Operate with an Openstack deployment by code (using Openstack4J).
28th October 2016, OpsCon Florence
Alessandro Martellone @a_martellone
Hello!I am Alessandro Martellone Senior Software Engineer@Wurth Phoenix.Technical [email protected] Cloud Computing Meetup Organizer.Italian Red Cross volunteer. Husband and father.I love soccer and the 4-3-3 module.
Summary
▪ What Openstack is and what it is not.▪ Openstack architecture.▪ The anatomy of an OpenStack component▪ Openstack’s APIs.▪ Openstack SDKs. A view on Openstack4j.▪ Conclusion a future prospects.
OpsCon Conference - Florence, 28/10/2016
What is Openstack?
▪ It is an open source cloud operating system that provides a versatile platform for computing, storage and networking resources across bare metal, virtual machines and containers.
OpsCon Conference - Florence, 28/10/2016
What is Openstack?
▪ A family of related open source (60+) projects which aim to provide comprehensive cloud services.
▪ 6 core services:
▪ and optional services:
… and many more
OpsCon Conference - Florence, 28/10/2016
What it is not
▪ An hypervisor (but it supports several of them).▪ A VMWare replacement.▪ A single distribution.▪ A storage or network platform.
OpsCon Conference - Florence, 28/10/2016
“ A powerful and configurable integration engine where its components are accessible by APIs.
OpsCon Conference - Florence, 28/10/2016
OpenStack architecture
This picture has been added just for scaring the audience :)
OpsCon Conference - Florence, 28/10/2016
Typical component architecture
Component
API (extensions,plugins, backends)E.g. for authentication we can use a DB or LDAP; for networking OpenVSwitch or vendors’s plugin
DB
Messages queue
One or more agents (drivers)
One or more internal modules
Horizon, CLI, external tool Keystone
HTTP
AMQP
SQL
Third party
E.g. computing (hypervisors), block storage (iSCSI, GlusterFS, vendor’s driver)
OpsCon Conference - Florence, 28/10/2016
OpenStack API documentation
▪ Networking http://developer.openstack.org/api-ref/networking/v2/
▪ Compute▪ http://developer.openstack.org/api-ref/compute/▪ Identity
http://developer.openstack.org/api-ref/identity/v3/▪ Image▪ http://developer.openstack.org/api-ref/image/v2/▪ Block storage
http://developer.openstack.org/api-ref/block-storage/v3/
▪ ….
OpsCon Conference - Florence, 28/10/2016
OpenStack SDKs
▪ There are several SDKs available:▫ Python▫ Java▫ C, C++▫ Go▫ .NET▫ PHP▫ Android▫ NodeJS▫ ...
OpsCon Conference - Florence, 28/10/2016
Openstack4J
▪ ApacheJClouds: a multi clouds sdk (http://jclouds.apache.org/)▪ Openstack4J: a solution focused on Openstack.
▫ It supports main services▸ Keystone, Nova, Neutron, Cinder, Glance, Swift…
▫ Licensed under the Apache 2.0 License.▫ We can manage it by Maven.▫ Supported APIs:
▸ Identity (Keystone) V2, Identity (Keystone) V3, Compute (Nova), Network (Neutron), Images (Glance), Images (Glance) V2, Block Storage (Cinder), Object Storage (Swift), Telemetry (Ceilometer), Orchestration (Heat), Data Processing (Sahara), Database as a Service (Trove).
OpsCon Conference - Florence, 28/10/2016
Interact with an Openstack platform by Openstack4J - Live demo
▪ What we need▫ A running Openstack deployment
▸ Devstack: https://github.com/openstack-dev/devstack▸ A public cloud: https://ops.elastx.net/
▹ Elastx is a Swedish cloud provider. They provide an Openstack IaaS and JElastic PaaS solutions.
▫ A Java IDE: Eclipse▫ Download the latest Openstack4J library or add a dependency by
Maven (preferred)▸ http://www.openstack4j.com/learn/getting-started
▪ The example code for this demo is available at: https://github.com/amartellone/os4j-demo
OpsCon Conference - Florence, 28/10/2016
Terminology
▪ Instance = virtual machine = VM▪ Project = Tenant▪ Launch instance = create a new VM▪ Terminate instance = delete the VM (CAUTION: we
cannot undo the action)▪ Pause instance: the state of the VM is stored in RAM▪ Authentication and token management
▫ In exchange for a set of authentication credentials, the Identity service generates tokens. A token represents the authenticated identity of a user and, optionally, grants authorization on a specific project or domain (scoped token).
OpsCon Conference - Florence, 28/10/2016
What you should know prior to create a VM
▪ To each VM are related several elements▫ a user key pair: each key pair has two parts, the public and
the private key.▫ The public key is maintained within our Keystone server
and when you use the private key contained in your local .pem file to connect it creates an authorized session.
Note: Using cloud-init we can inject options to the VM image. E.g. Ubuntu #cloud-configpassword: mypwdchpasswd: { expire: False }ssh_pwauth: True
OpsCon Conference - Florence, 28/10/2016
Access & Security
▪ Access to your instances is controlled by security groups which are a collection of inbound (ingress) and outbound (egress) rules about which sources, protocols and ports a server can send/receive traffic from. No traffic can be received by a server unless a security group rule explicitly allows it.
OpsCon Conference - Florence, 28/10/2016
Floating IPs
▪ Each instance has a private, fixed IP address and can also have a public, or floating IP address. Private IP addresses are used for communication between instances, and public addresses are used for communication with networks outside the cloud, including the Internet.
▪ The floating IP is implemented by DNAT▫ the NAT router modifies the IP
address of the destination in IP packet headers.
OpsCon Conference - Florence, 28/10/2016
Demo Live The example code for this demo is available at: https://github.com/amartellone/os4j-demo
OpsCon Conference - Florence, 28/10/2016
Conclusions
▪ Interact with an Openstack cloud instance in an easy way.▪ Being able to create a powerful programmable infrastructure.▪ Could be useful to integrate in a CI/CD pipeline.▪ Simplify the integration and monitoring of different systems.▪ Develop a custom cloud manager tool.
Open source + APIs + SDKs = Enjoy it!
OpsCon Conference - Florence, 28/10/2016
“ … this is a journey, not a destination. Go incrementally. Break your system apart piece by piece...change is inevitable. Embrace it.
Sam Newman - “Building microservices” , O’Reilly
OpsCon Conference - Florence, 28/10/2016
Thanks!Any questions?You can find me at @a_martellone & [email protected]
OpsCon Conference - Florence, 28/10/2016