OpenStack Extended Training Course

1. Introduction to OpenStack - 2h
● Evolution of cloud computing and OpenStack
● Key characteristics of cloud services
● Cloud deployment models
○ Private, public, and hybrid clouds
○ On-premise infrastructure, IaaS, PaaS, and SaaS
● OpenStack-based public and private cloud deployments
● Open source versus commercial OpenStack distributions
● OpenStack deployment architectures
● The OpenStack ecosystem
○ Core modules
○ Foundational tools
○ Integration capabilities
● The OpenStack lifecycle

● OpenStack certification paths
● Lab environment (VM) designated for this course

2. Hands-on OpenStack administration workshop
● Familiarizing with OpenStack ~0.5h
○ Core OpenStack components (Keystone, Glance, Nova, Neutron, Cinder, Swift,
Heat)
○ Interacting with the OpenStack cloud environment
○ OpenStack daemons and API communication protocols
● Keystone - Identity Management Service ~1h
○ Keystone architectural design
○ Authentication methods and supported backends
○ Token types and management strategies
○ Authorization mechanisms in OpenStack - roles and oslo.policy
○ Keystone entities - domains, projects, and users
○ Configuring CLI clients via Openrc and clouds.yaml
○ The OpenStack service catalog
○ Registering new OpenStack services
○ OpenStack quota systems
● Glance - Image Service ~1.5h
○ Cloud-compatible image formats
○ Image attributes (properties, metadata, format, container)
○ Uploading and downloading images
○ Image sharing capabilities
○ Glance storage backends
○ Protecting images
○ Managing quotas for the image service
○ Validating Glance services
● Neutron - Networking ~2-3h
○ Architecture and Neutron services
○ The ML2 plugin
○ Analyzing networking on compute nodes
○ Networking concepts and tools utilized by Neutron
○ Fundamental Neutron network resource types
○ Managing tenant networks and subnets
○ Configuring security groups and rules
○ East-West routing
○ Network namespaces
○ Managing external and provider networks
○ North-South routing
○ Managing Floating IPs
○ Configuring network quotas
○ Fundamental network troubleshooting (namespaces, tcpdump, etc.)
○ Network quota management
○ Validating Neutron services
● Nova - Compute Service ~2-3h
○ Interfaces connecting to hypervisors

○ Keypair management
○ Flavour configuration
○ Flavors and CPU topology mapping
○ Instance parameters
○ Creating a new instance
○ Verifying launched instances
○ Creating snapshots
○ Instance lifecycle management
○ Resizing instances
○ Assigning Floating IPs
○ Accessing interactive consoles and viewing console logs
○ Assigning security groups
○ Compute quota management
○ Retrieving statistics from Nova
○ Placement API and Nova Cells v2
○ Instance scheduling via the Placement API
○ Client commands for the Placement API
○ Validating Nova services
● Cinder - Block Storage Service ~2-3h
○ Volume parameters
○ Creating volumes
○ Managing volumes
○ Attaching volumes to Nova instances
○ Managing volume snapshots
○ Managing volume backups
○ Internal mechanics of snapshots and backups in Cinder
○ Transferring volumes between projects
○ Restoring backups
○ Managing volume quotas
○ Integrating new storage backends
○ Configuring Quality of Service (QoS) limits in Cinder
○ LVM, storage arrays, and Ceph storage backends
○ Ceph integration with OpenStack
○ Integrating Ceph with Cinder
○ Best practices for Ceph deployments
○ Validating Cinder services
● Barbican - Key Management Service - ~2h
○ Barbican architecture
○ Storing passphrases
○ Generating and storing symmetric encryption keys
○ Volume encryption mechanisms
○ Configuring Cinder storage types for volume encryption
○ Limitations of volume encryption
○ Storing X.509 certificate bundles
● Swift - Object Storage (brief overview for COA exam) <1h
○ Swift components and operational processes
○ Managing containers and objects
○ Managing access control lists

○ Configuring object expiration
○ The Ring structure and storage policies
○ Monitoring available storage capacity
○ Setting up quotas
○ Validating Swift services
● Octavia - Load Balancing-as-a-Service ~2-3h
○ Architecture overview
○ Objects and request flow
○ Octavia flavors
○ Octavia Availability Zones
○ Creating HTTP load balancers
○ Creating TCP load balancers
○ Creating HTTPS passthrough load balancers
○ Listeners, Pools, and Health Monitors
○ Layer 7 load balancing in Octavia
○ Building the Amphora image
○ Load Balancer Failover
○ Networking and monitoring details
○ Troubleshooting Octavia
● Heat - Orchestration Service ~1-2h
● Heat Orchestration Template structure and components
● Creating Heat stacks
● Verifying Heat stacks
● Updating Heat stacks
● Verifying Heat services
● Fundamental troubleshooting ~2h
● Analyzing log files
● Implementing centralized logging
● Debugging OpenStack client queries
● Managing the OpenStack database
● Backing up OpenStack
● Analyzing compute node status
● Analyzing instance status
● Analyzing the AMQP broker (RabbitMQ)
● Metadata services
● General approach to diagnosing OpenStack issues
● Troubleshooting network problems
● Troubleshooting network performance
● Instance backup and recovery procedures

3. Advanced Topics
● Hardware considerations and capacity planning ~2h
● Compute hardware requirements
● Network design strategies
● Storage design strategies
● Flavour sizing guidelines
● Resource overcommitment

● Role system - Authorization in OpenStack ~2h
● Creating new roles as member role extensions
● Configuring policy.yaml for API call authorization
● Highly Available control plane ~1h
● High Availability (HA) in OpenStack services
● HA database configurations
● HA message queue configurations
● Cloud partitioning and scheduler filters ~1h
● Rationale and implementation of cloud partitions (host-aggregates)
● Nova scheduler filters
● Workload migration ~1h
● Cold and live migration techniques
● Optimizing live migration
● OpenStack monitoring and telemetry <1h
● Ceilometer service overview
● External monitoring solutions
● Advanced cloud/hypervisor features <1h
● CPU pinning and NUMA architecture
● SR-IOV implementation
● Cloud-init and image customization <1h
● Metadata Service
● Block storage backends <1h
● LVM configuration
● Ceph RBD setup
● Physical storage appliances
● Storage network considerations
● Upgrading OpenStack <1h
● Upgrade strategies and procedures
● Zero-downtime upgrade methods
● Bare-metal provisioning with OpenStack <1h
● Ironic module functionality
● Undercloud and overcloud concepts
● The future trajectory of OpenStack
4. Deep-dive into Neutron and OVN backend - ~6-8h
● OVN architecture
● OVN components
● ML2 - OVN versus OvS driver comparison
● Top-down OVN networking model
● OpenStack logic (Neutron database)
● Northbound database
● Southbound database
● Logical datapath pipelines
● Logical flows
● OpenFlow flows
● Neutron network and OVN logical switch interaction
● Logical ports and their types
● Switching flows

● Neutron router and OVN logical router mechanics
● NAT types
● Routing flows
● Neutron subnet and native DHCP
● DHCP flows
● Security groups implementation in OVN
● ACLs and Port Groups
● Security group flows
● Port security in OVN
● Summary of OVN Northbound tables
● Information flow within OVN
● Interaction between Neutron DB, OVN NB and SB DB, and OpenFlow at OvS
● Logical flow tracing techniques
● Defining microflows
● L2 tracing
● L3 tracing
● DHCP tracing
● Physical flows - OpenFlow analysis
● Physical lifecycle of VM-originated packets
● Physical tracing methods
● Tracing for hypothetical packets
● Tracing for real packets
● Displaying Open vSwitch database and resources