Difference between revisions of "openstack notes"
(→Environment) |
|||
(8 intermediate revisions by one user not shown) | |||
Line 3: | Line 3: | ||
==Overview== | ==Overview== | ||
===Example architecture=== | ===Example architecture=== | ||
− | + | '''Controller node''' | |
+ | |||
The controller node runs the Identity service, Image service, management portions of Compute, management portion of Networking, various Networking agents, and the dashboard. It also includes supporting services such as an SQL database, message queue, and NTP. | The controller node runs the Identity service, Image service, management portions of Compute, management portion of Networking, various Networking agents, and the dashboard. It also includes supporting services such as an SQL database, message queue, and NTP. | ||
− | + | ||
+ | '''Compute node''' | ||
+ | |||
The compute node runs the hypervisor portion of Compute that operates instances. By default, Compute uses the KVM hypervisor. The compute node also runs a Networking service agent that connects instances to virtual networks and provides firewalling services to instances via security groups. | The compute node runs the hypervisor portion of Compute that operates instances. By default, Compute uses the KVM hypervisor. The compute node also runs a Networking service agent that connects instances to virtual networks and provides firewalling services to instances via security groups. | ||
− | + | ||
+ | '''Block Storage node (optional)''' | ||
+ | |||
The optional Block Storage node contains the disks that the Block Storage service provisions for instances. | The optional Block Storage node contains the disks that the Block Storage service provisions for instances. | ||
− | + | ||
+ | '''Object Storage node (optional)''' | ||
+ | |||
The optional Object Storage node contain the disks that the Object Storage service uses for storing accounts, containers, and objects. | The optional Object Storage node contain the disks that the Object Storage service uses for storing accounts, containers, and objects. | ||
+ | |||
===Networking=== | ===Networking=== | ||
− | + | '''Provider networks (option 1)''' | |
+ | |||
simplest setup with primarily layer-2 (bridging/switching) services and VLAN segmentation of networks. Essentially, it bridges virtual networks to physical networks and relies on physical network infrastructure for layer-3 (routing) services. | simplest setup with primarily layer-2 (bridging/switching) services and VLAN segmentation of networks. Essentially, it bridges virtual networks to physical networks and relies on physical network infrastructure for layer-3 (routing) services. | ||
− | + | ||
+ | '''Option 2: Self-service networks''' | ||
+ | |||
The self-service networks option augments the provider networks option with layer-3 (routing) services that enable self-service networks using overlay segmentation methods such as VXLAN. Essentially, it routes virtual networks to physical networks using NAT. | The self-service networks option augments the provider networks option with layer-3 (routing) services that enable self-service networks using overlay segmentation methods such as VXLAN. Essentially, it routes virtual networks to physical networks using NAT. | ||
+ | |||
==Environment== | ==Environment== | ||
− | + | '''Security''' | |
OpenStack services support various security methods including password, policy, and encryption. | OpenStack services support various security methods including password, policy, and encryption. | ||
+ | |||
+ | '''host networking''' | ||
+ | |||
+ | [[file:openstack networklayout.png]] | ||
+ | |||
+ | The example architectures assume use of the following networks: | ||
+ | |||
+ | * Management on 10.0.0.0/24 with gateway 10.0.0.1 | ||
+ | |||
+ | This network requires a gateway to provide Internet access to all nodes for administrative purposes such as package installation, security updates, DNS, and NTP. | ||
+ | |||
+ | * Public on 203.0.113.0/24 with gateway 203.0.113.1 | ||
+ | * This network requires a gateway to provide Internet access to instances in your OpenStack environment. |
Latest revision as of 18:42, 11 January 2016
Contents |
Conventions
node = host, vm or physical machine
Overview
Example architecture
Controller node
The controller node runs the Identity service, Image service, management portions of Compute, management portion of Networking, various Networking agents, and the dashboard. It also includes supporting services such as an SQL database, message queue, and NTP.
Compute node
The compute node runs the hypervisor portion of Compute that operates instances. By default, Compute uses the KVM hypervisor. The compute node also runs a Networking service agent that connects instances to virtual networks and provides firewalling services to instances via security groups.
Block Storage node (optional)
The optional Block Storage node contains the disks that the Block Storage service provisions for instances.
Object Storage node (optional)
The optional Object Storage node contain the disks that the Object Storage service uses for storing accounts, containers, and objects.
Networking
Provider networks (option 1)
simplest setup with primarily layer-2 (bridging/switching) services and VLAN segmentation of networks. Essentially, it bridges virtual networks to physical networks and relies on physical network infrastructure for layer-3 (routing) services.
Option 2: Self-service networks
The self-service networks option augments the provider networks option with layer-3 (routing) services that enable self-service networks using overlay segmentation methods such as VXLAN. Essentially, it routes virtual networks to physical networks using NAT.
Environment
Security OpenStack services support various security methods including password, policy, and encryption.
host networking
The example architectures assume use of the following networks:
- Management on 10.0.0.0/24 with gateway 10.0.0.1
This network requires a gateway to provide Internet access to all nodes for administrative purposes such as package installation, security updates, DNS, and NTP.
- Public on 203.0.113.0/24 with gateway 203.0.113.1
- This network requires a gateway to provide Internet access to instances in your OpenStack environment.