One 、 What is? OpenStack

Openstack It's a cloud platform management project .
OpenStack Is an open source cloud platform , It belongs to... In cloud computing IaaS,
simply ： He's here to manage our hardware facilities . Put the server 、 Switch 、 Routers, storage, etc. are controlled by OpenStack Platform management .
We deploy... On the device Linux operating system , Then deploy... On the operating system OpenStack, from OpenStack Decide which virtual machines should be started on which physical computing nodes .

Two 、OpenStack Component introduction of

OpenStack It is composed of many core components , Each component is responsible for its own small piece of functionality , Such as ： Responsible for providing computing services Nova, Providing network services Neutron, Each of them has its own management interface , The so-called management interface is based on HTTP Requested web service , It is mainly used to accept command-line tools or components http request .

Let's start with a brief introduction to each component , I'll explain it in detail later

1. keystone Identity authentication service
2. glance Image services
3. nova Computing services
4. Neutron Network services
5. Horizon Kanban service
6. Cinder Disk service
7. Swift Object storage service （ Chicken ribs Generally do not use ）
8. Ceilometer Measurement services
9. Heat Choreography Services

2.1 、keystone Identity authentication service

2.1.1 keystone summary

How Authentication works , Take the picture for example

As can be seen from the figure , Before each component operates call keystone Verify your identity ！

Three important concepts ： user （user）、 role (role)、 Tenant （project）【 It can also be called project 】

1. user ： Create user , The information includes the user name 、 password 、 Email and other information , however Create users only stay Openstack Resources cannot be used in ！
2. Tenant ：OpenStack All resources in are based on Tenants to isolate , A user must be associated with a tenant before calling resources
3. role ： Restrict user access to resources . Roles can only be associated with Users under tenants , also A user can have different roles under different tenants .

Tenant 、 The user's understanding ： Such as The user is Company employees , A department is a tenant , Employees are assigned to departments , To work properly .
A user can have multiple tenants , The roles under different tenants can also be different

Okay , Look at the picture below , Continue analysis ：

Upper figure （ Left basket ） Explain ：

1. OpenStack After construction , There will be a blue box , be called domin( Equivalent to the concept of database ), There are two tenants in the picture above .
2. 【 user -admin/ role -admin】 Express ： A user joins the tenant There must be role information ,admin by The role of super tube
3. A user under different tenants , As long as the role is admin, He is Whole OpenStack Super administrator of

The problem is coming. ：
The chairman is admin Does he have to take care of everything , Or to the boss of his branch admin role , Will his authority soon be the same as mine ？

Look at the basket on the right
OpenStack You can create multiple domin. Such as Domin-bus1, take A user placed under a tenant admin role , Then he just Super tube under this tenant

Enterprise private cloud is a Domin That's enough , Multiple Domin You need to activate more Domin Service for

also Some unimportant terms , Understanding can

1. group Group ：
   Group users , Then by component 、 role , All users in the group are divided into tenants and roles ,== Take off your pants and fart , Superfluous functions
2. service endpoint The end of the service
   Each component has a API, Yes API There will be IP Address and access method
   The service endpoint is the address provided by a service, such as http://192.168.100.20:5000/v3 , So that's one
   The end of the service , Service endpoints are used to provide services based on http Requested API An address of the method .

2.1.2 keystone Service for

1. Identity authentication service
2. Resource service
3. Assign Services / Assignment Service

The above three services Namely The above said user Allocate resources according to different roles of tenants

1. Bill service / Token Service
   Responsible for verifying token Verification service of bills .
2. A directory service /Catalog Service
   Responsible for service Endpoint Management of , Only registered with the correct Endpoint, The service can be called normally
3. Rule service /Policy Service
   Service management rules , The general rules document will be in /etc/ project /Policy.json, It defines what each method needs
   What role do you want to use to access .

2.2、glance Image services

Responsible for managing the openstack Online mirror warehouse , Mirror image == operating system , Store it in the object store by configuration (Swift)、ceph perhaps Gluster in

2.3、nova Computing services

2.4、Neutron Network services

2.5、Horizon Kanban service

2.6、Cinder Disk service

2.7、Swift Object storage service （ Chicken ribs Generally do not use ）

2.8、Ceilometer Measurement services

Collect the use of various resources of the project

2.9、Heat Choreography Services