Upload
mohamed-kajamoideen
View
56
Download
3
Embed Size (px)
Citation preview
OpenStack 101 The Cloud is Now in Session
Back To The BasicsIn many of our conversations with customers and prospects, we have discovered an
interesting information gap. Most business unit owners already understand the benefits
that they ought to be getting from their private cloud project (increased agility, reduced
operational expenditure, improved overall IT security). But while we’ve spent time
explaining the differences between Piston Enterprise OpenStack and raw OpenStack,
we haven’t spent much time describing the specific IT services that OpenStack (and
Piston Enterprise OpenStack) provides. Consider this a primer.
2PISTONCLOUD.COM
OpenStack 101 The Cloud is Now in Session
Five Major ComponentsThere are five major services* provided by OpenStack ‘core’.
• Virtual Machines (compute)
• Virtual Block Devices or Virtual Hard Drives (volume)
• Object Storage (object)
• Virtual Networks (network)
• Dashboard (Horizon)
OpenStack ProjectAmazon Web Services
Equivalent
Virtual Machines Nova EC2
Virtual Block Devices Cinder EBS
Object Storage Swift S3
Virtual Networks Quantum VPC
Dashboard Horizon AWS Management Console
There are two other major components that serve “middleware” functionality: the
disk image registry (Glance), and the authorization and authentication framework
(Keystone).
For the developers among you, you’ll note that this does not map exactly to OpenStack’s seven core projects. We’ve purposefully omitted the Keystone (identity) and Glance (image) services from our list of major components because the latter are shared services that are not logically distinct from the other services.
*
3PISTONCLOUD.COM
OpenStack 101 The Cloud is Now in Session
OpenStack Compute:Let a thousand flowers boot...
Starting a virtual server in the OpenStack world begins with the selection of a base disk
image from which to boot. Most enterprises will supply a set of patched and approved
base images with an operating system and perhaps a limited number of applications.
(We include the Precise Ubuntu base image in installs of our Piston Enterprise
OpenStack and Airframe OpenStack distributions). From here, a devops* user will
typically take one of two paths: either customize this image, installing the applications
they need for their project, and then make a new image out of it; or use a configuration
management tool (such as Puppet or Chef) to perform such an install and configuration
after the virtual machine is started. (For a hybrid of these two approaches, check out
Piston Cloud’s ‘shoelaces’ project.)
When your virtual server is launched, the disk image is cloned from the glance registry,
onto your shared storage. This means that changes to your virtual server do not
automatically change the base image it was launched from. It also means that you can
launch thousands of instances from a single disk image — and customize them using one
of the two methods described above.
Devops (a contraction of development-operations) is an emerging set of principles, methods and practices for communication, collaboration and integration between software development (application/software engineering) and IT operations (systems administration/infrastructure) professionals.
*
4PISTONCLOUD.COM
OpenStack 101 The Cloud is Now in Session
With more complex n-tier applications, the runtime configuration of these many
instances (so that all of your app servers are aware of, and able to connect to, all of
your database servers, for instance) is often managed using an orchestration tool, such
as RightScale or Scalr. These days, clever devops engineers may do this using their
configuration management tool directly.
In order to manage the network access to these instances, there are a set of APIs
and services that interconnect the OpenStack Compute service with OpenStack
networking. These provide software firewalling and IP address management.
Unlike the transient (non-persistent) storage associated with the EC2 compute service
from Amazon Web Services, the virtual hard drive that your virtual server is running on
is not transient. This means you can power off your virtual server without losing data
and without losing any changes to local configuration. However, in order to really take
advantage of the elasticity of your cloud environment, it’s best to treat the storage of
your application’s data as separate from the running compute instances. Which brings
us to the next couple of services: volumes and object storage.
> create_servers --how_many=lots --fast=yes --secure=yes
5PISTONCLOUD.COM
OpenStack 101 The Cloud is Now in Session
OpenStack Volumes:API-driven hard drives
The OpenStack volumes service delivers much the same benefits that you would get
out of a traditional NAS or SAN filer — iSCSI block devices that can be attached to your
running virtual servers. Unlike a NAS or SAN device, however, OpenStack volumes are
provisioned from a self-service API, and can be programmatically attached or detached.
It’s software-defined block storage.
6PISTONCLOUD.COM
OpenStack 101 The Cloud is Now in Session
OpenStack Storage:Better, Faster, Stronger, Cost-Efficient-er
By now, most people who work in IT are familiar with S3, Amazon’s pioneering object
storage system. By giving up posix semantics (for example, those software layers that
make storage look “attached” to a particular machine, and in particular allow programs
to map such storage directly to memory), Amazon was able to build an incredibly
scalable, incredibly reliable storage infrastructure that spans the entire globe. And
that’s what you get with OpenStack — near-infinite scale-out storage.
7PISTONCLOUD.COM
OpenStack 101 The Cloud is Now in Session
OpenStack Network:OpenFlow meets VLANS meets Firewalling meets Virtual Cables meets...
Easily the most complex (and currently the most immature) of the OpenStack services,
OpenStack networking is nonetheless a powerful and critical tool in your cloud arsenal.
It allows you to provision arbitrary Layer 2 and Layer 3 virtual networks and secure
those networks with a sophisticated set of firewall rules. The good news is that, at least
in popular OpenStack distributions, the basics work right out of the box. Each tenant
defined in your authentication system is allocated a virtual network, and your virtual
servers and volumes are assigned IP addresses within that network, typically using
a DHCP server that’s also managed by OpenStack Network. But it’s also possible to
attach additional network interfaces to your virtual servers, to statically assign IPs
using privileged guest agents within your virtual machines, and to isolate and secure
your projects with 802.1Q-based VLANs or PVLANs.
Best practices in networking are cautioned here.# Liberally apply the KISS principle.
Start by mapping your private cloud environment to your existing network policies and
move forward slowly from there. It’s revolutionary technology, but an evolutionary
approach can save you trouble in the long run. Also, make sure that the features you
plan on using within OpenStack are supported by your networking hardware.
8PISTONCLOUD.COM
OpenStack 101 The Cloud is Now in Session
OpenStack Dashboard:A GUI to Get you Going
While most of OpenStack’s true power is under the hood (you can’t imagine how
exciting it is to watch virtual machines springing into existence based on the network
or CPU load of your application), a straightforward user and admin dashboard makes it
easy to get up-and-running quickly.
9PISTONCLOUD.COM
OpenStack 101 The Cloud is Now in Session
Coming soon: More things!The OpenStack image registry (Glance) will likely have a larger role to play in the future,
when the ability to launch virtual machines in a public cloud from disk images in our
private cloud environment becomes critical. The features to support this (which include
seamless translation of disk images from one format to another, support for validation
of signed and encrypted disk images, and proper validation of TXT credentials) are all in
progress to some extent or another, but still a ways off.
Finally, look out for progress on two additional fronts. Heat and Ceilometer are
emerging projects but have yet to be accepted into the OpenStack incubation process.
Heat provides a REST API to orchestrate multiple composite cloud applications
implementing the AWS CloudFormation API. Ceilometer endeavors to provide efficient
collection of resource usage data in terms of CPU and network costs. The data (signed
and non-repudiable) is to be accessible to authorized users via a REST API.
10PISTONCLOUD.COM
OpenStack 101 The Cloud is Now in Session
OpenStack Services:All the Infrastructure, All the Time
The OpenStack services, when implemented together, provide an incredibly flexible
self-service infrastructure platform. They are the low-level building blocks of any
scalable cloud offering. In order to get comfortable using them, start with the
OpenStack dashboard and then try the OpenStack command line clients. Finally,
experiment with direct language bindings, allowing your software to manage its own
infrastructure, or graduate to orchestration tools such as RightScale or configuration
tools such as Puppet or Chef. When you’ve wrapped your head around the power and
flexibility of API-driven infrastructure, the possibilities are endless.
11PISTONCLOUD.COM
OpenStack 101 The Cloud is Now in Session