Made by Mikal – Page 39

Michael’s surprisingly unreliable predictions for the Havana Nova release

Post author:mikal
Post published:April 21, 2013
Post category:OpenStack

I should start out by saying that because OpenStack is an open source project, it is hard to know exactly what will land in Havana -- the developers are volunteers, and sometimes things get in the way of them doing the work they intended. However, these are the notes I wrote up on the high points of the summit for me -- I didn't see all the same sessions as other nova developers, so hopefully others will pitch in with their notes as well. Scheduler The scheduler seems to be a point of planned work for a lot of people in this release, with talk about having more scheduling code in the common library, and of adding new filter types. There is definite interest in being able to schedule by methods we don't currently support -- things like rack or PDU diversity, or trying to collocate a tenants machines together. HP is also interested in being able to sell dedicated machines to tenants -- in other words, they would guarantee that only one tenants instances appeared on a machine in return for a fee. At the moment this requires setting up a host aggregate for the tenant. Feeding additional data…

Getting started with OpenStack development

Post author:mikal
Post published:April 17, 2013
Post category:OpenStack

I just gave my presentation at the Havana Conference about how to get started with OpenStack development. A few people asked for my slide deck, so I am posting it here. The talk was taped, and I am sure some more formal release will happen in the future, but I wanted to get this out there for the people who had asked for it.

Faster pip installs

Post author:mikal
Post published:April 9, 2013
Post category:OpenStack

Last week with the help of the lovely openstack-infra people, I discovered that you can have a local cache of pip downloads. This speeds up rebuilding test environments when you need to jump between branches with different dependencies. Its as simple as chucking something like: export PIP_DOWNLOAD_CACHE=~/cache/pip ...into your .bashrc or equivalent.

Merged in Havana: configurable iptables drop actions in nova

Post author:mikal
Post published:April 1, 2013
Post category:OpenStack

LaunchPad bug 1013893 asked nicely if the drop action for iptables rules created by nova-network could be configured. The idea here is that you might want to do something other than a plain old drop -- for example logging before dropping. This has now been implemented in Havana. To configure the drop action, set the iptables_drop_action to the name of an already existing iptables target. Creating this target is not managed by nova, and you'll need to do it on every compute node. When iptables creates or deletes rules on compute nodes it will now use this new target. There's a bit of an upgrade problem here in that this will stop nova from deleting rules which use the old hard coded drop target. However, if an instance is torn down then all of its tables are torn down as well and rules will be deleted correctly, so this is only a problem if a security group is changed while the instance is running. It occurs to me that we can do better here, so I've sent off this review to handle the case where a rule is being removed and used the default drop action. For safety, I would…

Upgrade problems with the new Fixed IP quota

Post author:mikal
Post published:March 31, 2013
Post category:OpenStack

In the last few weeks a new quota has been added to Nova covering Fixed IPs. This was done in response to LaunchPad bug 1125468, which was disclosed as CVE 2013-1838. To be honest I think there are some things the vulnerability management team learned the hard way with this disclosure. For example, we didn't realize that we needed to update python-novaclient to allow users to set the quota, or that adding a quota would require changes in Horizon. Both of these errors have been corrected. More importanly, the default value of the new quota was set to 10. I made this decision based on the default value of the instances quota coupled with a desire to protect deployments from denial of service. However, this decision combined with a failure to explicitly call out the new quota in the release notes for the Folsom stable release have resulted in some deployers experiencing upgrade problems. This was drawn to our attention by LaunchPad bug 1161190. We have therefore moved to set the default quota for fixed IPs to unlimited. If you want to protect yourself from a potential DoS, then you should seriously consider changing this default value in your deployment.…

Havana Nova PTL elections

Post author:mikal
Post published:March 14, 2013
Post category:OpenStack

This is just a quick reminder that there are only a couple more days to vote in the Nova PTL elections for the Havana cycle. If you're eligible to vote, you should have a voting URL in your email. The candidates: Russell Bryant -- announcement Michael Still -- announcement The incumbent PTL, Vishvananda Ishaya, has chosen not to run.

Redshirts

Post author:mikal
Post published:February 15, 2013
Post category:Book

I was super excited to get my hands on the latest John Scalzi book because I've really liked his previous stuff. Unfortunately while this book is fun I feel that the underlying concept is pretty weak... Its more of a toy boy than something which makes you think, which is a disappointment to me. Don't get me wrong, the overall execution is good, but the book feels lazily plotted, much like a badly done Harry Harrison does. So, if that sort of thing annoys you, give this one a miss.

Earthbound

Post author:mikal
Post published:January 19, 2013
Post category:Book

This is the third book in the Marsbound series. The Others have just turned off all electronics on Earth, and now we need to survive. One problem with this book is that it jumps straight into the action -- I had to go back and re-read Marsbound and Starbound in order to understand what was happening in this book. That was ok because those two books are excellent, and I enjoyed re-reading them. In fact, those two are probably a little better than this one. Overall Earthbound is pretty dark, and there isn't a lot of hope presented -- its just a series of scenes where the main characters attempt to deal with an all powerful adversary. Perhaps if the Others weren't so powerful this would be a better book, because you just know that everyone is doomed. I also respect authors who are willing to kill off lead characters, but that happens a lot in this book, which sort of bothered me. Perhaps that's what combat is really like though -- people you have an attachment to just stop being there. There's no warning or explanation. The end of this book isn't very satisfying. There better be a sequel…

OpenStack at linux.conf.au 2013

Post author:mikal
Post published:January 5, 2013
Post category:OpenStack

As some of you might know, I'm the Director for linux.conf.au 2013. I've tried really hard to not use my powers for evil and make the entire conference about OpenStack -- in fact I haven't pulled rank and demanded that specific content be included at all. However, the level of interest in OpenStack has grown so much since LCA 2012 that there is now a significant amount of OpenStack content in the conference without me having to do any of that. I thought I'd take a second to highlight some of the OpenStack content that I think is particularly interesting -- these are the talks I'll be going to if I have the time (which remains to be seen): Monday Cloud Infrastructure, Distributed Storage and High Availability Miniconf: while not specifically about OpenStack, this miniconf is going to be a good warm up for all things IaaS at the conference. Here's a list of the talks for that miniconf:<ul Delivering IaaS with Apache CloudStack - Joe Brockmeier oVirt - Dan Macpherson Aeolus - Dan Macpherson Ops: From bare metal to cloud space - Phil Ingram VMs on VLANs on Bridges on Bonds on many NICs - Kim Hawtin OpenStack Swift…

Image handlers (in essex)

Post author:mikal
Post published:December 23, 2012
Post category:OpenStack

George asks in the comments on my previous post about loop and nbd devices an interesting question about the behavior of this code on essex. I figured the question was worth bringing out into its own post so that its more visible. I've edited George's question lightly so that this blog post flows reasonably. Can you please explain the order (and conditions) in which the three methods are used? In my Essex installation, the "img_handlers" is not defined in nova.conf, so it takes the default value "loop,nbd,guestfs". However, nova is using nbd as the chose method. The handlers will be used in the order specified -- with the caveat that loop doesn't support Copy On Write (COW) images and will therefore be skipped if the libvirt driver is trying to create a COW image. Whether COW images are used is configured with the use_cow_images flag, which defaults to True. So, loop is being skipped because you're probably using COW images. My ssh keys are obtained by cloud-init, and still whenever I start a new instance I see in the nova-compute.logs this sequence of events: qemu-nbd -c /dev/nbd15 /var/lib/nova/instances/instance-0000076d/disk kpartx -a /dev/nbd15 mount /dev/mapper/nbd15p1 /tmp/tmpxGBdT0 umount /dev/mapper/nbd15p1 kpartx -d /dev/nbd15 qemu-nbd…