Archive for the ‘OpenStack Book’ Category
This article explains how to create a CentOS 6 image on KVM for uploading it to the image store on OpenStack Diablo. I have used KVM running on Ubuntu 11.10 64-bit server for creation of the image.
OpenStack Beginner’s Guide V2.0 for Diablo on Ubuntu 11.10 Oneiric is now available as a pdf file. Please have a look it and let us know if you have any comments/suggestions/feedback. We will do our best to enhance the guide based on your suggestions.
We would like to thank Anne Gentle and all participants of DocBlitz sessions and several others who have given feedback on these pages, on the documentation pages of OpenStack and offline through emails.
What’s new in V2.0:
- Procedure for using PostgreSQL for Nova added
- Swift added to Installation & Configuration chapter and Storage Management chapter
- Revised the commands line options to be in sync with Diablo
- Dropped Dashboard section, for now, as the new version of Dashboard relies on Key Stone. We will include them back once the key issues releated to Keystone/Dashboard on Ubuntu get resolved.
- Dropped Role Based Access Control Chapter. This is undergoing rewrite and we will add it soon.
- Some language errors fixed
- Some errors in the architecture diagrams fixed
Nova-volume provides persistent block storage compatible with Amazon’s Elastic Block Store. The storage on the instances is non persistent in nature and hence any data that you generate and store on the file system on the first disk of the instance gets lost when the instance is terminated. You will need to use persistent volumes provided by nova-volume if you want any data generated during the life of the instance to persist after the instance is terminated.
Commands from euca2ools package can be used to manage these volumes.
Here are a few examples:
Nova Manage commands
OpenStack provides commands for administrative tasks such as user/role management, network management etc. In all the examples we will use username as “novadmin” and project name as “proj”. All the nova-manage commands will need to be run as “root”. Either run them as root or run them under sudo.
Every nova user has a role associated with him. This role can be assigned at the time of creation of the account using “nova-manage add user…” or by editing the profile later using the Openstack Dashboard by the project manager. The role can be either global or project specific in scope. All access in Openstack is governed by roles. Each role has a predefined set of operations permitted within the relevant scope(global or local)
Openstack provides ingress filtering for the instances based on the concept of security groups. OpenStack accomplishes ingress filtering by creating suitable IP Tables rules. A Security Group is a named set of rules that get applied to the incoming packets for the instances. You can specify a security group while launching an instance. Each security group can have multiple rules associated with it. Each rule specifies the source IP/network, protocol type, destination ports etc. Any packet matching these parameters specified in a rule is allowed in. Rest of the packets are blocked.
In OpenStack, the networking is managed by a component called “nova-network”. This interacts with nova-compute to ensure that the instances have the right kind of networking setup for them to communicate among themselves as well as with the outside world. Just as in Eucalyptus or AWS, each OpenStack instance can have 2 IP addresses attached to it. One is the private IP address and the other called Public IP address. The private IP address is typically used for communication between instances and the public IP is used for communication of instances with the outside world. The so called public IP address need not be a public IP address routable on the Internet ; it can even be an address on the corporate LAN.