Summary:
Potential downtime: * Nebula will be updated from Kilo to Newton (skipping Mitaka) before the end of January ** This may involve node downtime for up to 3 days, but the Nebula team will try to minimize this as much as possible * Nebula will be changed in the near future to use Kerberos credentials * The above upgrades may include API changes that could drive work on the Ansible scripts used to deploy Labs Workbench Performance: * In general, try to minimize the number of Security Groups and Rules / Networks applied through the horizon interface, as these do not tend to scale well in OpenStack * In general, try to use flavors with smaller disk sizes, and attach volumes for extra storage * In general, delete instances and snapshots that you no longer need Security: * In general, LTS images should be preferred and instances should be kept up-to-date ** For CoreOS this likely will mean re-enabling automatic updates * In general, use the "Outbound Only" Secuirty Group until SSH is locked down ** Change ALL default passwords before applying a public IP and removing the "Outbound Only" Security Group * In general, prefer to regenerate SSH / SSL keys instead of just reusing the same ones over again
Meeting Notes: https://wiki.ncsa.illinois.edu/display/NEBULA/Nebula+OpenStack+User%27s+Meetings