Interoperable OpenStack guest provisioning

Alessandro PilottiCEO

@cloudbaseit

OpenStackAn open source IaaS project– Apache 2 license

Managed by the OpenStack Foundation– More than 150 companies joined it

including:– AMD, Intel, Canonical, SUSE Linux, Red

Hat, Cisco, Dell, HP, IBM, NEC, Vmware

Portable– Mostly used on Linux

Written in Python

ReleasesVery aggressive schedule

– Twice a year

• Essex– Apr 2012– Hyper-V removed

• Folsom– October 2012– Cloudbase Solutions involvement - Hyper-V re-included

• Grizzly– Apr 2013

• Havana– October 2013

• Icehouse– Apr 2014

OpenStack Architecture• Distributed Components

– Can be deployed on a single server or multiple servers

• Public RESTful API– Bindings available for various languages (including .Net)

• Queues (AMQP) for private APIs– Great scalability

• Relational DBs for storing the configuration– MySQL, PostgreSQL, SQLite (and SQL server)

• UI– CLI tools– Web dashboard

ComponentsCompute (Nova)Object Storage (Swift)Block Storage (Cinder)Image Service (Glance)Networking (Neutron)Dashboard (Horizon)Identity (Keystone)Metering (Ceilometer)Orchestration (Heat)

Architecture 1

Architecture 2

Component interaction• AMQP– RabbitMQ– Apache Qpid

• API– RESTful services

• Database– Any Python SQLAlchemy provider– Mostly MySQL– SQL Server required various bug fixes

And now the guests• Nova’s IaaS role ends in the moment

in which the VM boots.• What happens afterwards, is

something that the guest OS has to sort out.

• Clouds need to support a variety of guest operating systems:– Linux (Ubuntu, RHEL / CentOS and lots

more)– Windows Server (and workstation for VDI)– FreeBSD– etc

Guest init actions• Setting the host name• Manage users / groups• Configure network• Deploy ssh keys for public key auth– Passwords are BAD!

• Extend partitions automatically• Run custom scripts• (and more)

Config data? • Passing configuration data to the

guest is tricky– Remember: no networking yet!

• The “classic” EC2 approach– A url on a magic IP http://169.254.169.254– Various HTTP metadata format exists

• e.g. EC2, OpenStack (Nova)

• An ISO image (ConfigDrive)– File system reflects the content available

via HTTP

Multi platform support• This is the really tricky part• IaaS components (e.g. Nova) don’t

care about the guest OS• Doing provisioning in Linux differs

from Windows and from FreeBSD• cloud-init works on Linux– Too tightly coupled with the OS– Porting is very though

• So we had to start a new project

Cloudbase-Init• Standard de facto on Windows

OpenStack deployments• Ported to FreeBSD as well:– https://github.com/pellaeon/bsd-cloudinit

• “Made in TM”, like the rest of the Cloudbase stuff

• 100% Python code

Architecture• Needs to be completely decoupled

from the OS– Must be portable to any OS

• Highly extensible model• Basic UML class diagram: – https://drive.draw.io/

#G0B6gjkOr4OobDQnVHY0QyQ2pSVlE

Tricky Windows parts• CPython works great on Windows

– Lots of modules for basic OS integration

• What to do when we need to go “deeper”?– PyWin32

• COM• Wraps lots of Win32 APIs

– PythonNet• .Net• Not to be confused with IronPython!

– WMI• CIM implementation

– Ctypes• Direct Win32 calls• Very flexible• Can be tedious to code• Similar to .Net PInvoke

Examples -WMI• Win32_NetworkAdapter– https://github.com/cloudbase/cloudbase-

init/blob/master/cloudbaseinit/osutils/windows.py#L340

Examples - ctypes• Win32 - VerifyVersionInfoW– https://github.com/cloudbase/cloudbase-

init/blob/master/cloudbaseinit/osutils/windows.py#L557

• Portable - openssl API– https://github.com/cloudbase/cloudbase-

init/blob/master/cloudbaseinit/utils/crypt.py#L124

Examples COM• COM exposes properties and methods

via getattr / setattr• Volumes management– https://github.com/cloudbase/cloudbase-

init/blob/master/cloudbaseinit/plugins/windows/vds.py#L322

– https://github.com/cloudbase/cloudbase-init/blob/master/cloudbaseinit/plugins/windows/extendvolumes.py#L161

Logging to serial port• Fact: serial ports never grow old • Clouds use often serial ports to

communicate between hypervisors and guests– E.g. OpenStack with KVM

• Linux can easily use serial ports for console I/O– That’s how Unix was used in the old days

pyserial• Windows does not log to serial port• Serial port can be integrated into

Python’s logging– https://github.com/cloudbase/cloudbase-

init/blob/master/cloudbaseinit/utils/log.py#L34

• By adding this Log Handler, anytime you issue a LOG.info/warn/error etc it will be logged to serial port and collected by KVM (for example)

Q & A