Earlier this week, we hosted an OpenStack Meetup at the offices of our customer, EVault, here in San Francisco. Titled “Neutron Networking and SDN in Production,” the Meetup featured panelists from major contributors to Neutron and those offering open source plugins that leverage Neutron. (SiliconANGLE covered the event live, and a replay will be embedded here as soon as it’s available. Some slides used to set initial context are here.)

Our panel set out to discern the reality from hype in SDN and Neutron Networking. We started off by asking:

Do we really need Neutron? Is nova-network good enough since many of the biggest OpenStack deployments are using nova-network with their own plug-ins?

We came to a common conclusion – although I don’t know that we had complete consensus – that Neutron would eventually give us additional networking capabilities that are a hard requirement for success with certain kinds of workloads and use cases.

Next, we took on a more challenging line of questioning:

Given that Neutron will support some critical functionality that will never be in Nova, is it the right place to dump _all_ networking functionality in OpenStack like load balancing as a service, VPN as a service, you-name-it as a service?

We didn’t get anything like consensus on that point. Both panelists and audience members had reservations, myself included. Several panelists were pretty enthusiastic about putting all networking behind Neutron and having one standardized API.

This led into a conversation about the fact that people want to expose certain functionality in the Neutron API, and that functionality might not exist across all of the different vendor plug-ins. This took us to some debate and contention over what the API exposes:

Should the API expose the lowest common denominator of functionality, or should it allow vendors to have all kind of extended functionality that’s specific to their products? Does it make sense to have all of the functionality of all networking abstractions possible in one single unified API, or does it make more sense for Neutron to be a lower-level system that stitches together higher-order network services and just does basic service chaining, allowing you to manage each of those other individual network services via their own API’s directly?

A couple of the panelists (myself included) felt that it’s a better approach for Neutron to offer a lower-level API. Panelists heavily engaged with the Neutron technical committee – understandably perhaps – felt like you can add everything you’d ever need into the Neutron API over time. This is a great topic for a follow-up post, as I firmly believe this is an unworkable approach that would lead to value-subtracting complexity and eventually be crushed under its own weight.

Next, we explored the question:

Given that we need Neutron and its added functionality over time, is vanilla Neutron ready for production today, without any vendor plug ins?

The agreement was as close to universal as you can get in an OpenStack technical conversation: vanilla Neutron is not production grade, and it is not ready for the prime time. It needs vendor plug-ins that fill in the blanks.

This was shocking to a number of people in the audience who came up to us afterwards and said they just weren’t expecting to hear that.

This begs another big question:

How do you get into production with Neutron today and still avoid vendor lock-in?

Of course, vendor lock-in is not an absolute. It’s a spectrum. Each OpenStack user going into production with Neutron today has to evaluate the degree of lock-in they are willing to accept in exchange for the confidence of knowing they’ve got a solution that’s ready to support workloads in production.

Wrapping it Up

Ultimately, it’s unclear whether all networking functions ever will be modeled behind the Neutron API with a bunch of plug-ins. That’s part of the ongoing dialogue we’re having in the community about what makes the most sense for the project’s future.

The bottom-line consensus was is that Neutron is a work in progress. Vanilla Neutron is not ready for production, so you should get a vendor if you need to move into production soon.

 

The Gartner Data Center Conference is coming up December 9-12 in Las Vegas, and OpenStack is proud to be a sponsor alongside 35+ companies from the OpenStack ecosystem.

We are excited to host the OpenStack Community Pavilion, showcasing OpenStack solutions and services from Cloud Cruiser, Mirantis, Nebula, Puppet Labs, Rackspace, SaltStack, Scalr, and SolidFire. You can visit these OpenStack providers, in addition to Foundation executives and staff, in booth #408 in the Venetian Resort’s Sands Expo Convention Center.

You can also speak with the 25+ additional OpenStack community exhibitors and presenters who will be at the conference. We’ll be providing a ‘community map’ showing the locations of all participating companies on the show floor.

If you are planning to be in Las Vegas for the event and have questions about OpenStack, please stop by the booth #408 or contact kathyc@openstack.org to set up a meeting.

You can also visit an OpenStack user group near you; find a convenient one at https://wiki.openstack.org/wiki/OpenStackUsersGroup.

 

Wrapping up the OpenStack Travel Support Program – Icehouse

The OpenStack Foundation brought 18 people to Hong Kong thanks to the grants offered by the first edition of the Travel Support Program, sponsored by Intel. The Travel Support Program is based on the promise of Open Design and its aim is to facilitate participation of key contributors to the OpenStack Design Summit. The program aims at covering costs for travel and accommodation for key contributors to the OpenStack project to join the community at the Summits.

Adopt an operator?

Lorin Hochstein made what he calls “a modest proposal”: a program to pair up individual OpenStack developers with OpenStack operators to encourage better information flow from ops to devs. Sounds intriguing, it may be a way to try tightening the gap between developers and users of OpenStack. Another proposal trying to address the same issue was sent to the User Committee mailing list. What do you think?

Vmware Workstation / Fusion / Player Nova driver

The fine folks at Cloudbase are heavily using VMware Workstation and Fusion for development, demos and PoCs. They have replaced their automation scripts with a fully functional Nova driver and use OpenStack APIs and Heat for the automation. They published the results of their work as a Nova driver on github.com.

Tips ‘n Tricks

• By Alessandro Pilotti: Multi-node OpenStack RDO on RHEL and Hyper-V – Part 2 (Part 1)
• By Chmouel Boudjnah: Ceph and Swift: Why we are not fighting.
• By Kenneth Hui: Deploy OpenStack (Havana) On Your Laptop Using Vagrant And Chef

Upcoming Events

• Gartner Data Center Conference Dec 09 – 12, 2013 – Las Vegas, NV, USA Details
• OpenStack Israel Dec 09, 2013 – Tel-Aviv, Israel Details
• Athens OpenStack User Group meeting Dec 12, 2013 – Athens (Greece) Details
• 3rd OpenStack User Group Nordics meetup Jan 15, 2014 – Stockholm, Sweden Details

Other News

• Open Mic Spotlight: Sean M. Collins
• Mistral: Workflow-as-a-Service for OpenStack
• The Present and the Future of OpenStack Trove Architecture
• Murano V0.3 Lets You Deploy Linux Applications
• Competition should be core to OpenStack Technical Meritocracy
• OpenStack Project Meeting: Summary and full logs

Got Answers?

Ask OpenStack is the go-to destination for OpenStack users. Interesting questions waiting for answers:

• Which tools do people use to simplify cloud Operations?
• NotRegistered: Dashboard with slug “router” is not registered.
• disassociating a health monitor
• Adding Attribute to Nova Hosts
• How to setup ceilometer to use mongodb?
• client cannot connect to the Marconi service
• No compute.instance.create.start/end Notifications received by Ceilometer
• Havana neutron gre slow performance

Welcome New Reviewers and Developers

Is your affiliation correct? Check your profile in the OpenStack Foundation Members Database!

wangchy	Valeriy Ponomaryov
Ed Bak	Vadim Rovachev
Valeriy Ponomaryov	Shalini khandelwal
Ramon Acedo	Richard Lee
Rafael Folco	Pavlo Shchelokovskyy
Jaroslav Henner	Debasish Chowdhury
Tristan Cacqueray	tshirtman
Shilla Saebi	Sergey Kolekonov
Nadya Privalova	Ravi Kumar Pasumarthy
Dylan Yu	Guilherme Birk
Andrei Ostapenko	Jay Dobies
koofoss	David Ostrovsky
Sergio Cazzolato	Bruce Benjamin
Ruslan Kamaldinov	Vladan Popovic
Marios Andreou	Scott Adkins
Ilya Tyaptin	Joris Roovers
Andres Buraschi	Shawhin Tech
Abhishek Chanda	Abhishek Chanda
	Juan Manuel Ollé

Latest Activity In Projects

Do you want to see at a glance the bugs filed and solved this week? Latest patches submitted for review? Check out the individual project pages on OpenStack Activity Board – Insights.

• Telemetry (Ceilometer)
• Block Storage (Cinder)
• Image Service (Glance)
• Orchestration API (Heat)
• Dashboard (Horizon)
• Bare Metal Provisioning (Ironic)
• Identity (Keystone)
• Manuals
• Networking (Neutron)
• Compute (Nova)
• Hadoop Cluster as a Service (Savanna)
• Object Storage (Swift)
• Database As A Service (Trove)

OpenStack Reactions

The weekly newsletter is a way for the community to learn about all the various activities occurring on a weekly basis. If you would like to add content to a weekly update or have an idea about this newsletter, please leave a comment.

 

Savanna is the OpenStack data processing project. Elastic data processing (EDP) allows you to run MapReduce, Pig, and Hive jobs on top of Hadoop clusters provisioned by Savanna. We bring you a demo of Savanna V0.3 release, which will show you how to launch and execute a Pig job. The demo first gives you an overview [...]

The post A Demo: Launch and Execute a Job with Savanna V0.3 appeared first on Mirantis | The #1 Pure Play OpenStack Company.

The videos from our various presentations and panel discussions from OpenStack Hong Kong are now available!

If you couldn’t make the event or if you just want to refresh your memory, check out these great discussions below.

Enjoy!

- - -

Deployment and Management of Your Application on OpenStack using an All Encompassing DSL based on TOSCA - with Yaron Parasol

<iframe frameborder="0" height="315" src="http://www.youtube.com/embed/07GhdVYIw1Q?list=PLD470957921551B9A" width="560"></iframe>

This one has a slide deck to go along with it!

<iframe frameborder="0" height="356" marginheight="0" marginwidth="0" scrolling="no" src="http://www.slideshare.net/slideshow/embed_code/27893394" width="427"> </iframe>

- - -

Big Data on OpenStack A Game Changer - Panel Discussion - with Nati Shalom

<iframe frameborder="0" height="315" src="http://www.youtube.com/embed/w1MYlVVI9vU?list=PLD470957921551B9A" width="560"></iframe>

- - -

Panel on Application Portability - with Yaron Parasol

<iframe frameborder="0" height="315" src="http://www.youtube.com/embed/ZeciW11lU18?list=PLD470957921551B9A" width="560"></iframe>

- - -

Panel Ideas, Tools and Examples for OpenStack Groups - with Nati Shalom

<iframe frameborder="0" height="315" src="http://www.youtube.com/embed/YolwQuPJR4k?list=PLD470957921551B9A" width="560"></iframe>

Heat is a template-based orchestration mechanism for use with OpenStack. With Heat, you can deploy collections of resources – networks, servers, storage, and more – all from a single, parameterized template.

In this article I will introduce Heat templates and the heat command line client.

Writing templates

Because Heat began life as an analog of AWS CloudFormation, it supports the template formats used by the CloudFormation (CFN) tools. It also supports its own native template format, called HOT (“Heat Orchestration Templates”). In this article I will be using the HOT template syntax, which is fully specified on the OpenStack website.

NB: Heat is under active development, and there are a variety of discussions going on right now regarding the HOT specification. I will try to keep this post up-to-date as the spec evolves.

A HOT template is written using YAML syntax and has three major sections:

• parameters – these are input parameters that you provide when you deploy from the template.
• resources – these are things created by the template.
• outputs – these are output parameters generated by Heat and available to you via the API.

Parameters

The parameters section defines the list of available parameters. For each parameter, you define a data type, an optional default value (that will be used if you do not otherwise specify a value for the parameter), an optional description, constraints to validate the data, and so forth. The definition from the spec looks like this:

parameters:
  <param name>:
    type: <string | number | json | comma_delimited_list>
    description: <description of the parameter>
    default: <default value for parameter>
    hidden: <true | false>
    constraints:
      <parameter constraints>

A simple example might look like this:

parameters:
  flavor:
    type: string
    default: m1.small
    constraints: 
      - allowed_values: [m1.nano, m1.tiny, m1.small, m1.large]
        description: Value must be one of 'm1.tiny', 'm1.small' or 'm1.large'

This defines one parameter named flavor with a default value of m1.small. Any value passed in when you deploy from this template must match of one the values in the allowed_values constraint.

Resources

The resources section of your template defines the items that will be created by Heat when you deploy from your template. This may include storage, networks, ports, routers, security groups, firewall rules, or any other of the many available resources.

The definition of this section from the spec looks like this:

resources:
  <resource ID>:
    type: <resource type>
    properties:
      <property name>: <property value>
    # more resource specific metadata

Here’s a simple example that would create a single server:

resources:
  instance0:
    type: OS::Nova::Server
    properties:
      name: instance0
      image: cirros
      flavor: m1.tiny
      key_name: mykey

The complete list of resources and their available properties can be found in the documentation.

You’ll notice that the above example is static: it will always result in an instance using the cirros image and the m1.tiny flavor. This isn’t terribly useful, so let’s redefine this example assuming that we have available the parameter section from the previous example:

resources:
  instance0:
    type: OS::Nova::Server
    properties:
      name: instance0
      image: cirros
      flavor: {get_param: flavor}
      key_name: mykey

Here we are using the get_param intrinsic function to retrieve an insert the value of the flavor parameter.

Outputs

The outputs section of your template defines parameters that will be available to you (via the API or command line client) after your stack has been deployed. This may include things like this ip addresses assigned to your instances. The outputs section definition is:

outputs:
  <parameter name>:
    description: <description>
    value: <parameter value>

In order to make the outputs section useful, we’ll need another template function, get_attr. Where get_param accesses values from your parameters section, get_attr accesses attributes of your resources. For example:

outputs:
  instance_ip:
    value: {get_attr: [instance0, first_address]}

You will again want to refer to the list of resource types for a list of available attributes.

Putting it all together

Using the above information, let’s put together a slightly more complete template. This example will:

• Deploy a single instance
• Assign it a floating ip address
• Ensure ssh access via an ssh key published to Nova

We’ll get the flavor name, image name, key name, and network information from user-provided parameters.

Since this is a complete example, we need to add the heat_template_version key to our template:

heat_template_version: 2013-05-23

And a description provides useful documentation:

description: >
  A simple HOT template for demonstrating Heat.

We define parameters for the key name, flavor, and image, as well as network ids for address provisioning:

parameters:
  key_name:
    type: string
    default: lars
    description: Name of an existing key pair to use for the instance
  flavor:
    type: string
    description: Instance type for the instance to be created
    default: m1.small
    constraints:
      - allowed_values: [m1.nano, m1.tiny, m1.small, m1.large]
        description: Value must be one of 'm1.tiny', 'm1.small' or 'm1.large'
  image:
    type: string
    default: cirros
    description: ID or name of the image to use for the instance
  private_net_id:
    type: string
    description: Private network id
  private_subnet_id:
    type: string
    description: Private subnet id
  public_net_id:
    type: string
    description: Public network id

In the resources section, we define a single instance of OS::Nova::Server, attach to it an instance of OS::Neutron::Port, and attach to that port an instance of OS::Neutron::FloatingIP. Note that use of the get_resource function here to refer to a resource defined elsewhere in the template:

resources:
  instance0:
    type: OS::Nova::Server
    properties:
      name: instance0
      image: { get_param: image }
      flavor: { get_param: flavor }
      key_name: { get_param: key_name }
      networks:
        - port: { get_resource: instance0_port0 }
  instance0_port0:
    type: OS::Neutron::Port
    properties:
      network_id: { get_param: private_net_id }
      security_groups:
        - default
      fixed_ips:
        - subnet_id: { get_param: private_subnet_id }
  instance0_public:
    type: OS::Neutron::FloatingIP
    properties:
      floating_network_id: { get_param: public_net_id }
      port_id: { get_resource: instance0_port0 }

As outputs we provide the fixed and floating ip addresses assigned to our instance:

outputs:
  instance0_private_ip:
    description: IP address of instance0 in private network
    value: { get_attr: [ instance0, first_address ] }
  instance0_public_ip:
    description: Floating IP address of instance0 in public network
    value: { get_attr: [ instance0_public, floating_ip_address ] }

Filling in the blanks

Now that we have a complete template, what do we do with it?

When you deploy from a template, you need to provide values for any parameters required by the template (and you may also want to override default values). You can do this using the -P (aka --parameter) command line option, which takes a semicolon-delimited list of name=value pairs:

heat stack-create -P 'param1=value1;param2=value2' ...

While this works, it’s not terribly useful, especially as the parameter list grows long. You can also provide parameters via an environment file, which a YAML configuration file containing a parameters key (you can use environment files for other things, too, but here we’re going to focus on their use for template parameters). A sample file, equivalent to arguments to -P in the above command line, might look like:

parameters:
  param1: value1
  param2: value2

An environment file appropriate to our example template from the previous section might look like this:

parameters:
  image: fedora-19-x86_64
  flavor: m1.small
  private_net_id: 99ab8ebf-ad2f-4a4b-9890-fee37cea4254
  private_subnet_id: ed8ad5f5-4c47-4204-9ca3-1b3bc4de286d
  public_net_id: 7e687cc3-8155-4ec2-bd11-ba741ecbf4f0

You would, of course, need to replace the network ids with ones appropriate to your environment.

Command line client

With the template in a file called template.yml and the parameters in a file called environment.yml, we could deploy an instance like this:

heat stack-create -f template.yml \
  -e environment.yml mystack

This would, assuming no errors, create a stack called mystack. You can view the status of your stacks with the stack-list subcommand:

$ heat stack-list
+-------+------------+-----------------+----------------------+
| id    | stack_name | stack_status    | creation_time        |
+-------+------------+-----------------+----------------------+
| 0...6 | mystack    | CREATE_COMPLETE | 2013-12-06T21:37:32Z |
+-------+------------+-----------------+----------------------+

You can view detailed information about your stack – including the values of your outputs – using the stack-show subcommand:

$ heat stack-show mystack

(The output is a little too verbose to include here.)

If you want more convenient access to the values of your outputs, you’re going to have to either make direct use of the Heat REST API, or wait for my proposed change to the python-heatclient package, which will add the output-list and output-get subcommands:

$ heat output-list mystack
  instance0_private_ip
  instance0_public_ip
$ heat output-get mystack instance0_public_ip
192.168.122.203

Working with Neutron

If you are using Heat in an environment that uses Neutron for networking you may need to take a few additional steps. By default, your virtual instances will not be associated with any security groups, which means that they will have neither outbound or inbound network connectivity. This is in contrast to instances started using the nova boot command, which will automatically be members of the default security group.

In order to provide your instances with appropriate network connectivity, you will need to associate each OS::Neutron::Port resource in your template with one or more security groups. For example, the following configuration snippet would create a port instance0_port0 and assign it to the default and webserver security groups:

instance0_port0:
  type: OS::Neutron::Port
  properties:
    network_id: { get_param: private_net_id }
    security_groups:
      - default
      - webserver
    fixed_ips:
      - subnet_id: { get_param: private_subnet_id }

For this to work, you will need to be running a (very) recent version of Heat. Until commit 902154c, Heat was unable to look up Neutron security groups by name. It worked fine if you specified security groups by UUID:

security_groups:
  - 4296f3ff-9dc0-4b0b-a633-c30eacc8493d
  - 8c49cd42-7c42-4a1f-af1d-492a0687fc12

See also

• The Heat project maintains a repository of example templates.

Here’s our second post in the RDO + Hyper-V series targeting Havana and automation.

We had lots of great feedbacks about the first post, along with many requests about how to troubleshoot network connectivity issues that arise quite often when you configure a complex environment like a multi-node OpenStack deployment, especially for the first time!

Although RDO is a great solution to automate an OpenStack deployment, it still requires quite a few manual steps, especially in a multi-node scenario. Any small configuration error in one of those steps can lead to hours of troubleshooting, so we definitely need an easy foolproof solution.

In this post we’ll detail a “simple” script available here that will perform all the configuration work for you.

Here’s a diagram of what we are going to obtain (click to enlarge):

 

 

Physical network layout

Network connectivity is very important, so let’s recap how the hosts need to be connected.

We’ll use 3 separate networks:

1. Management

This network will be used only for setting up the hosts and for HTTP and AMQP communication among them. It requires Internet access during the initial configuration. Guests must not be able to access this network under any circumstance.

2. Data (guest access)

Network used by the guests to communicate among each other (in the same Neutron network) and with the Network host for external routing.

Since we are going to use VLANs for network isolation in this example, make sure that your switches are properly configured (e.g. trunking mode).

3. External

Used by the Network host to communicate with external networks (e.g. Internet).

 

Hosts OS configuration

Now, we’ll need to get the hosts running. If you want to create a proof of concept (PoC), virtual machines can be absolutely enough as long as they support nested virtualization, while for a real production environment we suggest to use physical machines for all the nodes except optionally the controller. In this example we’ll use the “root” / “Passw0rd” credentials on all Linux hosts and “Administrator” / “Passw0rd” on Hyper-V.

Controller host

RAM

At least 1GB, 2-8GB or more if you plan to use Ceilometer on this node.

HDD

At least 10GB, recommended at least 100GB if you plan to store the Glance images here.

CPU

1-2 sockets, not particularly relevant in most circumstances.

Network

• eth0 connected to the Management network.

 

Network host

RAM

1GB

HDD

10GB or even less, this host has really no particular disk space requirements

CPU

1-2 sockets, not particularly relevant unless you use GRE / VXLAN tunnelling.

Network

• eth0 connected to the Management network.
• eth1 connected to the Data network.
• eth2 adapter connected to the External network.

 

KVM compute host (optional)

Multiple compute nodes can be added based on your requirements. We’ll use one in our example for the sake of simplicity.

RAM

A minimum of 4GB, Recommended? As much as possible. This really depends on how many VMs you want to run. Sum the amount of memory you want to assign to the guests and add 1 GB for the host. Avoid memory overcommit if possible. 64, 128, 192 GB are quite common choices.

HDD

A minimum of 10GB. This is based on the local storage that you want to assign to the guests, I’d start with at least 100GB.

CPU

2 sockets, as many cores as possible, based on the number of guests. For example 2 esacore sockets with multithreading enabled provide 12 usable CPU threads to assign to the guests.

Network

• eth0 adapter connected to the Management network.
• eth1 adapter connected to the Data network.

Hyper-V compute host (optional)

The same consideration discussed for the KVM compute node apply to this case as well.

You can just perform a basic installation and at the end enable WinRM by running the following Powershell script that will download OpenSSL, configure a CA, generate a certificate to be used for HTTPS and configure WinRM for HTTPS usage with basic authentication: SetupWinRMAccess.ps1

$filepath = "$ENV:Temp\SetupWinRMAccess.ps1"
(new-object System.Net.WebClient).DownloadFile("https://raw.github.com/cloudbase/openstack-rdo-scripts/master/SetupWinRMAccess.ps1", $filepath)
Set-ExecutionPolicy RemoteSigned -Force
& $filepath
del $filepath

 

Configure RDO

Now, let’s get the management IPs assigned to the hosts. In our examples we’ll use:

1. Controller: 192.168.200.1
2. Network: 192.168.200.2
3. KVM compute: 192.168.200.3
4. Hyper-V compute: 192.168.200.4

 

You can already start the script and let it run while we explain how it works afterwards. It runs on Linux, Mac OS X or Windows (using Bash).

git clone https://github.com/cloudbase/openstack-rdo-scripts
cd openstack-rdo-scripts
ssh-keygen -q -t rsa -f ~/.ssh/id_rsa_rdo -N "" -b 4096
./configure-rdo-multi-node.sh havana ~/.ssh/id_rsa_rdo rdo-controller 192.168.200.1 rdo-network \
192.168.200.2 rdo-kvm 192.168.200.3 rdo-hyperv 192.168.200.4

If you are not deploying Hyper-V, you can simply omit the last two values of course.

Here’s a video showing what to expect (except the initial VM deployment part which is outside of the scope of this post):
 

 

The script explained

You can open it directly on Github and follow the next explanations:

1. Inject the SSH key

This is performed for each Linux host to enable the automated configuration steps afterwards.

configure_ssh_pubkey_auth $RDO_ADMIN $CONTROLLER_VM_IP $SSH_KEY_FILE_PUB $RDO_ADMIN_PASSWORD
configure_ssh_pubkey_auth $RDO_ADMIN $NETWORK_VM_IP $SSH_KEY_FILE_PUB $RDO_ADMIN_PASSWORD
configure_ssh_pubkey_auth $RDO_ADMIN $QEMU_COMPUTE_VM_IP $SSH_KEY_FILE_PUB $RDO_ADMIN_PASSWORD

2. Set the host date and time

update_host_date $RDO_ADMIN@$CONTROLLER_VM_IP
update_host_date $RDO_ADMIN@$NETWORK_VM_IP
update_host_date $RDO_ADMIN@$QEMU_COMPUTE_VM_IP

3. Rename the Hyper-V compute host (if present)

exec_with_retry "$BASEDIR/rename-windows-host.sh $HYPERV_COMPUTE_VM_IP $HYPERV_ADMIN \
$HYPERV_PASSWORD $HYPERV_COMPUTE_VM_NAME" 30 30

This uses a separate script which in turn is based on WSMan to call Powershell remotely (even from Linux!):

wsmancmd.py -U https://$HOST:5986/wsman -u $USERNAME -p $PASSWORD \
'powershell -NonInteractive -Command "if ([System.Net.Dns]::GetHostName() -ne \"'$NEW_HOST_NAME'\") \
{ Rename-Computer \"'$NEW_HOST_NAME'\" -Restart -Force }"'

4. Configure Linux networking on all nodes

This uses a function called config_openstack_network_adapter to configure the adapter’s ifcfg-ethx file to be used by Open vSwitch.

# Controller
set_hostname $RDO_ADMIN@$CONTROLLER_VM_IP $CONTROLLER_VM_NAME.$DOMAIN $CONTROLLER_VM_IP

# Network
config_openstack_network_adapter $RDO_ADMIN@$NETWORK_VM_IP eth1
config_openstack_network_adapter $RDO_ADMIN@$NETWORK_VM_IP eth2
set_hostname $RDO_ADMIN@$NETWORK_VM_IP $NETWORK_VM_NAME.$DOMAIN $NETWORK_VM_IP

# KVM compute
config_openstack_network_adapter $RDO_ADMIN@$QEMU_COMPUTE_VM_IP eth1
set_hostname $RDO_ADMIN@$QEMU_COMPUTE_VM_IP $QEMU_COMPUTE_VM_NAME.$DOMAIN $QEMU_COMPUTE_VM_IP

5. Test if networking works

This is a very important step, as it validates the network configuration anticipating potential issues!
Some helper functions are used in this case as well.

set_test_network_config $RDO_ADMIN@$NETWORK_VM_IP $NETWORK_VM_TEST_IP/24 add
set_test_network_config $RDO_ADMIN@$QEMU_COMPUTE_VM_IP $QEMU_COMPUTE_VM_TEST_IP/24 add

ping_ip $RDO_ADMIN@$NETWORK_VM_IP $QEMU_COMPUTE_VM_TEST_IP
ping_ip $RDO_ADMIN@$QEMU_COMPUTE_VM_IP $NETWORK_VM_TEST_IP

6. Install Packstack on the controller

run_ssh_cmd_with_retry $RDO_ADMIN@$CONTROLLER_VM_IP "yum install -y http://rdo.fedorapeople.org/openstack/openstack-$OPENSTACK_RELEASE/rdo-release-$OPENSTACK_RELEASE.rpm || true"
run_ssh_cmd_with_retry $RDO_ADMIN@$CONTROLLER_VM_IP "yum install -y openstack-packstack"

We’re also adding crudini to manage the OpenStack configuration files.

run_ssh_cmd_with_retry $RDO_ADMIN@$CONTROLLER_VM_IP "yum -y install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm || true"
run_ssh_cmd_with_retry $RDO_ADMIN@$CONTROLLER_VM_IP "yum install -y crudini"

7. Generate a Packstack configuration file

run_ssh_cmd_with_retry $RDO_ADMIN@$CONTROLLER_VM_IP "packstack --gen-answer-file=$ANSWERS_FILE"

8. Configure the Packstack answer file

Here’s the part relevant to Havana.

run_ssh_cmd_with_retry $RDO_ADMIN@$CONTROLLER_VM_IP "\
crudini --set $ANSWERS_FILE general CONFIG_SSH_KEY /root/.ssh/id_rsa.pub && \
crudini --set $ANSWERS_FILE general CONFIG_NTP_SERVERS 0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org && \
crudini --set $ANSWERS_FILE general CONFIG_CINDER_VOLUMES_SIZE 20G && \
crudini --set $ANSWERS_FILE general CONFIG_NOVA_COMPUTE_HOSTS $QEMU_COMPUTE_VM_IP && \
crudini --del $ANSWERS_FILE general CONFIG_NOVA_NETWORK_HOST"

run_ssh_cmd_with_retry $RDO_ADMIN@$CONTROLLER_VM_IP "\
crudini --set $ANSWERS_FILE general CONFIG_NEUTRON_L3_HOSTS $NETWORK_VM_IP && \
crudini --set $ANSWERS_FILE general CONFIG_NEUTRON_DHCP_HOSTS $NETWORK_VM_IP && \
crudini --set $ANSWERS_FILE general CONFIG_NEUTRON_METADATA_HOSTS $NETWORK_VM_IP && \
crudini --set $ANSWERS_FILE general CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE vlan && \
crudini --set $ANSWERS_FILE general CONFIG_NEUTRON_OVS_VLAN_RANGES physnet1:1000:2000 && \
crudini --set $ANSWERS_FILE general CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS physnet1:br-eth1 && \
crudini --set $ANSWERS_FILE general CONFIG_NEUTRON_OVS_BRIDGE_IFACES br-eth1:eth1"

9. Deploy our SSH key on the controller

The key will be used by Packstack to automate the SSH connection with all the nodes.

scp -i $SSH_KEY_FILE -o 'PasswordAuthentication no' $SSH_KEY_FILE $RDO_ADMIN@$CONTROLLER_VM_IP:.ssh/id_rsa
scp -i $SSH_KEY_FILE -o 'PasswordAuthentication no' $SSH_KEY_FILE_PUB $RDO_ADMIN@$CONTROLLER_VM_IP:.ssh/id_rsa.pub

10. Run Packstack!

This is obviously the most important step. Note the use of a helper function called run_ssh_cmd_with_retry to retry the command if it fails.
Transient errors in Packstack are quite common due to network connectivity issues, nothing to worry about.

run_ssh_cmd_with_retry $RDO_ADMIN@$CONTROLLER_VM_IP "packstack --answer-file=$ANSWERS_FILE"

11. Add additional firewall rules

Enable access from the Hyper-V host(s) and work around an existing Packstack issue in multinode environments.

run_ssh_cmd_with_retry $RDO_ADMIN@$CONTROLLER_VM_IP "iptables -I INPUT -s $QEMU_COMPUTE_VM_IP/32 -p tcp --dport 9696 -j ACCEPT"
run_ssh_cmd_with_retry $RDO_ADMIN@$CONTROLLER_VM_IP "iptables -I INPUT -s $NETWORK_VM_IP/32 -p tcp --dport 9696 -j ACCEPT"
run_ssh_cmd_with_retry $RDO_ADMIN@$CONTROLLER_VM_IP "iptables -I INPUT -s $NETWORK_VM_IP/32 -p tcp --dport 35357 -j ACCEPT"

if [ -n "$HYPERV_COMPUTE_VM_IP" ]; then
    run_ssh_cmd_with_retry $RDO_ADMIN@$CONTROLLER_VM_IP "iptables -I INPUT -s $HYPERV_COMPUTE_VM_IP/32 -p tcp --dport 9696 -j ACCEPT"
    run_ssh_cmd_with_retry $RDO_ADMIN@$CONTROLLER_VM_IP "iptables -I INPUT -s $HYPERV_COMPUTE_VM_IP/32 -p tcp --dport 9292 -j ACCEPT"
fi

12. Disable API rate limits

This is useful for PoCs and testing environments, but you most probably want to leave API rates in place in production.

run_ssh_cmd_with_retry $RDO_ADMIN@$CONTROLLER_VM_IP "crudini --set $NOVA_CONF_FILE DEFAULT api_rate_limit False"

13. Enable Neutron firewall

Fixes a Packstack glitch.

run_ssh_cmd_with_retry $RDO_ADMIN@$CONTROLLER_VM_IP "sed -i 's/^#\ firewall_driver/firewall_driver/g' \
/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini && service neutron-server restart"

14. Set KVM as the libvirt type on the KVM compute node

When running on a VM, Packstack sets always the libvirt_type to QEMU, which is not what we want.

run_ssh_cmd_with_retry $RDO_ADMIN@$QEMU_COMPUTE_VM_IP "grep vmx /proc/cpuinfo > \
/dev/null && crudini --set $NOVA_CONF_FILE DEFAULT libvirt_type kvm || true"

15. Configure Open vSwitch on the Network node

run_ssh_cmd_with_retry $RDO_ADMIN@$NETWORK_VM_IP "ovs-vsctl list-ports br-ex | grep eth2 || ovs-vsctl add-port br-ex eth2"

16. Reboot all the Linux nodes to load the new 2.6.32 Kernel with network namespaces support.

run_ssh_cmd_with_retry $RDO_ADMIN@$CONTROLLER_VM_IP reboot
run_ssh_cmd_with_retry $RDO_ADMIN@$NETWORK_VM_IP reboot
run_ssh_cmd_with_retry $RDO_ADMIN@$QEMU_COMPUTE_VM_IP reboot

17. Install OpenStack on Hyper-V

Configures remotely a Hyper-V external virtual switch and installs the OpenStack compute node with the Nova installer.

$BASEDIR/deploy-hyperv-compute.sh $HYPERV_COMPUTE_VM_IP $HYPERV_ADMIN $HYPERV_PASSWORD $OPENSTACK_RELEASE \
$HYPERV_VSWITCH_NAME $GLANCE_HOST $RPC_BACKEND $QPID_HOST $QPID_USERNAME $QPID_PASSWORD $NEUTRON_URL \
$NEUTRON_ADMIN_AUTH_URL $NEUTRON_ADMIN_TENANT_NAME $NEUTRON_ADMIN_USERNAME $NEUTRON_ADMIN_PASSWORD \
$CEILOMETER_ADMIN_AUTH_URL $CEILOMETER_ADMIN_TENANT_NAME $CEILOMETER_ADMIN_USERNAME $CEILOMETER_ADMIN_PASSWORD \
$CEILOMETER_METERING_SECRET

Here are some details from this script.

Create a Hyper-V external virtual switch using Powershell remotely.

$BASEDIR/wsmancmd.py -U https://$MGMT_IP:5986/wsman -u "$HYPERV_USER" -p "$HYPERV_PASSWORD" \
powershell -NonInteractive -Command '"if (!(Get-VMSwitch | where {$_.Name -eq \"'$SWITCH_NAME'\"})) \
{New-VMSwitch -Name \"'$SWITCH_NAME'\" -AllowManagementOS $false -InterfaceAlias \
(Get-NetAdapter | where {$_.IfIndex -ne ((Get-NetIPAddress -IPAddress \"'$MGMT_IP'\").InterfaceIndex)}).Name}"'

Run the Nova installer remotely in unattended mode.

run_wsmancmd_with_retry $HYPERV_COMPUTE_VM_IP $HYPERV_ADMIN $HYPERV_PASSWORD "msiexec /i %TEMP%\\$MSI_FILE /qn /l*v %TEMP%\\HyperVNovaCompute_setup_log.txt \
ADDLOCAL=$HYPERV_FEATURES GLANCEHOST=$GLANCE_HOST GLANCEPORT=$GLANCE_PORT RPCBACKEND=$RPC_BACKEND \
RPCBACKENDHOST=$RPC_BACKEND_HOST RPCBACKENDPORT=$RPC_BACKEND_PORT RPCBACKENDUSER=$RPC_BACKEND_USERNAME RPCBACKENDPASSWORD=$RPC_BACKEND_PASSWORD \
INSTANCESPATH=C:\\OpenStack\\Instances ADDVSWITCH=0 VSWITCHNAME=$HYPERV_VSWITCH USECOWIMAGES=1 LOGDIR=C:\\OpenStack\\Log ENABLELOGGING=1 \
VERBOSELOGGING=1 NEUTRONURL=$NEUTRON_URL NEUTRONADMINTENANTNAME=$NEUTRON_ADMIN_TENANT_NAME NEUTRONADMINUSERNAME=$NEUTRON_ADMIN_USERNAME \
NEUTRONADMINPASSWORD=$NEUTRON_ADMIN_PASSWORD NEUTRONADMINAUTHURL=$NEUTRON_ADMIN_AUTH_URL \
CEILOMETERADMINTENANTNAME=$CEILOMETER_ADMIN_TENANT_NAME CEILOMETERADMINUSERNAME=$CEILOMETER_ADMIN_USERNAME \
CEILOMETERADMINPASSWORD=$CEILOMETER_ADMIN_PASSWORD CEILOMETERADMINAUTHURL=$CEILOMETER_ADMIN_AUTH_URL \
CEILOMETERMETERINGSECRET=$CEILOMETER_METERING_SECRET"

18. Make sure everything is running fine!

Check if all Nova services are running (including the optional KVM and Hyper-V compute nodes):

run_ssh_cmd_with_retry $RDO_ADMIN@$CONTROLLER_VM_IP "source ./keystonerc_admin && nova service-list | \
sed -e '$d' | awk '(NR > 3) {print $10}' | sed -rn '/down/q1'" 10

An finally check that all the Neutron agents are up and running:

run_ssh_cmd_with_retry $RDO_ADMIN@$CONTROLLER_VM_IP "source ./keystonerc_admin && \
neutron agent-list -f csv | sed -e '1d' | sed -rn 's/\".*\",\".*\",\".*\",\"(.*)\",.*/\1/p' | sed -rn '/xxx/q1'" 10

The post Multi-node OpenStack RDO on RHEL and Hyper-V – Part 2 appeared first on Cloudbase Solutions.

This post is part of the OpenStack Open Mic series to spotlight the people who have helped make OpenStack successful. Each week, a new contributor will step up to the mic and answer five questions about OpenStack, cloud, careers and what they do for fun. 

Sean is a developer at Comcast working on OpenStack. He is 26 years old, and lives in South Philadelphia with his partner, Caroline. You can follow him on Twitter @sc68cal.

1. What are the essentials for someone just getting started with OpenStack? Sites? Books? Conferences? People?

Devstack. The fact that you can clone a git repository, execute a shell script, and get a fully built OpenStack install on your personal machine to start hacking makes a huge difference.

2. What was your first commit or contribution and why did you make it?

My first contribution of substance was to add better hooks into the Security Group API events in Nova-Network. I was working on a way to take Security Group API calls from OpenStack for something like allowing port 80 open for a web server, to also have those requests propagate into other internal systems inside Comcast. This way, firewalls upstream would honor the request to allow port 80 through.

3. What other OpenStack developers deserve a shout out for the work they’re doing in the community? Who are our unsung heroes? Your own? 

For me personally, the community around Neutron has been a big help. People like Aaron Rosen, Nachi Ueno, Mark McClain, and Kyle Mestery have helped me whenever I’ve gotten stuck or had a question.

4. Are there any skills that you think are critical for OpenStack developers in the next 5 years? What specialties will be most useful? Valuable?

I’d say the most important skill is an open mind. OpenStack has a huge userbase, and thousands of different use-cases. You need to remember that not everyone is going to be using OpenStack the way you do, and that’s OK! The community and the codebase is flexible enough that everyone should be able to get what they want out of it. It doesn’t have to be a winner-take-all proposition.

5. What do you think are the benefits of the open, community-driven approach to development?

More things can get done in shorter periods of time. Just look at the amount of features that each release of OpenStack has added. It’s incredible.

This is the first in a series of posts about the Mistral project. Here we present a simple Mistral workflow, while future posts will dive into some proof-of-concept details, development tasks, and production-stage use cases. In mid-October, Mirantis kicked off a new project codenamed Mistral. This project, also known as OpenStack Workflow-as-a-Service, is based on the [...]

The post Mistral: Workflow-as-a-Service for OpenStack appeared first on Mirantis | The #1 Pure Play OpenStack Company.

OpenStack has become increasingly important to enterprises of all sizes as its reach extends beyond Web 2.0/SaaS companies such as Workday, Webex, and PayPal. OpenStack is now a major element of both enterprise cloud computing and broader cloud initiatives, such as the new IBM Federal Cloud Innovation Center in Washington, DC. In addition, OpenStack recently took [...]

The post Over 1,500 Donated Bare Metal Servers + Mirantis, SoftLayer, and IBM = New Benefits For The OpenStack Community appeared first on Mirantis | The #1 Pure Play OpenStack Company.

The OpenStack Foundation brought 18 people to Hong Kong thanks to the grants offered by the first edition of the Travel Support Program, sponsored by Intel. The Travel Support Program is based on the promise of Open Design and its aim is to facilitate participation of key contributors to the OpenStack Design Summit. The program aims at covering costs for travel and accommodation for key contributors to the OpenStack project to join the community at the Summits.

We had 18 people accepted in the program from 11 countries and all continents (except Antarctica)! Four people travelled from India, two from south-east Asia, three from Europe, three from North America, four from Oceania and the rest from Africa and South America. Of the 26 total applicants, four were fully paid by their employers and didn’t need the grants, four couldn’t be accepted due to paperwork problems because of local political turmoil.

The Foundation spent a total of US$16,742 for accommodations and US$11,795.61 for flights, with a total cost for the Foundation of over US$30,000 including the costs of the 11 access passes granted to the non-ATCs (Active Technical Contributors). Luckily most people were able to share the rooms, which cost US$1,522 each allowing more people to be able to participate in the program.

This was the first time the OpenStack Foundation ran the program and we would like to continue running and expanding it in 2014. As one of the recipients of the travel grant, Terri Yu told us:

As great as it is to work with people on IRC, you’re not getting the full OpenStack experience by sitting in front of your computer.  You have to meet people.  If there is an important contributor who can’t get to the Summit, I’d like to see them funded by the Travel Support Program.

We’ll soon start working on the “J” edition of the Travel Support Program, to help people get to Atlanta (Georgia) in the USA in May 2014. Watch this space for announcements.

Murano provides streamlined provisioning and deployment automation via the native OpenStack API and GUI, tailored specifically to the requirements of complex, distributed Windows environments. The just released Murano V0.3 adds several features and improvements, of which the ability to deploy Linux applications is a major and highly anticipated feature. Murano had been capable of deploying [...]

The post Murano V0.3 Lets You Deploy Linux Applications appeared first on Mirantis | The #1 Pure Play OpenStack Company.

This is the first in a series of blog posts discussing the OpenStack Trove project. Here we provide a taste of the concepts behind Trove, while future posts will dive into the installation, explain the conductor's inner workings, discuss the Clustering API, and finally provide an in-depth treatment of relationships between Trove and various databases. If [...]

The post The Present and the Future of OpenStack Trove Architecture appeared first on Mirantis | The #1 Pure Play OpenStack Company.

In my work at Dell, Technical Meritocracy means that we recognize and promote demonstrated talent into leadership roles. As a leader, one has to make technical judgments (OK, informed opinions) that focus limited resources in the (hopefully) right places. Being promoted does not automatically make someone right all the time.

I believe that good leaders recognize the value of a diverse set of opinions and the learning value of lean deliverables.

OpenStack is an amazingly diverse and evolving community. Leading in OpenStack requires a level of humility that forces me to reconsider my organization hierarchical thinking around “technical meritocracy.” Instead of a hierarchy where leadership chooses right and wrong, rising in the community meritocracy is about encouraging technical learning and user participation.

OpenStack is a melting pot of many interests and companies. Some of them naturally aligned (customers+vendors) and others are otherwise competitive (vendors). The vast majority of contribution to OpenStack is sponsored – companies pay people to participate and fund the foundation that organizes events. That does not diminish our enthusiasm for the community or open values, but it adds an additional dimension

If we are really seeking a Technical Meritocracy, we must create a place where ideas, teams, projects and companies can pursue different approaches within OpenStack. This is essential to our long term success because it provides a clear way for people to experiment within the project. Pushing away alternate approaches is likely to lead to forking. Specifically, I believe that the mostly likely competitor to any current OpenStack project will be that project’s .next version!

Calls for a “benevolent dictator” imply that our meritocracy has a single person with perspective on right and wrong. Not only is OpenStack simply too complex, I see our central design tenant as enabling multiple approaches to work it out in the community. This is especially important because many aspects of OpenStack are not one-size-fits all. The target diversity of our community requires that we enable multiple approaches so we can expand our user base.

The risk of anointing a single person, approach or project as “the OpenStack way” may appear to streamline the project, but it really stifles innovation. We have a healthy ecosystem of vendors who gladly express opinions about the right way to implement OpenStack. They help us test OpenStack technical merit by finding out which opinions appeal to users. It is essential to our success to enable a vibrant diversity because I don’t think there’s a single right answer or approach.

In every case, those vendor opinions are based on focused markets and customer needs; consequently, our job in the community is to respect and incorporate these divergent needs and find consensus.

I have just come back from the OpenStack summit in Hong Kong. As always it was a blast talking to lot of people and listening to presentations or designing the future of the software we all love.

While chatting with different people there was a recurrent question coming up to me: people wanted to know whether “Ceph is better than Swift”.

Having been involved in Swift since 2008, way before OpenStack was even an idea, and now as a core developer, my answer is obviously biased.

I can understand when there is a better alternative product and people are moving to it. This is the normal evolution we have in technologies. I remember when, back in the days, at the beginning of Linux, I stubbornly wanted to keep to use the Linux terminal with my Lynx and my tools and avoiding X11 because I didn’t see the merit of it, and now I am happily using Mac OS X

But Ceph and Swift are not actually competing with each other: they are two different technologies, each with a different purpose. There is some feature overlap between both but the two have different use-cases and can actually live happily together in the same deployment.

Features Comparisons

From a high level perspective the main differences between the two object storage technologies are :

Ceph

• Started in 2006
• Written in C++.
• Strongly consistent.
• Block storage.
• Object storage.

Swift

• Started in 2008
• Written in Python.
• Eventually consistent.
• Object storage.
• In production on really large public clouds.

Ceph is doing a lot of more than just object storage. Using it as an Open Source block storage (a way to provide remote virtual disks) is what people would start to get attracted by. It does this brilliantly since it seems to become a very popular block storage system option for OpenStack deployments and that’s a win for OpenStack and the Open Source community in general.

The reason Ceph can do block storage is because it is being strongly consistent, ensuring that everything you are writing is written on disks before you are sending an OK back to the client. Being written in C++ makes Ceph very optimized for performances and, thanks to the way it’s designed, allows clients talking straight to the storage servers (OSDs).

The shared file system feature is a work in progress not completely ready for production just yet but when it will it should solve a really hard and complex problem that people have been trying to tackle for the last few decades.

Swift, on the other hand, does one thing and does it well. Its only ambition is to do object storage and provide a REST api to access it. It is eventually consistent. This means that when hardware fails (which is inevitable in a cluster) Swift will fall back to providing high availability to the data. Swift’s eventual consistency window is most likely to be seen when reading objects that were overwritten while hardware has failed and when looking at container listings when many objects in that container are created at the same time.

This eventual consistency also allows Swift cluster to be deployed across wide geographic areas. This isn’t just a “replay logs” style replication, but it allows deployers to configure the cluster for synchronous or asynchronous replication into different distinct regions. The Swift proxy servers are aware of which region they are in, and this allows deployers to optimize for throughput or dispersion when new data is written.

Having it in Python is a huge advantage for deployers not just because of the language itself but because it is arguably more approachable with flexible middleware that can plug into the WSGI pipeline. It is also easy to have Swift plug in a whole lot of different auth systems and have all sort of middleware modifying its behavior and integrating specific feature.

Like python, Swift has a philosophy of being “batteries included” you have all sorts of middleware doing different thing making it a credible alternative to S3.

One final advantage for Swift is being proven in production at very large scale, with a lot of different public cloud running it already (like Rackspace/HP/Cloudwatt/MercadoLibre etc..) and are happy with it.

On the other hand, the way CEPH does object storage is via its rados gateway but while being API agnostic and have a strong S3 emulation API, it’s not as powerful as a full scaled python WSGI system and does not allow modularity. The issue in having it as a gateway is to always have to mimic and follow the Swift API and while the core API is well defined, stable and backward compatible, that doesn’t include all the middleware shipped with Swift.

Use cases

If you had to choose only one and you had a requirement for block storage you definitely want to go with CEPH. If you had only a object storage use case then I would advise you to go with Swift.

Having said that there are use cases where you want to have both but some organisations don’t want to have to manage two different clusters with different systems. The Radosgw can be good enough for some simple use cases if you want to use it with the S3 API or the Swift API but would not provide you a fully featured object storage system. One other point to take in consideration is that the objects stored from the RadosGW will not be accessible from the block storage system and since they have a difference usage pattern they would have a to be placed (via ceph intelligent modular placement) on a different hardware setup.

At the end of the day, users want to have choices and, thanks to the Red Hat Gluster team, Swift now has a multi backend system where you can have a different storage backend system for Swift which effectively would allow to have ceph plugged as object servers.

We are not totally there yet and the Swift and Ceph developers had chats together trying to see how this can plug but, in the end, this would provide choices for the end user with minimal management.

Conclusion

Don’t think of Swift and Ceph as rivals. Both are great OpenSource projects with a specific set of tasks in mind. The main competition are proprietary software solutions resulting in a vendor lock-in, and both Swift and Ceph, with their strong communities and lively discussions, are great solutions for a vast majority of challenges.

Thanks to the friends at Swiftstack, Rackspace and Inktank (and my colleagues) for reviewing this post.

Introduction

Not long ago, I posted an article outlining how you could install a HA OpenStack environment on your laptop or workstation, using Vagrant with a virtualization tool, such as VirtualBox, VMware Workstation, or VMware Fusion.  That post borrowed heavily from another post by my Rackspace colleague, James Thorne and was designed to allow someone to get up and running quickly on OpenStack for testing and demonstrating high-availability.  Since then, a new release of OpenStack, code-named Havana, has been released, with some important new features.

In this post, I’ll walk through installing OpenStack (Havana) on a laptop using Vagrant with VirtualBox, Workstation, or Fusion; this deployment should be suitable for testing and demos.  However, instead of deploying a pair of HA Controllers, I’ll provide instructions on deploying a single controller but throw in a Cinder Volume node as a bonus.  Also, instead of having you “flip” back and through between mine and James’ blog, I’ll put the bulk of the instructions and commands into this post; however, I am borrowing heavily from James and the great work he has put into his blog.

Before we begin the installation, here are some notes and caveats you should be aware of:

• We will be using Opscode’s Chef to deploy an early access release of the Rackspace Private Cloud (RPC), version 4.2.  RPC 4.2 is a beta product that is based on the downstream Havana trunk.  So although Rackspace has changed the Horizon dashboard skin to show the RPC logo, the underlying code is 100% OpenStack trunk.
• Because Rackspace is not currently supporting the Heat project in its early access release of RPC, Heat is not included in the generic install.  However, in the post, I will walk you through how to add Heat to your deployment.
• Swift object storage is not part of this install.  I’ll update this post or writeup a new post on how to install Swift when I’ve had more time to potentially work on an entire blog series on the Swift project.
• While Neutron Networking is part of RPC 4.2 and the recommended networking project to use in production, I am going to walk though the old-style Nova Networking in this post.  I am primarily doing this because of some issues I am having getting Neutron to work with my particular setup; I expect to update this post as soon as I have those issues worked out.  My thought is to get this post out there so folks can start playing with other aspects of OpenStack, like the new dashboard in Havana, Heat, Ceilometer, Cinder, etc..
• Since RPC 4.2 is an early access release, Rackspace does not provide support for the product; again, think of it as a beta product.  Full support will be available next month when RPC 4.2.1 is generally available.

Setting Up Your Lab/Demo Environment

So what are we building on your laptop or PC to test OpenStack?  The sample Rackspace Private Cloud reference architecture below shows the 5 node environment we will be creating, with 1 Chef server node, 1 Controller node, 2 Nova Compute nodes, and 1 Cinder node.  Note that most OpenStack services will run on our Controller node.

Installing And Configuring Vagrant

• The first step is to install Vagrant; I recommend using version 1.3.4 or later.
• Then install whichever virtualization software (VirtualBox, VMware Fusion, VMware Workstation) you intend to use as your Vagrant provider, including any Vagrant plugin that is required.

[You can get more details on the above steps at James' blog]

• Download the Vagrant box appropriate for the virtualization software you have chosen.  In this case, we will be using the precise64 Vagrant box to install Ubuntu 12.04 LTS on all our nodes:

• Create a directory for this environment (Below is an example) and create the initial Vagrantfile:

• Configure your favorite editor (Mine is vim, which is what I use for my example below):

• Open the newly created Vagrantfile and REPLACE the contents with the following entries (Note that if necessary, you can scroll down the text box to see the entire Vagrantfile):

<iframe frameborder="0" height="480" marginheight="0" marginwidth="0" src="https://docs.google.com/document/d/1v3Xig7kNt_affCzlifIkBsugB-nIBJMotb9fu6PC_po/pub?embedded=true" width="640"></iframe>

[You can also access the Vagrantfile here.]

• Now it’s time to start-up your Vagrant environment:

Setting Up Chef Server

• ssh to your chef node and log on as root (password is vagrant):

• Then install Chef Server:

[Not sure why, but I've had to run the install 2x every time to get everything installed correctly; I suggest you do the same]

• After install, re-source your environment so you can use knife commands:

• Install the RPC 4.2 Cookbooks:

• Since RPC 4.2 does not currently include the Heat project, we will need to manually add the Heat role to the “run_list” for our “single-controller” role:

• Add the following line to the run_list:

• Next, create the RPC 4.2 Chef Environment:

• Now, edit your newly created Environment file:

• Open the newly created Environment file and REPLACE the contents with the following entries (Note that if necessary, you can scroll down the text box to see the entire Vagrantfile):

<iframe frameborder="0" height="480" marginheight="0" marginwidth="0" src="https://docs.google.com/document/d/1kOalbpQ9VaBzc49yZypng0f53AqwOB6CPsNqeDIITBs/pub?embedded=true" width="640"></iframe>

[You can also access the Environment file here.]

Setting Up The OpenStack Nodes

• Create a password-less SSH Public/Private key, hitting enter to accept all defaults.

• Copy the SSH Public key to all the OpenStack nodes:

• Setup your CHEF_SERVER_URL Environment variable:

• Now install and register the Chef client on each node and also set the RPC 4.2 Chef Environment on each node:

[Please note that WordPress (which hosts this blog) is not properly formatting double dashes; for the "knife bootstrap" commands below, please type the commands instead of doing a copy and paste OR copy and paste and then delete the dashes and re-enter them manually]

• Then add the appropriate OpenStack roles to each node:

[Please note that WordPress (which hosts this blog) is not properly formatting single quotes; for the "knife node run_list" commands below, please type the commands instead of doing a copy and paste OR copy and paste and then delete the quotes and re-enter them manually]

Installing OpenStack

• ssh to each of your OpenStack nodes and log on as root (I prefer doing so from the chef node since that logs me on as root automatically).

[I recommend performing the install in the following order - controller, compute1, compute2, cinder]

Once you’ve gone through all the nodes, RPC 4.2 (powered by OpenStack Havana) should be up and running on your laptop/workstation.

Setting Up the Cinder-volume Node

The following steps will configure a 4 GB test loopfile that you can use for Cinder block storage services.  You can find more details in the OpenStack Block Storage Service Administration Guide.

• ssh to your chef node and log on as root (If you are not already there from the install):
• Create a 4 GB test loopfile:

• Mount the test loopfile:

• Initialize it as a lvm ‘physical volume’:

• Create the lvm ‘volume group’:

• Confirm the cinder-volume has been created (you should see a 4 GB cinder volume):

• Restart the cinder-volume service on the cinder node

• ssh to your controller node and log on as root to restart the other cinder services:

• Now we are going to create a test volume, but first you may have to source the “openrc” file to give yourself sufficient credentials to use the OpenStack APIs:

• Create a 1 GB Cinder volume and confirm it was created:

• At this point, you can choose to conserve some resources on your laptop by logging off your OpenStack nodes into your laptop’s or workstation’s shell and shutting down the chef node:

Post-Installation Configuration

Before logging on to the Horizon dashboard to play around or to perform a demo, let’s do some initial configuration.

• If you are not currently logged into one of the OpenStack nodes as root, do so now (I usually log on to the controller node); you may have to source the “openrc” file to give yourself sufficient credentials to use the OpenStack APIs:

• Upload an image to Glance and confirm upload (The example below will upload a small Linux image called “cirros”):

[Please note that WordPress (which hosts this blog) is not properly formatting double dashes; for the "glance image-create" command below, please type the commands instead of doing a copy and paste OR copy and paste and then delete the dashes and re-enter them manually]

• Now we’ll add some rules to our default security group to allow “ping” and “ssh” to the Cloud instances we’ll be launching:

• Next we’ll create a floating IP pool, called “public,” with IP addresses that can be assigned to your instances to allow external (from your laptop or workstation) access (The example below creates a pool of 16 contiguous addresses, called “public,” in the 192.168.236.0/24 network):

Taking The Dashboard For A Spin

Time to spin up your first Cloud instance and attach a persistent block volume to it.

• From your web browser, launch the Horizon dashboard via the Controller node IP address:

[Note again that the dashboard has the Rackspace Private Cloud skin; however, it is still essentially the Horizon dashboard.]

• Log in as the Cloud Administrator using User Name: Admin and Password: secrete.

• Navigate to the “Project” tab on the left-hand side of the screen and you’ll see an overview of this project/tenant:

Spinning Up And Configuring Instances

• Go to “Instances” and lick “Launch Instance.”   Choose the cirros image, you just uploaded to Glance, to launch your first Cloud instance and then watch the dashboard to see the instance “Spawning” until it is “Running”:

• Assign a floating IP address to your instance by going to “Access & Security” and choosing the “Floating IPs” section.  Click on the “Allocate IP To Project” button and from the dialog box, allocate an IP from the public floating pool you created earlier.

• Once a floating IP address has been allocated, assign it to the Cloud instance by clicking on the “Associate” button and choosing the new IP address and the instance you created earlier:

• Go back to the “Instances” page and note that your instance now has 2 IP addresses assigned to it, including the floating IP address:

• From your workstation, ssh to the instance using the floating IP address and log on as the user “cirros.” (The example below uses 192.168.236.65 as the floating IP address):

• Launch a second Cloud instance using the cirros image or some other image you may have uploaded:

• Navigate back to the “Admin” tab on the left-hand side of the screen and move to the “Hypervisors” page.  You should see that the 2 instances you created are distributed across the 2 Compute nodes as would be expected based on the behavior of the Nova-scheduler:

Creating And Attaching A Cinder Volume

• Go the “Volumes” page and note the Cinder volume we created earlier:

• Create a new volume by clicking on the “Create Volume” button and filling out the “Volume Name” and “Size (GB)” fields in the dialog box (See example below):

• Attach 1 of the 2 volumes to an instance by clicking on the “Edit Attachments” button for the chosen volume; choose an instance in the “Attach to Instance” field and fill out the “Device Name” field before clicking on the “Attach Volume” button.  (See example below):

Conclusion

• When you are done, you can shutdown all OpenStack nodes with a single command:

• Alternatively, you can suspend all OpenStack nodes with a single command:

You now have an environment to play with and to demo OpenStack on your laptop or workstation.  For more information on how to configure and to use OpenStack, I recommend looking at the Documentation sections of the OpenStack Foundation website and the Rackspace Private Cloud Knowledge Center.  To dive deeper into configuring OpenStack with Chef and vagrant, I recommend perusing the Professional OpenStack website and also purchasing the “OpenStack Cloud Computing Cookbook” by my colleagues, Cody Bunch and Kevin Jackson.

Related articles

• OpenStack Havana Heats Up the Cloud (eweek.com)

Filed under: Cloud, Cloud Computing, OpenStack, Private Cloud, Rackspace Tagged: Cloud computing, OpenStack, Rackspace, Rackspace Private Cloud, Vagrant

Here’s a modest proposal: a program to pair up individual OpenStack developers with OpenStack operators to encourage better information flow from ops to devs.

Heres’s how it might work. Operators with production OpenStack deployments would indicate that they would be willing to occasionally host a developer. The participating OpenStack developer would travel to the operator’s site for, say, a day or two, and shadow the operator. The dev would observe things like the kinds of maintenance tasks the op was doing, the kinds of tools they were using to do so, and so on.

After the visit was complete, the dev would write up and publish a report about what they learned, focusing in particular on observed pain points and any surprises that the dev encountered about what the operator did and how they did it. Finally, the dev would submit any relevant usability or other bugs to the relevant projects.

You could call it “Adopt an Op”. Although “Adopt a Dev” is probably more accurate, I think that the emphasis should be on the devs coming to the ops.

Friday Dec 20th – Doc Bug Day

This month, docs reaches 500 bugs, making it the 2nd-largest project by bug count in all of OpenStack. Yes, it beats Cinder, Horizon, Swift, Keystone and Glance, and will soon surpass Neutron. In order to start the new year in a slightly better state, we have arranged a bug squash day. Save the date: Friday, December 20th https://wiki.openstack.org/wiki/Documentation/BugDay.

Tips ‘n Tricks

• By Enable Console Access to vSphere instances in OpenStack and Setting Up a Flat Network with Neutron
• By Red Hat Stack: Disaster Recovery Enablement in OpenStack
• By Steve Hardy: Heat Providers/Environments 101
• By Adam Young: Token Revocations in Keystone
• By Christian Berendt: Using Nginx with the Glance API and Solving issues with Xen and multipathd on SLES11 SP3
• By Kashyap Chamarthy: Neutron configs for a two-node OpenStack Havana setup (on Fedora-20)

Upcoming Events

• Software-Defined Networking 2013 (SDN) Dec 03, 2013 – London, England Details
• OpenStack from Austin to Havana Dec 04, 2013 – Portland, OR Details
• Austin OpenStack User Group Meetup Dec 04, 2013 – Austin, TX Details
• Boston OpenStack User Group Meetup Dec 04, 2013 – Boston, MA Details
• OpenStack in action 4 Dec 05, 2013 – Paris, France Details
• Swiss and Rhone-Alpes OpenStack user group meeting Dec 06, 2013 – CERN, Meyrin, Switzerland Details
• Gartner Data Center Conference Dec 09 – 12, 2013 – Las Vegas, NV, USA Details
• OpenStack Israel Dec 09, 2013 – Tel-Aviv, Israel Details
• Athens OpenStack User Group meeting Dec 12, 2013 – Athens (Greece) Details

Security Advisories

• [OSSA 2013-031] Ceilometer DB2/MongoDB backend password leak (CVE-2013-6384)

Other News

• First cut of the schedule for the lca2014 OpenStack miniconf
• Heat Nested Resource Introspection
• Back from the summit: Ceph/OpenStack integration
• What’s New in OpenStack Havana–Cinder
• HP Cloud Messaging Service and Project Marconi
• OpenStack Project Meeting: Summary and full logs

Got Answers?

Ask OpenStack is the go-to destination for OpenStack users. Interesting questions waiting for answers:

• How to add configdrives in rescue mode to Nova using KVM?
• Failing connection to nova-novnc Error 1006 becuase of UnsupportedRpcVersion
• VM multicast corosync invalid packet data
• How to force nova to boot an updated glance image?
• How do I add a keypair for a normal tenant using admin user credentials?
• How to pass the auth token and use it with python API?
• What are the NIC in Nova config file used for?
• Ceilometer unit tests py27 could not install deps
• VM on controller node cannot get IP via DHCP
• How to enable resume guest state on boot?
• 1 vcore instance is using 100% of node’s CPU
• Duplicate Ping Packets – Promiscuous Mode?
• How can I see HD space being utilized by an instance?
• Is there a way to enable active instance to auto detect a new virtual NIC ?
• Determining which filter eliminated a host?
• Offline migration without ssh key
• Cannot boot from ISO in Havana (works in Folsom)

Welcome New Reviewers and Developers

Is your affiliation correct? Check your profile in the OpenStack Foundation Members Database!

chenhaiq	Ilya Tyaptin
berlin	Verónica Musso
Tianpeng Wang	Matthew Oliver
Miguel Angel Ajo	Konstantin Permyakov
Daisuke Morita	Charles V Bock
钱林	Abhijeet Malawade
Yanis Guenane	jichencom
Lars Kellogg-Stedman	eaglezpf
Richard Hawkins	Steven Westonhttp://www.openstack.org/software/openstack-shared-services/
alejandro emanuel paredes	Sam Harwell
Nicholas Shobe	xiayu
	Xinyuan Huang
	Nikolay Starodubtsev
	Matthew Gilliard
	LiShaokai
	Jaime Gil de Sagredo
	Ivar Lazzaro
	Yathiraj Udupi
	yogesh-mehra
	Thomas Leaman
	Miguel Angel Ajo
	Maksym Iarmak
	Gonéri Le Bouder
	Gonéri Le Bouder
	Gerry Drudy
	Gastón

Latest Activity In Projects

Do you want to see at a glance the bugs filed and solved this week? Latest patches submitted for review? Check out the individual project pages on OpenStack Activity Board – Insights.

• Telemetry (Ceilometer)
• Block Storage (Cinder)
• Image Service (Glance)
• Orchestration API (Heat)
• Dashboard (Horizon)
• Bare Metal Provisioning (Ironic)
• Identity (Keystone)
• Manuals
• Networking (Neutron)
• Compute (Nova)
• Hadoop Cluster as a Service (Savanna)
• Database As A Service (Trove)

OpenStack Reactions

The weekly newsletter is a way for the community to learn about all the various activities occurring on a weekly basis. If you would like to add content to a weekly update or have an idea about this newsletter, please leave a comment.

Heat Nested Resource Introspection

Nested Stack Resources, Primer/Overview

There are two ways to define a nested stack:

1. Explicitly reference a nested stack template in the parent template (via our implementation of the AWS::CloudFormation::Stack resource type, see this example template)
2. Create a new resource type, which internally defines a nested stack (an example of this is our simple loadbalancer resource, our implementation of the AWS::ElasticLoadBalancing::LoadBalancer resource)

There is actually a third way (Provider templates), but that's a bleeding-edge feature so I'm not considering it in this post.

In both cases, what Heat creates internally is a real stack, referenced by the parent stack via a unique ID. Since the Heat API allows you to request details for a specific stack using a stack UUID, that means you can use the heat API introspection operations to access information about the nested stack in the exact same way as you do for the top level stack.

Worked Example

If I create a stack, I can use various introspection operations, either via the Heat ReST API, or more conveniently via the "heat" CLI tool provided by python-heatclient (which uses the Heat ReST API):

The Cloudify Application Catalog on HP Public Cloud is now live! With no need for any downloads or installations, you can test drive apps in your existing HP Public Cloud environment through the Cloudify Application Catalog. Don’t have an HP Public Cloud account? Not a problem! Demo the service with a trial space in the HP Cloud free for 7 days! 

As Easy as 1,2 & 3 

1. Visit appcatalog.cloudifysource.org and watch a demo to get started with the service.
2. Get a taste of Cloudify through a free, 60-minute Cloudify preview during which you can deploy any number of applications on the HP Public Cloud absolutely free.
3. Register for a 7-day free trial, continuing your full access to the Cloudify App Catalog and your apps on HP Public Cloud during that period.

At any point, you can sign up for an HP Public Cloud account or connect your existing HP Public Cloud account to the Cloudify App Catalog to continue what you started.

Read more about the Catalog and taking your apps to OpenStack.

We hope you enjoy the Catalog! Let us know your feedback.

In my previous blog post, I have shared the vision of Disaster Recovery as a Service for OpenStack (DraaS) as an umbrella topic that describes what needs to be done to protect workloads running in an OpenStack cloud from a large scale disaster.

Last week we shared this vision in several sessions at the OpenStack summit. While OpenStack attendees were dealing with infrastructure Disaster Recovery topics in Hong Kong, the strongest tropical cyclone in recorded history “Typhoon Haiyan” also known as Typhoon Yolanda, devastated multiple coastal cities in the Philippines and took the lives of tens of thousands of people with millions evacuated. The storm destroyed complete cities, villages, airports, roads, power and communications infrastructures.

If there’s one thing that history has not only taught us, but also keeps on teaching us every year, is that catastrophic events do happen and that if we don’t invest in preventative measures now, we will pay a hefty price later.

What would happen to your organization if this type of calamity hit?

It is hard enough to protect hosted workloads even in a case of an overheated datacenter that can knock down production servers and deeply impact your operations and revenue generating activities. For service providers, downtime is not an option, every hour that your production service is down, you can loose not only business but also your reputation.

It is one thing to put your application workload in the cloud, but how can you guarantee that when the hosting service goes down, you can provide the right safety net and business continuity for your customers?
Although an entire datacenter, can in fact go down in the case of a disaster, from a user’s point of view, what service providers should care about is how to protect their own data and make sure their services continue running after such events.

When it comes to elastic clouds, it is all about being able to adapt to workload changes by dynamically provisioning and decommissioning resources, and the more dynamic and elastic the cloud platform is, the more challenges you face in making your data and services highly available in the event of a disaster. Data recovery is usually not the end goal–it is the ability to restore the services that use this data. For service providers, this is the hosted workload.

The Replication targets
Disaster Recovery between a primary cloud and a target cloud requires the data to be available in (at least two) geographically dispersed, independent sites in a share-nothing model.

OpenStack replication targets can include:

• Private cloud to Private cloud
• Private cloud to Public cloud
• Public cloud to Public cloud
• Bare-metal environments to Public cloud

As our recovery target is the hosted workload, we should look at ways to achieve DR at the workload level. Imagine selecting a DR service level flavor for a workload, such as applying a “Gold” profile for application service that requires the highest protection level with the shortest recovery point objective (RPO) and the shortest recovery time objective (RTO). Such a DR policy can be based on synchronous replication and hot backup site. Or what if you were able to select the other policies such as “Silver” based on periodic replication, or “Bronze” based on async replication with low capacity standby site for application services that require lower protection levels with longer RPOs & RTOs?

The first step for Disaster Recovery enablement in OpenStack is the ability to support data and state (metadata) replication. Several different approaches may be applicable, such as leveraging application-based replication, host-based replication (Hypervisor VM level) and of course array-based replication.

Replicating Data
OpenStack Swift Globally Distributed Cluster object storage can be used to replicate Glance virtual machine images. Swift is currently designed to work in a single region where a region is defined as a low latency link between Swift zones. As long as sites are nearby, zones can be distributed over multiple sites.

Another option to replicate virtual machine images would be to utilize Glance’s multiple image locations feature. Starting in the OpenStack Havana release, image service images can now be stored in multiple locations. This enables the efficient consumption of image data and the use of backup images in the event of a primary image failure.
Cinder can be extended to support storage array based replication in the following ways:

1. Utilize the scheduler to create “protected” volumes on storage arrays that are continuously replicating
2. Use volume types to create replicated volumes where drivers support volume level granularity for replication
3. Replicate data in 2 independent volumes (across different storage backends and possibly sites) using hypervisor based replication

Replicating OpenStack Services State

Disaster Recovery in OpenStack should include support for:
Capturing the metadata relevant for the protected workloads/resources: either as point-in-time snapshots of the metadata, or as continuous replication of the metadata. Without capturing the Openstack different services state, we will not be able to achieve a complete failover of the hosted workloads to the recovery site.

Examples of OpenStack metadata that requires replication can include:

• Nova: VM flavors and SSH keys
• Keystone: Identities of tenants and users
• Neutron: Virtual networks between VMs
• Cinder: Volume types and pairing
• Glance:  Registry and image metadata
• Ability to provide consistency of the replicated data & metadata with checkpoints

We note that metadata changes are less frequent than application data changes, and different mechanisms can handle replication of different portions of the metadata and data (volumes, images, etc).
Understanding that Disaster Recovery is a complex task where different applications and use-cases have different requirements, some use-cases can be easily supported while others may be more complex, this is targeted as a long-term effort with incremental steps.

Some APIs and features are expected to be integrated into existing projects such as Nova (DR features for compute). Some functionality, like DR orchestration may be part of Heat, or a new project, or even outside the scope of OpenStack.

Enabling Cinder storage replication in the OpenStack Icehouse release is just the first step in protecting workloads running in OpenStack clouds to ensure business continuity while preparing for the worst case scenario.

The summit was exciting and full of good things and announcements. We had great Cinder sessions and an amazing Ceph/OpenStack integration session. I’ve led the Ceph/OpenStack integration session with Josh Durgin (Inktank). We had a good participation from the audience. I would like to specially thank Sage Weil, Haomai Wang, Edward Hope-Morley for their good inputs. The main purpose of this session was to gather ideas to improve the Ceph integration into Openstack. Eventually, we built a draft of the Icehouse’s roadmap.

For those of you who were not attending the session and are curious to learn more about what’s going to happen in the next few months this article is for you!

I. Havana’s best additions

Let’s start with a picture of the current state of the integration:

Before getting into the real stuff, I would like to highlight the current state of the integration by giving you a brief overview of the Havana’s best additions.

• Complete refactor of the Cinder driver: we now use both librados and librbd. Previously the driver was ‘only’ made of shell commands called by the Python code. This wasn’t really elegant and didn’t give us a good error handling. This will make future development easier since we rely on the libraries.

• Flatten volumes created from snapshots: immediately flatten volumes (clones) created from snapshots to remove any dependency between the clone and the snapshot. This is an operator decision. This is controlled by the rbd_flatten_volume_from_snapshot flag. Just keep in mind that flattening clones increases the space used in your cluster.

• Clone depth: having to many chaining between snapshots, clones, parent and child images can cause some performance issues and could possibly break things at some point. A new Cinder option allows us to control the clone depth behavior. Then after a certain amount of clones (specified by the value in the rbd_max_clone_depth flag, default is 5) the volume gets flattened.

• Cinder backup with a Ceph backend: prior to Havana, the cinder backup only had Swift as a backup backend. Havana brought the support of Ceph as a backend. Basically, the driver allows us to backup within the same Ceph pool (not recommended since it’s the same storage zone), backup between different Ceph pools (fine since this will be a different zone) or backup between different clusters (for disaster recovery purpose, backup from datacenter 1 to datacenter 2). The really good thing of this backend is that it brings a feature that was under discussion during the Cinder session: the support of an incremental backup API. Yes yes, if you perform a backup from a Ceph cluster to another, you get differential backups between the RBD images. This is really cost-effective. The backup driver also supports RBD stripes.

• Nova libvirt_image_type: by default, when you boot a virtual machine, its disk appears as a file on the filesystem of the hypervisor (usually under /var/lib/nova/instances/). Before Havana, the libvirt_image_type flag only had two backend: file and LVM. Now, it’s possible to specify RBD, this means that every new virtual machine that you boot will live inside Ceph. This is really cool because it allows us to easily perform maintenance operation with the live-migration process. On the other hand, if your hypervisor dies it’s also really convenient to trigger nova evacuate and almost seamlessly run the virtual machine somewhere else.

• Cinder Volume QoS: this not directly related to Ceph, but since Ceph doesn’t currently support any form of QoS you can do it at the hypervisor level. Which is extremely good because you can allocate a certain amount of IOPS or bandwidth per client-basis (virtual machine). This is quite useful to restrict the usage of the whole platform while providing a good service level.

II. Icehouse’s roadmap

Ok now let’s get serious, we have a lot of things to implement and I truly hope that thanks to this article we will get some new contributors .

I will expose the roadmap component by component:

II.1. Bug fixing

Unfortunately, we started the Havana cycle with some bugs. We currently identified 4 bugs, which are already in the process of being fixed. The most urgent one that needs to be addressed is the libvirt_image_type boot sequence. The current workflow while booting a virtual machine with libvirt_image_type=rbd is the following:

• Glance streams the image from Ceph to the compute node
• Then the compute node imports the image into Ceph
• Eventually, the compute node boots the virtual machine

This is really inefficient and takes ages to boot the virtual machine. Since the backend for both Glance and Nova is Ceph, the solution is to create a copy-on-write clone of the image as soon as we boot the virtual machine. The action is directly performed at the Ceph level, it’s transparent and super fast to boot. We already do this with Cinder while creating a volume from an image. A fix is on the pipe.

For the remaining bugs and for those of you who are eager to use libvirt_image_type, Josh Durgin created a branch with all the fixes.

The last issue that we have is while creating a volume from an image, the source image doesn’t get converted into RAW format. In order to perform a boot from volume, the image format must be in a RAW format because QCOW is not supported. You can check the bug report to follow the progress.

II.2. Nova

Areas of work:

• Implement “bricks” for RBD: brick is an initiative that aims to move every storage related pieces from all the OpenStack components to Cinder. Then Cinder hosts all the storage classes and all the OpenStack components can use them.
• Re-implement snapshotting function to use RBD snapshot: currently when you perform a snapshot, Nova uses QEMU snapshots, which means that you always get a full block based snapshot. With Ceph backing up all the instances disk, it is really inefficient since the backup file will go locally on the hypervisor and then will be streamed to Glance and finally uploaded into Ceph. From a performance perspective, it will be way easier to use Ceph RBD snapshot directly and much faster.
• RBD on Nova bare metal: since RBD offers a Kernel module for mapping virtual block device it could be really easy to implement such feature in nova bare metal. As a reminder, nova bare metal allows you to boot virtual machine that are actually physical bare metal host. Thanks to this, we can easily create a RBD image, enable the kernel module and map it to the host.
• Caching method while attaching a device: at some point and depending on your application using the block device, you would like to be able to either specify none, writethrough, writeback caching options. This is currently possible in OpenStack, however this will affect all the attached volumes, there is no way to specify the option for a specific volume. Eventually, the user will be able to decide which caching method is the most suitable for his device.
• Guest assisted snapshots: this provides filesystem-consistent snapshots while the volume is in-use. This could potentially be application-consistent if we use a customized qemu guest agent. Many people are asking for consistent snapshots, this could be a first answer.
• Nova resize for instance booted into Ceph: while using libvirt_image_type for RBD we need to add the capability of resizing instance’s root disk when nova resize is called.

II.3. Cinder

Areas of work:

• Volume migration support: support the volume migration from one tenant to another and from one backend to another.
• RBD stripes support: support RBD stripes for cloud administrator and for cloud users. Basically, the Cloud operator can set a default value that could be overridden by a cloud user. For more information about RBD stripes please visit the Ceph documentation.
• iSCSI RBD for other hypervisor: since Emperor the iSCSI/tgt implementation has become more stable and all support is upstream. ceph.com provides the latest packages while Ubuntu 14.04 should get them sooner or later. Nothing is ready for Red Hat yet, however there are no limitations. Hypervisors such as VMware require iSCSI devices for their virtual machine disks. Thanks to this, we could easily boot virtual machine with VMware and even attach block devices.
• Incremental backups over other protocol: the current implementation uses the ceph-common package. The ‘rbd’ CLI is encapsulated into the Python code. Depending on the infrastructure, security policies might require more secure transactions. For instance, using SSH might be a good option.

II.4. Glance

Areas of work:

• Store snapshots and images to different locations: the main objective is to store images and snapshots into different pools since they don’t need the same availability level. While images are just flat OS (well this not entirely true since you can take a snapshot and then import it as an image), snapshots potentially host customers data. Some images like Windows RAW image can easily take 40GB, forcing a replica count of 3 for both images and snapshots is not really cost-effective. Typically as a cloud engineer, you would like to have a replica count of 2 for the images and a replica count of 3 for the snapshots.

III. Beyond, “J” roadmap

New comers in OpenStack (projects).

• Manila support: Manila is a distributed filesystem as a service project. We can implement the CephFS support, I have already registered the blueprint on the launchpad.
• Swift multi-backend: Swift recently brought the support of several new object store backends (Kinetic) and new replication algorithms (ssync). Our goal here is to implement a RADOS driver that could be used by Swift. Ideally, we would like to have Swift talking to RADOS. Clients won’t be disturbed since the API won’t change and operators will be happy to have a unified storage platform. Thanks to this, the circle will be complete and Ceph will back every OpenStack components.

Finally this is what the integration could look like tomorrow:

It’s pretty obvious that we have plenty of work to do for Icehouse. Once again, contributors are more than welcome. So if you want to integrate the future of storage into OpenStack, don’t hesitate and to drop me a line so we can discuss and coordinate our efforts. At eNovance, we already started to work on the Swift multi-backend driver for RADOS, because we believe that this is a huge step forward to Ceph’s integration into OpenStack. Also please don’t forget that the Ceph Developer Summit is just around the corner, I will be more than happy to have folks discussing this subject. This will be an online event on IRC and Google hangouts. You can always check the official announcement and don’t forget to register blueprints as well. I look forward chatting with you guys!

Apart from this, find below my presentation during the last OpenStack summit: Ceph: de facto storage backend for OpenStack:

<iframe class="youtube-player" frameborder="0" height="368" src="http://www.youtube.com/embed/YeLPFrjeFmE?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="600"></iframe>

And the slides:

<object data="http://static.slideshare.net/swf/ssplayer2.swf?id=28122543&amp;doc=ceph-defacto-eno-lza-131111104324-phpapp01" height="492" type="application/x-shockwave-flash" width="600" wmode="opaque"><param name="movie" value="http://static.slideshare.net/swf/ssplayer2.swf?id=28122543&amp;doc=ceph-defacto-eno-lza-131111104324-phpapp01"/><param name="allowFullScreen" value="true"/></object>

Last month, we showed you what’s new in OpenStack Havana in a webinar that you can download here. We explained, among other things, what's new in OpenStack Block Storage Service. (See the previous part of this summary here.) This time, we’ll talk about volume migration, transferring a volume from one tenant to another, and improved [...]

The post What’s New in OpenStack Havana–Cinder appeared first on Mirantis | The #1 Pure Play OpenStack Company.

Keystone explicitly lists the token identifiers for the revoked tokens if the token revocation lists. This lends itself to simple revocation checking: is the ID on the list? No? Token is still good. However, the number of drawbacks in this approach overwhelm the simplicity of it, and indicate a need for a better solution.

Problems

There is a race condition between when a token is published and a service fetches the revocation list. Since this is a configurable value, there might be a significant delay between token revocation and the remote service being aware of the revocation. However, if a malicious third party were able to fetch the revocation list, they would have a set of newly revoked tokens to use. Thus, the token revocation list is an administrative-only API. However, this is not the grounds for a scalable secure system. For one thing , it means that only administrators can check token validity. It also multiplies the effect of a compromise of one of the administrator accounts.

Token revocation is often a side effect of some other operation. For example, changing a password revokes all tokens issued prior to the password change. Disabling a trusts will disable all tokens created from that trust. Removing a role assignment from a user revokes all tokens that have that role assignment. The need to track down all of these tokens calls for a significant amount of bookkeeping on the token back end. While SQL is well suited for this kind of complex relationship, the key value store based backends are not. The memcache backend has had significant performance degradation due to the need to maintain an active list of all tokens issued to a specific user.

There is an outstanding bug in the memcache backend due to the fact that the token revocation list is stored in memory and not persisted to disk. If memcached is restarted, all of the revoked tokens will drop off the revocation list; Tokens become magically “unrevoked.” Dealing with this bug is the starting point of the design for the new approach to tokens.

Design Criteria

• Revocations should be stored in a separate backend from tokens. if the tokens are stored in ephemeral memcached, the revocations should be stored in persistent memory.
• Instead of a list of revoked tokens, the revocation list should be set of criteria. The data from the token can then be compared to the criteria to determine if the token is valid or not.
• Valid token revocation criteria must include:
  • All tokens for a given domain issued prior to a given time.
  • All tokens for a given project issued prior to a given time.
  • All tokens for a given user issued prior to a given time.
  • All non-delegated tokens for a user that have a specific role assignment and were issued prior to a given time.
  • All tokens issued based on delegation agreements from a specified user (trustor) that has a specific role assignment and were issued prior to a given time.
  • All tokens created from a specified trust_id or oauth token_id

Token Chaining

A token can be used to fetch another token. However, when a token is revoked by identifier, only the explicitly identified token is revoked. A better system would be to revoke that token and all tokens created from it, or that it was created from as the are all “fruit from a poisened tree.” There is no way to link from one token to another in the current system. While it would be trivial to add one, it would be yet another bit of overhead to an already overly complicated solution.

It turns out, however, that there is a way to link tokens together. When a token is used to request another token, Keystone restricts the new token to the expiration time of the original token. We can take advantage of this linkage to revoke all tokens of a specific class that have the same expiration date. This will possibly have a few “false positives” for revocation tests, but the number should be vanishingly small.

Implementation

As with all the public APIs from Keystone, we will not remove the existing API until they have been deprecated for a number of releases. That means that support for the existing revocation mechanisms must at least be available along side the new token revocation mechanism. However, an Open Stack deployer should be able to bypass the shortcomings of the existing mechanism. Thus, the new token revocation mechanism will be activated by default. In addition, a configuration option will allow the deactivation of the existing revocation API. If this configuration value is set, all of the tracking for token revocation in the token backend will be disabled, and the current (undocumented) revocation API calls will return 404.

I had the issue that the Glance API doesn’t work with the following configuration for Nginx.

server {
    listen 10.0.0.1:9292;
    location / {
        proxy_pass http://127.0.0.1:9292/;
    }
}

Trying to create new images always failed with this error message.

Request returned failure status.
400 Bad Request
Invalid disk format 'None' for image.
    (HTTP 400)

The solution is rather simple. You have to allow underscores in HTTP headers.

underscores_in_headers on;

Also don’t forget to increase the client_max_body_size.

Right on the heels of our OpenStack classes in Munich (Dec 9-13, get in quick, they're filling up fast), and some OpenStack training I'll have the honor of teaching on behalf of OpenStack Israel (Dec 10-12), here's a brand new addition to our list of OpenStack training locations: hastexo Academy is coming to São Paulo!

read more

My instance isn’t getting an ip address

Boot a Cirros instance

Boot an instance of the Cirros image on your compute host. The Cirros is small, has all the tools we need for debugging network problems, and will let you log in on the console.

Generate some traffic

Start by generating some traffic:

# udhcpc -f -t 1000 -i eth0

I am pleased to announce our first draft of a schedule for the linux.conf.au 2014 OpenStack miniconf:

Time	Talk
10:40 – 11:00	Welcome (Michael Still, Rackspace Australia)
11:00 – 11:25	An introduction to OpenStack governance (Tristan Goode, CEO Aptira and OpenStack Foundation Board Member)
11:35 – 12:20	The OpenStack Project and Moving to a Foundation (Eileen Evans, Hewlett-Packard Company) This session will examine the OpenStack Project, which is focused on developing a cloud computing platform for private and public clouds. The session will include the project’s history, contribution and licensing models, the formation of the OpenStack Foundation, the changes associated with moving the project to the OpenStack Foundation, and a more general discussion about moving an open source project to a foundation.
12:20 – 13:20	Lunch
13:20 – 13:40	Artifice: automated billing for Ceilometer (Bruno Lago, Catalyst IT) You have deployed OpenStack and is ready to take over the world with your awesome cloud services, but wait… “How am I going to bill my clients based on their usage?” Ceilometer gives you the usage information, but you still need to bridge it with your ERP, apply your service rates and generate the monthly bills. Comes to the rescue Artifice, an awesome tool written by Aurynn Shaw at Catalyst IT which allows you to plug Ceilometer to an ERP system (or generate simple CSV bills).
13:45 – 14:05	OpenStack and the network: is there a better way? (Iain Robertson, Brocade) Brocade as a company has been active in OpenStack development, having been involved since May 2011. So far we’ve contributed code into Grizzly for both network control (Neutron) and block storage control (Cinder), specifically targeted at supporting some of Brocade’s Ethernet Fabric switches and Fibre Channel products; we’re actively working toward support for a wider range of platforms. This talk is intended to cover off what Brocade is doing a little differently in this space from a configuration perspective: specifically how we’re making sure that network configurations, once applied, work in exactly the way intended – regardless of any future changes to the network or broader OpenStack environment.
14:15 – 15:00	Adding erasure codes to OpenStack Swift (John Dickinson, Swiftstack) OpenStack Swift is a great object storage system for application storage, but in some use cases the benefits of its replication model don’t outweight the cost of storing the replicated data. One way to reduce the total space used on-disk for storage is to use erasure codes. Erasure codes work by breaking the original data into chunks and storing them with some additional computed data so that the data can be recovered even if some of the chunks are unavailable. Erasure codes are not new: common implementations can be found in RAID systems and in DVD/BluRay disks. Members of the Swift community have come together to add the ability to use erasure codes to store users’ data. This talk will cover the design and implementation of this feature. This talk will also show how the erasure code work enables very general and powerful storage policies.
15:00 – 15:40	Afternoon Tea
15:40 – 16:00	How Did I Not Know This? Navigating OpenStack-Infra as a Developer. (Anita Kuno, HP) Everyday we get questions from knowledgeable and experienced OpenStack developers that don’t know that some of our help-yourself services exist, for instance ZuulTV. This is a short presentation that covers some of the services, how to find them, a bit of their history and how to get the most out of them.
16:05 – 16:25	Diablo vs Havana: How OpenStack has matured (Joe Gordon, HP) OpenStack’s testing infrastructure uses Diablo and trunk based public clouds for running tests. Diablo had 469,000 lines of code while Havana already has over 1.3 million lines, but if Diablo was mostly working what have all those developers been working on? In addition to new user facing features thousands of bugs have been fixed and internals have been improved for performance and scalability all while supporting the same API. This talk will compare Diablo and Havana to show how OpenStack has evolved and matured.
16:35 – 16:55	OpenStack at Canonical (Brad Marshall, Canonical) This talk will cover the use of Openstack at Canonical, both in production and development. It will also touch on Juju, the service orchestration tool we use to deploy to Openstack.
17:00 – 17:20	The Nova v3 API (Chris Yeoh, IBM) This will be an overview of the Nova V3 API – what has changed from the V2 API and what changes you will need to make to any client applications using the REST API directly. We will also cover some examples of how to extend the Nova V3 API which will be of interest to those who want to write their own extensions or port those they have from the V2 API.

I managed to prepare a two-node OpenStack Havana setup, hand-configured (URL to notes below). Here are some Neutron configurations that worked for me.

Setup details:

• Two Fedora 20 minimal (@core) virtual machines to run the Controller & Compute nodes.
• Services on Controller node: Keystone, Cinder, Glance, Neutron, Nova. Neutron networking is setup with OpenvSwitch plugin, network namespaces, GRE tunneling.
• Services on Compute node: Nova (openstack-nova-compute service), Neutron (neutron-openvswitch-agent), libvirtd, OpenvSwitch.
• Both nodes are manually configured. Notes is here.

Configurations

OpenvSwitch plugin configuration — /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini — on Controller node:

$ cat plugin.ini | grep -v ^$ | grep -v ^#
[ovs]
[agent]
[securitygroup]
[ovs]
tenant_network_type = gre
tunnel_id_ranges = 1:1000
enable_tunneling = True
integration_bridge = br-int
tunnel_bridge = br-tun
local_ip = 192.168.122.163
[DATABASE]
sql_connection = mysql://neutron:fedora@vm01-controller/ovs_neutron
[SECURITYGROUP]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

Neutron configuration — /etc/neutron/neutron.conf:

$ cat neutron.conf | grep -v ^$ | grep -v ^#
[DEFAULT]
core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2
rpc_backend = neutron.openstack.common.rpc.impl_qpid
qpid_hostname = localhost
auth_strategy = keystone
ovs_use_veth = True
allow_overlapping_ips = True
qpid_port = 5672
[quotas]
quota_network = 20
quota_subnet = 20
[agent]
root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
[keystone_authtoken]
auth_host = 192.168.122.163
admin_tenant_name = services
admin_user = neutron
admin_password = fedora
[database]
[service_providers]

Neutron L3 agent configuration — /etc/neutron/neutron.conf:

$ cat l3_agent.ini | grep -v ^$ | grep -v ^#
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
handle_internal_only_routers = TRUE
ovs_use_veth = True
use_namespaces = True
metadata_ip = 192.168.122.163
metadata_port = 8700

Neutron metadata agent — /etc/neutron/metadata_agent.ini:

$ cat metadata_agent.ini | grep -v ^$ | grep -v ^#
[DEFAULT]
auth_url = http://192.168.122.163:35357/v2.0/
auth_region = regionOne
admin_tenant_name = services
admin_user = neutron
admin_password = fedora
nova_metadata_ip = 192.168.122.163
nova_metadata_port = 8700
metadata_proxy_shared_secret = fedora

iptables rules on Controller node:

$ cat /etc/sysconfig/iptables
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m multiport --dports 3260 -m comment --comment "001 cinder incoming" -j ACCEPT 
-A INPUT -p tcp -m multiport --dports 80 -m comment --comment "001 horizon incoming" -j ACCEPT 
-A INPUT -p tcp -m multiport --dports 9292 -m comment --comment "001 glance incoming" -j ACCEPT 
-A INPUT -p tcp -m multiport --dports 5000,35357 -m comment --comment "001 keystone incoming" -j ACCEPT 
-A INPUT -p tcp -m multiport --dports 3306 -m comment --comment "001 mariadb incoming" -j ACCEPT 
-A INPUT -p tcp -m multiport --dports 6080 -m comment --comment "001 novncproxy incoming" -j ACCEPT 
-A INPUT -p tcp -m multiport --dports 8770:8780 -m comment --comment "001 novaapi incoming" -j ACCEPT 
-A INPUT -p tcp -m multiport --dports 9696 -m comment --comment "001 neutron incoming" -j ACCEPT 
-A INPUT -p tcp -m multiport --dports 5672 -m comment --comment "001 qpid incoming" -j ACCEPT 
-A INPUT -p tcp -m multiport --dports 8700 -m comment --comment "001 metadata incoming" -j ACCEPT 
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5900:5999 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p gre -j ACCEPT 
-A OUTPUT -p gre -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

iptables rules on Compute node:

$ cat /etc/sysconfig/iptables
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5900:5999 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

OpenvSwitch database contents:

$ ovs-vsctl show
6f5d0e33-7013-4816-bc97-29af9abe8309
    Bridge br-int
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port br-int
            Interface br-int
                type: internal
        Port "tap63ea2815-b5"
            tag: 1
            Interface "tap63ea2815-b5"
    Bridge br-ex
        Port "eth0"
            Interface "eth0"
        Port "tape7110dba-a9"
            Interface "tape7110dba-a9"
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-tun
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
        Port "gre-2"
            Interface "gre-2"
                type: gre
                options: {in_key=flow, local_ip="192.168.122.163", out_key=flow, remote_ip="192.168.122.100"}
    ovs_version: "2.0.0"

NOTE: I SCPed the Neutron configurations neutron.conf and OpenvSwitch plugin plugin.ini from Controller to Compute node (don’t miss to replace local_ip attribute appropriately — I made that mistake).

A couple of non-deterministic issues I’m still investigating on a new setup with a non-default libvirt network as external network (on my current setup I used libvirt’s default subnet (192.168.x.x.) for it. Lars pointed out that could probably be the cause of some of the routing issues):

• Sporadic loss of networking for Nova guests. This got resolved (at-least partially) when I invoke VNC of the guest (via SSH tunneling) & do some basic diagnostics, networking comes up just fine in the guests again (GRE tunnels go stale?).tcmpdump analysis on various network devices (tunnels/bridges/tap devices) on both Controller & Compute nodes in progress.
• Nova guests fail to acquire DHCP leases (I can clearly observe this, when I explicitly do an ifdown eth0 && ifup eth0 from VNC of the guest. Neutron DHCP agent seems to be flaky here.

TIP: On Fedora, openstack-utils package(from version: openstack-utils-2013.2-2.fc21.noarch) includes a neat utility called openstack-service which allows to trivially control OpenStack services. This makes life much easier, thanks to Lars!

I had to configure an OpenStack Compute node using Xen on SLES11 SP3. The system behaved strangely. /var/log/messages had a lot of failures reported by multipathd.

Nov 23 03:43:36 xxx multipathd: tapdeva: add missing path
Nov 23 03:43:36 xxx multipathd: tapdeva: failed to get path uid
Nov 23 03:43:36 xxx multipathd: tapdevb: add missing path
Nov 23 03:43:36 xxx multipathd: tapdevb: failed to get path uid
Nov 23 03:43:36 xxx multipathd: tapdevc: add missing path
Nov 23 03:43:36 xxx multipathd: tapdevc: failed to get path uid

Adding the following lines to /etc/multipath.conf solved the issue for me.

blacklist {
    devnode "^tapdev*"
}

Spinning up OpenStack “DefCore” Committee by spotting elephants

This week, Joshua McKenty, Rob Hirschfeld and a handful of interested individuals (board member Eileen Evans included) met to start organizing the DefCore* Committee. This standing committee was established by an OpenStack Foundation resolution just before the Hong Kong Summit. This action was an immediate result of the unanimous passage of the 10 Principles that Rob was driving in the DefCore “Spider” cycle. Read the summary of the outcomes of the first meeting.

How to get new questions on Ask OpenStack via email

Email is still one of the best mechanism to get push notifications, so getting automatic nudges via email from Ask OpenStack is useful. I took some time to document how to get an email message every time a new question is asked on Ask OpenStack.

Who Wrote OpenStack Havana Docs?

Indulging with our own Anne Gentl in the glorious beauty of numbers and metrics, following up on a similar post about previous release, Who Wrote OpenStack Grizzly Docs? At the time Grizzly had 79 docs contributors overall, with 3 of them writing half of the changes for Grizzly. This time the team grew to 130 docs contributors with 7 of them writing just over half the changes in overarching install/config/deploy/operations guides. Progress! We also had at least three supporting companies hire writers dedicated to OpenStack upstream docs.

Tips ‘n Tricks

• By Mirantis: Identifying and Troubleshooting Neutron Namespaces and Edge of the Stack: Find Memleaks Without Process Restarts
• By HP Public Cloud: OpenStack HP 3PAR StoreServ Block Storage Drivers Configuration Best Practices
• By Kenneth Hui: Laying Cinder Block (Volumes) In OpenStack, Part 1: The Basics and Laying Cinder Block (Volumes) In OpenStack, Part 2: Integration With vSphere
• By Loïc Dachary: Mixing Ceph and LVM volumes in OpenStack

Upcoming Events

• OpenStack Pune Meetup Nov 23, 2013 – Pune, India Details
• OpenStack in action 4 Dec 05, 2013 – Paris, France Details
• Swiss and Rhone-Alpes OpenStack user group meeting Dec 06, 2013 – CERN, Meyrin, Switzerland Details
• Gartner Data Center Conference Dec 09 – 12, 2013 – Las Vegas, NV, USA Details
• OpenStack Israel Dec 09, 2013 – Tel-Aviv, Israel Details

Other News

• Horizon PTL election result: Congratulations to David Lyle (Official results)
• [Nova] Icehouse roadmap status
• Swift Goals for Icehouse
• How to best make User Experience a priority in every project
• Feeding results from user survey into the products
• Unified CLI now available for testing in RDO
• Open Mic Spotlight: Sean Chen
• OpenStack and Platforms as a Service
• Wrap-up post OpenStack Summit in Hong Kong
• Let’s Encourage Innovation: Thoughts From OpenStack Summit Hong Kong
• OpenStack Project Meeting: Summary and full logs

Welcome New Reviewers and Developers

Is your affiliation correct? Check your profile in the OpenStack Foundation Members Database!

Yidan Zhang	Miguel Angel Ajo
jiangang	Yaroslav Lobankov
Takashi NATSUME	Sergio Cazzolato
Leandro Ignacio Costantino	Radoslav Gerganov
Max Lobur	Leandro Ignacio Costantino
Jon-Paul Sullivan	John Wood
Gonéri Le Bouder	Jarret Raim
Ana Krivokapić	Cristian A Sanchez
Steven Lang	alejandro emanuel paredes
vlowther	Sean Winn
Ken Giusti	Peter Lomakin
	Pablo Andres Fuente
	Nathan Kinder
	Marc Solanas
	Ma Wen Cheng
	Denis Egorenko
	ChrisBuccella
	Andres Buraschi
	Yair Fried
	Steven Lang
	Shilla Saebi
	Rossella Sblendido
	Nadya Privalova
	Bob Melander
	Tristan Cacqueray
	Jiri Tomasek
	Daisuke Morita

Latest Activity In Projects

Do you want to see at a glance the bugs filed and solved this week? Latest patches submitted for review? Check out the individual project pages on OpenStack Activity Board – Insights.

• Metering (Ceilometer)
• Block Storage (Cinder)
• Image Service (Glance)
• Orchestration API (Heat)
• Dashboard (Horizon)
• Bare Metal Provisioning (Ironic)
• Identity (Keystone)
• Manuals
• Networking (Neutron)
• Compute (Nova)
• Hadoop Cluster as a Service (Savanna)
• Database As A Service (Trove)

OpenStack Reactions

The weekly newsletter is a way for the community to learn about all the various activities occurring on a weekly basis. If you would like to add content to a weekly update or have an idea about this newsletter, please leave a comment.

 

This week, Joshua McKenty, me and a handful of interested individuals (board member Eileen Evans included) met to start organizing the DefCore* Committee.  This standing committee was established by an OpenStack Foundation resolution just before the Hong Kong Summit.  Joshua and I were nominated as co-chairs (and about half the board volunteered to be members).    This action was an immediate result of the unanimous passage of the 10 Principles that I was driving in the DefCore “Spider” cycle.

We heard overwhelmingly at the Hong Kong summit that defining core should be a major focus for the Board.

The good news is that we’re doing exactly that in CoreDef.  Our challenge is to go quickly but not get ahead of community consensus.  So far, that means eating the proverbial elephant in small bites and intentionally deferring topics where we cannot find consensus.

This meeting was primarily about Joshua and I figuring out how to drive DefCore quickly (go fast!) without exceeding the communities ability to review and discuss (build consensus!).  While we had future-post-worthy conceptual discussions, we had a substantial agenda of get-it-done in front of us too.

Here’s a summary of key outcomes from the meeting:

1)      We’ve established a tentative schedule for our first two meetings (12/3 and 12/17).

1. We’ve started building agendas for these two meetings.
2. We’ve also established rules for governance that include members to do homework!

2)      We’ve agreed it’s important to present a bylaws change to the committee for consideration by the board.

1. This change is to address confusion around how core is defined and possibly move towards the bylaws defining a core process not a list of core projects.
2. This is on an accelerated track because we’d like to include it with the Community Board Member elections.

3)      We’ve broken DefCore into clear “cycles” so we can be clearer about concrete objectives and what items are out of scope for a cycle.  We’re using names to designate cycles for clarity.

1. The first cycle, “Spider,” was about finding the connections between core issues and defining a process to resolve the tension in those connections.
2. This cycle, “Elephant,” is about breaking the Core definition into
3. The next cycle(s) will be named when we get there.  For now, they are all “Future”
4. We agreed there is a lot of benefit from being clear to community about items that we “kick down the road” for future cycles.  And, yes, we will proactively cut off discussion of these items out of respect for time.

4)      We reviewed the timeline proposed at the end of Spider and added it to the agenda.

1. The timeline assumes a staged introduction starting with Havana and accelerating for each release.
2. We are working the timeline backwards to ensure time for Board, TC and community input.

5)      We agreed that consensus is going to be a focus for keeping things moving

1. This will likely drive to a smaller core definition
2. We will actively defer issues that cannot reach consensus in the Elephant cycle.

6)      We identified some concepts that may help guide the process in this cycle

1. We likely need to create categories beyond “core” to help bucket tests
2. Committee discussion is needed but debate will be time limited

7)      We identified the need to start on test criteria immediately

1. Board member John Zannos (in absentia) offered to help lead this effort
2. In defining test criteria, we are likely to have lively discussions about “OpenStack’s values”

8)      We identified some out of scope topics that are important but too big to solve.

1. We are calling these “elephants” (or the elephant in the room).
2. The list of elephants needs to be agreed by DefCore and clearly communicated
3. We expect that the Elephant cycle will make discussing these topics more fruitful

9)      We talked about RefStack code features

1. Allowing users to upload/post test results from their clouds to enable white box test reporting
2. Allowing users who have uploaded results to +/- vote on tests they think are important
3. We established a requirement that posting results requires an OpenStack ID
4. We established a requirement that only a single Corporate designate (provided by the Foundation) can make a result official for their company.
5. Collecting opt-in data with test results using tags for things like alternate implementations use, host operating system(s), deployment method, size of cloud, and hypervisor.
6. We discussed (but did not resolve) that it could be possible to have people run RefStack against public cloud end points and post their results
7. We agreed that RefStack needs to be able to run locally or as a hosted site.

10)   We identified a lot of missing communication channels

1. We created a DefCore wiki page to be a home for information.
2. Joshua and I (and others?) will work with the Foundation staff to create “what is core” video to help the community understand the Principles and objectives for the Elephant cycle.
3. We are in the process of setting up mail lists, IRC, blog tags, etc.

Yikes!  That’s a lot of progress priming the pump for our first DefCore meeting!

* We picked “DefCore” for the core definition committee name.  One overriding reason for the name is that it has very clean search results.  Since the word “core” is so widely used, we wanted to make sure that commentary on this topic is easy to track against the noisy term core.  We also liked 1) the reference to DefCon and 2) that the Urban Dictionary defines it as going deaf from standing too close to the speakers.

4 replies

The python-openstackclient project, by Dean Troyer and others, is a new command line tool to replace the existing command line clients (including commands such as nova, keystone, cinder, etc).

This tool solves two problems I’ve encountered in the past:

• Command line options between different command line clients are sometimes inconsistent.

• The output from the legacy command line tools is not designed to be machine parse-able (and yet people do it anyway).

The new openstack CLI framework is implement using the cliff module for Python, which will help enforce a consistent interface to the various subcommands (because common options can be shared, and just having everything in the same codebase will help tremendously). Cliff also provides flexible table formatters. It includes a number of useful formatters out of the box, and can be extended via setuptools entry points.

The csv formatter can be used to produce machine parse-able output from list commands. For example:

$ openstack -q endpoint list -f csv --quote none
ID,Region,Service Name,Service Type
ba686936d31846f5b226539dba285654,RegionOne,quantum,network
161684fd123740138c8806267c489766,RegionOne,cinder,volume
b2019dbef5f34d1bb809e8e399369782,RegionOne,keystone,identity
4b5dd8c6b961442ba13d6b9d317d718a,RegionOne,swift_s3,s3
ac766707ffa3437eaaeaafa3c3eace08,RegionOne,swift,object-store
e3f7bd37b51341bbaa77f81ba39a3bf2,RegionOne,glance,image
6821fad71a914636af6e98775e52e1ec,RegionOne,nova_ec2,ec2
3b2a90e9f85a468988af763c707961d7,RegionOne,nova,compute

For “show” commands, the shell formatter produces output in name=value format, like this:

$ openstack -q endpoint show image -f shell --all
adminurl="http://192.168.122.110:9292"
id="e3f7bd37b51341bbaa77f81ba39a3bf2"
internalurl="http://192.168.122.110:9292"
publicurl="http://192.168.122.110:9292"
region="RegionOne"
service_id="14a1479f77274dd485e9fb52af2e1721"
service_name="glance"
service_type="image"

This output could easily be sourced into a shell script.

When we think about clouds, and specifically OpenStack, we think about provisioning virtual machines. To reliably run our business, these virtual machines must interact with other services, which may not be in other data centers or other regions. The next frontier for the cloud is enabling connectivity on demand. While telcos don't normally provide computing power [...]

The post Pacnet: SDN and Creating a Fat Network Pipe with OpenStack and the Click of a Switch appeared first on Mirantis | The #1 Pure Play OpenStack Company.

Even before the launch of the OpenStack Training Marketplace, SwiftStack organized the first 4 workshops in our training series. The goal of these 1-day workshops has been to bring hands-on Swift training to locations where developers, operators, and vendors want to learn more about Swift. The last one we held in San Jose CA on 10/30 was our biggest yet.

Based on feedback, we are looking to host these workshops about once a month. We will be going back for encore performances in some cities, and adding many new cities. We have dates for our next 2 workshops, both of them in the Northeast where we’ve received many requests for training:

New York, Thursday December 12, 2013

Washington DC, Thursday January 9, 2014

For the holiday season, we are taking donations of $99 for the workshops, with all proceeds going to great charities with local presence and global reach. In New York, proceeds will go to the NYU Medical Center for MS research, and in DC proceeds will go to the Wounded Warrior project.

Also new for the series, we have partners sponsoring the Happy Hour after the workshop. In New York, The Ergonomic Group is sponsoring, and in DC we are happy to have RackTop Systems take part and sponsor. If you have a city you would like to see our next workshop land, would love to hear from you.

By Diane Mueller, Principal Product Marketing Manager, Red Hat
November 21, 2013

Putting the PaaS in OpenStack (Platform as a Service)

For OpenShifters and PaaS aficionados in general, the Summit was all about cross community collaboration. As a PaaS, OpenShift touches on a lot of different OpenStack projects and related communities: Heat, Neutron, Nova, Docker, and now Solum to name a few. It’s important that we not only understand these projects, but participate actively in their design and development process.

As the OpenShift Origin Community Manager, and a huge fan of OpenStack, I was thrilled to get to attend the Hong Kong Summit, to chair the “Apps on OpenStack” track, participate in a panel on Why Enterprise Developers Should Care about OpenStack with such industry luminaries as Lew Tucker (Cisco), Chris Ferris (IBM), & Adrian Otto (Rackspace) and then moderate the closing panel on PaaS with participation from OpenShift, Docker, & Solum communities.

Six months ago at the Portland Summit, we demo-ed deploying and auto-scaling OpenShift on OpenStack with Heat, OpenStack’s Orchestration Engine which at that time was still an incubating OpenStack project. Over the past months, the OpenShift team has been working closely with the Heat Community and the Red Hat RDO team to deliver the production-ready Heat templates for both OpenShift Origin and for OpenShift Enterprise which to much applause, Chris Alfonso presented in his “Deploying OpenShift on OpenStack” lightning talk. The work that went into these Heat Templates not only helped make it easier to deploy OpenShift on OpenStack, but they helped to create a set of examples of the use of Heat for more complex applications–a win-win for everyone.

Also of note at this Summit, the OpenStack foundation accepted a new hypervisor project to support Docker containers as part of OpenStack Compute (Nova) which is a big endorsement of Docker community efforts. Docker is an open-source engine which automates the deployment of applications as highly portable, self-sufficient containers which are independent of hardware, language, framework, packaging system and hosting provider. A number of members of the OpenShift team have been actively contributing to Docker and to the efforts to integrate Docker into an upcoming release of OpenShift.

Unless you are living in a walled garden or under a rock you have probably also heard about the latest OpenStack-related initiative called Solum which was kicked off by RackSpace’s Adrian Otto and has quickly (and not so quietly) gained a lot of traction amongst PaaS vendors such as ourselves and folks at Ebay who are looking to natively via an API, leverage OpenStack services for application lifecycle management in a big way.

OpenShift’s Clayton Coleman and Krishna Raman were front and center in a lot of the design conversations that occurred in the “unconference” section of the Summit and on the final day of the conference I got to moderate a PaaS All-Stars Panel entitled “Putting the PaaS in OpenStack” with Sam Alba of Docker.io, Adrian Otto of Rackspace, Clayton, Krishna Raman and Chris Alfonso, which allowed us to pull all the different threads of conversations into a round-up on the State of PaaS on OpenStack with a healthy dose of audience participation in the Q&A.

Conclusion

Red Hat’s cloud strategy of including both the IaaS & PaaS layers in our cloud product offerings is definitely the right one. It’s clear from the audience participation that when deploying OpenStack, there’s a very high interest in making sure there’s a PaaS available in order meet the expectations of most organizations these days. Making sure that OpenShift deploys, auto-scales & runs optimally on OpenStack has been a commitment and a top priority of the community and will continue to be. We’re all excited to see what happens over the next six months and we’re looking forward to the next OpenStack Summit in Atlanta in 2014!

What’s Next?

• Check out the latest OpenStack Heat Templates for OpenShift
• Try out OpenShift Online
• Join the Google OpenShift Community
• Download OpenShift & deploy it on your Cloud today

This post is part of the OpenStack Open Mic series to spotlight the people who have helped make OpenStack successful. Each week, a new contributor will step up to the mic and answer five questions about OpenStack, cloud, careers and what they do for fun. 

Sean worked at VMware, where his last project was hybrid cloud service. He is currently working on a converged storage project at a small startup. He lives near Stanford, California. You can follow him on Twitter @opencomp. 

1. Where is your happy place? Favorite place to visit, vacation, decompress?

I visited Banff National Park with my kids and family this past summer. Emerald Lake, Lake Louise and Moraine Lake were breathtakingly beautiful.

2. What is your go-to beverage or snack while coding?

Chocolate, intense dark. Mochi green tea ice cream. Pearl (Boba) milk tea.

3.  Have you organized an OpenStack meet-up/event or spoken about OpenStack at an event? What did you learn? What was the best part?

I talked about how to manage VMware ESX and Virtual Center with OpenStack at the 2012 Summit. The best part was that it made OpenStackers aware of VMware’s plans with OpenStack and the software defined data center, as well as VMware’s efforts around expanding Nicira’s contributions to Quantum and Open vSwitch.

4. Why did you decide to go into computer engineering?

Apple IIe, which made me immensely happy, and got me interested in computing.

5. How did you first get involved in OpenStack?

I was doing research on open source cloud initiatives and decided to improve VMware Compute Driver in OpenStack and bring many key features to the community.

I recently gave you an intro to my talk at the Hong Kong OpenStack Summit about Neutron namespaces. One of the commenters had seen the video of my talk and requested that we post the slideshow. In this post, I will show you how to: Identify the correct namespace. Perform general troubleshooting around the identified namespace. And, I [...]

The post Identifying and Troubleshooting Neutron Namespaces appeared first on Mirantis | The #1 Pure Play OpenStack Company.

This is the 2nd post about Ceph RBD performance. In part1, we go talk about random IO perforamnce on Ceph. This time we share the sequential read/write testing data. In case you forget our hardware configurations, we use 40x 1TB SATA disks for data disk plus 12 SSD as journal. And 4x 10Gb links are used to connect the storage clusters with clients together, which provides enough network bandwidth. Below figures show the SR and SW performance with QD=64 and CAP=60MB/s per VM. With the number of Volume/VM increases, the per-VM throughput drops gradually. The SR max total throughput 2759MB/sec happens at VM=80 and SW peak total throughput 1487MB/sec happens at VM=50. However consider our pre-defined QoS requirement (Per-VM throughput is larger than 90% of the pre-defined target), we pick up VM=40 for SR and VM=30 for SW, which results in reported metrics as 2263MB/sec (SR) and 1197MB/sec (SW).

Is the result good enough? With the similar approach as we do for random IO, we measure the native disk performance as the reference. We observe ~160MB/sec sequential bandwidth per disk for both read and write. And we measure ~900MB/sec for single 10Gb NIC. In theory, the 40 SATA disks are expected to deliver 6400MB/sec for read and 3200MB/sec for write (replica=2). And 4x 10Gb can deliver ~3600MB/sec bandwidth. Thus the final Ceph efficiency is 57% for SR and 37% for SW as below table. comparing to random IO testing result, this is not a perfect result.

Let’s take a look at Ceph architecture to understand the data better. Below figure illustrates a conceptual Ceph cluster, which has M disks and each disk is mapped with N-1 objects. The size of volume disk is marked as Volume_Size. Assuming the object size is Size_O, each virtual disk volume is composed of Volume_Size/Size_O objects. To simplify the problem, some components (e.g. PG and replica impact) are ignored on purpose. The IO requests from virtual disk volumes are distributed to different objects based on CRUSH algorithm and become the real read/write hit on disks. Due to several objects map to the same physical disks, the original logical sequential IO streams mix together (green, orange, blue and read blocks). And the real IO pattern on each physical disk becomes random with disk seeking happen. As the result, latency becomes much longer and total throughput drops a lot.

Blktrace result proves our assumptions. We collect ~37K IO traces in two experiments. In the left figure, we run 40 VM. All of them generate full sequential read. In the right figure, we run 20 sequential IO VM and 20 random IO VM at the same time. Even on the all sequential IO case, there is 26% IO non-adjacent – which means seeking happen. When there is half random IO load, the need-seeking IO ratio increases to 59%. In a real product environment, we believe the random IO steam ratio should be higher, which expects to make more impact to sequential IO steam performance.

Below figure shows the per-VM BW and latency analysis for sequential read/write pattern under different FIO queue size (QD) and volume/VM number. There are several findings:

• Read performance is better than write – because the write generates twice physical IO comparing to read.
• SSD journal doesn’t bring the same benefit as we observe in random IO tests. We believe this is due to sequential IO has a much higher bandwidth throughput, which utilizes the cache space very quickly.
• For QD=8 cases, the read latency starts from 4ms and ends with 15ms. The write latency starts from 9ms and ends with 28ms. Further study shows the physical IO pattern becomes more random w/ a higher VM number, which is reasonable.
• For QD=64 cases, the read latency starts from 17ms and ends with 116ms. The write latency starts from 36ms and ends with 247ms. The larger starting latency is abnormal because at this point the storage cluster is far from full of load. Latency breakdown tests tell us most of the latency comes from the client side, which shows potential optimization opportunity.

We believe the low sequential IO performance issue is not only a challenge for Ceph, but for all other distributed storage system with the similar design. Per our understanding, there are potentially two general ways to improve the sequential IO performance: to make random IO run faster or to optimize the IO pattern to increase sequential IO percent.

• Firstly let’s look at the possibility to reduce the random IO latency. One way is to optimize the existing software code. Remember we observe 36ms latency for SW with only one VM QD=64? The latency is extreme high consider the storage cluster is far from full of load at this moment. We believe the extra latency comes from software issues (locking, single thread queue etc.) By removing those software bottlenecks, we should be able to shorten the IO latency and improve the total throughput. The other way is to speed up the file store part, either by adding more memory or taking SSD as a write back/through cache. The 2nd one seems more interesting because the cost advantage comparing to DRAM and usually the journal may not use all the SSD space. However this need more experiments to understand the bandwidth requirement if we use the same SSD for journal and cache. There are some related BP talking about this – like the Cache Tier (although it use SSD cache at the different level per my understanding) and new NAND interface support etc.
• The 2nd way is to change the IO pattern thus there is a higher adjacent IO percent with less seeking happens. There are two cases where the logical sequential IO stream is interrupted: The 1st one is the when the logical address of the same volume increases, the mapping object moves from one object to the other object (either on the same physical storage node or a different one). The 2nd case is that it is interrupted by other IO read/write to the same hard disk but from a different volume. Accordingly, we can also try two tuning methods. The 1st is to use bigger object size – thus the possibility of jumping to a different objects/nodes becomes less. And the 2nd one is to use better mapping rules. By default, we put all the disks into the same pool. Thus the virtual address space from one virtual volume is also distributed to all the physical disks. In this case, there are many IO streams from different volumes hit the same hard disk, resulting in a higher fragmented access pattern. The better way is to create multiple pools. Each pool has limited disks and serves less volumes. Thus there are fewer IO streams share the same hard disks, resulting in a better sequential pattern. Below figure demonstrates the two configurations. The idea is from the best paper “Copysets: Reducing the Frequency of Data Loss in Cloud Storage” in ATC 2013. The author’s original goal is to reduce the disk lost impact, which is valid for Ceph case. We suggest we may consider to keep this as “best practice” and add some function into Ceph to ease administrator’s work.

We did some tests to verify the two tuning options as below figure. The left bar (4MB object) is the default configuration with 4MB object size and one pool for all disks. The 2nd bar (32MB object) is the 32MB object size with the one pool for all disks. And the rightest bar (32MB object + new mapping rule) is the 32MB object size and 10pool with 4 disks each. With 40VM/volume and same pressure load, the average per-VM bandwidth is increased from 43MB/sec to 57MB/sec (33% gain) and 64MB/sec (13% gain). This seems to be a pretty good start. For next step, we will continue to try different tuning parameters to understand the tradeoff and identify the optimization opportunity to achieve a high sequential throughput. For example, Sage Weil from Inktank suggest we should turn on the RBD client cache, which is expected to increase the read/write package size, thus reduce the latency of each IO.

As the summary, the default sequential IO performance of Ceph is not promising enough. Although by applying some tuning BKM the performance becomes better, further study and optimization is still required. If you have any suggestions or comments on this topic, please mail me (jiangang.duan@intel.com) to let us know. Again thanks for teams’ work to provide the data and help review. On next part, I hope we can share more things about how to use SSD for Ceph.

BTW, I delivered the session “Is Open Source Good Enough? A Deep Study of Swift and Ceph Performance” on this month HongKong openstack conference (link). Thanks for all the guys come to my talk especially consider it is the last session on the last day. :)

Email is still one of the best mechanism to get push notifications, so getting automatic nudges via email from Ask OpenStack is useful. I took some time to document how to get an email message every time a new question is asked on Ask OpenStack.

The core of the configuration is available on the personal profile page. In my case the URL is https://ask.openstack.org/en/users/9/smaffulli/?sort=email_subscriptions: hit your username in the top navigation bar and then pick ‘subscriptions‘. The page will look like the screenshot below.

As of today Ask OpenStack gets around 10 new questions per day and the rate is increasing steadily. I highlighted the configuration that can help you prevent getting too many emails: select the frequency of the notifications want to get notifications first in the line “Entire forum (tag filtered)”. Then set the tag filter: I picked “only subscribed tags”. You can modify the tags you want to receive notifications from the form at the bottom of the page:

Tags are added by the person asking the question and can be edited by anybody with karma higher than 100. On the same subscriptions page there is also a setting to receive notifications for questions asked in Chinese languages.

On Ask OpenStack home page there are also ways to customize the site further, hiding questions carrying ignored tags from the view or highlighting interesting ones

 

---

© stefano for ][ stefano maffulli, 2013. | Permalink | 3 comments | Add to del.icio.us
Post tags: ask, askbot, howto, openstack

Feed enhanced by Better Feed from Ozh

Florian Haas, renowned open source and high availability expert and founder of hastexo! - will be leading the upcoming OpenStack training course for the first time in Israel, December 10-12, 2013 - immediately following the 4th OpenStack Israel Summit.  This course will take a deep dive on all aspects of OpenStack Havana - in a comprehensive three day course:

• Motivation behind cloud computing and basic tenets of PaaS
• The OpenStack approach to cloud computing and PaaS
• OpenStack Identity (Keystone)
• OpenStack Image Service (Glance)
• OpenStack Block Storage (Cinder)
• OpenStack Networking (Neutron)
• OpenStack Compute (Nova)
• OpenStack Dashboard (Horizon)
• OpenStack Orchestration (Heat)

Space is limited - only 12 spots total - so you’ll want to sign up early.  Read more the partnership and course here.

(P.S. Be sure to ask about early bird discounts….!)

In part 1 of this series, I provided a basic overview of the OpenStack block storage service project, called Cinder, and how it is implemented with commodity storage as well as various other storage solutions.  As you would expect, most of these solutions and the use cases defined are for the KVM hypervisor.  In the Grizzly release, integration with VMware vSphere  and ESXi worked pretty much the same way as KVM, with Cinder volumes attached via iSCSI as a Raw Device Mapping (RDM) disk.  In Havana however, VMware made a significant change in how vSphere and ESXi implements Cinder.  Note that I will focus on how Cinder is implemented in vSphere, using ESXi and vCenter.  There is integration with ESXi as a stand-alone hypervisor but as I’ve argued in my recent blog series, there is little point in implementing standalone ESXi with OpenStack due to the lack of advanced features such as HA and DRS; you may as well deploy KVM with libvirt since it is free and offers the same basic functionality.

What’s The Big Deal With VMDK?

The big architectural change in Havana, in terms of vSphere integration is the development of a Virtual Machine Disk (VMDK) driver for Cinder that allows VMDKs to function as the backing storage for Cinder volumes in place of RDM disks in Grizzly.  Those who are unfamiliar with vSphere may wonder why this is significant given that other hypervisors, such as KVM, also use flat files to encapsulate a VM’s disk device.  The key is to understand the relationship between VMDKs and their underlying datastores.  Because of the abstraction provided by VMDKs and their associated datastores, various services and features can be enabled in the underlying storage without any modifications to the vSphere hosted virtual machines.  By mapping the Cinder volume construct to a VMDK files, VMs hosted on ESXi hypervisors can attach to persistent block volumes with the following characteristics:

• Multiple VMDK backed Cinder volumes can be hosted on the same datastore.
• A Cinder volume can be created with different disk formats:
  • Thin Provisioned Disk (Default format with Cinder) – This is simply an as-used consumption model. This disk format is not pre-written to disk and is not zeroed out until run time.
  • Thick Provisioned Disk (Zeroed Thick) - The Zeroed Thick option is the pre-allocation of the entire boundary of the VMDK disk when it is created.
  • Thick Provisioned Disk (Eager Zeroed Thick) - This pre-allocates the disk space as well as each block of the file being pre-zeroed within the VMDK. Because of the increased I/O requirement, this requires additional time to write out the VMDK.
• Advanced vSphere features, such as Storage vMotion and Storage Distributed Resource Scheduler (SDRS), can be utilized to balanced workloads across a pool of datastores.
• Perhaps most importantly, with a VMDK as the backing storage, a Cinder volume can be hosted on any storage solution and be accessed by any storage protocol supported by vSphere.

In Grizzly, only iSCSI was supported with Cinder but in Havana, a VMDK backed volume is hosted on a datastore that could be using iSCSI, Fibre Channel, FCoE, or NFS.  More interestingly, the VMDK driver will allow a Cinder volume to leverage future vSphere storage features such as Virtual SAN (VSAN) and Virtual Volumes (VVOLs).

Now I expect that as more folks in both the OpenStack and VMware communities understand this change in Cinder integration with vSphere, divergent opinions will surface regarding this change.  Some will see this as a show of committment on the part of VMware to the OpenStack project and welcomed enhancements to the Cinder and Nova projects.  Others will view this change as a move to promote the vSphere franchise without giving back to the OpenStack project and proof that VMware has no real interest in the core principles of open source technology.  Time will tell which viewpoint gains ascendancy.

Under The Hood: What In The World Is A Shadow VM?

To understand the mechanics of how VMware is able to leverage VMDKs with Cinder, I need to introduce the concept of the “shadow VM.”

In the diagram above, the vSphere Web Client shows a VM with a VMDK attached; notice that this VM has a host name that begins with the word, “volume.”  This shadow VM is created via API calls and is never actually powered on; so why does it exist?  Due to the hierarchical nature of vSphere, a VMDK must exist as a child object of a parent VM; that’s why a VMDK is always created as part of the VM creation process and not as a “stand-alone” process.  Cinder, however, assumes a block volume is a first class object; VMware gets around this by a creating a shadow VM for every VMDK that will be used as backing storage for Cinder volume.  This allows the VMDK to be created and for features which require an attached VM, such as snapshots and clones, to be enabled.  The key here is to understand that while the shadow VM is required, it is an abstracted object that is not seen or used by the Cloud instance that is attaching the associated Cinder volume.

Under The Hood: The life-cycle Of A Cinder Volume

So let’s walk though how a Cinder volume works with a vSphere hosted VM.  We’ll focus on the creation, attachment, detachment, and deletion of a Cinder volume; there are other functions that are detailed in the OpenStack Configuration Reference Guide.

• create_volume – If you recall from my previous post, the default behavior with non-vSphere instances is for the cinder create command to instantiate a block volume using a logical volume off either the Cinder volume node, storage array, etc..  With VMDK backed Cinder volumes, the volume is actually not created just yet; instead the Cinder volume and associated shadow VM are created only upon an attach_volume request in what VMware terms a lazy-create process. The reason for this difference in the workflow is that since the datastore that will host the VMDK is chosen from a pool, holding off creation until an attach request is made allows a datastore to be chosen that is already visible to the  ESXi server hosting the VM that will attach that volume.  If the VMDK is created first, there is potentially the need to incur the extra cost of having to move that VMDK to a different datastore.
• attach_volume - When a request is made to attach a VMDK backed Cinder volume to a VM, one of 2 processes may occur:
  • If this is a new volume and therefore does not have backing yet, a VMDK and it’s associated shadow VM is created on an appropriate datastore that is visible to the appropriate ESXi server.  The Cinder volume is then attached by Nova Compute to the appropriate VM.
  • If this is a previously attached volume and the backing VMDK is on a datastore visible to the appropriate ESXi server, the Cinder volume is attached by Nova Compute  to the appropriate VM.
  • If this is a previously attached volume and the backing VMDK is NOT on a datastore visible to the appropriate ESXi server, a Storage vMotion process is invoked to move the VMDK to a datastore that is visible to the appropriate ESXi server.  The Cinder volume is then attached by Nova Compute to the appropriate VM.
• detach_volume – The VMDK backed Cinder volume is removed from the appropriate VM.
• delete_volume – The VMDK backed Cinder volume is removed from inventory.

So hopefully this post will be helpful to those who want to gain a better understanding of how VMware is integrating Cinder with vSphere.  I do want to make the caveat that though I have contacts on the OpenStack team at VMware, I am not a VMware employee so I welcome any corrections to what I’ve written.

I would also encourage readers who want to learn more to watch the video of the “Cinder And vSphere” talk that was given by VMware at the recent OpenStack Summit.

<iframe class="youtube-player" frameborder="0" height="315" src="http://www.youtube.com/embed/aZtxevA0VpU?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="560"></iframe>

I would also readers to view the video of the “VMware With OpenStack” demo from the same OpenStack Summit.

<iframe class="youtube-player" frameborder="0" height="315" src="http://www.youtube.com/embed/kN9C_G6xFn0?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="560"></iframe>

Related articles

• Laying Cinder Block (Volumes) In OpenStack, Part 1: The Basics (cloudarchitectmusings.com)
• VMware Doubles Down on OpenStack Havana Cloud (eweek.com)
• VMware and OpenStack: Better Together? (chucksblog.emc.com)
• VMware Advances Support for OpenStack Framework (sys-con.com)

Filed under: Cloud, Cloud Computing, OpenStack, Storage, Virtualization, VMware Tagged: OpenStack, VMware, VMware vSphere, vSphere

The subject of Platforms as a Service and their long-term relationship with OpenStack has been the subject of much hand-wringing—most of it in the media—over the past month or so. The ongoing expansion of the project has many folks wondering where exactly the dividing line between OpenStack and its surrounding ecosystem will be drawn, and the announcement of the Solum related project has fuelled speculation that the scope will grow to encompass PaaS.

One particular clarification is urgently needed: Solum is not endorsed in any way by the OpenStack project. The process for that to happen is well-defined and requires, amongst other criteria, that the implementation is mature. Solum as announced comprised exactly zero lines of code, since the backers wisely elected to develop in the open from the beginning.

More subtly, my impression (after attending the Solum session at the OpenStack Summit two weeks ago and speaking to many of the folks involved in starting the project) is that Solum is not intended to be a PaaS as such. I have long been on record as saying that a PaaS is one of the few cloud-related technologies that do not belong in OpenStack. My reason is simple: OpenStack should not annoint one platform or class of platforms when there are so many possible platforms. Today’s PaaS systems offer many web application platforms as a service—you can get Ruby web application platforms and Java web application platforms and Python web application platforms… just about any kind of platform you like, so long as it’s a web application platform. That was the obvious first choice for PaaS offerings to target, but there are plenty of niches that could also use their own platforms. For example, our friends (and early adopters of Heat) at XLcloud are building an open source PaaS for high-performance computing applications.

Though Solum is still in the design phase, I expect it to be much less opinionated than a PaaS. Solum, in essence, is the ‘as-a-Service’ part of Platform as a Service. In other words, it aims to provide the building blocks to deliver any platform as a service on top of OpenStack with a consistent API (no doubt based on the Oasis Camp standard). It seems clear to me that, by commoditising the building blocks for a PaaS, this is likely to be a catalyst for many more platforms to be built on OpenStack. I do not think it will damage the ecosystem at all, and clearly neither do a lot of PaaS vendors who are involved with Solum, such as ActiveState (who are prominent contributors to and users of Cloud Foundry) and Red Hat’s OpenShift team.

Assuming that it develops along these lines, if OpenStack were to eventually reject Solum from incubation solely for reasons of scope it would call into question the relevance of OpenStack more than it would the relevance of Solum. Solum’s trajectory toward success or failure will be determined by the strength of its community well in advance of it being in a position to apply for incubation.

---

Finally, I would like to clarify the relationship between Heat and PaaS. The Heat team have long stated that one of our goals is to provide the best infrastructure orchestration with which to deploy a PaaS. We have no desire for Heat to include PaaS functionality, and we rejected a suggestion to implement Camp in Heat when it was floated at the Havana Design Summit.

One of the development priorities for the Icehouse cycle, the Software Configuration Provider blueprint is actually aimed at feature-parity with a different Oasis standard, Tosca. We are working on it simply because the Heat team went to the Havana Design Summit in Portland and every user we spoke to there asked us to. The proposed features promise to make Heat more useful for deploying enterprise applications, platforms as a service, Hadoop and other complex workloads.

The OpenStack community gathered in Hong Kong in the first week of November to define the roadmap for the upcoming Icehouse release cycle and reflect on Havana, the release that forms the basis of the upcoming Red Hat Enterprise Linux OpenStack Platform 4.0.

This was the first time the biannual OpenStack summit had been held outside of North America but was still the largest ever with over 3500 stackers in attendance. The OpenStack Foundation rose to the challenge, organizing yet another exemplary event. Here at Red Hat, we’ve spent some time gathering up a grab bag of our personal highlights for the week.

OpenStack Deployment and Management

Deployment was front and center with the Red Hat keynote setting the scene, taking a look at the emerging TripleO project.

Keith Basil, a Red Hat OpenStack product manager and redhatstack.com contributor, played the role of “shark food” in a lively roundtable on Deploying and Upgrading OpenStack. The roundtable faced off proponents of various deployment solutions to discuss both the present and future state of OpenStack deployment technologies.

In addition to the roundtable, many side conversations related to Deployment and Management were had by players in this space. The impact of TripleO/Tuskar was starting to sink in and prompted very passionate responses from those who perceive OpenStack Deployment as an official program destined to surplant their own internal and non-OpenStack community driven tools. Red Hat went through a similar phase with its own Foreman tool. The take away and consensus seemed to be that we’ll continue to develop and support what we have today until TripleO/Tuskar becomes more mature and stable.

We also provided a working demo on TripleO and Tuskar at the booth. This demo showed a rack of hardware supplied by Quanta being described and provisioned by TripleO and Tuskar. This was a phenomenal culmination of intense engineered work done by Red Hat and was well received at the Summit. It was great to be able to have conversations with community members and then have them at the booth for a live demonstration of the work done to date. There were many sessions on OpenStack “deployment” which reinforced both the validity and direction of the work being done around TripleO/Tuskar.

At a deeper level, traction was gained with the Ironic project. Ironic was spun out of Nova as an abstraction layer and specifically addresses the bare metal provisioning requirements within the scope of deployment. Red Hat expects to commit engineering resources to Ironic so that the lower levels of hardware integration are stabilized and feature complete enough to be meaningful to our ecosystem partners.

There is a tremendous amount of buzz related to OpenStack Deployment and we’re excited to have a substantial role in making the community vision a reality.

Software Defined Networking

Software-defined Networking (SDN) was also a hot topic at the Hong Kong summit. Alongside the OpenStack Networking (Neutron) design sessions, SDN was well represented in the general summit tracks as well.

Red Hat’s own Chris Wright presented OpenDaylight: An Open Source SDN for Your OpenStack Cloud alongside Kyle Mestery (Cisco), Anees Shaikh (IBM), and Stephan Baucke (Ericsson).

With the support of the Linux Foundation OpenDaylight is an open source project aiming to drive adoption of SDN by providing a robust and extensible SDN platform to facilitate industry innovation. In this presentation the goals, architecture and roadmap of OpenDaylight were presented. A vision for how OpenDaylight might integrate with OpenStack Neutron in the future to provide a powerful SDN-based networking solution for OpenStack Clouds was also provided. OpenDaylight was also on display in the Demo Theater.

Block and Object Storage

The Storage scene was very busy this Summit, Cinder design sessions were spread across two days. Everything we talked about was captured in the Icehouse Etherpad. The discussions were interesting, productive and covered various topics and problems pending to be solved, all the way from Taskflow and “More flexible scheduler policies” to “Changing the wheels on a moving bu.s” Cinder continuous deployment as well as several sessions around disaster recovery topics such as: Incremental Volume backup, Continuous volume replication, Backup as service and Stateless Snapshots

The OpenStack Performance and Benchmarking themes continued this summit, with several user sessions, covering a range of performance considerations important when sizing and deploying OpenStack configurations as well as testing best practices and Object Storage Real World Usage.

Summit panels covered Software defined Storage and Big Data that has seems to become a first class citizen in OpenStack.

The Savana project which aims to offer scale-out, on-demand Hadoop provisioning and management, received significant interest and airtime at the summit. The Savanna demo theater was well attended, as was the user summit presentation.

Metering and Orchestration

During the Havana release cycle the Metering (Ceilometer) and Orchestration (Heat) projects graduated from incubation, as a result they are now fully integrated OpenStack projects. Ceilometer collects usage and performance data from the various OpenStack services, while Heat facilitates orchestration of complex deployments on top of OpenStack clouds.

The changes to these two services as they matured throughout the incubation period, and the way they now combine to provide automatic scaling of resources in an OpenStack cloud, were captured in an excellent deep dive presentation “Ceilometer + Heat = Alarming”. A live demonstration of these facilities being used to deploy and automatically scale an OpenShift PaaS installation was also provided during the summit.

As always, the OpenStack Summit is all about participation & collaboration. We were pleased to be able to contribute and represent Red Hat at this event and look forward to the next Summit in Atlanta!

Ceph pools are defined to collocate volumes and instances in OpenStack Havana. For volumes that do not need the resilience provided by Ceph, a LVM cinder backend is defined in /etc/cinder/cinder.conf:

[lvm]
volume_group=cinder-volumes
volume_driver=cinder.volume.drivers.lvm.LVMISCSIDriver
volume_backend_name=LVM

and appended to the list of existing backends:

enabled_backends=rbd-default,rbd-ovh,rbd-hetzner,rbd-cloudwatt,lvm

A cinder volume type is created and associated with it:

# cinder type-create lvm
+--------------------------------------+------+
|                  ID                  | Name |
+--------------------------------------+------+
| c77552ff-e513-4851-a5e6-2c83d0acb998 | lvm  |
+--------------------------------------+------+
# cinder type-key lvm set volume_backend_name=LVM
#  cinder extra-specs-list
+--------------------------------------+-----------+--------------------------------------------+
|                  ID                  |    Name   |                extra_specs                 |
+--------------------------------------+-----------+--------------------------------------------+
...
| c77552ff-e513-4851-a5e6-2c83d0acb998 |    lvm    |      {u'volume_backend_name': u'LVM'}      |
...
+--------------------------------------+-----------+--------------------------------------------+

To reduce the network overhead, a backend availability zone is defined for each bare metal by adding to /etc/cinder/cinder.conf:

storage_availability_zone=bm0015

and restarting nova-volume:

# restart nova-volume
# sleep 5
# cinder-manage host list
host                            zone
...
bm0015.the.re@lvm               bm0015
...

where bm0015 is the hostname of the machine. To create a LVM backed volume that is located on bm0015:

cinder create --availability-zone bm0015 --volume-type lvm --display-name test 1

In order for the allocation of RBD volumes to keep working without specifying an availability zone, there must be at least one cinder volume running in the default availability zone ( nova presumably ) and configured with the expected RBD backends. This can be checked with:

# cinder-manage host list | grep nova
...
bm0017.the.re@rbd-cloudwatt     nova
bm0017.the.re@rbd-ovh           nova
bm0017.the.re@lvm               nova
bm0017.the.re@rbd-default       nova
bm0017.the.re@rbd-hetzner       nova
...

In the above the lvm volume type is also available in the nova availability zone and is used as a catch all when a LVM volume is prefered but collocating it on the same machine as the instance does not matter.

1 reply

One of the OpenStack projects that seem to get less attention than others such as Nova and Neutron is the Cinder block storage service project.  I though it may be helpful to others if I wrote up some things I’ve learned about Cinder.  I’ll start, in this post, by walking through the basics of Cinder; then following on my recent series on VMware vSphere with OpenStack Nova Compute, I wrote a post on how vSphere uniquely integrates with this block storage service.  First, let’s put Cinder in proper context by taking a look at the available storage options in OpenStack.

Storage Options in OpenStack

There are currently three storage options available with OpenStack – ephemeral, block (Cinder), and object (Swift) storage.  The table below from the OpenStack Operations Guide helpfully outlines the differences between the three options:Cloud instances are typically created with at least one ephemeral disk which is used to run the VM guest operating system and boot partition; an ephemeral disk is purged and deleted when an instance is terminated.  Swift was included as one of original OpenStack projects to provide durable, scale-out object storage.  Initially, block services was created as a component of Nova Compute, called Nova Volumes; that has since been broken out as its own project called Cinder.

So what are the characteristics of Cinder and what are some its benefits?  Cinder provides instances with block storage volumes that persist even when the instances they are attached to are terminated.  A single block volume can only be attached to a single instance at any one time but provides the flexibility to be detached from one instance and attached to another instance.  The best analogy to this is of a USB drive which can be attached to one machine and moved to a second machine with any data on that drive staying intact across multiple machines.  An instance can attach multiple block volumes.

In a Cloud platform such as OpenStack, persistent block storage has several potential use cases:

• If for some reason you need to terminate and relaunch an instance, you can keep any “non-disposable” data on Cinder volumes and re-attached them to the new instance.
• If an instance misbehaves or “crashes” unexpectedly, you can launch a new instance and attach Cinder volumes to that new instance with data intact.
• If a compute node crashes, you can launch new instances on surviving compute nodes and attach Cinder volumes to those new instances with data intact.
• Using a dedicated storage node or storage subsystem to host Cinder volumes, capacity can be provided that is greater than what is available via the direct-attached storage in the compute nodes (Note that is also true if using NFS with shared storage but without data persistence).
• A Cinder volume can be used as the boot disk for a Cloud instance; in that scenario, an ephemeral disk is not required.

The Cinder Architecture

As seen in the diagram above from Avishay traeger of IBM, the Cinder block service is delivered using the following daemons:

• cinder-api – A WSGI app that authenticates and routes requests throughout the Block Storage service.  It supports the OpenStack APIs only, although there is a translation that can be done through Nova’s EC2 interface, which calls in to the cinder client.
• cinder-scheduler – Schedules and routes requests to the appropriate volume service.  Depending upon your configuration, this may be simple round-robin scheduling to the running volume services, or it can be more sophisticated through the use of the Filter Scheduler.
• cinder-volume – Manages Block Storage devices, specifically the back-end devices themselves.
• cinder-backup – Provides a means to back up a Cinder Volume to various backup targets.

Cinder Workflow Using Commodity Storage

As originally conceived, all cinder daemons can be hosted on a single Cinder node or alternatively, all cinder daemons, expect cinder-volume can be hosted on the Cloud Controller nodes with the cinder volume daemon installed on one or more cinder-volume nodes that would function as virtual storage arrays (VSA).  These VSAs are typically Linux servers with commodity storage; volumes are created and presented to compute nodes using Logical Volume Manager (LVM).

The following high-level procedure, outlined in the OpenStack Cloud Administrator Guide and visualized in a diagram from Avishay traeger of IBM, demonstrates how a Cinder volume is attached to a Cloud instance when invoked via the command-line, the Horizon dashboard, or the OpenStack API:

Cinder Workflow Using Enterprise Storage Solutions

Cinder also supports drivers that allow Cinder volumes to be created and presented using storage solutions from vendors such as EMC, NetApp, Ceph, GlusterFS, etc..  These solutions can be used in place of Linux servers with commodity storage leveraging LVM.

Each vendor’s implementation is slightly different so I would advise readers to look at the OpenStack Configuration Reference Guide to understand how a specific storage vendor is implementing Cinder with their solution.  As an example, James Ruddy, from the Office of the CTO at EMC, has a recent blog post walking through installing Cinder with ViPR.  Note that the architecture and workflow is similar across all vendors except that the cinder-volume node communicates with the storage solution to manage volumes but does not function as a VSA to create and present Cinder volumes using storage attached to the cinder-volume node.

I am intentionally keeping to the basics in this post, leaving out such Cinder features such as snapshots and boot from volume.  For more information on other facets of Cinder, I would encourage readers to read through the OpenStack Configuration Reference Guide and the OpenStack Cloud Administrator Guide.  There, you can also get walk-throughs on how to set up Cinder using commodity hardware and enterprise storage solutions.  In part 2, I detail what VMware has done in Havana to integrate Cinder with vSphere.

Related articles

• Laying Cinder Block (Volumes) In OpenStack, Part 1: The Basics (cloudarchitectmusings.com)

Filed under: Cloud, Cloud Computing, OpenStack, Storage Tagged: Block Storage, Cloud, ISCSI, OpenStack

Back from busy days in one of the most exciting cities I’ve ever visited, I needed some time to put thougths back in order, recover from jet lag and deal with my irremediably broken WordPress installation (will probably blog about this later, too). Hong Kong was a blast in many aspects. The Summit itself started with lions dancing at the sound of drums in front of over 3,000 people:

There be Lions! Best.OpenStack.Summit.Ever! pic.twitter.com/DfhWGrPlO0 — Stefano Maffulli (@smaffulli) November 5, 2013

And then we saw that Bejing is the first city by total number of contributors to OpenStack in the whole world:

This is what I call a diverse developer’s community #openstack pic.twitter.com/CAqoLMrUsD — Stefano Maffulli (@smaffulli) November 6, 2013

There has been an incredible growth inside and around OpenStack, the project is growing fast. Growth is good, it’s what we wanted so we have plenty of reasons to celebrate. The second edition of the User Survey brought us more insights about usage of OpenStack around the world. We announced our first OpenStack Ambassadors, people who will help the OpenStack Community team get closer to many communities around the world. It was great to meet personally more women from the Outreach Program for Women of OpenStack. we’ve been doing this for over a year now, it’s a thing.

Growth also brings challenges and some of them were evident in some of the conversations had at the Summit, around it and after. A few signals I caught during and around the Design Summit sessions highlighted that we may need to start taking new steps to reinforce the culture of collaboration inside the project. The challenges highlighted go from lack of reviewers (not core reviewers, just developers who pay attention and help others), PTLs getting overloaded, the high traffic on the Development mailing list (which leads to loss of information), the increasing number of questions on Ask OpenStack with no interactions (no up/down votes, comments, etc) and little engagement in its Chinese version, the challenges inside the Internationalization Team with processes and tools. We’ve also heard of a very few Design sessions where it was too hard to have a productive discussion because of one or two uncollaborative people.

Since we’re getting so many new developers in the project we’re probably getting to the point where we can’t assume they are accustomed to contributing upstream first. The founders and first members of OpenStack all had a brilliant pedigree of open source contributions and collaboration. New members of the OpenStack Foundation may need some help to succeed. I enjoyed the session Getting Your Blueprint Accepted Quicker: the VPNaaS Use Case so much that I’m proposing the Upstream University training as an official program at the OpenStack Foundation to help new members. I’ll write more about this in the future.

The next six months will continue to be super exciting and full of things to do. If you have missed Hong Kong go watch the recordings of the sessions  keep watching this space for more news.

 

---

© stefano for ][ stefano maffulli, 2013. | Permalink | One comment | Add to del.icio.us
Post tags: community, design, hong kong, openstack, summary, summit

Feed enhanced by Better Feed from Ozh

Articles and tutorials in the "Edge of the Stack" series cover fundamental programming issues and concerns that might not come up when dealing with OpenStack directly, but are certainly relevant to the OpenStack ecosystem. For example, drivers are often written in C rather than Python, leading to concerns about memory leaks and other C-specific issues. [...]

The post Edge of the Stack: Find Memleaks Without Process Restarts appeared first on Mirantis | The #1 Pure Play OpenStack Company.

The Cloudify Team had such a great time at the OpenStack Summit in Hong Kong that we wanted to keep the discussion going! Two meetups for OpenStackers across the country this week!

• Wednesday, November 20th with the SFBay OpenStack Meetup Group - Learn about Application Deployment and Management on OpenStack using DSL based on TOSCA
• Thursday, November 21st with the OpenStack NY Meetup Group - Hear Four Case Studies for Moving Mission-Critical Apps to the Cloud

Two coasts, two days, two OpenStack groups, one Cloudify.

For three years we’ve gathered in different cities across the US to develop OpenStack and build an incredible community the open cloud platform. In that time, OpenStack has grown larger than we could have ever imagined.

And earlier this month, OpenStack Summit took to the global stage. More than 3,500 attendees joined together in Hong Kong to dive deeper into OpenStack from three key perspectives: the operator, the developer and the user.

The attendance was record-setting and the agenda was jam-packed with informative topics for everyone; whether they’re just getting started with OpenStack or have been committing code since we launched the project in 2010. When fewer than 75 of us met in Austin more than three years ago to kick off OpenStack, we had no idea how big it would become.

It’s estimated that 65 percent of attendees were at their first Summit; and roughly 45 percent of all attendees were from Asia. This is a clear signal that OpenStack has become the international platform it was designed to be. Just look at the more than 200 attendees at the China and Hong Kong OpenStack User Meetup the prefaced the Summit – OpenStack is a global community. At the same time, there were also a number of folks from Europe and the US who braved the long flights to Hong Kong to make this the best Summit yet.

And believe me, it was the best so far. I’ve been to every Summit; and I was stunned by the amazing pace and scope of innovation. The speed at which it moves is astounding. There are new features being added at blazing speeds, and new projects, like Heat and Ceilometer and more are evolving and gaining real traction. Meanwhile, budding endeavors like Solum, an application lifecycle management play, are gathering steam – despite some skepticism in the marketplace. And there are new technologies, like Docker, emerging that are changing the way developers think about building applications in this new era.

One thing OpenStack Summit Hong Kong showed me is that we shouldn’t do anything to restrict this innovation. Let’s get out of the way. The board and the Foundation should let this innovation happen naturally. Let’s understand the concerns about the protection of OpenStack core definitions and of the brand, and encourage the smart people involved to innovate around the project with as few roadblocks as possible.

That’s one reason central control over OpenStack wouldn’t work – it should be the power of many, not the power of a single entity. The Hong Kong Summit showed us once and for all that the OpenStack model is working very well and that meritocracy rules.

The enthusiasm and energy around OpenStack is contagious. In the keynotes, in the sessions and in the hallways there was a vibration; a feeling that we are all part of something incredible. And we are. The OpenStack community comprises hundreds of great people. One of the things I most look forward to at OpenStack Summits is the rare chance to spend time with friends and with business rivals (who are also friends) in a dynamic community environment where we’re all working for the greater good and all have the opportunity to be heard. We all have our say. OpenStack is truly a community endeavor.

It was a terrific Summit. And I can’t wait to do it all again in the Spring. I look forward to seeing you in Atlanta.

I know, I know, OpenStack is too obsessed with statistics for contributors. I agree! I want to rise above it but the trend release-over-release for docs is way too tempting for me in my research lab for documentation. So allow me to indulge in some analysis that is similar to my post about this last release, Who Wrote OpenStack Grizzly Docs? Remember? We had 79 docs contributors overall, with 3 of us writing half of the changes for Grizzly. This time we had 130 docs contributors with 7 of us writing just over half the changes in overarching install/config/deploy/operations guides. Progress! We also had at least three supporting companies hire writers dedicated to OpenStack upstream docs. Full of win. I love having OpenStack job postings to offer great tech writers.

We added 100,000 lines more than last release. What? Yes, it’s true. Much of that is from our autodoc efforts, pulling all 1500 configuration options directly from the code, but that’s a compelling number to share.

I ran the same scripts as last time to maintain consistency. All these stats are from the tools that aren’t being maintained any more from openstack-gitdm.

Here are the numbers for the openstack-manuals repository only:

Processed 966 csets from 130 developers
92 employers found
A total of 187524 lines added, 275056 removed (delta -87532)

Developers with the most changesets
 Andreas Jaeger 233 (24.1%)
 annegentle 89 (9.2%)
 Tom Fifield 70 (7.2%)
 Diane Fleming 70 (7.2%)
 Christian Berendt 65 (6.7%)
 Sean Roberts 44 (4.6%)
 Stephen Gordon 41 (4.2%)
 Summer Long 21 (2.2%)
 Lorin Hochstein 20 (2.1%)
 nerminamiller 17 (1.8%)
 Gauvain Pocentek 15 (1.6%)
 Emilien Macchi 15 (1.6%)
 Colin McNamara 14 (1.4%)
 Shaun McCance 13 (1.3%)
 Deepti Navale 11 (1.1%)
 Phil Hopkins 9 (0.9%)
 Aaron Rosen 8 (0.8%)
 Kurt Martin 8 (0.8%)
 Scott Radvan 7 (0.7%)
 Edgar Magana 7 (0.7%)
 Covers 80.434783% of changesets

This is another interesting data set:

Employers with the most hackers (total 136)
Red Hat                     12 (8.8%)
IBM                         12 (8.8%)
Rackspace                    8 (5.9%)
HP                           7 (5.1%)
Nicira                       4 (2.9%)
Mirantis                     4 (2.9%)
SUSE                         2 (1.5%)
Yahoo!                       2 (1.5%)
eNovance                     2 (1.5%)

I also ran these same stats for the api-site repository, where the API user docs are sourced. These docs are still quite different from a contributor and sourcing standpoint and I’m not sure why. Rackspace dedicating Diane Fleming has made a huge difference here, think of what we could do with one more dedicated API doc writer? Ok, we can’t clone Diane, but think of the possibilities.

Developers with the most changesets
Diane Fleming 46 (58.2%)
annegentle 5 (6.3%)
Cyril Roelandt 2 (2.5%)
Kersten Richter 2 (2.5%)
Brian Rosmaita 2 (2.5%)
Rupak Ganguly 2 (2.5%)
QingXin Meng 2 (2.5%)
ladquin 2 (2.5%)
dcramer 2 (2.5%)

Employers with the most hackers (total 23)
Rackspace 5 (21.7%)
IBM 5 (21.7%)
Red Hat 2 (8.7%)

I’m also a web analytics hound. What docs were the most accessed during the lead-up to the Havana release? Here are the top five:

1. Swift Developer site
2. Install Guides (Basic and Deploy, both Ubuntu and RedHat/Fedora/Centos)
3. API Quick Start
4. OpenStack Operations Guide
5. Getting Virtual Machine Images page from the OpenStack Compute Administration Guide

To me, these stats show that we’re doing the right things such as dedicating a contractor to the install guide. Thank you Cisco. We still have areas to improve, such as API docs and ensuring end-user docs are a top priority. Our readers are definitely after both deployment and consumption of OpenStack clouds.

Interacting with JSON-based APIs from the command line can be difficult, and OpenStack is filled with REST APIs that consume or produce JSON. I’ve just put pair of tools for generating and filtering JSON on the command line, called collectively json-tools.

Both make use of the Python dpath module to populate or filter JSON objects.

The jsong command generates JSON on stdout. You provide /-delimited paths on the command line to represent the JSON structure. For example, if you run:

$ jsong auth/passwordCredentials/username=admin \
  auth/passwordCredentials/password=secret

You get:

{
    "auth": {
        "passwordCredentials": {
            "username": "admin", 
            "password": "secret"
        }
    }
}

The jsonx command accepts JSON on stdin and selects subtrees or values for output on stdout. Given the above output, you could extract the password with:

jsonx -v auth/passwordCredentials/password

Which would give you:

secret

The -v flag here indicates that you only want the values of matched paths; without the -v the output would have been:

auth/passwordCredentials/password secret

There are more examples – including some use of the OpenStack APIs – in the README document.