The CentOS Cloud SIG is pleased to announce the availability of OpenStack Kilo package repositories for CentOS 7, and Juno repositories for CentOS 6. These are the result of the last few months of work by the Cloud SIG membership, and, of course, we owe a great deal of gratitude to the upstream OpenStack community as well.

The CentOS 7 Kilo repository may be found at http://mirror.centos.org/centos/7/cloud/x86_64/

The Juno CentOS 6 repository may be found at http://mirror.centos.org/centos/6/cloud/x86_64/

The actual -release files will reside in Extras, so that you can yum install centos-release-openstack-kilo for Kilo and yum install centos-release-openstack-juno for Juno, without needing to mess with repo configurations.

See also the Juno EL6 QuickStart at http://wiki.centos.org/Cloud/OpenStack/JunoEL6QuickStart

CentOS cares about OpenStack. We test all of our cloud images against OpenStack, in the CentOS 5, 6, and 7 branches. The CentOS Cloud SIG is very keen on facilitating community efforts at CentOS, and we have resources available for CI, repos, and other needs, which the community can use. We welcome your participation in this effort. We’re dedicated to ensuring that CentOS is a solid, dependable platform for deploying OpenStack, and that all versions of OpenStack are thoroughly tested against CentOS, and vice versa.

You can find out more about the CentOS Cloud SIG, and how to get involved, at http://wiki.centos.org/SpecialInterestGroup/Cloud

Here’s what RDO engineers have been writing about over the past week.

If you’re writing about RDO, or about OpenStack on CentOS, Fedora or RHEL, and you’re not on my list, please let me know!

The Age of Cloud File Services, by Sean Cohen

The new OpenStack Kilo upstream release that became available on April 30, 2015 marks a significant milestone for the Manila project for shared file system service for OpenStack with an increase in development capacity and extensive vendors adoption. This project was kicked off 3 years ago and became incubated during 2014 and now moves to the front of the stage at the upcoming OpenStack Vancouver Conference taking place this month with customer stories of Manila deployments in Enterprise and Telco environments.

… read more at http://tm3.org/blog150

Adding Managed Compute Nodes to a Highly Available Openstack Control Plane, by Andrew Beekhof

As previously announced on RDO list and GitHub, we now have a way to allow Pacemaker to manage compute nodes within a single cluster while still allowing us to scale beyond corosync’s limits.

… read more at http://tm3.org/blog151

TripleO Heat templates Part 2 - Node initial deployment & config by Steve Hardy

In my previous post “TripleO Heat templates Part 1 - roles and groups”, I provided an overview of the various TripleO roles, the way the role implementation is abstracted via provider resources, and how they are grouped and scaled via OS::Heat::ResourceGroup.

… read more at http://tm3.org/blog152

Public vs Private, Amazon compared to OpenStack by Jonathan Gershater

How to choose a cloud platform and when to use both

… more at http://tm3.org/blog153

An EZ Bake OVN for OpenStack by Russell Bryant

When Ben Pfaff pushed the last of the changes needed to make OVN functional to the ovn branch, he dubbed it the “EZ Bake milestone”. The analogy is both humorous and somewhat accurate. We’ve reached the first functional milestone, which is quite exciting.

… read more at http://tm3.org/blog154

Testing Lightning Talk by Assaf Muller

I’m giving a lightning talk in the OpenStack Vancouver Neutron design summit. It’s a 5 minute talk about testing, common pitfalls and new developments with respect to testing frameworks.

… read more at http://tm3.org/blog155

TripleO Heat templates Part 3 - Cluster configuration, introduction/primer by Steve Hardy

In my previous two posts I covered an overview of TripleO template roles and groups, and specifics of how initial deployment of a node happens. Today I’m planning to introduce the next step of the deployment process - taking the deployed groups of nodes, and configuring them to work together as clusters running the various OpenStack services encapsulated by each role.

… read more at http://tm3.org/e

Debugging TripleO Heat templates by Steve Hardy

Lately, I’ve been spending increasing amounts of time working with TripleO heat templates, and have noticed some recurring aspects of my workflow whilst debugging them which I thought may be worth sharing.

.. read more at http://tm3.org/blog156

Deprecating libvirt / KVM hypervisor versions in OpenStack Nova by Daniel Berange

If you read nothing else, just take note that in the Liberty release cycle Nova has deprecated usage of libvirt versions < 0.10.2, and in the Mxxxxx release cycle support for running with libvirt < 0.10.2 will be explicitly dropped.

… read more at http://tm3.org/blog157

Here’s what RDO engineers have been writing about over the past week.

If you’re writing about RDO, or about OpenStack on CentOS, Fedora or RHEL, and you’re not on my list, please let me know!

Leveraging Linux Platform for Identity Management in Enterprise Web Applications, by Nathan Kinder

I gave a presentation this past weekend at Linuxfest Northwest on the topic of using a collection of Apache HTTPD modules and SSSD to provide identity management for web applications. This is an approach that is currently used by OpenStack, ManageIQ, and Foreman to allow the Apache HTTPD web server to handle all of the authentication and retrieval of user identity data and exposing it to the web applications.

… Read more at http://tm3.org/blog136

Driving in the Fast Lane – CPU Pinning and NUMA Topology Awareness in OpenStack Compute, by Steve Gordon

The OpenStack Kilo release, extending upon efforts that commenced during the Juno cycle, includes a number of key enhancements aimed at improving guest performance. These enhancements allow OpenStack Compute (Nova) to have greater knowledge of compute host layout and as a result make smarter scheduling and placement decisions when launching instances. Administrators wishing to take advantage of these features can now create customized performance flavors to target specialized workloads including Network Function Virtualization (NFV) and High Performance Computing (HPC).

… read more at http://tm3.org/blog137

Heat SoftwareConfig resources - primer/overview. by Steve Hardy

In this post, I’m going to provide an overview of Heat’s Software Configuration resources, as a preface to digging in more detail into the structure of TripleO heat templates, which leverage SoftwareConfig functionality to install and configure the deployed OpenStack cloud.

… Read more at http://tm3.org/blog138

Extending Tsung to benchmark Swift3, by Cyril Roelandt

Tsung is a multi-protocol distributed load testing tool released under the GPLv2 license. In this article, we will see how we can create a scenario that triggers the download of a file from a Swift container using the S3 API. In fact, we are using Swift3, a compatibility layer that implements the S3 API on top of OpenStack Swift. To do so, we will have to use some of the advanced features of Tsung, but people not familiar with either Tsung or Erlang should still be able to enjoy this article.

… read more at http://tm3.org/blog139

TripleO Heat templates Part 1 - Roles and Groups, by Steve Hardy

This is the start of a series of posts aiming to de-construct the TripleO heat templates, explaining the abstractions that exist,and the heat features which enable them.

… read more at http://tm3.org/blog140

Setting up an RDO deployment to be Identity V3 Only, by Adam Young

The OpenStack Identity API Version 3 provides support for many features that are not available in version 2. Much of the installer code from Devstack, Puppet Modules, and Packstack, all assumes that Keystone is operating with the V2 API. In the interest of hastening the conversion, I set up a deployment that is V3 only. Here is how I did it.

… read more at http://tm3.org/blog142

Autoscaling with Heat, Ceilometer and Gnocchi, by Mehdi Abaakouk

A while ago, I had made a quick article/demo of how to use Ceilometer instead of the built-in emulated Amazon CloudWatch resources of Heat.

… read more at http://tm3.org/blog143

What’s Coming in OpenStack Networking for the Kilo Release, by Nir Yechiel

OpenStack Kilo, the 11th release of the open source project, was officially released in April, and now is a good time to review some of the changes we saw in the OpenStack Networking (Neutron) community during this cycle, as well as some of the key new networking features introduced in the project.

… read more at http://tm3.org/blog144

Here’s what RDO engineers have been writing about over the past week.

If you’re writing about RDO, or about OpenStack on CentOS, Fedora or RHEL, and you’re not on my list, please let me know!

Geocaching in Vancouver, by Rich Bowen

Coming to the OpenStack Summit in Vancouver? Like Geocaching? It looks like there’s a lot of caches around the summit location. This map shows the 500 closest.

… read more at http://tm3.org/blog134

Creating Hierarchical Projects in Keystone, by Adam Young

Hierarchical Multitenancy is coming. Look busy.

.. read more at http://tm3.org/blog145

Red Hat Enterprise Linux OpenStack Platform 6: SR-IOV Networking – Part II: Walking Through the Implementation, by Itzik Brown

In the previous blog post in this series we looked at what single root I/O virtualization (SR-IOV) networking is all about and we discussed why it is an important addition to Red Hat Enterprise Linux OpenStack Platform. In this second post we would like to provide a more detailed overview of the implementation, some thoughts on the current limitations, as well as what enhancements are being worked on in the OpenStack community.

… read more at http://tm3.org/blog135

Leveraging Linux Platform for Identity Management in Enterprise Web Applications by Nathan Kinder

I gave a presentation this past weekend at Linuxfest Northwest on the topic of using a collection of Apache HTTPD modules and SSSD to provide identity management for web applications. This is an approach that is currently used by OpenStack, ManageIQ, and Foreman to allow the Apache HTTPD web server to handle all of the authentication and retrieval of user identity data and exposing it to the web applications.

… read more at http://tm3.org/blog136

Here’s what RDO engineers have been writing about over the past week.

If you’re writing about RDO, or about OpenStack on CentOS, Fedora or RHEL, and you’re not on my list, please let me know!

Gnocchi 1.0: storing metrics and resources at scale, by Julien Danjou

A few months ago, I wrote a long post about what I called back then the “Gnocchi experiment“. Time passed and we – me and the rest of the Gnocchi team – continued to work on that project, finalizing it.

… read more at http://tm3.org/blog130

OVN and OpenStack Status – 2015-04-21, by Russell Bryant

It has been a couple weeks since the last OVN status update. Here is a review of what has happened since that time.

… read more at http://tm3.org/blog131

A Vision for OpenStack by Zane Bitter

One of the great things about forcing yourself to write down your thoughts is that it occasionally produces one of those lightbulb moments of clarity, where the jigsaw pieces you have been mentally turning over suddenly all fit together. I had one of those this week while preparing my platform for the OpenStack Technical Committee election.

… read more at http://tm3.org/blog132

Here’s what RDO engineers have been writing about over the past week.

If you’re writing about RDO, or about OpenStack on CentOS, Fedora or RHEL, and you’re not on my list, please let me know!

Implementation of Pacemaker Managed OpenStack VM Recovery, by Russell Bryant

I’ve discussed the use of Pacemaker as a method to detect compute node failures and recover the VMs that were running there. The implementation of this is ready for testing. Details can be found in this post to rdo-list.

… read more at http://tm3.org/blog122

OVN and OpenStack Integration Development Update, by Russell Bryant

The Open vSwitch project announced the OVN effort back in January. After OVN was announced, I got very interested in its potential. OVN is by no means tied to OpenStack, but the primary reason I’m interested is I see it as a promising open source backend for OpenStack Neutron. To put it into context with existing Neutron code, it would replace the OVS agent in Neutron in the short term. It would eventually also replace the L3 and DHCP agents once OVN gains the equivalent functionality.

… read more at http://tm3.org/blog123

Preserving contaner properties via volume mounts, by Steven Dake

In the Kolla project, we were heavily using host bind mounts to share filesystem data with different containers. A host bind mount is an operation where a host directory, such as /var/lib/mysql is mounted directly into the container at some specific location.

… read more at http://tm3.org/blog124

Distributed Virtual Routing – Overview and East/West Routing, by Assaf Muller

DVR aims to isolate the failure domain of the traditional network node and to optimize network traffic by eliminating the centralized L3 agent shown above. It does that by moving most of the routing previously performed on the network node to the compute nodes.

… read more at http://tm3.org/blog125

Distributed Virtual Routing – SNAT, by Assaf Muller

A quick reminder about two NAT types used in Neutron.

… read more at http://tm3.org/blog126

Distributed Virtual Routing – Floating IPs, by Assaf Muller

Legacy routers provide floating IPs connectivity by performing 1:1 NAT between the VM’s fixed IP and its floating IP inside the router namespace. Additionally, the L3 agent throws out a gratuitous ARP when it configures the floating IP on the router’s external device. This is done to advertise to the external network that the floating IP is reachable via the router’s external device’s MAC address. Floating IPs are configured as /32 prefixes on the router’s external device and so the router answers any ARP requests for these addresses. Legacy routers are of course scheduled only on a select subgroup of nodes known as network nodes.

… read more at http://tm3.org/blog127

Creating a new Network for a dual NIC VM, by Adam Young

I need a second network for testing a packstack deployment. Here is what I did to create it, and then to boot a new VM connected to both networks.

… read more at http://tm3.org/blog128

Debugging TripleO Heat templates, by Steve Hardy

Lately, I’ve been spending increasing amounts of time working with TripleO heat templates, and have noticed some recurring aspects of my workflow whilst debugging them which I thought may be worth sharing.

… read more at http://tm3.org/blog129

Here’s what RDO engineers have been writing about over the past week.

If you’re writing about RDO, or about OpenStack on CentOS, Fedora or RHEL, and you’re not on my list, please let me know!

Creation of Trove-compatible images for RDO, by Victoria Martínez de la Cruz

OpenStack Trove, included in the latest RDO releases, allows users to use the features of relational and non-relational databases without the added complexity of handling administrative tasks. With Trove, database users don’t need to be database experts to provision and manage multiple databases instances.

… read more at http://tm3.org/blog119

OpenStack Summit Vancouver: Agenda Confirms 40+ Red Hat Sessions, by Jeff Jameson

As this Spring’s OpenStack Summit in Vancouver approaches, the Foundation has now posted the session agenda, outlining the final schedule of events. I am very pleased to report that Red Hat and eNovance have more than 40 approved sessions that will be included in the weeks agenda, with a few more approved as joint partner sessions, and even a few more as waiting alternates.

… read more at http://tm3.org/blog120

Horizon WebSSO via SSSD, by Adam Young

I’ve shown how to set up OpenStack Keystone Federation with SSSD. We know we can set up Horizon with Federation using SAML. Here is how to set up Web Single Sign On (WebSSO) for SSSD and Kerberos.

… read more at http://tm3.org/blog121

[A guest post by Victoria Martínez de la Cruz]

OpenStack Trove, included in the latest RDO releases, allows users to use the features of relational and non-relational databases without the added complexity of handling administrative tasks. With Trove, database users don’t need to be database experts to provision and manage multiple databases instances.

Apart from the installation and configuration of the different modules you require to use Trove, you will need to build an image specific to the OS and storage backend of your choice.

Currently, there is no easy way to build these images: you can either inject the required files manually or you can use an utility called diskimage-builder.

In this guide we are going to explain how to build a RHEL-based Trove compatible images using a script that wraps diskimage-builder and adds all the required bits.

Red Hat Enterprise Linux (RHEL) 7 is the minimum recommended version, or the equivalent version of one of the RHEL-based Linux distributions such as CentOS 7, or Fedora 21 or later, to do this task. Also, we assume you have the latest RDO, and that you have already subscribed to the appropriate repositories.

1. Install trove-image-elements

The trove-image-elements repository contains the code necessary to build the images with the supported storage backends – currently MySQL and MongoDB. Install git and clone it in your environment using the following directives:

$ sudo yum -y install git $ sudo git clone https://github.com/vkmc/trove-image-elements

1. Download a RHEL-based guest image

Get a base guest image for the distro of your choice. You can get RHEL 7, CentOS 7 and Fedora 21 guest images in https://rdoproject.org/Image_resources. You can also get images for RHEL 6, CentOS 6 or Fedora 20, but the image creation process has not been tested with those versions.

1. Create the image

The diskimage-builder tool works by taking a disk image, installing pieces of software - called ‘elements’ - and repacking it for use.

Running the script will generate a (a great deal of) log output, as the utility opens your base image, registers it to RHSM (in the case of RHEL), updates the system image, installs trove-guestagent and the storage backend of your choice, and packages the image for use in Trove. At the end, you’ll have a file named DISTRO-DATASTORE-guest-image.qcow2, where DISTRO and DATASTORE are the GNU/Linux distribution and storage backend you selected.

3.1 Create a RHEL7 image

Run create_trove_image.sh with the following parameters to create a RHEL 7 image with MySQL:

$ sudo ./create_trove_image.sh –distro rhel –datastore mysql –local-image <path-to-local-image> –rh-user --rh-password <your-rh-password> --rh-pool-id <subscription-pool-id>

or

$ sudo ./create_trove_image.sh -d rhel -s mysql -i <path-to-local-image> -u <your-rh-user> -p <your-rh-password> -o

3.2 Create a CentOS 7 image

Run create_trove_image.sh with the following parameters to create a CentOS 7 image with MySQL:

$ sudo ./create_trove_image.sh –distro centos –datastore mysql –local-image <path-to-local-image>

or

$ sudo ./create_trove_image.sh -d centos -s mysql -i <path-to-local-image>

3.3 Create a Fedora 21 image

Run create_trove_image.sh with the following parameters to create a Fedora 21 image with MySQL:

$ sudo ./create_trove_image.sh –distro fedora –datastore mysql –local-image <path-to-local-image>

or

$ sudo ./create_trove_image.sh -d fedora -s mysql -i

1. Register the Image with Trove

First, upload the image to Glance, using either the UI or the API. In the UI, you can find this in your project’s interface at Compute/Images.

Second, register this image with Trove. There is no way to do this from the UI yet, so you have to do this using the API. For this, we provide a second script load_trove_image.sh.

Simply run load_image_trove.sh specifying the datastore, the datastore version, the packages required by the image you want to upload and the image id generated by Glance.

$ sudo ./load_trove_image.sh –datastore mysql –datastore-version centos-mysql5.5 –packages mysql-server=5.5 –id bbd73560-58aa-4377-b961-3d12e76b0bed

or

$ sudo ./load_trove_image.sh -s mysql -v centos-mysql5.5 -p mysql-server=5.5 -i bbd73560-58aa-4377-b961-3d12e76b0bed

You are now ready to begin using Trove: launch a new instance using the image you just created and start creating your DBs.

Here’s what RDO engineers have been writing about over the past week.

If you’re writing about RDO, or about OpenStack on CentOS, Fedora or RHEL, and you’re not on my list, please let me know!

Troubleshooting Keystone in a New Install, by Adam Young

I’ve done a deployment , and every time I try to log in to the dashboard, I get “An error occurred authenticating. Please try again later.” Somewhat surprisingly, the only log that I’m noticing showing anything of note is the Apache error log, which reports ‘Login failed for user “admin”‘. I’ve bumped keystone — where I’d assume the error is happening — to DEBUG, but it’s showing exactly zero activity. How do I go about debugging this?’

… read more at http://tm3.org/blog115

An OpenStack Cloud that frees you to pursue your business, by Jonathan Gershater

As your IT evolves toward an open, cloud-enabled data center, you can take advantage of OpenStack’s benefits: broad industry support, vendor neutrality, and fast-paced innovation.

… read more at http://tm3.org/blog116

OpenStack keeps resetting my hostname, by Adam Young

No matter what I changed, something kept setting the hostname on my vm to federate.cloudlab.freeipa.org.novalocal. Even forcing the /etc/hostname file to be uneditable did not prevent this change. Hunting this down took far too long, and here is the result of my journey.

… read more at http://tm3.org/blog117

An ecosystem of integrated cloud products, by Jonathan Gershater

In my prior post, I described how OpenStack from Red Hat frees you to pursue your business with the peace of mind that your cloud is secure and stable. Red Hat has several products that enhance OpenStack to provide cloud management, virtualization, a developer platform, and scalable cloud storage.

… read more at http://tm3.org/blog118

Here’s what RDO engineers have been writing about over the past week.

If you’re writing about RDO, or about OpenStack on CentOS, Fedora or RHEL, and you’re not on my list, please let me know!

QEMU QCow2 built-in encryption: just say no. Deprecated now, to be deleted soon, by Daniel Berrange

A little over 5 years ago now, I wrote about a how libvirt introduced support for QCow2 built-in encryption. The use cases for built-in qcow2 encryption were compelling back then, and remain so today. In particular while LUKS is fine if your disk backend is already a kernel visible block device, it is not a generically usable alternative for QEMU since it requires privileged operation to set it up, would require yet another I/O layer via a loopback or qemu-nbd device, and finally is entirely Linux specific.

… read more at http://tm3.org/blog111

Minimal DevStack with OpenStack Neutron networking, by Kashyap Chamarthy

This post discusses a way to setup minimal DevStack (OpenStack development environment from git sources) with Neutron networking, in a virtual machine.

… read more at http://tm3.org/blog112

Custom Cloud Images for OpenStack pt1, by Captain KVM

We previously finished our multi-part series on deploying RHEL-OSP with the RHEL-OSP-Installer. In a few weeks, if all goes according to plan I’ll fire up a new series on the next gen installer… In the mean time, I’d like to show you some useful things to do once you’ve got everything up and running. So what’s up first? Well, as the title suggests, we’re going to create some custom images.

… read more at http://tm3.org/blog113

Co-Engineered Together: OpenStack Platform and Red Hat Enterprise Linux, by Arthur Berezin

OpenStack is not a software application that just runs on top of any random Linux. OpenStack is tightly coupled to the operating system it runs on and choosing the right Linux operating system, as well as an OpenStack platform, is critical to provide a trusted, stable, and fully supported OpenStack environment.

… read more at http://tm3.org/blog114