2
Copyright 2010 United States Government as represented by the
3
Administrator of the National Aeronautics and Space Administration.
6
Licensed under the Apache License, Version 2.0 (the "License"); you may
7
not use this file except in compliance with the License. You may obtain
8
a copy of the License at
10
http://www.apache.org/licenses/LICENSE-2.0
12
Unless required by applicable law or agreed to in writing, software
13
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
14
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
15
License for the specific language governing permissions and limitations
19
Nova Concepts and Introduction
20
==============================
26
Nova is the software that controls your Infrastructure as as Service (IaaS)
27
cloud computing platform. It is similar in scope to Amazon EC2 and Rackspace
28
CloudServers. Nova does not include any virtualization software, rather it
29
defines drivers that interact with underlying virtualization mechanisms that
30
run on your host operating system, and exposes functionality over a web API.
32
This document does not attempt to explain fundamental concepts of cloud
33
computing, IaaS, virtualization, or other related technologies. Instead, it
34
focuses on describing how Nova's implementation of those concepts is achieved.
36
This page outlines concepts that you will need to understand as a user or
37
administrator of an OpenStack installation. Each section links to more more
38
detailed information in the :doc:`adminguide/index`,
39
but you'll probably want to read this section straight-through before tackling
40
the specifics presented in the administration guide.
43
Concept: Users and Projects
44
---------------------------
46
* access to images is limited by project
47
* access/secret are per user
48
* keypairs are per user
49
* quotas are per project
52
Concept: Virtualization
53
-----------------------
65
An 'instance' is a word for a virtual machine that runs inside the cloud.
73
A 'volume' is a detachable block storage device. You can think of it as a usb hard drive. It can only be attached to one instance at a time, so it does not work like a SAN. If you wish to expose the same volume to multiple instances, you will have to use an NFS or SAMBA share from an existing instance.
78
Every instance larger than m1.tiny starts with some local storage (up to 160GB for m1.xlarge). This storage is currently the second partition on the root drive.
83
Nova supports per-project quotas. There are currently quotas for number of instances, total number of cores, number of volumes, total number of gigabytes, and number of floating ips.
89
Nova provides roles based access control (RBAC) for access to api commands. A user can have a number of different :ref:`roles <auth_roles>`. Roles define which api_commands a user can perform.
91
It is important to know that there are user-specific (sometimes called global) roles and project-specific roles. A user's actual permissions in a particular project are the INTERSECTION of his user-specific roles and is project-specific roles.
93
For example: A user can access api commands allowed to the netadmin role (like allocate_address) only if he has the user-specific netadmin role AND the project-specific netadmin role.
95
More information about RBAC can be found in the :ref:`auth`.
101
* OpenStack / Rackspace
107
Nova has a concept of Fixed Ips and Floating ips. Fixed ips are assigned to an instance on creation and stay the same until the instance is explicitly terminated. Floating ips are ip addresses that can be dynamically associated with an instance. This address can be disassociated and associated with another instance at any time.
109
There are multiple strategies available for implementing fixed ips:
114
The simplest networking mode. Each instance receives a fixed ip from the pool. All instances are attached to the same bridge (br100) by default. The bridge must be configured manually. The networking configuration is injected into the instance before it is booted. Note that this currently only works on linux-style systems that keep networking configuration in /etc/network/interfaces.
119
This is similar to the flat mode, in that all instances are attached to the same bridge. In this mode nova does a bit more configuration, it will attempt to bridge into an ethernet device (eth0 by default). It will also run dnsmasq as a dhcpserver listening on this bridge. Instances receive their fixed ips by doing a dhcpdiscover.
124
This is the default networking mode and supports the most features. For multiple machine installation, it requires a switch that supports host-managed vlan tagging. In this mode, nova will create a vlan and bridge for each project. The project gets a range of private ips that are only accessible from inside the vlan. In order for a user to access the instances in their project, a special vpn instance (code named :ref:`cloudpipe <cloudpipe>`) needs to be created. Nova generates a certificate and key for the user to access the vpn and starts the vpn automatically. More information on cloudpipe can be found :ref:`here <cloudpipe>`.
126
The following diagram illustrates how the communication that occurs between the vlan (the dashed box) and the public internet (represented by the two clouds)
128
.. image:: /images/cloudpipe.png
136
Nova is implemented by a number of related binaries. These binaries can run on the same machine or many machines. A detailed description of each binary is given in the :ref:`binaries section <binaries>` of the developer guide.
143
The nova-manage command is used to perform many essential functions for
144
administration and ongoing maintenance of nova, such as user creation,
145
vpn management, and much more.
147
See doc:`nova.manage` in the Administration Guide for more details.
159
* Managers/Drivers: utils.import_object from string flag
160
* virt/connections: conditional loading from string flag
161
* db: LazyPluggable via string flag
162
* auth_manager: utils.import_class based on string flag
163
* Volumes: moving to pluggable driver instead of manager
164
* Network: pluggable managers
165
* Compute: same driver used, but pluggable at connection
171
Nova utilizes the RabbitMQ implementation of the AMQP messaging standard for performing communication between the various nova services. This message queuing service is used for both local and remote communication because Nova is designed so that there is no requirement that any of the services exist on the same physical machine. RabbitMQ in particular is very robust and provides the efficiency and reliability that Nova needs. More information about RabbitMQ can be found at http://www.rabbitmq.com/.
187
Concept: Security Groups
188
------------------------
193
Concept: Certificate Authority
194
------------------------------
196
Nova does a small amount of certificate management. These certificates are used for :ref:`project vpns <cloudpipe>` and decrypting bundled images.