OpenStack Interview Questions DevOps

Keystone: Provides authorization and authentication for users

• Glance: Manages images in different formats
• Cinder: Provides persistent block storage
• Neutron: Enables users to create and attach interfaces to networks
• Nova: Provides instances on user’s demand
• Swift: Storage platform integrated directly into applications
• Ceilometer: Openstack for billing
• Heat: Allows automated infrastructure deployment

Tenant - Refers to a group of Users.

Role - Authorization level of the user as to what exactly the user can do.

Various Hypervisors supported by OpenStack are

• KVM
• VMware vSphere
• LXC: Linux Containers
• Xen and HyperV

• Leverages commodity hardware
• HDD/node failure agnostic
• Multi-dimensional scalability
• Account/container/object structure
• Built-in replication
• Easily add capacity
• No central database required

OpenStack provides two classes of block storage,

• Ephemeral Storage:  It is associated with a single unique instance and once the instance is terminated data in the ephemeral storage is lost .
• Volume Storage:  Offers persistent storage and not associated with a single instance .  
• Object Storage : Used to access binary objects through the REST API.
• Shared File System storage: Used for sharing files with multiple users at once .

The basic functions of Identity Service is

• User Management:  It tracks the users and their permissions
• Service Catalog: It provides a catalog of available services with their API endpoints

• Users: Person, service or system who uses OpenStack cloud services
• Tenants: A container used to group or isolate resource or identity objects.  Depending on service operator a tenant may be customer, account, organization or project
• Roles:  A role includes a set of rights and privileges.  A role determines what operations a user is permitted to perform in a given tenant

The networking options used in OpenStack are

• Flat Network Manager: IP addresses are fetched from the subnet, and then injected into the image on launch
• Flat DHCP Network Manager: IP addresses are fetched from the subnet specified by the network administrator
• VLAN Network Manager: Compute creates a VLAN and bridge.  DHCP server is started for each VLAN to pass out IP addresses to VM instances.

It is the OpenStack Block storage device for providing volumes to Nova Virtual Machines and Ironic Bare Metal Hosts etc..

 Cinder Features:

• Component Based Architecture
• Highly Available
• Uses Open Standards
• Fault-tolerant and Recoverable

• OpenStack Object Storage
• Filesystem
• S3
• HTTP
• GridFS

It enables to scale an OpenStack Compute cloud in a more simplistic way where the hosts in an OpenStack Compute cloud are partitioned into group called cells. This supports very large deployment .nova-cells service handles communication between cells.

In OpenStack, networking is done in following ways

• Networks
• Routers
• Subnets
• Ports
• Vendor Plugins

Volume transfer from one owner to another- cinder transfer*.

Managing floating IP addresses - nova floating-ip-*

Bare-metal driver for OpenStack Compute manages provisioning of physical hardware by using common cloud APIs and tools. This is primarily used for  single tenant clouds such as a high-performance computing cluster.

The following commands can be used to manage bare-metal nodes.

• baremetal-interface-add

Adds a network interface to a bare-metal node.

• baremetal-interface-list

Lists network interfaces associated with a bare-metal node.

• baremetal-interface-remove

Removes a network interface from a bare-metal node.

• baremetal-node-create

Creates a bare-metal node.

• baremetal-node-delete

Removes a bare-metal node and any associated interfaces.

• baremetal-node-list

Lists available bare-metal nodes.

• baremetal-node-show

Shows information about a bare-metal node.

• Bare metal node Orchestrator: Management software which acts as a dispatcher to all nodes in the cluster.
• Bare metal node Operating System: Base software which runs on each node in the cluster.

Flavors defines the available hardware (compute , memory and storage capacity ) configuration of a nova compute instance . It also defines the size of a virtual server which could be launched.

Below is an example of a flavor which is used for setting network traffic bandwidth limit :

$ openstack flavor set FLAVOR-NAME \
   --property quota:vif_outbound_average=32768 \
   --property quota:vif_inbound_average=32768 \

Nova is the OpenStack project which is used to provision compute instances . Nova supports creating virtual machines, baremetal servers and system containers. It runs as a set of daemons on top of existing Linux servers to provide that service.

It requires the below additional OpenStack services for basic functioning:

• Keystone: Provides Identity and Authentication for all OpenStack services.
• Glance: Provides the compute image repository from which all the compute instances are launched.
• Neutron: Responsible for provisioning virtual or physical networks that compute instances connect to on boot.

Tools for using Nova:

• Horizon: Web UI for the OpenStack Project.
• OpenStack Client: CLI for OpenStack Projects. It includes nova and most of the project commands in OpenStack.
• Nova Client: Nova Client is used for some very advanced features

Alarms provides user-oriented Monitoring-as-a-Service for general purpose awareness of the resources running on OpenStack. Alarms also helps to automatically scale in or out a group of instances through the Orchestration module.

There are 3 Alarm States: Ok, Alarm and Insufficient Data

• Ok: Rule which has been evaluated as False
• alarm: Rule which has been evaluated as True.
• insufficient data: Not enough datapoints available to determine the alarm state.

Following order should be followed to restart the nova services on Openstack controller node,

service nova-api restart

service nova-cert restart

service nova-conductor restart

service nova-consoleauth restart

service nova-scheduler restart

Quotas are used for preventing system resources from being exhausted. They are used to set Operational limits. Quotas can be managed using Dashboards and CLI for OpenStack Compute /Block /Networking service.

Secret Management is a set of technologies which are used to protect key materials within a software system. It involves deployment of Hardware Security Modules which are physically hardened against tampering. Recommended method to securerly store and manage secrets is by using Barbican.

The OpenStack Orchestration service is a tool for orchestrating clouds, automatically configuring and deploying resources in stacks. These deployments are simple and are defined with templates. Templates describe tasks in terms of resources, parameters, inputs, constraints, and dependencies. It also runs Heat Orchestration Template (HOT) templates that are written in YAML. Orchestration service can be accessed through a CLI and RESTful queries and provides both an OpenStack-native REST API and a CloudFormation-compatible Query API. The Orchestration service is also integrated with the OpenStack dashboard to perform stack functions through a web interface.

OpenStack Python SDK is used for writing and managing python scripts in OpenStack cloud.It implements Python bindings to OpenStack API , which enables to perform automation tasks . All OpenStack command lines are implemented using Python SDK.

Keystone is one of the widely used  Identity Service in OpenStack and executes the complete OpenStack Identity API. It is responsible for user management and service catalog which  tracks users and their permissions while Service Catalog offers a list of services available with their API.