Skip to content

Commit db1fe19

Browse files
M3shourM3shour
authored
Answered OpenStack questions (bregman-arie#10605)
1 parent 76abb24 commit db1fe19

File tree

1 file changed

+61
-0
lines changed

1 file changed

+61
-0
lines changed

README.md

Lines changed: 61 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1670,6 +1670,7 @@ I’ve implemented these in past projects, configuring them for scalability and
16701670

16711671
<details>
16721672
<summary>What is a tenant/project?</summary><br><b>
1673+
In OpenStack, a project (formerly known as a tenant) is a fundamental unit of ownership and isolation for resources like virtual machines, storage volumes, and networks. Each project is owned by a specific user or group of users and provides a way to manage and segregate resources within a shared cloud environment. This ensures that one project's resources are not accessible to another unless explicitly shared.
16731674
</b></details>
16741675

16751676
<details>
@@ -1678,32 +1679,67 @@ I’ve implemented these in past projects, configuring them for scalability and
16781679
* OpenStack is free to use
16791680
* The service responsible for networking is Glance
16801681
* The purpose of tenant/project is to share resources between different projects and users of OpenStack</summary><br><b>
1682+
* OpenStack is free to use - **True**. OpenStack is open-source software released under the Apache 2.0 license.
1683+
* The service responsible for networking is Glance - **False**. Neutron is the service responsible for networking. Glance is the image service.
1684+
* The purpose of tenant/project is to share resources between different projects and users of OpenStack - **False**. The primary purpose is to isolate resources.
16811685
</b></details>
16821686

16831687
<details>
16841688
<summary>Describe in detail how you bring up an instance with a floating IP</summary><br><b>
1689+
To launch an instance with a floating IP, you would follow these steps:
1690+
1. **Create a Network and Subnet:** First, ensure you have a private network and subnet for your instances.
1691+
2. **Create a Router:** Create a router and connect it to the public (external) network and your private subnet.
1692+
3. **Launch an Instance:** Launch a new instance, attaching it to your private network. It will receive a private IP address from the subnet.
1693+
4. **Allocate a Floating IP:** Allocate a new floating IP address from the public network pool to your project.
1694+
5. **Associate the Floating IP:** Associate the allocated floating IP with the private IP address of your instance. This allows the instance to be accessible from the internet.
16851695
</b></details>
16861696

16871697
<details>
16881698
<summary>You get a call from a customer saying: "I can ping my instance but can't connect (ssh) it". What might be the problem?</summary><br><b>
1699+
If you can ping an instance but cannot SSH into it, the issue is likely related to one of the following:
1700+
* **Security Group Rules:** The security group attached to the instance may not have a rule allowing inbound traffic on TCP port 22 (the default SSH port).
1701+
* **Firewall on the Instance:** A firewall running on the instance itself (like `iptables` or `firewalld`) might be blocking the SSH port.
1702+
* **SSH Service:** The SSH daemon (`sshd`) on the instance might not be running or could be misconfigured.
1703+
* **Incorrect SSH Key:** You might be using the wrong private key to connect to the instance.
16891704
</b></details>
16901705

16911706
<details>
16921707
<summary>What types of networks OpenStack supports?</summary><br><b>
1708+
OpenStack Neutron supports several network types:
1709+
* **Local:** A local network is isolated to a single compute node and cannot be shared between multiple nodes.
1710+
* **Flat:** A flat network is a simple, non-VLAN-tagged network that is shared across all compute nodes.
1711+
* **VLAN:** A VLAN network uses 802.1q tagging to create isolated layer-2 broadcast domains.
1712+
* **VXLAN:** VXLAN (Virtual Extensible LAN) is an overlay network technology that encapsulates layer-2 frames in UDP packets, allowing for a large number of isolated networks.
1713+
* **GRE:** GRE (Generic Routing Encapsulation) is another overlay network technology that can be used to create private networks over a public network.
16931714
</b></details>
16941715

16951716
<details>
16961717
<summary>How do you debug OpenStack storage issues? (tools, logs, ...)</summary><br><b>
1718+
To debug storage issues in OpenStack (Cinder), you can use the following:
1719+
* **Logs:** Check the Cinder service logs (e.g., `/var/log/cinder/cinder-volume.log`, `/var/log/cinder/cinder-api.log`) for error messages.
1720+
* **Cinder CLI:** Use the `cinder` command-line tool to check the status of volumes, snapshots, and storage backends.
1721+
* **Database:** Inspect the Cinder database to check for inconsistencies in volume states or metadata.
1722+
* **Backend Storage:** Check the logs and status of the underlying storage system (e.g., LVM, Ceph, NFS) to identify issues with the storage itself.
16971723
</b></details>
16981724

16991725
<details>
17001726
<summary>How do you debug OpenStack compute issues? (tools, logs, ...)</summary><br><b>
1727+
To debug compute issues in OpenStack (Nova), you can use the following:
1728+
* **Logs:** Check the Nova service logs (e.g., `/var/log/nova/nova-compute.log`, `/var/log/nova/nova-api.log`, `/var/log/nova/nova-scheduler.log`) for error messages.
1729+
* **Nova CLI:** Use the `nova` command-line tool to check the status of instances, hosts, and services.
1730+
* **Instance Console Log:** View the console log of a specific instance to see boot-up messages and other output.
1731+
* **Hypervisor:** Check the logs and status of the underlying hypervisor (e.g., KVM, QEMU) to identify issues with virtualization.
17011732
</b></details>
17021733

17031734
#### OpenStack Deployment & TripleO
17041735

17051736
<details>
17061737
<summary>Have you deployed OpenStack in the past? If yes, can you describe how you did it?</summary><br><b>
1738+
There are several ways to deploy OpenStack, depending on the scale and complexity of the environment. Some common methods include:
1739+
* **DevStack:** A script-based installer designed for development and testing purposes. It deploys OpenStack from the latest source code.
1740+
* **Packstack:** A utility that uses Puppet modules to deploy OpenStack on CentOS or RHEL. It is suitable for proof-of-concept and small-scale production environments.
1741+
* **Kolla-Ansible:** A set of Ansible playbooks that deploy OpenStack services as Docker containers. This method is highly scalable and recommended for production deployments.
1742+
* **OpenStack-Ansible:** A collection of Ansible playbooks that deploy OpenStack services directly on bare metal or virtual machines.
17071743
</b></details>
17081744

17091745
<details>
@@ -1797,34 +1833,54 @@ There are many reasons for that. One for example: you can't remove router if the
17971833

17981834
<details>
17991835
<summary>What is a provider network?</summary><br><b>
1836+
A provider network is a network that is created by an OpenStack administrator and maps directly to an existing physical network in the data center. It allows for direct layer-2 connectivity to instances and is typically used for providing external network access or for connecting to specific physical networks.
18001837
</b></details>
18011838

18021839
<details>
18031840
<summary>What components and services exist for L2 and L3?</summary><br><b>
1841+
* **L2 (Layer 2):** The primary L2 component is the `neutron-openvswitch-agent` (or a similar agent for other plugins), which runs on each compute node and manages the local virtual switch (e.g., Open vSwitch). It is responsible for connecting instances to virtual networks and enforcing security group rules.
1842+
* **L3 (Layer 3):** The `neutron-l3-agent` is responsible for providing L3 services like routing and floating IPs. It manages virtual routers that connect private networks to external networks.
18041843
</b></details>
18051844

18061845
<details>
18071846
<summary>What is the ML2 plug-in? Explain its architecture</summary><br><b>
1847+
ML2 (Modular Layer 2) is a framework that allows OpenStack to simultaneously utilize a variety of layer-2 networking technologies. It replaces the monolithic plugins for individual network types and provides a more flexible and extensible architecture. ML2 uses a combination of `Type` drivers (for network types like VLAN, VXLAN, etc.) and `Mechanism` drivers (for connecting to different network mechanisms like Open vSwitch, Linux Bridge, etc.).
18081848
</b></details>
18091849

18101850
<details>
18111851
<summary>What is the L2 agent? How does it works and what is it responsible for?</summary><br><b>
1852+
The L2 agent is a service that runs on each compute node and is responsible for wiring virtual networks to instances. It communicates with the Neutron server to get the network topology and then configures the local virtual switch (e.g., Open vSwitch) to connect instances to the correct networks. It also enforces security group rules by configuring the virtual switch.
18121853
</b></details>
18131854

18141855
<details>
18151856
<summary>What is the L3 agent? How does it works and what is it responsible for?</summary><br><b>
1857+
The L3 agent is responsible for providing layer-3 networking services, such as routing and floating IPs. It runs on network nodes and manages virtual routers that connect private networks to external networks. The L3 agent creates network namespaces for each router to provide isolation and then configures routing rules and NAT to enable traffic to flow between networks.
18161858
</b></details>
18171859

18181860
<details>
18191861
<summary>Explain what the Metadata agent is responsible for</summary><br><b>
1862+
The Metadata agent is responsible for providing metadata (e.g., instance ID, hostname, public keys) to instances. It runs on network nodes and acts as a proxy between instances and the Nova metadata service. When an instance requests metadata, the request is forwarded to the Metadata agent, which then retrieves the information from Nova and returns it to the instance.
18201863
</b></details>
18211864

18221865
<details>
18231866
<summary>What networking entities Neutron supports?</summary><br><b>
1867+
Neutron supports a variety of networking entities, including:
1868+
* **Network:** An isolated layer-2 broadcast domain.
1869+
* **Subnet:** A block of IP addresses that can be assigned to instances.
1870+
* **Port:** A connection point for attaching a single device, such as an instance, to a virtual network.
1871+
* **Router:** A logical entity that connects multiple layer-2 networks.
1872+
* **Floating IP:** A public IP address that can be associated with an instance to provide external connectivity.
1873+
* **Security Group:** A collection of firewall rules that control inbound and outbound traffic to instances.
18241874
</b></details>
18251875

18261876
<details>
18271877
<summary>How do you debug OpenStack networking issues? (tools, logs, ...)</summary><br><b>
1878+
To debug networking issues in OpenStack (Neutron), you can use the following:
1879+
* **Logs:** Check the Neutron service logs (e.g., `/var/log/neutron/neutron-server.log`, `/var/log/neutron/openvswitch-agent.log`, `/var/log/neutron/l3-agent.log`) for error messages.
1880+
* **Neutron CLI:** Use the `neutron` command-line tool to check the status of networks, subnets, ports, routers, and other networking entities.
1881+
* **`ip netns`:** Use the `ip netns` command to inspect network namespaces and the network configurations within them.
1882+
* **`ovs-vsctl` and `ovs-ofctl`:** Use these tools to inspect the configuration and flow tables of Open vSwitch bridges.
1883+
* **`tcpdump`:** Use `tcpdump` to capture and analyze network traffic on various interfaces to identify connectivity issues.
18281884
</b></details>
18291885

18301886
#### OpenStack - Glance
@@ -2042,6 +2098,9 @@ A list of services and their endpoints
20422098
* nova-api - responsible for managing requests/calls
20432099
* nova-compute - responsible for managing instance lifecycle
20442100
* nova-conductor - Mediates between nova-compute and the database so nova-compute doesn't access it directly
2101+
* nova-cert - Manages X509 certificates for secure communication.
2102+
* nova-consoleauth - Authorizes tokens for users to access instance consoles.
2103+
* nova-scheduler - Determines which compute host an instance should be launched on based on a set of filters and weights.
20452104
</b></details>
20462105

20472106
<details>
@@ -2056,10 +2115,12 @@ A list of services and their endpoints
20562115

20572116
<details>
20582117
<summary>Explain BGP dynamic routing</summary><br><b>
2118+
BGP (Border Gateway Protocol) is a standardized exterior gateway protocol used to exchange routing and reachability information among autonomous systems on the internet. In OpenStack, BGP can be used to dynamically advertise floating IP addresses and project networks to physical routers, eliminating the need for static routes and enabling more scalable and resilient network architectures.
20592119
</b></details>
20602120

20612121
<details>
20622122
<summary>What is the role of network namespaces in OpenStack?</summary><br><b>
2123+
Network namespaces are a Linux kernel feature that provides isolated network stacks for different processes. In OpenStack, network namespaces are used to isolate the network resources of different virtual routers and other networking services. This ensures that each router has its own set of interfaces, routing tables, and firewall rules, preventing conflicts and providing a secure multi-tenant environment.
20632124
</b></details>
20642125

20652126
#### OpenStack Advanced - Horizon

0 commit comments

Comments
 (0)