To organise information, knowledge and experiences of OpenStack.
About this article
A year has passed since beginning development of an OpenStack infrastructure. There is now a lot of information and knowledge available which I didn’t have when I first started developing the IaaS. Through summarising and and organising gained knowledge and experiences and highlighting with some informative articles, I hope to share information with newcomers to the OpenStack world.
What is OpenStack?
OpenStack is a set of software tools used for building and managing cloud computing platforms for public and private clouds. By using OpenStack we can build IaaS infrastructures, such using as Amazon Web Services (AWS). The software of OpenStack is developed by separate Projects, named: Nova (Compute), Neutron (Networking), Keystone (Identity), Glance (Image Services) etc. These software components can be freely chosen and combined to suit your purposes.
There are several reasons I chose to use OpenStack:
- Free to use!
- VMWare ESX series is expensive.
- OpenStack architecture is designed to be loosely coupled
- The OpenStack components such as Nova, Cinder and Neutron communicate internally via AMQP (Advanced Message Queue Protocol), and with each other using REST API calls.
- We can choose any software components we want to use. (If some components are not required, we don’t have to use them!)
- Developed in Python
- In the field of cyber security, the main language is Python.
- Most hypervisors are supported.
- The software can be customised to match our purpose.
- SDN vendors’ commits are expected, and will help us to choose the best solution.
- Most of the API can be used from a Web GUI.
- Topology control tool is based on a Web GUI
- VNC functionality is implemented through HTML5. (All we need to handle a VM is a web browser!)
The above reasons include some expectations, and it is also known that there are some disadvantages when using OpenStack. These include the following:
- Initial cost is high.
- There is no customer support.
- Stability is not so good. (Sometimes there are some glitches in the programs.)
But I have judged that advantages outweigh the disadvantages.
Conceptual architecture of OpenStack
The following diagram shows the relationships among the OpenStack services.
As previously mentioned, each of the services of OpenStack are loosely coupled and communicate using a REST API and Message Queue. It is easy to understand the relationships between each of the services.
Introduction of each Project
The software components of OpenStack are named Projects, since the software is developed by separate members of the OSS developer community.
Nova is the project which relates to the creation of Virtual Machines. As well as creating new instances, we can also easily delete then. The operations related to VMs are implemented through Nova. (In truth, Nova simply handles the hypervisors). OpenStack supports most hypervisors, such as KVM, Xen, ESXi, etc… You can choose any hypervisor you wish to use.
Neutron is an OpenStack project designed to provide “networking as a service” between interface devices (e.g. vNICs) managed by other OpenStack services (e.g. Nova).
Keystone is the identity service used by OpenStack for authentication (authN) and high-level authorisation (authZ). It currently supports token-based authN and user-service authorisation. It has recently been re-architected to allow for expansion to support proxying external services and AuthN/AuthZ mechanisms such as oAuth, SAML and openID in future versions.
The Glance project provides a service where users can upload and discover data assets that are intended for use with other services. This currently includes images and metadata definitions. Glance image services include discovering, registering, and retrieving virtual machine images. Glance has a RESTful API that allows the querying of VM image metadata as well as retrieval of the actual image.
Cinder is the OpenStack project which provides “block storage as a service”.
• Component based architecture: Can quickly add new behaviours
• Highly available: Scales to heavily demanding workloads
• Fault-Tolerant: Processes are isolated to avoid cascading failures
• Recoverable: Failures should be easy to diagnose, debug, and rectify
• Open Standards: Serves as a reference implementation for a community-driven API
• API Compatibility: Cinder strives to provide API-compatibility with popular systems such as Amazon EC2
Horizon is the canonical implementation of OpenStack’s Dashboard, which provides a web-based user interface to other OpenStack services.
Heat is a service to orchestrate multiple composite cloud applications using the AWS CloudFormation template format, through both an OpenStack-native REST API and a CloudFormation-compatible Query API.
The following image shows the required skills when we use OpenStack(this is my experience).
- OpenStack cloud Administrator Guide
- Best resource to understand the roles of each project.
- OpenStack wiki
- Good for both users and contributors, but especially useful for developers who want to contribute to OpenStack.
- Contains links to IRC, mailing-lists and basic procedures to develop OpenStack programs.
I have chosen OpenStack to develop our IaaS, as it is very useful in terms of OSS. But it is important to remember that when we use OpenStack deep knowledge in a variety of fields is necessary to both develop and operate. Within this article, I have briefly introduced each main Project. I will explain each project deeply in the future articles.
- Wikipedia: OpenStack
- Conceptual architecture
- Logical architecture
- OpenStack Contributor Documentation