Port security in Openstack
Openstack Neutron provides by default some protections for your VMs’ communications, those protections verify that VMs can not impersonate other VMs. You can easily see how it does that by checking the flow rules in an OVS deployment using: ovs-ofctl dump-flows br-int If you look for a certain qvo port (or the port number, depending
Migrating VMs with attached RBDs
From the title, this is obviously a very common scenario that you may want to do. One thing that we rarely think about though is “backends” for the attached volumes when we create volumes. When you create a volume, the volume is created on a cinder backend and kept attached to this backend until it’s
My talk at CANHEIT-TECC 2018
http://programme.exordo.com/canheit-tecc2018/delegates/presentation/30/
Quota usage refresh in Openstack
Openstack stores quota usage for tenants in the database in quota_usages table. Nova and cinder have by default their own separate databases and in each database you get a new quota_usages table. The structure of the quota_usages table is as follows +—————+————–+——+—–+———+—————-+ | Field | Type | Null | Key | Default | Extra |
Glance and CEPH backend
Using CEPH as a backend for glance images has slowly become the default deployment methodology in many production deployments. It is usually as easy as creating a new pool in ceph ( glance pool) and creating a user to be associated with glance. The glance CEPH user will normally authenticate using cephx and store images
VM Cold migrations/resizing in openstack
Cold migrations are an integral piece of any QEMU/KVM deployment. It’s cold or “non-live” as you have to power down the VM, move it to the new host and power it back up. Openstack follows the same procedure when it comes to migrating VMs. Cold migrations in Openstack are done via the user running the
cinder-manage: Did you know about it ?
A tool that’s less known-about for cinder is cinder-manage. You might have run into it during upgrades. The most common use case is cinder-manage db sync This is normally executed during upgrades to bring the database to the latest version, or to create the schema for a new installation. But there’s actually additional usages for
Openstack SWO User Group is here !
The Openstack User Group for Southwestern Ontario is finally here ! The group will focus on allowing Openstack users in the SWO area to exchange experiences and knowledge of Openstack as well as a way to socialise with fellow Openstackers Our meetup is at https://www.meetup.com/Openstack-SWO/
OpenStack Performance tuning
So, you’ve managed to deploy OpenStack in a production environment, and now you would like to make sure that your precious investment in hardware doesn’t get ruined by poor performance tuning. You might want to consider reading this post. You have to remember first that OpenStack is a Cloud Computing Enabler framework, i.e. none of
Private External Networks in Neutron
You might find yourself in a position where you need to restrict access by tenants to specific external networks. In Openstack there’s the notion that external networks are accessible by all tenants and anyone can attach their private router to it. This might not be the case if you want to only allow specific users