OpenStack Cloud Application Development

Name: OpenStack Cloud Application Development
Brand: Wrox
Price: 30.99 EUR
Availability: OnlineOnly

Scott Adkins John Belamaric Vincent Giersch Denys Makogon Jason E. Robinson(Autor*in)

Wrox (Verlag)

Erschienen am 17. November 2015

168 Seiten

E-Book

ePUB mit Adobe-DRM

Systemvoraussetzungen

978-1-119-19434-7 (ISBN)

30,99 €inkl. 7% MwSt.

Systemvoraussetzungen

für ePUB mit Adobe-DRM

E-Book Einzellizenz

Als Download verfügbar

Beschreibung

Alles über E-Books | Antworten auf Fragen rund um E-Books, Kopierschutz und Dateiformate finden Sie in unserem Info- & Hilfebereich.

Alles über E-Books, Kopierschutz & Dateiformate finden Sie in unserem Info- & Hilfebereich.

Leverage the power of OpenStack to develop scalable applications with no vendor lock-in OpenStack Cloud Application Development is a fast-paced, professional book for OpenStack developers, delivering comprehensive guidance without wasting time on development fundamentals. Written by experts in the OpenStack community from Infoblox, Gigaspaces, GoDaddy, and Comcast, this book shows you how to work effectively and efficiently within the OpenStack platform to develop large, scalable applications without worrying about underlying hardware. Follow along with an OpenStack build that illustrates how and where each technology comes into play, as you learn expert tips and best practices that make your product stronger. Coverage includes OpenStack service primitives, networking within the OpenStack Ecosystem, deployment of Virtualized Network Functions for Enterprises, containers, data protection, and much more. If you need to get on board quickly, this professional book is your ideal roadmap to OpenStack development. * Understand all aspects of OpenStack technologies * Follow an example build to drill down into critical elements * Learn the OpenStack best practices and insider tips * Leverage the full capability of IaaS at a professional pace OpenStack is supported by dozens of major technology companies, compatible with Amazon Web Services, and can be used alongside or on top of VMWare vSphere and other similar technologies. It frees developers from the confines of hardware and vendor lock-in while providing a reliable, fast, and easy platform for developing scalable cloud applications. OpenStack Cloud Application Development is an expert-led guide to getting the most out of OpenStack, designed specifically for the professional developer.

Weitere Details

Weitere Ausgaben

Personen

Inhalt

INTRODUCTION xi PART I: OPENSTACK OVERVIEW CHAPTER 1: INTRODUCING OPENSTACK 3 What Is Cloud Computing? 3 Why Should I Care? 6 Understanding the Architecture 13 Summary 18 CHAPTER 2: UNDERSTANDING THE OPENSTACK ECOSYSTEM: CORE PROJECTS 19 Identity 20 Compute 24 Storage 28 Imaging 34 Dashboard 37 Networking 38 Bringing It All Together 45 Summary 48 CHAPTER 3: UNDERSTANDING THE OPENSTACK ECOSYSTEM: ADDITIONAL PROJECTS 49 OpenStack Heat 50 OpenStack Database as a Service: Trove 54 Designate: DNS as a Service 62 Magnum 67 Murano: Application as a Service 70 Ceilometer: Telemetry as a Service 75 Summary 76 PART II: DEVELOPING AND DEPLOYING APPLICATIONS WITH OPENSTACK CHAPTER 4: APPLICATION DEVELOPMENT 79 Converting a Legacy App to an OpenStack App 79 Building Apps from Scratch 83 OpenStack App Description and Deployment Strategies 87 Summary 92 CHAPTER 5: IMPROVING ON THE APPLICATION 93 Failure Scenarios 94 Hostname and IP Addressing 99 Scaling 103 Improving Our Application 111 Summary 119 CHAPTER 6: DEPLOYING THE APPLICATION 121 Bare Metal, Virtual Machines, and Containers 122 Orchestration and Configuration Management 127 Monitoring and Metering 136 Elasticity 137 Updating and Patching 147 Summary 149 Book Wrap Up 149 INDEX 151

2
Understanding the OpenStack Ecosystem: Core Projects

WHAT'S IN THIS CHAPTER?

How the different OpenStack components work together and how authentication works within the infrastructure
A look at how a compute instance is composed and the different hypervisors supported in OpenStack
How data is stored in the infrastructure and understanding the differences between Block Storage and Object Storage
How instance templates and snapshots are created and where they are stored
The different ways to manage your OpenStack resources: GUI versus CLI versus APIs
How the network is designed in OpenStack and the different network components available and exposed through the APIs

At this point, you have an understanding of why cloud computing is important to application developers, and a general overview of OpenStack. In this chapter, you will learn the core services in more detail. These are the services most critical to running an application-compute, network, and storage. You will also learn about the management services to make those possible, such as the identity service, which allows you to authenticate in order to create your applications.

Sometimes, it may seem that the descriptions in this chapter go into more detail than you need to run an application. However, you can think of these features as tools and building blocks. You need to have a solid understanding of what is possible, so you can see new ways to build flexible, scalable, and robust applications (see Figure 2.1).

Figure 2.1

IDENTITY

The identity service within OpenStack, named Keystone, is responsible for authentication, authorization and accounting (AAA) and currently implements and provides the OpenStack Identity API.

The main goal of this identity service is to process and validate authentication and authorization requests, then return an "authentication token," which is used to authenticate the user against the APIs and can be used to contact the other services of an OpenStack infrastructure. These services can be discovered using the catalog returned in the authentication response (detailed later in this chapter).

Keystone currently implements two versions of the Identity API (v2, v3). The second version has been used for years and is still mainly used today in the different libraries and clients supporting OpenStack. The third version is quite recent and provides a more pluggable and flexible design, allowing using multiple authentication mechanisms (the original "password" method, but moreover well-known and used mechanisms, such as OAuth or SAML2), and the ability to combine these methods in a single request.

This last Identity API has a multi-tenant design and has simple resources:

Region: an OpenStack infrastructure that optionally may have sub-regions
Service with Endpoints: an OpenStack registered service in Keystone that can have zero, one, or multiple endpoints to reach this one (e.g. public, internal, admin)
Domain: a container for the users, groups, and projects
Project (known as "Tenant" in the second version of the API): owning a set of OpenStack resources
User: a single API consumer, which should have really restricted authorizations in your application
Group: a collection of different users of the same domain
Role: an authorization that a user or a group of users can obtain on a project or a domain

All of these resources can be managed using the Identity Admin API, which is available as a create, read, update, and delete (CRUD) RESTful API.

Using Tokens and Re-Authentication

The authentication against the different OpenStack services is based on tokens provided by the identity service (Keystone) or configured in the service itself (e.g. admin tokens).

A token provided by an identity service is an arbitrary string that contains the User identity and optionally an authorization called scope. The authorization attached to this token grants access to a Project or a Domain, allowing you to access Project or Domain-related resources.

You can easily create a token using the Identity API with the method POST /auth/tokens with a user identity and the wanted scope:

{ "auth": { "identity": { ... }, "scope": { ... } } }

Token Identities

When requesting a new token, the identity parameter will contain the used authentication mechanisms. Here is an example using password. The unique identifier of the user is used here, however it is possible to use the username if the domain is explicitly specified.

{     "auth": {         "identity": {             "methods": [                 "password"             ],             "password": {                 "user": {                     "id": "042042",                     "password": "secret-password"                 }             }         }     } }

Scoped and Non-Scoped Tokens

If specified in the request, the authorization scope must contain the project identifier or the domain identifier.

{     "auth": {         "scope": {             "project": {                 "id": "123456"             }         }     } }

If a scope has been provided in the token creation request, the Identity API will return a catalog containing the different OpenStack services that can be used by the user with the token and the roles granted to this user.

X-Subject-Token: ff00ff84 {     "token": {         "catalog": [             {                 "endpoints": [                     {                         "id": "c3ac301342a381b895743659d0956de1",                         "interface": "public",                         "region": "RegionOne",                         "url": "http://my.identity.service:5000"                     }                 ],                 "id": "...

Inhalt (EPUB)