Openstack 30分钟概要介绍


陈锐 ruichen @kiwik

2014/5/30 20:04:51



What is OpenStack?

The kernal of Cloud OS, IaaS

It is a Cloud Computing Platform, establish a consistent model for different virtualization include compute, network, storage, providing users with unified API.

OpenStack is not?

OpenStack is not a virtualization hypervisor.

Core Modules

Include all parts of Cloud OS.

  1. Nova -> compute
  2. Cinder -> block storage
  3. Neutron -> network
  4. Keystone -> identity
  5. Glance -> image
  6. Horizon -> dashboard
  7. Heat -> orchestration
  8. Ceilometer -> telemetry
  9. Swift -> object storage

logical view

This is logical view of OpenStack.

deployment view(3 nodes)


Nova is cloud computing controller. It is designed to manage and automate pools of computer resources and can work with widely available virtualization technologies.

Nova has an abstraction layer for compute drivers.


  • group A(fully supported and tested):

    1. KVM/QEMU via libvirt
  • group B(partly supported and tested):

    1. Hyper-V
    2. XenServer
    3. VMWare
  • group C(minimal testing and at risk):

    1. Docker
    2. Xen via libvirt
    3. LXC via libvirt


libvirt: A toolkit to interact with the virtualization capabilities.

Nova’s architecture is designed to scale horizontally on standard hardware with no special hardware or software requirements and provide the ability to integrate with legacy systems and third-party technologies.

Manages the lifecycle of compute instances in an OpenStack environment. Responsibilities include spawning, scheduling and destroying of virtual machines.

include core modules:

  1. nova-api
  2. nova-scheduler
  3. nova-compute
  4. nova-cert
  5. nova-conductor
  6. nova-consoleauth
  7. nova-novncproxy


Handle http request, endpoint of Nova.

  • nova-os-api
  • nova-ec2-api
  • nova-metadata-api

nova-os-api: handle OpenStack REST type api request.

POST v2/​{tenant_id}​/servers

nova-ec2-api: handle nova compatible AWS EC2 api request.

nova-metadata-api: handle instance metadata request, work with cloud-init, cfntools and user script.

      "mykey":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDYVEprvtYJXVOBN0XNKVVRNCRX6BlnNbI+USLGais1sUWPwtSg7z9K9vhbYAPUZcq8c/s5S9dg5vTHbsiyPCIDOKyeHba4MUJq8Oh5b2i71/3BISpyxTBH/uZDHdslW2a+SrPDCeuMMoss9NFhBdKtDkdG9zyi0ibmCP6yMdEX8Q== Generated by Nova\n"


Takes a virtual machine instance request from the queue(AMQP) and determines on which compute server host it should run. Intersection of the hosts matched with all filters will be selected.

Scheduler policy can be configured.

  • AvailabilityZoneFilter
  • RamFilter
  • DiskFilter
  • CoreFilter
  • DifferentHostFilter
  • AggregateMultiTenancyIsolationFilter


A worker daemon that creates and terminates virtual machine instances through hypervisor APIs. It dispatch the message to hypervisor.

For example, request chain of booting a instance:

request -> nova-compute -> libvirt -> QEMU/KVM


Manages x509 certificates, include: cert.pem and pk.pem. Work with EC2 request, for example, ec2tools command ec2-bundle-vol, creates an instance image by compressing, encrypting, and signing a copy of the root device volume for the instance.

ec2-bundle-vol -d /mnt -k pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem -c cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem -u 111122223333 -r x86_64


Mediates interactions between nova-compute and the database. Aims to eliminate direct accesses to the cloud database made by nova-compute, and run some long time tasks, for example: live-mirgate, resize and boot.


Provides a proxy for accessing running instances through a VNC connection. Supports browser-based novnc clients.


Authorizes tokens for users that console proxies provide.

nova get-vnc-console vm1 novnc

vnc workflow


Cinder provides persistent block-level storage devices for use with OpenStack compute instances. The block storage system manages the creation, attaching and detaching of the block devices to servers. Block storage volumes are fully integrated into OpenStack Compute. This service is similar to the AWS EC2 Elastic Block Storage (EBS) offering.

Pluggable driver architecture is used in Cinder. In addition to LVM (logical volume manager), it can use storage platforms including Huawei FusionStorage, Ceph, EMC, GlusterFS, IBM Storage, NetApp, HP Storage and so on.

include core modules:

  1. cinder-api
  2. cinder-scheduler
  3. cinder-volume
  4. cinder-backup


Like nova-os-api, handle OpenStack REST type API request.

POST v2/​{tenant_id}​/volumes



Like the nova-scheduler, picks the optimal block storage provider node(cinder-volume) on which to create the volume. Intersection of the hosts matched with all filters will be selected.

Scheduler policy can be configured.

  • AvailabilityZoneFilter
  • CapacityFilter
  • CapabilitiesFilter


Responds to requests, interacting with other processes (like cinder-scheduler) through a message queue(AMQP). It can interact with a variety of storage providers through a driver architecture.

  • Huawei FusionStorage Driver
  • Ceph Driver
  • LVM Driver
  • EMC Driver


A backup is a full copy of a volume stored in an external service. A backup can be restored from the external service to either the same volume that the backup was originally taken from, or to a new volume.

External service:

  • Ceph
  • Swift


Neutron is a system for managing networks and IP addresses. Enables network connectivity as a service for other OpenStack services, such as OpenStack Compute. Provides an API for users to define networks and the attachments into them.

Has a pluggable architecture that supports many popular networking vendors and technologies.

  • Open vSwitch
  • Linux Bridge
  • Cisco Nexus
  • Modular Layer 2(ML2)
  • Big Switch Controller Plugin

include core modules:

  1. neutron-server
  2. neutron-dhcp-agent
  3. neutron-plugin-*-agent
  4. neutron-L3-agent


Accepts and routes API requests to the appropriate OpenStack Networking plug-in for action.

POST v2.0/subnets


Dynamic host IP addressing, using Dnsmasq. Assign IP addresses to virtual machines.


Plugs and unplugs ports, creates networks or subnets. These plug-ins differ depending on the vendor and technologies used in the particular cloud. For example, Open vSwitch, ML2, LinuxBridge.


It uses the Linux IP stack and iptables to perform L3 forwarding and NAT. In order to support multiple routers with potentially overlapping IP addresses, neutron-L3-agent defaults to using Linux network namespaces to provide isolated forwarding contexts.(SNAT/DNAT)

How to using Neutron?

classic steps

  • create external network
  • create subnetA( in external network as floating ip pool
  • create internal network
  • create subnetB( in internal network
  • create router
  • set router gate-way, associate with external network
  • add router interface, associate with internal network
  • boot instance in internal network
  • associate floating ip to instance(SNAT/DNAT)
  • access to instance from external network

logic topology


Keystone provides a central directory of users mapped to the OpenStack services they can access. It acts as a common authentication system across the cloud operating system.

It supports multiple forms of authentication including standard username and password credentials, token-based systems and AWS-style (i.e. Amazon Web Services) logins.

Additionally, the catalog provides a queryable list of all of the services deployed in an OpenStack cloud in a single registry. Users and third-party tools can programmatically determine which resources they can access.

core concepts

  • user
  • project(tenant)
  • role
  • token

Projects are organizational units in the cloud to which you can assign users. Projects are also known as tenants. Users can be members of one or more projects. Roles define which actions users can perform. You assign roles to user-project pairs.

issue token

POST /v3/auth/tokens

classic workflow:


Heat provides a template-based orchestration for describing a cloud application by running OpenStack API calls to generate running cloud applications.

The software integrates other core components of OpenStack into a one-file template system. The templates enable you to create most OpenStack resource types, such as instances, floating IPs, volumes, security groups, users, and so on.

logic view

TOSCA: Topology and Orchestration Specification for Cloud Applications

CFN: AWS CloudFormation

CEP: Complex event processing

include core modules:

  1. heat-api
  2. heat-api-cfn
  3. heat-api-cloudwatch
  4. heat-engine


Provides an OpenStack native REST API that processes API requests by sending them to the heat-engine over RPC.

POST v1/​{tenant_id}​/stacks
    "stack_name": "{stack_name}",
    "template_url": "{template_url}",
    "parameters": {
        "param_name-1": "param_value-1",
        "param_name-2": "param_value-2"
    "timeout_mins": "{timeout_mins}"


Provides an AWS Query API that is compatible with AWS CloudFormation and Processes API requests by sending them to the heat-engine over RPC.
 &TemplateBody=[Template Document]
 &AWSAccessKeyId=[AWS Access KeyID]


This implements an approximation of the AWS CloudWatch API and translates it into a native representation. It then calls the heat-engine via AMQP RPC to implement them.
&AWSAccessKeyId=<Your AWS Access Key Id>

This feature will be deprecated or removed during the Havana cycle as we move to using Ceilometer as a metric/alarm service instead.


Orchestrates the launching of templates and provides events back to the API consumer.

Heat template

# This is a hello world HOT template just defining a single compute instance
heat_template_version: 2013-05-23

description: >
  Hello world HOT template that just defines a single compute instance.
  Contains just base features to verify base HOT support.

    type: string
    description: Name of an existing key pair to use for the instance
    type: string
    description: Instance type for the instance to be created
    default: m1.small
      - allowed_values: [m1.tiny, m1.small, m1.large]
        description: Value must be one of 'm1.tiny', 'm1.small' or 'm1.large'
    type: string
    description: ID of the image to use for the instance

    # Use an AWS resource type since this exists; so why use other name here?
    type: AWS::EC2::Instance
      KeyName: { get_param: KeyName }
      ImageId: { get_param: ImageId }
      InstanceType: { get_param: InstanceType }

    description: The IP address of the deployed instance
    value: { get_attr: [my_instance, PublicIp] }


The project aims to become the infrastructure to collect measurements within OpenStack. Its primary targets are monitoring and metering. Monitors and meters the OpenStack cloud for billing, benchmarking, scalability, and statistical purposes.

logic view

include core modules:

  1. ceilometer-api
  2. ceilometer-agent-central
  3. ceilometer-agent-compute
  4. ceilometer-collector


Runs on one or more central management servers to provide access to the data from the data store.

GET v2/meters/​{meter_name}​
      "counter_name": "instance",
      "counter_type": "gauge",
      "counter_unit": "instance",
      "counter_volume": 1.0,
      "message_id": "5460acce-4fd6-480d-ab18-9735ec7b1996",
      "project_id": "35b17138-b364-4e6a-a131-8f3099c5be68",
      "resource_id": "bd9431c1-8d69-4ad3-803a-8d4a6b89fd36",
      "resource_metadata": {
          "name1": "value1",
          "name2": "value2"
      "source": "openstack",
      "timestamp": "2013-11-21T12:33:08.323533",
      "user_id": "efd87807-12d2-4b38-9c70-5f5c2ac427ff"


Runs on a central management server to poll for resource utilization statistics for resources not tied to instances or compute nodes. For example: network, subnet, floating ips, volume and so on.


Runs on each compute node and polls for resource utilization statistics. There may be other types of agents in the future, but for now we will focus on creating the compute agent. Using libvrit, Hyper-V and VMware API. For example: CPU Stats, Network Stats, Disk Stats and so on.


Runs on one or more central management servers to monitor the message queues (for notifications and for metering data coming from the agent). Notification messages are processed and turned into metering messages and sent back out onto the message bus using the appropriate topic. Telemetry messages are written to the data store without modification.


数字版,有目录。 Summary OpenStack in Action offers the real world use cases and step-by-step instructions you can take to develop your own cloud platform from from inception to deployment. This book guides you through the design of both the physical hardware cluster and the infrastructure services you'll need to create a custom cloud platform. Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications. About the Technology OpenStack is an open source framework that lets you create a private or public cloud platform on your own physical servers. You build custom infrastructure, platform, and software services without the expense and vendor lock-in associated with proprietary cloud platforms like Amazon Web Services and Microsoft Azure. With an OpenStack private cloud, you can get increased security, more control, improved reliability, and lower costs. About the Book OpenStack in Action offers real-world use cases and step-by-step instructions on how to develop your own cloud platform. This book guides you through the design of both the physical hardware cluster and the infrastructure services you'll need. You'll learn how to select and set up virtual and physical servers, how to implement software-defined networking, and technical details of designing, deploying, and operating an OpenStack cloud in your enterprise. You'll also discover how to best tailor your OpenStack deployment for your environment. Finally, you'll learn how your cloud can offer user-facing software and infrastructure services. What's Inside Develop and deploy an enterprise private cloud Private cloud technologies from an IT perspective Organizational impact of self-service cloud computing About the Reader No prior knowledge of OpenStack or cloud development is assumed. About the Author Cody Bumgardner is the Chief Technology Architect at a large university where he is responsible for the architecture, deployment, and long-term strategy of OpenStack private clouds and other cloud computing initiatives.




当前余额3.43前往充值 >
领取后你会自动成为博主和红包主的粉丝 规则
钱包余额 0


