6:21 p.m.
On lip 21, Damiano Venturin wrote:
I think there are 9 components in OpenStack. Some are optional. Am I
wrong if I visualize them as "containers with a special task" next to
any "normal vms" I might add?
Not really. In the final environment, your virtual machines deployed in
OpenStack don't see the underlying components directly - you just get
a virtual machine with a network interface connected to a gateway and some
storage space. Your VM does not are where its disk space is stored, where the
network gateway resides, how the network interfaces are connected, etc.
OpenStack manages the whole machinery underneath, which can be one physical
host or a hundred commodity PCs in a cluster.
Lets take an example: say I want to run a simple webserver serving
static websites inside openstack.
I might have a debian vm running Nginx which uses the Storage openstack
component as webroot. The real storage is defined and managed by
openstack outside of the vm. Close?
No. Your VM will just see "a bunch of block storage" which you will partition
into filesystems and mount at specific filesystem directory. Nginx sees normal
files, it doesn't care what is underneath. Your VM will not have direct access
to the OpenStack components at all.
If it's like that, what would be a use case for the Nova
component?
Nova is the hypervisor management service in OpenStack. It manages the
creation and lifecycle of virtual machines and/or containers on the hosts,
usually using KVM hypervisor underneath. If you used virtual machines before,
for example with VirtualBox, you probably had to start a VM manually to bring
it up. In OpenStack you use the Horizon web server to tell Nova that you want
a VM started, and Nova finds an available hypervisor host with enough
resources to run it and starts the VM there.
I've looked at the OVH Public Openstack page: wow!! I've lost
my socks.
I can't even understand what I need.
It's not a question of what you need... What you actually want to do? If it's
just a simple website, you don't need to play with all that OpenStack
ecosystem - a normal virtual machine with nginx, mariadb database and SSH
access should be enough. OpenStack gets interesting in cases where you want to
deploy multiple applications with total separation of their environments, or
provide hosting services to multiple third-party tenants which might not even
know about each other.
I'll ask in Enough forum but iyo what would be the monthly cost
of the
simplest OVH stack, roughly?
Are we talking a data center scale? A quick Google search gave me this
article[1] which talks about costs of operating a data center, might be of
some use for you. At my workplace I handle the IT side of things, I'm not
really sure about our costs, but I can ask for some details.
[1]: https://perspectives.mvdirona.com/2010/09/overall-data-center-costs/
Another matter here is: how much the OVH infrastructure can be
considered "3 letters agencies"-resistant (both legally and technically) ?
For delicate matters, one can't rely on 3rd party vps because it's too
easy to dump its ram and this makes LUKS useless. Running bare-metal
gives a bit more protection or at least some heads-up and control. Where
is OVH standing in this regard?
Each time we talk about security you need to consider the attack vector. If
your adversary is "3 letter agencies" then we are talking government level
attacks which OVH or any other provider will not protect you against - they
will be compelled by the law enforcement to give up your hardware, nothing
they can do about it. In such case you need to start from scratch with your
own building, security personnel, access to energy and cooling... Hypervisor
management comes much, much later.
> I don’t think it was chosed for the OpenStack, I belive they
chose it and
> just build/used the OpenStack credentials to fast track the VM
> creation/etc.
Why that? do you think it's faster/easier to deploy vms on openstack?
The answer is much simplier - that's what the VPS provider "provided" to
them
to manage their servers. This gives an inherent bias to the tools you build to
manage your infrastructure - they have to work with whatever is available.
Cheers,
Maciej