There should be 'OpenStack Networking Guide' for the title, not 'Networking Guide'. Change-Id: Id1bd012a4f85040d74d73cfb0e3147aa311b612f Closes-Bug: #1585190
9.3 KiB
Overview
The OpenStack
project is an open source cloud computing platform that supports all
types of cloud environments. The project aims for simple implementation,
massive scalability, and a rich set of features. Cloud computing experts
from around the world contribute to the project.
OpenStack provides an Infrastructure-as-a-Service (IaaS)<IaaS>
solution through a variety of complemental services. Each service offers
an Application Programming Interface (API)
that
facilitates this integration.
This guide covers step-by-step deployment of the following major OpenStack services using a functional example architecture suitable for new users of OpenStack with sufficient Linux experience:
Service | Project name | Description |
---|---|---|
Dashboard | Horizon | Provides a web-based self-service portal to interact with underlying OpenStack services, such as launching an instance, assigning IP addresses and configuring access controls. |
Compute | Nova | Manages the lifecycle of compute instances in an OpenStack environment. Responsibilities include spawning, scheduling and decommissioning of virtual machines on demand. |
Networking | Neutron | Enables Network-Connectivity-as-a-Service for other OpenStack services, such as OpenStack Compute. Provides an API for users to define networks and the attachments into them. Has a pluggable architecture that supports many popular networking vendors and technologies. |
Storage | ||
Object Storage | Swift | Stores and retrieves arbitrary unstructured data objects via a RESTful , HTTP based API. It
is highly fault tolerant with its data replication and scale-out
architecture. Its implementation is not like a file server with
mountable directories. In this case, it writes objects and files to
multiple drives, ensuring the data is replicated across a server
cluster. |
Block Storage | Cinder | Provides persistent block storage to running instances. Its pluggable driver architecture facilitates the creation and management of block storage devices. |
Shared services | ||
Identity service | Keystone | Provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services. |
Image service | Glance | Stores and retrieves virtual machine disk images. OpenStack Compute makes use of this during instance provisioning. |
Telemetry | Ceilometer | Monitors and meters the OpenStack cloud for billing, benchmarking, scalability, and statistical purposes. |
Higher-level services | ||
Orchestration | Heat | Orchestrates multiple composite cloud applications by using either
the native HOT <Heat Orchestration Template (HOT)>
template format or the AWS CloudFormation template format, through both
an OpenStack-native REST API and a CloudFormation-compatible Query
API. |
After becoming familiar with basic installation, configuration, operation, and troubleshooting of these OpenStack services, you should consider the following steps toward deployment using a production architecture:
- Determine and implement the necessary core and optional services to meet performance and redundancy requirements.
- Increase security using methods such as firewalls, encryption, and service policies.
- Implement a deployment tool such as Ansible, Chef, Puppet, or Salt to automate deployment and management of the production environment.
Example architecture
The example architecture requires at least two nodes (hosts) to
launch a basic virtual machine <virtual machine (VM)>
or
instance. Optional services such as Block Storage and Object Storage
require additional nodes.
This example architecture differs from a minimal production architecture as follows:
- Networking agents reside on the controller node instead of one or more dedicated network nodes.
- Overlay (tunnel) traffic for self-service networks traverses the management network instead of a dedicated network.
For more information on production architectures, see the Architecture Design Guide, OpenStack Operations Guide, and OpenStack Networking Guide.
Controller
The controller node runs the Identity service, Image service,
management portions of Compute, management portion of Networking,
various Networking agents, and the dashboard. It also includes
supporting services such as an SQL database, message queue
, and NTP
.
Optionally, the controller node runs portions of Block Storage, Object Storage, Orchestration, and Telemetry services.
The controller node requires a minimum of two network interfaces.
Compute
The compute node runs the hypervisor
portion of Compute that operates
instances. By default, Compute uses the KVM <kernel-based VM (KVM)>
hypervisor. The
compute node also runs a Networking service agent that connects
instances to virtual networks and provides firewalling services to
instances via security groups <security group>
.
You can deploy more than one compute node. Each node requires a minimum of two network interfaces.
Block Storage
The optional Block Storage node contains the disks that the Block Storage and Shared File System services provision for instances.
For simplicity, service traffic between compute nodes and this node uses the management network. Production environments should implement a separate storage network to increase performance and security.
You can deploy more than one block storage node. Each node requires a minimum of one network interface.
Object Storage
The optional Object Storage node contain the disks that the Object Storage service uses for storing accounts, containers, and objects.
For simplicity, service traffic between compute nodes and this node uses the management network. Production environments should implement a separate storage network to increase performance and security.
This service requires two nodes. Each node requires a minimum of one network interface. You can deploy more than two object storage nodes.
Networking
Choose one of the following virtual networking options.
Networking Option 1: Provider networks
The provider networks option deploys the OpenStack Networking service
in the simplest way possible with primarily layer-2 (bridging/switching)
services and VLAN segmentation of networks. Essentially, it bridges
virtual networks to physical networks and relies on physical network
infrastructure for layer-3 (routing) services. Additionally, a DHCP
service provides IP
address information to instances.
Note
This option lacks support for self-service (private) networks,
layer-3 (routing) services, and advanced services such as LBaaS
and FWaaS
. Consider the
self-service networks option if you desire these features.
Networking Option 2: Self-service networks
The self-service networks option augments the provider networks
option with layer-3 (routing) services that enable self-service
networks using
overlay segmentation methods such as VXLAN
. Essentially, it routes virtual networks to
physical networks using NAT
. Additionally, this option provides the
foundation for advanced services such as LBaaS and FWaaS.