Tag Archives: cloud

Jun 28 2012
1 Comment
Blog Posts

Red Hat Summit 2012: Wednesday

Wednesday was action-packed with dramatic keynotes and great sessions. The morning was kicked off by Paul Cormier and he talked about some new products coming from Red Hat. Much of the product releases were centered around cloud offerings (like Openshift) and his talk was mainly aimed at CIO’s and decision makers. There wasn’t a lot of technical detail within his talk but it was refreshing to hear a Linux vendor talk about their products as being revolutionary steps in pulling away from vendor lock-in and proprietary solutions.

Paul was followed by Irfan Khan who talked about the value of very low latency information exchange and processing. He drove home the point that the biggest value we can gain from information in the current age is related to our ability to gather and interpret the information in as close to real time as possible. I expected a speech from a SAP employee to be relatively dry but I was pleasantly surprised to find that he made a lot of good points. Irfan emphasized that big data providers need to find a way to fit into their customers’ landscape without causing too much disruption while also providing some real benefits.

My first session was Jeff Darcy’s discussion about Red Hat’s storage offering and what GlusterFS advancements were on the horizon. His talk was standing room only and he covered a lot of highly technical points about GlusterFS. I’m getting the feeling that GlusterFS is gaining more momentum and that we’ll be seeing more features around consistency and performance very soon.

As a fan of SELinux, I made sure that I was in Thomas Cameron’s “SELinux for Mere Mortals” class. Although I feel relatively confident that I can solve SELinux problems when I find them, Thomas covered a lot of easier solutions that I hadn’t previously considered. His explanation of the basics of SELinux are a must read for any system administrator working on a Red Hat system. I managed to find his slides from last year but he said the new slides should be up by Friday.

I attended another good class about managing network resources with Red Hat. Although the slides were a little wordy, the content was extremely good. The speaker talked about receiving a 40Gb/sec ethernet card from Mellanox and how he bumped the performance from 8Gb/sec to 37Gb/sec by adjusting CPU pinning (for NUMA) as well as some kernel configuration around TCP buffers. It was an eye-opening discussion and it was a good session for people who are trying to find bottlenecks in their hardware.

The afternoon was spend mingling with GlusterFS developers and users as well as the people working the Fedora booth. I managed to pick up some Fedora stickers but I’ve yet to get my picture taken with the life-size Beefy Miracle hot dog. That’s my goal for tomorrow.

The night wrapped up with the Red Hat Certified Professionals Party at McGreevy’s across from the Hynes Convention Center. I ran into a bunch of fellow RHCA’s and RHCE’s who read my blog and I was glad some of the posts were able to help them along their way to becoming certified. Congratulations to the folks who passed the early rounds of the new JBoss exams! Being the first ones through that process certainly can’t be easy.

For anyone who is working towards their RHCA, be sure to read my post about my experience with it. It’s a long haul, but the knowledge you’ll gain will be worth it.

Tagged , , , , , , , ,
Jun 26 2012
Leave a comment
Blog Posts

First day of the Red Hat Summit

The Red Hat Summit 2012 kicked off with an evening keynote by Jim Whitehurst explaining the changes in business value over time from the raw materials to the industry that profited from standardization.

He made some excellent points and summaries about what cloud is and isn’t. The root of his keynote was around what cloud can do for companies and not so much about what cloud really is. His key point was that the value didn’t reside in the nuts and bolts that hold a cloud together. The innovation that can be driven by the cloud itself is where the real value is. Don’t think about the guts of what makes it work — think about what you can build on top of it. Think about cost savings, ease of provisioning, and flexibility. There were lots of comparisons to the standardization of machinery components (thanks to the lathe) and how we wouldn’t have as much of the innovation we have today without open standards in technology.

Jim was followed by a SVP from IBM who had an interesting (albeit quite dry and PowerPoint-heavy) presentation about the mobile workforce and how contributions to open source efforts are driving a lot of the innovation today (think Hadoop and OpenStack). He talked about the data generated and consumed by mobile devices and how that data is changing our business values. Technology is no longer a burden but instead a critical tool for putting a company ahead of its competitors.

We stopped in at a bar after the keynotes and chatted with some locals about Boston and what makes it unique. I think we can safely say we’re addicted to the local beers here in town and it’s not going to be easy to leave at the week’s end.

If you’re interested in photos from the keynotes, I took a few and uploaded them to my Flickr photostream.

Tagged , , ,
Nov 07 2011
Leave a comment
Blog Posts

Tracing a build through OpenStack Compute (Nova)

My work at Rackspace has changed a bit in the last few weeks and I’ve shifted from managing a team of engineers to a full technical focus on OpenStack Nova. Although it was difficult to leave my management position, I’m happy to get back to my roots and dig into the technical stuff again.

One of the first things I wanted to tackle was understanding how a build request flows through Nova to a XenServer hypervisor. Following this process through the code is a bit tricky (I’m still learning python, so that could explain it). Here are the basic steps:

  • Client requests a build via the API.
  • The API runs some checks (quotas, auth, etc) and hands the build off to the scheduler.
  • The scheduler figures out where the instance should go.
  • The scheduler drops a message in queue specific to one compute node (where the instance will be built).
  • The API responds to the client and the client is now unblocked and free to do other things.
  • The compute node updates the database with the instance details and calls to the hypervisor to assemble block devices for the instance.
  • A message is dropped into the network node’s queue (from the compute node) to begin assembling networks for the instance. The compute node blocks and waits while this step completes.
  • Once the networking details come back (via the queue), the compute node does the remaining adjustments on the hypervisor and starts up the actual instance.
  • When the instance starts successfully (or fails to do so), the database is updated and a message is dropped onto another message queue as a notification that the build is complete.

Tracing an Instance Build Through NovaClick on the thumbnail on the right to see the flow chart I created to explain this process.

Please note: This information should be accurate to the Nova code as of November 1, 2011. There could be some refactoring of these build processes before Essex is released.


Tagged , , ,
Aug 08 2011
1 Comment
Blog Posts

Xen Summit 2011: My Takeways

Xen Summit 2011 LogoQuite a few people who couldn’t make it to Xen Summit 2011 this year asked me to write a post summarizing my takeaways from the event. I’m not generally one to back down from peer pressure, so read on if you’re interested about the discussions at this year’s Summit.

The feeling I had at last year’s summit is that Xen was on the verge of losing traction in the market. Very few distributions still had Xen support going forward and much of the discussion was around the lack of dom0 support in upstream Linux kernels. Distribution vendors were hesitant to drag patches forward into modern kernels and this made it much more difficult to get Xen working for many people.

Major at the Golden Gate BridgeThis year was quite different. The number of attendees was up, the venue was much better, and there was an obvious buzz of energy in the room. As many of the presenters noted, this excitement stemmed from the upstream dom0 support in Linux 3.0. This inclusion is a huge win and it helps to drive Xen forward since the developers don’t have to worry about dragging patches forward. They can focus on improving performance, adding features, and tightening security.

Many of the discussions this year focused on security and performance. Ian Pratt discussed Xen’s ability to view memory pages of virtual machines via an API to detect malware running inside the instance. Memory pages could be identified and marked as not executable or applications could be triggered when a VM attempts to touch a particular memory page. Also, the whole VM could be frozen if needed.

There’s also a big push to bring code out of the dom0 and push it into utility VM’s. Driver domains could manage the network or I/O infrastructure and this would further reduce the amount of privileged code actively running in dom0. There is already very little code required for the Xen hypervisor itself (much much less than the Linux kernel — I’m looking at you, KVM) and this reduces the attack surface for potential compromises of the hypervisor. Some projects even aim to restart driver domains multiple times per minute to ensure that any malicious code injected into those virtual machines can’t exist for long periods.

Pradeep Vincent from Amazon talked about how Amazon uses Xen and the pain points they have with its current architecture. Much of his discussion was around scaling problems (and we see many of the same issues at Rackspace). Higher performance could easily be gained by multi-threaded operations in dom0 when attaching block devices and creating virtual network interfaces. He also saw some areas for performance gains in the pvops I/O code.

Quite a few of the talks centered on the ARM architecture and what Xen is able to do on those systems after Samsung published their port in 2008. HVM is on the way for ARM and it might even show up in Xen 4.2. Some demos of Xen on mobile phones from Samsung were amazing. They showed how an attacker could compromise the web browser on the phone with a keylogger, but that application was running in a VM. Once the user switched back to the phone’s main menu, the keylogger couldn’t access the keystrokes any longer. After that, a simple close of the browser killed the VM and destroyed the malicious code.

Xen 4.2 should be available in early 2012 and the feature list is staggering. Improvements to libxenlight, pvops performance (even in HVM), and guest memory sharing should be available with the new release. Nested virtualization (run a hypervisor inside a hypervisor) is also coming in Xen 4.2 and I’m sure Xzibit will be a huge fan. This should streamline hypervisor testing, allow for embedded hypervisor options and extend the capabilities of client hypervisors. Remus should be available in 4.2 as well, but it might be marked as experimental. OVMF will be added as a BIOS option for UEFI (along with the standard SeaBIOS) and this should allow for Mac OS X guests. UEFI allows Windows to boot faster since it switches to PV mode sooner and it allows for simpler platform certification for software vendors.

Mike McClurg’s presentation on XCP was pretty important to me since Rackspace is a big consumer of XenServer. If you’re not familiar with XCP, it’s basically open-source XenServer which runs on bleeding edge (and sometimes unstable) components. XCP 1.5 and XenServer 6 should be available in November with Xen 4.1 and Linux 2.6.32. GPU passthrough, up to 1TB RAM, and disaster recovery will be available. Another goal for the XCP team is to work closely with OpenStack via Project Olympus. Mike’s vision is to have XCP become the configuration of choice for open source clouds. Project Kronos was also extremely interesting. It’s essentially XCP’s XenAPI stack running on Debian and Ubuntu. You’d be able to install either OS on a physical server and run XCP’s services on it for a fully OSS hypervisor.

Konrad Wilk gave an update on Linux pvops and it appears there is a shift to get Xen working well on a desktop. This includes 3D graphics support, S3/hibernate capabilities and various bug fixes. There’s also a push to get PV functionality into HVM and get HVM functionality into PV. Driver/device domains were discussed again in Patrick Kolp’s talk and he had plenty of graphs showing performance changes when regularly restarting device domains. The performance dips were almost negligible with 10 second restarts and the security gains were significant.

There were several other great presentations on other topics like GlusterFS, OpenStack Nova, and Linpicker (from the NSA!). If these types of things interests you, keep your eyes peeled for Xen Summit 2012 next year. The weather in the bay area is well worth the trip. ;)

Tagged , , , , , , ,
Aug 05 2011
5 Comments
Blog Posts

Xen 4.1 on Fedora 15 with Linux 3.0

If you haven’t noticed already, full Xen dom0 support was added in the Linux 3.0 kernel. This means there’s no longer a need to drag patches forward from old kernels and work from special branches and git repositories when building a kernel for dom0.

Something else you might not have noticed is that the Fedora kernel team has quietly slipped Linux 3.0 into Fedora 15′s update channels in disguise. Click that link, scroll down, and you’ll see “Rebase to 3.0. Version reports as 2.6.40 for compatibility with older userspace.” Although I’m not a fan of calling something what it isn’t (2.6.40 doesn’t exist on kernel.org), I can understand some of the reasoning behind the choice.

This change makes the Xen installation on Fedora 15 pretty trivial. To get started, update your kernel to the latest if you’re not already on Fedora’s 2.6.40 kernels:

yum -y upgrade kernel

We need three more packages (quite a few dependencies will roll in with them):

yum -y install xen libvirt python-virtinst

The xen package reels in the hypervisor itself along with libraries and command line tools (like xl and xm). Libvirt gives us easy access to VM management with the virsh command and python-virtinst gives us the handy virt-install command to make OS installations easy.

Once those packages are installed, we need to make some adjustments in your grub configuration. Open /boot/grub/menu.lst in your text editor of choice and add something like this at the bottom:

title Fedora + Xen (2.6.40-4.fc15.x86_64)
        root (hd0,1)
	kernel /boot/xen.gz
        module /boot/vmlinuz-2.6.40-4.fc15.x86_64 ro root=/dev/sda1
        module /boot/initramfs-2.6.40-4.fc15.x86_64.img

Ensure that the root (hd0,1) is applicable to your system (adjust it if it isn’t). Also, check the kernel version to ensure it matches your installed kernel and adjust the root= portion to match your root volume. Flip the default line to a value which will boot your new grub entry and ensure the timeout is set to a reasonable number if you need to temporarily switch back to your original grub entry at boot time. (Hey, we all make mistakes.)

I take one extra precaution and change the UPDATEDEFAULT=yes line to no in /etc/sysconfig/kernel. This ensures that future kernel updates don’t trample the entry you’ve just made. Keep in mind that you’ll need to manually update your grub configuration when you do kernel upgrades later.

Cross your fingers and reboot. If your system doesn’t reboot properly, reboot it again and choose your old kernel from the grub menu. Double-check your configuration for fat-fingering and give it another try. If your system boots and pings but you have no output via a monitor, don’t fret. There’s a patch for the problem which should appear soon in Linux 3.0. The impatient can snag a kernel source RPM, add the patch file, and build a local kernel (or you can download my local build from when I did it).

Log in and verify that you booted into the dom0:

[root@xenbox ~]# xm dmesg | head -n 5
 __  __            _  _    _   _   ____     __      _ ____  
 \ \/ /___ _ __   | || |  / | / | |___ \   / _| ___/ | ___| 
  \  // _ \ '_ \  | || |_ | | | |__ __) | | |_ / __| |___ \ 
  /  \  __/ | | | |__   _|| |_| |__/ __/ _|  _| (__| |___) |
 /_/\_\___|_| |_|    |_|(_)_(_)_| |_____(_)_|  \___|_|____/

Once you’re done with that, make sure libvirtd is running:

/etc/init.d/libvirtd start; chkconfig libvirtd on

Try installing a VM:

virt-install \
  --paravirt \
  --name=testvm \
  --ram=512 \
  --vcpus=4 \
  --file /dev/vmstorage/testvm \
  --graphics vnc,port=5905 --noautoconsole \
  --autostart --noreboot \
  --location=http://mirrors.kernel.org/debian/dists/squeeze/main/installer-amd64/

You should have a VM installation underway pretty quickly and it will be visible via port 5905 on the local host. Enjoy the power and freedom of your brand new type 1 hypervisor.

Tagged , , , , , , , ,
Older posts