OpenStack isn’t dead. It’s boring. That’s a good thing.

NOTE: The opinions shared in this post are mine alone and are not related to my employer in any way. The first OpenStack Project Teams Gathering (PTG) event was held this week in Atlanta. The week was broken into two parts: cross-project work on Monday and Tuesday, and individual projects Wednesday through Friday. I was there for the first two days and heard a few discussions that started the same way....

2017-02-24 · 4 min · Major Hayden

OpenStack instances come online with multiple network ports attached

I ran into an interesting problem recently in my production OpenStack deployment that runs the Mitaka release. On various occasions, instances were coming online with multiple network ports attached, even though I only asked for one network port. The problem If I issued a build request for ten instances, I’d usually end up with this: 6 instances with one network port attached 2-3 instances with two network ports attached (not what I want) 1-2 instances with three or four network ports attached (definitely not what I want) When I examined the instances with multiple network ports attached, I found that one of the network ports would be marked as up while the others would be marked as down....

2016-08-03 · 6 min · Major Hayden

Talk Recap: Automated security hardening with OpenStack-Ansible

Today is the second day of the OpenStack Summit in Austin and I offered up a talk on host security hardening in OpenStack clouds. You can download the slides or watch the video here: Here’s a quick recap of the talk and the conversations afterward: Security tug-of-war Information security is a challenging task, mainly because it is more than just a technical problem. Technology is a big part of it, but communication, culture, and compromise are also critical....

2016-04-26 · 3 min · Major Hayden

systemd-networkd and macvlan interfaces

I spent some time working with macvlan interfaces on KVM hypervisors last weekend. They’re interesting because they’re not really a bridge. It allows you to assign multiple MAC addresses to a single interface and then allow the kernel to filter traffic into tap interfaces based on the MAC address in the packet. If you’re looking for a highly detailed explanation, head on over to waldner’s blog for a deep dive into the technology and the changes that come along with it....

2015-10-26 · 3 min · Major Hayden

Build a high performance KVM hypervisor on Rackspace’s OnMetal servers

I received some good feedback about my post on systemd-networkd and bonded interfaces on Rackspace’s OnMetal servers, and I decided to write about another use case. Recent product updates allow you to attach a Cloud Block Storage volume, and this opens up quite a few new possibilities for deployments. So why not create a high-performance KVM hypervisor on an OnMetal server? Let’s do this. Disclaimer WHOA THERE. These are amazing servers and because of that, they’re priced much differently than Cloud Servers are....

2015-08-28 · 5 min · Major Hayden

Live migration failures with KVM and libvirt

I decided to change some of my infrastructure back to KVM again, and the overall experience has been quite good in Fedora 22. Using libvirt with KVM is a breeze and the virt-manager tools make it even easier. However, I ran into some problems while trying to migrate virtual machines from one server to another. The error # virsh migrate --live --copy-storage-all bastion qemu+ssh://root@192.168.250.33/system error: internal error: unable to execute QEMU command 'drive-mirror': Failed to connect socket: Connection timed out That error message wasn’t terribly helpful....

2015-08-03 · 2 min · Major Hayden

Try out LXC with an Ansible playbook

The world of containers is constantly evolving lately. The latest turn of events involves the CoreOS developers when they announced Rocket as an alternative to Docker. However, LXC still lingers as a very simple path to begin using containers. When I talk to people about LXC, I often hear people talk about how difficult it is to get started with LXC. After all, Docker provides an easy-to-use image downloading function that allows you to spin up multiple different operating systems in Docker containers within a few minutes....

2014-12-17 · 2 min · Major Hayden

Configure static IP addresses for Project Atomic’s KVM image

Amid all of the Docker buzz at the Red Hat Summit, Project Atomic was launched. It’s a minimalistic Fedora 20 image with a few tweaks, including rpm-ostree and geard. There are great instructions on the site for firing up a test instance under KVM but my test server doesn’t have a DHCP server on its network. You can use Project Atomic with static IP addresses fairly easily: Create a one-line /etc/sysconfig/network:...

2014-04-23 · 1 min · Major Hayden

Launch secure LXC containers on Fedora 20 using SELinux and sVirt

Getting started with LXC is a bit awkward and I’ve assembled this guide for anyone who wants to begin experimenting with LXC containers in Fedora 20. As an added benefit, you can follow almost every step shown here when creating LXC containers on Red Hat Enterprise Linux 7 Beta (which is based on Fedora 19). You’ll need a physical machine or a VM running Fedora 20 to get started. (You could put a container in a container, but things get a little dicey with that setup....

2014-04-22 · 7 min · Major Hayden

Xen hackathon coming up in London

If you enjoy using Xen, join members of the Xen Project community and Rackspace at the Xen Hackathon in London. The two day event starts on May 29th. Use these links to get more information: Hackathon announcement and travel/venue/registration information Discussion topics You don’t need to be a developer to join the event. It’s a great networking opportunity and you can take time to learn more about virtualization and how Xen works under the hood....

2014-03-27 · 1 min · Major Hayden