Book Image

OpenStack Essentials

By : Dan Radez
Book Image

OpenStack Essentials

By: Dan Radez

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
OpenStack Essentials
Dan Radez
May, 2015 | 182 pages
No titles found
Table of Contents (20 chapters)
OpenStack Essentials
OpenStack Essentials
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Architecture and Component Overview
Architecture and Component Overview
OpenStack architecture
Dashboard
Keystone
Glance
Neutron
Nova
Cinder
Swift
Ceilometer
Heat
Summary
2
RDO Installation
RDO Installation
Installing RDO using Packstack
Summary
3
Identity Management
Identity Management
Services and endpoints
Interacting with Keystone in the dashboard
Endpoints in the dashboard
Summary
4
Image Management
Image Management
Glance as a registry of images
Using the web interface
Building an image
Summary
5
Network Management
Network Management
Networking and Neutron
Open vSwitch configuration
Creating a network
Web interface management
External network access
Web interface external network setup
Summary
6
Instance Management
Instance Management
Managing flavors
Managing key pairs
Launching an instance
Managing floating IP addresses
Managing security groups
Communicating with the instance
Launching an instance using the web interface
Summary
7
Block Storage
Block Storage
Use case
Creating and using block storage
Attaching the block storage to an instance
Managing Cinder volumes in the web interface
Backing storage
Summary
8
Object Storage
Object Storage
Use case
Architecture of a Swift cluster
Creating and using object storage
Object file management in the web interface
Using object storage on an instance
Ring files
Summary
9
Telemetry
Telemetry
Understanding the data store
Definitions of Ceilometer's configuration terms
Graphing the data
Summary
10
Orchestration
Orchestration
About orchestration
Writing templates
Launching a stack
Autoscaling instances with Heat
LBaaS setup
Web interface
Summary
11
Scaling Horizontally
Scaling Horizontally
Scaling compute nodes
Installing more control and networking
Scaling control and network services
Load-balancing keystone
Glance load balancing
Scaling other services
High availability
Highly available database and message bus
Summary
12
Monitoring
Monitoring
Monitoring defined
Installing Nagios
Monitoring methods
Non-OpenStack service checks
Monitoring control services
Monitoring network services
Monitoring compute services
Summary
13
Troubleshooting
Troubleshooting
The debug command line option
Tail the server logs
Troubleshooting Keystone and authentication
Troubleshooting Glance image management
Troubleshooting Neutron networking
Troubleshooting Nova launching instances
Troubleshooting post-boot metadata
Troubleshooting console access
Troubleshooting Cinder block storage
Troubleshooting Swift object storage
Troubleshooting Ceilometer Telemetry
Troubleshooting Heat orchestration
Getting more help
Summary
Index
Index

Keystone

Keystone is the identity management component. The first thing that needs to happen while connecting to an OpenStack deployment is authentication. In its most basic installation, Keystone will manage tenants, users, and roles and be a catalog of services and endpoints for all the components in the running cluster.

Everything in OpenStack must exist in a tenant. A tenant is simply a grouping of objects. Users, instances, and networks are examples of objects. They cannot exist outside of a tenant. Another name for a tenant is project. On the command line, the term tenant is used. In the web interface, the term project is used.

Users must be granted a role in a tenant. It's important to understand this relationship between the user and a tenant via a role. In Chapter 3, Identity Management, we will look at how to create the user and tenant and how to associate the user with a role in a tenant. For now, understand that a user cannot log in to the cluster unless they are members of a tenant. Even the administrator has a tenant. Even the users the OpenStack components use to communicate with each other have to be members of a tenant to be able to authenticate.

Keystone also keeps a catalog of services and endpoints of each of the OpenStack components in the cluster. This is advantageous because all of the components have different API endpoints. By registering them all with Keystone, an end user only needs to know the address of the Keystone server to interact with the cluster. When a call is made to connect to a component other than Keystone, the call will first have to be authenticated, so Keystone will be contacted regardless.

Within the communication to Keystone, the client also asks Keystone for the address of the component the user intended to connect to. This makes managing the endpoints easier. If all the endpoints were distributed to the end users, then it would be a complex process to distribute a change in one of the endpoints to all of the end users. By keeping the catalog of services and endpoints in Keystone, a change is easily distributed to end users as new requests are made to connect to the components.

By default, Keystone uses username/password authentication to request a token and Public Key Infrastructure (PKI) tokens for subsequent requests. The token has a user's roles and tenants encoded into it. All the components in the cluster can use the information in the token to verify the user and the user's access. Keystone can also be integrated into other common authentication systems instead of relying on the username and password authentication provided by Keystone. In Chapter 3, Identity Management, each of these resources will be explored. We'll walk through creating a user and a tenant and look at the service catalog.

Previous Section
End of Section 4
Next Section