OpenStack 101

The Cloud is Now in Session

OpenStack 101

The Cloud is Now in Session

Back To The Basics

In many of our conversations with customers and prospects, we have discovered an interesting information gap. Most business unit owners already understand the benefits that they ought to be getting from their private cloud project (increased agility, reduced operational expenditure, improved overall IT security). But while weve spent time explaining the differences between Piston Enterprise OpenStack and raw OpenStack, we havent spent much time describing the specific IT services that OpenStack (and Piston Enterprise OpenStack) provides. Consider this a primer.

PISTONCLOUD.COM

OpenStack 101

The Cloud is Now in Session

Five Major Components

There are five major services* provided by OpenStack core. Virtual Machines (compute) Virtual Block Devices or Virtual Hard Drives (volume) Object Storage (object) Virtual Networks (network) Dashboard (Horizon)
Amazon Web Services Equivalent EC2 EBS S3 VPC AWS Management Console

* youll note that this does not map

For the developers among you,
exactly to OpenStacks seven core projects. Weve purposefully omitted the Keystone (identity) and Glance (image) services from our list of major components because the latter are shared services that are not logically distinct from the other services.

OpenStack Project Virtual Machines Virtual Block Devices Object Storage Virtual Networks Dashboard Nova Cinder Swift Quantum Horizon

There are two other major components that serve middleware functionality: the disk image registry (Glance), and the authorization and authentication framework (Keystone).

PISTONCLOUD.COM

OpenStack 101

The Cloud is Now in Session

OpenStack Compute:
Let a thousand flowers boot...
Starting a virtual server in the OpenStack world begins with the selection of a base disk image from which to boot. Most enterprises will supply a set of patched and approved base images with an operating system and perhaps a limited number of applications. (We include the Precise Ubuntu base image in installs of our Piston Enterprise

* Devops (a contraction of developmentoperations) is an emerging set of principles,

methods and practices for communication, collaboration and integration between software development (application/ software engineering) and IT operations (systems administration/infrastructure) professionals.

OpenStack and Airframe OpenStack distributions). From here, a devops* user will typically take one of two paths: either customize this image, installing the applications they need for their project, and then make a new image out of it; or use a configuration management tool (such as Puppet or Chef) to perform such an install and configuration after the virtual machine is started. (For a hybrid of these two approaches, check out Piston Clouds shoelaces project.) When your virtual server is launched, the disk image is cloned from the glance registry, onto your shared storage. This means that changes to your virtual server do not automatically change the base image it was launched from. It also means that you can launch thousands of instances from a single disk image and customize them using one of the two methods described above.

PISTONCLOUD.COM

OpenStack 101

The Cloud is Now in Session

With more complex n-tier applications, the runtime configuration of these many instances (so that all of your app servers are aware of, and able to connect to, all of your database servers, for instance) is often managed using an orchestration tool, such as RightScale or Scalr. These days, clever devops engineers may do this using their configuration management tool directly. In order to manage the network access to these instances, there are a set of APIs and services that interconnect the OpenStack Compute service with OpenStack networking. These provide software firewalling and IP address management.
> create_servers --how_many=lots --fast=yes --secure=yes

Unlike the transient (non-persistent) storage associated with the EC2 compute service from Amazon Web Services, the virtual hard drive that your virtual server is running on is not transient. This means you can power off your virtual server without losing data and without losing any changes to local configuration. However, in order to really take advantage of the elasticity of your cloud environment, its best to treat the storage of your applications data as separate from the running compute instances. Which brings us to the next couple of services: volumes and object storage.

PISTONCLOUD.COM

OpenStack 101

The Cloud is Now in Session

OpenStack Volumes:
API-driven hard drives
The OpenStack volumes service delivers much the same benefits that you would get out of a traditional NAS or SAN filer iSCSI block devices that can be attached to your running virtual servers. Unlike a NAS or SAN device, however, OpenStack volumes are provisioned from a self-service API, and can be programmatically attached or detached. Its software-defined block storage.

PISTONCLOUD.COM

OpenStack 101

The Cloud is Now in Session

OpenStack Storage:
Better, Faster, Stronger, Cost-Efficient-er
By now, most people who work in IT are familiar with S3, Amazons pioneering object storage system. By giving up posix semantics (for example, those software layers that make storage look attached to a particular machine, and in particular allow programs to map such storage directly to memory), Amazon was able to build an incredibly scalable, incredibly reliable storage infrastructure that spans the entire globe. And thats what you get with OpenStack near-infinite scale-out storage.

PISTONCLOUD.COM

OpenStack 101

The Cloud is Now in Session

OpenStack Network:
OpenFlow meets VLANS meets Firewalling meets Virtual Cables meets...
Easily the most complex (and currently the most immature) of the OpenStack services, OpenStack networking is nonetheless a powerful and critical tool in your cloud arsenal. It allows you to provision arbitrary Layer 2 and Layer 3 virtual networks and secure those networks with a sophisticated set of firewall rules. The good news is that, at least in popular OpenStack distributions, the basics work right out of the box. Each tenant defined in your authentication system is allocated a virtual network, and your virtual servers and volumes are assigned IP addresses within that network, typically using a DHCP server thats also managed by OpenStack Network. But its also possible to attach additional network interfaces to your virtual servers, to statically assign IPs using privileged guest agents within your virtual machines, and to isolate and secure your projects with 802.1Q-based VLANs or PVLANs. Best practices in networking are cautioned here.# Liberally apply the KISS principle. Start by mapping your private cloud environment to your existing network policies and move forward slowly from there. Its revolutionary technology, but an evolutionary approach can save you trouble in the long run. Also, make sure that the features you plan on using within OpenStack are supported by your networking hardware.

PISTONCLOUD.COM

OpenStack 101

The Cloud is Now in Session

OpenStack Dashboard:
A GUI to Get you Going
While most of OpenStacks true power is under the hood (you cant imagine how exciting it is to watch virtual machines springing into existence based on the network or CPU load of your application), a straightforward user and admin dashboard makes it easy to get up-and-running quickly.

PISTONCLOUD.COM

OpenStack 101

The Cloud is Now in Session

Coming soon: More things!

The OpenStack image registry (Glance) will likely have a larger role to play in the future, when the ability to launch virtual machines in a public cloud from disk images in our private cloud environment becomes critical. The features to support this (which include seamless translation of disk images from one format to another, support for validation of signed and encrypted disk images, and proper validation of TXT credentials) are all in progress to some extent or another, but still a ways off. Finally, look out for progress on two additional fronts. Heat and Ceilometer are emerging projects but have yet to be accepted into the OpenStack incubation process. Heat provides a REST API to orchestrate multiple composite cloud applications implementing the AWS CloudFormation API. Ceilometer endeavors to provide efficient collection of resource usage data in terms of CPU and network costs. The data (signed and non-repudiable) is to be accessible to authorized users via a REST API.

PISTONCLOUD.COM

10

OpenStack 101

The Cloud is Now in Session

OpenStack Services:
All the Infrastructure, All the Time
The OpenStack services, when implemented together, provide an incredibly flexible self-service infrastructure platform. They are the low-level building blocks of any scalable cloud offering. In order to get comfortable using them, start with the OpenStack dashboard and then try the OpenStack command line clients. Finally, experiment with direct language bindings, allowing your software to manage its own infrastructure, or graduate to orchestration tools such as RightScale or configuration tools such as Puppet or Chef. When youve wrapped your head around the power and flexibility of API-driven infrastructure, the possibilities are endless.

PISTONCLOUD.COM

11