The document summarizes updates and improvements to OpenStack storage services. Key points include:
- Efforts to improve high availability of Cinder APIs and services, including multipath support and active/active deployments.
- Enhancements for volume management such as attaching single volumes to multiple hosts, improved volume migration, and retype functionality.
- Updates to backup services including incremental backups, support for additional targets like NFS/POSIX, and improved integration with Swift.
- Disaster recovery features like consistency group enhancements and planned import/export of snapshots between Cinder installations.
- Work on deployment and rolling upgrades, including database cleanup utilities, object-based communication, and standardized driver
Manila, an update from Liberty, OpenStack Summit - TokyoSean Cohen
Manila is a community-driven project that presents the management of file shares (e.g. NFS, CIFS, HDFS) as a core service to OpenStack. Manila currently works with a variety of storage platforms, as well as a reference implementation based on a Linux NFS server.
Manila is exploding with new features, use cases, and deployers. In this session, we'll give an update on the new capabilities added in the Liberty release:
• Integration with OpenStack Sahara
• Migration of shares across different storage back-ends
• Support for availability zones (AZs) and share replication across these AZs
• The ability to grow and shrink file shares on demand
• New mount automation framework
• and much more…
As well as provide a quick look of whats coming up in Mitaka release with Share Replication demo
Protecting the Galaxy - Multi-Region Disaster Recovery with OpenStack and CephSean Cohen
IT organizations require a disaster recovery strategy addressing outages with loss of storage, or extended loss of availability at the primary site. Applications need to rapidly migrate to the secondary site and transition with little or no impact to their availability.This talk will cover the various architectural options and levels of maturity in OpenStack services for building multi-site configurations using the Mitaka release. We’ll present the latest capabilities for Volume, Image and Object Storage with Ceph as the backend storage solution, and look at the future developments the OpenStack and Ceph communities are driving to improve and simplify the relevant use cases.
Slides from OpenStack Austin Summit 2016 session: http://alturl.com/hpesz
Manila, an update from Liberty, OpenStack Summit - TokyoSean Cohen
Manila is a community-driven project that presents the management of file shares (e.g. NFS, CIFS, HDFS) as a core service to OpenStack. Manila currently works with a variety of storage platforms, as well as a reference implementation based on a Linux NFS server.
Manila is exploding with new features, use cases, and deployers. In this session, we'll give an update on the new capabilities added in the Liberty release:
• Integration with OpenStack Sahara
• Migration of shares across different storage back-ends
• Support for availability zones (AZs) and share replication across these AZs
• The ability to grow and shrink file shares on demand
• New mount automation framework
• and much more…
As well as provide a quick look of whats coming up in Mitaka release with Share Replication demo
Protecting the Galaxy - Multi-Region Disaster Recovery with OpenStack and CephSean Cohen
IT organizations require a disaster recovery strategy addressing outages with loss of storage, or extended loss of availability at the primary site. Applications need to rapidly migrate to the secondary site and transition with little or no impact to their availability.This talk will cover the various architectural options and levels of maturity in OpenStack services for building multi-site configurations using the Mitaka release. We’ll present the latest capabilities for Volume, Image and Object Storage with Ceph as the backend storage solution, and look at the future developments the OpenStack and Ceph communities are driving to improve and simplify the relevant use cases.
Slides from OpenStack Austin Summit 2016 session: http://alturl.com/hpesz
- Introduction to Kubernetes features
- A look at Kubernetes Networking and Service Discovery
- New features in Kubernetes 1.6
- Kubernetes Installation options
To know more about our Kubernetes expertise, visit our center of excellence at: http://www.opcito.com/kubernetes/
Kubernetes and OpenStack at Scale at OpenStack Summit Boston 2017
Imagine being able to stand up thousands of tenants with thousands of apps, running thousands of Docker-formatted container images and routes, all on a self-healing cluster and elastic infrastructure. Now, take that one step further - all of those images being updatable through a single upload to the registry, and with zero downtime. In this session, you will see just that.
In this presentation, we will walk through a recent benchmarking deployment using Kubernetes and OpenStack on the Cloud Native Computing Foundation’s (CNCF's) 1,000 node cluster with OpenStack and Red Hat’s OpenShift Container Platform, the enterprise-ready Kubernetes for developers.
You'll also what's been happening in subsequent rounds of testing in Red Hat's own SCALE lab and the CNCF cluster and how we are working with the relevant open source communities including OpenStack, Kubernetes, and Ansible to continue to raise the bar for horizontal scaling of these platforms via community powered innovation.
In this deck from the Docker Workshop at ISC 2015, Andreas Schmidt from Cassini Consulting describes Docker in a Nutshell
"As the newest flavor of Linux Containers, Docker gained a lot of momentum in the last 12 months. With a very convenient and open API-driven architecture Docker is able to help decrease the complexity of operations and increase the productivity of computation. During the last two years Andreas, Christian, and Wolfgang gained a lot of experience with Docker and were thrilled by its possible impact early on. Andreas started working with Docker in mid-2013 and is interested in developing tools for solving Enterprise IT requirements on networking and security. In 2014 he held talks and workshops about these topics. Christian started using Docker in 2013 to virtualize a complete HPC cluster stack and since then held multiple talks about how Docker might impact HPC. Wolfgang and his partner Burak Yenier introduced Docker as a corner-stone of the UberCloud Marketplace to drastically improve and simplify access to HPC cloud resources. UberCloud just announced their new containers for computational fluid dynamics software like Fluent, STAR-CCM+ and OpenFOAM."
Watch the video presentation: http://wp.me/p3RLHQ-enP
Sign up for our insideHPC Newsletter: http://insidehpc.com/newsletter
Discover the story behind XCP-ng, the free community build of XenServer. Why we did it, and how we built it, from technical and community perspective. And finally, what's coming next.
A short presentation at a CSC internal workshop of the prospects of using container technologies, especially Docker, in the context of High Performance Computing (HPC).
Have you ever tried Java on AWS Lambda but found that the cold-start latency and memory usage were far too high? In this session, we will show how we optimized Java for serverless applications by leveraging GraalVM with Quarkus to provide both supersonic startup speed and a subatomic memory footprint.
To Russia with Love: Deploying Kubernetes in Exotic Locations On PremCloudOps2005
Michael Wojcikiewicz, Container Solutions Architect at CloudOps, showed the communities in Montreal and Kitchener-Waterloo how to deploy Kubernetes on prem at the Kubernetes + Cloud Native meetups for March, 2019.
In this video from the Docker Workshop at ISC 2015, Christian Kniep from QNIB Solutions shows how he uses Docker in his efforts to provide a HPC software stack in a box, encapsulating each layer in the HPC stack within a Linux Container.
Watch the video presentation: http://wp.me/p3RLHQ-eos
Learn more: http://qnib.org/about/
OSDC 2018 | Three years running containers with Kubernetes in Production by T...NETWAYS
The talk gives a state of the art update of experiences with deploying applications in Kubernetes on scale. If in clouds or on premises, Kubernetes took over the leading role as a container operating system. The central paradigm of stateless containers connected to storage and services is the core of Kubernetes. However, it can be extended to distributed databases, Machine Learning, Windows VMs in Kubernetes. All these applications have been considered as edge cases a few years ago, however, are going more and more mainstream today.
Securing & Monitoring Your K8s Cluster with RBAC and Prometheus”.Opcito Technologies
Opcito Technologies is a proud partner with Kubernetes, an open-source system for container orchestration.
We will be talking about:
• Features of Kubernetes 1.6
• RBAC Configurations
• RBAC Use Cases
• Running Prometheus in Kubernetes
• Prometheus Operator - Deployment, Cluster & Service Monitoring
OSDC 2018 | Self Hosted bare Metal Kubernetes for SMEs by Thomas HoppeNETWAYS
We recently moved our workloads onto a self Hosted K8s environment starting from Bare Metal. In this talk I would like to explain why and how and share our lessons learned.
KubeCon NA, Seattle, 2016: Performance and Scalability Tuning Kubernetes for...Jeremy Eder
earn tips and tricks on how to best configure and tune your container infrastructure for maximum performance and scale. The Performance Engineering Group at Red Hat is responsible for performance of the complete container portfolio, including Docker, RHEL Atomic, Kubernetes and OpenShift. We will share: - Latest Performance Features in OpenShift, Docker and RHEL Atomic, tips and tricks on how to best configure and tune your system for maximum performance and scale - Latest performance and scale test results, using RHEL Atomic, OpenvSwitch, Cockpit multi-server container management - DevOps, Agile approach to Performance Analysis of OpenShift, Kubernetes, Docker and RHEL Atomic - Test harness code and example scripts
Audience
The audience is anyone interested in deploying containers to run performance sensitive workloads, as well as architecting highly scalable distributed systems for hosting those workloads. This includes workloads that require NUMA awareness, direct hardware access and kernel-bypass I/O.
OSDC 2018 | From batch to pipelines – why Apache Mesos and DC/OS are a soluti...NETWAYS
Apache Mesos is a distributed system for running other distributed systems, often described as a distributed kernel. It’s in use at massive scale at some of the worlds largest companies like Netflix, Uber and Yelp, abstracting entire data centres of hardware to allow for workloads to be distributed efficiently. DC/OS is an open source distribution of Mesos, which adds all the functionality to run Mesos in production across any substrate, both on-premise and in the cloud. In this talk, I’ll introduce both Mesos and DC/OS and talk about how they work under the hood, and what the benefits are of running these new kinds of systems for emerging cloud native workloads.
OSDC 2018 | Scaling & High Availability MySQL learnings from the past decade+...NETWAYS
The MySQL world is full of tradeoffs and choosing a High Availability (HA) solution is no exception. This session aims to look at all of the alternatives in an unbiased nature. While the landscape will be covered, including but not limited to MySQL replication, MHA, DRBD, Galera Cluster, etc. the focus of the talk will be what is recommended for today, and what to look out for. Thus, this will include extensive deep-dive coverage of ProxySQL, semi-sync replication, Orchestrator, MySQL Router, and Galera Cluster variants like Percona XtraDB Cluster and MariaDB Galera Cluster. I will also touch on group replication.
Learn how we do this for our nearly 4000+ customers!
OpenNebula Conf 2014 | Cloud Automation for OpenNebula by Kishorekumar Neelam...NETWAYS
Kishore works with the engineering team in building the open source product with a future focussed cloud technical strategy for “Megam – Cloud Automation Platform “http://gomegam.com”. In his prior incarnation Kishore has worked as an Architect in complex system integration projects for Airport systems with high availability. Kishore has avid experience in architecting large scale build and packaging tools for mainframe platform integrated via thin clients and eclipse IDE.
Cinder project update at OpenStack Boston Summit May 2017Miroslav Halas
Join the Project Team Leader of Cinder and core contributors for a “project update” reflecting on the Ocata cycle and additional discussion of future development activity.
We dig into major issues and user needs, and how those needs can be addressed in current and future development. We also discuss hot topics from the Project Teams Gathering, and major development decisions agreed by the team.
Get an in-depth look at the top features and enhancements Cinder plans to deliver in the Pike release in August. Then look beyond Pike to the Queens and “R” releases to learn more about major development themes such as scalability, manageability, resiliency and user experience that the team intends to tackle in the long term.
Developers who are interested in contributing to this project are strongly encouraged to attend, as are users and product managers who want to know more about this project’s latest features, their value to users, and the development team’s roadmap.
https://www.openstack.org/summit/boston-2017/summit-schedule/events/18588/project-update-cinder
- Introduction to Kubernetes features
- A look at Kubernetes Networking and Service Discovery
- New features in Kubernetes 1.6
- Kubernetes Installation options
To know more about our Kubernetes expertise, visit our center of excellence at: http://www.opcito.com/kubernetes/
Kubernetes and OpenStack at Scale at OpenStack Summit Boston 2017
Imagine being able to stand up thousands of tenants with thousands of apps, running thousands of Docker-formatted container images and routes, all on a self-healing cluster and elastic infrastructure. Now, take that one step further - all of those images being updatable through a single upload to the registry, and with zero downtime. In this session, you will see just that.
In this presentation, we will walk through a recent benchmarking deployment using Kubernetes and OpenStack on the Cloud Native Computing Foundation’s (CNCF's) 1,000 node cluster with OpenStack and Red Hat’s OpenShift Container Platform, the enterprise-ready Kubernetes for developers.
You'll also what's been happening in subsequent rounds of testing in Red Hat's own SCALE lab and the CNCF cluster and how we are working with the relevant open source communities including OpenStack, Kubernetes, and Ansible to continue to raise the bar for horizontal scaling of these platforms via community powered innovation.
In this deck from the Docker Workshop at ISC 2015, Andreas Schmidt from Cassini Consulting describes Docker in a Nutshell
"As the newest flavor of Linux Containers, Docker gained a lot of momentum in the last 12 months. With a very convenient and open API-driven architecture Docker is able to help decrease the complexity of operations and increase the productivity of computation. During the last two years Andreas, Christian, and Wolfgang gained a lot of experience with Docker and were thrilled by its possible impact early on. Andreas started working with Docker in mid-2013 and is interested in developing tools for solving Enterprise IT requirements on networking and security. In 2014 he held talks and workshops about these topics. Christian started using Docker in 2013 to virtualize a complete HPC cluster stack and since then held multiple talks about how Docker might impact HPC. Wolfgang and his partner Burak Yenier introduced Docker as a corner-stone of the UberCloud Marketplace to drastically improve and simplify access to HPC cloud resources. UberCloud just announced their new containers for computational fluid dynamics software like Fluent, STAR-CCM+ and OpenFOAM."
Watch the video presentation: http://wp.me/p3RLHQ-enP
Sign up for our insideHPC Newsletter: http://insidehpc.com/newsletter
Discover the story behind XCP-ng, the free community build of XenServer. Why we did it, and how we built it, from technical and community perspective. And finally, what's coming next.
A short presentation at a CSC internal workshop of the prospects of using container technologies, especially Docker, in the context of High Performance Computing (HPC).
Have you ever tried Java on AWS Lambda but found that the cold-start latency and memory usage were far too high? In this session, we will show how we optimized Java for serverless applications by leveraging GraalVM with Quarkus to provide both supersonic startup speed and a subatomic memory footprint.
To Russia with Love: Deploying Kubernetes in Exotic Locations On PremCloudOps2005
Michael Wojcikiewicz, Container Solutions Architect at CloudOps, showed the communities in Montreal and Kitchener-Waterloo how to deploy Kubernetes on prem at the Kubernetes + Cloud Native meetups for March, 2019.
In this video from the Docker Workshop at ISC 2015, Christian Kniep from QNIB Solutions shows how he uses Docker in his efforts to provide a HPC software stack in a box, encapsulating each layer in the HPC stack within a Linux Container.
Watch the video presentation: http://wp.me/p3RLHQ-eos
Learn more: http://qnib.org/about/
OSDC 2018 | Three years running containers with Kubernetes in Production by T...NETWAYS
The talk gives a state of the art update of experiences with deploying applications in Kubernetes on scale. If in clouds or on premises, Kubernetes took over the leading role as a container operating system. The central paradigm of stateless containers connected to storage and services is the core of Kubernetes. However, it can be extended to distributed databases, Machine Learning, Windows VMs in Kubernetes. All these applications have been considered as edge cases a few years ago, however, are going more and more mainstream today.
Securing & Monitoring Your K8s Cluster with RBAC and Prometheus”.Opcito Technologies
Opcito Technologies is a proud partner with Kubernetes, an open-source system for container orchestration.
We will be talking about:
• Features of Kubernetes 1.6
• RBAC Configurations
• RBAC Use Cases
• Running Prometheus in Kubernetes
• Prometheus Operator - Deployment, Cluster & Service Monitoring
OSDC 2018 | Self Hosted bare Metal Kubernetes for SMEs by Thomas HoppeNETWAYS
We recently moved our workloads onto a self Hosted K8s environment starting from Bare Metal. In this talk I would like to explain why and how and share our lessons learned.
KubeCon NA, Seattle, 2016: Performance and Scalability Tuning Kubernetes for...Jeremy Eder
earn tips and tricks on how to best configure and tune your container infrastructure for maximum performance and scale. The Performance Engineering Group at Red Hat is responsible for performance of the complete container portfolio, including Docker, RHEL Atomic, Kubernetes and OpenShift. We will share: - Latest Performance Features in OpenShift, Docker and RHEL Atomic, tips and tricks on how to best configure and tune your system for maximum performance and scale - Latest performance and scale test results, using RHEL Atomic, OpenvSwitch, Cockpit multi-server container management - DevOps, Agile approach to Performance Analysis of OpenShift, Kubernetes, Docker and RHEL Atomic - Test harness code and example scripts
Audience
The audience is anyone interested in deploying containers to run performance sensitive workloads, as well as architecting highly scalable distributed systems for hosting those workloads. This includes workloads that require NUMA awareness, direct hardware access and kernel-bypass I/O.
OSDC 2018 | From batch to pipelines – why Apache Mesos and DC/OS are a soluti...NETWAYS
Apache Mesos is a distributed system for running other distributed systems, often described as a distributed kernel. It’s in use at massive scale at some of the worlds largest companies like Netflix, Uber and Yelp, abstracting entire data centres of hardware to allow for workloads to be distributed efficiently. DC/OS is an open source distribution of Mesos, which adds all the functionality to run Mesos in production across any substrate, both on-premise and in the cloud. In this talk, I’ll introduce both Mesos and DC/OS and talk about how they work under the hood, and what the benefits are of running these new kinds of systems for emerging cloud native workloads.
OSDC 2018 | Scaling & High Availability MySQL learnings from the past decade+...NETWAYS
The MySQL world is full of tradeoffs and choosing a High Availability (HA) solution is no exception. This session aims to look at all of the alternatives in an unbiased nature. While the landscape will be covered, including but not limited to MySQL replication, MHA, DRBD, Galera Cluster, etc. the focus of the talk will be what is recommended for today, and what to look out for. Thus, this will include extensive deep-dive coverage of ProxySQL, semi-sync replication, Orchestrator, MySQL Router, and Galera Cluster variants like Percona XtraDB Cluster and MariaDB Galera Cluster. I will also touch on group replication.
Learn how we do this for our nearly 4000+ customers!
OpenNebula Conf 2014 | Cloud Automation for OpenNebula by Kishorekumar Neelam...NETWAYS
Kishore works with the engineering team in building the open source product with a future focussed cloud technical strategy for “Megam – Cloud Automation Platform “http://gomegam.com”. In his prior incarnation Kishore has worked as an Architect in complex system integration projects for Airport systems with high availability. Kishore has avid experience in architecting large scale build and packaging tools for mainframe platform integrated via thin clients and eclipse IDE.
Cinder project update at OpenStack Boston Summit May 2017Miroslav Halas
Join the Project Team Leader of Cinder and core contributors for a “project update” reflecting on the Ocata cycle and additional discussion of future development activity.
We dig into major issues and user needs, and how those needs can be addressed in current and future development. We also discuss hot topics from the Project Teams Gathering, and major development decisions agreed by the team.
Get an in-depth look at the top features and enhancements Cinder plans to deliver in the Pike release in August. Then look beyond Pike to the Queens and “R” releases to learn more about major development themes such as scalability, manageability, resiliency and user experience that the team intends to tackle in the long term.
Developers who are interested in contributing to this project are strongly encouraged to attend, as are users and product managers who want to know more about this project’s latest features, their value to users, and the development team’s roadmap.
https://www.openstack.org/summit/boston-2017/summit-schedule/events/18588/project-update-cinder
I invite you to come and listen to my presentation about how Openstack and Gluster are integrating together in both Cinder and Swift.
I will give a brief description about Openstack storage components (Cinder, Swift and Glance) , followed by an intro to Gluster, and then present the integration points and some preferred topology and configuration between gluster and openstack.
Database as a Service (DBaaS) on KubernetesObjectRocket
Learn about ObjectRocket's adventures in Kubernetes. We'll cover why we chose Kubernetes for our DBaaS platform, the challenges we faced, and how we overcame them. A presentation for DevWeek Austin 2018.
[WSO2Con EU 2018] Architecting for a Container Native EnvironmentWSO2
Containers are becoming the standard way to package and deploy applications. Going beyond just containers, enterprise apps increasingly depend on a large set of ecosystem projects providing rich features such as high availability, sidecar architecture patterns for security/monitoring, and distributed tracing. Running an existing application on a container doesn't automatically make it container native. This discussion explores architectural choices for making applications and integration services first class citizens in a container native environment.
Cinder Block Storage Service project overview and update. Highlights from the Train release, state of the project, and planning for the Ussuri development cycle.
Webinar: OpenEBS - Still Free and now FASTEST Kubernetes storageMayaData Inc
Webinar Session - https://youtu.be/_5MfGMf8PG4
In this webinar, we share how the Container Attached Storage pattern makes performance tuning more tractable, by giving each workload its own storage system, thereby decreasing the variables needed to understand and tune performance.
We then introduce MayaStor, a breakthrough in the use of containers and Kubernetes as a data plane. MayaStor is the first containerized data engine available that delivers near the theoretical maximum performance of underlying systems. MayaStor performance scales with the underlying hardware and has been shown, for example, to deliver in excess of 10 million IOPS in a particular environment.
Slides presented at Percona Live Europe Open Source Database Conference 2019, Amsterdam, 2019-10-01.
Imagine a world where all Wikipedia articles disappear due to a human error or software bug. Sounds unreal? According to some estimations, it would take an excess of hundreds of million person-hours to be written again. To prevent that scenario from ever happening, our SRE team at Wikimedia recently refactored the relational database recovery system.
In this session, we will discuss how we backup 550TB of MariaDB data without impacting the 15 billion page views per month we get. We will cover what were our initial plans to replace the old infrastructure, how we achieved recovering 2TB databases in less than 30 minutes while maintaining per-table granularity, as well as the different types of backups we implemented. Lastly, we will talk about lessons learned, what went well, how our original plans changed and future work.
The OpenEBS Hangout #4 was held on 22nd December 2017 at 11:00 AM (IST and PST) where a live demo of cMotion was shown . Storage policies of OpenEBS 0.5 were also explained
Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...javier ramirez
QuestDB es una base de datos open source de alto rendimiento. Mucha gente nos comentaba que les gustaría usarla como servicio, sin tener que gestionar las máquinas. Así que nos pusimos manos a la obra para desarrollar una solución que nos permitiese lanzar instancias de QuestDB con provisionado, monitorización, seguridad o actualizaciones totalmente gestionadas.
Unos cuantos clusters de Kubernetes más tarde, conseguimos lanzar nuestra oferta de QuestDB Cloud. Esta charla es la historia de cómo llegamos ahí. Hablaré de herramientas como Calico, Karpenter, CoreDNS, Telegraf, Prometheus, Loki o Grafana, pero también de retos como autenticación, facturación, multi-nube, o de a qué tienes que decir que no para poder sobrevivir en la nube.
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst ITOpenStack
Audience: Advanced
About: Real world lessons and war stories about Catalyst IT’s experience in rolling out an OpenStack based public cloud in New Zealand.
This presentation will provide tips and advice that may save you a lot of time, money and nights of sleep if you are planning to run OpenStack in the future. It may also bring some insights to people that are already running OpenStack in production.
Topics covered will include: selection of hardware for optimal costs, techniques that drive quality and service levels up, common deployment mistakes, in place upgrades, how to identify the maturity level of each project and decide what is ready for production, and much more!
Speaker Bio: Bruno Lago – Entrepreneur, Catalyst IT Limited
Bruno Lago is a solutions architect that has been involved with the Catalyst Cloud (New Zealand’s first public cloud based on OpenStack) from its inception. He is passionate about open source software, cloud computing and disruptive technologies.
OpenStack Australia Day - Sydney 2016
https://events.aptira.com/openstack-australia-day-sydney-2016/
Pluggable Infrastructure with CI/CD and DockerBob Killen
The docker cluster ecosystem is still young, and highly modular. This presentation covers some of the challenges we faced deciding on what infrastructure to deploy, and a few tips and tricks in making both applications and infrastructure easily adaptable.
Watch this Tech Talk: https://do.co/video_pgupta
An introduction into the world of containers and the orchestration ecosystem, and how Kubernetes can help software developers and cloud infrastructure engineers be more agile, efficient, and productive.
Containers and Kubernetes have changed the infra world for good, bringing agility, efficiency, and more productivity. Still thinking about how to get started with Kubernetes? This talk is designed to give you an introduction into the world of containers and the orchestration ecosystem.
What You'll Learn
- Introduction to containers and microservices
- Introduction to Kubernetes and how it can help
- Essential Kubernetes building blocks (“primitives”) for getting started
About the Presenter
Peeyush Gupta is a cloud enthusiast with 5+ years of experience in developing cloud platforms and helping customers migrate their legacy applications to cloud. He has also been a speaker at multiple meetups and serves the developer community as part of Kubernetes contributor experience group. He is currently working with DigitalOcean as a Senior Developer Advocate.
New to DigitalOcean? Get US $100 in credit when you sign up: https://do.co/deploytoday
To learn more about DigitalOcean: https://www.digitalocean.com/
Follow us on Twitter: https://twitter.com/digitalocean
Like us on Facebook: https://www.facebook.com/DigitalOcean
Follow us on Instagram: https://www.instagram.com/thedigitalocean/
We're hiring: http://do.co/careers
Storage 101: Rook and Ceph - Open Infrastructure Denver 2019Sean Cohen
Starting from the basics, we explore the advantages of using Rook as a Storage operator to serve Ceph storage, the leading Software-Defined Storage platform in the Open Source world. Ceph automates the internal storage management, while Rook automates the user-facing operations and effectively turns a storage technology into a service transparent to the user. The combination delivers an impressive improvement in UX and provides the ideal storage platform for Kubernetes.
A comprehensive examination of use cases and open problems will complement our review of the Rook architecture. We will deep-dive into what Rook does well, what it does not do (yet), and what trade-offs using a storage operator involves operationally. With live access to a running cluster, we will showcase Rook in action as we discuss its capabilities.
https://www.openstack.org/summit/denver-2019/summit-schedule/events/23515/storage-101-rook-and-ceph
How to Survive an OpenStack Cloud Meltdown with CephSean Cohen
What if you lost your datacenter completely in a catastrophe, but your users hardly noticed? Sounds like a mirage, but it’s absolutely possible.
This talk will showcase OpenStack features enabling multisite and disaster recovery functionalities. We’ll present the latest capabilities of OpenStack and Ceph for Volume and Image Replication using Ceph Block and Object as the backend storage solution, as well as look at the future developments they are driving to improve and simplify the relevant architecture use cases, such as Distributed NFV, an emerging use case that rationalizes your IT by using less control planes and allows you to spread your VNF on multiple datacenters and edge deployments.
In this session you will learn about wew OpenStack features enabling Multisite and distributed deployments, as well as review key use cases, architecture design and best practices to help operations avoid the OpenStack cloud Meltdown nightmare.
https://youtu.be/n2S7uNC_KMw
https://goo.gl/cRNGBK
3-2-1 Action! Running OpenStack Shared File System Service in ProductionSean Cohen
As OpenStack’s Shared File System Service is getting more and more adoption as one of top leading emerging projects in OpenStack deployments (according to the last OpenStack foundation user survey), we would like to share some of the key customers use cases such as DevOps, Containers and Enterprise Applications as well review the latest Newton release project updates towards delivering a production-grade deployments.
Slides from OpenStack Summit Barcelona,, October 25, 2016
Session video: https://www.youtube.com/watch?v=F5o-EbESNr8
Peanut Butter and jelly: Mapping the deep Integration between Ceph and OpenStackSean Cohen
Ceph is the most widely deployed storage technology used with OpenStack, most often because it's an open source, massively scalable, unified software-defined storage solution. Its popularity is also due to its unique and optimized technical integration with the OpenStack services and its pure-software approach to scaling. In this session, we'll review how Ceph is integrated into Nova, Glance, Keystone, Cinder, and Manila and demonstrate why using traditional storage products won’t give you the full benefits of an elastic cloud infrastructure. We’ll also cover the flexible deployment options, available through Red Hat Enterprise Linux OpenStack Platform and Red Hat Ceph Storage, for seamless operations and key scenarios like disaster recovery. We'll discuss architectural options for deploying a multisite OpenStack cluster and cover the varying levels of maturity in the OpenStack services for configuring multisite. This session will also show how other technologies are using OpenStack Ceph to increase performance and reduce power consumption, such as Intel SSDs. This will include reference architectures and best practices for Ceph and SSDs.
Dude where's my volume, open stack summit vancouver 2015Sean Cohen
"Dude, where's my volume? A guide to storage backup, migration, and replication with OpenStack Cinder"
OpenStack Cinder now has a wide variety of options for moving and copying storage volumes, but it's not always clear which API calls are designed for which use cases. In this talk, we'll review the storage management workflows for disaster recovery, performance management, and day-to-day operational maintenance using Ceph as an example storage backend. We'll focus on both single and multi-site options for both end users and OpenStack administrators, so attendees should find ways to sleep easier at night knowing how to look after their data.
https://openstacksummitmay2015vancouver.sched.org/event/de8516a550835a338d09634143bed655?iframe=yes&w=i:0;&sidebar=yes&bg=no#?iframe=yes&w=i:0;&sidebar=yes&bg=no
When disaster strikes the cloud: Who, what, when, where and how to recoverSean Cohen
Enterprise applications needs to be able to survive large scale disasters. While some born-on-the-cloud applications have built-in disaster recovery functionality, non-born-on-the-cloud enterprise applications typically expect the infrastructure to provide disaster recovery support. OpenStack provides various building blocks that enable an OpenStack application to survive a disaster; these building blocks are being improved in Juno and Kilo. Some of these building blocks need to be enabled by the OpenStack cloud administrator and others need to be leveraged by the application deployer. In this presentation, we will review basic disaster recovery concepts covering when, where, and what is done at each stage of the application cloud life-cycle. We will describe the existing building blocks and we will explain the roles of cloud administrator and the cloud end-user, in enabling OpenStack applications to survive a disaster. We will then detail new features in Juno and coming in Kilo that will help enhance OpenStack's disaster recovery support. We will conclude by detailing the remaining gaps and present some tools that address these gaps, allowing an application to survive a disaster when running on an OpenStack cloud.
OpenStack Summit Session: https://youtu.be/Dj5sELG9keE
Deterministic capacity planning for OpenStack as elastic cloud infrastructureSean Cohen
Capacity planning for elastic cloud infrastructure platforms like OpenStack is critical for successful deployments. The proper sizing of compute resources within OpenStack allows for easier scheduling, optimal efficiency in hardware utilization, and consistency of resource allocation.
Google Compute Engine and Amazon Web Services offer deterministic compute resources designed to meet both cloud provider business requirements and cloud consumer service-level requirements. In this session, we'll explore these public provider approaches, extend them to OpenStack, and provide sizing data and tools to help with your deployment.
In this session, Keith Basil, Sean Cohen, and Tushar Katarki discuss:
-Approaches for providing consistent compute service levels in OpenStack.
-Building instance families for your workloads.
-Sizing compute node for OpenStack.
-Storage & Network sizing or elastic clouds
- Capacity planning tools & benchmarks
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Monitoring Java Application Security with JDK Tools and JFR Events
The road to enterprise ready open stack storage as service
1. The Road to Enterprise-Ready
OpenStack Storage as Service
2. Today’s Presenters
Sean Cohen Jon Bernard Flavio Percoco
Principal Product
Manager
Red Hat
Senior Software
Engineer
Red Hat
Senior Software
Engineer
Red Hat
2
4. DIVIDERHigh Availability
● High Availability of APIs/Services Goals
○ All services that power the OpenStack APIs should
be always on, and able to always respond even
during failure and massive stress.
○ Provide protection against HW & SW SPOFs (Single
Points of Failure)
5. DIVIDERHigh Availability
● Where are we today?
○ There are cases where the volume is left in
unrecoverable state and it is not possible to delete
the volume without administrator’s intervention
○ If a cinder-volume node dies during volume create
request processing for example, the volume will be in
unresolved state.
6. DIVIDERHigh Availability
● Where are we today?
○ Cinder volume service run in Active/Active state
which is not safe
■ Non-Atomic state transitions in the API may end in
race conditions.
■ Consistent replications of these nodes are currently
not possible.
7. DIVIDERHigh Availability... new in Kilo
● Cinder - iSCSI Multipath
■ nova-compute support multipath for iSCSI volume data
path. However, some arrays only respond to discovery
with a single portal address, even if secondary portals
are available.
■ Cinder now can return multiple iSCSI paths
information so that the connector can attach volumes
even when the primary path is down.
■ Cinder side was completed in Kilo, while the Nova
enablement work is still ahead.
8. Instance Migration
Horizon - Migrate all instances from host
● Allow administrators to migrate all instances from host marked
for maintenance via Horizon in a “Push button” fashion as
available in command line.
● “Migrate instances” button allow administrators to use simpler
way of preparing host for maintenance actions in Horizon
○ Useful in upgrades scenarios.
○ Test/perform manual disaster recovery.
9.
10. DIVIDERThe Road to Active-Active
● Cinder State Enforcer
○ Long standing work to improve Cinder volume’s states
management and reliability, and to improve failure
tolerance.
○ In order to mitigate the concurrent resource access
problems in Cinder, work was done in the last cycles to
refactor the concept of a lock to be a set of allowed and
disallowed state transitions (instead of acquiring local
filesystem locks in the manager processes) by
implementing a new `enforcer` model.
11. DIVIDERThe Road to Active-Active
● Active / Active cinder-volume
○ Effort in Liberty cycle to address issues around:
■ Local file locks in cinder-volume - need to enhance the
lock reporting to Nova based on the volume active
state.
■ DB accesses in drivers - need to be minimized or
limited at all.
■ Nova is inspecting internal state of cinder volumes to
determine if it can take an action, rather than properly
delegating the attach/detach work.
12. DIVIDERThe Road to Active-Active
● Task Flow for managing create volumes tasks
○ There are few corner cases where the volume is left in
unrecoverable state and it is not possible to delete the
volume without administrator’s intervention.
○ The improvements of state management can get us a step
closer to Active-Active safe operations.
○ The road to Active-Active should be spreading the use of
state management (taskflows) to to cover Cinder
operations beyond volume creation tasks
13. DIVIDERVolume Management
● Cinder - Attach a single volume to multiple hosts
○ In order to support Hypervisor/Application clusters level, a
single volume would need to be exported to multiple host.
○ The patch that adds the multiattach flag to volumes was
merged in Cinder during the Kilo release.
○ However we are still missing the Nova and python-
cinderclient patches to provide support for multiple
attachments.
14. DIVIDERVolume Management
● Volume Migration - Retype initiated
○ One of the biggest problems around volume migration is the
confusion around volume migration and retype.
■ Volume Retype will trigger a migration only if a user has
requested it (not by default)
15. DIVIDERVolume Management in Liberty
● Volume Migration with file I/O instead of iSCSI
attachment
○ Currently when migrating a volume between two backends,
the copy_volume_data routine in the source volume's driver
is executed to move the blocks from one volume to another.
This routine assumes that both source and destination
volumes can be attached locally (e.g. iSCSI)
○ Add the ability to migrate volumes of drivers that don’t
support iSCSI such as Ceph RBD.
17. Backup improvements
Incremental backup
● Cinder Backup API was extended to support snapshot based
backups, where the volume can remain online and in-use for
the duration of the operation. (Swift or NFS target)
○ The enhancement also included performing a backup from a
snapshots.
○ New cinder backup CLI was added: --incremental or --incr
○ swift.py creates sha256 file for every backup to calculate deltas
○ During restore, if a differential backup needs to be restored, the
restore process first restores the full backup.
18. Backup improvements
NFS & POSIX Backup
• Cinder Backup has now support to use NFS/POSIX supplied
data repository as backup target with two new drivers in place.
Backup Support for Encrypted Volumes
• The Cinder backup includes now a clone of the volume's
encryption key UUID so that the encryption key is available
when the backup is restored.
19. Backup improvements
Nova - Support for quiescing file-systems during image
snapshot
• Using QEMU guest agent
• With this new feature, users can create a snapshot image with
consistent file systems state while the instances are running
(it requires QEMU Guest Agent to be installed in a KVM
instance).
• Useful for taking a quick backup before installing or upgrading
softwares / Can set to run automatically every night etc.
20. Backup improvements
Swift - Erasure Coding
• Erasure coding is a storage policy designed to reduce
storage costs associated with massive amounts of data (by
providing an option that maintains the same, or better, level of
durability using much less disk space)
• Can be very useful when performing volume backup to a Swift
object storage system, as backups are typically large
compressed objects and are infrequently read once they have
been written to the storage system.
21. DIVIDERBackup improvements… in Liberty
● Cinder - Scaling Backup Service
○ Currently the Backup service must scale up rather than out.
○ The Backup service and cinder volume drivers are coupled
so that all must run together on a single node - By breaking
the coupling between backup service and volume drivers, it
will allow the service to scale out.
● Swift - Fast Posting
○ Where a POST to an object will trigger a container update.
○ Allow for updating objects metadata through POST
semantics and still guarantee data consistency in the
container.
23. Disaster Recovery
Cinder - Consistency groups enhancements
• Added the ability to add/remove volumes from an existing
consistency group.
• Added the ability to create a consistency group from an
existing consistency group snapshot.
• Support creation of a cg_volume types table (to overcome the
limitation of the current solution which stores all volume type
uuids in one column of the CG table).
24. Disaster Recovery… in Liberty
The OpenStack snapshot mechanism allows you to create new
images from running instances. This is very convenient for
upgrading base images or for taking a published image and
customizing it for local use. But what about external use?
Cinder - Import/Export snapshots
● Allows to import volumes snapshot from one Cinder to
another.
● Allows to import "non" openstack snapshots already on a
backend-device. Where, export snapshots should work the
same way as export volumes.
25. Disaster Recovery… in Liberty
Cinder - Volume Replication V2
● Things we’ve missed in V1:
■ Replication between Cinders
● Currently we have basic replication in a single
Cinder deployment.
■ Consistency data replication
● Align CG design and volume-replication spec, one
CG could support different volume-types, where the
volume-type to decide which volume-replication is
going to be created and added to CG.
26. DIVIDERDeployment & Rolling Upgrades
● Image Introspection
○ A new task has been added to Glance’s v2, which makes
it possible for introspecting image’s metadata and
populate it.
● Image Conversion
○ A new task has been added to Glance’s v2, which makes
it possible for converting images on import.
○ Useful to unify stored image types and use a type that
works better with the hypervisor and the storage backend.
○ Current supported formats are: raw <-> qcow2
28. DIVIDERDeployment & Rolling Upgrades
● Cinder DB Purge Utility
○ Very long lived Openstack installations will carry around
database rows for years and years.
○ Operators need to have the ability to purge deleted rows,
possibly on a schedule (cron job) or as needed before an
upgrade, prior to maintenance.
○ The new utility allows you to clean up rows that are
already marked as deleted of a certain specified age.
■ The age is calculated as timedelta in days, which are
given at command line.
29. DIVIDERDeployment & Rolling Upgrades
● Implement force_detach to allow safe cleanup of
stuck volumes
○ For volumes stuck in 'attaching' or 'detaching' , there is no
safe way to cleanup that involves the backend storage.
○ Using python-cinderclient 'reset-state' will only change the
Cinder database, and may leave the volume exported to
the compute host, and may leave an entry in Nova's
database that prevents the volume from being re-used.
○ This also need to be addressed by the Nova side.
30. DIVIDERDeployment & Rolling Upgrades … in Liberty
● Cinder Objects
○ Supporting rolling upgrades by using versioned objects.
○ These objects are isolated from the schema and contain
the required information for communications and
operations.
○ These objects can be sent over RPC.
○ Work started in Kilo.
31. DIVIDERDeployment & Rolling Upgrades … in Liberty
● Cinder Storage Policies - Standard Capabilities
○ Goals:
■ Provide standard capabilities from drivers that the cloud
administrator can specify from volume types.
■ Improve the visibility of what policies are possible with your
storage solution via Cinder client and Horizon.
○ Capabilities need to be exposed to the admin from Cinder, so that
Cinder is not limiting what storage backends can do.
■ These capabilities can include, but are not limited to QoS,
replication factor, bandwidth control, etc.
33. DIVIDERSecurity
● Cinder - Private Volume Types
○ With the new Cinder ability for defining private volume types, as
some volume types should only be restricted.
■ Private volumes for special needs where most users should
not be able to select these volumes.
■ Volume types are public by default
■ Private volume types can be created by setting the is_public
boolean field to False at creation time.
■ Access to a private volume type can be controlled by adding
or removing a project from it.
34. DIVIDERSecurity… in Liberty
● Glance - Image Signing and Encryption
○ Right now, there is no way to guarantee that image you asked Glance
for is the image you got in Nova.
○ This feature has been discussed in the past and it looks like it’ll finally
happen.
○ Image signing and encryption using Barbican as a key manager.
○ The goal is to guarantee image’s integrity.
● Horizon - Volume Encryption
■ Support for volume encryption through Horizon is almost there.
Some of the work is done but it was moved out of Kilo at the very
end.
35. DIVIDERSecurity… in Liberty
● Swift - Encryption At Rest
○ Currently objects are typically stored on disk as files in a standard
POSIX filesystem.
○ Provide option for Swift operators to have objects stored in an
encrypted form.
○ When disks reach end-of-life, they are discarded, and if not properly
wiped, may still contain data.
○ Swift will use AES in CTR mode with 256-bit keys, where the entire
object is encrypted as a single byte stream, as well as user
metadata with the same key.
○ Swift will probably want a keymaster that stores things in Barbican
at some point.
36. DIVIDERSecurity… in Liberty
● Swift - Composite Tokens & Service Accounts
○ Composite tokens allow other OpenStack services to store data
in Swift on behalf of a client so that neither the client nor the
service can update the data without both parties consent.
○ Example:
■ User requests that Nova save a snapshot of a VM.
■ Nova passes the request to Glance
■ Glance writes the image to a Swift container as a set of objects.
■ The user cannot modify the snapshot without also having a valid token
from the service.
■ Nor can the service update the data without a valid token from the
user.