Introduction
Contextualisation
The process of passing custom paramters to a virtual machine when it is created. This is often done using the cloud-init package.
keypair
A secret key which is used to access private resources. This should be kept safe in a private directory with limited access and not shared.
flavor
The description of the (virtual!) hardware of size of a virtual machine such as 1 virtual CPU, 40 GB of disk space and 4 GB memory.
image
A reference copy of an operating system with optional additional software which can be used to create virtual machines. Typical examples would be a Linux Server or Windows 7 image.
Infrastructure-as-a-Service
is a way of delivering computing infrastructure – servers, storage, network and operating systems – as an on-demand service. Rather than purchasing servers, software, datacenter space or network equipment, clients instead obtain those resources as a fully outsourced service on demand
Quota
A maximum amount of resources such as cores, memory or disk which can be requested for a given project.
OpenStack
An open source cloud package used at CERN and many other organisations. See http://openstack.org for more details.
Swift
This OpenStack component is not installed at CERN but in other clouds, it stores and retrieves unstructured data objects through the HTTP based APIs. Further, it is also fault tolerant due to its data replication and scale out architecture.
Ironic
The OpenStack component managing bare-metal
Neutron
This OpenStack component manages OpenStack networking
Nova
OpenStack compute (codename: Nova) is the component which allows the user to create and manage virtual servers using the machine images. It is the brain of the Cloud. OpenStack compute provisions and manages large networks of virtual machines.
Cinder
This component provides persistent block storage to running instances. The flexible architecture makes creating and managing block storage devices very easy.
Keystone
This provides a central directory of users mapped to the OpenStack services. It is used to provide an authentication and authorization service for other OpenStack services.
Glance
This provides the discovery, registration and delivery services for the disk and server images. It stores and retrieves the virtual machine disk image.
Horizon
This component provides a web-based portal to interact with all the underlying OpenStack services, such as NOVA, Neutron, etc.
Heat
This component manages multiple Cloud applications through an OpenStack-native REST API and a CloudFormation-compatible Query API.
Magnum
This component manages containers using technologies such as Kubernetes and Docker Swarm. A user can ask for an instance of one of these for their container orchestration.
Barbican
This component manages secrets-as-a-service
Docker
Docker provides a framework for managing container application. Details at https://www.docker.com/
Swarm
An orchestration system from Docker which provides multiple machine container management compatible with Docker.
Kubernetes
Kubernetes provides a framework for managing container applications and their lifecycle. Details at http://kubernetes.io/
container
A container provides a packaged set of software in an isolated environment. It is used for application frameworks like Docker and Kubernetes.
Manila
The OpenStack fileshare as a service project
snapshot
A snapshot provides a copy of a currently running VM or volume which can be stored into an external service such as Glance.
Volume
Volumes are block storage devices that you attach to instances to enable persistent storage. You can attach a volume to a running instance or detach a volume and attach it to another instance at any time.
project
A project is a container used to group a set of resources such as virtual machines, volumes and images with the same access rights and quota.
personal project
An allocation created for any user who signs up for the OpenStack cloud. It is intended for use for testing rather than production services (where a shared project should be used)
shared project
A set of resources for a specific purpose such as a prodution service with a list of administrators who can manage the resources.
e-group
A list of users managed by the CERN e-groups application
unified client
The openstack command is referred to as the unified client since it managed multiple different components of OpenStack as opposed to the nova or cinder commands.
Puppet
A configuration management system used at CERN. Details can be found at http://cern.ch/configdocs
ephemeral
storage that defines a second disk as part of the virtual machine flavor
LanDB
CERN's network management system at http://cern.ch/network
firewall
A filter of incoming and outgoing communication to a virtual machine or a network.
X-Windows
A graphical interface for Unix and Linux systems
IPv6
is a new way of addressing machines which is more flexible than IPv4.
cloud-init
A method for contextualising a VM on first boot, such as installing software or configuring users.
openrc
The shell profile to set up environment variables for accessing OpenStack. This is often sourced from the command line tools.
EC2
The Elastic Compute protocol used by the Amazon public cloud which is partially emulated in OpenStack.
X.509
A security mechanism to identify users and hosts using certificates, such as used on the WLCG.
Kerberos
A security mechanism used to identify users such as used on the AFS file system and Active Directory.
virtual machine
A virtual computer which runs on a virtualisation layer so that multiple virtual computers can run on one physical one.
cloud
Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
lxplus
The CERN public login linux service. Up-to-date OpenStack clients are available on lxplus8. The lxplus cluster will not receive more updates.
RHEL
Red Hat Enterprise Linux is a commercial open-source Linux distribution developed by Red Hat for the commercial market.
AlmaLinux
An Open Source, community owned and governed, forever-free enterprise Linux distribution, focused on long-term stability, providing a robust production-grade platform. AlmaLinux OS is ABI compatible with RedHat Enterprise Linux. For more details, see https://almalinux.org/
Power Shell
Windows scripting tool
CMF
Computer Management Framework used by CERN for Windows PCs
NSC
A group of related Windows PCs managed by CMF
LVM
Linux Logical Volume Manager which is able to allocate logical disk space and resize partitions.
sysprep
A tool to clean images of their local identities such as hostnames. It is needed when creating images without history of how they were built.
CernVM
A microkernel image which uses CVMFS to store the application data. See http://cernvm.cern.ch/portal/openstack for more details.
watchdog
A procedure to restart virtual machines automatically if stuck
availability zone
A region of the computer centre which is distinct from another such that a failure in one availability zone is unlikely to affect another.
RDO
A Linux community distribution of OpenStack, for Alma and RedHat Enterprise Linux
rescue
Recovering a system which is not able to boot cleanly.
DNS
Domain Name Service, which maps from hostnames to TCP/IP addresses.
hypervisor
The computer which hosts a number of virtual machines.
tuned
A tool for automatically configuring Linux machines based on their roles.
rebuild
Return a virtual machine to its base configuration.
metadata
A set of key value pairs which can be associated with a VM, image, flavor or other objects.
ntp
The internet network time protocol used to synchronise machines with a good time reference such as the ip-time-1 server at CERN.
Knative
Knative provides three components for facilitating deployment of an app as a cloud function on Kubernetes: Serving, Eventing, and Build. It does so by extending the Kubernetes API with its own CRDs and corresponding custom controllers. As of July 2019, it depends on Istio.
Istio
An open source service mesh offering by Google, IBM, Lyft, and others. Used by Knative.
service mesh
A framework that facilitates various aspects of managing an app distributed over the network, such as: service discovery; inter-service communication; routing; circuit breaking; access control and authentication; and telemetry, logging, and metrics.
cloud function
A self-contained program that runs on a server only temporarily, in response to events. Typically, the function responds to events dispatched over HTTP by a pre-defined source (e.g. S3 events, GitLab/GitHub webhooks, etc.). It is the basic unit of Function-as-a-Service architecture and the most common example of serverless architecture.
serverless architecture
A pattern for deploying applications on temporary servers, instead of persistent servers. According to this pattern, apps are automatically deployed and scaled based on demand. Among the primary benefits is dynamic, horizontal scaling of workloads, which involves creating many independent instances when demand is high and tearing them down when demand is low. Among the primary drawbacks are the latency of the intial app startup and the need to maintain a relatively small piece of logic as a separate service.