Containers based deployment of Openstack with TripleO

Following up on my last post about TripleO, here are some new steps on how to use TripleO-Quickstart to deploy Openstack on containers:

TripleO-Quickstart

The command below will deploy a minimum configuration of one controller and one compute node:

./quickstart.sh --requirements quickstart-extras-requirements.txt --playbook quickstart-extras.yml --config ~/.quickstart/config/general_config/containers_minimal.yml --teardown all --tags all --clean --release master-tripleo-ci 127.0.0.2

Once this finishes running, you should have a full cloud running and ready for testing.

Redeploy the overcloud

To redeploy just the overcloud, first create a file named: docker_registry.yaml

parameter_defaults:
  DockerNamespace: 192.168.24.1:8787/tripleoupstream
  DockerNamespaceIsRegistry: true

Now, run:

1. source ~/stackrc
2. openstack stack delete overcloud
3. openstack stack list   # wait until list is empty
4. openstack overcloud container image upload --verbose --config-file /usr/share/tripleo-common/container-images/overcloud_containers.yaml
5. openstack overcloud deploy --templates -e /usr/share/openstack-tripleo-heat-templates/environments/docker.yaml -e $HOME/docker_registry.yaml

For more information checkout: http://tripleo.org/containers_deployment/index.html

Setting up a TripleO development environment

TripleO is a project aimed at installing, upgrading and operating OpenStack clouds using OpenStack’s own cloud facilities as the foundation – building on Nova, Swift, Ironic, Neutron and Heat to automate cloud management at datacenter scale.

I’ve recently started testing TripleO deployment of Swift and have learned a little bit about how to deploy a development environment using TripleO-Quickstart. Quickstart is a new-ish project that has seen a lot of recent development, its aim is to make it quicker to get a dev. environment setup. I emphasize new-ish because it is not quite stable yet and it is quite possible to run into errors, but it is stable enough to get an enviroment setup without much trouble.

My aim with this post is just to document what I’ve learned so far as there’s a lot of information scattered. I think I’ve only scratched the surface on TripleO and there’s still a ton to learn, I will try to post new information as I learn them.

Continue reading →

Testing asciinema

Looks like for now, it’s only possible to embed an image with a link to asciiname.org and not the actual asciinema player. Too bad, hopefully in the future WordPress.com will allow embedding of the actual asciinema player.

Running functional test against an OpenStack Swift cluster deployed with TripleO

To run the upstream Swift functional tests against a Swift cluster deployed with TripleO, follow the steps below:

Setup necessary keystone users

Initially the admin user is already setup, the functional tests requires two mores users: one user on the same account (project) as the admin user, but with a user role and another user in different account, but with admin role. Did that confuse you yet? this should help:

Continue reading →

Fun with librados (python)

I have recently started to test the python bindings for librados and I’d like to share what I have learned so far.

To begin, you will need a ceph cluster, an easy way to get one going is to use ansible-ceph. I will not get into much detail about ansible-ceph in this post, but it is very straight forward to get it running, just follow the directions on the github README page. For the code on this post, there’s no need to add RGW or MDS nodes. I changed the default box from Ubuntu to CentOS 7.1. When SSHing to node mon0, the rados python module is already installed, so you should be able to run the code examples from there.

Continue reading →

Upgrade from Fedora 20 to Fedora 22

Just finished upgrading to Fedora 22 on my ThinkPad T430s and it was a very simple, smooth upgrade process. Just followed directions from the FedUp wiki page and everything worked flawlessly. Here are the steps I followed:

1. sudo yum update
2. sudo yum install fedup
3. sudo fedup --network 22 --product=workstation
4. If no errors, reboot and choose System Upgrade from the Fedora Boot Menu

Note: Just FYI, the actual upgrade process (after last step) takes a bit of time.
Note 2: Just noticed that my keyboard configuration remained the same, so I’m still able to type with accents: Instalação do Fedora 22 foi super tranquila!

Openstack Swift hackathon report

The Openstack Swift community held their mid-cycle meeting last week. It was hosted by SwiftStack in their new San Francisco HQ. It was attended by 16 contributors representing 8 different companies: Red Hat[3], Intel[1], SwiftStack[3], HP[2], IBM[1], NTT[3], Fujitsu[1] and Rackspace[2].

We started the week listing what looked liked an almost impossible large number of topics to be discussed. The main focus of the hackathon was the Erasure Coding work that is on-going and targeted for the Kilo release, but we created a list with over 20 topics to be discussed and worked on in 4 days.

I’m glad to say we were able to cover each one of the topics we listed, resulting in a very productive week. The output of those discussions were either in the form of patches being merged after reviews, new patches being submitted for review or specs being written to record design ideas and decisions for new upcoming features. Projects have been proposed or taken-on by the different members of the community and the companies they represent. Basically, everyone left with many action items for the projects they are working on.

To accomplish our goal of covering all those topics we had to break up into smaller groups and have some of the work be done in parallel, this enabled contributors to participate in the discussions of projects they were already working on or new features they are interested in.

Below is a quick summary/status of the discussions I participated in:

Erasure Codes:

EC is being targeted to be released as part of the Kilo release, during this week we reviewed code regarding the PUT and GET requests as well as the reconstructor. Testing has been limited so far as the GET patches were only posted this week. Up until now it was possible to write data, but not retrieve it. With the majority of the GET code base being put up for review, the amount of testing being done should pick up quickly. This work is being led by Paul Luse at Intel and SwiftStack.
Specs and Patches:

• http://bit.ly/19izBq2
• https://review.openstack.org/#/c/142146/
• https://review.openstack.org/#/c/153843/
• https://review.openstack.org/#/c/154263/
• https://review.openstack.org/#/c/131872/

Encryption:

Data at-rest encryption is still in the design phase. There is a spec up for review and a lot of new discussion happened all week. HP and IBM were leading the discussions on this feature.
Specs:

• http://bit.ly/17yXCZu
• https://review.openstack.org/#/c/154318/

Container Sharding:

One of Swift’s weak points is container performance degradation as the size of containers grow. A spec has been proposed on how to solve this issue with container-sharding. The first version of the spec listed 3 alternatives and during the hackathon one of the alternatives was chosen as the most adequate. The work on this should continue with a new version of the spec being put up for review and then some code patches. This work is being led by Matthew Oliver from Rackspace.
Spec:

• https://review.openstack.org/#/c/139921/

Etags on large objects:

Currently Swift calculates the etag header of large objects (SLO) differently from “regular” objects. While the etag of a “regular” object is the md5 checksum of its content. The etag of a large object is the md5 of the concatenation of each one of its segments etag. This is only useful if the client application has that information available and can perform the same calculation. NTT has been looking for ways to calculate the etag of a large object based on the content of the data, just like “regular” objects. This has proven to be a difficult problem to solve and more investigation will be needed.

Storlets (IBM):

During the Paris Summit, IBM presented a couple of talks on a new technology they have been researching called Storlets. This technology would allow the use of Swift storage nodes as compute nodes. Typically data processing is done on compute nodes separate from where data is actually stored. The problem with this approach is that large amounts of data need to be transferred, which becomes inefficient. Storlets would move the processing of the data to storage systems instead of the other way around.

The good news about this effort is that IBM is looking to open source this technology. During the hackathon we held a conference call with IBM to hear a status of the project and discuss ideas on where this new code should live and how it can be integrated with Swift.
Blog on Storlets:

• http://ibm.co/1ABLKkr

Change partition power:

Another weak point of Swift is that deployers must choose their partition power when first deploying their cluster and can never change it, which makes it very difficult for operators that are looking to start with a small cluster and grow overtime. A spec has been proposed to start new work on solving this problem. An overview was given of the proposed solution and implementation ideas were discussed. Alistair Coles from HP proposed the spec with references to previous work done in this area by Christian Schwede (Red Hat).
Spec:

• https://review.openstack.org/#/c/152935/

Fast-Post:

Alistair Coles (HP) has a design spec and couple of patches up for review to solve the issue of changing some specific container metadata on POST. The biggest challenge with this work is making sure that metadata is correctly replicated and reconciled on a eventually-consistent system such as Swift.
Specs and patches:

• https://review.openstack.org/#/c/102592/
• https://review.openstack.org/#/c/135380/
• https://review.openstack.org/#/c/138498/

Change policy on container:

NTT is also investigating ways of allowing Swift admins to change the storage policy on a container. For example, a container is created with a 3-replica policy and after some time the admin would like to change it to a 2-replica policy. NTT proposed some ideas on how the data could be migrated without the need to move the data to a new container. There is no spec for this yet.

Object undelete:

Christian Schwede (Red Hat) led the discussion on some ideas to provide a new feature where operators would be able to configure their clusters to hold on to data for some configurable period of time after a DELETE request. This would help prevent un-wanted data deletion caused by either mistakes or abuse of the system.
Spec:

• https://review.openstack.org/#/c/155421/

fsync on dirs:

Prashanth Pai (Red Hat) has a patch up for review regarding fsyncing directories after a rename. This is would close the small window of data loss vulnerability but at a cost of performance loss. Ideas were discussed on how to best address the issue.
Patch:

• https://review.openstack.org/#/c/126923/

Object Versioning middleware:

We had a live code review of this patch that I have been working on. Currently object versioning is embedded in the PUT method of the proxy and this patch moves that code to a new middleware. Some needed changes were identified and a new patch will be put up for review soon.
Patch:

• https://review.openstack.org/#/c/134347/

Single Process:

I have been leading this project, which will allow for better performance when deploying storage policies with third-party backends. We had a walk through of the current code that is up for review for this project. The idea has been well received by the community and core developers have demonstrated willingness to review and work together with us. During the week we identified common places where a refactoring of the Object controller will benefit both this project as well as the EC project.
Patch:

• https://review.openstack.org/#/c/149329/

Container aliases:

The basic idea is to set an alias to a container, for example with a target container inside another account. This would make it much easier to access that container, because the user doesn’t need to use a different storage URL for access. A while ago Christian Schwede (Red Hat) wrote a middleware and proposed this (https://review.openstack.org/#/c/62494), but due to some edge cases we weren’t able to merge it yet. The biggest problem is the eventual consistency when setting the alias. The discussion came up again, thus a spec has been submitted for review. Hopefully we will be able to find a consensus on this and how to proceed.
Spec:

• https://review.openstack.org/#/c/155524/

Community:

There were some discussions on how to better provide status of on-going projects to the community at large. We also had some talks on the spec review process and bug list grooming.

There were also talks and code reviews on a number of other projects: Service Tokens, ring optimizations, patches on replicator and updater, Container tempurl keys, FQDN in rings, and Keystone policy (ACLs) files.

John Dickinson (Swift PTL) has also written a summary of this event here.

P.S.: It’s important to note that these projects do not represent all the work that is happening on the Swift community, rather it’s just a subset of the projects that the people attending the Hackathon are working on.

Storage Policy configuration on a SAIO deployment

Instructions for testing the new Openstack Swift Storage Policy feature with a Gluster-Swift backend as one of the policies storing data on a GlusterFS volume.
Follow the steps below:

1. Create a SAIO development VM as explained here: http://docs.openstack.org/developer/swift/development_saio.html
2. modify /etc/swift/swift.conf to add storage policies. Example:
   [storage-policy:0]
   name = chicken
   default = yes

   [storage-policy:1]
   name = turkey

   [storage-policy:2]
name = gluster


3. create new “virtual” disks for each node. In the SAIO instructions you created /mnt/sdb1/1/node/sdb1, now create /mnt/sdb1/1/node/sdc1 and follow the same pattern for the other 3 nodes.
4. modify remakerings scripts that was installed as part of the SAIO deployment. Add new object rings for each new storage policy per node. In the example below object-1 maps to storage-policy:1 (turkey) and object-2 maps to storage-policy:2 (gluster)
   
   swift-ring-builder object.builder create 10 3 1
   swift-ring-builder object.builder add r1z1-192.168.56.101:6010/sdb1 1
   swift-ring-builder object.builder add r1z2-192.168.56.101:6020/sdb2 1
   swift-ring-builder object.builder add r1z3-192.168.56.101:6030/sdb3 1
   swift-ring-builder object.builder add r1z4-192.168.56.101:6040/sdb4 1
   swift-ring-builder object.builder rebalance
   swift-ring-builder object-1.builder create 10 3 1
   swift-ring-builder object-1.builder add r1z1-192.168.56.101:6010/sdc1 1
   swift-ring-builder object-1.builder add r1z2-192.168.56.101:6020/sdc2 1
   swift-ring-builder object-1.builder add r1z3-192.168.56.101:6030/sdc3 1
   swift-ring-builder object-1.builder add r1z4-192.168.56.101:6040/sdc4 1
   swift-ring-builder object-1.builder rebalance
   swift-ring-builder object-2.builder create 1 1 1
   swift-ring-builder object-2.builder add r1z5-192.168.56.64:6010/swiftvol_ 100.0
   swift-ring-builder object-2.builder rebalance

   * Note that policy:0 and policy:1 are being handled by the same object servers while policy:2 is being handled by another object server; in this case it is a gluster-swift object server running on a different VM. To configure gluster-swift follow the directions here: Gluster-Swift Quick Start Guide


5. run remakerings to create new ring files
6. Restart all swift services
7. Create new containers and specify their storage policy. Example: curl -i -H 'X-Storage-User: test2:tester2' -H 'X-Storage-Pass: testing2'-H 'X-Storage-Policy: gluster' http://192.168.56.101:8080/v1/AUTH_test2/test2c2

Como montar um volume do gluster usando a biblioteca libgfapi como usuário comum (non-root)

Enquanto estava trabalhando no projeto libgfapi-python, eu encontrei um problema para montar um volume do gluster como um usuário comum. O gluster, por padrão, permite conexões de clientes somente que vem de portas privilegiadas. Veja os passos abaixo para permitir a conexão apartir de portas “não-privilegiadas” e resolver esse problema:

1. Execute o comando: sudo gluster volume set [nome_do_volume] allow-insecure on
2. Edite o arquivo glusterd.vol: (geralmente se encontra aqui: /etc/glusterfs)
   • Adicione a linha: option rpc-auth-allow-insecure on
3. Lembre-se de mudar as permissões do diretório que você quer acesso para permitir o accesso apropriado para usuários comuns.

How to mount gluster volume using libgfapi as non-root

While working on the libgfapi-python project, I ran into an issue mounting a gluster volume as a non-root user. By default, gluster allows client connections only from privileged ports. See steps below on how enable connections from unprivileged ports and solve this problem.

1. Run the cli command: sudo gluster volume set [volume_name] allow-insecure on
2. Edit the file glusterd.vol: (usually placed under /etc/glusterfs)
   • add the line: option rpc-auth-allow-insecure on
3. Make sure to change permissions on the directory you are acessing to allow the appropriate non-root access