OpenStack is an open source cloud computing platform that consists of several components including Keystone for identity, Glance for images, Nova for compute, Cinder for block storage, and Quantum for networking. The document provides an overview of each component, describing their main functions and how they interact through messaging queues like RabbitMQ. It also describes the original "Nova networking" approach and how Quantum improved on this by decoupling logical and physical networking and providing plugins to support technologies like Open vSwitch.
4. Open Stack: A Platform for Innovation
“My UI will be easier to
use”
“I need a
different VM
placement policy”
“I have a much better way
to snapshot machine
images”
“I want to report
on my customers
SLAs”
“I’ll build in a
way to share
revenue with my
customer’s”
“I let my customers
span multiple clouds”
5. What is OpenStack?
Originated at NASA, with Rackspace
Driven by an open community process
OpenStack Compute
OpenStack Compute
Three existing projects:
(VMs & VM Networks)
(VMs & VM Networks)
OpenStack Compute
OpenStack Image Service
OpenStack Image Service
OpenStack Image Service
(Image Library & Management)
(Image Library & Management)
Open Object Storage
Multiple hypervisors: Xen, KVM, ESXi, Hyper-V
Releases:
OpenStack Object Store
OpenStack Object Store
(Storage)
(Storage)
Grizzly: April 2013
Folsom: Oct 2012
Grizzly : April 2013: Current
Havana: scheduled for Oct 2013
6. Open Source Advantages
Leverage the work of a growing community of
developers
Works across multiple hardware infrastructure
Possible to deploy at service providers and onpremise
Amazon AWS Interface Compatibility
Flexible Clustering and Availability Zones
Access Control List (ACL) with policies
management
Network Management, Security Groups, Traffic
Isolation
10. Keystone Main Functions
• Provides 4 primary services:
– Identity: User information authentication
– Token: After logged in, replace account-password
– Service catalog: Service units registered
– Policies: Enforces different user levels
• Can be backed by different databases.
– LDAP
– SQL
– Key Value Stores (KVS)
11. Keystone: Identity
• User information:
– username/password
– Metadata (e-mail, etc.)
– Tenant - organizes users into projects or group.
– Role - define a user’s role and permissions in a project.
• A user must belong to at least one tenant, and
may belong to many tenants
• Roles are assigned to user/tenant pairs
– Common roles: Member, Admin
12. Keystone: Token
• Once a user’s identity has been verified with a
acc/pswd pair, a short-lived (24 hr) token is
issued.
• Tokens are a stand-in for the acc/pswd.
• OpenStack services hold on to tokens and use
them to query keystone during operations.
• For example, once Nova can use a token to
determine if an authenticated user has
authorization to delete an instance.
16. Storage as a Service
• CAPEX to OPEX based business model.
• Manage storage by well-defined set of remotely
accessible APIs
• Abstracts the actual storage implementation
• This service offers specialized functions: DR, backup,
document sharing, etc.
Using Storage as a Service
• Object
• Block
• File
17. Storage Available
Ephemeral(On-instance) :
-Used for running Operating System and scratch space
-Persists until VM is terminated
-Access associated with a VM
-Implemented as a filesystem underlying OpenStack Compute
-Administrator configures size setting, based on flavors
-Example: 10GB first disk, 30GB/core second disk
For desktop user PC's internal disk drives are ephemeral; persistent
storage can be considered similar to an external USB drive.
18. OpenStack Object Storage Swift
What Is It?
• Object Storage is ideal for cost effective, scale-out storage. It
provides a fully distributed, API-accessible storage platform that
can be integrated directly into applications or used for backup,
archiving and data retention.
• Store 3 Copies & use for web, media files
• In production today
– Rackspace’s Cloud Files,
• Architectural overview:
– http://swift.openstack.org/overview_architecture.html
19. Swift
• Object storage, objects “live” on an endpoint.
– An endpoint could be any storage device
• Every object belongs to a user/account pair.
– keystone tenant : swift account
– keystone user : swift user
– keystone role : swift group
• Proxy, Ring, and Workers
• Account, Container, Object
22. Workers can be a account server, a
container server, or an object server
23.
24.
25. Cinder
What Is It?
• Block Storage allows block devices to be exposed and connected
to compute instances for expanded storage, better performance
and integration with enterprise storage platforms.
• OpenStack provides persistent block level storage devices for use
with OpenStack compute instances. Can be exposed to
applications as well.
• Block storage volumes are fully integrated into OpenStack
Compute and the Dashboard allowing for cloud users to manage
their own storage needs.
26. Cinder (Contd.)
This is block storage (or volumes) and currently there are blueprints
for filesystems like NFS or CIFS share
• Used for adding additional persistent storage to a virtual machine
(VM)
• Persists until deleted
• Access associated with a VM
• Mounted via OpenStack Block-Storage controlled protocol (for
example, iSCSI)
• Sizings based on need
• Example: 1TB "extra hard drive”
27. Cinder Capabilities
Cinder manages block storage
Volumes attach to VM Instances
Boot from volume
Volumes have a lifecycle independent of VM instance
Admin can create tiers of storage. e.g. two LVM backends, one
with SSD’s and the other with HDD’s.
Users can specify a tier they want when creating a volume.
A backup is an archived copy of a Volume stored in a object store.
A backup is just the data that was written, unlike a snapshot which
is the entire block.
31. Glance
• Image storage and indexing.
• Keeps a database of metadata associated with an
image, discover, register, and retrieve.
• Built on top of Swift, images store in Swift
• Two servers:
– Glance-api: public interface for uploading and
managing images.
– Glance-registry: private interface to metadata database
• Support multiple image formats
37. Nova
• Major components:
– API: public facing interface
– Message Queue: Broker to handle interactions
between services, currently based on RabbitMQ
– Scheduler: coordinates all services, determines
placement of new resources requested
– Compute Worker: hosts VMs, controls hypervisor and
VMs when receives cmds on Msg Queue
– Volume: manages permanent storage
38. Nova Messaging and Data
• Messaging is managed through RabbitMQ
– Server that allows messages to be posted to channels.
– Subscribers to channels receive messages.
– Services regularly announce availability.
– Scheduler regularly reads for availability.
– Scheduler makes requests to services.
• Persistent data stored in a database.
– VM metadata, network topology, volume metadata, known
services
39. Messaging (RabbitMQ)
• Get data from point A to point B
• Decouple publishers and consumers
• Queueing for later delivery
• Load balancing and scalability
• RabbitMQ is an AMQP messaging broker
• Advanced Message Queueing Protocol
• Network wire-level protocol
• Internet protocol - like HTTP, TCP - but
ASYNCHRONOUS
47. Without Quantum
• Originally, Nova handles all networking by:
– Linux bridge networking
– Virtual interfaces connecting network through the
physical interface
– Assigns VM IP address
– Fixed IP: Returns when VM shuts down
– Floating IP: Can be reassigned online
• Network Manager provides VN to enable compute
servers to interact with each other and the public
network
• A Blog states currently 90% Nova bugs are network related
48. Original Network Manager
• Each VM network owned by one network host
– Simply a Linux running Nova-network daemon
• Nova Network node is the only gateway
• Flat Network Manager:
– Linux networking bridge forms a subnet
– All instances attached same bridge
– Manually Configure server, controller, and IP
• Flat DHCP Network Manager:
– Add DHCP server along same bridge
• Later: VLAN Network Manager
49. Bridged Networking
• One network card acts as
many devices.
• Host does not need an IP
address.
• Hypervisor sets virtual MAC
address for guest machine.
• ACISS uses bridges, along
with Virtual Local Area
Networks (VLANs) to
segment traffic and assign
network addresses.
50. Linux running Nova-network daemon
Network host will act as the gateway
for all the NICs bridged into that
network.
VMs bridged in to a raw Ethernet
device
The only gateway
With security measures
51.
52. What does Quantum provide ?
API for Networking in OpenStack
Nova Integration
OSI Network Layers L2 + L3
Decouples Logical / Tenant view of the network
from Physical / Provider
Provides connectivity to VMs, Decouples logical
/Tenant view of the network from Physical/Provider.
Manage OSI Network Layers L2 & L3 with an API.
53.
Cont...
Not yet full-integraded with Dashboard : only L2 is
working. L3 should be managed from CLI. Horizon
can't manage L3 (routers + floatings IP).
Networking backed by plugins : Open-vSwitch, Linux
Bridge, Cisco, OpenFlow (BigSwitch, Floodlight,
NEC, Ryu, etc), Midonet (Midokura) and NVP
(Nicira /Vmware).
54. Quantum Openvswitch plugin
The Quantum Openvswitch plugin consists of two
components:
• 1) A plugin loaded at runtime by the Quantum service.
The plugin processes all API calls and stores the
resulting logical network data model and associated
network mappings in a database backend .
• 2) An agent which runs on each compute node (i.e.,
each node running nova-compute). This agent
gathers the configuration and mappings from the
central mysql database and communicates directly
with the local Open vSwitch instance to configure
flows to implement the logical data model.
55.
56.
57.
58.
59.
60. Plugin
• The component where the ‘virtual networking’ magic
happens. Fulfills API contract by implementing the ‘Plugin
Interface’
• Tenants expect same behavior from Quantum API
regardless of the particular plugin employed
• Available Quantum Plugins:
– Open vSwitch: Builds isolated networks with OVS and L2-in-L3 tunnels.
– Cisco UCS: Isolation based on VLAN and net-profiles applied to Cisco UCS
– converged network adapters
– Linux Bridge: Build isolated networks with VLAN interfaces and linux bridge
– NTT-Data Ryu: Acts as a proxy for the NTT Ryu platform
– Nicira NVP: Acts as a proxy for the Nicira NVP platform
61. The Quantum Manager
• Nova’s network manager for Quantum. Forwards network
related requests.
• Also, provides other network services such as IP address
management, DHCP, NAT, Floating IPs…
• Virtual Networking: A label nowadays applied to too many
solutions and products.
– Securely partitioning the network
– Defining virtual network topologies
– Automating network provisioning