April 15, 16, 17, 18
Thanks for attending! The OpenStack Summit is a four-day conference for developers, users, and administrators of OpenStack Cloud Software.
Note: Presentations are still being uploaded. If you do not see the presentation you are looking for, please check back soon.
OpenStack Networking Update: Opportunity for newly elected PTLs to share the state of the project, major topics being discussed at the Summit, user feedback, and their vision and roadmap for the next release
Recently we've started work on BillingStack which is a billingsystem that is based on the ideas to be like a "OpenStack"" project, meaning do something and do it very well. It's at the time being re-written from a Java / Grails implementation initially conceived by it's original author Luis Gervaso from the former company called StackSherpa.
Eventlet is a core library that Openstack depends on for network communications. Eventlet is not magic, though often it is treated as such. In this talk, I will dispell the magic, and discuss best practices for using Eventlet.
In Keystone v3 (Grizzly release), the Domains feature encapsulates users and projects into logical entities that can represent accounts, organizations, etc. However, currently there is no capability or mechanism to manage or enforce quotas at the domain level. Assigning or updating values or limits to a domain will allow the cloud administrator to evaluate domain lists and consumption. In order to achieve these capabilities it will be required to implement quota management and quota monitoring for Keystone domains, by which domain usage can be managed and enforced.
The goal is to support quotas at the OpenStack Domain level.
Due to security, licensing, and networking particularities, as well as a resource-heavy boot and runtime profile, running Windows in a cloud environment poses a unique set of challenges to implementers of OpenStack public and private clouds.
Despite these challenges, enterprises are increasingly looking to deploy Windows virtual desktops and servers in their OpenStack environments - both to replace physical desktops as well as to move their Windows-based server applications to a more economical virtualization platform.
In this talk we present best practices and pitfalls learned over the course of several pilot and production Windows-on-OpenStack deployments, including: - Understanding how Windows works in the context of an OpenStack cloud: images, instances, etc. - Methods for mitigating the "boot storm"" incited by booting large numbers of Windows VMs. - Integrating with existing Windows networking services, such as Active Directory. - Desktop personalization, access marshalling, and session management. - License and license key management for short-lived Windows VMs. - Strategies for the reduction of runtime resource usage for large Windows deployment.
Russell Bryant, Vishvananda Ishaya
OpenStack Nova Update: Opportunity for to share the state of the project, major topics being discussed at the Summit, user feedback, and their vision and roadmap for the next release
Debojyoti Dutta, John Davidge, Sam Betts, Bradley Jones, Jack Peter Fletcher
In this talk we introduce Curvature – an interactive visual orchestration tool for applications on OpenStack. We also describe Donabe – a recursive container service – and how both can be leveraged in conjunction to create and deploy recursively stackable application topologies from virtual machine images and Quantum networking components.
Curvature’s approach to service deployment allows the user to define a workload at a higher level of abstraction than current deployment tools. Users draw their desired application topology on a canvas using a toolset of Quantum L2/L3 components and virtual machine images. This topology can then be deployed onto a running OpenStack environment at the click of a button – with Curvature handling all of the orchestration necessary for provisioning the workload, i.e. the Quantum networks and Nova VMs. We demonstrate this design and deployment workflow in real time on a live OpenStack environment using real- world use cases.
This talk showcases Curvature’s functionality both with and without Donabe to demonstrate how these services will radically change the user experience of cloud application deployment.
Alessandro Pilotti, Peter Pouliot
With the Grizzly release comes many new and exiciting features for Windows Server 2012 and Hyper-V. We will discuss new features including
Most companys today have taken the age old security models and "Virtualized"" them to be used in todays ""cloud"" market. Vendors have come to market with ""Virtual"" Firewalls, IPS, HIPS/HIDS, etc that all claim to be the pancea that solves your cloud ""security"" issues. The problem exists when we rely our ""virtual"" security infrastructure to protect our sensative 'real' information.
Gabriel Hurley, Mark Washenberger
OpenStack Dashboard/Horizon and Image service / Glance Updates: Opportunity for newly elected PTLs to share the state of the project, major topics being discussed at the Summit, user feedback, and their vision and roadmap for the next release.
Mike Day, Jean Staten Healy
With the continued adoption of OpenStack infrastructure, many open source projects face the challenge of integrating with OpenStack in order to remain relevant to customers. oVirt and the Open Virtualization Alliance (OV A) are two communities dedicated to the advancement of the open source KVM hypervisor. oVirt is an open-source management infrastructure for KVM, whereas the OVA is dedicated to driving
adoption of KVM in the marketplace. Together these efforts have increased the use of KVM by customers, and created a healthy ISV ecosystem around the open source technology.
The growth of KVM also presents some interesting opportunities for improving both OpenStack and oVirt. oVirt can provide rich services to Cinder, Glance, Quantum, and Nova. In this presentation we will discuss both the value and the technical implementation for each of these integration points, and the future of the oVirt project within the context of OpenStack. Additionally,we will discuss best practices in open source community development along with an overview of the business value of KVM on OpenStack.
Divakar Padiyar Nandavar
The current implementation of VMware VC compute driver for OpenStack uses one proxy server to run nova-compute service to manage a cluster. In this session, we would cover the changes implemented to enhance VMware VC Compute driver so that it runs as a Proxy Compute Service to manage multiple VMware vCenter Clusters and Resource Pools as compute nodes. These proposed changes are in line with nova Bare metal proxy driver.
Highlights of these changes:
This presentation will provide an update on the progress in adding federated authentication and authorisation to OpenStack via modifications to the Keystone v3 API. This will allow organisations to use their existing internal authentication systems so that their users can access both public clouds and internal private clouds and services using the same set of credentials. This will simultaneously reduce the management overhead costs to the organisation and the multiple credential management nightmare to users.
This talk will be of general interest to all OpenStack users.
OpenStack Grizzly will finally include support for elastic load balancing. Quantum LBaaS project provides a standardized REST API that abstracts diverse hardware and software-based load balancers. This allows administrators and applications to instantiate and configure virtual and physical load balancers on demand.
The talk will walk attendees through key features of Quantum LBaaS and will include a live demonstration of managing HA-proxy instances. We will also discuss supported load balancers and go over the future roadmap.
This interactive session will cover automation and management tools for OpenStack Swift. Attendees will learn about the deployment mechanisms behind the scenes of SwiftStack. This is a hands-on workshop where we will install and configure a SwiftStack cluster in a virtual machine on attendees’ laptops.
In this workshop, attendees will learn about:
Attendees should bring their laptops (with virtualization extensions enabled in the BIOS), and we will provide a virtual machine image that will be used during the workshop.
DNS is one of those things in life one often takes for granted. It just works. It is however, the phone book of the Internet. Without DNS, maintaining lookup data would be a difficult endevor. With Openstack, there is certainly a need for a DNS service, particularly, something that works well with Openstack and adheres to its standards and philosophy. One such project is Moniker.
Moniker is a an Openstack-inspired DNS as-a-service project. It is intended to be used to provide DNS service from the entry point of creating, updating, maintaining and deleting DNS data using the Moniker API, to providing DNS resolution for users. It is a very modular project, allowing for the use of whatever DNS server and organization demands, or the database where DNS data is stored. It is also intended to work in conjunction with other components such as Nova.
Moniker is an ideal project to use for developing DNS as a service for an organization, and HP in particular is building their DNSaaS product based on Moniker.
This discussion will provide an overview of Moniker as well as in-depth discussion of the various components such as:
* Moniker processes and configuration
* How Moniker allows multiple DNS server backends and creating new backends
* How Moniker allows backend database storage
* Using the Moniker API
Also, a demonstration of using Moniker will be given, showing DNS domain creation, modification and deletion, followed by a question and answer session.
OpenStack Block Storage Update: Opportunity for PTLs to share the state of the project, major topics being discussed at the Summit, user feedback, and their vision and roadmap for the next release.
Getting an X Ray is sometimes a life saving procedure but did you know that X Rays are named X Rays because when they were first discovered their discoverers did not know their nature, hence the X. Come join a discussion about the current state of the data center while we look to the future and how together we can do more.
We present the Openstack architecture that integrates Openflow based software defined networking (SDN) enabling automation and provisioning of network services spanning virtual switches (OVS) and physical switches. The talk will provide a deep understanding of the architecture components and the interactions. We will also discuss the unique benefits of SDN/openflow vis-a-vis Openstack, compare with existing Quantum supported networking architectures and share our deployment based experiences.
This talk is a break down of security concerns relating to the OpenStack Folsom Release. The purpose of this talk is to look at past vulnerabilities in Folsom, existing security models, and emerging technologies that will impact those models. The presentation will follow the flow of describing several deployment models in terms of their security attributes. The next phase will be the discussion of specific protocols in use and their individual security characteristics. I will present statistics on where past vulnerabilities have been found and reported allowing us to consider how we can better address security in our continuous integration
processes. The goal of this talk is to present a map of where we are today, and expose some of the issues we have yet to face.
Matt Ray, Egle Sigler
In this workshop attendees will follow along with the presentation and learn to use the Razor Provisioning Engine along with Opscode Chef to deploy OpenStack to bare metal in an easy to do, easy to maintain, easy to scale fashion. Key take-away:
Since its inception in 2009, Deltacloud has been focussed on bridging the gaps between various IaaS cloud API's by offering a RESTful API that can be used against various backend clouds. Over time, the project has been expanded to include frontends for Amazon's EC2 API and DMTF's CIMI.
This talk will provide an overview of what Deltacloud is, what the supported frontends and backends are, and how to use it with Openstack. It will also explain how Deltacloud is used be a number of projects to achieve cross-cloud portability.
This presentation will be an in-depth critique of the existing OpenStack networking approach, with a focus on how the Nova network controller is more of a hindrance than a help. We will also discuss the changes in Quantum's functionality required to close the gap, and alternative solutions. How can we make networking in OpenStack robust, high performance, and fault tolerant? What do typical large scale networks look like and what lessons can we learn from them? Is there an approach to networking we can take that is the same with a handful of servers as it is with hundreds of racks?
OpenStack is complex, and like all complex systems needs to have some extra attention paid when hardening the environment. This session will cover some basic cloud security concepts and then dive into the practicalities of securing your OpenStack deployment and the steps necessary to design your OpenStack Private Cloud in preparation to undergo a PCI-DSS Audit.
Software systems produce events but often do so in non-uniform ways. A system may log information to a file in a grammar that requires comprehension to extract meaning from the output. A system may also send events to other systems in a structured manner such as REST. Other systems may event output events directly into a database for storage or pass them to a queue for distribution to interested consumers.
In highly diverse, clustered environments like those seen in many OpenStack deployments, the system event landscape can become complex, difficult to manage and over time become opaque to the point where events generated no longer provide value. The information in many of these events have definite business value, whether it be to meter a tenant or to communicate that a portion of the cluster has been damaged or degraded. Therefore, it’s imperative, despite the complexity of the event ecosystem, to capture this information in a standardized and scalable manner.
Mohammad Banikazemi, Damian Igbe, Andre Pech
This session will consist of three, 10-minute lightning talks from OpenStack Networking experts followed by 10 minutes of Q&A. A summary of each lightning talk is provided below:
Quantum Plugin and Extensions for Cloud Applications
Mohammad Banikazemi, IBM
This presentation covers challenges in developing a Quantum plugin for Meridian, a service-level network model that provides high level connectivity and policy abstractions for cloud applications. Although the current Meridian implementation leverages OpenFlow, the services it defines are amenable to a variety of implementations including overlay networks. The Meridian architecture and implementation is described briefly. Key challenges in the design and implementation, including orchestration of network tasks on large networks, efficient handling of dynamic updates to virtual networks are then discussed. Next, the Quantum plugin for Meridian, which maps the basic Quantum constructs to the Meridian network model is presented. Finally, a set of extensions to the base Quantum API that allow the entire set of Meridian features to be exploited is described. These features include support for flexible and dynamic insertion of middle boxes. The presentation identifies some strengths as well as some weaknesses of the current Quantum design.
SDN deployment using Floodlight with Openstack Quantum and Openvswitch
The SDN revolution has started and while the shape of things to come is still unclear, this is the best time to delve into the technicalities of SDN. It is only those who really understand this buzzword now that will shape the future of network virtualization. This paper aims to explore SDN using Floodlight Openflow controller along with Quantum and Openvswitch. The emphasis will be on Floodlight as the Openflow controller based on experience experimenting and integrating to Quantum and Openvswitch. A hands-on demo will be provided to highlight the essential configuration steps required to get Floodlight up and running and talking to Openvswitch and Quantum in a multi-tenancy deployment.
Extending Quantum and the OVS plugin for physical network orchestration
Andre Pech, Arista Networks
Quantum currently does not allow for the simultaneous configuration of virtual and physical switches as part of tenant network provisioning. When using OVS, the user is required to manually provision the physical network that provides connectivity between VM's in a tenant network.
We've extended Quantum and the Quantum OVS plugin to allow for the registration of plugins ("hardware drivers"") to coordinate the physical network based on the topology of the virtual switches, enabling a fully automated deployment of new tenant networks. We've also exposed how the virtual tenant networks map onto the physical network, providing users with increased visibility and better troubleshooting ability.
There have been a number of premature attempts to provide a trusted computing platform for IaaS software; however, all of met with failure and a lack of mass market adoption. What would be required to solve this problem for real and deliver "true"" computing? True computing requires the ability to have a trusted chain of events related to the provisioning and deployment of hardware and software. It requires integration to the supply chain with installation of initial keys at the hardware vendor's site, secure PXE booting, system attestation, and robust key management. None of this is easy or free, but what would it look like if OpenStack could become the first truly trusted cloud system? How would it integrate with the current 'trusted-messaging' blueprint? Would it make CloudAudit's API more relevant?
Project Updates: Opportunity for newly elected PTLs to share the state of the project, major topics being discussed at the Summit, user feedback, and their vision and roadmap for the next release.
Cloud Networking introduces several new concepts and practices that change the way traditional networks are being built and managed. Network architects, solution designers and application developers need to
understand these new networking capabilities to take advantage of the cloud. This talk aims to demystify cloud networking to the above audience by providing a deep dive analysis of the various cloud networking models and capabilities by using specific networking scenarios from the OpenStack Quantum service and Amazon EC2. We will also examine how these capabilities could be leveraged to build fault-tolerant cloud applications.
Security is important when deploying any distributed application especially the one responsible for running all of the virtual machines in your data center. When deploying Open Stack, many of the security implementation details are left unspecified. This is where FreeIPA comes to the rescue. This session will show how guidance on how FreeIPA can be used to help secure communication, provide authentication and authorization capabilities for a large scale Open Stack deployment.
This hands on lab will provide an oppurtunity to see how easy it is to use Puppet to deploy OpenStack environments.
It will cover the architectural details of the Puppet modules used for installation, and explain how to easily get up and going with a fully functional OpenStack environment.
Requirements: This lab assumes that you have a laptop with the following installed:
The lab also assumes reasonable networking connectivity in the lab.
Allan Metts, Kurt Griffiths
Come to this session to get an update on Marconi, an OpenStack queuing and notification service described at http://wiki.openstack.org/marconi
Marconi aims to be pragmatic, building upon the real-world experiences of teams who have solid track records running and supporting web-scale message queuing systems.
Join Rackspace's Kurt Griffiths, Principal Architect, and Allan Metts, Engineering Director, to learn about the work that has been done and the path ahead -- including a description of the project, milestones, how it works, and an early demo.
As a message bus, Marconi allows cloud developers to use a REST API to easily distribute tasks to multiple workers across the components of an OpenStack deployment. Publish-subscribe semantics are also supported, allowing notifications to be distributed to multiple listeners at once.
Users will be able to customize Marconi to achieve a wide range of performance, durability, availability, and efficiency goals.
OpenStack Object Storage Update: Opportunity for PTLs to share the state of the project, major topics being discussed at the Summit, user feedback, and their vision and roadmap for the next release.
Ceph is an open source distributed object store, network block device, and file system. Ceph can be used for object storage through its S3 and Swift APIs. It can also provide storage for network block devices, with the thin provisioning and copy-on-write cloning features necessary to support large-scale virtualization.
Since the Folsom release, Cinder makes block storage for backing VMs a first class feature in OpenStack. Block devices can be created from images stored in Glance, and with Ceph's RBD behind both, new VMs can be created faster while using less space. In the latest Ceph ‘Bobtail’ release, you can start many VMs instantly by cloning from templates. Also, on the storage backend side, you will see increased I/O performance due to improved threading.
This session will cover an intro to Ceph, the current status of Ceph and Grizzly, the latest features of the Ceph Bobtail release and also the technical implications and the advantages of block storage within OpenStack.
Eric Windisch, Randy Bias
Existing approaches to delivering persistent block storage in OpenStack focus on integrating existing SAN/NAS hardware solutions, using Distributed File Systems (DFS), or using simple Direct Attached Storage (DAS) with Cinder. There is another alternative: scale-out block storage nodes with intelligent scheduling. This is the same approach that Amazon Web Services (AWS) uses for Elastic Block Storage (EBS) and it's worth taking a close look at the pros and cons. This presentation will explore the differences between SAN, NAS, DFS, DAS, and EBS. We will look at the implicit and explicit contracts that users and operators get from the different approaches and look at a variety of failure conditions. EBS may not be right for some clouds, but for many it's an important and viable alternative to the existing approaches.
OpenStack is extensively used in industry today. With increasing collaborations both within a single organization and between several, resource sharing is a natural extension to the existing implementation of isolated tenants (ie allow resource sharing between tenants within an organization). Furthermore, the access
and resource sharing between different cloud installations is also unattended to. We propose the addition of a service which handles both these requirements ie, resource sharing between tenants within a single organization and also tenants between different cloud installations. Our proposal (which will be submitted as a blueprint and is under implementation) aims to provide a multi-tenant federated access to resources within OpenStack. A federation is an association comprising any number of service providers and identity providers, in this scenario would mean different openstack clouds/installations. Multi-tenancy support is defined as the capability of a single cloud instance to provide its service to several customers/tenants simultaneously which in this case not only refers to the mere existence of several tenants but also resource sharing capability between the tenants within the same cloud instance or other cloud instances due to the concept of federated access.
This brings forth the need for improved Identity Management and Policy Enforcement which doesn’t rework existing deployments but rather extends them to the the required functionality seamlessly. We model the functionality of this service and the required extensions to be made to accommodate it. The crux of our model lies in the way we represent each user and his capabilities. The current system uses a 3-Tuple mechanism of (Subject, Privilege, Object) to represent users and the resources they are allowed access to. We plan to extend this to a 5-Tuple mechanism (Issuer, role(Issuer,roleName), Privilege, Interface, Object) so as to incorporate RBAC and provide access to remote resources outside of the same tenant and cloud installation.
Our talk will deal with a detailed look into this proposal.
This workshop will teach attendees how to deploy OpenStack Swift from the ground up. It will be a hands- on training where the audience will learn by doing rather than listening. Come with a laptop, or feel free to watch and learn.
In this session, the audience will be guided through a deployment and configuration of OpenStack Swift by the experts at SwiftStack. We will walk you through the architecture of Swift while demonstrating a step- by-step installation from the ground up.
The attendees interested in participating should bring their laptops (with virtualization extensions enabled in the BIOS), and we will provide a virtual machine image that will be used in the workshop.