What is nova-compute-flex?
For the past couple of months I have been working on the OpenStack PoC called nova-compute-flex. Nova-compute-flex allows you to run native LXC containers using the python-lxc calls to liblxc. It creates small, fast, and reliable LXC containers on OpenStack. The main features of nova-compute-flex are the following:
- Secure by default (unprivileged containers, apparmor, etc)
- LXC 1.0.x
- python-lxc (python2 version)
- Uses btrfs for instance creation.
Nova-compute-flex (n-c-flex) is a new way of running native LXC containers on OpenStack. It is currently designed with Juno in mind since Juno is the latest release of OpenStack. This tutorial to get nova-compute-flex up and running assumes that you will be using Ubuntu 14.04 release and will be running devstack with it.
How does n-c-flex work?
N-c-flex works the same way as the other virt drivers in OpenStack. It will stop and start containers, use neutron for networking, etc. However it does not use qcow2 or raw images, it uses an image that we call “root-tar”.
“Root-tar” images are simply a tarball of the container which is similar to the ubuntu-cloud templates in LXC. They are relatively small and contain just enough to get you running a LXC container. These images are published by Ubuntu as well, and they can be found here.. If you wish to use other distros you can simply tar up the directories found on a given qcow2 image. As well as you could use the templates found in LXC. Its just that simple.
The way that nova-compute-flex works is the following:
- Download the tar ball from the glance server.
- Create a btrfs snapshot.
- Use lxc-usernsexec to un-tar the tar ball into the snapshot.
- When the instance starts create a copy of the snapshot.
- Create the LXC configuration files.
- Create the network for the container.
- Start the container.
It just takes seconds to create a new instance since it is just doing a copy of the btrfs snapshot when the image was downloaded from the glance server.
When the instance is created, the container is an unprivileged LXC container. This means that nova-compute-flex uses user-name-spaces with apparmor built in (if you are using Ubuntu). The instance behaves like a container, but it looks and feels like a normal OpenStack instance.
Getting Started with n-c-flex
Assuming that you already have btrfs-tools is installed and you don’t have a free partition. You will need to create the instances directory where your n-c-flex instances are going to live. To do that you simply have to do the following:
dd if=/dev/zero of=<name of your large file> bs=1024k count=2000
sudo mkfs.btrfs <name of your large file>
sudo mount -t brfs -o user_subvol_rm_allowed <name of your large file> <mount point>
To make the changes permanent, modify your /etc/fstab accordingly.
Installing devstack and n-c-flex
In your “/opt” directory, run the following commands:
This will prepare your devstack to install software like LXC that been back ported to the Ubuntu Cloud Archive. The reason for the back port is that some of the features that is needed in nova-compute-flex is not
found in the trusty version of LXC
After running the above commands you will have the following in your localrc:
To make your devstack more useful you should have the following in your localrc as well:
This will allow you to use the stable branches of juno with neutron support. After modifying your localrc, you can proceed to install by running the “./stack.sh” script.
Running your first instance
As said before nova-compute-flex uses a different kind of image compared to regular nova. To upload the image to the glance server you have to do the following:
glance image-create --name='lxc' --container-format=root-tar --disk-format=root-tar < utopic-server-cloudimg-amd64-root.tar.gz
After uploading the image you can run the regular way of creating instances by either using the python-novaclient tools or the euca2ools.
At the OpenStack Developrs Summit last week, Mark Shutleworth announced lxd (lex-dee). LXD is a container “hypervisor” that is built on top of the LXC project. LXD is meant to be used as system container, rather than application containers like Docker.
I will be using the knowledge that we have gained from working on nova-compute-flex and applying it nova-compute-lxd. LXD will have a Rest-API to interact with the LXD containers, so nova-compute-lxd will be the lxd api to stop/start containers and other functions one expects to find in Nova. More discussion will be going on at the lxc-devel mailing list over the next couple of months.
However, if you want to use nova-compute-flex now go for it! If you wish to submit patches, the github project can be found at https://github.com/zulcss/nova-compute-flex. The work will be fed back into the nova-compute-lxd project as well. It also has an issue tracker where you can submit bugs as well.
If you run into road blocks please let me know, and I will be happy to help.
It has been a while since I posted anything on this blog, but rest assured like the rest of the Ubuntu Server Team has been very busy trying to get Quantal out of the door. So with respect to Openstack what have we been doing?
Folsom Release on Ubuntu 12.10
So a couple of days ago, Thierry Carrez, the OpenStack Release Manager, announced that the Folsom release of the Openstack project was available. This includes projects such as Nova, Swift, Quantum, Glance, Keystone, Horizon, and Cinder. After the Ubuntu Beta2 was released, the Folsom release of Openstack was packaged for Ubuntu 12.10. The supported projects that will be included in the Quantal release of Openstack will be the same as it was in Precise but 2 new upstream projects will be supported. These two projects were created with the intention of simplifying nova, and allowing those with most expertise focus on specific areas. These projects are called Cinder (block storage) and Quantum (SDN). Please see the release notes for any gotchas that you might have. Please test and report bugs to the usual places.
Foslom release on Ubuntu 12.04
What I am more excited about is that you can now run Folsom on Ubuntu 12.04. In the past you would have to request a back port of a specific piece of software through the Ubuntu Backporters Team, or some volunteer would back port an entire release through a PPA. Neither of these are usually formally supported by Canonical. When the Ubuntu Cloud Archive was announced a couple of weeks ago, we can release the latest version of Openstack for users who want the stability of an LTS release but need a newer version of Openstack for their cloud. In the future, newer releases and updates of Openstack will be back ported to the Ubuntu Cloud Archive as well.
In order to have stability with the Ubuntu Cloud Archive we follow very much like the Stable Release Process, there are two types of “pockets”: a proposed pocket and an updates pocket. The “proposed” pocket will have back ports that are ready for the community to test and report bugs. The “updates” pocket will be finished product of the community testing.
If you want to help out with the testing and reporting of bugs on your 12.04 servers, you will want the following in your /etc/apt/sources.list:
deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-proposed/folsom main
If you just want to install the latest version of Openstack on your 12.04 servers, you will want the following in your /etc/apt/sources.list:
deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/folsom main
Please report any bugs that you discover on launchpad as well. In the coming months, we will be making it easier to use Openstack on both newer releases of Ubuntu and back porting those changes to 12.04 users as well.
A couple of minutes ago the “Essex” was released by Thierry Carrez a couple of minutes ago. This is a great step forward because it offers more stability and features for Openstack Users. As a result of the release, we now have “Essex” final packages for 12.04. This list includes:
Congratulations and thanks to the Openstack community for releasing such an important piece of cloud infrastructure. Also thanks to all the users that provide bug reports, testing, comments, and feedback to the Openstack community as well. However it is not finished for Ubuntu since we have an important LTS release coming up pretty quickly. So back to work for me!
In some families its traditional to send a Christmas card with an update on the family and what is happening during the year. Since it has been a while since I wrote anything on this blog with regards to Openstack and Ubuntu, I thought I would be a good idea to give users an update on what is happening in precise. So what has been happening?
The Ubuntu packaging for Openstack has been in a good state for a while now. We are working through the keystone growing pains, but it should almost be ready soon. The Ubuntu packages are constantly being tested in our test lab with the help of our QA rig. The continuous integration tests runs on every commit to the openstack github repos and uses the correct ubuntu packages. If something has changed in Openstack we can catch it right away and make the appropriate changes to the packages. More information can be found at the Ubuntu Server Blog.
When precise is released I expect to see the major components (nova/swift/glance/horizon/keystone) in main and supported in Ubuntu. Other projects such such as quantum and melange will be in Universe, however they are being maintained as a “best effort” for precise. Since they are not apart of the core project. However I expect to see this changed in precise+1, as quantum has given the go ahead to come out of incubation.
The juju charms for Openstack are looking really good as well. Again this is due to the fact that we have continuous integration testing going on. We use the juju charms to deploy a multi-node installation and run QA tests against it. The Keystone charms are in the process of being changed to work with the “redux” merge, they should be ready soon. When precise is release I expect to see the charms matching the major components as well since that is what we support.
Since precise is a LTS release for the Ubuntu project the Ubuntu Server Team and other developers within Ubuntu has mostly been focusing on fixing bugs that we find and contributing the bug fixes back upstream to the appropriate projects . I expect to see more bug fixes happening between now and when Essex will be released.
Besides bug fixes we have been contributing to the Stable Release Team. Along with Mark McLoughlin (from Red Hat), Dave Walker, and myself; the stable release team in the Openstack project that has been responsible for back porting fixes to the stable release of projects such as Nova. The rules for back porting fixes to the Diablo stable branch is similar to our SRU rules in Ubuntu. meaning that no major features get in, just bug fixes.This is important to us going forward in precise. Since Precise is a LTS release and when it is released, back porting fixes from Folsom to Essex will be necessary for users who decide to run Openstack on Ubuntu on Precise.
The next Openstack Design Summit will be happening soon. ODS is the semi-annual developer gathering of developers where they discuss ideas and blueprints amongst fellow developers. I expect to be there in SFO in April and see old and new friends. I expect to see more cutting edge features when Folsom is released that will make Openstack stand out from other cloud projects. However I also expect to see back porting fixes to Essex so that users are not left out in the cold. I totally expect to see Ubuntu leading the way that it has for the past couple of releases.
It has been a while since I posted anything OpenStack related on my blog, so I just want to let people know what is happening with OpenStack on Ubuntu. A sort of development update if you will.
At UDS in October we had a session about the things we wanted to do for Openstack in Precise, the list of work items that we want to get through is found in the blueprint. Right now, in the archive we have again a weekly snapshot of Nova and Swift like in Oneiric, but we have also added a weekly snapshot of keystone, horizon, and quantum that is available as an apt installable package. Soon we will be adding Melange to that rotation since it is now packaged in Ubuntu as well. Please try them out and report any bugs in Launchpad.
On the Juju side, Adam has updated the charms for precise and have added a charm for keystone, I also believe he is close to finishing a charm for horizon as well. This will make installing OpenStack really easy since all the configuration is done for you in the charms.
Since Precise is an LTS release we care about the stability of the Openstack packages we are the middle of figuring out a way of doing on commit tests from the Openstack git repository. The way that this will probably work is that we will create packages from a commit that will happen, and the packages will get rebuild with a new snapshot and will use the charms to deploy Openstack on in the QA Lab. This will give us confidence that the packages and the charms are well tested before they are uploaded to the Ubuntu archive.
Looking back to Oneiric and the Diablo release, there were a lot of bugs that affected the stability and quality for production deployment. With that in mind we had a session at the OpenStack Developers summit about creating a stable release team. The team is responsible for accepting back ported patches from Essex into Diablo, kind of like what the stable kernel tree maintainers do for the Linux kernel. The team is made up of people from both Fedora and Ubuntu, so it is nice to see some collaboration taking place. I do not have any statistics on how many patches were back ported from Essex to Diablo but I did review *alot* of patches. What that means for Ubuntu is that we have a stable diablo release for Oneiric that is available for testing in the proposed repository. To learn how to enable the proposed repository you can read the instructions on the Ubuntu Wiki.
With that I will be going on Christmas holidays near the end of the week, so I want to wish you a Merry Christmas and a Happy Holidays. I hope to have another development update soon.
Friday night I returned from Boston where I was attending the Openstack Design Summit and Conference hosted by Rackspace. The Design Summit is a UDS like where developers come together and hammer out a feature in the form of a blueprint for the next release of Openstack. I think the concept is still new to a lot of people since I still saw more presentations than discussions at the sessions I attended. However people will get use to the format as time goes on.
The design summit was for the first 3 days while I was in Boston. Since I work at Canonical and as a member of the Ubuntu Server Team, these days I am mostly interested in Distros/Integration (since our next release is an LTS release), Orchestration, and the EC2 API.
- Integration – Distros such as Ubuntu, Fedora, and RHEL (and ultimately providers such as HP and Dell) care more about having a stable release the an cutting edge release so that their users can use Openstack without having to pull their hair out. Dave Walker hosted a session about doing a Stable Release where interested parties can use a common base for distros and integrators role out releases to their users. The result of this session was that a group of interested parties will be created to take care of it. Later in the week we had a Debian packaging BOF and a Distro BOF and we got to talk about Packaging and what other people are doing with Openstack as well.
- Orchestration – providing a path for users to deploy Openstack easily is becoming a *BIG* thing in the Openstack ecosystem. Companies such as Dell, Nebula, and Canonical are providing tools such as Crowbar and Juju/Orchestra. They are all competing to do the same thing and all have basically the same ideas. The real question is how can they innovate a deployment and set themselves apart from one another.
- EC2 API - I hosted a session about the EC2 API in Openstack. Quite frankly, I was surprised how full the room was and there was a lot of good discussion moving forward. In the Diablo release, there was more focus on the Rackspace API since Rackspace is going to be deploying the Openstack for their customers so a lot of bugs didnt get fixed in time. However, there is a lot of discussion on how people still want their tools such as ElasticFox and boto to still work on Openstack. I think the consensus at the end of the session was to form a “working group” of people who are interested in fixing and maintaining the EC2 API in Nova.
The final two days were for the conference. The conference was definitely more business and marketing focus than the design summit. Some of the highlights for me at the conference were the following:
- Juju – On the final day of the conference Jane Silber, Canonical’s CEO, gave a presentation of what we are doing with Openstack and juju. It was a pretty cool demo because the deployment of a hadoop cluster was visualized using gource as it was deployed. I think a lot of people are visual people and it was a good way to get a lot of peoples attention. After the demo, I think there was a lot of buzz around juju since people wanted to know more about it. The juju session in the afternoon on Friday was packed and the canonistack use case session was well attended because people wanted to know more.
- HP – At the conference HP gave a keynote on how they are using Openstack to offer a public cloud. Right now it is in beta testing for people that have been signed up and have been accepted by HP. What a lot of people didn’t know was that their cloud was running on Ubuntu Server, which was also announced in Jane’s keynote.
- ARM – Ever since the Corel Netwinder was released I have been an ARM fan boy and Jane announced in her keynote that Oneiric is one of the first server based distros that can run on ARM. However since this is a Openstack conference, yes in Oneiric you can run Openstack on ARM. There are ARM specific images that you can use and you can get them at the regular places. It uses LXC for virtualization. I will probably have another blog post about this later.
- Openstack Foundation – In the Rackspace keynote, it was mentioned that there is over 150+ companies developing for Openstack, that is a pretty big ecosystem. So it was announced that a foundation will be created to manage the trademark and allow for a better community governance model. This is a good move so it will be interesting to see how it goes forward
It was a great week to be in Boston and seeing a lot of old friends in the community. However I just realized that UDS is not far down the road and I will be doing this all again soon.
In the past before I started working at Canonical, I volunteered to maintain Xen on Ubuntu. This included supporting the hypervisor and the rather large kernel patch that needed to be ported to whatever version that Ubuntu is running on at the time. This process was not sustainable and KVM was eventually chosen as the hypervisor of choice for Ubuntu Server. Today the Xen dom0/domU kernel code is the upstream vanilla source so distros like Ubuntu can get from Xen.
At UDS-O in Budapest I hosted a session about bringing back Xen support for Ubuntu in Oneiric. It was a well attended and well received session and was kind of surprised about the attendance. At the time there was and still is having Ubuntu users run the Xen hypervisor, kernel, and user land tools on Ubuntu.
So how do you install In short this is how to do it:
sudo apt-get install linux-image-server
sudo apt-get install xen-utils-4.1 xen-utils-common
sudo apt-get install xen-hypervisor-4.1 (xen-hypervisor-4.1-amd64 if you are running amd64)
sudo apt-get install xenstore-utils
Its really easy to use libvirt and xen on Oneiric as well. There are a couple of bugs when trying to launch an HVM domain, but it will get fixed for the next LTS. Obligatory screen shot of running the Ubuntu Server installer on an HVM instance can be found below:
If you have any questions or have troubles running Xen on Oneiric. Please use launchpad to open bugs and so we can track the problems people are having with it.
On October 13, 2011 – the Oneiric Ocelot release will be available to Ubuntu Server users everywhere. With it, a new release of Nova, Swift and Glance called “Diablo” will be available for users to test drive for their EC2 compatible private cloud. Thierry Carrez, Openstack release manager and Ubuntu developer has a detailed blog post about the features of the last Nova milestone at his blog.
There has been a lot of changes between the Cactus release and Diablo release of Nova. This blog will help you get started running a basic cloud on Ubuntu Oneiric. So lets get started!
First install Nova and Glance, Glance is now required for the API server:
sudo apt-get install nova-api nova-compute-kvm nova-scheduler nova-network nova-objectstore nova-volume
rabbitmq-server dnsmasq glance bridge-utils euca2ools python-novaclient
You will need to setup a bridge, information on how to do it can be found at the Ubuntu Server Guide.
Once Nova and Glance is installed you have to setup Nova. Setting up Nova is relatively easy to do, all you need to do is to type the following:
sudo nova-manage db sync
sudo nova-manage user admin [username]
sudo nova-manage project create [name of cloud] [username]
sudo nova-manage network create public 10.0.0.0/8 3 16 --bridge_interface=br0
sudo nova-manage project zipfile [name of cloud] [username]
Once the cloud is up and running you will need to have an image to run on your cloud. You can download the latest release from here.
To upload an image to your cloud is easy as well, all you have to do is the following once you download the image:
uec-publish-tarball [name of tarball] bucket [arch]
euca-add-keypair -k [name of key] > [filename]
chown 600 [filname]
Finally to run your instance all you have to do is:
euca-run-instance -k [name of key] [instance-id]
Once the image has started, you should have a virtual machine running on your workstation. So there you have it..an EC2 compatible cloud running on your workstation. If you find any bugs please report them in launchpad. The more users we get testing Nova on Ubuntu the better. If you have any question please let me know.
Wow…long time no blog. It has been really busy the last couple of months since I have written a blog post, busy you know with Oneiric development work on Ubuntu Server. Oneiric seems to be coming along nicely and we are shaping up for an interesting release when its done. Especially with the the Openstack bits that are being worked on both by the Ubuntu Server Team and the Openstack community.
The Openstack ecosphere has grown a lot of over the past couple of months. With major hardware vendors such as HP, Dell, and Cisco announcing support for Openstack, the marketplace is getting crowded with everyone announcing an Openstack IaaS solution. With more and more companies offering a cloud solution, it is more than likely that they are going to be using the same “Diablo” release of the Openstack. So how are they going to set themselves apart from each other and hopefully stand out? Its all about the infrastructure baby! Right now, there is still a lot of fiddling a user has to do in order to use Nova. Providing an infrastructure for deployment for any number of machines have to be easy and straight forward as possible. Right now, there is a lot of deployment tools that users can use, which is great because it offers users choice. Lets look at some of the offerings that I am aware about.
Lets start off with Dell. Last week at OSCON, Dell had announced “crowbar”. Crowbar is Dell’s solution to the Openstack deployment infrastructre. The twitter universe has been all gaga for it (good marketing) and it looks nice. It is based on Chef and the source is available. Dell is trying to get a community around it which is a good thing. However it looks very Dell specific and right now its based off of Ubuntu 10.10.
Next lets have a look at StackOps. StackOps has their users download an ISO. Once the user installs a base system, it has a web base installer as second stage installer. The second stage installer seems to be hosted by StackOps which is probably not an ideal way to deploy Openstack. This is eerily similar what we did with Eucalyptus minus the web based second stage installer, and have problems with in the past. It is also based off of Ubuntu right now as well. However, this mode of delivery seems to me not for scale for large deployment.
Finally what have Canonical been working on, well its called Orchestra. The idea behind Orchestra is given a number of nodes in a deployment, deploy nova, swift, and glance easily. The tools that we use are the best of the open source technologies, so in Orchcestra we use cobbler to deploy the base operating system and ensemble to deploy Openstack. Orchestra has other features such as monitoring your deployment using Nagios, and a central rsyslog to have all your log files in one place.
Right now, Orchestra is still undergoing a high pace of development and I am quite excited to see where it is going and being the premier tool for deploying Openstack on Ubuntu.
Last week in Budapest, Hungary the Ubuntu community had our semi-annual Ubuntu Developer summit. I was there along with both sponsored Ubuntu developers, upstreams, and canonical employees participating mostly in the Server and Cloud Tracks. Here are some of the sessions that were highlights for me during the week.
- Openstack At UDS, Ubuntu Cloud was announced which is run by Openstack. Everyone has assumed that this means that UEC and Eucalyptus is going away, which is not the case in Oneiric. Both Eucalyptus and Openstack will be in “main” and both will be supported in Oneiric. One way to think of this is that we both have MySQL and Postgresql in “main” because people still want to have a choice in which database you want to use. Providing both allows users to have an easier time to deploy either MySQL or Postgresql. Users are free to use either MySQL or Postgresql, which is really the essence of FOSS. Similarly, Ubuntu users for Oneiric will have either Eucalytpus or Openstack as a choice to deploy their private cloud. The session that we had Openstack mostly resolved about what integration points that we need to do for Oneiric and how we are going to do them.
- Orchestra was a big topic at UDS. Orchestra is an all in one provisioning server to deploy Ubuntu Server. Orchestra has several moving parts which includes cobbler, puppet, mcollective, nagios, cloud-init, and ensemble. The idea behind Orchestra is that given any N number of servers running bare-metal, easily deploy Ubuntu Server on it. This is a big change since the only way you could get Ubuntu Server was through the ISO and it was designed for a single server mind. With Orchestra, we are taking the best of opensource and making it easier to deploy Ubuntu Server for large scale deployments. Most of the sessions that I attended were either directly or indirectly apart of Orchestra.
- Ubuntu Server on Arm A long time ago when I was first starting out in the computer industry. I had access to a small little server called the netwinder. It was a StrongARM desktop server that runs quietly on a desk or as a 1U. The Netwinder was basically my first exposure to the ARM architecture and it was pretty cool, however it was way ahead of its time and died when Corel got out of the Linux business and Rebel.com died. Jump to, well, now, and there is a demand for servers with low power consumption and ARM is well suited in my opinion. Ubuntu Server is getting on the ground floor and I quite envious of the Ubuntu Arm team of the work they are doing in this area.
- Ubuntu as a host or what is old is new again Along with sessions about LXC and KVM we had a session about discussing Xen. Xen in the past has not been really supported by the Ubuntu Server Team or the Ubuntu Kernel Team due to the Xen patchset not included in the mainline kernel. Since the dom0 support has been included in the mainline kernel, distros such as Ubuntu can now support it properly. We had a good discussion about Xen and what needs to be done in order for Ubuntu to be a good host for Xen. I see us carrying the Xen 4.1 hypervisor and userland tools and associated bits that is needed to make Xen work really well on Ubuntu. It was great to have Ian Jackson an upstream xen.org developer from Citrix to answer questions for us as well.
- Server SRU process review Surprisingly, this was a well attended session as well on the last day. Most of our users on Ubuntu Server use the LTS releases and they want to have a stable server. In order to support those users we usually try to cherrypick fixes from the development release and backport them to the LTS releases and believe me we do care about our LTS uses. However, this takes time and we have a long list of things that we want to fix but just have not gotten around to it yet. A couple of ideas was risen from this session include using the backports, SRU process, and PPAs. However, the idea brought up of having a dedicated SRU person on the Ubuntu server who would rotate on a fixed time period was especially interesting because it would make sense for us since we would model it on how to the security team would do it.
It was nice to see everyone again and I’m looking forward to the next six months but there is a lot of work to be done. So okay go!