Introduction to OpenStack

Written by Wilfried Kirschenmann, on 06 February 2018

OpenStack is a set of tools used for creating and managing public and private cloud computing platforms.

This tool is supported by an active user community and the OpenStack Foundation, a non-profit organization that oversees the development and community activities around this project.

According to a survey conducted by the same organization in 2016, 65% of OpenStack deployments are in production.

This tool is becoming increasingly mature for use in production cloud environments and is also used in integration or testing environments.

Furthermore, according to a study conducted by the Linux Foundation in collaboration with Dice ("The Open Source Jobs Report"), 51% of IT recruitment specialists believe that experience with OpenStack and another Cloud technology is one of the important criteria in their hiring.

The development of OpenStack began in 2010 following a merger between two projects led by Rackspace and NASA. In 2011, the OpenStack Bexar release was introduced in Ubuntu, a year later Debian introduced the OpenStack Cactus release, and in 2012, Red Hat introduced an OpenStack distribution, followed by Oracle, HP, and VMware.

The OpenStack Architecture

OpenStack mainly consists of 9 distinct services:

  • Nova Compute
  • Neutron Networking
  • Swift Object Storage
  • Cinder Block Storage
  • Keystone Identity
  • Glance Image
  • Telemetry Ceilometer
  • Horizon Dashboard
  • Heat Orchestration

The services are practically independent but need to run together to ensure the availability, scalability, and security of an OpenStack infrastructure.

These services communicate with each other according to the following schema, which we will detail in the second part of this article.

architecture openstack

1. Nova Compute (Compute Service)

Nova, the compute component of OpenStack, provides the means to access scalable computing resources massively and in a self-service manner. It is accessible via an API that allows managing VMs, containers, bare metal servers, and also offers the ability to manage other types of resources and technologies such as KVM, VMWare, Xen, Hyper-V, Docker, LXC, and LXD.

Nova is based on a messaging architecture, and all its components can generally run on multiple servers. This architecture allows components to communicate via a message queue (MQ).

These "message-based" architectures generally allow guaranteed message delivery, security, efficient routing, and message processing based on their priorities.

Nova interacts with:

  • A SQL database to store data
  • A web dashboard that communicates via the API
  • An API that exchanges HTTP messages with other components of the platform
  • An authentication manager responsible for managing users, projects, and roles.
  • This component is a Python class that communicates with a database or an LDAP server.
  • A scheduler that allocates hosts to the appropriate virtual machines
  • The networking component responsible for IP forwarding, bridges, and VLANs
  • The compute component that controls communication between the hypervisor and VMs.

These elements, which will be detailed later, are also part of the OpenStack architecture, and it's not just Nova that interacts with them, but also the other services.

2. Neutron (Networking Service)

Neutron is another project that makes up OpenStack and was created to make "networking as a service" between the interfaces of multiple instances more accessible.

OpenStack networking is a standalone service that deploys multiple processes across different nodes. These processes interact with each other and with other OpenStack services.

There are 5 main network components:

  • The Neutron server (neutron-server and neutron--plugin): This is the main process, a Neutron server (neutron-server) is a Python daemon that exposes the OpenStack network API. This service communicates with the database using AMPQ.
  • The Neutron agent (neutron--agent): Runs on each compute node to manage the configuration of the local virtual switch (vswitch). This service requires access to the message queue (MQ). The Neutron agent depends on the plugin used. Some plugins like OpenDaylight (ODL) and Open Virtual Network (OVN) do not require any Python agent on compute nodes.
  • The DHCP agent (neutron-dhcp-agent): As its name suggests, this service provides DHCP. This agent is the same for all plugins and also requires access to the MQ.
  • The L3 agent (neutron-l3-agent): This component provides layer 3 services and NAT forwarding for access to external networks. This service requires access to the MQ, and its dependency on a plugin is optional.
  • Network provider services (SDN/server services): This service provides additional network services and can interact with neutron-server, neutron-plugin, and plugin agents through the REST API.

3. Glance (Image Service)

Glance manages the image registry where VM images, disk images, and snapshots are stored. It also contains pre-built VM templates so that users can try them on the fly.

Instances are booted from this image registry. Users can create custom images and later upload them to Glance for reuse. Glance also stores images remotely to save local disk space.

4. Swift (Object Storage)

Swift offers a storage service where files are not organized hierarchically. An object cannot be placed inside another but exists at the same level as other objects in a flat addressing space called a storage pool.

Object storage generally, and OpenStack's specifically, is designed to ensure optimized access, service availability, and access concurrency to the data set.

Swift is ideal for storing unstructured data that can grow and scale without interdependencies.

This service also provides checksum redundancy verification for files (checksum).

5. Cinder (Block Storage)

Cinder is another storage manager but of a different type. This type of storage is equivalent to an external hard drive linked to an instance. It is evident that block storage is less speedy in access than object storage but is more optimized for other scenarios such as databases and transactional data.

The block volume is created by Swift and then attached to the running volume on an instance where a partition has been created. At the end of an instance's life, the volume is recovered and kept by Cinder and can be reused and attached to another instance. Cinder images are stored on a shared storage environment for fast access.

An image can be a simple snapshot or a bootable image.

6. Heat (Orchestration)

It is a "human-friendly" service and more accessible to administrators to manage the entire lifecycle of infrastructure and applications in an OpenStack cloud.

The user can customize their OpenStack cloud using templates with simple instructions that are read and interpreted by the Heat engine (heat-engine).

Heat also provides an automatic scalability service that integrates Telemetry so that you can create a scaling group as a template.

7. Telemetry (Ceilometer)

Telemetry is responsible for measurements: It can be used to generate invoices based on usage statistics.

Its API can be used with external billing systems. Telemetry allows administrators to create alarms triggered based on configured metrics.

8. Horizon (Dashboard)

Horizon is the web dashboard of OpenStack. It provides a user interface to OpenStack services, including Nova, Swift, Keystone, etc.

9. Keystone (Identity Service)

This is the main authentication and authorization service that manages users, services, and endpoints. Keystone uses authentication tokens to authorize access to resources and maintains session state.


After 17 releases, OpenStack is becoming more mature and gaining significant traction in the Cloud industry and infrastructure market.

Interoperability is one of OpenStack's strengths. This allows transparency in the creation of public and private clouds as well as easier connectivity between vendors.

Companies like Cisco and HP quickly realized the strengths of OpenStack and the role it is playing in creating the future of the cloud: generations of clouds that are more neutral, portable, and open.

This openness, as in Open Source software, reduces the number of vulnerabilities and eliminates the dangers of cloud lock-in. The latter has become one of the most important criteria for companies in their choice of cloud.

OpenStack is composed of several projects of different natures, and mastering it requires several skills and a little more time than other technologies, but it is worth it: According to a study, OpenStack engineers earn 36% more in their lives as Infrastructure engineers than non-OpenStack engineers.