OpenStack Architecture

This page exists to document OpenStack configuration.

Note that the current approach is to use devstack, which is not a good way to learn OpenStack. So much of this document will be about doing a devstack-like configuration for Funtoo.

This document will split OpenStack configuration into each architectural component, describing configuration steps for each component separately.

SQL Database

A number of OpenStack services use a SQL back-end for storing various bits of data. Devstack (the official deployment script for OpenStack) uses MySQL as its deployment database, and creates a database for each service that needs to store data, and grants the root MySQL user full privilieges in the database:

sudo mysql -uroot -p$MYSQL_PASSWORD -h127.0.0.1 -e "GRANT ALL PRIVILEGES ON *.* TO '$MYSQL_USER'@'%' identified by '$MYSQL_PASSWORD';"

Using a single root user account for all services is not a good policy for production deployment. Ideally, each service should have its own restricted user account with only the ability to access its own database.

While DevStack uses MySQL for its SQL deployment, multiple database back-ends are actually supported thanks to SQLAlchemy being used behind the scenes, which is a re-targetable Python database API. Thus, it should be possible to use Postgres, etc, by simply using different connection strings. A list of SQLAlchemy connection types can be found on this SQLAlchemy documentation page.

Let's look at how each service is configured in regards to SQL:

glance

From glance.openstack.org:

The Glance project provides services for discovering, registering, and retrieving virtual machine images. Glance has a RESTful API that allows querying of VM image metadata as well as retrieval of the actual image.

Glance uses a MySQL database called glance.

SQL connection settings might be stored in a glance configuration file located at /opt/stack/glance/etc/glance-registry.conf. In the devstack installation process, /opt/stack/glance contains a git checkout of the glance software.

The SQL connection configuration string might look something like this:

sql_connection = mysql://glance:yourpassword@192.168.206.130/glance

More info on glance configuration is available here.

nova

Nova, the compute service, has its SQL connection specified in /etc/nova/nova.conf, using the --sql_connection=connection format. Connection string is identical to Glance, in SQLAlchemy format.

keystone

Keystone, the OpenStack identity service, also uses SQL. etc/keystone.conf keystone install/git repo directory is used to store the SQL configuration:

sql_connection = %SQL_CONN%

As everything else, the SQL connection string uses SQLAlchemy syntax.

Quantum and Open VSwitch

Quantum is an incubated OpenStack project to provide "network connectivity as a service" between interface devices (e.g., vNICs) managed by other Openstack services (e.g., nova).

Open VSwitch is described as:

Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license. It is designed to enable massive network automation through programmatic extension, while still supporting standard management interfaces and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed to support distribution across multiple physical servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.

There is an Open VSwitch Plug-in for OpenStack Quantum which can be set up by DevStack. This plug-in uses SQL storage. The SQLAlchemy connection string is stored in (relative to git/install root) etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini. Similarly to everything but nova, the SQL connection string is stored in sql_connection = format.

Melange

From the Melange site:

Melange is intended to provide network information services for use across OpenStack services. The initial focus will be on IP address management (IPAM) and address discovery (DHCP/dnsmasq) functionality. Melange is intended to be a standalone service with it's own API. However, the initial use case will be to decouple existing IP management and VM address discovery from Nova and support the existing Nova networking caoabilities.

Melange also uses a sql_connection = string stored in its etc/melange/melange.conf (relative to install/git root).

RabbitMQ

RabbitMQ is a reliable messaging framework used by OpenStack. Currently, it looks like only nova uses it. Nova is configured to connect to rabbitmq by setting the following lines in /etc/nova/nova.conf:

--rabbit_host=$RABBIT_HOST
--rabbit_password=$RABBIT_PASSWORD

Rabbit's password is configured using the following command, as root:

# rabbitmqctl change_password guest $RABBIT_PASSWORD

I am not yet completely sure how RabbitMQ fits into the OpenStack architecture. It may be that the supporting services expect it to be running locally, and that Nova compute notes need to hook into a Nova instance, which would typically be running remotely. (Thus the ability for DevStack to target a remote RabbitMQ host.)