Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletter Hub
Free Learning
Arrow right icon
OpenStack Orchestration
OpenStack Orchestration

OpenStack Orchestration:

eBook
$9.99 $35.99
Paperback
$43.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Table of content icon View table of contents Preview book icon Preview Book

OpenStack Orchestration

Chapter 1. Getting Started with the Orchestration Service for OpenStack

OpenStack is an open source cloud computing platform that offers mainly an Infrastructure as a Service (IaaS) solution and several service features such as scalability, high availability, and redundancy. It was started as a joint project by NASA and Rackspace in 2010. OpenStack is a combination of several independent components that are integrated with each user using an API. A non-profit corporate organization called OpenStack Foundation was established in the year 2012, which is responsible for maintaining the versioning and development of OpenStack.

The following are the objectives that we will cover in this chapter:

  • The OpenStack architecture
  • The Orchestration service of OpenStack
  • The Heat workflow
  • The Orchestration authorization model
  • Stack domain users

Introduction to the OpenStack architecture

Several independent applications (also called projects) are responsible for the formation of OpenStack. These applications are discussed in the following sections.

Horizon

Horizon is the web-based control panel that provides an interface (or a dashboard) to control and carry out administrative activities in the cloud environment. It provides web-based options to interact with other components of OpenStack. New virtual machine instances can be launched using this interface. Not only this but also several other resources such as disk volumes, floating IP addresses, and so on can be managed using this interface. This project was named as Horizon.

Nova

Nova is the compute service component of the OpenStack framework that is responsible for maintaining the life cycle of virtual machines. This includes spawning of new virtual machines, stopping, restarting, and decommissioning of virtual machines.

Neutron

Neutron is the component of OpenStack that offers networking services, including LAN subnet management, VLAN management, and bridging services to be used by the virtual machine instances. It also includes the Open vSwitch application that provides an SDN-enabled forwarding device.

Swift

The Swift component of OpenStack is responsible for providing object storage services.

Object storage is a storage type where data is stored in the form of objects (data and associated metadata). It also provides an API to access and store data.

Cinder

This Cinder component of OpenStack offers block storage services. This is used by the virtual machine instances as disk volumes.

Keystone

Keystone is the component of OpenStack that provides authentication and authorization services to other components of OpenStack as well as individual users or tenants.

Glance

Glance provides disk imaging service to the virtual machine instances of OpenStack. Disk images can be used to create new disk volumes and virtual machine instances.

Ceilometer

Ceilometer is the metering service provider for OpenStack. It monitors and records several performance metrics for OpenStack components that include CPU load, CPU utilization, memory utilization, disk volume utilization, and so on.

Heat

Heat is the component of OpenStack with provides orchestration and configuration service for OpenStack components and resources. It can be used in combination with the Ceilometer component to achieve autoscalability and high availability.

Heat supports standards such as TOSCA (Topology and Orchestration Specification for Cloud Applications) and Amazon CloudFormation.

Trove

The Trove component of OpenStack provides a Database as a Service (DBaaS) solution. Both relational as well as nonrelational database engines are supported by Trove.

The Orchestration service for OpenStack

Orchestration is a main feature provided and supported by OpenStack. It is used to orchestrate cloud resources, including applications, disk resources, IP addresses, load balancers, and so on.

As discussed in the earlier sections of this chapter, the OpenStack component that is responsible for managing the orchestration services in OpenStack is Heat.

Heat contains a template engine that supports text files where cloud resources are defined. These text files are defined in a special format compatible with Amazon CloudFormation. A new OpenStack native standard has also been developed for providing templates for Orchestration called HOT (Heat Orchestration Template).

Heat provides two types of clients including a command-line client and a web-based client integrated into the OpenStack dashboard.

The Orchestration project (Heat) itself is composed of several subcomponents. These subcomponents are listed as follows:

  • Heat
  • heat-engine
  • heat-api
  • heat api-cfn

Heat uses the term "stack" to define a group of services, resources, parameters inputs, constraints, and dependencies. A stack can be defined using a text file; however, the important point is to use the correct format. The JSON format used by AWS CloudFormation is also supported by Heat.

The Heat workflow

As already mentioned in the previous sections of this chapter, Heat provides two types of interfaces, including a web-based interface integrated into the OpenStack dashboard and also a command-line interface (CLI), which can be used from inside a Linux shell.

The interfaces use the heat-api to send commands to the Heat engine via the messaging service (for example RabbitMQ). A metering service such as Ceilometer or CloudWatch API is used to monitor the performance of resources in the stack. These monitoring/metering services are used to trigger actions upon reaching a certain threshold. An example of this could be automatically launching a redundant web server behind a load balancer when the CPU load on the primary web server reaches above 90 percent.

The Orchestration authorization model

The Heat component of OpenStack uses an authorization model composed of mainly two types:

  • Password-based authorization
  • Authorization based on OpenStack identity trusts

This process is known as Orchestration authorization.

Password authorization

In this type of authorization, a password is expected from the user. This password must match with the password stored in a database by the Heat engine in an encrypted form.

The following are the steps used to generate a username/password:

  1. A request is made to the Heat engine for a token or an authorization password. Normally, the Heat command-line client or the dashboard is used.
  2. The validation checks will fail if the stack contains any resources under deferred operations. If everything is normal, then a username/password is provided.
  3. The username/password are stored in the database in encrypted form.

In some cases, the Heat engine, after obtaining the credentials, requests another token on the user's behalf, and thereafter, access to all the roles of the stack owner are provided.

Keystone trusts authorization

Keystone trusts are extensions to OpenStack identity services that are used for enabling delegation of resources. The trustor and the trustee are the two delegates used in this method. The trustor is the user who delegates and the trustee is the user who is being delegated. The following information from the trustor is required by the identity service to delegate a trustee:

  • The ID of the trustee (user to be delegated, in case of Heat, it will be the Heat user)
  • The roles to be delegated (the roles are configured using the Heat configuration file, for example, to launch a new instance to achieve auto-scaling in case of reaching a threshold)

Trusts authorization execution

The creation of a stack via an API request step can be followed to execute a trust based authorization.

A token is used to create a trust between the stack owner (the trustor) and the Heat service user (also known as the trustee in this case). A special role is delegated. This role must be predefined in the trusts_delegated_roles list inside the heat.conf file.

By default, all the available roles for the trustor are set to be available for the trustee if it is not modified using a local RBAC policy.

This trust ID is stored in an encrypted form in the database. This trust ID is retrieved from the database when an operation is required.

The authorization model configuration

Heat used to support the password-based authorization until the kilo version of OpenStack was released. Using the kilo version of OpenStack, the following changes can be made to enable trusts-based authorization in the Heat configuration file:

  • The default setting in heat.conf:
    deferred_auth_method=password
  • To be replaced for enabling trusts-based authentication:
    deferred_auth_method=trusts
  • The following parameters need to be set to specify trustor roles:
    trusts_delegated_roles =

As mentioned earlier, all available roles for the trustor will be assigned to the trustee if no specific roles are mentioned in the heat.conf file.

Stack domain users

The Heat stack domain user is used to authorize a user to carry out certain operations inside a virtual machine.

Agents running inside virtual machine instances are provided with metadata. These agents repot and share the performance statistics of the VM on which they are running.

They use this metadata to apply any changes or some sort of configuration expressed in the metadata.

A signal is passed to the Heat engine when an event is completed successfully or with the failed status. A typical example can be to generate an alert when the installation of an application is completed on a specific virtual machine after its first reboot.

Heat provides features for encapsulating all the stack-defined users into a separate domain. This domain is usually created to store the information related to the Heat service. A domain admin is created, which is used by Heat for the management of the stack-domain users.

Configuring stack domain users

The following procedure is used to configure stack domain users:

  1. A new domain is created using keystone (OpenStack Identity service). Usually, the domain name is set to Heat. This ID is configured in the heat.conf file against the parameter stack_user_domain.
  2. A new user is created using keystone with permissions to create and delete projects and users. This newly defined user must belong to the domain created in step 1.
  3. The user created in step 2 (along with the password) is configured in heat.conf against the parameters: stack_domain_admin and stack_domain_admin_password.

This user is used to maintain the stack domain users on behalf of stack owners. As the heat_domain_admin user is only allowed access to the Heat domain, the risk of unwanted access to other domains is limited.

The following are the commands and the steps necessary to set up domain users:

  1. A domain is created using the following command:
    $ openstack --os-identity-api-version=3  --os-auth-url  http://192.168.5.38:35357/v3\
    --os-username admin --os-password ADMIN --os-project-name admin domain create heat \
    --description "Domain For HEAT Projects and Users"
    

    Here $OS_TOKEN refers to a token that must be a valid token.

    This will return a domain ID that will be referred to as $HEAT_DOMAIN_ID in the next step.

    Configuring stack domain users
  2. Next, a user will be created within the domain created in step 1:
    $ openstack  user create heat_domain_admin \
    --os-identity-api-version=3  \
    --os-auth-url  http://192.168.5.38:35357/v3 \
    --os-username=admin --os-password=ADMIN \
    --os-project-name=admin \
    --domain heat \
    --description "Admin for HEAT domain"\
    

    This will return a domain admin ID, which will be used in the next step.

    Configuring stack domain users
  3. Next, the newly created user in step 2 is assigned the role of domain admin:
    $ openstack role add admin \
    --user heat_domain_admin \
    --os-identity-api-version=3  \
    --os-auth-url  http://192.168.5.38:35357/v3 \
    --os-username=admin \
    --os-password=ADMIN \
    --os-project-name=admin \
    --domain heat
    

    We'll get the output shown in the following screenshot for this command:

    Configuring stack domain users

The information such as domain ID, username, and password is needed to be configured against the relevant parameters in heat.conf.

Creating a stack

The following are the steps needed to create a sample stack:

  1. If the stack contains any resources that require creation of a "stack domain user", then a new "stack domain project" in the "Heat" domain is created.
  2. A new user is created under "stack domain project" by Heat if it is required. From an authentication perspective, this user is completely separate and also unrelated to the "stack owner's project."

While processing API requests, an internal lookup is made by Heat Orchestration to grant the required privileges to the user for both the stack owner's project as well as the stack domain project. These privileges are controlled by the policy.json file.

Summary

In this chapter, we learned about OpenStack, the open source cloud platform that offers IaaS features. OpenStack is made of several components, including Horizon (dashboard service), Nova (compute service), Neutron (networking service), Cinder (block storage service), Swift (object storage service), Glance (shared image service), Keystone (identify service), Ceilometer (telemetering service), Heat (Orchestration service), and Trove (database as a service). We also learned that Heat is the Orchestration service for OpenStack. We learned about the Heat authorization models, including password authorization, keystone trust authorization, and how these models work.

Left arrow icon Right arrow icon

Key benefits

  • Set up, manage, and troubleshoot Heat and effectively automate your datacenter and cloud-based services
  • Achieve high availability, minimize down-time, and automate the deployment of cloud-based services and resources with minimum effort
  • Upgrade your skills and manipulate resources on virtual machines in an unattended fashion using Heat

Description

This book is focused on setting up and using one of the most important services in OpenStack orchestration, Heat. First, the book introduces you to the orchestration service for OpenStack to help you understand the uses of the templating mechanism, complex control groups of cloud resources, and huge-potential and multiple-use cases. We then move on to the topology and orchestration specification for cloud applications and standards, before introducing the most popular IaaS cloud framework, Heat. You will get to grips with the standards used in Heat, overview and roadmap, architecture and CLI, heat API, heat engine, CloudWatch API, scaling principles, JeOS and installation and configuration of Heat. We wrap up by giving you some insights into troubleshooting for OpenStack. With easy-to-follow, step-by-step instructions and supporting images, you will be able to manage OpenStack operations by implementing the orchestration services of Heat.

Who is this book for?

If you are a System Engineer, System Administrator, Cloud Administrator, or a Cloud Engineer, then this book is for you. You should have a background of working in a Linux-based setup. Any knowledge of OpenStack-based cloud infrastructure will help you create wonders using this book.

What you will learn

  • Install an orchestration service for a private cloud environment
  • Tackle errors that show up during the installation and configuration of heat
  • Configure a template for orchestration using the native HOT format
  • Configure a template for orchestration using the AWS cloud formation format
  • Deploy a stack using the HOT template
  • Deploy a test stack using the AWS CloudFormation template
  • Automate and orchestrate cloud-based services with OpenStack Heat

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Oct 27, 2015
Length: 150 pages
Edition : 1st
Language : English
ISBN-13 : 9781785282966
Vendor :
OpenStack
Tools :

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Product Details

Publication date : Oct 27, 2015
Length: 150 pages
Edition : 1st
Language : English
ISBN-13 : 9781785282966
Vendor :
OpenStack
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $ 153.97
OpenStack Orchestration
$43.99
Learning OpenStack Networking (Neutron), Second Edition
$54.99
OpenStack Networking Cookbook
$54.99
Total $ 153.97 Stars icon
Banner background image

Table of Contents

8 Chapters
1. Getting Started with the Orchestration Service for OpenStack Chevron down icon Chevron up icon
2. The OpenStack Architecture Chevron down icon Chevron up icon
3. Stack Group of Connected Cloud Resources Chevron down icon Chevron up icon
4. Installation and Configuration of the Orchestration Service Chevron down icon Chevron up icon
5. Working with Heat Chevron down icon Chevron up icon
6. Managing Heat Chevron down icon Chevron up icon
7. Troubleshooting Heat Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon

Customer reviews

Rating distribution
Full star icon Full star icon Full star icon Empty star icon Empty star icon 3
(3 Ratings)
5 star 33.3%
4 star 0%
3 star 33.3%
2 star 0%
1 star 33.3%
Hamza Siddiqui Sep 03, 2017
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Great book, learned a lot
Amazon Verified review Amazon
Sri Thuraisamy Nov 29, 2015
Full star icon Full star icon Full star icon Empty star icon Empty star icon 3
This book is recommended for anyone interested to integrate with Heat module. The book also cover the opens tack single/multi node architecture. It would have been better if the book covered more examples on catalogue formation.
Amazon Verified review Amazon
Krishna Sumanth Boinepally Nov 10, 2016
Full star icon Empty star icon Empty star icon Empty star icon Empty star icon 1
I'd prefer openstack documentation over this book. it just defines basic stuff. It's a waste of money.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.