By Zeynep Koch-Oracle on May 20, 2015
Time: 10:00 AM PDT
Time: 10:00 AM PDT
We've reached the second day of the OpenStack Summit in Vancouver and our booth is now officially open. Come by and see us and talk about some of the work that we've been doing at Oracle - whether it's integrating a complete distribution of OpenStack into Oracle Linux and Oracle Solaris, Cinder and Swift storage on the Oracle ZFS Storage Appliance, integration with Swift and our Oracle HSM tape storage product, and how to quickly provision Oracle Database 12c in an OpenStack environment. We've got a lot of demos and experts there to answer your questions.
The Oracle sponsor session is on today also. Markus Flierl will be talking about "Making OpenStack Secure and Compliant for the Enterprise" at 2:50-3:30pm Tuesday Room 116/117. Markus will talk about the challenges of deploying an OpenStack cloud while still meeting critical secure and compliance requirements, and how Oracle can help you do this.
And in case anyone asks, yes, we're hiring!
Jim Kremer has written a blog about the OpenStack object storage service Swift and how to set it up on Oracle Solaris. For Swift on Solaris we use the ZFS file system as the underlying storage, which means we can take advantage of things like snapshots and clones, data encryption and compression, and the underlying redundancy that the ZFS architecture provides with storage pools and mirroring.
Read Jim's blog on How to get Swift up and running on Solaris.
-- Glynn Foster
Oracle is premier sponsor at OpenStack Summit in Vancouver, May 18-22. This year we will have experts from all of Oracle's OpenStack technologies including Oracle Linux and Oracle VM, Oracle Solaris, Oracle ZFS Storage Appliance, and Oracle Tape Storage Solutions. We will have informative sessions and booth to visit. Here's one of the Oracle sessions:
Title:Making OpenStack secure and compliant for the enterprise
Many Enterprises deploying OpenStack also need to meet Security and Compliance requirements. In this talk, you will learn how Oracle can help you address these requirements with OpenStack Cloud Infrastructure solutions designed to meet the needs of the Enterprise. Come learn how Oracle can help you deploy OpenStack solutions that you can trust to meet the needs of your enterprise, your customers, and the demands of mission-critical cloud services.
Tuesday, May 19 from 2:50 p.m. to 3:30 p.m., Room 116 / 117
We encourage you to visit the Oracle Booth # P9 for discussion with our OpenStack experts on your requirements and how best to adress your issues for smooth deployment. Marketplace hours and demos will be done on:
Hope to meet you at OpenStack Summit!
The next OpenStack developers and users summit will be in Vancouver. Oracle will again be a sponsor of this event, and we'll have a bunch of our team present from Oracle Solaris, Oracle Linux, ZFS Storage Appliance and more. The summit is a great opportunity to sync up on the latest happenings in OpenStack. By this stage the 'Kilo' release will be out and the community will be in full plan mode for 'Liberty'. Join us there and see what the Oracle teams have been up to recently!
-- Glynn Foster
Now generally available, the Oracle OpenStack for Oracle Linux distribution allows users to control Oracle Linux and Oracle VM through OpenStack in production environments. Based on the OpenStack Icehouse release, Oracle’s distribution provides customers with increased choice and interoperability and takes advantage of the efficiency, performance, scalability, and security of Oracle Linux and Oracle VM. Oracle OpenStack for Oracle Linux is available as part of Oracle Linux Premier Support and Oracle VM Premier Support offerings at no additional cost.
The Oracle OpenStack for Oracle Linux distribution is generally available, allowing customers to use OpenStack software with Oracle Linux and Oracle VM.
Oracle OpenStack for Oracle Linux is OpenStack software that installs on top of Oracle Linux. To help ensure flexibility and openness, it can support any guest operating system (OS) that is supported with Oracle VM, including Oracle Linux, Oracle Solaris, Microsoft Windows, and other Linux distributions.
This release allows customers to build a highly scalable, multitenant environment and integrate with the rich ecosystem of plug-ins and extensions available for OpenStack.
In addition, Oracle OpenStack for Oracle Linux can integrate with third-party software and hardware to provide more choice and interoperability for customers.
Oracle OpenStack for Oracle Linux is available as a free download from the Oracle Public Yum Server and Unbreakable Linux Network (ULN).
An Oracle VM VirtualBox image of the product is also available on Oracle Technology Network, providing an easy way to get started with OpenStack.
Here are some of the benefits :
Read more at Oracle OpenStack for Oracle Linux website
We've just published 2 new Hands on Labs that we ran during last year's Oracle OpenWorld. The labs were originally running on a SPARC T5-4 system with an attached Oracle ZFS Storage Appliance. During the lab, we walked participants through how to set up an OpenStack environment on Oracle Solaris, and then showed them how to create a golden image environment of the Oracle Database to be used to rapidly clone new VMs in the cloud. We've customized the lab so that it can be run in Oracle VM VirtualBox so check out the following labs:
The guys over at the Oracle Technology Network are hosting a new set of virtual events that are FREE to attend:
During the event there will be different tracks on the Database, Middleware, Java and Systems. For the Systems track we've got some great content lined up from Oracle Solaris, Oracle Linux and Oracle VM.
The first two sessions of the day in the Systems track are about setting up OpenStack on Oracle Solaris. We'll walk you through how to take a standard Oracle Solaris 11.2 installation, install and configure the OpenStack packages and get a simple single-node instance up and running. After this we'll deploy our first instance in OpenStack and show you how to create an application golden image. We'll also walk you through some of the additional enhancements we've made to be able to provide read-only VM environments through OpenStack.
There's a little bit of preparation work required for the labs. In our case we'll be using Oracle Solaris 11.2 installed in a VirtualBox environment. If you're interested in joining us for the events, check out the required preparation (there will be different preparation required for some of the other sessions so check out the registration page).
Eric Saxe (Oracle) co-presented with Michael Aday (HP) and Nigel Cook (Intel) during the OpenStack Summit in Paris earlier this month on how OpenStack is evolving to allow the cloud infrastructure to also host managed enteprise workloads (pets) rather than workloads that can be easily created or destroyed as needed (cattle). Check it out:
Other sessions held during the summit are available here here.
Dave Miner has started to blog his experiences in deploying OpenStack internally for the Oracle Solaris engineering organization. Here's a blurb from the first post of the blog series:
In the Solaris engineering organization we've long had dedicated lab systems dispersed among our various sites and a home-grown reservation tool for developers to reserve those systems; various teams also have private systems for specific testing purposes. But as a developer, it can still be difficult to find systems you need, especially since most Solaris changes require testing on both SPARC and x86 systems before they can be integrated. We've added virtual resources over the years as well in the form of LDOMs and zones (both traditional non-global zones and the new kernel zones). Fundamentally, though, these were all still deployed in the same model: our overworked lab administrators set up pre-configured resources and we then reserve them. Sounds like pretty much every traditional IT shop, right? Which means that there's a lot of opportunity for efficiencies from greater use of virtualization and the self-service style of cloud computing. As we were well into development of OpenStack on Solaris, I was recruited to figure out how we could deploy it to both provide more (and more efficient) development and test resources for the organization as well as a test environment for Solaris OpenStack.
You can read the rest of the blog series here (will update this post with new links as they are published):
The next OpenStack summit is soon approaching, hosted in Paris Nov 3-7. With a six month cadence, it's an opportunity for developers, users and operators to get together and talk all things OpenStack and plan for the next release of OpenStack (codenamed 'Kilo'). The Oracle Solaris OpenStack team will be there in attendance again, so please find us out if you have any questions.
Eric and I have also submitted a session for the summit called "Making OpenStack Safe for Pets" - VOTE FOR THIS SESSION!
Many Enterprise customers are well on their way towards adopting OpenStack for (at least) the Cattle rich pastures of their test & DevOps infrastructure, and are increasingly interested in consolidation of existing enterprise applications and mission critical services into that same infrastructure and management paradigm.
Many of those applications exhibit needs and characteristics more like Pets rather than Cattle however, presenting a barrier both for consolidation and broader adoption of cloud / OpenStack by the Enterprise.
While some have argued that Cloud / OpenStack is simply the wrong infrastructure for pet-like applications, we would posit that isn't and shouldn't be the case.
In this talk, we will talk about trends that we are seeing with respect to adoption of OpenStack by Enterprise customers, and how that is driving our investment in OpenStack as well as our underlying compute, networking, storage, Operating System and virtualization technologies. We will talk about ways in which Oracle plans to contribute to OpenStack, and what we believe are the key areas of investment needed to address the needs of cloud wanting Enterprise customers, including high-availability cloud services, fault-tolerant cloud infrastructure, simplified cloud lifecycle management and more.
While the day may come when Enterprise applications can be thought of as Cattle, until then significant value exists in meeting the needs of Enterprise customers wanting their pets to thrive in the cloud, and who tend to think of their cloud infrastructure as pet-like too.
-- Glynn Foster
Today we pushed some updates to OpenStack on Oracle Solaris into the release repository. These updates are to provide fixes for a number of bugs that were uncovered leading up the general release of Oracle Solaris 11.2. These fixes can be summarized as the following:
To update to these packages you can use the following command:
This will automatically apply the new package versions. You will manually need to restart the following OpenStack services:# pkg update
cinder-volume:default http:apache22 keystone neutron-dhcp-agent neutron-l3-agent neutron-server nova-compute
For reference, here's the list of packages that have been updated:
cloud/openstack/cinder cloud/openstack/glance cloud/openstack/horizon cloud/openstack/keystone cloud/openstack/neutron cloud/openstack/nova cloud/openstack/swift library/python-2/jsonpatch library/python-2/jsonpatch-26 library/python-2/jsonpatch-27 service/network/dnsmasq
-- Glynn Foster
The Oracle Solaris implementation of OpenStack Neutron supports the following deployment model: provider router with private networks deployment. You can find more information about this model here. In this deployment model, each tenant can have one or more private networks and all the tenant networks share the same router. This router is created, owned, and managed by the data center administrator. The router itself will not be visible in the tenant's network topology view. Because there is only a single router, tenant networks cannot use overlapping IPs. Thus, it is likely that the administrator would create the private networks on behalf of tenants.
By default, this router prevents routing between private networks that are part of the same tenant. That is, VMs within one private network cannot communicate with the VMs in another private network, even though they are all part of the same tenant. This behavior can be changed by setting allow_forwarding_between_networks to True in the /etc/neutron/l3_agent.ini configuration file and restarting the neturon-l3-agent SMF service.
This router provides connectivity to the outside world for the tenant VMs. It does this by performing bidirectional NAT on the interface that connects the router to the external network. Tenants create as many floating IPs (public IPs) as they need or as are allowed by the floating IP quota and then associate these floating IPs with the VMs that need outside connectivity.
The following figure captures the supported deployment model.
Figure 1 Provider router with private networks deployment
Tenant A has:
Tenant B has:
All the gateway interfaces are instantiated on the node that is running neutron-l3-agent.
The external network is a provider network that is associated with the subnet
10.134.13.0/24 that is reachable from outside. Tenants will create floating IPs from this network and associate them to their VMs. VM1 and VM2 have floating IPs 10.134.13.40 and 10.134.13.9 associated with them respectively. VM1 and VM2 are reachable from the outside world through these IP addresses.
Note: In this configuration, all Compute Nodes and Network Nodes in the network have been identified, and the configuration file for all the OpenStack services has been appropriately configured so that these services can communicate with each other.
The service tenant is a tenant for all the OpenStack services (nova, neutron, glance, cinder, swift, keystone, and horizon) and the users for each of the services. Services communicate with each other using these users who all have admin role. The steps below show how to use the service tenant to create a router, an external network, and an external subnet that will be used by all of the tenants in the data center. Please refer to the following table and diagram while walking through the steps.
Note: Alternatively, you could create a separate tenant (DataCenter) and a new user (datacenter) with admin role, and the DataCenter tenant could host all of the aforementioned shared resources.
Table 1 Public IP address mapping
Figure 2 Neutron L3 agent configuration
Note: We will need to use OpenStack CLI to configure the shared single router and associate network/subnets from different tenants with it because from OpenStack dashboard you can only manage one tenant’s resources at a time.
1. Enable Solaris IP filter functionality.
2. Enable IP forwarding on the entire host.
3. Ensure that the Solaris Elastic Virtual Switch feature is configured correctly and has the VLAN ID required for the external network. In our case, the external network/subnet uses VLAN 1.
Note: For more information on EVS please refer to Chapter 5, "About Elastic Virtual Switches" and Chapter 6, "Administering Elastic Virtual Switches" in Managing Network Virtualization and Network Resources in Oracle Solaris 11.2 (http://docs.oracle.com/cd/E36784_01/html/E36813/index.html). In short, Solaris EVS forms the backend for OpenStack networking, and it facilitates inter-VM communication (on the same compute-node or across compute-node) either using VLANs or VXLANs.
4. Ensure that the service tenant is already there.
5. Create the provider router. Note the UUID of the new router.
6. Use the router UUID from step 5 and update /etc/neutron/l3_agent.ini file with following entry:
7. Enable the neutron-l3-agent service.
8. Create an external network.
9. Associate a subnet to external_network
10. Apply the workaround for not having --allocation-pool support for subnets. Because 10.134.13.2 through 10.134.13.7 IP addresses are set aside for other OpenStack API services, perform the following floatingip-create steps to ensure that no tenant will assign these IP addresses to VMs:
11. Add external_network to the router.
12. Add the tenant's private networks to the router. The networks shown by neutron net-list were previously configured.
13. The following figure shows how the network topology looks when you log in as a service tenant user.
1. Log into the OpenStack Dashboard using the tenant user's credential
2. Select Project -> Access & Security -> Floating IPs
3. With external_network selected, click the Allocate IP button
4. The Floating IPs tab shows that 10.134.13.9 Floating IP is allocated.
5. Click the Associate button and select the VM's port from the pull down menu.
6. The Project -> Instances window shows that the floating IP is associated with the VM.
If you had selected a keypair (SSH Public Key) while launching an instance, then that SSH key would be added into the root's authorized_keys file in the VM. With that done you can ssh into the running VM.
On the node where neutron-l3-agent is running, you can use IP filter commands (ipf(1m), ippool(1m), and ipnat(1m)) and networking commands (dladm(1m) and ipadm(1m)) to observe and troubleshoot the configuration done by neturon-l3-agent.
VNICs created by neutron-l3-agent:
IP addresses created by neutron-l3-agent:
IP Filter rules:
IP NAT rules:
1. The neutron-l3-agent SMF service goes into maintenance when it is restarted. This will be fixed in an SRU. The workaround is to restart the ipfilter service and clear the neutron-l3-agent.
2. The default gateway for the network node is removed in certain setups.
If the IP address of the Network Node is derived from the external_network address space, then if you use the neutron router-gateway-clear command to remove the external_network from the provider_router, the default gateway for the network node is deleted and the network node is inaccessible.
To fix this problem, connect to the network node through the console and then add the default gateway again.
As Eric has already mentioned with Oracle Solaris 11.2 we've included a complete, enterprise-ready distribution of OpenStack based on the "Havana" release of the upstream project. We've talked to many customers who have expressed an interest in OpenStack generally, but also being able to have Oracle Solaris participate in a heterogeneous mix of technologies that you'd typically see in a data center environment. We're absolutely thrilled to be providing this functionality to our customers as part of the core Oracle Solaris platform and support offering, so they can set up agile, self-service private clouds with Infrastructure-as-a-Service (IaaS), or develop Platform-as-a-Service (PaaS) or Software-as-a-Service (SaaS) solutions on top of this infrastructure.
If you haven't really had much experience with OpenStack, you'll almost certainly be confused by the myriad of different project names for some of the core components of an OpenStack cloud. Here's a handy table:
|Nova||OpenStack Nova provides a cloud computing fabric controller that supports a wide variety of virtualization technologies. In addition to its native API, it includes compatibility with the commonly encountered Amazon Elastic Compute Cloud (EC2) and Amazon Simple Storage Service (S3) APIs.|
|Neutron||OpenStack Neutron provides an API to dynamically request and configure virtual networks. These networks connect "interfaces" from other OpenStack services (for example, VNICs from Nova VMs). The Neutron API supports extensions to provide advanced network capabilities, for example, quality of service (QoS), access control lists (ACLs) and network monitoring.|
|Cinder||OpenStack Cinder provides an infrastructure for managing block storage volumes in OpenStack. It allows block devices to be exposed and connected to compute instances for expanded storage, better performance, and integration with enterprise storage platforms.|
|Swift||OpenStack Swift provides object storage services for projects and users in the cloud.|
|Glance||OpenStack Glance provides services for discovering, registering, and retrieving virtual machine images. Glance has a RESTful API that allows querying of VM image metadata as well as retrieval of the actual image. VM images made available through Glance can be stored in a variety of locations from simple file systems to object-storage systems such as OpenStack Swift.|
|Keystone||OpenStack Keystone is the OpenStack identity service used for authentication between the OpenStack services.|
|Horizon||OpenStack Horizon is the canonical implementation of OpenStack's dashboard, which provides a web-based user interface to OpenStack services including Nova, Neutron, Cinder, Swift, Keystone and Glance.|
So how do you get started? Due to the distributed architecture of OpenStack and being able to run different services across multiple nodes, OpenStack isn't the easiest thing in the world to configure and get running. We've made that easier for you to be able to set up a single-node pre-configured instance to evaluate initially with an OpenStack Unified Archive and an excellent getting started guide. Once you've got up to speed on a single-node set up, you can use your experience to deploy OpenStack on a multi-node setup. We've also got a bunch of other resource available:
We're just starting our journey of providing OpenStack on Oracle Solaris with this initial integration and we expect to deliver more value over time. Ready to start your journey with OpenStack in your data center?
-- Glynn Foster
Solaris 11 brought us the ability to have Immutable non global Zones. With Solaris 11.2 we have extended that capability so that it works with Kernel Zones, LDOMs (OVM SPARC) and bare metal global zones.
Now what about deploying Immutable Zones via OpenStack ?
The way to do this is to via the Flavors facility in Nova.
From the OpenStack Dashboard (Horizon) navigate to the
Admin-> Flavor page. We can either update an existing one of the
Solaris flavours or create a new one. Lets do this by creating a new
one called 'Immutable Solaris non global Zone'
Make sure you set the 'Flavor Access' to include the projects you want to use this.
Then from the 'More' menu on the entry in the table select 'View Extra Specs'
that will bring up a window like this one, since we are creating a new entry from scratch we have to also setup the type of zone this will be.
Select Create and fill in the following to set a non global zone (if you wanted a kernel zone instead then change the value to solaris-kz):
The do the same again and create a key/value pair for 'zonecfg:file-mac-profile' with the value being one of 'flexible-configuration,fixed-configuration,strict' eg:
Thats it close the flavor window and now we can select this as a type when we deploy a new instance.
If create a new VM instance using this flavor and look at the configuration of the zone that Nova is deploying for us we will see something like this:
$ zonecfg -z instance-0000000f info zonename: instance-0000000f zonepath: /system/zones/instance-0000000f brand: solaris autoboot: false autoshutdown: shutdown bootargs: file-mac-profile: fixed-configuration ...
It is possible to set other zonecfg global scope settings here as well. Currently the choice is limited to a fixed set but I'm hoping to change that to allow any of the known global scope settings. This would allow using some of the more advanced Zone resource controls via an OpenStack Nova Flavor.