OpenStack Shared Services

OpenStack has several shared services that span the three pillars of compute, storage and networking, making it easier to implement and operate your cloud. These services—including identity, image management and a web interface—integrate the OpenStack components with each other as well as external systems to provide a unified experience for users as they interact with different cloud resources.

Identity Service

OpenStack Identity provides a central directory of users mapped to the OpenStack services they can access. It acts as a common authentication system across the cloud operating system and can integrate with existing backend directory services like LDAP. It supports multiple forms of authentication including standard username and password credentials, token-based systems and AWS-style logins.

Additionally, the catalog provides a queryable list of all of the services deployed in an OpenStack cloud in a single registry. Users and third-party tools can programmatically determine which resources they can access.

As an administrator, OpenStack Identity enables you to:

• Configure centralized policies across users and systems
• Create users and tenants and define permissions for compute, storage and networking resources using role-based access control (RBAC) features
• Integrate with an existing directory like LDAP, allowing for a single source of identity authentication across the enterprise

As a user, OpenStack Identity enables you to:

• Get a list of the services that you can access
• Make API requests or log into the web dashboard to create resources owned by your account

Image Service

The OpenStack Image Service provides discovery, registration and delivery services for disk and server images. The ability to copy or snapshot a server image and immediately store it away is a powerful capability of the OpenStack cloud operating system. Stored images can be used as a template to get new servers up and running quickly—and more consistently if you are provisioning multiple servers—than installing a server operating system and individually configuring additional services. It can also be used to store and catalog an umlimited number of backups.

The Image Service can store disk and server images in a variety of back-ends, including OpenStack Object Storage.  The Image Service API provides a standard REST interface for querying information about disk images and lets clients stream the images to new servers.

Capabilities of the Image Service include:

• Administrators can create base templates from which their users can start new compute instances
• Users can choose from available images, or create their own from existing servers
• Snapshots can also be stored in the Image Service so that virtual machines can be backed up quickly

A multi-format image registry, the image service allows uploads of private and public images in a variety of formats, including:

• Raw
• Machine (kernel/ramdisk outside of image, a.k.a. AMI)
• VHD (Hyper-V)
• VDI (VirtualBox)
• qcow2 (Qemu/KVM)
• VMDK (VMWare)
• OVF (VMWare, others)