So the big question is: under what circumstances should we choose OpenStack over the commercial orchestrators or vice versa? Let's look at the following table that compares the features that are significantly different.
Please note that the ease of installation and management are not covered in the following table:
Feature |
OpenStack |
Commercial orchestrator |
---|---|---|
Identity and access management* |
Yes |
Yes |
Connectivity to enterprise toolsets |
Not natively (Possible with ManageIQ) |
Yes |
Flexibility to the user |
Yes |
Somewhat |
Enterprise control |
Not natively (Possible with ManageIQ) |
Yes |
Standardized prebuilt services |
Yes |
No (Except virtual machines) |
EC2-compatible API |
Yes |
No |
So based on the previous table, OpenStack is an amazing candidate for an enterprise dev-test cloud and for providing public cloud-like services to an enterprise, while reusing existing hardware.
The currently supported stable release of OpenStack is codenamed Liberty. This book will deal with Juno, but the core concepts and procedures will be fairly similar to the other releases of OpenStack. The differences between Juno, Kilo, and Liberty and the subtle differences between the installation procedures of these will be dealt with in the Appendix section of the book.
OpenStack has a very modular architecture. OpenStack is a group of different components that deliver specific functions and come together to create a full-fledged orchestrator.
The following architecture diagram explains the architecture of the base components of the OpenStack environment. Each of these blocks and their subcomponents will be dealt with in detail in the subsequent chapters:
The gray boxes show the core services that OpenStack absolutely needs to run. The other services are optional and are called Big Tent services, without which OpenStack can run, but we may need to use them as required. In this book, we look at the core components and also look at Horizon, Heat, and Ceilometer in the Big Tent services.
Each of the previously mentioned components has their own database. While each of these services can run independently, they form relationships and have dependencies among each other. As an example, Horizon and Keystone provide their services to the other components of OpenStack and should be the first ones to be deployed.
The following diagram expands on the preceding block diagram and depicts the different relationships amongst the different services:
The service relationship shows that the services are dependent on each other. It is to be noted that all the services work together in harmony to produce the end product as a Virtual Machine (VM). So the services can be turned on or off depending on what kind of virtual machine is needed as the output. While the details of the services are mentioned in the next section, if, as an example, the VM or the cloud doesn't require advanced networking, you may completely skip the installation and configuration of the Neutron service.
Not all the services of the OpenStack system were available from the first release. More services were added as the complexity of the orchestrator increased. The following table will help you understand the different services that can be installed, or should you choose to install another release in your environment:
Release name |
Components |
---|---|
Austin |
Nova, Swift |
Bexar |
Nova, Glance, Swift |
Cactus |
Nova, Glance, Swift |
Diablo |
Nova, Glance, Swift |
Essex |
Nova, Glance, Swift, Horizon, Keystone |
Folsom |
Nova, Glance, Swift, Horizon, Keystone, Quantum, Cinder |
Grizzly |
Nova, Glance, Swift, Horizon, Keystone, Quantum, Cinder |
Havana |
Nova, Glance, Swift, Horizon, Keystone, Neutron, Cinder, Heat, Ceilometer |
Icehouse |
Nova, Glance, Swift, Horizon, Keystone, Neutron, Cinder, Heat, Ceilometer, Trove |
Juno |
Nova, Glance, Swift, Horizon, Keystone, Neutron, Cinder, Heat, Ceilometer, Trove, Sahara |
Kilo |
Nova, Glance, Swift, Horizon, Keystone, Neutron, Cinder, Heat, Ceilometer, Trove, Sahara, Ironic, Zaqar, Manila, Designate, Barbican |
Liberty |
Nova, Glance, Swift, Horizon, Keystone, Neutron, Cinder, Heat, Ceilometer, Trove, Sahara, Ironic, Zaqar, Manila, Designate, Barbican, Murano, Magnum, Kolla, Congress |
The OpenStack services and releases
At the time of writing, the only fully supported releases were Juno, Kilo, and Liberty. Icehouse is only supported from the security updates standpoint in the OpenStack community. There are, however, some distributions of OpenStack that are still available on older releases such as that of Icehouse. (You can read more about different distributions in the last chapter of the book.).
It is important to know about the functions that each of these services performs. We will discuss the different services of OpenStack. In order to understand the functions more clearly, we will also draw parallels with the services from AWS. So if you ever want to compare your private cloud with the most used public cloud, you can.
Please refer to the preceding table in order to see the services that are available in a particular OpenStack release.
This service provides identity and access management for all the components of OpenStack. It has internal services such as identity, resource, assignment, token, catalog, and policy, which are exposed as an HTTP frontend.
So if we are logging in to Horizon or making an API call to any component, we have to interact with the service and be able to authenticate ourselves in order to use it. The policy services allow the setting up of granular control over the actions allowed by a user for a particular service. The service supports federation and authentication with an external system such as an LDAP server.
This service is equivalent to the IAM service of the AWS public cloud.
Horizon provides us with a dashboard for both self-service and day-to-day administrative activities. It is a highly extensible Django project where you can add your own custom dashboards if you choose to. (The creation of custom dashboards is beyond the scope of this book and is not covered here).
Horizon provides a web-based user interface to OpenStack services including Nova, Swift, Keystone, and so on.
This can be equated to the AWS console, which is used to create and configure the services.
Nova is the compute component of OpenStack. It's one of the first services available since the inception as it is at the core of IaaS offering.
Nova supports various hypervisors for virtual machines such as XenServer, KVM, and VMware. It also supports Linux Containers (LXC) if we need to minimize the virtualization overhead. In this book, we will deal with LXC and KVM as our hypervisors of choice to get started.
It has various subcomponents such as compute, scheduler, xvpvncproxy, novncproxy, serialproxy, manage, API, and metadata. It serves an EC2 (AWS)-compatible API. This is useful in case you have a custom system such as ITIL tool integration with EC2 or a self-healing application. Using the EC2 API, this will run with minor modifications on OpenStack Nova.
Nova also provides proxy access to a console of guest virtual machines using the VNC proxy services available on hypervisors, which is very useful in a private cloud environment. This can be considered equivalent to the EC2 service of AWS.
Glance service allows the storage and retrieval of images and corresponding metadata. In other words, this will allow you to store your OS templates that you want to be made available for your users to deploy. Glance can store your images in a flat file or in an object store (such as Swift).
Swift is the object storage service of OpenStack. This service is primarily used to store and retrieve Binary Large Object (BLOBs). It has various subservices such as ring, container server, updater, and auditors, which have a proxy server as their frontend.
The swift service is used to actually store Glance images. As a comparison, the EC2 AMIs are stored in your S3 bucket.
The swift service is equivalent to the S3 storage service of AWS.
Cinder provides block storage to the Nova VMs. Its subsystems include a volume manager, a SQL database, an authentication manager, and so on. The client uses AQMP such as Rabbit MQ to provide its services to Nova. It has drivers for various storage systems such as Cloud Byte, Gluster FS, EMC VMAX, Netapp, Dell Storage Centre, and so on.
This service provides similar features to the EBS service of AWS.
Previously known as Quantum, Neutron provides networking as a service. There are several functionalities that it provides such as Load Balancer as a Service and Firewall as a Service. This is an optional service and we can choose not to use this, as basic networking is built into Nova. Also, Nova networking is being phased out. Therefore, it is important to deal with Neutron, as 99 percent of OpenStack implementations have implemented Neutron in their network services.
The system, when configured, can be used to create multi-tiered isolated networks. An example of this could be a full three-tiered network stack for an application that needs it.
This is equivalent to multiple services in AWS such as ELB, Elastic IP, and VPC.
Heat is the core orchestration service of the orchestrator. What this means is that you can script the different components that are being spun up in an order. This is especially helpful if we want to deploy multicomponent stacks. The system integrates with most of the services and makes API calls in order to create and configure different components.
The template used in Heat is called Heat Orchestrator Template (HOT). It is actually a single file in which you can script multiple actions. As an example, we can write a template to create an instance, some floating IPs and security groups, and even create some users in Keystone.
The equivalent of Heat in AWS would be the cloud formation service.
Ceilometer service is used to collect metering data. There are several subsystems in the Ceilometer such as polling agent, notification agent, collector, and API. This also allows the saving of alarms abstracted by a storage abstraction layer to one of the supported databases such as Mongo DB, Hbase, or SQL server.
Trove is the Database as a Service component of OpenStack. This service uses Nova to create the compute resource to run DBaaS. It is installed as a bunch of integration scripts that run along with Nova. The service requires the creation of special images that are stored in Glance.
This is equivalent to the RDS service of AWS.
Sahara service is the Big Data service of OpenStack; it is used to provision a Hadoop cluster by passing a few parameters. It has several components such as Auth component, Data Access Layer, Provisioning Engine, and Elastic Data Processing.
This is very close to getting the MapReduce AWS service in your very own cloud.
The Designate service offers DNS services equivalent to Route 53 of the AWS. The service has various subsystems such as API, the Central/Core service, the Mini DNS service, and Pool Manager. It has multiple backend drivers that can be used, examples being PowerDNS, BIND, NSD, and DynECT. We can create our own backend drivers as well.
The Ironic service allows bare metal provisioning using technologies such as the PXE boot and the Intelligent Platform Management Interface (IPMI). This will allow bare metal servers to be provisioned provided we have the requisite drivers for them.
Please remember that the requisite networking elements have to be configured, for example, the DNS, DHCP configuration and so on, which are needed for the PXE boot to work.
Zaqar is the messaging and notification service of OpenStack. This is equivalent to the SNS service from AWS. It provides multitenanted HTTP-based messaging API that can be scaled horizontally as and when the need arises.
Barbican is the key management service of OpenStack that is comparable to KMS from AWS. This provides secure storage, retrieval, provisioning and management of various types of secret data such as keys, certificates, and even binary data.
Manila provides a shared filesystem as a service. At the moment, it has a single subcomponent called the manila-manage. This doesn't have any equivalent in the AWS world yet. This can be used to mount a single filesystem on multiple Nova instances, for instance a web server with shared assets, which will help to keep the static assets in sync without having to run a block-level redundancy such as DRBD or continuous rsyncs.
Murano is an application catalog, enabling application developers and cloud administrators to publish various cloud-ready applications in a catalog format. This service will use Heat at the backend to deliver this and will only work on the UI and API layer.
Magnum introduces Linux Containers such as Dockers and Kubernetes (by Google) to improve migration option. This service is in some ways like Trove, it uses an image with Docker installed on it and orchestrates Magnum with Heat. It is effectively Container as a Service (CaaS) of OpenStack.
Kolla is another project that is focused on containers. While it did make its first appearance in Kilo, it was majorly introduced in the Liberty release. This is aimed at better operationalization by containerizing OpenStack itself. That means, we can now run the OpenStack services in containers, and thereby make governance easier.
At the time of writing, the Kolla project supported services such as Cinder, Swift, Ceph, and Ironic.
The following table shows the dependency of services. The Dependent on column shows all the services, which are needed for successful installation and configuration of the service. There might be other interactions with other services, but they are not mentioned here:
Service name |
Core service |
Dependent on |
---|---|---|
Keystone |
True |
None |
Horizon |
False |
Keystone |
Glance |
True |
Swift Keystone Horizon |
Swift |
True |
Keystone |
Nova |
True |
Keystone Horizon Glance Cinder (Optional) Neutron (Optional) |
Heat |
False |
Keystone |
Cinder |
False |
Keystone |
Neutron |
False |
Keystone Nova |
Ceilometer |
False |
Keystone |
Trove |
False |
Keystone Nova Glance |
Sahara |
False |
Keystone Nova Glance Swift Keystone |
Magnum |
False |
Heat Nova Glance Swift Keystone |
Murano |
False |
Heat |
Service dependency