Openstack provides ingress filtering for the instances based on the concept of security groups. OpenStack accomplishes ingress filtering by creating suitable IP Tables rules. A Security Group is a named set of rules that get applied to the incoming packets for the instances. You can specify a security group while launching an instance. Each security group can have multiple rules associated with it. Each rule specifies the source IP/network, protocol type, destination ports etc. Any packet matching these parameters specified in a rule is allowed in. Rest of the packets are blocked.
In OpenStack, the networking is managed by a component called “nova-network”. This interacts with nova-compute to ensure that the instances have the right kind of networking setup for them to communicate among themselves as well as with the outside world. Just as in Eucalyptus or AWS, each OpenStack instance can have 2 IP addresses attached to it. One is the private IP address and the other called Public IP address. The private IP address is typically used for communication between instances and the public IP is used for communication of instances with the outside world. The so called public IP address need not be a public IP address routable on the Internet ; it can even be an address on the corporate LAN.
Cloud computing is a computing model, where resources such as computing power, storage, network and software are abstracted and provided as services on the Internet in a remotely accessible fashion. Billing models for these services are generally similar to the ones adopted for public utilities. On-demand availability, ease of provisioning, dynamic and virtually infinite scalability are some of the key attributes of cloud computing.
An infrastructure setup using the cloud computing model is generally referred to as the “cloud”. The following are the broad categories of services available on the cloud:
- Infrastructure As A Service (IAAS)
- Platform As A Service (PAAS)
- Software As A Service (SAAS)
Amazon Web Services (AWS) is one of the major players providing IAAS. They have two popular services – Elastic Compute Cloud (EC2) and Simple Storage Service (S3). These services are available through web services.
An instance is a virtual machine provisioned by OpenStack on one of the nova-compute servers. When you launch an instance, a series of steps are triggered on various components of the OpenStack. During the life cycles of an instance, it moves through various stages as shown in the diagram below:
There are several pre-built images for OpenStack available from various sources. You can download such images and use them to get familiar with OpenStack. You can refer to http://docs.openstack.org/cactus/openstack-compute/admin/content/starting-images.html for details on using such images.
For any production deployment, you may like to have the ability to bundle custom images, with a custom set of applications or configuration. This chapter will guide you through the process of creating Linux images of Debian and Redhat based distributions from scratch. We have also covered an approach to bundling Windows images. Read the rest of this entry »
Installation and configuration
The following section describes how to set up a minimal cloud infrastructure based on OpenStack using 3 machines. These machines are referred to in this and subsequent chapters as Server1 and Server2 and Client1. Server1 runs all the 7 components of Nova as well as Glance and OpenStack dashboard. Server2 runs only nova-compute. Since OpenStack components follow a shared-nothing policy, each component or any group of components can be installed any server.
Read the rest of this entry »
Canonical has recently joined OpenStack consortium and has started working actively on adding OpenStack support in Ubuntu. Encouraged by the way users of UEC received our “Eucalyptus Beginner’s Guide, UEC Edition”, we have started working on the book “OpenStack Beginner’s Guide for Ubuntu 11.04, Natty Narhwal” and hope to release all the chapters of the book soon here as articles followed by a pdf version of the book.