strategies and procedures
  • Zero-downtime upgrade
• Bare-metal provisioning with OpenStack
  • Ironic module
  • Undercloud and overcloud concepts
• Various excercises on troubleshooting OpenStack cluster
• Example examination tasks
• Future of OpenStack