Minimal OpenStack
Starting Your OpenStack Journey
Sean Dague / Aug 19th, 2015
Twitter: @sdague
Blog: dague.net
The Mission of OpenStack
"To produce the ubiquitous Open Source
Cloud Computing platform that will meet
the needs of public and private clouds
regardless of size, by being simple to
implement and massively scalable."
Things you probably don't need in your basement
●
Hadoop as a Service
●
SDN Integration
●
DNS manager
●
Policy Enforcement
●
Object storage layer
●
Orchestration Layer
●
Chargeback
●
Kubernetes deployer
●
Integration with Enterprise Storage
But, you can layer them in later once you have a Minimal OpenStack
My First OpenStack
1 Intel/AMD CPU
8 GB Ram
250+ GB Disk
1 Gbs Network
Read OpenStack Install Guide
Follow sections 2, 3, 4, 5 and 6.2 for your
favorite distro
For multiple servings follow sections 5 and 6.2
again
Makes 1 compute cloud. Good for long running
or ephermeral VMs.
Variations:
* Increase RAM for more guests
2 hrs
4
2 – 3 hours process
Read Carefully!
"Create Exclusive Slice"
Caveat on Networking
Nova Network
Neutron
●
Original Networking
●
New Network Stack
●
Easy to set up
●
More network centric API
●
Limited API
●
Allows Tenant Self Service Networking
●
Long Term Direction for OpenStack
My Current Recommendation (based on Kilo documentation):
Start with Nova Network to get comfortable
Rebuild with Neutron later if your intent is to expand substantially
Liberty documentation should make Neutron base easier to get started with
Nova Network Multihost
messages back and forth to prevent collisions
10.64.0.0/24
dnsmasq
.1
Router
.2
dnsmasq
.6
.5
Controller + Worker
Linux Bridge
.2
.4
Worker
Linux Bridge
.7
Cheating and Sharing an L2
messages back and forth to prevent collisions
10.64.0.0/24
10.64.0.128/25
dnsmasq
.1
Router
.129/25 .130
dnsmasq
.131
.129/25 .132
Controller + Worker
Worker
Linux Bridge
Linux Bridge
.50/24
.51/24
Through the magic of Linux Networking
.133
Networking at Home
A 2 node basement cloud
Keystone
Glance
/disk
mysql
Controller + Worker
Nova
rabbitmq
Nova
/disk
Worker Only
Compute Flow
Base Image
Flavor
First Boot
Built from disk on
first boot. Exists
until destroy.
Persistent Disk
clout-init:
typically shipped in cloud images
customizes on first boot
Config Drive
Ephemeral Disk
Like "T-Shirt Sizes"
Each defines CPU, Mem, Disk,
and other attrs of final VM
Freshly created
on every boot.
Common Actions:
● create/delete
● start/stop
● resize
● snapshot
● locking
Metadata
Server
OpenStack Client
●
Unified openstack cli
●
●
Replaces most of nova/keystone/glance cli usage
Far more consistent in experience
●
Installable via apt/yum/pip
●
Put it on your laptop
●
Access any OpenStack via setting env
variables
ribos:~> more demo-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=0penstack
export OS_AUTH_URL=http://10.42.0.51:5000/v3
export OS_REGION_NAME=RegionOne
Your first OpenStack
> source admin-openrc.sh # credentials
> openstack image create --copy-from \
https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img \
--public trusty
# image available to all users
>
>
>
#
source demo-openrc.sh # drop back to normal user
openstack security group rule create --proto icmp --src-ip 0.0.0.0/0 --dst-port -1 default
openstack security group rule create --proto tcp --src-ip 0.0.0.0/0 --dst-port 22 default
sshable security group out of the box
> openstack keypair create –public-key .ssh/id_rsa.pub my_sshkey
# add a keypair so you can ssh to servers
> openstack server create --flavor m1.medium --image trusty --keypair my_sshkey \
server1 --wait
# boot your first server, wait until done
> ssh ubuntu@{IP}
# profit!
Getting an Image
OpenStack Client
User + Project + Password
Keystone
Token
POST /images
Token
Glance
HTTP Pull
Your first OpenStack
> source admin-openrc.sh # credentials
> openstack image create --copy-from \
https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img \
--public trusty
# image available to all users
>
>
>
#
source demo-openrc.sh # drop back to normal user
openstack security group rule create --proto icmp --src-ip 0.0.0.0/0 --dst-port -1 default
openstack security group rule create --proto tcp --src-ip 0.0.0.0/0 --dst-port 22 default
sshable security group out of the box
> openstack keypair create –public-key .ssh/id_rsa.pub my_sshkey
# add a keypair so you can ssh to servers
> openstack server create --flavor m1.medium --image trusty --keypair my_sshkey \
server1 --wait
# boot your first server, wait until done
> ssh ubuntu@{IP}
# profit!
Security Groups
10.64.0.0/24
dnsmasq
.2
.6
.5
Default host level firewall preventing all inbound
.1
Router
Controller + Worker
Linux Bridge
Your first OpenStack
> source admin-openrc.sh # credentials
> openstack image create --copy-from \
https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img \
--public trusty
# image available to all users
>
>
>
#
source demo-openrc.sh # drop back to normal user
openstack security group rule create --proto icmp --src-ip 0.0.0.0/0 --dst-port -1 default
openstack security group rule create --proto tcp --src-ip 0.0.0.0/0 --dst-port 22 default
sshable security group out of the box
> openstack keypair create –public-key .ssh/id_rsa.pub my_sshkey
# add a keypair so you can ssh to servers
> openstack server create --flavor m1.medium --image trusty --keypair my_sshkey \
server1 --wait
# boot your first server, wait until done
> ssh ubuntu@{IP}
# profit!
Booting a Server
OpenStack Client
User + Project + Password
Keystone
Token
POST /servers
Token
Nova API
Nova Conductor
Nova Sched
Glance
Nova Compute
HTTP Pull
your compute!
libvirt
User Organization in OpenStack
*Project == Tenant
Domain 2
Domain 1
Tenant 1
Project 1
10 vcpu
8 GB mem 10 vcpu
8 GB mem
Projects:
●
contain quota
Project 2
24 GB mem30 vcpu
24 GB mem
Roles
Users:
●
credentials
Domains:
… you don't need those in your basement
But I don't like the command line!
●
No problem!
●
Setting up Horizon is Section 7
●
Easy to use Web UI
1
Additional Features – Leveling up
●
Horizon
●
●
●
●
●
●
Web UI for OpenStack
Talks to all components over published REST interfaces
Swift – Object Store
●
REST API for storing / fetching objects of arbitrary size*
Built in redundancy model
Can be used as a backend for Glance, ownCloud, other
Open Source systems
Neutron – Advanced Networking
●
●
Tenant self service networks
API and concepts model networking concepts
●
●
●
●
Ports
Subnets
Routers
Advanced network services such as:
●
●
●
●
●
Load Balancing
VPN
Network Firewall
Plugins for Linux Bridge and OVS and many SDNs
Cinder – Persistent Block Storage
●
●
●
Ceilometer
●
●
Usage and Metric Collection
Ironic
●
●
Additional block devices which survive longer than VMs
Typical use for Database backends
Adds bare metal support to Nova
Designate
●
DNS manager, reacts to Nova / Neutron events
A selection of additional services
●
Heat
●
●
●
●
●
RabbitMQ as a service on top of OpenStack
Zaqar
●
●
●
Simple Queue Service
And more coming every day!
Shared filesystem management
Barbican
●
●
Kuberneties / Container management
Manila
●
Hadoop as a service on top of OpenStack
Cue
Magnum
●
MySQL db as a service on top of OpenStack
Sahara
●
●
Orchestrates "stack" of OpenStack resources
Trove
●
●
Key store management
Murano
●
Application catalog for easy to deploy OpenStack "apps"
Thanks!
Layer 4: Consumption Services
Heat
Trove
Sahara
Orchestration
Database
Hadoop
Questions?
Zaqar
Queues
Layer 3: Optional Enhancements
Ceilometer
Horizon
Barbican
Telemetry
Dashboard
Key Management
Layer 2: Extended Infrastructure
Network Services
Storage Services
Cinder
Swift
Manila
Block
Object
Filesystems
Neutron
Designate
Ironic
Magnum
Networking
DNS
Bare Metal
Containers
Layer 1: Base Compute Infrastructure
Nova
Glance
Keystone
Compute
Image
Identity
Compute Services
http://hackstack.org/x/blog/2013/09/05/openstack-seven-layer-dip-as-a-service/
© Copyright 2026 Paperzz