Tuesday May 19, 2015

Oracle Solaris gets OpenStack Juno Release

We've just recently pushed an update to Oracle OpenStack for Oracle Solaris. Supported customers who have access to the Support Repository Updates (SRU) can upgrade their OpenStack environments to the Juno release with the availability of SRU

The Juno release includes a number of new features, and in general offers a more polished cloud experience for users and administrators. We've written a document that covers the upgrade from Havana to Juno. The process to upgrade involves some manual administrator to copy and merge OpenStack configuration across the two releases, and upgrade the database schemas that the various services use. We're working hard to provide a more seamless upgrade experience, so stay tuned!

-- Glynn Foster

Join us at the Oracle OpenStack booth!

We've reached the second day of the OpenStack Summit in Vancouver and our booth is now officially open. Come by and see us and talk about some of the work that we've been doing at Oracle - whether it's integrating a complete distribution of OpenStack into Oracle Linux and Oracle Solaris, Cinder and Swift storage on the Oracle ZFS Storage Appliance, integration with Swift and our Oracle HSM tape storage product, and how to quickly provision Oracle Database 12c in an OpenStack environment. We've got a lot of demos and experts there to answer your questions.

The Oracle sponsor session is on today also. Markus Flierl will be talking about "Making OpenStack Secure and Compliant for the Enterprise" at 2:50-3:30pm Tuesday Room 116/117. Markus will talk about the challenges of deploying an OpenStack cloud while still meeting critical secure and compliance requirements, and how Oracle can help you do this.

And in case anyone asks, yes, we're hiring!

Friday May 15, 2015

Database as a Service with Oracle Database 12c, Oracle Solaris and OpenStack

Just this morning Oracle announced a partnership with Mirantis to bring Oracle Database 12c to OpenStack. This collaboration enables Oracle Solaris and Mirantis OpenStack users to accelerate application and database provisioning in private cloud environments via Murano, the application catalog project in the OpenStack ecosystem. This effort brings Oracle Database 12c and Oracle Multitenant deployed on Oracle Solaris to Murano—the first Oracle cloud-ready products to be available in the catalog.

We've been hearing from lots of customers wanting to quickly deploy Oracle Database instances in their OpenStack environments and we're excited to be able to make this happen. Thanks to Oracle Database 12c and Oracle Multitenant, users can quickly create new Pluggable Databases to use in their cloud applications, backed by the secure and enterprise-scale foundations of Oracle Solaris and SPARC. What's more, with the upcoming generation of Oracle systems based on the new SPARC M7 processors, users will get automatic benefit of advanced security, performance and efficiency of Software in Silicon with features such as Application Data Integrity and the Database In-Memory Query Accelerator.

So if you're heading to Vancouver next week for the OpenStack Users and Developers Summit, stop by booth P9 and P7 to see a demo!

Update: (19/05/15) A technical preview of our work with Murano is now available here on the OpenStack Application Catalog.

Thursday Apr 16, 2015

OpenStack Swift on Oracle Solaris

Jim Kremer has written a blog about the OpenStack object storage service Swift and how to set it up on Oracle Solaris. For Swift on Solaris we use the ZFS file system as the underlying storage, which means we can take advantage of things like snapshots and clones, data encryption and compression, and the underlying redundancy that the ZFS architecture provides with storage pools and mirroring.

Read Jim's blog on How to get Swift up and running on Solaris.

-- Glynn Foster

Thursday Apr 09, 2015

Oracle at OpenStack Summit in Vancouver - May 18-22

Oracle is premier sponsor at OpenStack Summit in Vancouver, May 18-22. This year we will have experts from all of Oracle's OpenStack technologies including Oracle Linux and Oracle VM, Oracle Solaris, Oracle ZFS Storage Appliance, and Oracle Tape Storage Solutions. We will have informative sessions and booth to visit. Here's one of the Oracle sessions:

Title:Making OpenStack secure and compliant for the enterprise

Many Enterprises deploying OpenStack also need to meet Security and Compliance requirements. In this talk, you will learn how Oracle can help you address these requirements with OpenStack Cloud Infrastructure solutions designed to meet the needs of the Enterprise. Come learn how Oracle can help you deploy OpenStack solutions that you can trust to meet the needs of your enterprise, your customers, and the demands of mission-critical cloud services.

Tuesday, May 19 from 2:50 p.m. to 3:30 p.m., Room 116 / 117

We encourage you to visit the Oracle Booth # P9 for discussion with our OpenStack experts on your requirements and how best to adress your issues for smooth deployment. Marketplace hours and demos will be done on: 

  • Monday, May 18: 6:00pm – 7:30pm
  • Tuesday, May 19: 10:45am – 6:00pm
  • Wednesday, May 20: 9:00am – 6:00pm
  • Thursday, May 21: 9:00am – 4:10pm 

Hope to meet you at OpenStack Summit!  

Monday Mar 16, 2015

OpenStack Summit Vancouver - May 18-22

The next OpenStack developers and users summit will be in Vancouver. Oracle will again be a sponsor of this event, and we'll have a bunch of our team present from Oracle Solaris, Oracle Linux, ZFS Storage Appliance and more. The summit is a great opportunity to sync up on the latest happenings in OpenStack. By this stage the 'Kilo' release will be out and the community will be in full plan mode for 'Liberty'. Join us there and see what the Oracle teams have been up to recently!

-- Glynn Foster

Thursday Aug 21, 2014

Solaris OpenStack Horizon customizations

In Oracle Solaris OpenStack Havana, we have customized the Horizon BUI by modifying existing dashboard and panels to reflect only those features that we support. The modification mostly involves:

 --  disabling an widget (checkbox, button, textarea, and so on)
 --  removal of a tab from a panel
--  removal of options from pull-down menus

The following table lists the customizations that we have made.

| Where                       | What                                                |
| Project => Instances =>     | Post-Creation tab is removed.                       |
| Launch Instance             |                                                     |
|                             |                                                     |
| Project => Instances =>     | Security Groups tab is removed.                     |
| Actions => Edit Instance    |                                                     |
|                             |                                                     |
| Project => Instances =>     | Console tab is removed.                             |
| Instance Name               |                                                     |
|                             |                                                     |
| Project => Instances =>     | Following actions Console, Edit Security Groups,    |
| Actions                     | Pause Instance, Suspend Instance, Resize Instance,  |
|                             | Rebuild Instance, and Migrate Instance are removed. |
|                             |                                                     |
| Project =>                  | Security Groups tab is removed.                     |
| Access and Security         |                                                     |
|                             |                                                     |
| Project =>                  | Create Volume action is removed.                    |
| Images and Snapshots =>     |                                                     |
| Images => Actions           |                                                     |
|                             |                                                     |
| Project => Networks =>      | Admin State is disabled and its value is always     |
| Create Network              | true.                                               |
|                             |                                                     |
| Project => Networks =>      | Disable Gateway checkbox is disabled, and its       |
| Create Network =>           | value is always false.                              |
| Subnet                      |                                                     |
|                             |                                                     |
| Project => Networks =>      | Allocation Pools and Host Routes text area are      |
| Create Network =>           | disabled.                                      |
| Subnet Detail               |                                                     |
|                             |                                                     |
| Project => Networks =>      | Edit Subnet action is removed.                      |
| Network Name => Subnet =>   |                                                     |
| Actions                     |                                                     |
|                             |                                                     |
| Project => Networks =>      | Edit Port action is removed.                        |
| Network Name => Ports =>    |                                                     |
| Actions                     |                                                     |
|                             |                                                     |
| Admin => Instnaces =>       | Following actions Console, Pause Instance,          |
| Actions                     | Suspend Instance, and Migrate Instance are removed. |
|                             |                                                     |
| Admin => Networks =>        | Edit Network action is removed                      |
| Actions                     |                                                     |
|                             |                                                     |
| Admin => Networks =>         | Edit Subnet action is removed                       |
| Subnets => Actions          |                                                     |
|                             |                                                     |
| Admin => Networks =>         | Edit Port action is removed                         |
| Ports => Actions            |                                                     |
|                             |                                                     |
| Admin => Networks =>         | Admin State and Shared check box are disabled.      |
| Create Network              | Network's Admin State is always true, and Shared is |
|                             | always false.                                       |
|                             |                                                     |
| Admin => Networks =>        | Admin State check box is disabled and its value     |
| Network Name => Create Port | is always true.                                     |

Thursday Jul 31, 2014

OpenStack Immutable VMs

Solaris 11 brought us the ability to have Immutable non global Zones.  With Solaris 11.2 we have extended that capability so that it works with Kernel Zones, LDOMs (OVM SPARC) and bare metal global zones.

Now what about deploying Immutable Zones via OpenStack ?

The way to do this is to via the Flavors facility in Nova.

From the OpenStack Dashboard (Horizon) navigate to the Admin-> Flavor page. We can either update an existing one of the Solaris flavours or create a new one.  Lets do this by creating a new one called 'Immutable Solaris non global Zone'

Make sure you set the 'Flavor Access' to include the projects you want to use this.

Then from the 'More' menu on the entry in the table select 'View Extra Specs'

that will bring up a window like this one, since we are creating a new entry from scratch we have to also setup the type of zone this will be.

Select Create and fill in the following to set a non global zone (if you wanted a kernel zone instead then change the value to solaris-kz):

The do the same again and create a key/value pair for 'zonecfg:file-mac-profile' with the value being one of 'flexible-configuration,fixed-configuration,strict' eg:

Thats it close the flavor window and now we can select this as a type when we deploy a new instance.

If create a new VM instance using this flavor and look at the configuration of the zone that Nova is deploying for us we will see something like this:

$ zonecfg -z instance-0000000f info
zonename: instance-0000000f
zonepath: /system/zones/instance-0000000f
brand: solaris
autoboot: false
autoshutdown: shutdown
file-mac-profile: fixed-configuration

It is possible to set other zonecfg global scope settings here as well.  Currently the choice is limited to a fixed set but I'm hoping to change that to allow any of the known global scope settings.  This would allow using some of the more advanced Zone resource controls via an OpenStack Nova Flavor.

 -- Darren J Moffat


OpenStack Cinder Volume encryption with ZFS

In an OpenStack deployment the VMs is provided by the Cinder service. In the case of a Solaris instance these VMs are either Kernel Zones or non global zones configured for ZOSS (Zones On Shared Storage).  When Solaris 11.1 came out I wrote about using ZFS to encrypt zones.

The Cinder volume service for OpenStack can be provided by ZFS using ZVOLs.  So it shouldn't be surprising that we get to benefit from ZFS features such as compression, encryption and deduplication.

When deploying a simple OpenStack configuration using the 'solaris.zfs.ZFSVolumeDriver'  we  create ZVOLs in the dataset specified by the 'zfs_volume_base' variable in /etc/cinder/cinder.conf.  If the dataset specified by 'zfs_volume_base' doesn't already exist then the SMF service 'svc:/application/openstack/cinder/cinder-volume:setup' will create it for you and sets the file system permissions and zfs allow delegations for the 'cinder' user appropriately.

If we pre-create the ZFS dataset that zfs_volume_base points to all the ZVOLs that are created by cinder below that are automatically encrypted.

For example if I'm using a ZFS pool called 'cloudstore' and I set 'cloudstore/cinder' as 'zfs_volume_base' I can do this:

# zfs create -o encryption=on -o keysource=passphrase,https://keys.example.com/cinder cloudstore/cinder

In the above example I'm assuming we have an ad-hoc key manager available already that is providing keys/passphrases over https, you could also use a raw file, PKCS#11 keystore or interactively prompt; see the ZFS Encryption documentation for more guidance.

Now restart the  cinder-volume:setup service and we are ready to use our transparent encryption of Cinder volumes:

# svcadm restart cinder-volume:setup

If we look at the ZFS datasets that are created after we have launched a VM instance and the cinder volume for it was created we see this:

$ zfs get -r encryption cloudstore/cinder                   zfs-bugs
NAME                                                      PROPERTY    VALUE  SOURCE
cloudstore/cinder                                              encryption  on     local
cloudstore/cinder/volume-8ae498b7-5866-60da-85f6-d22d6bc932e9  encryption  on     inherited from cloudstore/cinder

Using the above method neither Cinder or Nova are aware of the encryption of the volumes nor are they involved in the key management. 

We are investigating what will be required to extend the Solaris ZFS drivers for Cinder so that Cinder is involved in or at least aware of ZFS encryption and then eventuall the key management since Cinder has some support for this already and a future OpenStack release will be extending this via the Barbican project.

-- Darren J Moffat

Oracle Solaris 11 - Engineered for Cloud

Today's release of Oracle Solaris 11.2 is especially meaningful for many of us in Solaris Engineering that have been hard at work over the last few years making OpenStack Cloud Infrastructure a first class Solaris technology. Today we release not only one of the most significant, complete, and solid versions of Solaris ever, with many new cloud virtualization features, but also included is the fully integrated cloud infrastructure software itself....everything needed (from a software perspective anyway ;)) to stand up a fully functional, OpenStack cloud system providing Infrastructure as a Service (IaaS), and Cloud block/object storage on both SPARC and x86 based systems.

Why is the Solaris Engineering Team tackling Cloud Infrastructure? For the Enterprise, what we consider to be the "Operating System" is shifting thanks to the rise of cloud computing. When you think about the role of an Operating System, what comes to mind? What does it do, fundamentally? Of course, it's the software that manages and allocates compute resources to users and workloads. It virtualizes those resources (CPU, memory, persistent storage) to provide applications with elasticity in their resource use. It runs workloads, hosts services, and provides APIs and interfaces for both workloads and users of those services. Operating Systems have tended to do this within the confines of single physical systems (or VMs) however.

Cloud Systems fundamentally need to provide all of these same basic OS services as well. From a pool of virtualized compute, networking, and storage, those resources need to be virtualized and allocated. Applications needs to have the illusion of resource elasticity to enable them to scale to meet the demands of the workload and users...and the Cloud System needs to run workloads and host services.

We've evolved from the time when enterprise applications were simply comprised of a number of processes/threads running on bare metal or in a VM consuming CPU, memory, storage, and talking over the network...and we see the enterprise OS evolving as well. Today's and tomorrow's enterprise applications are distributed workloads and cloud services that are hosted and run on cloud systems spanning many physical nodes. OpenStack provides a standard set of interfaces which have enabled us to evolve Solaris into a fully open, yet very differentiated platform for hosting cloud services and workloads.

That differentiation comes in part because we've built OpenStack on Solaris to seamlessly leverage many new features newly available with Solaris 11.2, including Kernel Zones based virtualization being offered up via OpenStack Nova, Unified Archive based Image deployment served up via Glance, and Elastic Virtual Switch based SDN managed by OpenStack Neutron. Solaris also provides ZFS backed cloud block and object storage (though OpenStack Cinder and Swift) over iSCSI and Fiber Channel connected storage and/or via Oracle's ZFS Storage Appliance(s).

Differentiation also comes about because Solaris based OpenStack has at its foundation the platform and technology you know and trust for running your mission critical enterprise workloads. Unparalleled reliability, scalability, efficiency and performance...both for hosting mission critical cloud services, as well as your mission critical cloud infrastructure, are all just as important as they've always been.

So what's the best way to get started? You don't need a massive sprawl of infrastructure to begin. With just a system or two, you can get create your own Solaris based OpenStack cloud providing Infrastructure As A Service (IaaS). Check out Getting Started with OpenStack on Solaris 11.2 to get started. You can also find Solaris 11.2 in the OpenStack Marketplace.

You'll find packages for the Havana version of OpenStack available in the Solaris 11 package repositories, including Nova, Neutron, Cinder, Glance, Keystone, Horizon, and Swift.

If you run into issues, or have questions, feel free to drop us a note at solaris_openstack_interest@openstack.java.net...we're happy to help! Enjoy!


Oracle OpenStack is cloud management software that provides customers an enterprise-grade solution to deploy and manage their entire IT environment. Customers can rapidly deploy Oracle and third-party applications across shared compute, network, and storage resources with ease, with end-to-end enterprise-class support. For more information, see here.


« July 2015