Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. absolute limit Impassable limits for guest VMs. Settings include total RAM size, maximum number of vCPUs, and maximum disk size. access control list A list of permissions attached to an object. An ACL specifies which users or system processes have access to objects. It also defines which operations can be performed on specified objects. Each entry in a typical ACL specifies a subject and an operation. For instance, ACL entry, (Alice, delete), for a file gives Alice permission to delete the file. access key Alternative term for an Amazon EC2 access key. See EC2 Access key. account The Object Storage context of an account. Do not confuse with a user account from an authentication service such as Active Directory, /etc/passwd, OpenLDAP, OpenStack Identity Service, and so on. account auditor Checks for missing replicas and incorrect or corrupted objects in a specified Object Storage account by running queries against the back-end SQLite database. account database A SQLite database that contains Object Storage accounts and related metadata and that the accounts server accesses. account reaper An Object Storage worker that scans for and deletes account databases and that the account server has marked for deletion. account server Lists containers in Object Storage and stores container information in the account database. account service An Object Storage component that provides account services such as list, create, modify, and audit. Do not confuse with OpenStack Identity Service, OpenLDAP, or similar user account services. accounting The Compute Service provides accounting information through the event notification and system usage data facilities. ACL See access control list. active/active configuration In a high availability setup with an active/active configuration, several systems share the load together and if one fails, the load is distributed to the remaining systems. Active Directory Authentication and Identity Service by Microsoft, based on LDAP. Supported in OpenStack. active/passive configuration In a high availability setup with an active/passive configuration, systems are set up to bring additional resources online to replace those that have failed. address pool A group of fixed and/or floating IP addresses that are assigned to a project and can be used by or assigned to the VM instances in a project. admin API A subset of API calls that are accessible to authorized administrators and are generally not accessible to end users or the public internet, can exist as a separate service (keystone) or can be a subset of another API (nova). admin server In the context of the Identity Service, the worker process that provides access to the admin API. Advanced Message Queuing Protocol (AMQP) The open standard messaging protocol used by OpenStack components for intra-service communications, provided by RabbitMQ, Qpid, or ZeroMQ. Advanced RISC Machine (ARM) Lower power consumption CPU often found in mobile and embedded devices. Supported by OpenStack. alert The Compute Service can send alerts through its notification system, which includes a facility to create custom notification drivers. Alerts can be sent to and displayed on the horizon dashboard. allocate The process of taking floating IP address from the address pool so it can be associated with a fixed IP on a guest VM instance. Amazon Kernel Image (AKI) Both a VM container format and disk format. Supported by Image Service. Amazon Machine Image (AMI) Both a VM container format and disk format. Supported by Image Service. Amazon Ramdisk Image (ARI) Both a VM container format and disk format. Supported by Image Service. AMQP Advanced Message Queue Protocol. An open Internet protocol for reliably sending and receiving messages. It enables building a diverse, coherent messaging ecosystem. Anvil A project that ports the shell script-based project named devstack to Python. Apache The Apache Software Foundation supports the Apache community of open-source software projects. These projects provide software products for the public good. Apache License 2.0 All OpenStack core projects are provided under the terms of the Apache License 2.0 license. Apache Web Server The most common web server software currently used on the Internet. API Application programming interface. API endpoint The daemon, worker, or service that a client communicates with to access an API. API endpoints can provide any number of services such as authentication, sales data, performance metrics, Compute VM commands, census data, and so on. API extension Custom modules that extend some OpenStack core APIs. API extension plug-in Alternative term for a Networking plug-in or Networking API extension. API key Alternative term for an API token. API server Any node running a daemon or worker that provides an API endpoint. API token Passed to API requests and used by OpenStack to verify that the client is authorized to run the requested operation. API version In OpenStack, the API version for a project is part of the URL. For example, example.com/nova/v1/foobar. applet A Java program that can be embedded into a web page. Application Programming Interface (API) A collection of specifications used to access a service, application, or program. Includes service calls, required parameters for each call, and the expected return values. application server A piece of software that makes available another piece of software over a network. Application Service Provider (ASP) Companies that rent specialized applications that help businesses and organizations provide additional services with less cost. arptables Tool used for maintaining Address Resolution Protocol packet filter rules in the Linux kernel firewall modules. Used along with iptables, ebtables, and ip6tables in Compute to provide firewall services for VMs. associate The process associating a Compute floating IP address with a fixed IP address. Asynchronous JavaScript and XML (AJAX) A group of interrelated web development techniques used on the client-side to create asynchronous web applications. Used extensively in horizon. ATA over Ethernet (AoE) A disk storage protocol tunneled within Ethernet. attach The process of connecting a VIF or vNIC to a L2 network in Networking. In the context of Compute, this process connects a storage volume to an instance. attachment (network) Association of an interface ID to a logical port. Plugs an interface into a port. auditing Provided in Compute through the system usage data facility. auditor A worker process that verifies the integrity of Object Storage objects, containers, and accounts. Auditors is the collective term for the Object Storage account auditor, container auditor, and object auditor. Austin Project name for the initial release of OpenStack. auth node Alternative term for an Object Storage authorization node. authentication The process that confirms that the user, process, or client is really who they say they are through private key, secret token, password, fingerprint, or similar method. authentication token A string of text provided to the client after authentication. Must be provided by the user or process in subsequent requests to the API endpoint. AuthN The Identity Service component that provides authentication services. authorization The act of verifying that a user, process, or client is authorized to perform an action. authorization node An Object Storage node that provides authorization services. AuthZ The Identity Service component that provides high-level authorization services. Auto ACK Configuration setting within RabbitMQ that enables or disables message acknowledgment. Enabled by default. auto declare A Compute RabbitMQ setting that determines if a message exchange is automatically created when the program starts. availability zone An Amazon EC2 concept of an isolated area that is used for fault tolerance. Do not confuse with an OpenStack Compute zone or cell. AWS Amazon Web Services. back-end Interactions and processes that are obfuscated from the user, such as Compute volume mount, data transmission to an isCSI target by a daemon, or Object Storage object integrity checks. back-end catalog The storage method used by the Identity Service catalog service to store and retrieve information about API endpoints that are available to the client. Examples include a SQL database, LDAP database, or KVS back end. back-end store The persistent data store used to save and retrieve a information for a service, such as lists of Object Storage objects, current state of guest VMs, lists of user names, and so on. Also, the method that the Image Service uses to get and store VM images. Options include Object Storage, local file system, S3, and HTTP. bandwidth The amount of available data used by communication resources such as the Internet. Represents the amount of data that is used to download things or the amount of data available to download. bare An Image Service container format that indicates that no container exists for the VM image. base image An OpenStack-provided image. Bexar A grouped release of projects related to OpenStack that came out in February of 2011. It included Compute (nova) and Object Storage (swift) only. binary Information that consists solely of ones and zeroes, which is the language of computers. bit A bit is a single digit number that is in base of 2 (either a zero or one). Bandwidth usage is measured in bits-per-second. bit-per-second (BPS) The universal measurement of how quickly data is transferred from place to place. block device A device that moves data in the form of blocks. These device nodes interface the devices, such as hard disks, CD-ROM drives, flash drives, and other addressable regions of memory. block migration A method of VM live migration used by KVM to evacuate instances from one host to another with very little downtime during a user-initiated switch-over. Does not require shared storage. Supported by Compute. Block Storage The OpenStack core project that enables management of volumes, volume snapshots, and volume types. The project name of Block Storage is cinder. BMC Baseboard Management Controller. The intelligence in the IPMI architecture, which is a specialized micro-controller that is embedded on the motherboard of a computer and acts as a server. Manages the interface between system management software and platform hardware. bootable disk image A type of VM image that exists as a single, bootable file. Bootstrap Protocol (BOOTP) A network protocol used by a network client to obtain an IP address from a configuration server. Provided in Compute through the dnsmasq daemon when using either the FlatDHCP manager or VLAN manager network manager. browser Any client software that enables a computer or device to access the Internet. builder file Contains configuration information that Object Storage uses to reconfigure a ring or recreate it from scratch after a serious failure. button class A group of related button types within horizon. Buttons to start, stop, and suspend VMs are in one class. Buttons to associate and disassociate floating IP addresses are in another class, and so on. byte Set of bits that make up a single character; there are usually 8 bits to a byte. CA Certificate Authority or Certification Authority. In cryptography, an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate. This enables others (relying parties) to rely upon signatures or assertions made by the private key that corresponds to the certified public key. In this model of trust relationships, a CA is a trusted third party for both the subject (owner) of the certificate and the party relying upon the certificate. CAs are characteristic of many public key infrastructure (PKI) schemes. cache pruner A program that keeps the Image Service VM image cache at or below its configured maximum size. Cactus An OpenStack grouped release of projects that came out in the spring of 2011. It included Compute (nova), Object Storage (swift), and the Image service (glance). CALL One of the RPC primitives used by the OpenStack message queue software. Sends a message and waits for a response. capability Defines resources for a cell, including CPU, storage, and networking. Can apply to the specific services within a cell or a whole cell. capacity cache A Compute back end database table that contains the current workload, amount of free RAM, number of VMs running on each host. Used to determine on which VM a host starts. capacity updater A notification driver that monitors VM instances and updates the capacity cache as needed. CAST One of the RPC primitives used by the OpenStack message queue software. Sends a message and does not wait for a response. catalog A list of API endpoints that are available to a user after authentication with the Identity Service. catalog service An Identity Service that lists API endpoints that are available to a user after authentication with the Identity Service. ceilometer The project name for the Telemetry service, which is an integrated project that provides metering and measuring facilities for OpenStack. cell Provides logical partitioning of Compute resources in a child and parent relationship. Requests are passed from parent cells to child cells if the parent cannot provide the requested resource. cell forwarding A Compute option that enables parent cells to pass resource requests to child cells if the parent cannot provide the requested resource. cell manager The Compute component that contains a list of the current capabilities of each host within the cell and routes requests as appropriate. CentOS A Linux distribution that is compatible with OpenStack. Ceph Massively scalable distributed storage system that consists of an object store, block store, and POSIX-compatible distributed file system. Compatible with OpenStack. CephFS The POSIX-compliant file system provided by Ceph. certificate authority A simple certificate authority provided by Compute for cloudpipe VPNs and VM image decryption. Challenge-Handshake Authentication Protocol (CHAP) An iSCSI authentication method supported by Compute. chance scheduler A scheduling method used by Compute that randomly chooses an available host from the pool. changes since A Compute API parameter that downloads changes to the requested item since your last request, instead of downloading a new, fresh set of data and comparing it against the old data. Chef An operating system configuration management tool supporting OpenStack deployments. child cell If a requested resource such as CPU time, disk storage, or memory is not available in the parent cell, the request is forwarded to its associated child cells. If the child cell can fulfill the request, it does. Otherwise, it attempts to pass the request to any of its children. cinder A core OpenStack project that provides block storage services for VMs. Cisco neutron plug-in A Networking plug-in for Cisco devices and technologies including UCS and Nexus. cloud architect A person who plans, designs, and oversees the creation of clouds. cloud computing A model that enables access to a shared pool of configurable computing resources, such as networks, servers, storage, applications, and services, that can be rapidly provisioned and released with minimal management effort or service provider interaction. cloud controller Collection of Compute components that represent the global state of the cloud, talks to services such as Identity Service authentication, Object Storage, and node/storage workers through a queue. cloud controller node A node that runs network, volume, API, scheduler and image services. Each service may be broken out into separate nodes for scalability or availability. Cloud Data Management Interface (CDMI) SINA standard that defines a RESTful API for managing objects in the cloud, currently unsupported in OpenStack. Cloud Infrastructure Management Interface (CIMI) An in-progress specification for cloud management. Currently unsupported in OpenStack. cloud-init A package commonly installed in VM images that performs initialization of an instance after boot using information that it retrieves from the metadata service such as the SSH public key and user data. cloudadmin One of the default roles in the Compute RBAC system. Grants complete system access. cloudpipe A Compute service that creates VPNs on a per-project basis. cloudpipe image A pre-made VM image that serves as a cloudpipe server. Essentially, OpenVPN running on Linux. CMDB Configuration Management Database. command filter Lists allowed commands within the Compute rootwrap facility. community project A project that is not officially endorsed by the OpenStack Foundation. If the project is successful enough, it might be elevated to an incubated project and then to a core project, or it might be merged with the main code trunk. compression Reduce the size of files by special encoding, the file can be decompressed again to its original content. OpenStack supports compression at the Linux file system level but does not support compression for things such as Object Storage objects or Image Service VM images. Compute The OpenStack core project that provides compute services. The project name of the Compute Service is nova. Compute API The nova-api daemon provides access to nova services. Can communicate with other APIs, such as the Amazon EC2 API. compute controller The Compute component that chooses suitable hosts on which to start VM instances. compute host Physical host dedicated to running compute nodes. compute node A node that runs the nova-compute daemon, a VM instance that provides a wide range of services such as a web services and analytics. compute service Name for the Compute component that manages VMs. compute worker The Compute component that runs on each compute node and manages the VM instance life cycle, including run, reboot, terminate, attach/detach volumes, and so on. Provided by the nova-compute daemon. concatenated object A set of segment objects that Object Storage combines and sends to the client. conductor In Compute, conductor is the process that proxies database requests from the compute process. Using conductor improves security as compute nodes do not need direct access to the database. consistency window The amount of time it takes for a new Object Storage object to become accessible to all clients. console log Contains the output from a Linux VM console in Compute. container Organizes and stores objects in Object Storage. Similar to the concept of a Linux directory but cannot be nested. Alternative term for an Image Service container format. container auditor Checks for missing replicas or incorrect objects in specified Object Storage containers through queries to the SQLite back-end database. container database A SQLite database that stores Object Storage containers and container metadata. The container server accesses this database. container format A wrapper used by the Image Service that contains a VM image and its associated metadata, such as machine state, OS disk size, and so on. container server An Object Storage server that manages containers. container service The Object Storage component that provides container services, such as create, delete, list, and so on. controller node Alternative term for a cloud controller node. core API Depending on context, the core API is either the OpenStack API or the main API of a specific core project, such as Compute, Networking, Image Service, and so on. core project An official OpenStack project. Currently consists of Compute (nova), Object Storage (swift), Image Service (glance), Identity (keystone), Dashboard (horizon), Networking (neutron), and Block Storage (cinder). The Telemetry module (ceilometer) and Orchestration module (heat) are integrated projects as of the Havana release. In the Icehouse release, the Database module (trove) gains integrated project status. cost Under the Compute distributed scheduler this is calculated by looking at the capabilities of each host relative to the flavor of the VM instance being requested. credentials Data that is only known to or accessible by a user that is used to verify the user is who they say they are and presented to the server during authentication. Examples include a password, secret key, digital certificate, fingerprint, and so on. Crowbar An open source community project by Dell that aims to provide all necessary services to quickly deploy clouds. current workload An element of the Compute capacity cache that is calculated based on the number of build, snapshot, migrate, and resize operations currently in progress on a given host. customer Alternative term for tenant. customization module A user-created Python module that is loaded by horizon to change the look and feel of the dashboard. daemon A process that runs in the background and waits for requests. May or may not listen on a TCP or UDP port. Do not confuse with a worker. DAC Discretionary access control. Governs the ability of subjects to access objects, while enabling users to make policy decisions and assign security attributes. The traditional UNIX system of users, groups, and read-write-execute permissions is an example of DAC. dashboard The web-based management interface for OpenStack. An alternative name for horizon. data encryption Both Image Service and Compute support encrypted virtual machine (VM) images (but not instances). In-transit data encryption is supported in OpenStack using technologies such as HTTPS, SSL, TLS, and SSH. Object Storage does not support object encryption at the application level but may support storage that uses disk encryption. database ID A unique ID given to each replica of an Object Storage database. database replicator An Object Storage component that copies changes in the account, container, and object databases to other nodes. deallocate The process of removing the association between a floating IP address and a fixed IP address. Once this association is removed, the floating IP returns to the address pool. Debian A Linux distribution that is compatible with OpenStack. deduplication The process of finding duplicate data at the disk block, file, and/or object level to minimize storage use, currently unsupported within OpenStack. default panel The default panel that is displayed when a user accesses the horizon dashboard. default tenant New users are assigned to this tenant if no tenant is specified when a user is created. default token An Identity Service token that is not associated with a specific tenant and is exchanged for a scoped token. delayed delete An option within Image Service so that rather than immediately delete an image, it is deleted after a pre-defined number of seconds. delivery mode Setting for the Compute RabbitMQ message delivery mode, can be set to either transient or persistent. deprecated auth An option within Compute that enables administrators to create and manage users through the nova-manage command as opposed to using the Identity Service. developer One of the default roles in the Compute RBAC system and is the default role assigned to a new user. device ID Maps Object Storage partitions to physical storage devices. device weight Distributes partitions proportionately across Object Storage devices based on the storage capacity of each device. DevStack Community project that uses shell scripts to quickly build complete OpenStack development environments. DHCP Dynamic Host Configuration Protocol. A network protocol that configures devices that are connected to a network so they can communicate on that network by using the Internet Protocol (IP). The protocol is implemented in a client-server model where DHCP clients request configuration data such as, an IP address, a default route, and one or more DNS server addresses from a DHCP server. Diablo A grouped release of projects related to OpenStack that came out in the fall of 2011, the fourth release of OpenStack. It included Compute (nova 2011.3), Object Storage (swift 1.4.3), and the Image service (glance). direct consumer An element of the Compute RabbitMQ that comes to life when a RPC call is executed. It connects to a direct exchange through a unique exclusive queue, sends the message, and terminates. direct exchange A routing table that is created within the Compute RabbitMQ during RPC calls, one is created for each RPC call that is invoked. direct publisher Element of RabbitMQ that provides a response to an incoming MQ message. disassociate The process of removing the association between a floating IP address and fixed IP and thus returning the floating IP address to the address pool. disk encryption The ability to encrypt data at the file system, disk partition or whole disk level. Supported within Compute VMs. disk format The underlying format that a disk image for a VM is stored as within the Image Service back-end store. For example, AMI, ISO, QCOW2, VMDK, and so on. dispersion In Object Storage, tools to test and ensure dispersion of objects and containers to ensure fault tolerance. Django A web framework used extensively in horizon. DNS Domain Name Server. A hierarchical and distributed naming system for computers, services, and resources connected to the Internet or a private network. Associates a human-friendly names to IP addresses. DNS record A record that specifies information about a particular domain and belongs to the domain. dnsmasq Daemon that provides DNS, DHCP, BOOTP, and TFTP services, used by the Compute VLAN manager and FlatDHCP manager. domain Separates a web site from other sites. Often, the domain name has two or more parts that are separated by dots. For example, yahoo.com, usa.gov, Harvard.edu, or mail.yahoo.com. A domain is an entity or container of all DNS-related information containing one or more records. Domain Name Service (DNS) In Compute, the support that enables associating DNS entries with floating IP addresses, nodes, or cells so host names are consistent across reboots. Domain Name System (DNS) A system by which Internet domain name-to-address and address-to-name resolutions are determined. DNS helps navigate the Internet by translating the IP address into an address that is easier to remember For example, translating 111.111.111.1 into www.yahoo.com. All domains and their components, such as mail servers, utilize DNS to resolve to the appropriate locations. DNS servers are usually set up in a master-slave relationship such that failure of the master invokes the slave. DNS servers might also be clustered or replicated such that changes made to one DNS server are automatically propagated to other active servers. download The transfer of data, usually in the form of files, from one computer to another. DRTM Dynamic root of trust measurement. durable exchange The Compute RabbitMQ message exchange that remains active when the server restarts. durable queue A Compute RabbitMQ message queue that remains active when the server restarts. Dynamic Host Configuration Protocol (DHCP) A method to automatically configure networking for a host at boot time. Provided by both Networking and Compute. Dynamic HyperText Markup Language (DHTML) Pages that use HTML, JavaScript, and CCS to enable users to interact with a web page or show simple animation. EBS boot volume An Amazon EBS storage volume that contains a bootable VM image, currently unsupported in OpenStack. ebtables Used in Compute along with arptables, iptables, and ip6tables to create firewalls and to ensure isolation of network communications. EC2 The Amazon commercial compute product, similar to Compute. EC2 access key Used along with an EC2 secret key to access the Compute EC2 API. EC2 API OpenStack supports accessing the Amazon EC2 API through Compute. EC2 Compatibility API A Compute component that enables OpenStack to communicate with Amazon EC2. EC2 secret key Used along with an EC2 access key when communicating with the Compute EC2 API, is used to digitally sign each request. Elastic Block Storage (EBS) The Amazon commercial block storage product. encryption OpenStack supports encryption technologies such as HTTPS, SSH, SSL, TLS, digital certificates, and data encryption. endpoint See API endpoint. endpoint registry Alternative term for an Identity Service catalog. endpoint template A list of URL and port number endpoints that indicate where a service, such as object storage, compute, identity, and so on, can be accessed. entity Any piece of hardware or software that wants to connect to the network services provided by Networking, the Network Connectivity service. An entity can make use of Networking by implementing a VIF. ephemeral image A VM image that does not save changes made to its volumes and reverts them to their original state after the instance is terminated. ephemeral volume Volume that does not save the changes made to it and reverts to its original state when the current user relinquishes control. Essex A grouped release of projects related to OpenStack that came out in April 2012, the fifth release of OpenStack. It included Compute (nova 2012.1), Object Storage (swift 1.4.8), Image (glance), Identity (keystone), and Dashboard (horizon). ESX An OpenStack-supported hypervisor. ESXi An OpenStack-supported hypervisor. ebtables Filtering tool for a Linux bridging firewall, enabling filtering of network traffic passing through a Linux bridge. Used to restrict communications between hosts and/or nodes in OpenStack Compute along with iptables, arptables, and ip6tables. ETag MD5 hash of an object within Object Storage, used to ensure data integrity. euca2ools A collection of command-line tools for administering VMs, most are compatible with OpenStack. Eucalyptus Kernel Image (EKI) Used along with an ERI to create an EMI. Eucalyptus Machine Image (EMI) VM image container format supported by Image Service. Eucalyptus Ramdisk Image (ERI) Used along with an EKI to create an EMI. evacuate The process of migrating one or all virtual machine (VM) instances from one host to another, compatible with both shared storage live migration and block migration. exchange Alternative term for a RabbitMQ message exchange. exchange type A routing algorithm in the Compute RabbitMQ. exclusive queue Connected to by a direct consumer in RabbitMQ / Compute, the message can only be consumed by the current connection. extended attributes (xattrs) File system option that enables storage of additional information beyond owner, group, permissions, modification time, and so on. The underlying Object Storage file system must support extended attributes. extension Alternative term for a Compute API extension or plug-in. In the context of Identity Service this is a call that is specific to the implementation, such as adding support for OpenID. extra specs Specifies additional requirements when Compute determines where to start a new instance. Examples include a minimum amount of network bandwidth or a GPU. FakeLDAP An easy method to create a local LDAP directory for testing Identity Service and Compute. Requires Redis. fan-out exchange Within RabbitMQ and Compute it is the messaging interface that is used by the scheduler service to receive capability messages from the compute, volume, and network nodes. Fedora A Linux distribution compatible with OpenStack. Fibre Channel Storage protocol similar in concept to TCP/IP, encapsulates SCSI commands and data. Fibre Channel over Ethernet (FCoE) The fibre channel protocol tunneled within Ethernet. fill-first scheduler The Compute scheduling method that attempts to fill a host with VMs rather than starting new VMs on a variety of hosts. filter The step in the Compute scheduling process when hosts that cannot run VMs are eliminated and not chosen. firewall Used to restrict communications between hosts and/or nodes, implemented in Compute using iptables, arptables, ip6tables and etables. fixed IP address An IP address that is associated with the same instance each time that instance boots, generally not accessible to end users or the public internet, used for management of the instance. Flat Manager The Compute component that gives IP addresses to authorized nodes and assumes DHCP, DNS, and routing configuration and services are provided by something else. flat mode injection A Compute networking method where the OS network configuration information is injected into the VM image before the instance starts. flat network The Network Controller provides virtual networks to enable compute servers to interact with each other and with the public network. All machines must have a public and private network interface. A flat network is a private network interface, which is controlled by the flat_interface option with flat managers. FlatDHCP Manager The Compute component that provides dnsmasq (DHCP, DNS, BOOTP, TFTP) and radvd (routing) services. flavor Alternative term for a VM instance type. flavor ID UUID for each Compute or Image Service VM flavor or instance type. floating IP address An IP address that a project can associate with a VM so the instance has the same public IP address each time that it boots. You create a pool of floating IP addresses and assign them to instances as they are launched to maintain a consistent IP address for maintaining DNS assignment. Folsom A grouped release of projects related to OpenStack that came out in the fall of 2012, the sixth release of OpenStack. It includes Compute (nova), Object Storage (swift), Identity (keystone), Networking (neutron), Image service (glance) and Volumes or Block Storage (cinder). FormPost Object Storage middleware that uploads (posts) an image through a form on a web page. front-end The point where a user interacts with a service, can be an API endpoint, the horizon dashboard, or a command-line tool. gateway Hardware or software that translates between two different protocols. glance A core project that provides the OpenStack Image Service. glance API server Processes client requests for VMs, updates Image Service metadata on the registry server, and communicates with the store adapter to upload VM images from the back-end store. glance registry Alternative term for the Image Service image registry. global endpoint template The Identity Service endpoint template that contains services available to all tenants. GlusterFS A file system designed to aggregate NAS hosts, compatible with OpenStack. golden image A method of operating system installation where a finalized disk image is created and then used by all nodes without modification. Graphic Interchange Format (GIF) A type of image file that is commonly used for animated images on web pages. Graphics Processing Unit (GPU) Choosing a host based on the existence of a GPU is currently unsupported in OpenStack. Green Threads The cooperative threading model used by Python, reduces race conditions, and only context switches when specific library calls are made. Each OpenStack service is its own thread. Grizzly Project name for the seventh release of OpenStack. guest OS An operating system instance running under the control of a hypervisor. Hadoop Apache Hadoop is an open-source software framework that supports data-intensive distributed applications. handover An object state in Object Storage where a new replica of the object is automatically created due to a drive failure. hard reboot A type of reboot where a physical or virtual power button is pressed as opposed to a graceful, proper shutdown of the operating system. Havana Project name for the eighth release of OpenStack. heat An integrated project that aims to orchestrate multiple cloud applications for OpenStack. horizon OpenStack project that provides a dashboard, which is a web interface. horizon plug-in A plug-in for the OpenStack dashboard (horizon). host A physical computer, not a VM instance (node). host aggregate A method to further subdivide availability zones into hypervisor pools, a collection of common hosts. Host Bus Adapter (HBA) Device plugged into a PCI slot such as a fibre channel or network card. HTTP Hypertext Transfer Protocol. HTTP is an application protocol for distributed, collaborative, hypermedia information systems. It is the foundation of data communication for the World Wide Web. Hypertext is structured text that uses logical links (hyper links) between nodes containing text. HTTP is the protocol to exchange or transfer hypertext. HTTPS Hypertext Transfer Protocol Secure (HTTPS) is a communications protocol for secure communication over a computer network, with especially wide deployment on the Internet. Technically, it is not a protocol in and of itself; rather, it is the result of simply layering the Hypertext Transfer Protocol (HTTP) on top of the SSL/TLS protocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications. Hyper-V One of the hypervisors supported by OpenStack. hyper link Any kind of text that contains a link to some other site, commonly found in documents where clicking on a word or words opens up a different web site. HyperText Transfer Protocol (HTTP) The protocol that tells browsers where to go to find information. Hypertext Transfer Protocol Secure (HTTPS) Encrypted HTTP communications using SSL or TLS, most OpenStack API endpoints and many inter-component communications support HTTPS communication. hypervisor Software that arbitrates and controls VM access to the actual underlying hardware. hypervisor pool A collection of hypervisors grouped together through host aggregates. IaaS Infrastructure as a Service. IaaS is a provision model in which an organization outsources the equipment used to support operations, including storage, hardware, servers and networking components. The service provider owns the equipment and is responsible for housing, running and maintaining it. The client typically pays on a per-use basis. IaaS is a model for providing cloud services. Icehouse Project name for the ninth release of OpenStack. ID number Unique numeric ID associated with each user in Identity Service, conceptually similar to a Linux or LDAP UID. Identity API Alternative term for the Identity Service API. Identity back-end The source used by Identity Service to retrieve user information an OpenLDAP server for example. Identity Service The OpenStack core project that provides a central directory of users mapped to the OpenStack services they can access. It also registers endpoints for OpenStack services. It acts as a common authentication system. The project name of the Identity Service is keystone. Identity Service API The API used to access the OpenStack Identity Service provided through keystone. IDS Intrusion Detection System image A collection of files for a specific operating system (OS) that you use to create or rebuild a server. OpenStack provides pre-built images. You can also create custom images, or snapshots, from servers that you have launched. Custom images can be used for data backups or as "gold" images for additional servers. Image API The Image Service API endpoint for management of VM images. image cache Used by Image Service to obtain images on the local host rather than re-downloading them from the image server each time one is requested. image ID Combination of URI and UUID used to access Image Service VM images through the image API. image membership A list of tenants that can access a given VM image within Image Service. image owner The tenant who owns an Image Service virtual machine image. image registry A list of VM images that are available through Image Service. Image Service An OpenStack core project that provides discovery, registration, and delivery services for disk and server images. The project name of the Image Service is glance. Image Service API Alternative name for the glance image API. image status The current status of a VM image in Image Service, not to be confused with the status of a running instance. image store The back-end store used by Image Service to store VM images, options include Object Storage, local file system, S3, or HTTP. image UUID UUID used by Image Service to uniquely identify each VM image. incubated project A community project may be elevated to this status and is then promoted to a core project. ingress filtering The process of filtering incoming network traffic. Supported by Compute. injection The process of putting a file into a virtual machine image before the instance is started. instance A running VM, or a VM in a known state such as suspended that can be used like a hardware server. instance ID Alternative term for instance UUID. instance state The current state of a guest VM image. instance type Describes the parameters of the various virtual machine images that are available to users, includes parameters such as CPU, storage, and memory. Alternative term for flavor. instance type ID Alternative term for a flavor ID. instance UUID Unique ID assigned to each guest VM instance. interface ID Unique ID for a Networking VIF or vNIC in the form of a UUID. Internet Service Provider (ISP) Any business that provides Internet access to individuals or businesses. ironic OpenStack project that provisions bare metal, as opposed to virtual, machines. IP address Number that is unique to every computer system on the Internet. Two versions of the Internet Protocol (IP) are in use for addresses: IPv4 and IPv6. IP Address Management (IPAM) The process of automating IP address allocation, deallocation, and management. Currently provided by Compute, melange, and Networking. IPL Initial Program Loader. IPMI Intelligent Platform Management Interface. IPMI is a standardized computer system interface used by system administrators for out-of-band management of computer systems and monitoring of their operation. In layman's terms, it is a way to manage a computer using a direct network connection, whether it is turned on or not; connecting to the hardware rather than an operating system or login shell. ip6tables Tool used to set up, maintain, and inspect the tables of IPv6 packet filter rules in the Linux kernel. In OpenStack Compute, ip6tables is used along with arptables, ebtables, and iptables to create firewalls for both nodes and VMs. iptables Used along with arptables and ebtables, iptables create firewalls in Compute. iptables are the tables provided by the Linux kernel firewall (implemented as different Netfilter modules) and the chains and rules it stores. Different kernel modules and programs are currently used for different protocols; iptables applies to IPv4, ip6tables to IPv6, arptables to ARP, and ebtables to Ethernet frames. Requires root privilege to manipulate. iSCSI The SCSI disk protocol tunneled within Ethernet, supported by Compute, Object Storage, and Image Service. ISO9960 One of the VM image disk formats supported by Image Service. itsec A default role in the Compute RBAC system that can quarantine an instance in any project. Java A programming language that is used to create systems that involve more than one computer by way of a network. JavaScript A scripting language that is used to build web pages. JavaScript Object Notation (JSON) One of the supported response formats in OpenStack. Jenkins Tool used to run jobs automatically for OpenStack development. Juno Project name for the tenth release of OpenStack. kernel-based VM (KVM) An OpenStack-supported hypervisor. keystone The project that provides OpenStack Identity services. Kickstart A tool to automate system configuration and installation on Red Hat, Fedora, and CentOS based Linux distributions. large object An object within Object Storage that is larger than 5 GBs. Launchpad The collaboration site for OpenStack. Layer-2 network Term used for OSI network architecture for the data link layer. libvirt Virtualization API library used by OpenStack to interact with many of its supported hypervisors. Linux bridge Software that enables multiple VMs to share a single physical NIC within Compute. Linux Bridge neutron plug-in Enables a Linux bridge to understand a Networking port, interface attachment, and other abstractions. Linux containers (LXC) An OpenStack-supported hypervisor. live migration The ability within Compute to move running virtual machine instances from one host to another with only a small service interruption during switch-over. load balancer A load balancer is a logical device which belongs to a cloud account. It is used to distribute workloads between multiple back-end systems or services, based on the criteria defined as part of its configuration. load balancing The process of spreading client requests between two or more nodes to improve performance and availability. management API Alternative term for an admin API. management network A network segment used for administration, not accessible to the public internet. manager Logical groupings of related code such as the Block Storage volume manager or network manager. manifest Used to track segments of a large object within Object Storage. manifest object A special Object Storage object that contains the manifest for a large object. marconi OpenStack project that provides a queue service to applications. melange Project name for OpenStack Network Information Service. To be merged with Networking. membership The association between an Image Service VM image and a tenant. Enables images to be shared with specified tenants. membership list A list of tenants that can access a given VM image within Image Service. memcached A distributed memory object caching system that is used by Object Storage for caching. memory overcommit The ability to start new VM instances based on the actual memory usage of a host, as opposed to basing the decision on the amount of RAM each running instance thinks it has available. Also known as RAM overcommit. message broker The software package used to provide AMQP messaging capabilities within Compute. Default package is RabbitMQ. message bus The main virtual communication line used by all AMQP messages for inter-cloud communications within Compute. message queue Passes requests from clients to the appropriate workers and returns the output to the client after the job completes. Meta-Data Server (MDS) Stores CephFS metadata. migration The process of moving a VM instance from one host to another. multinic Facility in Compute that allows each virtual machine instance to have more than one VIF connected to it. Modular Layer 2 (ML2) neutron plug-in Can concurrently use multiple layer 2 networking technologies, such as 802.1Q and VXLAN, in Networking. Monitor (Mon) A Ceph component that communicates with external clients, checks data state and consistency, and performs quorum functions. multi-factor authentication Authentication method that uses two or more credentials, such as a password and a private key. Currently not supported in Identity Service. MultiNic Facility in Compute that enables a virtual machine instance to have more than one VIF connected to it. Nebula Released as open source by NASA in 2010 and is the basis for Compute. netadmin One of the default roles in the Compute RBAC system. Enables the user to allocate publicly accessible IP addresses to instances and change firewall rules. NetApp volume driver Enables Compute to communicate with NetApp storage devices through the NetApp OnCommand Provisioning Manager. network A virtual network that provides connectivity between entities. For example, a collection of virtual ports that share network connectivity. In Networking terminology, a network is always a Layer-2 network. Network Address Translation (NAT) The process of modifying IP address information while in-transit. Supported by Compute and Networking. network controller A Compute daemon that orchestrates the network configuration of nodes including includes IP addresses, VLANs, bridging, and manages routing for both public and private networks. Network File System (NFS) A method for making file systems available over the network. Supported by OpenStack. network ID Unique ID assigned to each network segment within Networking. Same as network UUID network manager The Compute component that manages various network components, such as firewall rules, IP address allocation, and so on. network node Any Compute node that runs the network worker daemon. network segment Represents a virtual, isolated OSI layer 2 subnet in Networking. Network Time Protocol (NTP) A method of keeping a clock for a host or node correct through communications with a trusted, accurate time source. network UUID Unique ID for a Networking network segment. network worker The nova-network worker daemon, provides services such as giving an IP address to a booting nova instance. Networking A core OpenStack project that provides a network connectivity abstraction layer to OpenStack Compute. The project name of Networking is neutron. Networking API API used to access OpenStack Networking. Provides an extensible architecture to enable custom plug-in creation. neutron A core OpenStack project that provides a network connectivity abstraction layer to OpenStack Compute. neutron API An alternative name for Networking API. neutron manager Enables Compute and Networking integration, which enables Networking to perform network management for guest VMs. neutron plug-in Interface within Networking that enables organizations to create custom plug-ins for advanced features such as QoS, ACLs, or IDS. Nexenta volume driver Provides support for NexentaStor devices in Compute. No ACK Disables server-side message acknowledgment in the Compute RabbitMQ. Increases performance but decreases reliability. node A VM instance that runs on a host. non-durable exchange Message exchange that is cleared when the service restarts. Its data is not written to persistent storage. non-durable queue Message queue that is cleared when the service restarts. Its data is not written to persistent storage. non-persistent volume Alternative term for an ephemeral volume. nova OpenStack project that provides compute services. Nova API Alternative term for the Compute API. nova-network A Compute component that manages IP address allocation, firewalls, and other network-related tasks. This is the legacy networking option and an alternative to Networking. object A BLOB of data held by Object Storage, can be in any format. object auditor Opens all objects for an object server and verifies the MD5 hash, size, and metadata for each object. object expiration A configurable option within Object Storage to automatically delete objects after a specified amount of time has passed or a certain date is reached. object hash Uniquely ID for an Object Storage object. object path hash Used by Object Storage to determine the location of an object in the ring. Maps objects to partitions. object replicator An Object Storage component that copies and object to remote partitions for fault tolerance. object server An Object Storage component that is responsible for managing objects. Object Storage The OpenStack core project that provides eventually consistent and redundant storage and retrieval of fixed digital content. The project name of OpenStack Object Storage is swift. Object Storage API API used to access OpenStack Object Storage. Object Storage Device (OSD) The Ceph storage daemon. object versioning Allows a user to set a flag on an Object Storage container so all objects within the container are versioned. Oldie Term for an Object Storage process that runs for a long time. Can indicate a hung process. Open Cloud Computing Interface (OCCI) A standardized interface for managing compute, data, and network resources, currently unsupported in OpenStack. Open Virtualization Format (OVF) Standard for packaging VM images. Supported in OpenStack. Open vSwitch neutron plug-in Provides support for Open vSwitch in Networking. OpenLDAP An open source LDAP server. Supported by both Compute and Identity Service. OpenStack OpenStack is a cloud operating system that controls large pools of compute, storage, and networking resources throughout a datacenter, all managed through a dashboard that gives administrators control while empowering their users to provision resources through a web interface. OpenStack is an Open Source project licensed under the Apache License 2.0. openSUSE A Linux distribution that is compatible with OpenStack. operator The person responsible for planning and maintaining an OpenStack installation. Orchestration An integrated project that orchestrates multiple cloud applications for OpenStack. The project name of Orchestration is heat. orphan In the context of Object Storage this is a process that is not terminated after an upgrade, restart, or reload of the service. parent cell If a requested resource, such as CPU time, disk storage, or memory, is not available in the parent cell, the request is forwarded to associated child cells. partition A unit of storage within Object Storage used to store objects, exists on top of devices, replicated for fault tolerance. partition index Contains the locations of all Object Storage partitions within the ring. partition shift value Used by Object Storage to determine which partition data should reside on. pause A VM state where no changes occur (no changes in memory, network communications stop, etc), the VM is frozen but not shut down. PCI passthrough Gives guest VMs exclusive access to a PCI device. Currently supported in OpenStack Havana and later releases. persistent message A message that is stored both in memory and on disk, the message is not lost after a failure or restart. persistent volume Changes to these types of disk volumes are saved. personality file A file used to customize a Compute instance, can be used to inject SSH keys or a specific network configuration. plug-in Software component providing the actual implementation for Networking APIs, or for Compute APIs, depending on the context. policy service Component of Identity Service that provides a rule management interface and a rule based authorization engine. port A virtual network port within Networking, VIFs / vNICs are connected to a port. port UUID Unique ID for a Networking port. preseed A tool to automate system configuration and installation on Debian-based Linux distributions. private image An Image Service VM image that is only available to specified tenants. private IP address An IP address used for management and administration, not available to the public internet. private network The Network Controller provides virtual networks to enable compute servers to interact with each other and with the public network. All machines must have a public and private network interface. A private network interface can be a flat or VLAN network interface. A flat network interface is controlled by the flat_interface with flat managers. A VLAN network interface is controlled by the vlan_interface option with VLAN managers. project A logical grouping of users within Compute, used to define quotas and access to VM images. project ID User defined alpha-numeric string in Compute, the name of a project. project VPN Alternative term for a cloudpipe. provider An administrator who has access to all hosts and instances. proxy node A node that provides the Object Storage proxy service. proxy server Users of Object Storage interact with the service through the proxy server which in-turn looks up the location of the requested data within the ring and returns the results to the user. public API An API endpoint used for both service to service communication and end user interactions. public image An Image Service VM image that is available to all tenants. public IP address An IP address that is accessible to end-users. public network The Network Controller provides virtual networks to enable compute servers to interact with each other and with the public network. All machines must have a public and private network interface. The public network interface is controlled by the public_interface option. Puppet An operating system configuration management tool supported by OpenStack. Python Programming language used extensively in OpenStack. QEMU Copy On Write 2 (QCOW2) One of the VM image disk formats supported by Image Service. Qpid Message queue software supported by OpenStack, an alternative to RabbitMQ. quarantine If Object Storage finds objects, containers, or accounts that are corrupt they are placed in this state, are not replicated, cannot be read by clients, and a correct copy is re-replicated. Quick EMUlator (QEMU) QEMU is a generic and open source machine emulator and virtualizer. One of the hypervisors supported by OpenStack, generally used for development purposes. quota In Compute and Block Storage, the ability to set resource limits on a per-project basis. RabbitMQ The default message queue software used by OpenStack. Rackspace Cloud Files Released as open source by Rackspace in 2010, the basis for Object Storage. RADOS Block Device (RBD) Ceph component that enables a Linux block device to be striped over multiple distributed data stores. radvd The router advertisement daemon, used by the Compute VLAN manager and FlatDHCP manager to provide routing services for VM instances. RAM filter The Compute setting that enables or disables RAM overcommitment. RAM overcommit The ability to start new VM instances based on the actual memory usage of a host, as opposed to basing the decision on the amount of RAM each running instance thinks it has available. Also known as memory overcommit. rate limit Configurable option within Object Storage to limit database writes on a per-account and/or per-container basis. raw One of the VM image disk formats supported by Image Service, an unstructured disk image. rebalance The process of distributing Object Storage partitions across all drives in the ring, used during initial ring creation and after ring reconfiguration. reboot Either a soft or hard reboot of a server. With a soft reboot, the operating system is signaled to restart, which enables a graceful shutdown of all processes. A hard reboot is the equivalent of power cycling the server. The virtualization platform should ensure that the reboot action has completed successfully even in cases in which the underlying domain/vm is paused or halted/stopped. rebuild Removes all data on the server and replaces it with the specified image. Server ID and IP addresses remain the same. Recon An Object Storage component that collects metrics. record Belongs to a particular domain and is used to specify information about the domain. There are several types of DNS records. Each record type contains particular information used to describe the purpose of that record. Examples include mail exchange (MX) records, which specify the mail server for a particular domain, and name server (NS) records, which specify the authoritative name servers for a domain. record ID A number within a database that is incremented each time a change is made. Used by Object Storage when replicating. Red Dwarf Lite Community project that aims to provide database as a service. Red Hat Enterprise Linux (RHEL) A Linux distribution that is compatible with OpenStack. reference architecture A recommended architecture for an OpenStack cloud. region A Discrete OpenStack environment with dedicated API endpoints that typically shares only the Identity Service (keystone) with other regions. registry Alternative term for the Image Service registry. registry server An Image Service that provides VM image metadata information to clients. Reliable, Autonomic Distributed Object Store (RADOS) A collection of components that provides object storage within Ceph. Similar to OpenStack Object Storage. Remote Procedure Call (RPC) The method used by the Compute RabbitMQ for intra-service communications. replica Provides data redundancy and fault tolerance by creating copies of Object Storage objects, accounts, and containers so they are not lost when the underlying storage fails. replica count The number of replicas of the data in an Object Storage ring. replication The process of copying data to a separate physical device for fault tolerance and performance. replicator The Object Storage back-end process that creates and manages object replicas. request ID Unique ID assigned to each request sent to Compute. rescue image A special type of VM image that is booted when an instance is placed into rescue mode. Allows an administrator to mount the file systems for an instance to correct the problem. resize Converts an existing server to a different flavor, which scales the server up or down. The original server is saved to enable rollback if a problem occurs. All resizes must be tested and explicitly confirmed, at which time the original server is removed. RESTful A kind of web service API that uses REST, or Representational State Transfer. REST is the style of architecture for hypermedia systems that is used for the World Wide Web. ring An entity that maps Object Storage data to partitions. A separate ring exists for each service, such as account, object, and container. ring builder Builds and manages rings within Object Storage, assigns partitions to devices, and pushes the configuration to other storage nodes. Role Based Access Control (RBAC) Provides a predefined list of actions that the user can perform such as start or stop VMs, reset passwords, and so on. Supported in both Identity Service and Compute and can be configured using the horizon dashboard. role A personality that a user assumes that enables them to perform a specific set of operations. A role includes a set of rights and privileges. A user assuming that role inherits those rights and privileges. role ID Alpha-numeric ID assigned to each Identity Service role. rootwrap A feature of Compute that allows the unprivileged "nova" user to run a specified list of commands as the Linux root user. round-robin scheduler Type of Compute scheduler that evenly distributes instances among available hosts. routing key The Compute direct exchanges, fanout exchanges, and topic exchanges use this to determine how to process a message, processing varies depending on exchange type. RPC driver Modular system that allows the underlying message queue software of Compute to be changed. For example, from RabbitMQ to ZeroMQ or Qpid. rsync Used by Object Storage to push object replicas. RXTX cap Absolute limit on the amount of network traffic a Compute VM instance can send and receive. RXTX quota Soft limit on the amount of network traffic a Compute VM instance can send and receive. Ryu neutron plug-in Enables the Ryu network operating system to function as a Networking OpenFlow controller. S3 Object storage service by Amazon, similar in function to Object Storage, can act as a back-end store for Image Service VM images. savanna OpenStack project that provisions Hadoop on top of OpenStack to provide a data processing service. scheduler manager A Compute component that determines where VM instances should start. Uses modular design to support a variety of scheduler types. scoped token An Identity Service API access token that is associated with a specific tenant. scrubber Checks for and deletes unused VM, the component of Image Service that implements delayed delete. secret key String of text only known by the user, used along with an access key to make requests to the Compute API. secure shell (SSH) Open source tool used to access remote hosts through an encrypted communications channel, SSH key injection is supported by Compute. security group A set of network traffic filtering rules that are applied to a Compute instance. segmented object An Object Storage large object that has been broken up into pieces, the re-assembled object is called a concatenated object. server Computer that provides explicit services to the client software running on that system, often managing a variety of computer operations. A server is a VM instance in the compute system. Flavor and image are requisite elements when creating a server. server image Alternative term for a VM image. server UUID Unique ID assigned to each guest VM instance. service An OpenStack service, such as Compute, Object Storage, or Image Service. Provides one or more endpoints through which users can access resources and perform operations. service catalog Alternative term for the Identity Service catalog. service ID Unique ID assigned to each service that is available in the Identity Service catalog. service registration An Identity Service feature that enables services, such as Compute, to automatically register with the catalog. service tenant Special tenant that contains all services that are listed in the catalog. service token An administrator defined token used by Compute to communicate securely with the Identity Service. session back-end The method of storage used by horizon to track client sessions such as local memory, cookies, a database, or memcached. session persistence A feature of the load balancing service. It attempts to force subsequent connections to a service to be redirected to the same node as long as it is online. session storage A horizon component that stores and tracks client session information. Implemented through the Django sessions framework. shared IP address An IP address that can be assigned to a VM instance within the shared IP group. Public IP addresses can be shared across multiple servers for use in various high availability scenarios. When an IP address is shared to another server, the cloud network restrictions are modified to enable each server to listen to and respond on that IP address. You can optionally specify that the target server network configuration be modified. Shared IP addresses can be used with many standard heartbeat facilities, such as keepalive, that monitor for failure and manage IP failover. shared IP group A collection of servers that can share IPs with other members of the group. Any server in a group can share one or more public IPs with any other server in the group. With the exception of the first server in a shared IP group, servers must be launched into shared IP groups. A server may only be a member of one shared IP group. shared storage Block storage that is simultaneously accessible by multiple clients. For example, NFS. Sheepdog Distributed block storage system for QEMU, supported by OpenStack. Simple Cloud Identity Management (SCIM) Specification for managing identity in the cloud, currently unsupported by OpenStack. Single-root I/O Virtualization (SR-IOV) A specification that when implemented by a physical PCIe device enables it to appear as multiple separate PCIe devices. This enables multiple virtualized guests to share direct access to the physical device, offering improved performance over an equivalent virtual device. Currently supported in OpenStack Havana and later releases. SmokeStack Runs automated tests against the core OpenStack API, written in Rails. snapshot A point-in-time copy of an OpenStack storage volume or image. Use storage volume snapshots to back up volumes. Use image snapshots to back up data, or as "gold" images for additional servers. soft reboot A controlled reboot where a VM instance is properly restarted through operating system commands. SolidFire Volume Driver The Block Storage driver for the SolidFire iSCSI storage appliance. SPICE The Simple Protocol for Independent Computing Environments (SPICE) provides remote desktop access to guest virtual machines. It is an alternative to VNC. SPICE is supported by OpenStack. spread-first scheduler The Compute VM scheduling algorithm that attempts to start new VM on the host with the least amount of load. SQL-Alchemy An open source SQL toolkit for Python, used in OpenStack. SQLite A lightweight SQL database, used as the default persistent storage method in many OpenStack services. StackTach Community project that captures Compute AMQP communications, useful for debugging. static IP address Alternative term for a fixed IP address. StaticWeb WSGI middleware component of Object Storage that serves container data as a static web page. storage back-end The method that a service uses for persistent storage such as iSCSI, NFS, or local disk. storage node An Object Storage node that provides container services, account services, and object services, controls the account databases, container databases, and object storage. storage manager A XenAPI component that provides a pluggable interface to support a wide variety of persistent storage back-ends. storage manager back-end A persistent storage method supported by XenAPI such as iSCSI or NFS. storage services Collective name for the Object Storage object services, container services, and account services. strategy Specifies the authentication source used by Image Service or Identity Service. subdomain A domain within a parent domain. Subdomains cannot be registered. Subdomains enable you to delegate domains. Subdomains can themselves have subdomains, so third-level, fourth-level, fifth-level, and deeper levels of nesting are possible. SUSE Linux Enterprise Server (SLES) A Linux distribution that is compatible with OpenStack. suspend Alternative term for a paused VM instance. swap Disk-based virtual memory, used by operating systems to provide more memory than is actually available on the system. swawth An authentication and authorization service for Object Storage, implemented through WSGI middleware, uses Object Storage itself as the persistent backing store. swift An OpenStack core project that provides object storage services. swift All in One (SAIO) Creates a full Object Storage development environment within a single VM. swift middleware Collective term for Object Storage components that provide additional functionality. swift proxy server Acts as the gatekeeper to Object Storage and is responsible for authenticating the user. swift storage node A node that runs Object Storage account, container, and object services. sync point Point in time since the last container and accounts database sync among nodes within Object Storage. sysadmin One of the default roles in the Compute RBAC system. Enables a user to add other users to a project, interact with VM images that are associated with the project, and start and stop VM (VM) instances. system usage A Compute component that, along with the notification system, collects metrics and usage information. This information can be used for billing. Telemetry An integrated project that provides metering and measuring facilities for OpenStack. The project name of Telemetry is ceilometer. TempAuth An authentication facility within Object Storage that enables Object Storage itself to perform authentication and authorization. Frequently used in testing and development. Tempest Automated software test suite designed to run against the trunk of the OpenStack core project. TempURL An Object Storage middleware component that enables creation of URLs for temporary object access. tenant A group of users, used to isolate access to Compute resources. An alternative term for a project. Tenant API An API that is accessible to tenants. tenant endpoint An Identity Service API endpoint that is associated with one or more tenants. tenant ID Unique ID assigned to each tenant within the Identity Service, the project IDs map to the tenant IDs. token An alpha-numeric string of text used to access OpenStack APIs and resources. token services An Identity Service component that manages and validates tokens after a user or tenant has been authenticated. tombstone Used to mark Object Storage objects that have been deleted, ensures the object is not updated on another node after it has been deleted. topic publisher A process that is created when a RPC call is executed, used to push the message to the topic exchange. Torpedo Community project used to run automated tests against the OpenStack API. transaction ID Unique ID assigned to each Object Storage request, used for debugging and tracing. transient Alternative term for non-durable. transient exchange Alternative term for a non-durable exchange. transient message A message that is stored in memory and is lost after the server is restarted. transient queue Alternative term for a non-durable queue. trove OpenStack project that provides database services to applications. Ubuntu A Debian-based Linux distribution. unscoped token Alternative term for an Identity Service default token. updater Collective term for a group of Object Storage components that processes queued and failed updates for containers and objects. user In Identity Service each user is associated with one or more tenants, and in Compute they can be associated with roles, projects, or both. user data A blob of data that can be specified by the user when launching an instance. This data can be accessed by the instance through the metadata service or config drive. Commonly used for passing a shell script that is executed by the instance on boot. User Mode Linux (UML) An OpenStack-supported hypervisor. VIF UUID Unique ID assigned to each Networking VIF. Virtual Central Processing Unit (vCPU) Sub-divides physical CPUs. Instances can then use those divisions. Virtual Disk Image (VDI) One of the VM image disk formats supported by Image Service. Virtual Hard Disk (VHD) One of the VM image disk formats supported by Image Service. virtual IP An Internet Protocol (IP) address configured on the load balancer for use by clients connecting to a service that is load balanced. Incoming connections are distributed to back-end nodes based on the configuration of the load balancer. virtual machine (VM) An operating system instance that runs on top of a hypervisor. Multiple VMs can run at the same time on the same physical host. virtual network An L2 network segment within Networking. Virtual Network Computing (VNC) Open source GUI and CLI tools used for remote console access to VMs. Supported by Compute. Virtual Network InterFace (VIF) An interface that is plugged into a port in a Networking network. Typically a virtual network interface belonging to a VM. virtual port Attachment point where a virtual interface connects to a virtual network. virtual private network (VPN) Provided by Compute in the form of cloudpipes, specialized instances that are used to create VPNs on a per-project basis. virtual server Alternative term for a VM or guest. virtual switch (vSwitch) Software that runs on a host or node and provides the features and functions of a hardware based network switch. virtual VLAN Alternative term for a virtual network. VirtualBox An OpenStack-supported hypervisor. VLAN manager A Compute component that provides dnsmasq, radvd, and sets up forwarding to and from cloudpipe instances. VLAN network The Network Controller provides virtual networks to enable compute servers to interact with each other and with the public network. All machines must have a public and private network interface. A VLAN network is a private network interface, which is controlled by the vlan_interface option with VLAN managers. VM disk (VMDK) One of the VM image disk formats supported by Image Service. VM image Alternative term for an image. VM Remote Control (VMRC) Method to access VM instance consoles using a web browser. Supported by Compute. VMware API Supports interaction with VMware products in Compute. VMware NSX Neutron plugin Provides support for VMware NSX in Neutron. VNC proxy A Compute component that provides users access to the consoles of their VM instances through VNC or VMRC. volume Disk-based data storage generally represented as an iSCSI target with a file system that supports extended attributes, can be persistent or ephemeral. Volume API An API on a separate endpoint for attaching, detaching, and creating block storage for compute VMs. volume controller A Block Storage component that oversees and coordinates storage volume actions. volume driver Alternative term for a volume plug-in. volume ID Unique ID applied to each storage volume under the Block Storage control. volume manager A Block Storage component that creates, attaches, and detaches persistent storage volumes. volume node A Block Storage node that runs the cinder-volume daemon. volume plug-in Provides support for new and specialized types of back-end storage for the Block Storage volume manager. Volume Service API Alternative term for the Compute volume API. volume worker A cinder component that interacts with back-end storage to manage the creation and deletion of volumes and the creation of compute volumes, provided by the cinder-volume daemon. vSphere An OpenStack-supported hypervisor. weighing A Compute process that determines the suitability of the VM instances for a job for a particular host. For example, not enough RAM on the host, too many CPUs on the host, and so on. weight Used by Object Storage devices to determine which storage devices are suitable for the job. Devices are weighted by size. weighted cost The sum of each cost used when deciding where to start a new VM instance in Compute. worker A daemon that listens to a queue and carries out tasks in response to messages. For example, the cinder-volume worker attaches storage to instances. Xen API The Xen administrative API, which is supported by Compute. Xen Cloud Platform (XCP) An OpenStack-supported hypervisor. Xen Storage Manager Volume Driver A Block Storage volume plug-in that enables communication with the Xen Storage Manager API. XenServer An OpenStack-supported hypervisor. ZeroMQ Message queue software supported by OpenStack. An alternative to RabbitMQ. Also spelled 0MQ. Zuul Tool used in OpenStack development to ensure correctly ordered testing of changes in parallel.