Edited Services sections of Admin Guide
Edit wording; changed term/description lists to variable lists as per writing conventions backport: none Partial-Bug: #1251195 Change-Id: I3b7f3fedafa79ab64f75260fcd3c5daa7cbb5e34
This commit is contained in:
parent
9b38a72f75
commit
3981735acd
@ -2,39 +2,41 @@
|
|||||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||||
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
|
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
|
||||||
xml:id="block-storage-service">
|
xml:id="block-storage-service">
|
||||||
<title>Block Storage</title>
|
<title>OpenStack Block Storage</title>
|
||||||
<para>The Block Storage service enables management of volumes,
|
<para>OpenStack Block Storage enables management of volumes,
|
||||||
volume snapshots, and volume types. It includes the following
|
volume snapshots, and volume types. It consists of the following
|
||||||
components:</para>
|
components:</para>
|
||||||
<itemizedlist>
|
<variablelist>
|
||||||
<listitem>
|
<varlistentry>
|
||||||
<para><systemitem class="service">cinder-api</systemitem>:
|
<term><systemitem class="service">cinder-api</systemitem></term>
|
||||||
Accepts API requests and routes them to <systemitem
|
<listitem><para>Accepts API requests and routes them to <systemitem
|
||||||
class="service">cinder-volume</systemitem> for
|
class="service">cinder-volume</systemitem> for
|
||||||
action.</para>
|
action.</para></listitem>
|
||||||
</listitem>
|
</varlistentry>
|
||||||
<listitem>
|
<varlistentry>
|
||||||
<para><systemitem class="service"
|
<term><systemitem class="service">cinder-volume</systemitem></term>
|
||||||
>cinder-volume</systemitem>: Responds to requests to read
|
<listitem><para>Responds to requests to read from and write to the
|
||||||
from and write to the Block Storage database to maintain
|
OpenStack Block Storage database to maintain state, interacting with
|
||||||
state, interacting with other processes (like <systemitem
|
other processes (like <systemitem
|
||||||
class="service">cinder-scheduler</systemitem>) through a
|
class="service">cinder-scheduler</systemitem>) through a
|
||||||
message queue and directly upon block storage providing
|
message queue and directly upon block storage providing
|
||||||
hardware or software. It can interact with a variety of
|
hardware or software. It can interact with a variety of
|
||||||
storage providers through a driver architecture.</para>
|
storage providers through a driver architecture.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
</varlistentry>
|
||||||
<para><systemitem class="service"
|
<varlistentry>
|
||||||
>cinder-scheduler</systemitem> daemon: Like the
|
<term><systemitem class="service">cinder-scheduler</systemitem>
|
||||||
<systemitem class="service">nova-scheduler</systemitem>,
|
daemon</term>
|
||||||
picks the optimal block storage provider node on which to
|
<listitem> <para>Like the <systemitem
|
||||||
create the volume.</para>
|
class="service">nova-scheduler</systemitem>, picks the optimal block
|
||||||
</listitem>
|
storage provider node on which to create the volume.</para></listitem>
|
||||||
<listitem>
|
</varlistentry>
|
||||||
<para>Messaging queue: Routes information between the Block
|
<varlistentry>
|
||||||
Storage service processes.</para>
|
<term>Messaging queue</term>
|
||||||
</listitem>
|
<listitem><para>Routes information between the Block Storage
|
||||||
</itemizedlist>
|
processes.</para></listitem>
|
||||||
<para>The Block Storage service interacts with Compute to
|
</varlistentry>
|
||||||
provide volumes for instances.</para>
|
</variablelist>
|
||||||
|
<para>OpenStack Block Storage interacts with OpenStack Compute
|
||||||
|
to provide volumes for instances.</para>
|
||||||
</section>
|
</section>
|
||||||
|
@ -2,35 +2,34 @@
|
|||||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||||
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
|
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
|
||||||
xml:id="compute-service">
|
xml:id="compute-service">
|
||||||
<title>Compute service</title>
|
<title>OpenStack Compute</title>
|
||||||
<para>The Compute service is a cloud computing fabric controller,
|
<para>OpenStack Compute is used to host and manage cloud computing systems and
|
||||||
which is the main part of an IaaS system. Use it to host and
|
is a major part of an infrastructure-as-a-service (IaaS) system. The main
|
||||||
manage cloud computing systems. The main modules are implemented
|
modules are implemented in Python.</para>
|
||||||
in Python.</para>
|
<para>OpenStack Compute interacts with OpenStack Identity for
|
||||||
<para>Compute interacts with the Identity Service for
|
authentication, OpenStack Image Service for images, and OpenStack dashboard
|
||||||
authentication, Image Service for images, and the Dashboard for
|
for the user and administrative interface. Access to images is limited
|
||||||
the user and administrative interface. Access to images is limited
|
by project and by user; quotas are limited per project (for example, the
|
||||||
by project and by user; quotas are limited per project (for
|
number of instances). OpenStack Compute can scale horizontally on standard
|
||||||
example, the number of instances). The Compute service scales
|
hardware, and download images to launch instances.</para>
|
||||||
horizontally on standard hardware, and downloads images to launch
|
<para>OpenStack Compute consists of the following areas and their
|
||||||
instances as required.</para>
|
components:</para>
|
||||||
<para>The Compute service is made up of the following functional
|
<variablelist><title>API</title>
|
||||||
areas and their underlying components:</para>
|
<varlistentry>
|
||||||
<itemizedlist>
|
<term><systemitem class="service">nova-api service</systemitem></term>
|
||||||
<title>API</title>
|
<listitem><para>Accepts and responds to end user compute API calls.
|
||||||
<listitem>
|
Supports the OpenStack Compute API, the Amazon EC2 API, and a special
|
||||||
<para><systemitem class="service">nova-api</systemitem> service.
|
Admin API for privileged users to perform administrative actions. It
|
||||||
Accepts and responds to end user compute API calls. Supports
|
enforces some policies and initiates most orchestration activities,
|
||||||
the OpenStack Compute API, the Amazon EC2 API, and a special
|
such as running an instance.</para>
|
||||||
Admin API for privileged users to perform administrative
|
|
||||||
actions. Also, initiates most orchestration activities, such
|
|
||||||
as running an instance, and enforces some policies.</para>
|
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
</varlistentry>
|
||||||
<para><systemitem class="service">nova-api-metadata</systemitem>
|
<varlistentry>
|
||||||
service. Accepts metadata requests from instances. The
|
<term><systemitem class="service">nova-api-metadata</systemitem>
|
||||||
|
service</term>
|
||||||
|
<listitem><para>Accepts metadata requests from instances. The
|
||||||
<systemitem class="service">nova-api-metadata</systemitem>
|
<systemitem class="service">nova-api-metadata</systemitem>
|
||||||
service is generally only used when you run in multi-host mode
|
service is generally used when you run in multi-host mode
|
||||||
with <systemitem class="service">nova-network</systemitem>
|
with <systemitem class="service">nova-network</systemitem>
|
||||||
installations. For details, see <link
|
installations. For details, see <link
|
||||||
xlink:href="http://docs.openstack.org/admin-guide-cloud/content/section_metadata-service.html"
|
xlink:href="http://docs.openstack.org/admin-guide-cloud/content/section_metadata-service.html"
|
||||||
@ -38,33 +37,34 @@
|
|||||||
Administrator Guide</citetitle>.</para>
|
Administrator Guide</citetitle>.</para>
|
||||||
<para>On Debian systems, it is included in the <systemitem
|
<para>On Debian systems, it is included in the <systemitem
|
||||||
class="service">nova-api</systemitem> package, and can be
|
class="service">nova-api</systemitem> package, and can be
|
||||||
selected through <package>debconf</package>.</para>
|
selected through <package>debconf</package>.</para></listitem>
|
||||||
</listitem>
|
</varlistentry>
|
||||||
</itemizedlist>
|
</variablelist>
|
||||||
<itemizedlist>
|
<variablelist>
|
||||||
<title>Compute core</title>
|
<title>Compute core</title>
|
||||||
<listitem>
|
<varlistentry>
|
||||||
<para><systemitem class="service">nova-compute</systemitem>
|
<term><systemitem class="service">nova-compute</systemitem>
|
||||||
process. A worker daemon that creates and terminates virtual
|
process</term> <listitem><para>A worker daemon that creates and
|
||||||
machine instances through hypervisor APIs. For example, XenAPI
|
terminates virtual machine instances through hypervisor APIs. For
|
||||||
for XenServer/XCP, libvirt for KVM or QEMU, VMwareAPI for
|
example, XenAPI for XenServer/XCP, libvirt for KVM or QEMU and
|
||||||
VMware, and so on. The process by which it does so is fairly
|
VMwareAPI for VMware. Processing is fairly complex but fundamentally it
|
||||||
complex but the basics are simple: Accept actions from the
|
accepts actions from the queue and performs a series of system
|
||||||
queue and perform a series of system commands, like launching
|
commands, like launching a KVM instance, whilst updating its state in
|
||||||
a KVM instance, to carry them out while updating state in the
|
the database.</para></listitem>
|
||||||
database.</para>
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term><systemitem class="service">nova-scheduler</systemitem>
|
||||||
|
process</term>
|
||||||
|
<listitem><para>Conceptually the simplest piece of code in OpenStack
|
||||||
|
Compute. It takes a virtual machine instance request from the queue and
|
||||||
|
determines on which compute server host it will run.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
</varlistentry>
|
||||||
<para><systemitem class="service">nova-scheduler</systemitem>
|
<varlistentry>
|
||||||
process. Conceptually the simplest piece of code in Compute.
|
<term><systemitem class="service">nova-conductor</systemitem>
|
||||||
Takes a virtual machine instance request from the queue and
|
module</term><listitem><para>Mediates interactions between <systemitem
|
||||||
determines on which compute server host it should run.</para>
|
|
||||||
</listitem>
|
|
||||||
<listitem>
|
|
||||||
<para><systemitem class="service">nova-conductor</systemitem>
|
|
||||||
module. Mediates interactions between <systemitem
|
|
||||||
class="service">nova-compute</systemitem> and the database.
|
class="service">nova-compute</systemitem> and the database.
|
||||||
Aims to eliminate direct accesses to the cloud database made
|
It eliminates direct accesses to the cloud database made
|
||||||
by <systemitem class="service">nova-compute</systemitem>. The
|
by <systemitem class="service">nova-compute</systemitem>. The
|
||||||
<systemitem class="service">nova-conductor</systemitem>
|
<systemitem class="service">nova-conductor</systemitem>
|
||||||
module scales horizontally. However, do not deploy it on any
|
module scales horizontally. However, do not deploy it on any
|
||||||
@ -74,34 +74,33 @@
|
|||||||
xlink:href="http://russellbryantnet.wordpress.com/2012/11/19/a-new-nova-service-nova-conductor/"
|
xlink:href="http://russellbryantnet.wordpress.com/2012/11/19/a-new-nova-service-nova-conductor/"
|
||||||
>A new Nova service: nova-conductor</link>.</para>
|
>A new Nova service: nova-conductor</link>.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist>
|
</varlistentry>
|
||||||
<itemizedlist>
|
</variablelist>
|
||||||
<title>Networking for VMs</title>
|
<variablelist><title>Networking for VMs</title>
|
||||||
<listitem>
|
<varlistentry><term><systemitem class="service">nova-network</systemitem>
|
||||||
<para><systemitem class="service">nova-network</systemitem>
|
worker daemon</term>
|
||||||
worker daemon. Similar to <systemitem class="service"
|
<listitem><para>Similar to <systemitem
|
||||||
>nova-compute</systemitem>, it accepts networking tasks from
|
class="service">nova-compute</systemitem>, it accepts networking tasks from
|
||||||
the queue and performs tasks to manipulate the network, such
|
the queue and performs tasks to manipulate the network, such
|
||||||
as setting up bridging interfaces or changing iptables rules.
|
as setting up bridging interfaces or changing iptables rules.
|
||||||
This functionality is being migrated to OpenStack Networking,
|
This functionality is being migrated to OpenStack Networking.</para>
|
||||||
which is a separate OpenStack service.</para>
|
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
</varlistentry>
|
||||||
<para><systemitem class="service">nova-dhcpbridge</systemitem>
|
<varlistentry>
|
||||||
script. Tracks IP address leases and records them in the
|
<term><systemitem class="service">nova-dhcpbridge</systemitem>
|
||||||
database by using the dnsmasq <literal>dhcp-script</literal>
|
script</term>
|
||||||
|
<listitem><para>The IP address leases and is recorded in the
|
||||||
|
database using the dnsmasq <literal>dhcp-script</literal>
|
||||||
facility. This functionality is being migrated to OpenStack
|
facility. This functionality is being migrated to OpenStack
|
||||||
Networking. OpenStack Networking provides a different
|
Networkin which provides a different script.</para></listitem>
|
||||||
script.</para>
|
</varlistentry>
|
||||||
</listitem>
|
</variablelist>
|
||||||
</itemizedlist>
|
|
||||||
<?hard-pagebreak?>
|
<?hard-pagebreak?>
|
||||||
<itemizedlist>
|
<variablelist><title>Console interface</title>
|
||||||
<title>Console interface</title>
|
<varlistentry>
|
||||||
<listitem>
|
<term><systemitem class="service">nova-consoleauth</systemitem>
|
||||||
<para><systemitem class="service">nova-consoleauth</systemitem>
|
daemon</term><listitem><para>Authorizes tokens for users that console
|
||||||
daemon. Authorizes tokens for users that console proxies
|
proxies provide. See <systemitem class="service"
|
||||||
provide. See <systemitem class="service"
|
|
||||||
>nova-novncproxy</systemitem> and <systemitem
|
>nova-novncproxy</systemitem> and <systemitem
|
||||||
class="service">nova-xvpnvcproxy</systemitem>. This service
|
class="service">nova-xvpnvcproxy</systemitem>. This service
|
||||||
must be running for console proxies to work. Many proxies of
|
must be running for console proxies to work. Many proxies of
|
||||||
@ -109,25 +108,27 @@
|
|||||||
class="service">nova-consoleauth</systemitem> service in a
|
class="service">nova-consoleauth</systemitem> service in a
|
||||||
cluster configuration. For information, see <link
|
cluster configuration. For information, see <link
|
||||||
xlink:href="http://docs.openstack.org/trunk/config-reference/content/about-nova-consoleauth.html"
|
xlink:href="http://docs.openstack.org/trunk/config-reference/content/about-nova-consoleauth.html"
|
||||||
>About nova-consoleauth</link>.</para>
|
>About nova-consoleauth</link>.</para></listitem>
|
||||||
</listitem>
|
</varlistentry>
|
||||||
<listitem>
|
<varlistentry>
|
||||||
<para><systemitem class="service">nova-novncproxy</systemitem>
|
<term><systemitem class="service">nova-novncproxy</systemitem>
|
||||||
daemon. Provides a proxy for accessing running instances
|
daemon</term>
|
||||||
through a VNC connection. Supports browser-based novnc
|
<listitem><para>Provides a proxy for accessing running instances through
|
||||||
clients.</para>
|
a VNC connection. Supports browser-based novnc
|
||||||
</listitem>
|
clients.</para></listitem>
|
||||||
<listitem>
|
</varlistentry>
|
||||||
<para><systemitem class="service">nova-xvpnvncproxy</systemitem>
|
<varlistentry>
|
||||||
daemon. A proxy for accessing running instances through a VNC
|
<term><systemitem class="service">nova-xvpnvncproxy</systemitem>
|
||||||
connection. Supports a Java client specifically designed for
|
daemon</term>
|
||||||
OpenStack.</para>
|
<listitem><para>A proxy for accessing running instances
|
||||||
</listitem>
|
through a VNC connection. It supports a Java client specifically
|
||||||
<listitem>
|
designed for OpenStack.</para></listitem>
|
||||||
<para><systemitem class="service">nova-cert</systemitem> daemon.
|
</varlistentry>
|
||||||
Manages x509 certificates.</para>
|
<varlistentry>
|
||||||
</listitem>
|
<term><systemitem class="service">nova-cert</systemitem> daemon</term>
|
||||||
</itemizedlist>
|
<listitem><para>x509 certificates.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
<para os="debian">In Debian, a unique
|
<para os="debian">In Debian, a unique
|
||||||
<package>nova-consoleproxy</package> package provides the
|
<package>nova-consoleproxy</package> package provides the
|
||||||
<package>nova-novncproxy</package>,
|
<package>nova-novncproxy</package>,
|
||||||
@ -136,63 +137,59 @@
|
|||||||
packages, edit the
|
packages, edit the
|
||||||
<filename>/etc/default/nova-consoleproxy</filename> file or use
|
<filename>/etc/default/nova-consoleproxy</filename> file or use
|
||||||
the <package>debconf</package> interface. You can also manually
|
the <package>debconf</package> interface. You can also manually
|
||||||
edit the <filename>/etc/default/nova-consoleproxy</filename> file
|
edit the <filename>/etc/default/nova-consoleproxy</filename> file,
|
||||||
and stop and start the console daemons.</para>
|
and stop and start the console daemons.</para>
|
||||||
<itemizedlist>
|
<variablelist> <title>Image management (EC2 scenario)</title>
|
||||||
<title>Image management (EC2 scenario)</title>
|
<varlistentry>
|
||||||
<listitem>
|
<term><systemitem class="service">nova-objectstore</systemitem>
|
||||||
<para><systemitem class="service">nova-objectstore</systemitem>
|
daemon</term> <listitem><para>A S3 interface for registering images
|
||||||
daemon. Provides an S3 interface for registering images with
|
with the OpenStack Image Service. It is mainly used for installations
|
||||||
the Image Service. Mainly used for installations that must
|
that must support euca2ools. The euca2ools tools talk to <systemitem
|
||||||
support euca2ools. The euca2ools tools talk to <systemitem
|
|
||||||
class="service">nova-objectstore</systemitem> in <emphasis
|
class="service">nova-objectstore</systemitem> in <emphasis
|
||||||
role="italic">S3 language</emphasis>, and <systemitem
|
role="italic">S3 language</emphasis>, and <systemitem
|
||||||
class="service">nova-objectstore</systemitem> translates S3
|
class="service">nova-objectstore</systemitem> translates S3
|
||||||
requests into Image Service requests.</para>
|
requests into Image service requests.</para></listitem>
|
||||||
</listitem>
|
</varlistentry>
|
||||||
<listitem>
|
<varlistentry>
|
||||||
<para>euca2ools client. A set of command-line interpreter
|
<term>euca2ools client</term>
|
||||||
commands for managing cloud resources. Though not an OpenStack
|
<listitem><para>A set of command-line interpreter commands for managing
|
||||||
module, you can configure <systemitem class="service"
|
cloud resources. Although it is not an OpenStack module, you can
|
||||||
>nova-api</systemitem> to support this EC2 interface. For
|
configure <systemitem class="service">nova-api</systemitem> to support
|
||||||
more information, see the <link
|
this EC2 interface. For more information, see the <link
|
||||||
xlink:href="https://www.eucalyptus.com/docs/eucalyptus/3.4/index.html"
|
xlink:href="https://www.eucalyptus.com/docs/eucalyptus/3.4/index.html"
|
||||||
>Eucalyptus 3.4 Documentation</link>.</para>
|
>Eucalyptus 3.4 Documentation</link>.</para></listitem>
|
||||||
</listitem>
|
</varlistentry>
|
||||||
</itemizedlist>
|
</variablelist>
|
||||||
<itemizedlist>
|
<variablelist><title>Command-line clients and other interfaces</title>
|
||||||
<title>Command-line clients and other interfaces</title>
|
<varlistentry><term>nova client</term>
|
||||||
<listitem>
|
<listitem><para>Allows users to submit commands as a tenant administrator
|
||||||
<para>nova client. Enables users to submit commands as a tenant
|
or end user.</para></listitem>
|
||||||
administrator or end user.</para>
|
</varlistentry>
|
||||||
</listitem>
|
<varlistentry>
|
||||||
<listitem>
|
<term>nova-manage client</term>
|
||||||
<para>nova-manage client. Enables cloud administrators to submit
|
<listitem><para>Enables cloud administrators to submit
|
||||||
commands.</para>
|
commands.</para></listitem>
|
||||||
</listitem>
|
</varlistentry>
|
||||||
</itemizedlist>
|
</variablelist>
|
||||||
<itemizedlist>
|
<variablelist><title>Other components</title>
|
||||||
<title>Other components</title>
|
<varlistentry><term>The queue</term><listitem><para>A central hub for
|
||||||
<listitem>
|
passing messages between daemons. It is usually implemented with <link
|
||||||
<para>The queue. A central hub for passing messages between
|
|
||||||
daemons. Usually implemented with <link
|
|
||||||
xlink:href="http://www.rabbitmq.com/">RabbitMQ</link>, but
|
xlink:href="http://www.rabbitmq.com/">RabbitMQ</link>, but
|
||||||
could be any AMQP message queue, such as <link
|
could be any AMQP message queue, such as <link
|
||||||
xlink:href="http://qpid.apache.org/">Apache Qpid</link> or
|
xlink:href="http://qpid.apache.org/">Apache Qpid</link> or
|
||||||
<link xlink:href="http://www.zeromq.org/">Zero
|
<link xlink:href="http://www.zeromq.org/">Zero
|
||||||
MQ</link>.</para>
|
MQ</link>.</para></listitem>
|
||||||
</listitem>
|
</varlistentry>
|
||||||
<listitem>
|
<varlistentry><term>SQL database</term>
|
||||||
<para>SQL database. Stores most build-time and runtime states
|
<listitem><para>Stores most build-time and runtime states for a cloud
|
||||||
for a cloud infrastructure. Includes instance types that are
|
infrastructure. It includes instance types that are available for use,
|
||||||
available for use, instances in use, available networks, and
|
instances in use, available networks, and projects. Theoretically,
|
||||||
projects. Theoretically, OpenStack Compute can support any
|
OpenStack Compute can support any database that is supported by SQL-Alchemy.
|
||||||
database that SQL-Alchemy supports, but the only databases
|
Note the databases which are widely used are SQLite3 databases (for test and
|
||||||
widely used are SQLite3 databases (only appropriate for test
|
development work), MySQL, and PostgreSQL.</para></listitem>
|
||||||
and development work), MySQL, and PostgreSQL.</para>
|
</varlistentry>
|
||||||
</listitem>
|
</variablelist>
|
||||||
</itemizedlist>
|
<para>OpenStack Compute interacts with OpenStack Identity for
|
||||||
<para>The Compute service interacts with other OpenStack services:
|
authentication; OpenStack Image Service for images; and the OpenStack
|
||||||
Identity Service for authentication, Image Service for images, and
|
dashboard for a web interface.</para>
|
||||||
the OpenStack dashboard for a web interface.</para>
|
|
||||||
</section>
|
</section>
|
||||||
|
@ -2,8 +2,8 @@
|
|||||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||||
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
|
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
|
||||||
xml:id="dashboard-service">
|
xml:id="dashboard-service">
|
||||||
<title>Dashboard</title>
|
<title>OpenStack dashboard</title>
|
||||||
<para>The dashboard is a modular <link
|
<para>The OpenStack dashboard is a modular <link
|
||||||
xlink:href="https://www.djangoproject.com/">Django web
|
xlink:href="https://www.djangoproject.com/">Django web
|
||||||
application</link> that provides a graphical interface to
|
application</link> that provides a graphical interface to
|
||||||
OpenStack services.</para>
|
OpenStack services.</para>
|
||||||
|
@ -2,43 +2,46 @@
|
|||||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||||
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
|
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
|
||||||
xml:id="image-service-overview">
|
xml:id="image-service-overview">
|
||||||
<title>Image Service overview</title>
|
<title>OpenStack Image Service</title>
|
||||||
<para>The Image Service includes the following
|
<para>The OpenStack Image Service includes the following
|
||||||
components:</para>
|
components:</para>
|
||||||
<itemizedlist>
|
<variablelist>
|
||||||
<listitem>
|
<varlistentry>
|
||||||
<para><systemitem class="service">glance-api</systemitem>.
|
<term><systemitem class="service">glance-api</systemitem></term>
|
||||||
Accepts Image API calls for image discovery, retrieval,
|
<listitem><para>Accepts Image API calls for image discovery,
|
||||||
and storage.</para>
|
retrieval, and storage.</para></listitem>
|
||||||
</listitem>
|
</varlistentry>
|
||||||
<listitem>
|
<varlistentry>
|
||||||
<para><systemitem class="service"
|
<term><systemitem class="service">glance-registry</systemitem></term>
|
||||||
>glance-registry</systemitem>. Stores, processes, and
|
<listitem><para>Stores, processes, and retrieves metadata about
|
||||||
retrieves metadata about images. Metadata includes items such
|
images. Metadata includes items such as size and type.</para>
|
||||||
as size and type.</para>
|
|
||||||
<note><title>Security note</title>
|
<note><title>Security note</title>
|
||||||
<para>The registry is a private internal service meant only for use
|
<para>The registry is a private internal service meant for use
|
||||||
by the Image Service itself. Do not expose it to users.</para></note>
|
by OpenStack Image Service. Do not disclose it to
|
||||||
|
users.</para></note>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
</varlistentry>
|
||||||
<para>Database. Stores image metadata. You can choose your
|
<varlistentry>
|
||||||
database depending on your preference. Most deployments
|
<term>Database</term>
|
||||||
use MySQL or SQlite.</para>
|
<listitem><para>Stores image metadata and you can choose your database
|
||||||
</listitem>
|
depending on your preference. Most deployments use MySQL or
|
||||||
<listitem>
|
SQlite.</para></listitem>
|
||||||
<para>Storage repository for image files. The Image Service
|
</varlistentry>
|
||||||
supports a variety of repositories including normal file systems,
|
<varlistentry>
|
||||||
Object Storage, RADOS block devices, HTTP, and Amazon S3. Some
|
<term>Storage repository for image files</term>
|
||||||
types of repositories support only read-only usage.</para>
|
<listitem><para>Various repository types are supported including
|
||||||
</listitem>
|
normal file systems, Object Storage, RADOS block devices, HTTP, and
|
||||||
</itemizedlist>
|
Amazon S3. Note that some repositories will only support
|
||||||
<para>A number of periodic processes run on the Image Service to
|
read-only usage.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
<para>A number of periodic processes run on the OpenStack Image Service to
|
||||||
support caching. Replication services ensures consistency and
|
support caching. Replication services ensures consistency and
|
||||||
availability through the cluster. Other periodic processes
|
availability through the cluster. Other periodic processes
|
||||||
include auditors, updaters, and reapers.</para>
|
include auditors, updaters, and reapers.</para>
|
||||||
<para>As shown in <xref linkend="conceptual-architecture"/>, the Image
|
<para>The OpenStack Image Service is central to
|
||||||
Service is central to the overall IaaS picture. It accepts API
|
infrastructure-as-a-service (IaaS) as shown in <xref
|
||||||
requests for images or image metadata from end users or
|
linkend="conceptual-architecture"/>. It accepts API requests for images
|
||||||
Compute components and can store its disk files in the Object
|
or image metadata from end users or OpenStack Compute components, and
|
||||||
Storage Service.</para>
|
can store its disk files in OpenStack Object Storage.</para>
|
||||||
</section>
|
</section>
|
||||||
|
@ -2,42 +2,39 @@
|
|||||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||||
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
|
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
|
||||||
xml:id="networking-service-overview">
|
xml:id="networking-service-overview">
|
||||||
<title>Networking service overview</title>
|
<title>OpenStack Networking</title>
|
||||||
<para>Provides network-connectivity-as-a-service between interface
|
<para>OpenStack Networking allows you to create and
|
||||||
devices that are managed by other OpenStack services, usually
|
attach interface devices managed by other OpenStack services to
|
||||||
Compute. Enables users to create and attach interfaces to
|
networks. Plug-ins can be implemented to accomodate different
|
||||||
networks. Like many OpenStack services, OpenStack Networking is
|
networking equipment and software, providing flexibility to OpenStack
|
||||||
highly configurable due to its plug-in architecture. These
|
architecture and deployment.</para>
|
||||||
plug-ins accommodate different networking equipment and software.
|
<para>It includes the following components:</para>
|
||||||
Consequently, the architecture and deployment vary
|
<variablelist>
|
||||||
dramatically.</para>
|
<varlistentry><term><systemitem
|
||||||
<para>Includes the following components:</para>
|
class="service">neutron-server</systemitem></term>
|
||||||
<itemizedlist>
|
<listitem><para>Accepts and routes API requests to the appropriate
|
||||||
<listitem>
|
OpenStack Networking plug-in for action.</para></listitem>
|
||||||
<para><systemitem class="service">neutron-server</systemitem>.
|
</varlistentry>
|
||||||
Accepts and routes API requests to the appropriate OpenStack
|
<varlistentry>
|
||||||
Networking plug-in for action.</para>
|
<term>OpenStack Networking plug-ins and agents</term>
|
||||||
</listitem>
|
<listitem><para>Plugs and unplugs ports, creates networks or subnets,
|
||||||
<listitem>
|
and provides IP addressing. These plug-ins and agents differ
|
||||||
<para>OpenStack Networking plug-ins and agents. Plugs and
|
depending on the vendor and technologies used in the particular cloud.
|
||||||
unplugs ports, creates networks or subnets, and provides IP
|
|
||||||
addressing. These plug-ins and agents differ depending on the
|
|
||||||
vendor and technologies used in the particular cloud.
|
|
||||||
OpenStack Networking ships with plug-ins and agents for Cisco
|
OpenStack Networking ships with plug-ins and agents for Cisco
|
||||||
virtual and physical switches, NEC OpenFlow products, Open
|
virtual and physical switches, NEC OpenFlow products, Open
|
||||||
vSwitch, Linux bridging, Ryu Network Operating System, and
|
vSwitch, Linux bridging, Ryu Network Operating System, and
|
||||||
the VMware NSX product.</para>
|
the VMware NSX product.</para>
|
||||||
<para>The common agents are L3 (layer 3), DHCP (dynamic host IP
|
<para>The common agents are L3 (layer 3), DHCP (dynamic host IP
|
||||||
addressing), and a plug-in agent.</para>
|
addressing), and a plug-in agent.</para></listitem>
|
||||||
</listitem>
|
</varlistentry>
|
||||||
<listitem>
|
<varlistentry>
|
||||||
<para>Messaging queue. Most OpenStack Networking installations
|
<term>Messaging queue</term>
|
||||||
make use of a messaging queue to route information between the
|
<listitem><para>Used by most OpenStack Networking installations to route
|
||||||
neutron-server and various agents as well as a database to
|
information between the neutron-server and various agents, as well as a
|
||||||
store networking state for particular plug-ins.</para>
|
database to store networking state for particular
|
||||||
</listitem>
|
plug-ins.</para></listitem>
|
||||||
</itemizedlist>
|
</varlistentry>
|
||||||
<para>OpenStack Networking interacts mainly with OpenStack Compute,
|
</variablelist>
|
||||||
where it provides networks and connectivity for its
|
<para>OpenStack Networking mainly interacts with OpenStack Compute to
|
||||||
instances.</para>
|
provide networks and connectivity for its instances.</para>
|
||||||
</section>
|
</section>
|
||||||
|
@ -2,47 +2,49 @@
|
|||||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||||
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
|
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
|
||||||
xml:id="object-storage-service">
|
xml:id="object-storage-service">
|
||||||
<title>Object Storage service</title>
|
<title>OpenStack Object Storage</title>
|
||||||
<para>The Object Storage service is a highly scalable and durable
|
<para>The OpenStack Object Storage is a multi-tenant object storage system.
|
||||||
multi-tenant object storage system for large amounts of
|
It is highly scalable and can manage large amounts of unstructured data
|
||||||
unstructured data at low cost through a RESTful HTTP API.</para>
|
at low cost through a RESTful HTTP API.</para>
|
||||||
<para>It includes the following components:</para>
|
<para>It includes the following components:</para>
|
||||||
<itemizedlist>
|
<variablelist>
|
||||||
<listitem>
|
<varlistentry><term>Proxy servers (<systemitem
|
||||||
<para>Proxy servers (<systemitem class="service"
|
class="service">swift-proxy-server</systemitem>)</term>
|
||||||
>swift-proxy-server</systemitem>). Accepts Object Storage
|
<listitem><para>Accepts OpenStack Object Storage API and raw HTTP
|
||||||
API and raw HTTP requests to upload files, modify metadata,
|
requests to upload files, modify metadata, and create containers. It
|
||||||
and create containers. It also serves file or container
|
also serves file or container listings to web browsers. To improve
|
||||||
listings to web browsers. To improve performance, the proxy
|
performance, the proxy server can use an optional cache usually
|
||||||
server can use an optional cache usually deployed with
|
deployed with memcache.</para></listitem>
|
||||||
memcache.</para>
|
</varlistentry>
|
||||||
</listitem>
|
<varlistentry>
|
||||||
<listitem>
|
<term>Account servers (<systemitem class="service"
|
||||||
<para>Account servers (<systemitem class="service"
|
>swift-account-server</systemitem>)</term>
|
||||||
>swift-account-server</systemitem>). Manage accounts defined
|
<listitem><para>Manages accounts defined with Object
|
||||||
with the Object Storage service.</para>
|
Storage.</para></listitem>
|
||||||
</listitem>
|
</varlistentry>
|
||||||
<listitem>
|
<varlistentry>
|
||||||
<para>Container servers (<systemitem class="service"
|
<term>Container servers (<systemitem class="service"
|
||||||
>swift-container-server</systemitem>). Manage a mapping of
|
>swift-container-server</systemitem>)</term>
|
||||||
containers, or folders, within the Object Storage
|
<listitem><para>Manages the mapping of containers or folders, within
|
||||||
service.</para>
|
Object Storage.</para></listitem>
|
||||||
</listitem>
|
</varlistentry>
|
||||||
<listitem>
|
<varlistentry>
|
||||||
<para>Object servers (<systemitem class="service"
|
<term>Object servers (<systemitem class="service"
|
||||||
>swift-object-server</systemitem>). Manage actual objects,
|
>swift-object-server</systemitem>)</term>
|
||||||
such as files, on the storage nodes.</para>
|
<listitem><para>Manages actual objects,such as files, on the
|
||||||
</listitem>
|
storage nodes.</para></listitem>
|
||||||
<listitem>
|
</varlistentry>
|
||||||
<para>A number of periodic processes. Performs housekeeping
|
<varlistentry>
|
||||||
tasks on the large data store. The replication services ensure
|
<term>Various periodic processes</term>
|
||||||
consistency and availability through the cluster. Other
|
<listitem><para>Performs housekeeping tasks on the large data store.
|
||||||
periodic processes include auditors, updaters, and
|
The replication services ensure consistency and availability through
|
||||||
reapers.</para>
|
the cluster. Other periodic processes include auditors, updaters, and
|
||||||
</listitem>
|
reapers.</para></listitem>
|
||||||
<listitem>
|
</varlistentry>
|
||||||
<para>Configurable WSGI middleware that handles authentication.
|
<varlistentry>
|
||||||
Usually the Identity Service.</para>
|
<term>WSGI middleware</term>
|
||||||
</listitem>
|
<listitem><para>Handles authentication and is usually OpenStack
|
||||||
</itemizedlist>
|
Identity.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
</section>
|
</section>
|
||||||
|
@ -2,42 +2,45 @@
|
|||||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||||
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
|
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
|
||||||
xml:id="orchestration-service">
|
xml:id="orchestration-service">
|
||||||
<title>Orchestration service overview</title>
|
<title>Orchestration module</title>
|
||||||
<para>The Orchestration service provides a template-based
|
<para>The Orchestration module provides a template-based
|
||||||
orchestration for describing a cloud application by running
|
orchestration for describing a cloud application, by running
|
||||||
OpenStack API calls to generate running cloud applications. The
|
OpenStack API calls to generate running cloud applications. The
|
||||||
software integrates other core components of OpenStack into a
|
software integrates other core components of OpenStack into a
|
||||||
one-file template system. The templates enable you to create most
|
one-file template system. The templates allow you to create most
|
||||||
OpenStack resource types, such as instances, floating IPs,
|
OpenStack resource types, such as instances, floating IPs,
|
||||||
volumes, security groups, users, and so on. Also, provides some
|
volumes, security groups and users. It also provides advanced
|
||||||
more advanced functionality, such as instance high availability,
|
functionality, such as instance high availability, instance auto-scaling,
|
||||||
instance auto-scaling, and nested stacks. By providing very tight
|
and nested stacks. This enables OpenStack core projects to receive a larger
|
||||||
integration with other OpenStack core projects, all OpenStack core
|
user base.</para>
|
||||||
projects could receive a larger user base.</para>
|
|
||||||
<para>The service enables deployers to integrate with the
|
<para>The service enables deployers to integrate with the
|
||||||
Orchestration service directly or through custom plug-ins.</para>
|
Orchestration module directly or through custom plug-ins.</para>
|
||||||
<para>The Orchestration service consists of the following
|
<para>The Orchestration module consists of the following
|
||||||
components:</para>
|
components:</para>
|
||||||
<itemizedlist>
|
<variablelist>
|
||||||
<listitem>
|
<varlistentry>
|
||||||
<para><code>heat</code> command-line client. A CLI that communicates with the
|
<term><code>heat</code> command-line client</term>
|
||||||
heat-api to run AWS CloudFormation APIs. End developers could
|
<listitem><para>A CLI that communicates with the heat-api to run AWS
|
||||||
also use the Orchestration REST API directly.</para>
|
CloudFormation APIs. End developers can directly use the Orchestration
|
||||||
|
REST API.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term><code>heat-api</code> component</term><listitem><para>An
|
||||||
|
OpenStack-native REST API that processes API requests by sending them to
|
||||||
|
the heat-engine over Remote Procedure Call (RPC).</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
</varlistentry>
|
||||||
<para><code>heat-api</code> component. Provides an
|
<varlistentry>
|
||||||
OpenStack-native REST API that processes API requests by
|
<term><code>heat-api-cfn</code> component</term> <listitem><para>An AWS
|
||||||
sending them to the heat-engine over RPC.</para>
|
Query API that is compatible with AWS CloudFormation. It processes
|
||||||
</listitem>
|
|
||||||
<listitem>
|
|
||||||
<para><code>heat-api-cfn</code> component. Provides an AWS Query
|
|
||||||
API that is compatible with AWS CloudFormation and processes
|
|
||||||
API requests by sending them to the heat-engine over
|
API requests by sending them to the heat-engine over
|
||||||
RPC.</para>
|
RPC.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term><code>heat-engine</code></term>
|
||||||
|
<listitem><para>Orchestrates the launching of templates and provides
|
||||||
|
events back to the API consumer.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
</varlistentry>
|
||||||
<para><code>heat-engine</code>. Orchestrates the launching of
|
</variablelist>
|
||||||
templates and provides events back to the API consumer.</para>
|
|
||||||
</listitem>
|
|
||||||
</itemizedlist>
|
|
||||||
</section>
|
</section>
|
||||||
|
@ -2,8 +2,8 @@
|
|||||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||||
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
|
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
|
||||||
xml:id="metering-service">
|
xml:id="metering-service">
|
||||||
<title>Telemetry</title>
|
<title>Telemetry module</title>
|
||||||
<para>The Telemetry module:</para>
|
<para>The Telemetry module performs the following functions:</para>
|
||||||
<para>
|
<para>
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
@ -16,7 +16,7 @@
|
|||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Configures the type of collected data to meet
|
<para>Configures the type of collected data to meet
|
||||||
various operating requirements. Accessing and inserting the
|
various operating requirements. It accesses and inserts the
|
||||||
metering data through the REST API.</para>
|
metering data through the REST API.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
@ -29,55 +29,52 @@
|
|||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
</para>
|
</para>
|
||||||
<para>The system consists of the following basic
|
<para>The Telemetry module consists of the following
|
||||||
components:</para>
|
components:</para>
|
||||||
<itemizedlist>
|
<variablelist>
|
||||||
<listitem>
|
<varlistentry><term>A compute agent (<systemitem class="service"
|
||||||
<para>A compute agent (<systemitem class="service"
|
>ceilometer-agent-compute</systemitem>)</term>
|
||||||
>ceilometer-agent-compute</systemitem>). Runs on each
|
<listitem><para>Runs on each compute node and polls for resource
|
||||||
compute node and polls
|
utilization statistics. There may be other types of agents in the
|
||||||
for resource utilization statistics. There may be other
|
future, but for now our focus is creating the compute agent.</para>
|
||||||
types of agents in the future, but for now we will focus
|
|
||||||
on creating the compute agent.</para>
|
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
</varlistentry>
|
||||||
<para>A central agent (<systemitem class="service"
|
<varlistentry><term>A central agent (<systemitem class="service"
|
||||||
>ceilometer-agent-central</systemitem>). Runs on a central
|
>ceilometer-agent-central</systemitem>)</term>
|
||||||
management server
|
<listitem><para>Runs on a central management server to poll for
|
||||||
to poll for resource utilization statistics for resources
|
resource utilization statistics for resources not tied to instances
|
||||||
not tied to instances or compute nodes.</para>
|
or compute nodes.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry><term>A collector (<systemitem class="service"
|
||||||
|
>ceilometer-collector</systemitem></term>
|
||||||
|
<listitem><para>Runs on central management server(s) to monitor the
|
||||||
|
message queues (for notifications and for metering data coming from
|
||||||
|
the agent). Notification messages are processed and turned into
|
||||||
|
metering messages, which are sent to the message bus using the
|
||||||
|
appropriate topic. Telemetry messages are written to the data store
|
||||||
|
without modification.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
</varlistentry>
|
||||||
<para>A collector (<systemitem class="service"
|
<varlistentry><term>An alarm notifier (<systemitem class="service"
|
||||||
>ceilometer-collector</systemitem>). Runs on one or more
|
>ceilometer-alarm-notifier</systemitem>)</term>
|
||||||
central management
|
<listitem><para>Runs on one or more central management servers to
|
||||||
servers to monitor the message queues (for notifications
|
allow alarms to be set based on the threshold evaluation for a
|
||||||
and for metering data coming from the agent). Notification
|
collection of samples.</para></listitem>
|
||||||
messages are processed and turned into metering messages
|
</varlistentry>
|
||||||
and sent back out onto the message bus using the
|
<varlistentry>
|
||||||
appropriate topic. Telemetry messages are written to the
|
<term>A data store</term>
|
||||||
data store without modification.</para>
|
<listitem><para>A database capable of handling
|
||||||
</listitem>
|
|
||||||
<listitem>
|
|
||||||
<para>An alarm notifier (<systemitem class="service"
|
|
||||||
>ceilometer-alarm-notifier</systemitem>). Runs on one or more
|
|
||||||
central management servers to allow setting alarms based on
|
|
||||||
threshold evaluation for a collection of samples.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
<listitem>
|
|
||||||
<para>A data store. A database capable of handling
|
|
||||||
concurrent writes (from one or more collector instances)
|
concurrent writes (from one or more collector instances)
|
||||||
and reads (from the API server).</para>
|
and reads (from the API server).</para></listitem>
|
||||||
</listitem>
|
</varlistentry>
|
||||||
<listitem>
|
<varlistentry>
|
||||||
<para>An API server (<systemitem class="service"
|
<term>An API server (<systemitem
|
||||||
>ceilometer-api</systemitem>). Runs on one or more central
|
class="service">ceilometer-api</systemitem>)</term>
|
||||||
management
|
<listitem><para>Runs on one or more central management servers to
|
||||||
servers to provide access to the data from the data store.</para>
|
provide data access from the data store.</para></listitem>
|
||||||
</listitem>
|
</varlistentry>
|
||||||
</itemizedlist>
|
</variablelist>
|
||||||
<para>These services communicate by using the standard OpenStack
|
<para>These services communicate by using the OpenStack messaging bus.
|
||||||
messaging bus. Only the collector and API server have access
|
Only the collector and API server have access
|
||||||
to the data store.</para>
|
to the data store.</para>
|
||||||
</section>
|
</section>
|
||||||
|
@ -4,30 +4,27 @@
|
|||||||
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
|
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
|
||||||
xml:id="keystone-concepts">
|
xml:id="keystone-concepts">
|
||||||
<?dbhtml stop-chunking?>
|
<?dbhtml stop-chunking?>
|
||||||
<title>Identity Service concepts</title>
|
<title>OpenStack Identity concepts</title>
|
||||||
<para>The <glossterm>Identity Service</glossterm> performs the following
|
<para>The OpenStack<glossterm>Identity Service</glossterm> performs the
|
||||||
functions:</para>
|
following functions:</para>
|
||||||
<itemizedlist spacing="compact">
|
<itemizedlist spacing="compact">
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>User management. Tracks users and their
|
<para>Tracking users and their permissions.</para>
|
||||||
permissions.</para>
|
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para><glossterm baseform="service catalog">Service
|
<para>Providing a catalog of available services with their API
|
||||||
catalog</glossterm>. Provides a catalog of available
|
endpoints.</para>
|
||||||
services with their API endpoints.</para>
|
|
||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
<para>To understand the Identity Service, you must understand the
|
<para>To understand OpenStack Identity, you must understand the
|
||||||
following concepts:</para>
|
following concepts:</para>
|
||||||
<variablelist wordsize="10">
|
<variablelist>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><glossterm>User</glossterm>
|
<term>User</term>
|
||||||
</term>
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Digital representation of a person, system, or
|
<para>Digital representation of a person, system, or
|
||||||
service who uses OpenStack cloud services. The
|
service who uses OpenStack cloud services. The
|
||||||
Identity Service validates that incoming requests
|
Identity service validates that incoming requests
|
||||||
are made by the user who claims to be making the
|
are made by the user who claims to be making the
|
||||||
call. Users have a login and may be assigned
|
call. Users have a login and may be assigned
|
||||||
tokens to access resources. Users can be directly
|
tokens to access resources. Users can be directly
|
||||||
@ -36,50 +33,45 @@
|
|||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><glossterm>Credentials</glossterm>
|
<term>Credentials</term>
|
||||||
</term>
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Data that is known only by a user that proves
|
<para>Data that confirms the user's identity. For example, user
|
||||||
who they are. In the Identity Service, examples
|
name and password; user name and API key; or an
|
||||||
are: User name and password, user name and API
|
authentication token provided by the Identity
|
||||||
key, or an authentication token provided by the
|
Service.</para>
|
||||||
Identity Service.</para>
|
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><glossterm>Authentication</glossterm></term>
|
<term>Authentication</term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>The act of confirming the identity of a user.
|
<para>The process of confirming the identity of a user.
|
||||||
The Identity Service confirms an incoming request
|
OpenStack Identity confirms an incoming request
|
||||||
by validating a set of credentials supplied by the
|
by validating a set of credentials supplied by the
|
||||||
user.</para>
|
user.</para>
|
||||||
<para>These credentials are initially a user name and
|
<para>These credentials are initially a user name and
|
||||||
password or a user name and API key. In response
|
password; or a user name and API key. When user
|
||||||
to these credentials, the Identity Service issues
|
credentials are validated, OpenStack Identity issues an
|
||||||
an authentication token to the user, which the
|
authentication token which the user provides in subsequent
|
||||||
user provides in subsequent requests.</para>
|
requests.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><glossterm>Token</glossterm></term>
|
<term>Token</term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>An arbitrary bit of text that is used to access
|
<para>An arbitrary bit of text that is used to access
|
||||||
resources. Each token has a scope which describes
|
resources. Each token has information which defines
|
||||||
which resources are accessible with it. A token
|
access to resources. A token may be revoked at any time
|
||||||
may be revoked at any time and is valid for a
|
and is valid for a finite duration.</para>
|
||||||
finite duration.</para>
|
<para>While OpenStack Identity supports token-based
|
||||||
<para>While the Identity Service supports token-based
|
|
||||||
authentication in this release, the intention is
|
authentication in this release, the intention is
|
||||||
for it to support additional protocols in the
|
to support additional protocols in the future. Its main
|
||||||
future. The intent is for it to be an integration
|
purpose is to be an integration service, and not aspire to
|
||||||
service foremost, and not aspire to be a
|
be a full-fledged identity store and management
|
||||||
full-fledged identity store and management
|
|
||||||
solution.</para>
|
solution.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><glossterm>Tenant</glossterm>
|
<term>Tenant</term>
|
||||||
</term>
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>A container used to group or isolate resources
|
<para>A container used to group or isolate resources
|
||||||
and/or identity objects. Depending on the service
|
and/or identity objects. Depending on the service
|
||||||
@ -88,47 +80,38 @@
|
|||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><glossterm>Service</glossterm>
|
<term>Service</term>
|
||||||
</term>
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>An OpenStack service, such as Compute (nova),
|
<para>An OpenStack service, such as Compute (nova),
|
||||||
Object Storage (swift), or Image Service (glance).
|
Object Storage (swift), or Image Service (glance). It
|
||||||
Provides one or more endpoints through which users
|
provides one or more endpoints through which users can
|
||||||
can access resources and perform
|
access resources and perform operations.</para>
|
||||||
operations.</para>
|
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><glossterm>Endpoint</glossterm>
|
<term>Endpoint</term>
|
||||||
</term>
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>A network-accessible address, usually described
|
<para>A network-accessible address where you access a service,
|
||||||
by a URL, from where you access a service. If using
|
usually a URL address. If you are using an extension for
|
||||||
an extension for templates, you can create an
|
templates, an endpoint template can be created, which
|
||||||
endpoint template, which represents the templates
|
represents the templates of all the consumable services
|
||||||
of all the consumable services that are available
|
that are available across the regions.</para>
|
||||||
across the regions.</para>
|
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><glossterm>Role</glossterm>
|
<term>Role</term>
|
||||||
</term>
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>A personality that a user assumes that enables
|
<para>A personality with a defined set of user rights and
|
||||||
them to perform a specific set of operations. A
|
privileges to perform a specific set of operations.</para>
|
||||||
role includes a set of rights and privileges. A
|
<para>In the Identity service, a token that is issued
|
||||||
user assuming that role inherits those rights and
|
to a user includes the list of roles. Services that are
|
||||||
privileges.</para>
|
being called by that user determine how they interpret the
|
||||||
<para>In the Identity Service, a token that is issued
|
set of roles a user has and to which operations or
|
||||||
to a user includes the list of roles that user
|
resources each role grants access.</para>
|
||||||
has. Services that are being called by that user
|
|
||||||
determine how they interpret the set of roles a
|
|
||||||
user has and to which operations or resources each
|
|
||||||
role grants access.</para>
|
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
</variablelist>
|
</variablelist>
|
||||||
<para>The following diagram shows the Identity Service process
|
<para>The following diagram shows the OpenStack Identity process
|
||||||
flow:</para>
|
flow:</para>
|
||||||
<mediaobject>
|
<mediaobject>
|
||||||
<imageobject role="fo">
|
<imageobject role="fo">
|
||||||
|
@ -41,7 +41,7 @@
|
|||||||
<tr>
|
<tr>
|
||||||
<td>Implemented as a filesystem underlying OpenStack
|
<td>Implemented as a filesystem underlying OpenStack
|
||||||
Compute</td>
|
Compute</td>
|
||||||
<td>Mounted via OpenStack Block-Storage controlled protocol
|
<td>Mounted via OpenStack Block Storage controlled protocol
|
||||||
(for example, iSCSI)</td>
|
(for example, iSCSI)</td>
|
||||||
<td>REST API</td>
|
<td>REST API</td>
|
||||||
</tr>
|
</tr>
|
||||||
@ -58,27 +58,26 @@
|
|||||||
</tr>
|
</tr>
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
<?hard-pagebreak?>
|
|
||||||
<para>Other points of note include: <itemizedlist>
|
<para>You should note that:<itemizedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para><emphasis>OpenStack Object Storage is not used like a
|
<para><emphasis>You cannot use OpenStack Object Storage like a
|
||||||
traditional hard drive.</emphasis> Object storage is all
|
traditional hard drive.</emphasis> The Object Storage relaxes some
|
||||||
about relaxing some of the constraints of a POSIX-style file
|
of the constraints of a POSIX-style file system to get other gains.
|
||||||
system. The access to it is API-based (and the API uses
|
You can access the objects through an API which uses HTTP.
|
||||||
http). This is a good idea as if you don't have to provide
|
Subsequently you don't have to provide atomic operations (that is,
|
||||||
atomic operations (that is, you can rely on eventual
|
relying on eventual consistency), you can scale a storage system
|
||||||
consistency), you can much more easily scale a storage
|
easily and avoid a central point of failure.</para>
|
||||||
system and avoid a central point of failure.</para>
|
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para><emphasis>The OpenStack Image Service is used to manage
|
<para><emphasis>The OpenStack Image Service is used to manage
|
||||||
the virtual machine images in an OpenStack cluster, not
|
the virtual machine images in an OpenStack cluster, not
|
||||||
store them.</emphasis> Instead, it provides an
|
store them.</emphasis> It provides an abstraction to different
|
||||||
abstraction to different methods for storage - a bridge to
|
methods for storage - a bridge to the storage, not the storage
|
||||||
the storage, not the storage itself.</para>
|
itself.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para><emphasis>OpenStack Object Storage can function on its
|
<para><emphasis>The OpenStack Object Storage can function on its
|
||||||
own.</emphasis> The Object Storage (swift) product can be
|
own.</emphasis> The Object Storage (swift) product can be
|
||||||
used independently of the Compute (nova) product.</para>
|
used independently of the Compute (nova) product.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
Loading…
Reference in New Issue
Block a user