Brief Introductions to OpenStack Heat, Horizon, & Keystone
As an open source cloud computing platform, OpenStack has grown a lot since its inception in 2010. Over the years, the open source community has come together and produced many different tools that make various applications possible. Known as projects or services, these tools are significant in forming OpenStack clouds. In this post, let us get to know three of those services, Heat, Horizon, and Keystone, handling orchestration, dashboard, and identity, respectively.
Orchestration with OpenStack Heat
Heat was developed as a tool to tackle orchestration and as a method to automate certain cloud components like devices, instances, and storage. Heat’s orchestration engine allows users to launch multiple composite applications using text file templates. These templates can be treated as code and can be checked into version control. The templates also have the capability to describe certain pieces of infrastructure such as users, servers, volumes, and floating IPs and specify the relationship between different resources. The relationship identification capability enables Heat to employ APIs and create infrastructure with proper order.
Heat is also able to manage the whole lifecycle of the application. When the infrastructure changes, the user only has to modify the template accordingly and utilize it to update the existing stack. The Heat templates will also easily integrate with software configuration management tools such as Puppet. Heat also works with OpenStack-native ReST APIs and CloudFormation compatible Query API. All of these capabilities make Heat one of the most preferred orchestration solutions for cloud providers.
Dashboard with OpenStack Horizon
OpenStack created Horizon to deliver a web-based graphical user interface to its services. This interface is made so that it can be accessed and managed by both administrators and uses. There are three main dashboards in Horizon — for users, systems, and settings. Horizon also gives developers a consistent set of reusable practices through its API abstractions for core OpenStack projects. These abstractions erase the need for developers to be too familiar with the APIs of OpenStack projects.
Horizon is compatible with third-party applications. It offers a simple registration method for panels while each panel holds the basic logic for the interface. Such a breakdown also prevents files from being overburdened with thousands of lines of code and connects the code directly to navigation, where users can easily find them. Moreover, by supplying necessary core classes, consistency is maintained throughout the applications. These core classes allow users to build from a set of reusable templates and supplementary tools like views and forms. Horizon users can also implement user limitations for cloud resources, managed networks, launch VM instances, and also include additional functionalities within a dashboard by building applications that integrate with it.
Identity with OpenStack Keystone
OpenStack developed Keystone to offer all other OpenStack projects a common means of authentication, providing the policy, catalog, and token functions using APIs. Registration of tenants, registration, and authentication of users, granting authorization tokens, managing a digital catalog of service endpoints, and policy creation extending to all users and services are how these processes work. The above-mentioned catalog also provides a listing of available services, whereby users can deploy services such as performing operations or requesting services via network-accessible addresses.
Keystone can also validate the origin of incoming functional calls, as or whether it is coming from the intended user. This validation is done by a set of credential claim tests, meaning only users with the credentials such as username & password, hardware token, etc., will make the request. After the validation, users are provided with a token that confirms their identity and establishes the exact scope of resources applicable to the user. This token also has time validity and can be revoked if needed. Another major function of Keystone is that it works as an abstraction layer supplying plug-in interfaces. This allows organizations to leverage their authentication services in use or choose from the variety of authentication and identity management services available on the market.
— — — — -
VEXXHOST is a Canadian cloud computing provider offering OpenStack based cloud solutions to its customers. Certified in both Kubernetes and OpenStack, the company serves businesses, organizations, and governments and utilizes relevant OpenStack projects such as Heat, Keystone, and Horizon for cloud deployments. If you have any queries regarding cloud offerings, including private clouds, feel free to contact VEXXHOST.
