Refcard #208

Getting Started With OpenStack

The Most Popular Open-Source IaaS

Introduces OpenStack, an open source IaaS platform used to manage large pools of compute, storage, and networking resources in a data center.

Free .PDF for easy Reference

Written by

Akshai Parthasarathy Technical Product Marketing Manager, Platform9
Sriram Subramanian Founder/CEO, CloudDon
Refcard #208

Getting Started With OpenStack

The Most Popular Open-Source IaaS

Introduces OpenStack, an open source IaaS platform used to manage large pools of compute, storage, and networking resources in a data center.

Free .PDF for easy Reference

Written by

Akshai Parthasarathy Technical Product Marketing Manager, Platform9
Sriram Subramanian Founder/CEO, CloudDon
Table of Contents


About OpenStack

Component Overview

Quick Start Commands

Neutron Commands (Networking)

OpenStack Use Cases

Deployment Models

Section 1


History and Vision

OpenStack is the leading private cloud solution today, with support for numerous infrastructure vendors, multiple distributions, and choice of deployment models, including managed OpenStack, meet your needs. What’s interesting about this mature project is that the code base is completely open source, which means that more developers and operators are continuously examining, optimizing, and fixing software issues beyond what’s available in a traditional software development and support model. Companies actively involved with OpenStack include Platform9, Intel, RackSpace, IBM, and many others.

OpenStack was founded by joint efforts from Rackspace and NASA in 2010. Since its inception, it has grown to support customers such as Walmart, eBay, and Comcast, and has received code contributions from various technology corporations and academic institutions, including Intel and MIT.

OpenStack is one of the fastest growing open source communities in the world, with more than 12,000 member companies and 53,000 individual contributors. It is governed by the OpenStack Foundation, which promotes the development, distribution, and adoption of OpenStack. According to 451 Research, OpenStack-based market revenue was $1.7B in 2016, and expected to reach $2.4B in 2017 and $3.3B by 2018.

Figure 1: Annual/Expected OpenStack Revenue (Source: 451 OpenStack Pulse 2016)

Adoption Trends

According to another survey commissioned by Suse and conducted by dynamic markets, 96% of businesses are able to identify that there are business advantages of adopting an open source private cloud. Specifically, adopters identify cost, operational efficiency, standardization on open platforms, and no vendor lock-in as their top driving factors for choosing OpenStack. The last factor deserves further elaboration: OpenStack offers a choice of hypervisors that include KVM and VMware ESX, networking options from open source technologies, Cisco, Juniper, VMware, and others, and storage options from NetApp, EMC, Dell, etc. As shown below, OpenStack is used by organizations of all sizes to realize these and other benefits.

Figure 2: Organization Size Among OpenStack Adopters (OpenStack User Survey, April 2016)

As you may expect, organizations also run different types of workloads on OpenStack clouds such as software development and testing, Continuous Integration and Delivery, infrastructure services, and web services. 21% of OpenStack adopters also report that they are deploying an increasing number of enterprise applications.

Figure 3:  Workloads Deployed On OpenStack Clouds (OpenStack User Survey, April 2016)

Section 2

About OpenStack

Software & Projects

The OpenStack platform is a collection of several projects that work together to provide capabilities to manage compute (Nova), storage (Cinder), and networking (Neutron) resources in on-premise data centers. It also provides an extensive set of APIs and a centralized dashboard (Horizon) to manage cloud resources. OpenStack is designed to run on commodity hardware. For customers who want to use specific enterprise-grade hardware, special drivers are available from vendors such as Cisco, Juniper, IBM, and Dell EMC, among others.

Figure 4: OpenStack Software

OpenStack follows a bi-annual development and release cycle, offering one release in late spring and a second in late fall. Each release spans projects that include not only compute, networking, and storage, but also automation/orchestration (Heat), big data/Hadoop (Sahara), container orchestration management (Magnum) and other capabilities.

Please refer to GitHub for details on the code contributions. For example, open source code for the compute project is available at openstack/nova and block storage project is available at openstack/cinder.


As mentioned previously, OpenStack is a collection of modular projects that include compute, storage, networking, image catalog, and many others. As shown below, each of the processes within a service communicate with each other using a queue (messaging bus) such as RabbitMQ. Each service also exposes an API endpoint that is used to receive requests and communicate with other services. For example, the Cinder service (block storage) exposes an API endpoint for communication with the Nova service (compute service).

Figure 5: OpenStack Services And Processes (Source: docs.openstack.org)

Although OpenStack code is available for free, deploying it can be complicated for those who pursue a do-it-yourself model due to the interdependent nature of its various services. As a result, a number of different deployment methods have emerged: third-party distributions, hosted private clouds, private cloud-in-a-box solutions, and SaaS Managed OpenStack.

REST API, CLI, Horizon

Services in OpenStack use REST APIs to receive requests from clients and pass them on to other services to perform actions, without maintaining any state information. Let us consider a scenario in which you request a new block storage volume. The cinder-api process will receive the request for a new storage volume, and then forward it to the cinder-scheduler and cinder-volume processes using a messaging bus/queue. Other components of OpenStack such as compute (Nova) and image (Glance) have analogous services: nova-api and glance-api.

From the perspective of an operator, the REST API is used for command line interface (CLI) and dashboard commands. The command below shows the user creating a new Cinder volume using the “cinder create” command and its corresponding REST API request.

(openstack) workstation:localdir p9user$ cinder --debug create --name pf9-1G 1

DEBUG:keystoneauth:REQ: curl -g -i -X POST https://p9user.p9.net/cinder/v2/f175f441ebbb4c2b8fedf6469d6415fc/volumes -H "User-Agent: python-cinderclient" -H "Content-Type: application/json" -H "Accept: application/json" -H "X-Auth-Token: {SHA1}token" -d '{"volume": {"status": "creating", "user_id": null, "name": "pf9-1G", "imageRef": null, "availability_zone": null, "description": null, "multiattach": false, "attach_status": "detached", "volume_type": null, "metadata": {}, "consistencygroup_id": null, "source_volid": null, "snapshot_id": null, "project_id": null, "source_replica": null, "size": 1}}'

As can be seen from the snippet above, the “cinder create” command was issued via the command line to create a 1GB volume with the name “pf9-1G.”

Section 3

Component Overview

There are many modular OpenStack services, all distributed under the open source Apache License.


OpenStack Compute Service (Nova) provides the provisioning, deletion, and management of instances. It supports multiple hypervisors including KVM, VMware ESXi, and others.


OpenStack storage services provide support for block storage, object storage, and file-share storage. Block storage provides virtual storage for instances, while object storage supports scale-out, distributed non-structured data.

OpenStack Block Storage (Cinder) provides for the creation, attachment, and detachment of block devices to virtual servers. It is fully integrated with OpenStack Compute, can be managed from the Dashboard, and supports integration with enterprise storage platforms such as Dell EMC, HPE, and NetApp through specific drivers. It also provides support for volume snapshots.

OpenStack Object Storage (Swift) provides cost-effective, API-accessible, distributed, redundant, scale-out storage ideal for backup, archiving, and data retention purposes. It is an excellent platform for storing images, videos, virtual machine images, and archives.


OpenStack Networking Service (Neutron) provides a pluggable API-driven platform for managing networks and IP addresses. It supports multiple network models (Flat, VLAN, and VXLAN), static IPs, and DHCP. It can also leverage advanced networking capabilities by taking advantage of SDN platforms such as OpenFlow.

Shared Services

Apart from the three basic building blocks of compute, storage, and networking, OpenStack has several services that integrate these components with each other, as well as external systems to provide a unified experience for the users.


OpenStack Identity Service (Keystone) provides identity and authentication capabilities. It provides a central directory of users, mapping them to the services they can access. It can also integrate with existing backend directory services such as LDAP.


OpenStack Image Service (Glance) provides API-accessible discovery, registration, and delivery services for disk and server images. The image service can store images in a variety of backends, including OpenStack’s object store, Swift. The OpenStack Image Service accommodates multiple image formats, including Raw, VHD, VMDK, and VDI.


OpenStack Telemetry Service (Ceilometer) aggregates usage and performance data and enables alarm capabilities across OpenStack services.


OpenStack Orchestration service (Heat) provides automated, template-based infrastructure deployment capabilities. Along with the Telemetry service, it can provide auto-scaling capabilities to select features.


OpenStack Database service (Trove) provides Database-as-a- Service (DBaaS) capability on OpenStack cloud infrastructure.


OpenStack Dashboard service (Horizon) provides centralized graphical user interface to access, provision, and manage cloud resources. Third-party services such as billing and monitoring can be easily integrated with OpenStack Dashboard. OpenStack services can also be accessed through APIs.

Data Processing

OpenStack Big Data Processing service (Sahara) provides a scalable data processing stack and associated management interfaces.

Other Projects

OpenStack has more services that can optionally integrate with other OpenStack services. Some of these projects include Application Catalog(Murano), Bare Metal Service (Ironic), Container Orchestration Provisioning Service (Magnum), Shared Filesystems (Manila).

Section 4

Quick Start Commands

In addition to the Dashboard (Horizon), OpenStack provides a command line interface (CLI) for querying, updating, creating and deleting resources, and performing other actions. The CLI can be installed by the following command on your laptop/client machine:

$ pip install python-openstackclient

For a complete set of instructions on installing the client, please consult OpenStack Documentation. In order to use the CLI, it is necessary to authenticate the user with appropriate credentials using a file that can be “sourced.” An example of an openrc file, and sourcing of environment variables in this file, is shown below.

$ cat openrc

export OS_USERNAME=osuser
export OS_TENANT_NAME=engineering
export OS_PASSWORD=<enter password>
export OS_AUTH_URL=https://<openstack-auth-url>/keystone/v2.0
export OS_REGION_NAME=us-east-1

$ source openrc

In the CLI commands shown in the following section, both the legacy and new versions are provided. The new, unified OpenStack client provides commands that are easier to use.

Key Management

Create and Upload SSH Key

In order to create servers (Nova instances) in the OpenStack cloud, it is necessary to add a public key and create an image. SSH keys can be created using the following command:

Create Key Pair

$ ssh-keygen -t rsa

Upload the Public Key

Using the information from the previous command, the public key can be located on the system and uploaded onto OpenStack:

$ nova keypair-add --public-key ~/.ssh/id_rsa.pub <keypair_name> (legacy CLI)
- or -
$ openstack keypair create --public-key ~/.ssh/id_rsa.pub <keypair_name> (new Unified OpenStack CLI)

Create an image

The following command creates a Glance image:

$ glance image-create --name <image_name> --disk-format <disk_format> --container-format bare --file <image_file>
- or -
$ openstack image create --container-format bare --disk-format <disk_format> --file <image_file> <image_name>

There are a number of different image formats supported, including qcow2, vhd, vmdk, ami, raw, and others.

Launch Instance

With a public key and image added to OpenStack, an instance can now be launched.

Launch Instance

$ nova boot --image <image_name> --flavor <flavor_name> --nic net-id=<network_id> --key-name <keypair_name> <server_name>
- or -
$ openstack server create --flavor <flavor_name>  --nic net-id=<network_id> --key-name <keypair_name> <server_name>

In the command above, a flavor provides the appropriate resources that must be provisioned for a server or instance. Examples of flavors include m1.small, m1.medium, and m1.large. New flavors can also be created.

Other Nova Commands (Compute/Server/Instance)

To discover available flavors, use the following command:

$ nova flavor-list
- or -
$ openstack flavor list

To list Nova instances:

To shutdown, reboot, and reimage an instance:

$ nova list
- or -
$ openstack server list

To display logs from an instance:

$ nova rebuild <server> <image>
- or -
$ openstack server rebuild --image <image_name> <server_name> 

Other Glance Commands (Image Catalog)

To create an image of a running instance:

Server images allow creating pre-configured images for reuse at a later time. They can be used to launch new server instances, and will show up when listing images.

$ nova image-create <nova_instance_name> <image_name>
- or -
$ openstack server image create <nova_instance_name> <image_name> 

To discover available images:

$ glance image-list
- or -
$ openstack image list

To delete a Glance image:

$ glance image-delete <image_name>
- or -
$ openstack image delete <image_name>
Section 5

Neutron Commands (Networking)

In order to view available Neutron networks, which can be provisioned on Flat, VLAN, or VXLAN environments, run the following command:

$ neutron network-list
- or -
$ openstack network list

To create a new network named “devops_network”:

$ neutron net-create devops_network
- or -
$ openstack network create devops_network

To create a subnet — “devops_subnet” — within “devops_network”:

$ neutron subnet-create --gateway devops_network
- or -
$ openstack subnet create --gateway --network devops_network --subnet-range devops_subnet

In the above command, the gateway IP address, network name for the network previously created, and the CIDR for the subnet are provided. The command provides a number of other options, which can be viewed by running “openstack subnet create.”

To work with floating IP addresses:

Floating IPs enable external connectivity for Nova instances (similar to AWS elastic IP addresses). To discover the available floating IP addresses:

$ neutron floatingip-list
- or -
$ openstack floating ip list

To create a new floating IP address:

$  neutron floatingip-create <floating ip network>
- or -
$ openstack floating ip create <floating IP network>

To associate Floating IP to a Nova instance:

$  nova floating-ip-associate <instance> <floating_ip>
- or -
$ openstack server floating ip add <instance> floating_ip>

Security Groups

Security groups for a Nova instance allow rules to be applied on ingress or egress network traffic. The following command creates a security group named ssh_secgroup:

$ neutron security-group-create ssh_secgroup
- or -
$ openstack security group create ssh_secgroup

To add a rule to a security group, run the command shown below. In this case, the security group opens port 22 for TCP traffic:

$ neutron security-group-rule-create --protocol tcp --direction ingress --port-range-min 22 --port-range-max 22 ssh_secgroup
- or -
$ openstack security group rule create --protocol tcp --ingress --protocol tcp --dst-port 22 ssh_secgroup

To apply a security group to a Nova instance/server:

$ nova add-secgroup <server> ssh_secgroup
- or -
$ openstack server add security group <server> ssh_secgroup

Cinder Commands (Block Storage)

Cinder provides a raw storage device that can be attached to one instance at a time, and will survive if the instance is terminated (persistent volume). Cinder volumes are often an interface to an existing SAN, allowing the use of an easy-to-use API to interact with them.

$  cinder create --name <name> <size_in_GB>
- or -
$ openstack volume create --size <size_in_GB> <volume_name>

To attach a Cinder volume to a Nova instance:

$ nova volume-attach <instance_name> <volume_name>
- or -
$ openstack server add volume <instance_name> <volume_name>

Swift Commands (Object Storage)

Create an Object Storage Container

In addition to block storage, OpenStack provides Object Storage, using Swift, for static files such as real-time media, software packages, and other use cases. The following commands will upload and download files from Swift:

$ swift upload <container_name> <local_file_name>
- or -
$ openstack object create <container_name> <local_file_name>

$ swift download <container_name> <object_name>
- or -
$ openstack object save <container_name> <object_name>

Keystone Commands (Identity and Access Control)

OpenStack uses Keystone for creating, deleting, and updating users, groups, and services. In order to create a new user, run the following command:

$  openstack user-create <name>

Users can be assigned different roles with different privileges. An administrator would be expected to have greater privileges than a self-service user. To create a new role:

$  openstack role-create <name>

A project or tenant is a subset of resources allocated to some users in the organization. For example, an organization deploying an OpenStack private cloud could have different projects such as “engineering,” “finance,” or “marketing,” each with allocated resources and distinct users. The following command creates a tenant:

$ openstack project-create <name>

To assign a user to a role:

$ openstack role add --user <user> --project <project> <role>

To delete a user, a project, and a role:

$ openstack user delete <user>
$ openstack project delete <project>
$ openstack role delete <role>

There are several types of quotas that can be set on a project. In order to set quotas:

$ openstack quota set --gigabytes <GB_of_storage> --ram <GB_of_ram> --cores <number_of_cores> --snapshots <number_of_snapshots> <project_name>

Quotas can reviewed using the following command:

$ openstack quota show <project>

In summary, the OpenStack CLI provides numerous commands across many services. One way to get things done is to search for the command needed using the “help” keyword with the legacy clients. With the Unified OpenStack Client, simply typing the first keyword will display a list of available commands. For example:

$ nova help
- or -
$ openstack server 
Section 6

OpenStack Use Cases

As the leading private cloud software, OpenStack has been used in the following ways:

Open Standards Implementations

With an open ecosystem, OpenStack allows for the integration of many infrastructure vendors, hypervisors, automation tools, distributions, and deployment models. Open standards provide flexibility: the use of multiple compute vendors, storage vendors, networking vendors, tools such as Puppet, Ansible, and Chef for automation, and other options. The level of flexibility with OpenStack is in sharp contrast to public cloud vendors, which provide a proprietary set of tools and APIs for your workloads.

Repatriate From Public Clouds

In certain cases, investing in public clouds can be expensive and organizations choose to repatriate some workloads on-premises. According to Forbes, public clouds provide a cost model that is not economical for long-term workloads and those with high network traffic. After costs spiralled to over $400,000 a month on a public cloud for PubMatic, a Platform9 customer, they decided to migrate to an OpenStack-based private cloud that provided them with a public cloud-like experience, but on their own on-premises infrastructure.

Legacy Applications

Public clouds reside in data centers which may be a hundred miles away from their users, and provide hardware that is often standardized on x86 architecture. Therefore, applications that cannot tolerate latency, integrate with old databases, or depend on specialized hardware cannot be migrated to the public cloud. These applications are, however, candidates to migrate to an OpenStack private cloud so that you can use a common management framework and make use of existing tooling and automation.

Sensitive Data

According to the OpenStack User Survey, over 40% of respondents felt that security and/or privacy was one of the top 5 priorities driving their private-cloud adoption. Sensitive data may include employee or company information that cannot reside outside the network perimeter due to risk or regulations.

Development Clouds

Companies such as Amazon and Netflix employ DevOps, which emphasizes collaboration and communication between developers and operators. OpenStack provides APIs that enable automation and integration to build software quickly and debug immediately using a process called Continuous Integration/Continuous Deployment. With OpenStack, organizations can create self service portals to provision virtual machines for development/test and production environments, application catalogs for development tools such as Jenkins and MySQL, and file-shares for Windows, Macintosh, and Linux environments.

Infrastructure Clouds

As a leading IaaS platform, OpenStack provides integrations with vendors such as Cisco, IBM, Dell EMC, HPE, and others. Using a shared codebase with vendor-specific drivers, OpenStack offers a seamless path for organizations to adopt a flexible infrastructure cloud without any vendor lock-in. Infrastructure deployers can connect with developers from vendors directly on IRC channels, and bugs can be filed through OpenStack LaunchPad. The Amobee Success Story details advantages to infrastructure clouds using managed OpenStack.

NFV (Network Functions Virtualization)

According to the OpenStack Foundation, a large majority of telecommunications providers worldwide, including AT&T, are embracing OpenStack’s ability to use commodity servers, storage, and networking to perform tasks of specialized equipment such as carrier grade network address translators, SGSN/GGSN, and Session Border Controllers. Standardizing on OpenStack and virtualization has reduced total cost of ownership (TCO) and time to market, and provided flexible and programmatic access to infrastructure for these telcos.

Hybrid Clouds

OpenStack is the solution of choice for private clouds. While there are organizations that deploy solely on-premises, many others want to use the public cloud for backup, disaster recovery, excess capacity during usage spikes (cloud bursting), or other purposes. For example, the Finance industry uses hybrid clouds: on-premises infrastructure for latency-sensitive trading transactions and public clouds for compute-intensive analytics workloads. By using a hybrid cloud model, these institutions can conserve real estate and reduce costs. Examples of hybrid cloud management platforms include Platform9, Scalr, RightScale, ZeroStack, and others.

Section 7

Deployment Models

On-Premises/Non-SaaS Distributions

The traditional model, an OpenStack distribution comes bundled with vendor supported deployment tools for installing OpenStack on premises. In this model, the IT staff is expected to architect, deploy, and maintain the distribution and its associated infrastructure. Opting-in for vendor support and services can involve additional expenses.

The biggest drawback of adopting an OpenStack distribution is the need for continuous maintenance of your deployed infrastructure on this fast-changing codebase, which refreshes every six months. In addition, as the IT team deploys in new services and workloads in new regions, it will also take on additional complexity.

Examples of Non-SaaS OpenStack Distributions:

Hosted Private Cloud

A hosted private cloud solution is analogous to hosted websites. In this model, the organization hands over the maintenance of OpenStack infrastructure to a hosting provider. While this model alleviates some of the drawbacks one encounters with a distribution-based solution which on-premises IT staff maintains, hosted private clouds imply that company data leaves the perimeter of the corporate network and resides in the datacenters of the hosting provider. Choosing a hosting provider will lock-in the private cloud to the hosted private cloud provider’s offerings.

Examples of OpenStack Hosted Private Cloud Solutions:

Private Cloud-In-A-Box (or Boxes)

OpenStack appliances provide the ability to use on-premises infrastructure for deploying private clouds. The advantage of this model is that one retains the infrastructure that is used to deploy OpenStack, thereby ensuring that data never leaves the network perimeter. However, licenses for these services can be expensive, and the organization will incur upfront investment for its OpenStack appliances. With these solutions, the organization can also be locked-in to recommended hardware. The latest OpenStack survey reflects the importance of flexibility in choosing hardware vendors, which would not be available in such cases:

Examples of Private Cloud in a Box:

SaaS Managed OpenStack (OpenStack-as-a-Service)

This model will allow the organization to deploy OpenStack while providing flexibility in the choice of its infrastructure within its data center. One can retain control of company data within the network perimeter while also deploying, maintaining, and upgrading OpenStack software. Upgrades performed here will not disrupt infrastructure that is already running in on-premises data centers.

Learn more about SaaS Managed OpenStack.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}