• Like
  • Save
Guest Agents: Support & Implementation
Upcoming SlideShare
Loading in...5

Guest Agents: Support & Implementation



Brainstorming session for agents support in Nova code. Current state of agents, its support in Nova. New architecture of agents-Nova communication, agnostic to hypervisor, is suggested.

Brainstorming session for agents support in Nova code. Current state of agents, its support in Nova. New architecture of agents-Nova communication, agnostic to hypervisor, is suggested.



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Guest Agents: Support & Implementation Guest Agents: Support & Implementation Presentation Transcript

    • Guest AgentsSupport & ImplementationPresentation available at http://goo.gl/WRGepBrainstorming Sessionby Artem Andreev, Mirantis Inc.
    • What is a guest agent?A background process executed within the VM,which provides the controlling nova-computeservice with various instance managementcapabilities in context of the guest operatingsystem.
    • Session Goals● Give an idea of the current status of guest agents in OpenStack● Share the vision of what an ideal guest agent should be● Discuss the sphere of its responsibility and implementation details● Collect tons of criticism and suggestions● As a result prepare source material for a blue print
    • What do we have right now? Guestagents for XenServer● Derivative from the original code by Rackspace● XCP/XenServer support only● Linux (Python+C) and Windows (C#) target OS● Utilizes XenStore as a communication channel● Uses simple JSON-based asynchronous protocol● Launchpad project https://launchpad.net/openstack-guest-agents● Able to ... ○ Configure network locally ○ Set root user password ○ Inject files ○ Update itself, etc
    • Under the hood of Guest Agent forXenServer
    • Existing OpenStack-side Support● nova.virt.driver ○ agent_update ○ set_admin_password ○ reset_network ○ inject_file● nova-manage agent command ○ agent version tracking and update ■ list ■ create ■ modify ■ delete● nova root-password
    • There is always something toimprove... Motivation● Support for KVM, vmWare and other hypervisors● Therere lots of possible applications for agents waiting to be supported● The current code is a mess of languages and technologies, theres a tiny piece of shared code base for different targets● XenStore is definitely not the best way to communicate especially when it comes up to timings and security, we need a more reliable channel
    • Lets think of it!Session EtherPad http://goo.gl/IE8Hw
    • An ideal guest agent should beresponsible for ... (1/2)● Instance access recovery ○ Root password and network configuration reset● Block device advanced management ○ Volume automounting and ejection preparation ○ Auto-creation of filesystem on newly attached volumes● Advanced status monitoring ○ Detailed memory/disk usage statistics
    • An ideal guest agent should beresponsible for ... (2/2)● Software management ○ Updating itself and PV drivers ○ Chef/Puppet bootstrapping● Spawn-time resize of Windows instances● Guest-side support for snapshotting ○ Running sysprep in Windows guests● Anything else?
    • An ideal guest agent implementationshould be like...● Development ○ Python as the primary development tool ■ http://github.com/Mirantis/osagent/ ■ Generally cross-platformSharable code base● Packaging ○ pyInstaller is a really good solution to create standalone software packages in Python, no system integration required● Delivery ○ Explicit installation into golden image VMs for Windows ○ Automatic injection into Linux VMs on startup
    • An ideal channel for nova-compute<> agent communication would be ...● A virtual serial port ○ Simple & Secure ○ Supported by KVM, ESX, XenServer ○ Complicated guest side port discovery :( ○ No channel-level connectivity tracking :(● Cloud-init style metadata exchange ○ Vulnerable to spoofing and sniffing :( ○ Requires networking to be properly configured :(● Configuration drives ○ Nice for one-shot startup time configuration but seems weird for continuous usage ○ Too visible to end-user, thus more vulnerable● Anything else?
    • An ideal protocol for OpenStack <>agent communication would be ...● QEMU Guest Agent Protocol ○ Supposed to be used with serial-port like channels ○ Lightweight, text-based, easy to parse data format ○ Asynchronous messages support (ie. events) ○ It works!● Anything else?> { "execute": "guest-sync-delimited", "arguments": { "id": 123456 } }< { "return": 123456}> 7b 27 65 78 65 63 75 74 65 27 3a 27 67 75 65 73 74 2d 73 79 6e 63 2d 6465 6c 69 6d 69 74 65 64 27 2c 27 61 72 67 75 6d 65 6e 74 73 27 3a 7b 2769 64 27 3a 31 32 33 34 35 36 7d 7d 0a< ff 7b 22 72 65 74 75 72 6e 22 3a 20 31 32 33 34 35 36 7d 0a
    • Thank you for your cooperation! Artem Andreev, Mirantis Inc. aandreev@mirantis.com