OpenStack Extended Training Course

1. Introduction to OpenStack - 2 Hours
● History of cloud computing and the development of OpenStack
● Key features of cloud computing
● Cloud deployment models for government
○ Private, public, hybrid clouds
○ On-premises, Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), Software-as-a-Service (SaaS)
● Public and private cloud deployments using OpenStack
● Overview of open-source and commercial OpenStack distributions
● OpenStack deployment strategies for government
● The OpenStack ecosystem
○ Modules, underlying tools, and integrations
● Lifecycle management of OpenStack

● OpenStack certification programs
● OpenStack lab environment (VM) setup for this course

2. Hands-on OpenStack Administration Workshop
● Familiarizing with OpenStack - 0.5 Hours
○ Overview of key OpenStack components (Keystone, Glance, Nova, Neutron, Cinder, Swift, Heat)
○ Interacting with the OpenStack cloud
○ Understanding OpenStack daemons and API communication flows

● Keystone - Identity Management Service - 1 Hour
○ Keystone architecture overview
○ Authentication methods and available backends
○ Token types and management
○ Authorization in OpenStack using roles and oslo.policy
○ Managing Keystone resources (domains, projects, users)
○ Configuring CLI clients with openrc and clouds.yaml
○ Exploring the OpenStack service catalog
○ Adding new services to the OpenStack environment
○ Understanding the quota system in OpenStack

● Glance - Image Service - 1.5 Hours
○ Cloud-optimized images
○ Image features (properties, metadata, format, container)
○ Uploading and downloading images
○ Sharing images across projects
○ Configuring Glance image stores
○ Protecting images from deletion
○ Managing quotas for the image service
○ Verifying Glance services

● Neutron - Networking - 2-3 Hours
○ Overview of Neutron architecture and services
○ ML2 plugin configuration
○ Analyzing networking in compute nodes
○ Understanding networking concepts and tools used by Neutron
○ Managing tenant networks, subnets, and security groups
○ East-West routing and network namespaces
○ External and provider network management
○ North-South routing and floating IP management
○ Network quota management
○ Basic network troubleshooting techniques (namespaces, tcpdump, etc.)
○ Verifying Neutron services

● Nova - Compute Service - 2-3 Hours
○ Interfaces to hypervisors
○ Keypair and flavor management
○ Understanding flavors and CPU topology
○ Setting instance parameters
○ Creating and verifying instances
○ Snapshotting and resizing instances
○ Assigning floating IPs and using interactive consoles
○ Security group assignments and compute quotas
○ Retrieving statistics from Nova
○ Placement API and Nova Cells v2 architecture
○ Instance scheduling with the Placement API
○ Using Placement API client commands
○ Verifying Nova services

● Cinder - Block Storage - 2-3 Hours
○ Volume parameters and creation
○ Managing volumes, snapshots, and backups
○ Transferring volumes between projects
○ Restoring volume backups
○ Volume quota management
○ Adding new storage backends
○ Quality of Service (QoS) in Cinder
○ Exploring LVM, storage array, and Ceph storage backends
○ Integrating Ceph with Cinder
○ Best practices for Ceph deployments
○ Verifying Cinder services

● Barbican - Key Management Service - 2 Hours
○ Barbican architecture overview
○ Storing passphrases and symmetric encryption keys
○ Volume encryption mechanisms
○ Configuring volume encryption with Cinder storage types
○ Limitations of volume encryption
○ Managing X.509 certificate bundles

● Swift - Object Storage (Brief Overview for COA Exam) - 1 Hour
○ Components and processes in Swift
○ Managing containers and objects
○ Configuring access control lists
○ Setting up object expiration
○ Understanding the Ring and storage policies
○ Monitoring available storage space
○ Setting up quotas
○ Verifying Swift services

● Octavia - Load Balancing-as-a-Service - 2-3 Hours
○ Overview of Octavia architecture
○ Objects and request flow in Octavia
○ Exploring Octavia flavors and availability zones
○ Creating HTTP, TCP, and HTTPS load balancers
○ Configuring listeners, pools, and health monitors
○ Layer 7 load balancing with Octavia
○ Building the Amphora image
○ Load balancer failover mechanisms
○ Networking and monitoring details
○ Troubleshooting Octavia

● Heat - Orchestration - 1-2 Hours
○ Understanding Heat Orchestration Templates (HOT) and their components
○ Creating and verifying Heat stacks
○ Updating Heat stacks
○ Verifying Heat services

● Basic Troubleshooting - 2 Hours
○ Analyzing log files for troubleshooting
○ Centralized logging in OpenStack
○ Debugging OpenStack client queries
○ Managing the OpenStack database
○ Backing up OpenStack environments
○ Analyzing compute node and instance status
○ Diagnosing issues with the AMQP broker (RabbitMQ)
○ Metadata services overview
○ General troubleshooting techniques for OpenStack
○ Troubleshooting network problems and performance issues
○ Instance backup and recovery procedures

3. Advanced Topics
● Hardware Considerations and Capacity Planning - 2 Hours
○ Compute hardware requirements
○ Network design for government operations
○ Storage design considerations
○ Flavor sizing and resource overcommitment

● Role System - Authorization in OpenStack - 2 Hours
○ Creating new roles as extensions of member roles
○ Policy.yaml configuration for API call authorization

● Highly Available Control Plane - 1 Hour
○ High availability (HA) in OpenStack services
○ HA database and message queue configurations

● Cloud Partitioning and Scheduler Filters - 1 Hour
○ Implementing cloud partitions (host-aggregates)
○ Nova scheduler filters for optimized resource allocation

● Workload Migration - 1 Hour
○ Cold and live migration techniques
○ Tuning parameters for live migration

● OpenStack Monitoring and Telemetry - 1 Hour
○ Overview of the Ceilometer service
○ External monitoring tools for government use

● Advanced Cloud/Hypervisor Features - 1 Hour
○ CPU pinning and NUMA architecture optimization
○ SR-IOV configuration

● Cloud-init and Image Customization - 1 Hour
○ Metadata Service for cloud instances

● Block Storage Backends - 1 Hour
○ Logical Volume Manager (LVM)
○ Ceph RBD backend
○ Physical storage appliances
○ Network considerations for block storage

● Upgrading OpenStack - 1 Hour
○ Strategies and procedures for upgrading OpenStack
○ Zero-downtime upgrade techniques

● Bare-metal Provisioning with OpenStack - 1 Hour
○ Ironic module overview
○ Concepts of undercloud and overcloud deployments
○ Future directions for OpenStack

4. Deep-dive into Neutron and OVN Backend - 6-8 Hours
● OVN architecture and components
● Comparing ML2 with OVN and OvS drivers
● Top-down approach to OVN networking
○ OpenStack logic (Neutron database)
○ Northbound and Southbound databases
○ Logical datapath pipelines and flows
○ OpenFlow flows

● Neutron network and OVN logical switch
○ Types of logical ports and their configurations
○ Switching flows in the logical switch

● Neutron router and OVN logical router
○ NAT types and routing flows
● Neutron subnet and native DHCP
○ DHCP flow management
● Security groups in OVN
○ Access Control Lists (ACLs) and Port Groups
○ Security group flows and port security in OVN

● Summary of OVN Northbound tables
● Information flow in OVN
○ Data exchange between Neutron DB, OVN NB/SB DB, and OpenFlow at OvS
● Logical flow tracing techniques
○ Defining microflows for L2, L3, and DHCP tracing
● Physical flows - OpenFlow
○ Lifecycle of VM-originated packets in the physical network
● Physical tracing methods
○ Tracing hypothetical and real packets
● Displaying Open vSwitch database and resources