Book Image

Mastering OpenStack

By : Omar Khedher
Book Image

Mastering OpenStack

By: Omar Khedher

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Mastering OpenStack
Omar Khedher
Jul, 2015 | 400 pages
No titles found
Table of Contents (18 chapters)
Mastering OpenStack
Mastering OpenStack
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Designing OpenStack Cloud Architecture
Designing OpenStack Cloud Architecture
OpenStack – think again
Introducing the OpenStack logical architecture
Gathering the pieces and building a picture
A sample architecture setup
Summary
2
Deploying OpenStack – DevOps and OpenStack Dual Deal
Deploying OpenStack – DevOps and OpenStack Dual Deal
DevOps in a nutshell
Eat the elephant
Summary
3
Learning OpenStack Clustering – Cloud Controllers and Compute Nodes
Learning OpenStack Clustering – Cloud Controllers and Compute Nodes
Understanding the art of clustering
Divide and conquer
Summary
4
Learning OpenStack Storage – Deploying the Hybrid Storage Model
Learning OpenStack Storage – Deploying the Hybrid Storage Model
Understanding the storage types
Cooking Swift
Choosing the storage
Summary
5
Implementing OpenStack Networking and Security
Implementing OpenStack Networking and Security
The story of an API
Security groups
Firewall as a Service
Summary
6
OpenStack HA and Failover
OpenStack HA and Failover
HA under the scope
Measuring HA
Summary
7
OpenStack Multinode Deployment – Bringing in Production
OpenStack Multinode Deployment – Bringing in Production
Confirming the multinode setup
The network topology
The OpenStack deployment
Summary
8
Extending OpenStack – Advanced Networking Features and Deploying Multi-tier Applications
Extending OpenStack – Advanced Networking Features and Deploying Multi-tier Applications
Navigating through Neutron
Summary
9
Monitoring OpenStack – Ceilometer and Zabbix
Monitoring OpenStack – Ceilometer and Zabbix
Telemetry in OpenStack – Ceilometer
Ceilometer and heat
Arming OpenStack monitoring
Summary
10
Keeping Track for Logs – Centralizing Logs with Logstash
Keeping Track for Logs – Centralizing Logs with Logstash
Tackling logging
Two eyes are better than one eye
Summary
11
Tuning OpenStack Performance – Advanced Configuration
Tuning OpenStack Performance – Advanced Configuration
Pushing the limits of the database
Stressing RabbitMQ
Benchmarking OpenStack at scale
Summary
Index
Index

Security groups

Imagine a scenario where you have to apply certain traffic management rules for a dozen compute node instances. Therefore, assigning a certain set of rules for a specific group of nodes will be much easier instead of going through each node at a time. Security groups enclose all the aspects of the rules that are applied to the ingoing and outgoing traffic to instances, which includes the following:

  • The source and receiver, which will allow or deny traffic to instances from either the internal OpenStack IP addresses or from the rest of the world

  • Protocols to which the rule will apply, such as TCP, UDP, and ICMP

  • Egress/ingress traffic management to a Neutron port

In this way, OpenStack offers an additional security layer to the firewall rules that are available on the compute instance. The purpose is to manage traffic to several compute instances from one security group. You should bear in mind that the networking security groups are more granular-traffic-filtering-aware than the...

Previous Section
End of Section 3
Next Section