Agenda: ------------------------------------------------------------------ OpenStack 101: a Quick introduction to OpenStack & how it operates Paul Roberts, Principal Solutions Architect at Mirantis Abstract: Are you new to OpenStack? Are you looking to get a quick introduction to OpenStack and how it operates - then our session is a do not miss event! Mirantis will do a walk thru of OpenStack for those with little to no experience with OpenStack. Join us if you want to understand the purpose of OpenStack and its ecosystem, as well as if you want to learn more about the OpenStack architecture. Bio: Paul Roberts, lead speaker, has spent the last decade engineering and implementing large scale infrastructure and security architectures for organizations of all sizes - ranging from startup to Fortune 500. In the past, he was instrumental in architecting Carpathia Hosting's federal and commercial cloud offerings, while also playing a key role in the on–boarding of customer's applications. Today, Paul is a Principal Solutions Architect at Mirantis helping customers navigate through the cloud ecosystem by designing and architecting various OpenStack powered initiatives.

1. CONFIDENTIAL
MIRANTIS
©©
M
MMIRAIIRRNAATNNISTT
II2SS0
22100311
22
CONFIDENTIAL
MIRANTISP
AGE
1
OpenStack
Overview
Paul Roberts
Principal Solutions Architect,
Mirantis

2. Who am I?
● Network security startup
‑ Acquired by MCI in 2005
● Sun Microsystems Alumni
‑ Hosted many internal services such as Shared
Shell
● Carpathia Hosting
‑ Cloud Architect with >48PB under management
CONFIDENTIAL
MIRANTIS
©
MIRANTIS
2012
PAGE
2
● Coraid
‑ Principal Architect enabling customers to
simplify their complex storage architectures
● Mirantis
‑ Helping customers design fully operationalized
and automated clouds

3. CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
2
PAGE
3
Meetup Goals
• Understand current OpenStack trends
• Understand OpenStack purpose and use cases
• Understand the OpenStack ecosystem
• Definition
• History
• Programs (previously called Projects)
• Understand OpenStack architecture
• Logical architecture
• Provision virtual machine (VM) request flow
• Components details

4. CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
2
PAGE
4
What is Cloud?
“Cloud
compu?ng
has
transformed
the
way
storage,
networking,
and
compute
services
are
delivered.”

5. Traditional Public Cloud is Not Cheap
“The
public
cloud
is
phenomenal
if
you
need
it’s
elas?city,
but
if
you
don’t
–
if
you
do
a
consistent
amount
of
workload
–
it’s
far,
far
beUer
to
go
in-­‐
house.”
–
Eric
Frenkiel,
MemSQL/Wired
“[Things]
that
need
really
high
performance,
in
terms
of
[input
and
output]
and
reading
and
wri?ng
to
memory
really
belong
on
bare-­‐metal
servers
or
private
setups.”
–
John
Engates,
CTO
Rackspace/
Wired
“Versus
what
we’d
get
on
the
cloud,
[private
hos?ng
is]
somewhere
between
70
and
100
?mes
cheaper.”
–
John
Hall,
CTO
Tradesy/Wired
CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
2
PAGE
5

6. OpenStack Mindshare
CONFIDENTIAL
MIRANTIS
©
MIRANTIS
2012
PAGE
6

7. Cloud Job Trends
CONFIDENTIAL
MIRANTIS
©
MIRANTIS
2012
PAGE
7

8. However, AWS still run-away winner
CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
2
PAGE
8

9. CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
2
PAGE
9
Oh, Docker.

10. In the end Developers Win.
CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
2
PAGE
10

11. CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
2
PAGE
11
What is OpenStack?
As described by Wikipedia:
“OpenStack is a cloud computing
project aimed at providing an
infrastructure as a service (IaaS).”

12. CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
2
PAGE
12
What is OpenStack?
As described by the OpenStack Foundation:
“Aims to produce the ubiquitous Open
Source Cloud Computing platform that
will meet the needs of public and
private clouds regardless of size, by
being simple to implement and
massively scalable.”

13. Cloud Exposed Capabilities (SPI Model)
CONFIDENTIAL
MIRANTIS
Data
Center
(Hardware,
Servers,
Networking)
©©
M
MIRAIRNATNIST
I2S0
21031
2
PAGE
13
• Software as a Service
(SaaS):
• browser or thin client
access
• Platform as a Service
(PaaS):
• remote login, to install
applications
• Infrastructure as a
Service (IaaS):
• Provision CPU, RAM, VM

14. CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
2
PAGE
14
OpenStack Capabilities
• Virtual machines (VMs) on demand
• provisioning
• snapshotting
• Networks
• Storage for VMs and arbitrary files
• Multi-tenancy
• quotas for different projects, users
• user can be associated with multiple projects

15. OpenStack History
*
Pre-­‐July
2010
is
predicated
by
Rackspace
Cloud
Files
project
(Swih),
NASA
Nebula
project
(Nova)
Date
Rel
Programs
Type
Note
Jul
2010
N/A
PoC
*
Rackspace
Hos?ng
&
NASA
joint
launch
CONFIDENTIAL
MIRANTIS
©
MIRANTIS
2012
PAGE
15
Oct
2010
Aus4n
Nova,
Swih
PoC
Feb
2011
Bexar
Nova,
Glance,
Swih
PoC
Apr
2011
Cactus
Nova,
Glance,
Swih
PoC
**
6
month
development
cycle
starts
Sep
2011
Diablo
Nova,
Glance,
Swih
Prod
1st
produc?on
release
(Cactus)
at
Internap
(10/27)
Apr
2012
Essex
Nova,
Glance,
Swih,
Horizon,
Keystone
Prod
Common
web
UI
and
shared
authen?ca?on
mechanism
added
Sep
2012
Folsom
Nova,
Glance,
Swih,
Horizon,
Keystone,
Quantum,
Cinder
Prod
OpenStack
Founda?on
Established
Apr
2013
Grizzly
Nova,
Glance,
Swih,
Horizon,
Keystone,
Quantum,
Cinder
Prod
Ceilometer
and
Heat
incuba?on
projects
added
Oct
2013
Havana
Nova,
Glance,
Swih,
Horizon,
Keystone,
Neutron,
Cinder,
Heat,
Ceilometer
Prod
Quantum
is
renamed
to
Neutron
Apr
2014
Icehouse
Nova,
Glance,
Swih,
Horizon,
Keystone,
Neutron,
Cinder,
Heat,
Ceilometer,
Trove,
Savanna,
Ironic,
Marconi
Prod
Limited
upgrade
path
from
Grizzly
is
available

16. OpenStack Integrated Programs
CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
Storage
2
PAGE
16
• Compute (Nova)
• Networking (Neutron)
• Object Store (Swift)
• Block Storage (Cinder)
• Image Service (Glance)
• Identity (Keystone)
• Dashboard (Horizon)
• Telemetry Service (Ceilometer)
• Orchestration Service (Heat)
• Database Service (Trove)
Core
Shared Services

17. OpenStack Incubation Programs
CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
2
PAGE
17
• Data Processing (Sahara)
• Queue Service (Marconi)
• Bare Metal (Ironic)

18. CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
2
PAGE
18
Each OpenStack Program
• Is also a “top-level” OpenStack component
• Has an elected “Project Technical Lead” (PTL)
• Has separate developers and design teams
• Has a well defined public API
• With the exception of Horizon, which is the Web GUI, all other
projects have a RESTfull (JSON/HTTP) API
• Common generic API/Infrastructure (Oslo)
• Has a separate database and isolated persistent
layer

19. OpenStack Architecture: Begining (Cactus)
CONFIDENTIAL
MIRANTIS
©
MIRANTIS
2012
PAGE
19

20. OpenStack Architecture: 2 years later
CONFIDENTIAL
MIRANTIS
©
MIRANTIS
2012
PAGE
20

21. Every
OpenStack
service
exposes
access
to
res6ul
API
via
HTTP
Each
ac>on
treated
as
distributed
transac>on,
state
built
as
MQ
messages
Each
service
updates
it’s
own
DB
with
state
informa>on
as
ac>ons
are
performed
Communication Types HTTP
AMQP
SQL
3rd-­‐party
UI:
Horizon
or
CLI
Keystone
Keysto
neAPI
Keystone
DB
Glance
Glance
API
Glance
DB
Glance
Registry
Proxy
Server
CCoommppuuttee
N
Nooddee
VM
nova-­‐
compute
Cinder
Agent
CONFIDENTIAL
MIRANTIS
©
MIRANTIS
2012
PAGE
21
Heat
Heat
API
Nova
Nova
DB
Nova
API
Queue
Scheduler
Conductor
SwiG
Object
Store
Neutron
Neutron
DB
Neutron
API
Queue
Scheduler
Plugin/Agent
Network
Hypervisor
Network
Node
DHCP/IPAM
Router/GW
Queue
Block
Storage
SNtoordagee
Cinder
API
Scheduler
Cinder
Backup
Cinder
DB
Cinder
Vol
Ceilometer
Ceilometer
API
Collector
Direct
access
calls,
ex.
Plugins,
NetApp,
Nicira,
etc.

22. CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
2
PAGE
22
Part 1 Recap
• OpenStack – open source software for building IaaS
• OpenStack release cycle is every 6 months
• OpenStack is an umbrella over multiple independent
programs (components)
• All OpenStack components talk RESTful API
• Most OpenStack components have dedicated DB
(SQL) and MQ (QP), some talk to 3rd party
components using their native APIs

23. CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
2
PAGE
23
Use case: Provision VM
• Most common and complex process
• Interacts with most of OpenStack components

24. Initial State Assumes
Project
is
created,
provisioning
quota
is
available,
user
Cloud
Operator,
DevOp,
etc.
has
an
access
to
Horizon/CLI
Keystone
Keysto
neAPI
Keystone
DB
Glance
Glance
API
Glance
DB
Glance
Registry
Proxy
Server
CCoommppuuttee
N
Nooddee
VM
nova-­‐
compute
Cinder
Agent
CONFIDENTIAL
MIRANTIS
©
MIRANTIS
2012
PAGE
24
Nova
Nova
DB
Nova
API
Queue
Scheduler
Conductor
UI:
Horizon
or
CLI
SwiG
Object
Store
Neutron
Neutron
DB
Neutron
API
Queue
Scheduler
Plugin/Agent
Network
Hypervisor
Network
Node
DHCP/IPAM
Router/GW
Queue
Block
Storage
SNtoordagee
Cinder
API
Scheduler
Cinder
Backup
Cinder
DB
Cinder
Vol
Ceilometer
Ceilometer
API
Collector

25. Step 1: Request VM
Provisioning via UI/CLI
Keystone
Keysto
neAPI
Keystone
DB
Glance
Glance
API
Glance
DB
Glance
Registry
Proxy
Server
CCoommppuuttee
N
Nooddee
VM
nova-­‐
compute
Cinder
Agent
CONFIDENTIAL
MIRANTIS
©
MIRANTIS
2012
PAGE
25
Nova
Nova
DB
Nova
API
Queue
Scheduler
Conductor
UI:
Horizon
or
CLI
SwiG
Object
Store
Neutron
Neutron
DB
Neutron
API
Queue
Scheduler
Plugin/Agent
Network
Hypervisor
Network
Node
DHCP/IPAM
Router/GW
Queue
Block
Storage
SNtoordagee
Cinder
API
Scheduler
Cinder
Backup
Cinder
DB
Cinder
Vol
Ceilometer
Ceilometer
API
Collector
Cloud
Operator,
DevOp,
etc.
User
logs
in
to
UI
Specifies
VM
params:
name,
flavor,
keys,
etc.
and
hits
"Create"
buWon

26. Step 2: Validate Auth Data
Horizon
sends
HTTP
request
to
Keystone.
Auth
info
is
specified
in
HTTP
headers.
Keystone
Keysto
neAPI
Keystone
DB
Glance
Glance
API
Glance
DB
Glance
Registry
Proxy
Server
CCoommppuuttee
N
Nooddee
VM
nova-­‐
compute
Cinder
Agent
CONFIDENTIAL
MIRANTIS
©
MIRANTIS
2012
PAGE
26
Nova
Nova
DB
Nova
API
Queue
Scheduler
Conductor
UI:
Horizon
or
CLI
SwiG
Object
Store
Neutron
Neutron
DB
Neutron
API
Queue
Scheduler
Plugin/Agent
Network
Hypervisor
Network
Node
DHCP/IPAM
Router/GW
Queue
Block
Storage
SNtoordagee
Cinder
API
Scheduler
Cinder
Backup
Cinder
DB
Cinder
Vol
Ceilometer
Ceilometer
API
Collector

27. Step 2: Validate Auth Data - Success
Keystone
sends
temporary
token
back
to
Horizon
via
HTTP.
Keystone
Keysto
neAPI
Keystone
DB
Glance
Glance
API
Glance
DB
Glance
Registry
Proxy
Server
CCoommppuuttee
N
Nooddee
VM
nova-­‐
compute
Cinder
Agent
CONFIDENTIAL
MIRANTIS
©
MIRANTIS
2012
PAGE
27
Nova
Nova
DB
Nova
API
Queue
Scheduler
Conductor
UI:
Horizon
or
CLI
SwiG
Object
Store
Neutron
Neutron
DB
Neutron
API
Queue
Scheduler
Plugin/Agent
Network
Hypervisor
Network
Node
DHCP/IPAM
Router/GW
Queue
Block
Storage
SNtoordagee
Cinder
API
Scheduler
Cinder
Backup
Cinder
DB
Cinder
Vol
Ceilometer
Ceilometer
API
Collector

28. Step 3: Send API Request to Nova API
Keystone
Keysto
neAPI
Keystone
DB
Glance
Glance
API
Glance
DB
Glance
Registry
Proxy
Server
CCoommppuuttee
N
Nooddee
VM
nova-­‐
compute
Cinder
Agent
CONFIDENTIAL
MIRANTIS
©
MIRANTIS
2012
PAGE
28
Nova
Nova
DB
Nova
API
Queue
Scheduler
Conductor
UI:
Horizon
or
CLI
SwiG
Object
Store
Neutron
Neutron
DB
Neutron
API
Queue
Scheduler
Plugin/Agent
Network
Hypervisor
Network
Node
DHCP/IPAM
Router/GW
Queue
Block
Storage
SNtoordagee
Cinder
API
Scheduler
Cinder
Backup
Cinder
DB
Cinder
Vol
Ceilometer
Ceilometer
API
Collector
Horizon
sends
POST
request
to
Nova
API
(signed
with
given
token).

29. CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
2
PAGE
29
Auth Token Usage
Neutron

30. CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
Deploys
with
its
own
DB
but
can
also
be
subs>tuted
with
Contains
domains,
projects,
roles
and
role
assignments
2
PAGE
30
Keystone Architecture
OpenStack
Services
Catalog
Backend
Token
Backend
Policy
Backend
Assignments
Backend
Iden?ty
Backend
Creden?als
Backend
Rule
management
interface
and
rule-­‐
based
authoriza>on
Contains
temporary
tokens
Contains
endpoint
registry
Contains
users
and
groups
Contains
creden>als,
e.g.
EC2
tokens
Keystone API LDAP
or
other
EAS

31. CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
2
PAGE
31
Nova API Characteristics
• Exposes REST API via HTTP.
• Provides system for managing multiple APIs on
different sub-domains.
• EC2-compatible—starting to be deprecated
• Compute API—all innovation happens here
• The only "allowed" way to interact with Nova.
• Stateless—HA-ready.

32. Step 4: Validate API Token
Nova
API
sends
HTTP
request
to
validate
API
token
to
Keystone.
Keystone
Keysto
neAPI
Keystone
DB
Glance
Glance
API
Glance
DB
Glance
Registry
Proxy
Server
CCoommppuuttee
N
Nooddee
VM
nova-­‐
compute
Cinder
Agent
CONFIDENTIAL
MIRANTIS
©
MIRANTIS
2012
PAGE
32
Nova
Nova
DB
Nova
API
Queue
Scheduler
Conductor
UI:
Horizon
or
CLI
SwiG
Object
Store
Neutron
Neutron
DB
Neutron
API
Queue
Scheduler
Plugin/Agent
Network
Hypervisor
Network
Node
DHCP/IPAM
Router/GW
Queue
Block
Storage
SNtoordagee
Cinder
API
Scheduler
Cinder
Backup
Cinder
DB
Cinder
Vol
Ceilometer
Ceilometer
API
Collector

33. CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
2
PAGE
33
Nova Database
• In theory can be any relational database
• Most of the deployments are done with MySQL or
PostgreSQL
• Nova API talks to database via SQLAlchemy
(python ORM (Object Relational Mapper))
• Database HA should be done via external tools:
• Galera
• Multi-Master replication Model for MySQL (MMM)

34. Keystone
Keysto
neAPI
Keystone
DB
Glance
Glance
API
Glance
DB
Glance
Registry
Proxy
Server
CCoommppuuttee
N
Nooddee
VM
nova-­‐
compute
Cinder
Agent
CONFIDENTIAL
MIRANTIS
©
MIRANTIS
2012
PAGE
34
Nova
Nova
DB
Nova
API
Queue
Scheduler
Conductor
UI:
Horizon
or
CLI
SwiG
Object
Store
Neutron
Neutron
DB
Neutron
API
Queue
Scheduler
Plugin/Agent
Network
Hypervisor
Network
Node
DHCP/IPAM
Router/GW
Queue
Block
Storage
SNtoordagee
Cinder
API
Scheduler
Cinder
Backup
Cinder
DB
Cinder
Vol
Ceilometer
Ceilometer
API
Collector
Step 6a: Publish Provisioning Request
Nova
API
makes
rpc.cast
to
Scheduler.
It
publishes
a
short
message
to
scheduler
queue
with
VM
info.
Request
has
been
validated,
but
no
ac>on
has
been
taken
yet,
i.e.
which
host,
IP
address,
etc.

35. Step 7: Pick up Provisioning Request
Keystone
Keysto
neAPI
Keystone
DB
Glance
Glance
API
Glance
DB
Glance
Registry
Proxy
Server
CCoommppuuttee
N
Nooddee
VM
nova-­‐
compute
Cinder
Agent
CONFIDENTIAL
MIRANTIS
©
MIRANTIS
2012
PAGE
35
Nova
Nova
DB
Nova
API
Queue
Scheduler
Conductor
UI:
Horizon
or
CLI
SwiG
Object
Store
Neutron
Neutron
DB
Neutron
API
Queue
Scheduler
Plugin/Agent
Network
Hypervisor
Network
Node
DHCP/IPAM
Router/GW
Queue
Block
Storage
SNtoordagee
Cinder
API
Scheduler
Cinder
Backup
Cinder
DB
Cinder
Vol
Ceilometer
Ceilometer
API
Collector
Scheduler
picks
up
the
message
from
MQ.

36. CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
2
PAGE
36
Nova Scheduler
“Nova Scheduler is a daemon, which
determines, on which compute host the
request should run.”
• Only provisioning time component—not like VMware’s Distributed Resource
Scheduler (DRS)
• Typically co-located with the Cloud Controller

37. Step 8a: Schedule Provisioning
Keystone
Keysto
neAPI
Keystone
DB
Glance
Glance
API
Glance
DB
Glance
Registry
Proxy
Server
CCoommppuuttee
N
Nooddee
VM
nova-­‐
compute
Cinder
Agent
CONFIDENTIAL
MIRANTIS
©
MIRANTIS
2012
PAGE
37
Nova
Nova
DB
Nova
API
Queue
Scheduler
Conductor
UI:
Horizon
or
CLI
SwiG
Object
Store
Neutron
Neutron
DB
Neutron
API
Queue
Scheduler
Plugin/Agent
Network
Hypervisor
Network
Node
DHCP/IPAM
Router/GW
Queue
Block
Storage
SNtoordagee
Cinder
API
Scheduler
Cinder
Backup
Cinder
DB
Cinder
Vol
Ceilometer
Ceilometer
API
Collector
Scheduler
fetches
informa>on
about
the
whole
cluster
from
database,
filters,
selects
compute
node
and
updates
DB
with
its
ID

38. CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
2
PAGE
38
Nova Scheduler: Filtering
Affinity,
An>-­‐affinity,
etc.
Eliminate
inapplicable
hosts

39. Nova Scheduler: Examples
CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
2
PAGE
39
• Based on Host statically
configured properties
• SimpleCIDRAffinityFilter
• AvailabilityZoneFilter
• Based on already running
individual VMs
• SameHostFilter
• DifferentHostFilter
• Collocate/Distribute group
of VMs
• GroupAffinityFilter,
• GroupAntiAffinityFilter
• Based on Host resources
left
• CoreFilter,
AggregateCoreFilter
• RamFilter,
AggregateRAMFilter
• DiskFilter
• Based on Host load
• IoOpsFilter
• NumInstancesFilter
• Based on image used
• ImagePropertiesFilter
• Write your own

40. Step 8b: Provision Scheduled
Keystone
Keysto
neAPI
Keystone
DB
Glance
Glance
API
Glance
DB
Glance
Registry
Proxy
Server
CCoommppuuttee
N
Nooddee
VM
nova-­‐
compute
Cinder
Agent
CONFIDENTIAL
MIRANTIS
©
MIRANTIS
2012
PAGE
40
Nova
Nova
DB
Nova
API
Queue
Scheduler
Conductor
UI:
Horizon
or
CLI
SwiG
Object
Store
Neutron
Neutron
DB
Neutron
API
Queue
Scheduler
Plugin/Agent
Network
Hypervisor
Network
Node
DHCP/IPAM
Router/GW
Queue
Block
Storage
SNtoordagee
Cinder
API
Scheduler
Cinder
Backup
Cinder
DB
Cinder
Vol
Ceilometer
Ceilometer
API
Collector
Scheduler
publishes
message
to
the
compute
queue
(based
on
host
ID)
to
trigger
VM
provisioning

41. Keystone
Keysto
neAPI
Keystone
DB
Glance
Glance
API
Glance
DB
Glance
Registry
Proxy
Server
CCoommppuuttee
N
Nooddee
VM
nova-­‐
compute
Cinder
Agent
CONFIDENTIAL
MIRANTIS
©
MIRANTIS
2012
PAGE
41
Nova
Nova
DB
Nova
API
Queue
Scheduler
Conductor
UI:
Horizon
or
CLI
SwiG
Object
Store
Neutron
Neutron
DB
Neutron
API
Queue
Scheduler
Plugin/Agent
Network
Hypervisor
Network
Node
DHCP/IPAM
Router/GW
Queue
Block
Storage
SNtoordagee
Cinder
API
Scheduler
Cinder
Backup
Cinder
DB
Cinder
Vol
Ceilometer
Ceilometer
API
Collector
Step 9a: Start VM Provisioning
Nova
Compute
gets
message
from
MQ

42. Nova Compute Drivers
Nova
Compute
XCP
VM
VM
Allows
mul>ple
hypervisor
types
per
cloud.
Libvirt
/
KVM
is
most
commonly
used
in
deployment
CONFIDENTIAL
MIRANTIS
©
MIRANTIS
2012
PAGE
42
VMWare
PowerV
M
VM
VM
libvirt
KVM
VM
VM
Xen
VM
VM
Qemu
VM
VM
LXC
Contai
ner
Contai
ner
Maintained
by
Microso_
Maintained
by
IBM
Bare
Metal
Docker
Containe
r
Containe
r
XenAPI
Nai>ve
support
Tilera
PXE
comes
in
Icehouse
Somewhat
experimental
Maintained
by
Citrix
HyperV
VM
VM
ESXi
VM
VM
vSphere
VM
VM

43. Keystone
Keysto
neAPI
Keystone
DB
Glance
Glance
API
Glance
DB
Glance
Registry
Proxy
Server
CCoommppuuttee
N
Nooddee
VM
nova-­‐
compute
Cinder
Agent
CONFIDENTIAL
MIRANTIS
©
MIRANTIS
2012
PAGE
43
Nova
Nova
DB
Nova
API
Queue
Scheduler
Conductor
UI:
Horizon
or
CLI
SwiG
Object
Store
Neutron
Neutron
DB
Neutron
API
Queue
Scheduler
Plugin/Agent
Network
Hypervisor
Network
Node
DHCP/IPAM
Router/GW
Queue
Block
Storage
SNtoordagee
Cinder
API
Scheduler
Cinder
Backup
Cinder
DB
Cinder
Vol
Ceilometer
Ceilometer
API
Collector
Step 9b: Start VM Provisioning
Nova
Compute
makes
rpc.call
to
Nova
Conductor
for
informa>on
on
VM
from
DB

44. controller
node
nova-­‐conductor
DB
CONFIDENTIAL
MIRANTIS
rpc.call()
©©
M
MIRAIRNATNIST
I2S0
21031
compute
node
nova-­‐compute
2
PAGE
44
Nova Conductor
• Eliminates remote DB access (security)
• Horizontal scalability: spawn multiple worker threads operating in parallel (performance)
• Hides DB implementation/schema from the Nova Compute (upgrades)
• Possible offloading of long-running operations from other services, not just Nova Compute
• Beneficial for operations that cross multiple compute nodes (migration, resizes)

45. Step 10: Configure Network
Nova
Compute
makes
a
call
to
Neutron
API
to
provision
network
for
the
instance
Keystone
Keysto
neAPI
Keystone
DB
Glance
Glance
API
Glance
DB
Glance
Registry
Proxy
Server
CCoommppuuttee
N
Nooddee
VM
nova-­‐
compute
Cinder
Agent
CONFIDENTIAL
MIRANTIS
©
MIRANTIS
2012
PAGE
45
Nova
Nova
DB
Nova
API
Queue
Scheduler
Conductor
UI:
Horizon
or
CLI
SwiG
Object
Store
Neutron
Neutron
DB
Neutron
API
Queue
Scheduler
Plugin/Agent
Network
Hypervisor
Network
Node
DHCP/IPAM
Router/GW
Queue
Block
Storage
SNtoordagee
Cinder
API
Scheduler
Cinder
Backup
Cinder
DB
Cinder
Vol
Ceilometer
Ceilometer
API
Collector

46. CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
2
PAGE
46
Neutron
• Provides a flexible API (POST / GET) for service
providers or their tenants to manage OpenStack
network topologies.
• Create networks, associate VMs, set routers, etc.
• Presents a logical API and a corresponding plug-in
architecture that separates the description of
network connectivity from its implementation.
• One can still choose to stay with nova-network
(Essex approach) or to go with Neutron.

47. Neutron Architecture
Horizon Neutron CLI Nova
CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
2
PAGE
47
Neutron
Neutron Server
Queue
Neutron DB
Optional depending
on plugin.
Neutron L3 Agent
HTTP
AMQP
SQL
3rd-­‐party
Neutron
DHCP
Agent
Local
vSwitches
Neutron L2 Agent
Runs on each
Compute Node.
Optional depending
on plugin.
L3&DHCP Agents
Scheduler
Optional
Other
Network
Services
FWaaS, VPNaaS,
LBaaS, etc.
Neutron
Metadata
Agent
Neutron
Plugin
SDN
Controller, etc.
Optional depending
on plugin.

48. Step 10: Configure Network (Continued)
Neutron
configures
IP,
gateway,
DNS
name,
L2
connec>vity,
etc.
Keystone
Keysto
neAPI
Keystone
DB
Glance
Glance
API
Glance
DB
Glance
Registry
Proxy
Server
CCoommppuuttee
N
Nooddee
VM
nova-­‐
compute
Cinder
Agent
CONFIDENTIAL
MIRANTIS
©
MIRANTIS
2012
PAGE
48
Nova
Nova
DB
Nova
API
Queue
Scheduler
Conductor
UI:
Horizon
or
CLI
SwiG
Object
Store
Neutron
Neutron
DB
Neutron
API
Queue
Scheduler
Plugin/Agent
Network
Hypervisor
Network
Node
DHCP/IPAM
Router/GW
Queue
Block
Storage
SNtoordagee
Cinder
API
Scheduler
Cinder
Backup
Cinder
DB
Cinder
Vol
Ceilometer
Ceilometer
API
Collector

49. Step 11: Request Volume
Keystone
Keysto
neAPI
Keystone
DB
Glance
Glance
API
Glance
DB
Glance
Registry
Proxy
Server
CCoommppuuttee
N
Nooddee
VM
nova-­‐
compute
Cinder
Agent
CONFIDENTIAL
MIRANTIS
©
MIRANTIS
2012
PAGE
49
Nova
Nova
DB
Nova
API
Queue
Scheduler
Conductor
UI:
Horizon
or
CLI
SwiG
Object
Store
Neutron
Neutron
DB
Neutron
API
Queue
Scheduler
Plugin/Agent
Network
Hypervisor
Network
Node
DHCP/IPAM
Router/GW
Queue
Block
Storage
SNtoordagee
Cinder
API
Scheduler
Cinder
Backup
Cinder
DB
Cinder
Vol
Ceilometer
Ceilometer
API
Collector
It
is
assumed
a
volume
is
already
created.
Nova
Compute
contacts
Cinder
to
get
volume
data.
Can
also
aWach
volumes
a_er
VM
is
built.

50. Open Stack Storage Concepts
CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
2
PAGE
50
• Ephemeral storage:
• Persists until VM is terminated
• Accessible from within VM as local file system
• Used to run operating system and/or scratch space
• Managed by Nova
• Block storage:
• Persists until specifically deleted by user
• Accessible from within VM as a block device (e.g. /dev/vdc)
• Used to add additional persistent storage to VM and/or run operating system
• Managed by Cinder
• Object storage:
• Persists until specifically deleted by user
• Accessible from anywhere
• Used to add store files, including VM images
• Managed by Swift

51. CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
2
PAGE
51
Cinder Resources
• Volumes:
• Persistent R/W Block Storage devices
• Can be attached to VMs as secondary storage
• Can be root store to boot VMs
• Can be attached only to one instance at a time
• Keep their state independent of instances
• Snapshots:
• Read-only point in time copy of a volume
• Can then be used to create a new instance
• Backups:
• An archived copy of a volume

52. Cinder Architecture
Horizon Cinder CLI Nova
Cinder API
CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
HTTP
AMQP
SQL
3rd-­‐party
2
PAGE
52
Cinder
Cinder DB
Queue
Cinder Volume
Backend
Storage
Scheduler Devices
Cinder Backup
Object Storage

53. CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
2
PAGE
53
Cinder Volume Driver
• iSCSI:
• Dell EqualLogic
• EMC VMAX/VNX
• Hitach HDS
• HP 3PAR (StoreServ)
• HP / Lefthand SAN (StoreVirtual)
• Huawei T/Dorado/HVS
• IBM Storwize family/SVC/XIV
• LVM (Reference Implementation)
• Nexenta
• NetApp
• SolidFire
• VMware VMDK
• Windows Server 2012
• Zadara
• GlusterFS NFS (volumes as sparse files)
• IBM General Parallel File System (GPFS) (volumes as sparse
files):
• GPFS NSD
• ATA over Ethernet (AoE):
• Coraid
• Fibre Channel:
• NetApp
• HP 3PAR (StoreServ)
• Huawei T/Dorad/HVS
• IBM Storwize family/SVC/XIV
• VMware VMDK
• NFS (volumes as sparse files):
• NFS
• Nexenta
• NetApp
• VMware VMDK
• Zadara
• XenAPI Storage Manager
• RADOS Block Devices (RBD):
• Ceph
• Shared SAS:
• VMware VMDK
• Scale Out File System (SOFS) (volumes as sparse files):
• Scality
• VirtIO (Local raw storage) (volumes as sparse files)

54. CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
2
PAGE
54
Cinder Backup Drivers
• Swift
• Ceph
• IBM Tivoli Storage Manager (TSM)

55. Step 11: Request volume (Continued)
Keystone
Keysto
neAPI
Keystone
DB
Glance
Glance
API
Glance
DB
Glance
Registry
Proxy
Server
CCoommppuuttee
N
Nooddee
VM
nova-­‐
compute
Cinder
Agent
CONFIDENTIAL
MIRANTIS
©
MIRANTIS
2012
PAGE
55
Nova
Nova
DB
Nova
API
Queue
Scheduler
Conductor
UI:
Horizon
or
CLI
SwiG
Object
Store
Neutron
Neutron
DB
Neutron
API
Queue
Scheduler
Plugin/Agent
Network
Hypervisor
Network
Node
DHCP/IPAM
Router/GW
Queue
Block
Storage
SNtoordagee
Cinder
API
Scheduler
Cinder
Backup
Cinder
DB
Cinder
Vol
Ceilometer
Ceilometer
API
Collector
Nova
Compute
sets
up
the
host
mount
if
needed
&
instructs
the
Hypervisor
to
use
vol.
as
a
new
block
device

56. Step 12: Request VM Image from Glance
Nova
Compute
requests
VM
image
from
Glance
via
Image
ID
Keystone
Keysto
neAPI
Keystone
DB
Glance
Glance
API
Glance
DB
Glance
Registry
Proxy
Server
CCoommppuuttee
N
Nooddee
VM
nova-­‐
compute
Cinder
Agent
CONFIDENTIAL
MIRANTIS
©
MIRANTIS
2012
PAGE
56
Nova
Nova
DB
Nova
API
Queue
Scheduler
Conductor
UI:
Horizon
or
CLI
SwiG
Object
Store
Neutron
Neutron
DB
Neutron
API
Queue
Scheduler
Plugin/Agent
Network
Hypervisor
Network
Node
DHCP/IPAM
Router/GW
Queue
Block
Storage
SNtoordagee
Cinder
API
Scheduler
Cinder
Backup
Cinder
DB
Cinder
Vol
Ceilometer
Ceilometer
API
Collector

57. CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
2
PAGE
57
Glance
"The Glance project provides services
for discovering, registering, and
retrieving virtual machine images."

58. CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
2
PAGE
58
Glance Summary
• Images-as-a-Service.
• Can use multiple back-ends for image storage.
• Can store the same image in multiple locations.
• Supports multiple image formats.

59. Glance Architecture
Horizon Glance CLI Nova
Store Adapter
CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
File System
Amazon S3
HTTP
GridFS
Sheepdog
Ceph (RBD)
2
PAGE
59
Glance
Glance API
HTTP
AMQP
SQL
3rd-­‐party
Glance Registry
Glance DB
Swift
Cinder

60. Step 13: Get Image URI from Glance
If
image
with
given
image
ID
can
be
found
-­‐
return
URI
–
HTTP
Get
URI
Keystone
Keysto
neAPI
Keystone
DB
Glance
Glance
API
Glance
DB
Glance
Registry
Proxy
Server
CCoommppuuttee
N
Nooddee
VM
nova-­‐
compute
Cinder
Agent
CONFIDENTIAL
MIRANTIS
©
MIRANTIS
2012
PAGE
60
Nova
Nova
DB
Nova
API
Queue
Scheduler
Conductor
UI:
Horizon
or
CLI
SwiG
Object
Store
Neutron
Neutron
DB
Neutron
API
Queue
Scheduler
Plugin/Agent
Network
Hypervisor
Network
Node
DHCP/IPAM
Router/GW
Queue
Block
Storage
SNtoordagee
Cinder
API
Scheduler
Cinder
Backup
Cinder
DB
Cinder
Vol
Ceilometer
Ceilometer
API
Collector

61. Step 14: Direct Image File Copy
Nova
Compute
can
download
image
using
URI,
given
by
Glance,
directly
from
Swift
Keystone
Keysto
neAPI
Keystone
DB
Glance
Glance
API
Glance
DB
Glance
Registry
Proxy
Server
CCoommppuuttee
N
Nooddee
VM
nova-­‐
compute
Cinder
Agent
CONFIDENTIAL
MIRANTIS
©
MIRANTIS
2012
PAGE
61
Nova
Nova
DB
Nova
API
Queue
Scheduler
Conductor
UI:
Horizon
or
CLI
SwiG
Object
Store
Neutron
Neutron
DB
Neutron
API
Queue
Scheduler
Plugin/Agent
Network
Hypervisor
Network
Node
DHCP/IPAM
Router/GW
Queue
Block
Storage
SNtoordagee
Cinder
API
Scheduler
Cinder
Backup
Cinder
DB
Cinder
Vol
Ceilometer
Ceilometer
API
Collector

62. Step 14 alternative: Image Copy through Glance
To
leverage
Glance
Server
caching
mechanism
and
addi>onal
access
restric>on,
the
Image
copy
can
go
through
Glance
Keystone
Keysto
neAPI
Keystone
DB
Glance
Glance
API
Glance
DB
Glance
Registry
Proxy
Server
CCoommppuuttee
N
Nooddee
VM
nova-­‐
compute
Cinder
Agent
CONFIDENTIAL
MIRANTIS
©
MIRANTIS
2012
PAGE
62
Nova
Nova
DB
Nova
API
Queue
Scheduler
Conductor
UI:
Horizon
or
CLI
SwiG
Object
Store
Neutron
Neutron
DB
Neutron
API
Queue
Scheduler
Plugin/Agent
Network
Hypervisor
Network
Node
DHCP/IPAM
Router/GW
Queue
Block
Storage
SNtoordagee
Cinder
API
Scheduler
Cinder
Backup
Cinder
DB
Cinder
Vol
Ceilometer
Ceilometer
API
Collector

63. Step 15: Start VM Rendering via Hypervisor
In
case
of
KVM
/
libvirtd
this
is
a
single
XML
VM
config
file
Keystone
Keysto
neAPI
Keystone
DB
Glance
Glance
API
Glance
DB
Glance
Registry
Proxy
Server
CCoommppuuttee
N
Nooddee
VM
nova-­‐
compute
Cinder
Agent
CONFIDENTIAL
MIRANTIS
©
MIRANTIS
2012
PAGE
63
Nova
Nova
DB
Nova
API
Queue
Scheduler
Conductor
UI:
Horizon
or
CLI
SwiG
Object
Store
Neutron
Neutron
DB
Neutron
API
Queue
Scheduler
Plugin/Agent
Network
Hypervisor
Network
Node
DHCP/IPAM
Router/GW
Queue
Block
Storage
SNtoordagee
Cinder
API
Scheduler
Cinder
Backup
Cinder
DB
Cinder
Vol
Ceilometer
Ceilometer
API
Collector
Nova
Compute
creates
a
command
to
Hypervisor
and
delegates
VM
rendering
to
Hypervisor.

64. Step 16: VM is UP
Keystone
Keysto
neAPI
Keystone
DB
Glance
Glance
API
Glance
DB
Glance
Registry
Proxy
Server
CCoommppuuttee
N
Nooddee
VM
nova-­‐
compute
Cinder
Agent
CONFIDENTIAL
MIRANTIS
©
MIRANTIS
2012
PAGE
64
Nova
Nova
DB
Nova
API
Queue
Scheduler
Conductor
UI:
Horizon
or
CLI
SwiG
Object
Store
Neutron
Neutron
DB
Neutron
API
Queue
Scheduler
Plugin/Agent
Network
Hypervisor
Network
Node
DHCP/IPAM
Router/GW
Queue
Block
Storage
SNtoordagee
Cinder
API
Scheduler
Cinder
Backup
Cinder
DB
Cinder
Vol
Ceilometer
Ceilometer
API
Collector
Nova
Compute
sends
a
message
to
Nova
Conductor
to
update
DB
with
VM
state

65. Step 17: User is Happy
Keystone
Keysto
neAPI
Keystone
DB
Glance
Glance
API
Glance
DB
Glance
Registry
Proxy
Server
CCoommppuuttee
N
Nooddee
VM
nova-­‐
compute
Cinder
Agent
CONFIDENTIAL
MIRANTIS
©
MIRANTIS
2012
PAGE
65
Nova
Nova
DB
Nova
API
Queue
Scheduler
Conductor
UI:
Horizon
or
CLI
SwiG
Object
Store
Neutron
Neutron
DB
Neutron
API
Queue
Scheduler
Plugin/Agent
Network
Hypervisor
Network
Node
DHCP/IPAM
Router/GW
Queue
Block
Storage
SNtoordagee
Cinder
API
Scheduler
Cinder
Backup
Cinder
DB
Cinder
Vol
Ceilometer
Ceilometer
API
Collector
Horizon
polls
Nova
API
for
VM
status
and
power
state,
which
is
taken
from
Database.

66. CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
2
PAGE
66
Recap:
• Users log into Horizon and initiates VM creation
• Keystone authorizes
• Nova initiates provisioning and saves state to DB
• Nova Scheduler finds appropriate host
• Neutron configures networking
• Cinder provides block device
• Image URI is looked up through Glance
• Image is retrieved via Swift
• VM is rendered by Hypervisor

67. In the end Developers Win.
CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
2
PAGE
67

68. Special Offer for OpenStack DC Meetup
Sign up for any OpenStack class by Mirantis
in Washington, DC in 2014 and save 10% off the ticket price.
To redeem your discount, use the code “DC_Meetup_2014”
Course schedule in Washington, DC:
OpenStack Bootcamp with Exam (OS110) Sep 30 – Oct 3
OpenStack Bootcamp with Exam (OS110) Nov 11 - 14
OpenStack Fundamentals (OS50) Nov 17
OpenStack Bootcamp II (OS200) Nov 18 - 20
For complete schedule, course description, and registration visit training.mirantis.com
CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
2
PAGE
68

69. Questions and Comments?
Paul Roberts
Twitter: pauljrob
proberts@mirantis.com
CONFIDENTIAL
MIRANTIS
©©
M
MIRAIRNATNIST
I2S0
21031
2
PAGE
69