OpenStack Fundamentals

Agenda

• What is it?

• How does it work?

• Example Deployment

• Wrap up

What is it?

“Cloud computing is the next stage in the Internet's evolution, providing the means

through which everything — from computing power to computing infrastructure,

applications, business processes to personal collaboration — can be delivered to

you as a service wherever and whenever you need. “

The OpenStack Open Source Cloud Mission:

“to produce the ubiquitous Open Source Cloud

Computing platform that will meet the needs of public

and private clouds regardless of size, by being simple to

implement and massively scalable. “

[https://wiki.openstack.org/wiki/Main_Page]

“OpenStack Software delivers a massively scalable cloud

operating system.”

[http://www.openstack.org/]

OpenStack Design Philosophy

• Simple to implement, massively scalable, elastic, and feature rich

• Architected to provide flexibility as you design your cloud

• No proprietary hardware or software requirements

• Able to integrate with legacy systems and third party technologies

• Share-nothing architecture – composable stand-alone services

• API driven and command line accessible

• Stateless and asynchronous

• Flexible networking models to suit the needs of different applications or user groups

OpenStack’s Phenomenal Growth

88

https://www.openhub.net/p/openstack

How does it work?

OpenStack is Comprised of Multiple Key

Components

10

Compute (Nova)Provision and manage virtual machines

Dashboard (Horizon)Self-service portal

Image (Glance)Catalog and manage server images

Identity (Keystone)Unified authentication, integrates with existing systems

Object Storage (Swift)Scalable, secure, reliable object storage

Network (Neutron)Provides flexible networking-as-a-service

Block Storage (Cinder)Allows block devices to be exposed and connected to compute instances

Network

Compute

Block

Storage

Dashboard

Image

Identity

Object

Storage

OpenStack Identity Service - Keystone

11

Purpose:

� Provide authentication and authorization services for

OpenStack components.

Why its Important:� Manages tenants and users of OpenStack

� Common authentication across all OpenStack services

� Integration point for enterprise authentication

� Provides seamless integration into existing LDAP, ADs, and

Federated Identity Management Systems

� Provides configurable role-based access control

� REST-based APIs

How it Works:

� Comprised of four services:Identity Service - provides credential validation against various

backend authoritative services (LDAP, PAM, etc.) Token Service - Validates and manages tokens used after initial

credential verification Catalog Service – provides a service and endpoint registry of available

services.Policy Service – rule based authorization engine

Network

Compute

Block

Storage

Dashboard

Image

Identity

Object

Storage

Offers project-wide identity, token, service catalog, and policy

service designed for integration with existing systems.

OpenStack Dashboard - Horizon

12

Network

Compute

Block

Storage

Dashboard

Image

Identity

Object

Storage

Purpose:

� End-user self-service portal for compute, image storage,

object storage, identity, and network.

� Cloud administration (users/projects, quotas, etc.)

Why its important:� Provides a single, web-based interface for OpenStack

services.

� Extensible: Anyone can add a new component. Ships with a

set of API abstractions

� Manageable: The codebase is simple and easy-to-navigate.

� Consistent: Visual and interaction paradigms are maintained

throughout.

� Stable: A reliable API with an emphasis on backwards-

compatibility.

How it works:� The dashboard application is built on a consistent API for any

additional third party OpenStack dashboard apps.

� Any actions done through the UI can also be preformed via

the respective service API/CLI

Enables administrators and users to access and provision cloud-

based resources through a self-service portal.

OpenStack Compute - Nova

13

Network

Compute

Block

Storage

Dashboard

Image

Identity

Object

Storage

Purpose:

� Provide compute resources (CPU, memory, disk, network)

Why its important:� Massively scalable and highly available system that is

distributed and asynchronous.

� Supports live-migration (with shared file systems) of guests

with run, reboot, suspend, resize, terminate operations.

� No proprietary hardware or software requirements.

� Works with many hypervisor providers (KVM, QEMU, Xen…)

How it works:� Accepts and responds to end user API calls and initiates

orchestration activities for managing an VM instance.

� Provides a scheduler service for VM placement

(configurable)

� Interacts with the Block Storage service for persistent

storage (volumes)

� Interacts with the network service to create virtual network

interfaces and network paths for the VMs.

Delivers a fully featured, redundant, and scalable cloud computing

platform.

OpenStack Block Storage - Cinder

14

Network

Compute

Block

Storage

Dashboard

Image

Identity

Object

Storage

Purpose:� OpenStack’s software defined storage interface. It provides a

single control plane for managing backend storageBlock Storage (AKA Volume Service) allows block devices to be exposed and connected to compute instances for expanded storage, better performance.

Why its important:� API driven - provides on-demand block-based storage� Enables attaching persistent block storage to virtual machines� Support for booting virtual machines from volume backed storage� Provides integration with enterprise storage platforms through a

flexible driver architecture - works with over fifty storage vendors How it works:

� Made up of three services� cinder-api - accepts API requests and routes them to cinder-

volume for action. � cinder-volume - acts upon the requests

� cinder-scheduler – daemon picks the optimal block storage provider node to create the volume on.

� Leverages a database to maintain state and a message queue to interact with other processes (like the scheduler)

Provides persistent block storage to guest VMs.

OpenStack Image Service - Glance

15

Network

Compute

Block

Storage

Dashboard

Image

Identity

Object

Storage

Purpose:� Provides discovery, registration and delivery services for disk and

server images. � Serves as an image registry – the actual images can reside in

other repositoriesWhy its Important:� Administrators can create base templates from which their users

can start new compute instances� Users can choose from available images, or create their own from

existing servers� Snapshots can also be stored in the Image Service so that virtual

machines can be backed up quicklyHow it Works:� A RESTful API that allows users to query VM image metadata and

retrieve the actual image with HTTP requests� Composed of two services

API service - the main interface that routes requests from clients to registries of image metadata and to its backend stores.

Registry service(s) – stores image metadata� Supports the following backend storage devices: OpenStack

Object Storage, File system, & HTTP� Supported a variety of disk and container formats: Raw, Machine

(a.k.a. AMI), VHD (Hyper-V), VDI (VirtualBox), qcow2 (Qemu/KVM), VMDK (VMWare); OVF (VMWare, others).

Provides basic discovery, registration, and delivery services for

virtual disk images.

OpenStack Object Storage - Swift

16

Network

Compute

Block

Storage

Dashboard

Image

Identity

Object

Storage

Purpose:� A distributed storage system that provides scalable object storage.

Why its important:� Provides a cost effective, scale-out storage solution� Can be integrated directly into applications or used for backup,

archiving and data retention. � Leverages commodity hardware� Public and private containers� HDD/node failure agnostic (self-healing)� Built-in replication & easy to add capacity (elasticity)� Simple API-accessible storage – Put, Get, Delete

How it Works:

� Composed of four scalable services:Proxy Service – Handles and coordinates all API requestsAccount Service – determines what containers are accessible to

an accountContainer Service – manages namespaces used to group

objects within an accountObject Service – where the actual data is stored.

Provides redundant, scalable storage using clusters of

standardized servers to store petabytes of data.

OpenStack Network Management - Neutron

17

Network

Compute

Block

Storage

Dashboard

Image

Identity

Object

Storage

Purpose:� Provides networking-as-a-service capabilities.

Why its important:� Single point of management for networks and IP addresses

� Plugin architecture -> easily configurable

� Enable plugins (open and closed source) that introduce

advanced network capabilities

� Lets anyone build advanced network services that plug into

OpenStack tenant networks.

� Examples: LB-aaS, VPN-aaS, firewall-aaS, IDS-aaS,

data-center-interconnect-aaS.

� Provides floating IP addresses

� Security groups

How it works:� neutron-server takes API requests and forwards them to an

appropriate plugin.� plugins and agents are responsible for the actual work.

� e.g. plugging and unplugging ports, creating networks or subnets and IP addressing.

Provides Networking-as-a-Service capabilities.

Logical Architecture

OpenStack’s Big Tent

19

Logging

• OpenStack services use the standard logging levels, at increasing severity: DEBUG, INFO, AUDIT, WARNING, ERROR, CRITICAL, and TRACE

• Messages only appear in the logs if they are more “severe” than the particular log level, with DEBUG allowing all log statements through.

• Logs are generated by process.

Where are the Logs?

Node type Service Log location

Cloud controller nova-* /var/log/nova

Cloud controller glance-* /var/log/glance

Cloud controller cinder-* /var/log/cinder

Cloud controller keystone-* /var/log/keystone

Cloud controller neutron-* /var/log/neutron

Cloud controller Horizon /var/log/apache2/

All nodes misc (swift, dnsmasq) /var/log/syslog

Compute nodes Libvirt /var/log/libvirt/libvirtd.log

Compute nodesConsole (boot up messages) for

VM instances:

/var/lib/nova/instances/instance-

<instanceid>/console.log

Block Storage nodes cinder-volume /var/log/cinder/cinder-volume.log

Logging for Horizon

• Horizon is a Django web application, it follows the Django Logging framework conventions.

• Logging for horizon is configured in /etc/openstack_dashboard/local_settings.py

Process Monitoring

• A basic type of alert monitoring is to simply check and see whether a required process is running.

Resource Alerting

• Some of the resources that you want to monitor include:

• Disk usage

• Server load

• Memory usage

• Network I/O

• Available vCPUs

• OpenStack does not provide a built in way to monitor your environment.

Example Deployment

Example Deployment of OpenStack

Controller

Node

Compute

Node

Network

Node

Storage Node

To finish ……

References

OpenStack: https://www.openstack.org/

Projects/Components: https://www.openstack.org/software/

Start using: http://www.openstack.org/software/start/

Documentation: http://docs.openstack.org/

Install Guides: http://docs.openstack.org/project-install-guide/newton/

Operations Guide: http://docs.openstack.org/ops-guide

Contributor Guide: http://docs.openstack.org/contributor-guide/index.html

Thank you!Thank you!Thank you!Thank you!