OpenStack

https://www.openstack.org

OpenStack is an open-source cloud computing platform designed to manage and pool compute, network, and storage resources in data centers, enabling on-demand provisioning of virtual resources through self-service interfaces and APIs. It serves as the foundation for both private and public clouds by abstracting physical hardware into virtual pools that users and applications can access programmatically.

Key Components

OpenStack operates using a modular architecture, consisting of several core and optional components:

  • Nova: Manages compute resources and instance scheduling.
  • Neutron: Provides software-defined networking (SDN) for cloud instances.
  • Cinder: Handles block storage provisioning for persistent data.
  • Swift: Offers scalable, highly-available object storage, similar to services like Amazon S3.
  • Glance: Manages cloud images for instances.
  • Keystone: Serves as the identity, authentication, and authorization service.

Core Functionality

  • OpenStack does not perform virtualization itself but acts as a “cloud layer” that interfaces with virtualization technologies (like KVM, VMware, Xen, or Hyper-V).
  • Users request resources (virtual machines, networks, storage) via dashboards or APIs, with OpenStack orchestrating their provisioning and lifecycle.
  • Its open-source nature means organizations can modify, adapt, and deploy it without licensing fees, often leading to reduced operational costs in the long term.

Use Cases and Benefits

  • Private and Hybrid Clouds: Enables enterprises to build private clouds or hybrid solutions that extend into public clouds.
  • Cost Optimization: Long-term operational costs are generally lower compared to proprietary solutions or public hyperscalers.
  • Vendor Independence: Abstracts underlying hardware, supporting multi-vendor environments and avoiding vendor lock-in.
  • Security and Customization: Deployed on-premises, OpenStack enables strict data control and custom cloud configuration.

Challenges

  • OpenStack has a steep learning curve, and the initial setup may be complex, requiring significant expertise and resources.
  • Ongoing maintenance and scaling may require skilled personnel for efficient operation.

Summary Table

FeatureOpenStack Platform
LicenseOpen-source (Apache 2.0)
Core ServicesCompute (Nova), Network (Neutron), Storage (Cinder, Swift), Image (Glance), Identity (Keystone)
InterfaceCLI, Web dashboard (Horizon), REST APIs
VirtualizationIntegrates with various hypervisors, not hypervisor itself
Deployment TypePrivate, Hybrid, and Public Clouds
ScalabilityDesigned for large-scale, multi-tenant environments
Vendors/CommunityBroad community, hundreds of contributing organizations

OpenStack is best suited for organizations looking for open, customizable cloud solutions that can scale and integrate multi-vendor hardware, with robust control over configuration and security.

OpenStack Components

OpenStack is a modular cloud platform made up of separate services that together provide compute, storage, networking, identity, and management for private or public clouds.

Core services

  • Nova: Compute service that provisions and manages virtual machines.
  • Neutron: Networking service for virtual networks, IP allocation, and network connectivity.
  • Cinder: Block storage service for persistent volumes attached to instances.
  • Swift: Object storage for scalable file/object storage.
  • Glance: Image service for storing and retrieving VM images.
  • Keystone: Identity service for authentication, authorization, and service catalog.
  • Horizon: Web dashboard for administering OpenStack.

Common supporting services

  • Heat: Orchestration service for templated infrastructure deployment.
  • Ceilometer: Telemetry/monitoring service in many OpenStack deployments.
  • Trove: Database service for managed database instances.
  • Sahara: Big data / Elastic MapReduce-style service.

How they fit together

OpenStack is designed as a set of composable projects rather than one monolithic application, so operators can deploy only the parts they need. The most common mental model is: Nova runs compute, Neutron connects it, Cinder and Swift store data, Glance supplies images, Keystone secures access, and Horizon gives you a GUI.

Simple example

If you launch a VM in OpenStack, Glance provides the image, Nova creates the instance, Neutron gives it network access, Cinder can attach extra disk, and Keystone checks that you are allowed to do it.

OpenStack Architecture Overview

https://images.openai.com/static-rsc-4/aEBVuqrX-rvRwOi90L41hDrlAE7dvJapYabi4gvFlHACq7HX-dvNBK2pLG3F8GO7twwLMtQWZ_UuWUwO-mxu6jQtRlT8WiPSVL3bXfW8b5H2ZhwFWt5CceYXn2mVY2JhIAMWMnjVXg9Ph9lz-ibH04m3075ihhZs1xO6FDt3BFFiF7a_rEdht1sKblXAhEQs?purpose=fullsize

7

What is OpenStack?

OpenStack is an open-source Infrastructure-as-a-Service (IaaS) cloud platform used to build private and hybrid clouds. It manages:

  • Compute (virtual machines / bare metal)
  • Networking
  • Storage
  • Identity/authentication
  • Images
  • Orchestration
  • Monitoring
  • Multi-tenancy

Think of it as the “Linux of cloud infrastructure” — a distributed control plane that turns pools of servers, disks, and networks into an API-driven cloud platform.

It is heavily used by:

  • Telcos
  • Financial institutions
  • HPC environments
  • Enterprises
  • Service providers
  • Sovereign/private cloud operators

OpenStack High-Level Logical Architecture

                +-----------------------------------+
| Horizon |
| (Web Dashboard) |
+----------------+-----------------+
|
v
+---------------------------------------------------------------+
| OpenStack APIs |
| Keystone | Nova | Neutron | Cinder | Glance | Heat | etc. |
+---------------------------------------------------------------+
|
+-------------------+-------------------+
| |
v v

+----------------------+ +-----------------------------+
| Control Plane | | Data Plane |
| API Services | | Compute / Storage / Network |
| Schedulers | | Hypervisors |
| Message Queues | | OVS/Linux Bridge |
| Databases | | Ceph / SAN / Local Disk |
+----------------------+ +-----------------------------+

Core OpenStack Services

1. Nova — Compute Service

https://images.openai.com/static-rsc-4/NXwxl2zcHs795sxj_P1Hk8k1hK1any31gBtE2BpuDy0icGfhkNVOJImkyUmPrNgvkrBQqHkeOPxVgMzsh_RYkJ0xRAXtrEGd9hkbeMKK9fdtXvUL3-6IyfoqgXZJoXwLwkAfBf2o8QZCgnzNUCJTb0Z-dcrrEoPq19yrKrF9ghXkLCmTrU8TzFFnMVW9Lnk6?purpose=fullsize
https://images.openai.com/static-rsc-4/gVD0LmRYCs2dUMKEKCdPgs8QVRKK9xOw3Jn0Xt_ubFHd-eiWvWkZH73-yEDISAc0__HT-dGOZ05CAg0cUOvgMExW852ESTITvRjwh5RkczzVMJ8kH4-nT4EUOwMxrN_7GZbs-jsG2EoC6l_mlZF9C6TGp1iUtUFOdwgWfGkOtDbbzEhUvQOQk5Lb6b8-t59x?purpose=fullsize

Nova manages virtual machine lifecycle operations.

Responsibilities

  • Create/delete VMs
  • Schedule workloads
  • Manage hypervisors
  • Allocate compute resources
  • Attach storage/networking

Main Components

ComponentPurpose
nova-apiReceives API requests
nova-schedulerChooses compute node
nova-conductorCoordinates DB + compute
nova-computeRuns on hypervisor nodes
placementTracks resource inventory
metadata serviceProvides cloud-init metadata

Hypervisors Supported

  • KVM (most common)
  • VMware ESXi
  • Hyper-V
  • Xen

Workflow Example

User launches VM

Nova API receives request

Keystone authenticates

Scheduler selects compute node

Neutron provisions networking

Cinder attaches volume

Glance provides image

nova-compute starts VM via KVM/libvirt

2. Neutron — Networking

https://images.openai.com/static-rsc-4/kwlMOsFF8fLSVYJ8pFPPZNU7Pd1VT44KIMiNqwZrBTjSL1BfrZDHiEEdUj6oI7LoUk8FhOJijvAtploS2xTDW8VwSgdMGuO0s5KLI_Mk5BLA6Oq4UXFIm8bEzJkGRf5oRN8gkl9X7V92JN8jszwtr6gZxOlLjGq3lZSFJ4b27m7zwwTm1zbrT_-tgdNIxCWB?purpose=fullsize

5

Neutron provides Software Defined Networking (SDN).

Responsibilities

  • Tenant networking
  • Virtual routers
  • Floating IPs
  • Security groups
  • DHCP
  • Load balancing
  • VLAN/VXLAN overlays

Core Components

ComponentPurpose
neutron-serverAPI service
ML2 pluginNetwork backend abstraction
L3 agentRouting
DHCP agentDHCP services
Metadata agentVM metadata
OVS/OVN agentsVirtual switching

Common Network Backends

BackendNotes
Open vSwitch (OVS)Traditional deployment
OVNModern scalable SDN backend
Linux BridgeSimpler environments
SR-IOVHigh-performance networking

Networking Models

TypePurpose
Provider networkDirect physical network access
Tenant networkIsolated VXLAN/VLAN overlays
Floating IPPublic IP NAT
Security groupsVirtual firewall rules

3. Cinder — Block Storage

https://images.openai.com/static-rsc-4/kwlMOsFF8fLSVYJ8pFPPZNU7Pd1VT44KIMiNqwZrBTjSL1BfrZDHiEEdUj6oI7LoUk8FhOJijvAtploS2xTDW8VwSgdMGuO0s5KLI_Mk5BLA6Oq4UXFIm8bEzJkGRf5oRN8gkl9X7V92JN8jszwtr6gZxOlLjGq3lZSFJ4b27m7zwwTm1zbrT_-tgdNIxCWB?purpose=fullsize
https://images.openai.com/static-rsc-4/Q_Dyd18NhGZdoAG_Ju1LqwOA00ibFdD0oyndL8tSGzT_xKmZNhuKInOlM7ncq0g9b999GNuR0rst_O7f46vCNP82V7xJwoXR5NwxJoOr5F5aotLFO9eJFdNwSFtLz6xIUgI-lhmhIfndaQOg1WAxWYNyvD5eOGie1Bj1h1tADNcA5WJ9e_cYuoMAfufZ5Q1G?purpose=fullsize

7

Provides persistent block storage volumes for VMs.

Responsibilities

  • Create volumes
  • Snapshots
  • Replication
  • Attach/detach disks
  • Storage QoS

Common Backends

BackendNotes
Ceph RBDMost common
NetAppEnterprise SAN
Dell EMCEnterprise arrays
LVMLocal storage
Pure StorageFlash arrays

Components

ComponentPurpose
cinder-apiAPI endpoint
cinder-schedulerSelects backend
cinder-volumeTalks to storage backend
cinder-backupBackup service

4. Swift — Object Storage

S3-like distributed object storage.

Use Cases

  • Backups
  • VM images
  • Archives
  • Media storage
  • Large-scale object data

Architecture

Proxy Service

Storage Nodes
├── Account
├── Container
└── Object services

Characteristics

  • Highly scalable
  • Eventually consistent
  • Replicated storage
  • Commodity hardware friendly

5. Glance — Image Management

Stores and distributes VM images.

Responsibilities

  • Upload images
  • Snapshot images
  • Image catalog
  • Image caching

Supported Formats

  • QCOW2
  • RAW
  • VMDK
  • ISO

Common Backends

  • Ceph
  • Swift
  • NFS
  • Filesystem

6. Keystone — Identity & Authentication

Central authentication and authorization system.

Responsibilities

  • Authentication
  • Authorization
  • RBAC
  • Multi-tenancy
  • Service catalog
  • Token issuance

Concepts

ConceptMeaning
UserIdentity
Project/TenantResource boundary
RolePermissions
TokenAuth credential
Service CatalogAPI discovery

Integrations

  • LDAP
  • Active Directory
  • SAML
  • OIDC

7. Horizon — Web UI

Web dashboard for administrators and tenants.

Functions

  • Launch VMs
  • Manage networks
  • Manage volumes
  • User/project administration
  • Monitor usage

Built on:

  • Django
  • OpenStack APIs

Additional Important Services


8. Heat — Orchestration

Infrastructure-as-Code engine.

Equivalent concepts:

  • AWS CloudFormation
  • Terraform orchestration

Uses

  • Deploy application stacks
  • Autoscaling
  • Templates

Uses YAML templates called HOT:

  • Heat Orchestration Templates

9. Ironic — Bare Metal

Provision physical servers like cloud instances.

Use Cases

  • Kubernetes worker nodes
  • HPC
  • Telco NFV
  • GPU workloads

Integrates with:

  • PXE
  • Redfish/IPMI
  • BIOS management

10. Magnum — Kubernetes Clusters

Provides Kubernetes-as-a-Service.

Can deploy

  • Kubernetes
  • Docker Swarm
  • Mesos (legacy)

Built using:

  • Nova
  • Neutron
  • Heat
  • Cinder

11. Octavia — Load Balancing

LBaaS implementation.

Provides:

  • HAProxy-based load balancers
  • TLS termination
  • Health checks

12. Ceilometer + Gnocchi — Monitoring & Telemetry

Used for:

  • Metrics
  • Billing
  • Monitoring
  • Autoscaling triggers

Supporting Infrastructure Components

These are critical but often overlooked.

Database Layer

Usually:

  • MariaDB/Galera cluster

Stores:

  • Instance metadata
  • Network state
  • Identity data
  • Scheduling data

Message Queue

Usually:

  • RabbitMQ

Used for:

  • Service-to-service communication
  • Asynchronous operations

Example:

Nova scheduler → RabbitMQ → nova-compute

Memcached

Used for:

  • Keystone token caching
  • Session caching

Physical Node Roles

Controller Nodes

Run:

  • APIs
  • Schedulers
  • Databases
  • RabbitMQ
  • Keystone
  • Horizon

Usually HA clustered.


Compute Nodes

Run:

  • nova-compute
  • KVM/libvirt
  • OVS/OVN agents

Actually host VMs.


Storage Nodes

Run:

  • Ceph OSDs
  • Swift object services
  • Storage daemons

Network Nodes

Run:

  • Routing
  • NAT
  • DHCP
  • Floating IP services

In modern OVN architectures, dedicated network nodes are less necessary.


How Everything Fits Together

Full VM Provisioning Flow

https://images.openai.com/static-rsc-4/uEFM7ccSeSF3CnMvMAI4BklmB-cR4SqcDsUhs948SLjXuOA6AJgN7dz1UZFBbKjPvvFlfDG3vJzwBLZXpgjx-siqp-irAOxntsWz22E_4Of-owDKetyiCsgN0Vl8Fj8emU5g-XKzDkbOO40u9m7NYwDYjQ6P-tmumraI4qe5iyDyu4ruYcx2hJ_dYkwlf0I9?purpose=fullsize
https://images.openai.com/static-rsc-4/kwlMOsFF8fLSVYJ8pFPPZNU7Pd1VT44KIMiNqwZrBTjSL1BfrZDHiEEdUj6oI7LoUk8FhOJijvAtploS2xTDW8VwSgdMGuO0s5KLI_Mk5BLA6Oq4UXFIm8bEzJkGRf5oRN8gkl9X7V92JN8jszwtr6gZxOlLjGq3lZSFJ4b27m7zwwTm1zbrT_-tgdNIxCWB?purpose=fullsize
https://images.openai.com/static-rsc-4/7vnN0OJpIS9l-FBsKN8HKjufr7F45BpDggIuhAUoqXCyKogTlmAR-9LNMOI3gDE77iBQwkNFib7v8sreSvbbFrP_n6iw96agBzESsGgPKXxJm0dnekTRr3_mHtWVxKxhMKnfUEiuYl6JD1tihwCzgKpmuuyzwOpCB4iCg5o0pPGxd21N-M16yI9URMaZ3t0t?purpose=fullsize

6

1. User/API requests VM creation

2. Keystone authenticates request

3. Nova scheduler selects compute node

4. Glance provides VM image

5. Neutron creates networking

6. Cinder attaches persistent volume

7. nova-compute launches VM via KVM

8. Metadata service provides cloud-init data

9. VM becomes active

Typical Enterprise Stack

Common Production Architecture

LayerTypical Technology
HypervisorKVM
NetworkingOVN + OVS
StorageCeph
Container PlatformKubernetes
IaCTerraform + Ansible
MonitoringPrometheus + Grafana
LoggingELK/OpenSearch
IdentityLDAP/AD
HAPacemaker/Galera

OpenStack + Kubernetes Relationship

Modern OpenStack is increasingly a Kubernetes infrastructure provider.

Common model:

OpenStack = Infrastructure Layer
Kubernetes = Application Platform Layer

OpenStack Provides

  • VMs
  • Networking
  • Storage
  • Bare metal
  • Multi-tenancy

Kubernetes Provides

  • Container orchestration
  • CI/CD deployment targets
  • Microservices platform
  • Autoscaling apps

Real-World Deployment Patterns

IndustryUsage
TelcosNFV / 5G
BanksPrivate cloud
GovernmentsSovereign cloud
HPCGPU clusters
SaaS providersMulti-tenant IaaS
EnterprisesVMware replacement

Biggest Operational Challenges

AreaChallenge
NetworkingSDN complexity
UpgradesMulti-service coordination
ScalingDB/message queue bottlenecks
StorageCeph operational expertise
TroubleshootingDistributed systems debugging
HACluster coordination

Why OpenStack Remains Important

Despite public cloud dominance, OpenStack is still heavily used because it provides:

  • Full infrastructure control
  • Data sovereignty
  • No hyperscaler lock-in
  • API-driven private cloud
  • Massive scale capability
  • Integration with Kubernetes and bare metal

It effectively brings AWS-like infrastructure patterns into private data centers.