Cloud computing is the method of using a network of remote servers to store, process and manage data rather than using a local server to process data. ie; storing and accessing data and programs over the Internet instead of your local computer’s hard drive. Through out this article I am trying to explain scope and implementation of Cloud computing using the most common cloud platform ie OpenStack Cloud Computing.
Cloud computing is often referred to as simply “the cloud”. It is the delivery of on-demand computing resources, from applications to data centers over the internet on a pay-for-use basis.
There are mainly three fundamental cloud computing services/models:
SAAS (Software As A Service)
As the name suggests, SaaS provides a software or application as a service for the cloud user. It delivers applications provided by a third party vendor and whose interface can be accessed on the client side. ie; it basically provides a software or an application as an on-demand service.
Almost all the SaaS applications can be run from a web browser without any downloads or installations. However some of them may require additional browser plugins.
PAAS (Platform As A Service)
Cloud platform services are used for applications and other software developments, while it provides cloud components for the application/software. It provides a framework or a platform using which one can develop or customize applications.This usually makes development, deployment and testing of an application fast, easy and cost effective.
In general, PaaS provides a platform as an on-demand service, using which a user can test, run or deploy applications.
IAAS (Infrastructure As A Service)
Infrastructure as a service provides virtualized computing resources over the internet. The compute resource includes virtual machines, networking, storage etc. Instead of buying a hardware, the cloud user can use the required hardwares provided as a service in the cloud computing model.
The user can purchase IaaS on a consumption basis. ie; he needs to pay only for the hardware or networking or storage he uses. In general, IaaS provides infrastructure/hardwares as a service to the cloud user on a pay-per-use basis.
Openstack Cloud Computing
Openstack is an open source cloud computing platform. It supports all types of cloud environments. It aims at simple implementation, massive scalability and other rich set of features.
Cloud architecture experts from all round the world has contributed to the project since it is open source licensed.
Openstack provides Infrastructure As A Service(IAAS) service model using many of its supporting services. Each of these supporting/complementary services provides an application program interface(API) that facilitates this integration.Since it provides IaaS as service, the main design is aimed at implementing architecture that meets the infrastructure/hardware requirements of a cloud user.
There are five main services for Openstack
1. NOVA- Compute Service
Nova is the Computing Fabric controller for the OpenStack Cloud, which is the main part of IaaS. It is used to host and manage the cloud computing systems.
Compute service interacts with the Identity Service for authentication, Image Service for images, and the Dashboard for the user and/or administrative interface.
All the activities that are needed to support/handle the life cycle of all the instances(VM’s) within the cloud is done by Nova. Nova uses libvirt API to interact with supported hypervisors. Nova displays its capabilities through a web services API that is compatible with the EC2 API of Amazon Web Services
The compute service of Openstack is made up of the following services/functional areas:
nova-api service: This service accepts end user compute API calls and respond to them.
It supports the OpenStack Compute API, the Amazon EC2 API, and a special Admin API for privileged users to perform administrative actions. It initiates activities, such as running an instance, and enforces some policies.
nova-compute Process : It is a daemon that creates and terminates instances through hypervisor APIs such as XenAPI for XenServer/XCP, libvirt for KVM or QEMU, VMwareAPI for VMware etc.
The process accepts actions from a queue and perform a series of system commands, like commands for launching a KVM instance, terminating an instance etc.
nova-scheduler process :This process takes a virtual machine instance request from the queue and determines on which compute server host it should run.
nova-conductor module: Mediates interactions between nova-compute and the database.
nova-network worker daemon : The working of nova-network daemon is similar to nova-compute daemon. I
t accepts networking tasks from the queue and performs tasks to manipulate the network, such as setting up bridging interfaces or changing iptables rules.
This functionality is now being migrated to OpenStack Networking, which is a separate OpenStack service.
nova-dhcpbridge script : It tracks IP address leases and records them in the database by using the dnsmasq dhcp-script facility.
This functionality is also being migrated to OpenStack Networking. OpenStack Networking provides an entirely different script.
nova-consoleauth daemon :Authorizes tokens for users that console proxies provide.
This service must be running for console proxies to work.
nova-novncproxy daemon : It provides a proxy for accessing running instances through a VNC connection. Supports browser-based novnc clients.
nova-xvpnvncproxy daemon: It is a proxy for accessing running instances through a VNC connection. It also supports a Java client specifically designed for OpenStack.
nova-cert daemon: This daemon Manages x509 certificates.
The queue(Message Broker) : A central hub for passing messages between daemons or services.
OpenStack services communicate among themselves using the AMQP(Advanced Message Queue Protocol) message queue.
The message broker service runs on the controller node. Nova uses asynchronous calls for request response. Since asynchronous communication is used, none of the user actions get stuck for long in a waiting state.
SQL database : Stores most build-time and runtime states for the entire cloud infrastructure. Includes instance types that are available for use, instances in use, available networks, and projects. Here we are using MySQL as the SQL database and it runs on the controller node.
2. KEYSTONE – Identity Service
There are only two main functions for the keystone service.
- Provides authentication and authorization service for other OpenStack services like dashboard, glance etc.
- Provides a catalog of available services with their API endpoints.
To understand keystone you need to have the following concepts clear.
- USER – A user is a digital representation of a person, system or a service that is using OpenStack cloud services. Keystone validates that incoming requests are made by the user who claims to be making the call.
- CREDENTIALS – The data that is known only to the user. The credentials can be a combination of username and password, username and API key, or an authentication token provided by the Identity Service.
- AUTHENTICATION – This is the process which confirms the identity of the user. It confirms the identity of a user by validating the credentials the user provided. These credentials initially can be a username-password, username-api key combination. Once the users identity is confirmed, keystone provides a token to that particular user, so that the user can use this token in his subsequent requests. In this way each time the credentials need not be pushed, instead it uses the temporary token created for authentication by keystone.
- TOKEN – It is an arbitrary array of text provided by keystone which the service or user uses to authenticate with the services. The token can have certain parameters like, it can be used only by specific users on specific services etc.
- TENANT – It can be said as a container that is used to group or isolate resources and/or identity objects.
- SERVICE – An OpenStack service, such as Object Storage (Swift), Image Service (Glance) or Compute (Nova). It also provides one or more endpoints through which users can access resources an perform tasks.
- ENDPOINT – An endpoint is a network reachable address location that the users use to connect to OpenStack services like nova, glance cinder etc.
- ROLE – A role includes a set of rights and privileges. A user assuming that role inherits those rights and privileges.
WORKING
If a user want to launch an instance, he first sends the credentials to the Identity service(keystone). In return the keystone gives back a temporary token created along with a generic catalog. The user requests the list of available tenants along with the temporary token created to keystone and in return the keystone provides the user with a list of tenants and a service list available for that token.
At this stage the keystone also provides the user with a tenant token newly created. Now the user determines the correct endpoint to launch the instance. The user sends the request along with the tenant token to the endpoint.
Now the service verifies the tenant token and make sure the service is available for that token. Now the keystone send some additional information like the role of the tenant group, the authorizations etc. to the service. The service now executes the request of creating a new instance and reports the status back to the user.
3. GLANCE – Image Service
The Openstack Image Service acts as a registry for virtual machine images.
The registry is a private internal registry only to be used by the glance service. It accepts API requests for images or image metadata from end users or Compute components and can store its disk files in the Object Storage Service.
Users can add new image, take the snapshot of the current state of a VM etc. It also features that, you can store the VM images as objects in the object storage service.
Glance has the following service or daemons:
Glance-registry:
Stores, processes, and retrieves metadata about images. Metadata includes image size and type.
glance-api : Accepts Image API calls for image discovery, retrieval, and storage.
Database : The database is used to store VM image metadata. You can choose your database depending on your preference. Most Openstack deployments use MySQL or SQlite.
Storage repository : for image files.The Image Service supports a variety of repositories including normal file systems, Object Storage, RADOS block devices, HTTP, and Amazon S3
4. HORIZON – Dashboard Service
The OpenStack project name for dashboard service is Horizon.
It provides a web interface for cloud administrators and users using which they can manage different cloud services and resources.
The dashboard facilitates web-based interactions with the OpenStack Compute cloud controller through the OpenStack APIs.
5. CINDER – Block Storage Service
Cinder enables management and administration of volumes, volume snapshots, and volume types.
It provides block storage as a service to other OpenStack services.
It has the following components:
cinder-api : Accepts API requests and routes them to cinder-volume for action.
cinder-volume :
Responds to requests to read from and write to the Block Storage database to maintain state. It is the process that actually creates the block volumes.
cinder-scheduler daemon :The nova-scheduler , it selects the block storage provider node on which to create the volume.
Messaging queue : Routes information between the Block Storage service processes.
The Block Storage service interacts with Compute to provide volumes for instances.
All these five underlying services interact with each other to provide us a cloud architecture that provides infrastructure as a service.
Now lets see how to configure these OpenStack services to get a test/production environment in my next article :-).
Further Reading
OpenStack On Ubuntu – Part 1- Prerequisite Setup
OpenStack on Ubuntu – Part 2 – Identity or Keystone Service
OpenStack on Ubuntu – Part 3 – Image or Glance Service
OpenStack on Ubuntu – Part 4 – Compute or Nova Service
OpenStack on Ubuntu – Part 5 – Dashboard or Horizon Service
OpenStack on Ubuntu – Part 6 – Block Storage or Cinder Service