66a44c95f1
The documentation about "ops-guide" has been moved. Change-Id: I151d1f989cb032c3a3775e5bfffcec58a2cf0121
175 lines
6.7 KiB
ReStructuredText
175 lines
6.7 KiB
ReStructuredText
========
|
|
Overview
|
|
========
|
|
|
|
The OpenStack project is an open source cloud computing platform that supports
|
|
all types of cloud environments. The project aims for simple implementation,
|
|
massive scalability, and a rich set of features. Cloud computing experts from
|
|
around the world contribute to the project.
|
|
|
|
OpenStack provides an Infrastructure-as-a-Service (IaaS) solution through a
|
|
variety of complementary services. Each service offers an Application
|
|
Programming Interface (API) that facilitates this integration.
|
|
|
|
This guide covers step-by-step deployment of the major OpenStack services using
|
|
a functional example architecture suitable for new users of OpenStack with
|
|
sufficient Linux experience. This guide is not intended to be used for
|
|
production system installations, but to create a minimum proof-of-concept for
|
|
the purpose of learning about OpenStack.
|
|
|
|
After becoming familiar with basic installation, configuration, operation, and
|
|
troubleshooting of these OpenStack services, you should consider the following
|
|
steps toward deployment using a production architecture:
|
|
|
|
* Determine and implement the necessary core and optional services to meet
|
|
performance and redundancy requirements.
|
|
|
|
* Increase security using methods such as firewalls, encryption, and service
|
|
policies.
|
|
|
|
* Implement a deployment tool such as Ansible, Chef, Puppet, or Salt to
|
|
automate deployment and management of the production environment.
|
|
|
|
.. _overview-example-architectures:
|
|
|
|
Example architecture
|
|
~~~~~~~~~~~~~~~~~~~~
|
|
|
|
The example architecture requires at least two nodes (hosts) to launch a basic
|
|
virtual machine (VM) or instance. Optional services such as Block Storage and
|
|
Object Storage require additional nodes.
|
|
|
|
.. important::
|
|
|
|
The example architecture used in this guide is a minimum configuration, and
|
|
is not intended for production system installations. It is designed to
|
|
provide a minimum proof-of-concept for the purpose of learning about
|
|
OpenStack. For information on creating architectures for specific use cases,
|
|
or how to determine which architecture is required, see the `Architecture
|
|
Design Guide <https://docs.openstack.org/arch-design/>`_.
|
|
|
|
This example architecture differs from a minimal production architecture as
|
|
follows:
|
|
|
|
* Networking agents reside on the controller node instead of one or more
|
|
dedicated network nodes.
|
|
|
|
* Overlay (tunnel) traffic for self-service networks traverses the management
|
|
network instead of a dedicated network.
|
|
|
|
For more information on production architectures, see the `Architecture Design
|
|
Guide <https://docs.openstack.org/arch-design/>`_, `OpenStack Operations Guide
|
|
<https://wiki.openstack.org/wiki/OpsGuide>`_, and `OpenStack Networking Guide
|
|
<https://docs.openstack.org/ocata/networking-guide/>`_.
|
|
|
|
.. _figure-hwreqs:
|
|
|
|
.. figure:: figures/hwreqs.png
|
|
:alt: Hardware requirements
|
|
|
|
**Hardware requirements**
|
|
|
|
Controller
|
|
----------
|
|
|
|
The controller node runs the Identity service, Image service, management
|
|
portions of Compute, management portion of Networking, various Networking
|
|
agents, and the Dashboard. It also includes supporting services such as an SQL
|
|
database, message queue, and Network Time Protocol (NTP).
|
|
|
|
Optionally, the controller node runs portions of the Block Storage, Object
|
|
Storage, Orchestration, and Telemetry services.
|
|
|
|
The controller node requires a minimum of two network interfaces.
|
|
|
|
Compute
|
|
-------
|
|
|
|
The compute node runs the hypervisor portion of Compute that operates
|
|
instances. By default, Compute uses the kernel-based VM (KVM) hypervisor. The
|
|
compute node also runs a Networking service agent that connects instances to
|
|
virtual networks and provides firewalling services to instances via security
|
|
groups.
|
|
|
|
You can deploy more than one compute node. Each node requires a minimum of two
|
|
network interfaces.
|
|
|
|
Block Storage
|
|
-------------
|
|
|
|
The optional Block Storage node contains the disks that the Block Storage and
|
|
Shared File System services provision for instances.
|
|
|
|
For simplicity, service traffic between compute nodes and this node uses the
|
|
management network. Production environments should implement a separate storage
|
|
network to increase performance and security.
|
|
|
|
You can deploy more than one block storage node. Each node requires a minimum
|
|
of one network interface.
|
|
|
|
Object Storage
|
|
--------------
|
|
|
|
The optional Object Storage node contain the disks that the Object Storage
|
|
service uses for storing accounts, containers, and objects.
|
|
|
|
For simplicity, service traffic between compute nodes and this node uses the
|
|
management network. Production environments should implement a separate storage
|
|
network to increase performance and security.
|
|
|
|
This service requires two nodes. Each node requires a minimum of one network
|
|
interface. You can deploy more than two object storage nodes.
|
|
|
|
Networking
|
|
~~~~~~~~~~
|
|
|
|
Choose one of the following virtual networking options.
|
|
|
|
.. _network1:
|
|
|
|
Networking Option 1: Provider networks
|
|
--------------------------------------
|
|
|
|
The provider networks option deploys the OpenStack Networking service in the
|
|
simplest way possible with primarily layer-2 (bridging/switching) services and
|
|
VLAN segmentation of networks. Essentially, it bridges virtual networks to
|
|
physical networks and relies on physical network infrastructure for layer-3
|
|
(routing) services. Additionally, a DHCP<Dynamic Host Configuration Protocol
|
|
(DHCP) service provides IP address information to instances.
|
|
|
|
The OpenStack user requires more information about the underlying network
|
|
infrastructure to create a virtual network to exactly match the infrastructure.
|
|
|
|
.. warning::
|
|
|
|
This option lacks support for self-service (private) networks, layer-3
|
|
(routing) services, and advanced services such as Load-Balancer-as-a-Service
|
|
(LBaaS) and FireWall-as-a-Service (FWaaS). Consider the self-service
|
|
networks option below if you desire these features.
|
|
|
|
.. _figure-network1-services:
|
|
|
|
.. figure:: figures/network1-services.png
|
|
:alt: Networking Option 1: Provider networks - Service layout
|
|
|
|
.. _network2:
|
|
|
|
Networking Option 2: Self-service networks
|
|
------------------------------------------
|
|
|
|
The self-service networks option augments the provider networks option with
|
|
layer-3 (routing) services that enable self-service networks using overlay
|
|
segmentation methods such as Virtual Extensible LAN (VXLAN). Essentially, it
|
|
routes virtual networks to physical networks using Network Address Translation
|
|
(NAT). Additionally, this option provides the foundation for advanced services
|
|
such as LBaaS and FWaaS.
|
|
|
|
The OpenStack user can create virtual networks without the knowledge of
|
|
underlying infrastructure on the data network. This can also include VLAN
|
|
networks if the layer-2 plug-in is configured accordingly.
|
|
|
|
.. _figure-network2-services:
|
|
|
|
.. figure:: figures/network2-services.png
|
|
:alt: Networking Option 2: Self-service networks - Service layout
|