piston cloud openstack 101 whitepaper

OpenStack 101 The Cloud is Now in Session

Back To The BasicsIn many of our conversations with customers and prospects, we have discovered an

interesting information gap. Most business unit owners already understand the benefits

that they ought to be getting from their private cloud project (increased agility, reduced

operational expenditure, improved overall IT security). But while we’ve spent time

explaining the differences between Piston Enterprise OpenStack and raw OpenStack,

we haven’t spent much time describing the specific IT services that OpenStack (and

Piston Enterprise OpenStack) provides. Consider this a primer.

2PISTONCLOUD.COM


Five Major ComponentsThere are five major services* provided by OpenStack ‘core’.

• Virtual Machines (compute)

• Virtual Block Devices or Virtual Hard Drives (volume)

• Object Storage (object)

• Virtual Networks (network)

• Dashboard (Horizon)

OpenStack ProjectAmazon Web Services

Equivalent

Virtual Machines Nova EC2

Virtual Block Devices Cinder EBS

Object Storage Swift S3

Virtual Networks Quantum VPC

Dashboard Horizon AWS Management Console

There are two other major components that serve “middleware” functionality: the

disk image registry (Glance), and the authorization and authentication framework

(Keystone).

For the developers among you, you’ll note that this does not map exactly to OpenStack’s seven core projects. We’ve purposefully omitted the Keystone (identity) and Glance (image) services from our list of major components because the latter are shared services that are not logically distinct from the other services.

*

3PISTONCLOUD.COM


OpenStack Compute:Let a thousand flowers boot...

Starting a virtual server in the OpenStack world begins with the selection of a base disk

image from which to boot. Most enterprises will supply a set of patched and approved

base images with an operating system and perhaps a limited number of applications.

(We include the Precise Ubuntu base image in installs of our Piston Enterprise

OpenStack and Airframe OpenStack distributions). From here, a devops* user will

typically take one of two paths: either customize this image, installing the applications

they need for their project, and then make a new image out of it; or use a configuration

management tool (such as Puppet or Chef) to perform such an install and configuration

after the virtual machine is started. (For a hybrid of these two approaches, check out

Piston Cloud’s ‘shoelaces’ project.)

When your virtual server is launched, the disk image is cloned from the glance registry,

onto your shared storage. This means that changes to your virtual server do not

automatically change the base image it was launched from. It also means that you can

launch thousands of instances from a single disk image — and customize them using one

of the two methods described above.

Devops (a contraction of development-operations) is an emerging set of principles, methods and practices for communication, collaboration and integration between software development (application/software engineering) and IT operations (systems administration/infrastructure) professionals.

*

4PISTONCLOUD.COM


With more complex n-tier applications, the runtime configuration of these many

instances (so that all of your app servers are aware of, and able to connect to, all of

your database servers, for instance) is often managed using an orchestration tool, such

as RightScale or Scalr. These days, clever devops engineers may do this using their

configuration management tool directly.

In order to manage the network access to these instances, there are a set of APIs

and services that interconnect the OpenStack Compute service with OpenStack

networking. These provide software firewalling and IP address management.

Unlike the transient (non-persistent) storage associated with the EC2 compute service

from Amazon Web Services, the virtual hard drive that your virtual server is running on

is not transient. This means you can power off your virtual server without losing data

and without losing any changes to local configuration. However, in order to really take

advantage of the elasticity of your cloud environment, it’s best to treat the storage of

your application’s data as separate from the running compute instances. Which brings

us to the next couple of services: volumes and object storage.

> create_servers --how_many=lots --fast=yes --secure=yes

5PISTONCLOUD.COM


OpenStack Volumes:API-driven hard drives

The OpenStack volumes service delivers much the same benefits that you would get

out of a traditional NAS or SAN filer — iSCSI block devices that can be attached to your

running virtual servers. Unlike a NAS or SAN device, however, OpenStack volumes are

provisioned from a self-service API, and can be programmatically attached or detached.

It’s software-defined block storage.

6PISTONCLOUD.COM


OpenStack Storage:Better, Faster, Stronger, Cost-Efficient-er

By now, most people who work in IT are familiar with S3, Amazon’s pioneering object

storage system. By giving up posix semantics (for example, those software layers that

make storage look “attached” to a particular machine, and in particular allow programs

to map such storage directly to memory), Amazon was able to build an incredibly

scalable, incredibly reliable storage infrastructure that spans the entire globe. And

that’s what you get with OpenStack — near-infinite scale-out storage.

7PISTONCLOUD.COM


OpenStack Network:OpenFlow meets VLANS meets Firewalling meets Virtual Cables meets...

Easily the most complex (and currently the most immature) of the OpenStack services,

OpenStack networking is nonetheless a powerful and critical tool in your cloud arsenal.

It allows you to provision arbitrary Layer 2 and Layer 3 virtual networks and secure

those networks with a sophisticated set of firewall rules. The good news is that, at least

in popular OpenStack distributions, the basics work right out of the box. Each tenant

defined in your authentication system is allocated a virtual network, and your virtual

servers and volumes are assigned IP addresses within that network, typically using

a DHCP server that’s also managed by OpenStack Network. But it’s also possible to

attach additional network interfaces to your virtual servers, to statically assign IPs

using privileged guest agents within your virtual machines, and to isolate and secure

your projects with 802.1Q-based VLANs or PVLANs.

Best practices in networking are cautioned here.# Liberally apply the KISS principle.

Start by mapping your private cloud environment to your existing network policies and

move forward slowly from there. It’s revolutionary technology, but an evolutionary

approach can save you trouble in the long run. Also, make sure that the features you

plan on using within OpenStack are supported by your networking hardware.

8PISTONCLOUD.COM


OpenStack Dashboard:A GUI to Get you Going

While most of OpenStack’s true power is under the hood (you can’t imagine how

exciting it is to watch virtual machines springing into existence based on the network

or CPU load of your application), a straightforward user and admin dashboard makes it

easy to get up-and-running quickly.

9PISTONCLOUD.COM


Coming soon: More things!The OpenStack image registry (Glance) will likely have a larger role to play in the future,

when the ability to launch virtual machines in a public cloud from disk images in our

private cloud environment becomes critical. The features to support this (which include

seamless translation of disk images from one format to another, support for validation

of signed and encrypted disk images, and proper validation of TXT credentials) are all in

progress to some extent or another, but still a ways off.

Finally, look out for progress on two additional fronts. Heat and Ceilometer are

emerging projects but have yet to be accepted into the OpenStack incubation process.

Heat provides a REST API to orchestrate multiple composite cloud applications

implementing the AWS CloudFormation API. Ceilometer endeavors to provide efficient

collection of resource usage data in terms of CPU and network costs. The data (signed

and non-repudiable) is to be accessible to authorized users via a REST API.

10PISTONCLOUD.COM


OpenStack Services:All the Infrastructure, All the Time

The OpenStack services, when implemented together, provide an incredibly flexible

self-service infrastructure platform. They are the low-level building blocks of any

scalable cloud offering. In order to get comfortable using them, start with the

OpenStack dashboard and then try the OpenStack command line clients. Finally,

experiment with direct language bindings, allowing your software to manage its own

infrastructure, or graduate to orchestration tools such as RightScale or configuration

tools such as Puppet or Chef. When you’ve wrapped your head around the power and

flexibility of API-driven infrastructure, the possibilities are endless.

11PISTONCLOUD.COM


piston cloud openstack 101 whitepaper

Documents