Introduction¶
This is an administration guide detailing run-book procedures for common administration actions. The administration guide is expected to be augmented over time as Acme’s admin procedures evolve.
Acme OpenStack Reference Architecture¶
For further details on the architecture of the OpenStack deployment, consult the Acme OpenStack Reference Architecture on Google Drive: https://docs.google.com/document/u/0/?tgif=d
Document Conventions¶
There are various places where administrative commands of different types can be run. Where an example is given, the command prompt is set to indicate the appropriate environment.
openstack#
A command that can be run as any OpenStack user with an environment configured for OpenStack CLI access. This may involve installing client packages on the system, or using a virtualenv. The user’s OpenStack credentials are also sourced.
This machine must be able to reach the OpenStack public API (for example https://openstack.acme.example:5000).
admin#
A command that must be run with OpenStack control plane admin credentials loaded, and the OpenStack client and supporting modules available (whether in a virtualenv or installed in the OS libraries).
This machine must be able to reach the OpenStack public API.
kayobe#
A command that must be run in an environment configured for Kayobe. This
typically is a virtualenv created along with the Kayobe repo, and environment
variables conventionally drawn from kayobe-config/kayobe-env. The
KAYOBE_VAULT_PASSWORD environment variable may also need to be set.
seed#
A command that must be run on the seed VM using the Kayobe Ansible user account
(stack by default).
bifrost#
A command that must be run within the Bifrost service container, hosted on the seed VM.
instance#
A command that can be run (as superuser) from a running compute instance.
Glossary of Terms¶
- Cinder¶
OpenStack’s block-based storage service. Cinder implements volumes, which are persistent data storage that appears in VMs as block devices. https://docs.openstack.org/cinder/latest/
- ECMP¶
Equal-Cost Multi-Path routing - a IP-based protocol for enabling traffic between two destinations across multiple paths in the network fabric.
- Floating IP¶
An external IP address that is associated with a VM (although the VM is not aware of it). A floating IP enables in-bound access to a VM that is on a private network with a router connecting it to the external network. VMs on a private network can initiate external network access without a floating IP.
- Glance¶
OpenStack’s image service. Glance manages software images for compute instances. https://docs.openstack.org/glance/latest/
- GRE¶
Generic Routing Encapsulation - A common tunneling protocol for transmission of data in a segmented network.
- HA¶
High Availability - The ability for a system to continue to provide service in the presence of hardware or software component failure.
- HAProxy¶
A load-balancer for TCP connections that maintains a VIP and acts as a single endpoint for multiple instances of OpenStack API services. http://www.haproxy.org/
- Horizon¶
OpenStack’s web user interface. https://docs.openstack.org/horizon/latest/
- IPMI¶
Intelligent Platform Management Interface - Interface for providing remote control and monitoring of a server’s baseboard components.
- Kayobe¶
An Ansible-driven OpenStack deployment framework capable of taking bare metal infrastructure through to post-deployment customization.
- Keystone¶
OpenStack’s authentication, authorization and identity management service. All other OpenStack services authenticate user requests by validating cryptographic tokens passed by the requester. https://docs.openstack.org/keystone/latest/
- Kolla¶
An OpenStack project for encapsulating all OpenStack services in Docker containers. https://docs.openstack.org/kolla/latest/
- MLAG¶
Multi-Chassis Link Aggregate - a method of providing multi-pathing and multi-switch redundancy in layer-2 networks.
- Neutron¶
OpenStack’s networking service. https://docs.openstack.org/neutron/latest/
- Nova¶
OpenStack’s compute service. Nova is the scheduler for VMs in OpenStack and the manager of the compute hypervisors. https://docs.openstack.org/nova/latest/
- OIDC¶
OpenID Connect - a protocol for federated authentication and identity management.
- OSPF¶
Open Shortest Path First - a routing protocol for IPv4 and IPv6 for managing efficient paths between IP routers. OSPF is used in conjunction with ECMP to maintain multi-path route tables across an IP fabric.
- REST¶
Representational State Transfer - a software paradigm in which no state is carried between successive API calls. This stateless model enables successive API requests to be serviced by different processes, and simplifies the process of scaling OpenStack control plane services.
- SDN¶
Software Defined Networking - Technology that facilitates the programmatic control of network configuration and monitoring.
- VIP¶
Virtual IP address - a method for implementing active-passive failover in which multiple services on different nodes share a common IP which can be transferred between them in the event of failover.
- VXLAN¶
Virtual eXtensible LAN - a tunneling protocol used for tenant overlay networks. VXLAN is more portable and imposes fewer networking requirements than VLAN-based overlay networks. However, VXLAN can also incur more overhead and may not be usable for RDMA-enabled compute VMs.
- XMPP¶
Extensible Messaging and Presence Protocol - Used for the exchange of XML-based structured data between network entities.
Contacting StackHPC Support¶
StackHPC’s technical team is available for standard support for OpenStack issues related to the Acme OpenStack deployment. StackHPC support can be contacted through the dedicated Slack channel or by direct email contact at acme-support@stackhpc.com.