Skip to content



The process of passing custom paramters to a virtual machine when it is created. This is often done using the cloud-init package.


A secret key which is used to access private resources. This should be kept safe in a private directory with limited access and not shared.


The description of the (virtual!) hardware of size of a virtual machine such as 1 virtual CPU, 40 GB of disk space and 4 GB memory.


A reference copy of an operating system with optional additional software which can be used to create virtual machines. Typical examples would be a Linux Server or Windows 7 image.


is a way of delivering computing infrastructure – servers, storage, network and operating systems – as an on-demand service. Rather than purchasing servers, software, datacenter space or network equipment, clients instead obtain those resources as a fully outsourced service on demand


A maximum amount of resources such as cores, memory or disk which can be requested for a given project.


An open source cloud package used at CERN and many other organisations. See for more details.


This OpenStack component is not installed at CERN but in other clouds, it stores and retrieves unstructured data objects through the HTTP based APIs. Further, it is also fault tolerant due to its data replication and scale out architecture.


The OpenStack component managing bare-metal


This OpenStack component manages OpenStack networking


OpenStack compute (codename: Nova) is the component which allows the user to create and manage virtual servers using the machine images. It is the brain of the Cloud. OpenStack compute provisions and manages large networks of virtual machines.


This component provides persistent block storage to running instances. The flexible architecture makes creating and managing block storage devices very easy.


This provides a central directory of users mapped to the OpenStack services. It is used to provide an authentication and authorization service for other OpenStack services.


This provides the discovery, registration and delivery services for the disk and server images. It stores and retrieves the virtual machine disk image.


This component provides a web-based portal to interact with all the underlying OpenStack services, such as NOVA, Neutron, etc.


This component manages multiple Cloud applications through an OpenStack-native REST API and a CloudFormation-compatible Query API.


This component manages containers using technologies such as Kubernetes and Docker Swarm. A user can ask for an instance of one of these for their container orchestration.


This component manages secrets-as-a-service


Docker provides a framework for managing container application. Details at


An orchestration system from Docker which provides multiple machine container management compatible with Docker.


Kubernetes provides a framework for managing container applications and their lifecycle. Details at


A container provides a packaged set of software in an isolated environment. It is used for application frameworks like Docker and Kubernetes.


The OpenStack fileshare as a service project


A snapshot provides a copy of a currently running VM or volume which can be stored into an external service such as Glance.


Volumes are block storage devices that you attach to instances to enable persistent storage. You can attach a volume to a running instance or detach a volume and attach it to another instance at any time.


A project is a container used to group a set of resources such as virtual machines, volumes and images with the same access rights and quota.

personal project

An allocation created for any user who signs up for the OpenStack cloud. It is intended for use for testing rather than production services (where a shared project should be used)

shared project

A set of resources for a specific purpose such as a prodution service with a list of administrators who can manage the resources.


A list of users managed by the CERN e-groups application

unified client

The openstack command is referred to as the unified client since it managed multiple different components of OpenStack as opposed to the nova or cinder commands.


A configuration management system used at CERN. Details can be found at


storage that defines a second disk as part of the virtual machine flavor


CERN's network management system at


A filter of incoming and outgoing communication to a virtual machine or a network.


A graphical interface for Unix and Linux systems


is a new way of addressing machines which is more flexible than IPv4.


A method for contextualising a VM on first boot, such as installing software or configuring users.


The shell profile to set up environment variables for accessing OpenStack. This is often sourced from the command line tools.


The Elastic Compute protocol used by the Amazon public cloud which is partially emulated in OpenStack.


A security mechanism to identify users and hosts using certificates, such as used on the WLCG.


A security mechanism used to identify users such as used on the AFS file system and Active Directory.

virtual machine

A virtual computer which runs on a virtualisation layer so that multiple virtual computers can run on one physical one.


Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.


The CERN public login linux service. Up-to-date OpenStack clients are available on lxplus8. The lxplus cluster will not receive more updates.


CERN CentOS 7, the Linux distribution used at CERN based on CentOS.


An open source distribution of Linux. For more details, see

Power Shell

Windows scripting tool


Computer Management Framework used by CERN for Windows PCs


A group of related Windows PCs managed by CMF


Linux Logical Volume Manager which is able to allocate logical disk space and resize partitions.


A tool to clean images of their local identities such as hostnames. It is needed when creating images without history of how they were built.


A microkernel image which uses CVMFS to store the application data. See for more details.


A procedure to restart virtual machines automatically if stuck

availability zone

A region of the computer centre which is distinct from another such that a failure in one availability zone is unlikely to affect another.


A Linux community distribution of OpenStack, for CentOS and RedHat Linux


Recovering a system which is not able to boot cleanly.


Domain Name Service, which maps from hostnames to TCP/IP addresses.


The computer which hosts a number of virtual machines.


A tool for automatically configuring Linux machines based on their roles.


Return a virtual machine to its base configuration.


A set of key value pairs which can be associated with a VM, image, flavor or other objects.


The internet network time protocol used to synchronise machines with a good time reference such as the ip-time-1 server at CERN.


Knative provides three components for facilitating deployment of an app as a cloud function on Kubernetes: Serving, Eventing, and Build. It does so by extending the Kubernetes API with its own CRDs and corresponding custom controllers. As of July 2019, it depends on Istio.


An open source service mesh offering by Google, IBM, Lyft, and others. Used by Knative.

service mesh

A framework that facilitates various aspects of managing an app distributed over the network, such as: service discovery; inter-service communication; routing; circuit breaking; access control and authentication; and telemetry, logging, and metrics.

cloud function

A self-contained program that runs on a server only temporarily, in response to events. Typically, the function responds to events dispatched over HTTP by a pre-defined source (e.g. S3 events, GitLab/GitHub webhooks, etc.). It is the basic unit of Function-as-a-Service architecture and the most common example of serverless architecture.

serverless architecture

A pattern for deploying applications on temporary servers, instead of persistent servers. According to this pattern, apps are automatically deployed and scaled based on demand. Among the primary benefits is dynamic, horizontal scaling of workloads, which involves creating many independent instances when demand is high and tearing them down when demand is low. Among the primary drawbacks are the latency of the intial app startup and the need to maintain a relatively small piece of logic as a separate service.

Last update: November 22, 2021