Home > Blogs > OpenStack Blog for VMware

OpenStack and Kubernetes Better Together

Virtual machines and containers are two of my favorite technologies.  In today’s DevOps driven environment, deliver applications as microservices allows an organization to provide features faster.   Splitting a monolithic application into multiple portable fragments based on containers are often top of most organization’s digital transformation strategies.   Virtual Machines, delivered as IaaS, has been around since the late 90s, it is a way to abstract hardware to offer enhanced capabilities in fault tolerance, programmability, and workload scalability.  While enterprise IT large and small are scrambling to refactor application into microservices, the reality is IaaS are proven and often used to complement container based workloads:

1). We’ve always viewed the IaaS layer as an abstraction from the infrastructure to provide a standard way of managing and consolidate disparate physical resources. Resource abstraction is one of the many reasons most of the container today runs inside of Virtual machines.

2). Today’s distributed application consists of both Cattles and Pets.  Without overly generalizing, Pet workload tends to be “hand fed” and often have significant dependencies to the legacy OS that isn’t container compatible.  As a result, for most organizations, Pet workloads will continue to run as VMs.

3). While there are considerable benefits to containerize NFV workloads, current container implementation is not sufficient enough to meet 100% NFV workload needs.  See  IETF report for additional details.

4). Ability to “Right Size” the container host for dev/test workloads where multiple environments are required to perform different testings.

Instead of mutually exclusive, over time it’s been proven that two technologies complement each other.   As long as there are legacy workloads and better ways to manage and consolidate sets of diverse physical resources, Virtual Machines (IaaS) will co-exist to complement containers.

OpenStack IaaS and Kubernetes Container Orchestration:

It’s a multi-cloud world, and OpenStack is an important part of the mix. From the datacenter to NFV, due to the richness of its vendor-neutral API, OpenStack clouds are being deployed to meet needs of organizations needs in delivering public cloud like IaaS consumption in a private cloud data center.   OpenStack is also a perfect complement to K8S by providing underline services that are outside the scope of K8S.  Kubernetes deployments in most cases can leverage the same OpenStack components to simplify the deployment or developer experiences:

 

 

 

 

1). Multi-tenancy:  Create K8S cluster separation leveraging OpenStack Projects. Development teams have complete control over cluster resources in their project and zero visibility to other development teams or projects.

2). Infrastructure usage based on HW separation:  IT department often are the central broker for development teams across the entire organization. If Development team A funded X number of servers and Y for team B, OpenStack Scheduler can ensure K8S cluster resources always mapped to Hardware allocated to respective development teams.

3).  Infrastructure allocation based on quota:  Since deciding how much of your infrastructure to assign to different use cases can be tricky.  Organizations can also leverage OpenStack quota system to control Infrastructure usage.

4). Integrated user management:  Since most K8S developers are also IaaS consumers, leverage keystone backend simplifies user authentication for K8S cluster and namespace sharing.

5). Container storage persistence:  Since K8S pods are not durable, storage persistence is a requirement for most stateful workloads.   When leverage OpenStack Cinder backend, storage volume will be re-attached automatically after a pod restart (same or different node).

6). Security:  Since VM and containers will continue to co-exist for the majority of enterprise and NFV applications.  Providing uniform security enforcement is therefore critical.   Leverage Neutron integration with industry-leading SDN controllers such as the VMware NSX-T can simplify container security insertion and implementation.

7). Container control plane flexibility: K8S HA requirements require load balanced Multi-master and scaleable worker nodes.  When Integrated with OpenStack, it is as simple as leverage LBaaSv2 for master node load balancing.  Worker nodes can scale up and down using tools native to OpenStack.  WIth VMware Integrated OpenStack, K8S worker nodes can scale vertically as well using the VM live-resize feature.

Next Steps:

I will leverage VMware Integrated OpenStack (VIO) implementation to provide examples of this perfect match made in heaven. This blog is part 1 of a 4 part blog series:

1). OpenStack and Containers Better Together (This Post)

2). How to Integrate your K8S  with your OpenStack deployment

3). Treat Containers and VMs as “equal class citizens” in networking

4). Integrate common IaaS and CI / CD tools with K8S

Infrastructure as Code with VMware Integrated OpenStack

Historically, organizations had “racked and stacked” hardware, and then installed and configured software and applications for their IT needs. With advent of cloud computing, IT organizations could start taking advantage of virtualization to enable the on-demand provisioning of compute, network, and storage resources.  By using the CLI or GUI, users have been able to manually provision these resources. However, with manual provisioning, you carry the following risks:

  • Inconsistency due to human error, leading to deviations from the defined configuration.
  • Lack of agility by limiting the speed at which your organization can release new versions of services in response to customer needs.
  • Difficulty in attaining and maintaining compliance to corporate standards due to the absence of a repeatable process

 

 

 

 

 

Infrastructure as Code (IAC) solutions address these issues by allowing you to automate the entire configuration and provisioning process. In its essence, this concept allows IT teams to treat infrastructure the same way application developers treat their applications – with code. The definition of the infrastructure is in human readable software code. The code allows to script, in a declarative way, the final state that you want for your environment and when executed, your target environment is automatically provisioned. A recent blog on this topic by my colleague David Jasso referred to IAC paradigm as IT As Developer. For additional information on IAC, read the two Forrester reports: How A Sysadmin Becomes A Developer (Chris Gardner and Robert Stroud; Forrester Research; March 2017); Lead The I&O Software Revolution With Infrastructure-As-Code (Chris Gardner and Richard Fichera; Forrester Research; September 2017)

In this blog post I will show you how by using Terraform and VMware Integrated OpenStack (VIO), you describe and execute your target infrastructure configuration using code. Terraform allows developers to define their application infrastructure via editable text files ending in .tf extension. You can write Terraform configurations in either Terraform format (using the .tf extension) or in JSON format (using the .tf.json extension).  When executed, Terraform consumes the OpenStack API services from the VIO (OpenStack distribution from VMware) to provision the infrastructure as you have defined.  As a result, you can use these provisioning tools, in conjunction with VIO, to implement Infrastructure as code.

For those not familiar with VIO, VIO differentiates from upstream distribution in by making install, upgrade and maintenance operations simple, and leveraging VMware enterprise-grade infrastructure to provide the most stable release of OpenStack in the market.  In addition to OpenStack distribution, VIO is also helping bridge gaps in traditional OpenStack management monitoring and logging by making VMware enterprise-grade tools such as vRealize Operations Manager and Log Insight OpenStack aware with no customization.

  • Standard DefCore Compliant OpenStack Distribution delivered as an OVA
  • End to end support by VMware, OpenStack and SDDC infrastructure.
  • The best foundational Infrastructure for IaaS is available with vSphere Compute (Nova), NSX Networking (Neutron), vSphere Storage (Cinder / Glance)
  • OpenStack endpoint management and logging is simple and easy to perform with VMware vRealize Operations Manager for management, vRealize Log Insight for logging, and vRealize Business for chargeback analysis
  • Best way to leverage existing VMware investment in People, Skills, and Infrastructure

Let’s look at the structure of code that makes IAC possible. The first step in defining the configuration is defining all the variables a user needs to provide within the Terraform configuration – see example below. The variables can have default values. Putting as much site specific information as possible into variables (rather than hardcoding the configuration parameters) makes the code more reusable. Please note that the code below is for illustration only.  Complete example can be downloaded from here.

 

 

 

 

 

 

 

 

 

 

The next step in defining the configuration is identifying the provider. Terraform leverages multiple providers to talk to services such as AWS, Azure or VIO (OpenStack distribution from VMware).  In the example below we specify that the provider is OpenStack, using the variables that you defined earlier.

 

 

 

 

 

 

 

Next you define the resource configuration.  Resources are the basic building blocks of a Terraform configuration. In the example code below (please use it as an illustration), you use Terraform code, which in turn leverages VIO, to create the compute and network resource instances and then assigns network ID to the compute instance to stand a networked compute instance. As you will see in the example, the properties of a resource created may be passed as arguments to the instance creation step of the next resource, such as using Network ID from the ‘network’ resource created, when creating the resource ‘subnet’ in the code below.

 

 

 

 

 

 

 

 

 

 

Infrastructure as a code allows you to treat all aspects of operations as software and manage almost everything in code, including servers, storage, networks, log files, automated tests, deployment processes, and so on. The concept extends to making configuration changes as well.  When you want to make any infrastructure configuration changes, you can check out the configuration code files from your code repository management system such as git, edit it to make the changes you want, check-in that new version. So you can use git to make and track changes to your configuration code – just as developers do.

Summary:

In this blog post, we have shown how you can implement IAC paradigm by using Terraform, running on VIO.  Download 60-day VIO evaluation now and get started, or try out VIO 4.0 based VMware Integrated OpenStack Hands-on Lab, no installation required.

Best Practice Recommendations for Virtual Machine Live Resize

As computing demands increase, server resources must “grow” or “scale” to meet those requirements.   There are two basic ways to scale computing resources. The first is to add more VMs or “horizontally scale.” Say a web front end is using 90% of the allocated computing capacity. If traffic to the site increases, the current VM may not have enough CPU, memory, or disk available to keep up.  The site administrator could deploy an additional VM to support the growth in the workload.

 

 

 

 

 

 

 

Not all applications scale horizontally.  NFV workloads such as virtual routers or gateways may need to “vertically scale”.  For example, a virtual machine with 2 vCPU / 4 G memory may need to double it’s vCPU and memory rather than adding a second virtual machine.  While the OpenStack ecosystem offers many tools for horizontal scaling (Heat, Terraform, etc.), options for scaling up are much more limited.  The Nova project has a long-pending proposal for live resize (Hot Plug).  Unfortunately, this feature still hasn’t been implemented.  Without live-resize, to increase Memory/CPU/Disk of an instance, OpenStack must first power down the VM, migrate to a VM flavor that offers more CPU/Memory/Disk, finally power up the VM.   VM power down impacts SLA and can trigger cascading failure for NFV based workloads (route convergence, loops, etc.)

By leveraging the existing OpenStack resize API and recommendations introduced in the upstream live-resize specification, VMware Integrated OpenStack (VIO) 4.0 offers the ability to resize any machine, as long as the GuestOS supports it, without the need to power down the system. OpenStack users would issue the standard OpenStack resize request.  The VMDK driver examines the CPU/memory/disk changes specified by the flavor, and the setting of the virtual machine to determine whether the operation can be performed. If the guest OS supports live-resize, resources will be added without power down.  If guest OS cannot support live-resize, then traditional Nova instance resize operation takes place (which powers off the instance).

Best Practice Recommendations:

When implementing live-resize in your environment, be sure to follow the following recommendations:

  1. Cloud Admins or Application owners would need to indicate the GuestOS can handle live resize for a specific resource using image metadata “os_live_resize= <resource>.”  List of guest OS that supports hot plug / live-resize can be found here.  Available resource options are disk, memory or vCPU.   You can live-resize the VM based on any combination of the resource types.
    • Add CPU resources to the virtual machine
    • Add memory resource to the virtual machine.
    • Increase virtual disk size of the virtual machine
    • Add CPU and Memory, CPU and Disk, or Memory and Disk
    • Increase CPU, Memory, and Disk
    • Hot removal of CPU/Memory not supported
  2. If a resized VM exceeds the capacity of a host, VMware DRS can move the VM to another host within the cluster where resources are available.  DRS is simple to configure and extremely powerful.  My colleague Mathew Mayer wrote an excellent blog on Load balancing vSphere Clusters with DRS, be sure to take a look.
  3. Image Metadata updates for disk resize:
    • Linked clone must set to false.  This is because vCenter cannot live resize linked cloned disks
    • Disk adapter must be Non-IDE.  This is because IDE disks do not support hot-swap/add.

See diagram below:

 

 

 

 

 

 

 

 

 

 

4). VMware supports memory resize of 4G and above.  Resize below 4G should work in most cases, but not officially supported by VMware.

Live-resize Example Workflow:

Step 1). Upload image:

openstack image create –disk-format vmdk –container-format ova –property vmware_ostype=”ubuntu64Guest”  –property os_live_resize=vcpu,memory,disk –-property img_linked_clone=false –file ./xenial-server-cloudimg-amd64.ova <some name>

Step 2). Disable linked clone (if using default VIO 4.0 bundled in 16.0.4 cloud image):

openstack image set –property img_linked_clone=false <some name>

Step 3). Boot a VM:

openstack server create –flavor m1.medium –image <some name>  –nic net-id=net-uuid resize_vm

Step 4). Resize to the next flavor:

openstack server resize –flavor m1.large <resize_VM>

Step 5). Confirm resize:

openstack server resize –confirm <server>

Step 6). SSH to the VM and run the scripts below to bring the new resources online in the guest OS.

  • Memory online

“for i in `grep offline /sys/devices/system/memory/*/state | awk -F / ‘{print $6}’ | awk -F y ‘{print $2}’`; do echo “bring memory$i online”; echo online >/sys/devices/system/memory/memory$i/state; done”

  • CPU online:

https://communities.vmware.com/docs/DOC-10493

Simplify your NFV workloads by levering industry’s most stable and battle-tested OpenStack distribution.  Instead of re-architect your virtual network and security to enable horizontal scaling, live-resize it!  It’s simple and hitless.   Download 60-day evaluation now and get started, or try out VIO 4.0 based VMware Integrated OpenStack Hands-on Lab, no installation required.

Leverage OpenStack for your Production Workloads

In my previous blog I wrote about VMware’s involvement in open source. The proliferation of open source projects in recent years has influenced how people think about technology, and how technology is being adopted in organizations, for a few reasons. First, open source is more accessible – developers can download projects from github to their laptops and quickly start using them. Second, open source delivers cutting edge capabilities, and companies leverage that to increase the pace of innovation. Third, developers love the idea that they can influence, customize and fix the code of the tools they’re using.  Many companies are now adopting the “open source first” strategy with the hope that they will not only speed up innovation but also cut costs, as open source is free.

However, while developers increasingly adopt open source, it often doesn’t come easy to DevOps and IT teams, who carry the heavy burden of bringing applications from developer laptop to production. These teams got to think about stability, performance, security, upgrades, patching and the list goes on. In those cases, enterprises are often happy to pay for an enterprise-grade version of the product, for which all those things mentioned are already taken care of.

When applications are ready to move to production…

OpenStack is a great example. Many organizations are keen to run their applications on top of an open source platform, also known to be the industry standard. But that doesn’t come without deployment and manageability challenges. That’s where VMware provides more value to customers.

VMware Integrated OpenStack (VIO) makes it easier for IT to deploy and run an OpenStack cloud on top of their existing VMware infrastructure. Combining VIO with the enterprise-grade capabilities of the VMware stack provides customers with the most reliable and production ready OpenStack solution. There are three key reasons for this statement: a) VMware provides best-of-breed, production ready OpenStack-compatible infrastructure; b) VIO is fully tested for both – business continuity and compatibility; and c) VMware delivers capabilities for day 2 operations. Let me go into details for each of the three.

Best-of-breed OpenStack-compatible infrastructure

First, VMware Integrated OpenStack is optimized to run on top of VMware Software Defined Data Center (SDDC), leveraging all the enterprise-grade capabilities of VMware technologies such as high availability, scalability, security and so on.

  • vSphere for Nova Compute: VIO takes advantage of vSphere capabilities such as Dynamic Resource Scheduling (DRS) to achieve optimal VM density and vMotion to protect tenant workloads against failures.
  • VMware NSX for Neutron: advanced networking services with massive scale and throughput, and with rich set of capabilities such as private networks, floating IPs, logical routing, load balancing, security groups and micro-segmentation.
  • VMware vSAN/3rd party storage for Cinder/Glance: VIO works with any vSphere-validated storage (we have the largest hardware compatibility list in the industry). VIO also brings Advanced Storage Policies through VMware vSAN.

Battle hardened and tested

OpenStack can be deployed on many combinations of storage, network, and compute hardware and software, and from multiple vendors. Testing all combinations is a challenge and often times customers who choose the DIY route will have to test their combination of hardware and software for production workloads. VMware Integrated OpenStack, on the other hand, is battle-hardened and tested against all VMware virtualization technologies to ensure the best possible user experience from deployment to management (upgrades, patching, etc.) to usage. In addition, VMware provides the broadest hardware compatibility coverage in the industry today (that has been tested in production environments).

Key capabilities for Day-2 Operations

VMware Integrated OpenStack brings operations capabilities to OpenStack users.  For example, built-in command line interface (CLI) tools enable you to troubleshoot and monitor your OpenStack deployment and the status of OpenStack services. Pre-defined workflows automate common OpenStack operations such as adding/removing capacity, configuration changes, and patching.

In addition, out-of- the-box integrations with vRealize Operations, vRealize Log Insight, and vRealize Business for Cloud provide monitoring, troubleshooting, and cost visibility for your OpenStack infrastructure.

Finally, to add to all of this, another benefit is that our customers only have one vendor and support number to call to in case of a problem. No finger pointing, no need to handle different support plans. Easy!

To learn more, visit the VIO web page and product feature walkthrough.

VMware, Open Source and OpenStack

Last week at VMworld, VMware’s biggest event of the year, I attended a few sessions with various topics related to open source, and was impressed with the number of people who showed interest those sessions. Our customers are looking to leverage open source products on top of VMware technologies, and VMware is more active in the open source community than one might think.

Source: https://vmware.github.io/

We, at VMware, use open source in our products, make thousands of contributions every year to many upstream projects, and create new open source projects that are being used by many. Some of the open source projects created by VMware include:

And the list goes on. You can learn about additional projects here. VMware’s investment in open source makes a lot of sense when you think about it. First, we would like to influence and engage with our customers, who might be looking at open source projects to improve the way they do stuff (see Clarity for example). Second, we would like to improve our products and tools based on feedback and support from the community. And lastly, a lot of growth is happening at the edge of the technology and we want to leverage the opportunity.

One of the most important open source projects VMware is involved in is OpenStack. At VMworld last week, we announced our new release of VMware Integrated OpenStack, the OpenStack distribution from VMware. In the last few years we have been working hard to deliver an OpenStack distribution that would seamlessly work on VMware SDDC, without you having to spend hours on customization or professional services.

History of Working with the OpenStack Community

VMware has a history of open source contributions to the OpenStack community starting in 2010.  Initially it was via the Nicira team’s work on Open vSwitch (OVS) (Niciria was acquired by VMware).  Later, it was via other projects including Nova, Neutron, Cinder, Glance and Ceilometer. We are the #1 contributor to the Neutron project, and the #6 contributor to the Nova project. In addition, we share all the Compute, Network, and Storage drivers with the community.

Source: http://stackalytics.com/

Compliance with Interop Working Group guidelines

VMware Integrated OpenStack complies with the interoperability guidelines defined by the OpenStack Interop Working Group. This group drafts the guidelines that include a list of capabilities that a “true OpenStack” cloud must expose to end users, a list of tests they must pass in order to prove it, and a list of designated sections of the upstream codebase they must use to provide those capabilities. For example, automation tools that leverage the OpenStack APIs should work on VMware Integrated OpenStack as they would on any other OpenStack distribution. Interoperability prevents vendor lock-in because it allows you to easily switch from your current OpenStack deployment to a different vendor’s distribution.

One area where developers may have been concerned in the past is image formats, since the VMware platform currently utilizes OVA, VMDK, and ISO disk formats with Glance.  However, tools exist to convert from other formats to the formats we have adopted (for example: qemu-img to convert qcow2 to VMDK). In addition, significant community work in the area of image building with projects like Diskimage Builder and Packer enables users to auto-generate a VMware-compatible image relatively quickly.

VMWare is committed to keeping VMware Integrated OpenStack open by ensuring all its drivers are open source, ensuring vendor interoperability based on InterOp Working Group guidelines as well as being a very active participant in the OpenStack community.

To learn more, visit the VIO web page and product feature walkthrough.

VMware Integrated OpenStack 4.0: What is New

VMware announced VMware Integrated OpenStack 4.0 Data Center edition at VMworld in Las Vegas.  We are truly excited about our latest OpenStack distribution that gives our customers the new features and enhancements included in the Ocata release, with a bundled Container platform option included. For OpenStack cloud admins, the 4.0 Data Center edition is also about enhanced platform performance and manageability, increased scale and advanced networking.

 

 

 

 

 

 

 

 

 

 

New Features Include:

OpenStack Features available in Newton + Ocata:

VIO 4.0 is based on the upstream Ocata release.  Ocata is the first release in which Cells v2 is the default deployment configuration for OpenStack Nova, a single Cell is supported in Ocata.  Cell support enables future scale out of an OpenStack cloud in a more distributed fashion.  The placement service, introduced in the Newton release, is now an essential part of VIO 4.0 in determining the optimum placement of VMs. Not to be mistaken with VMware DRS, the OpenStack placement service allows a cloud admin set up pools of resources, and then set up allocations for resource providers. VM placement policies can be built on top of those resources for optimal placement of VMs (Additional blogs to follow).

New capabilities in OpenStack Horizon include: enhanced workload placements, LBaaSv2 and Heat template versions to name a few. Heat template versions provide user with a list of available template versions and functions for a particular template version.

Resource tagging, Cinder availability zones, enhanced Cinder snapshots, and Heat templates with conditions are some of the other notable enhancements available from upstream release in VIO 4.0 release.

vRealize Automation Integration

Another great example of VMware empowers customers to leverage existing investment in infrastructure management and tooling. Integration provides enterprise customers the ability to consume VIO resources with governance. Using vRA XaaS blueprints, a cloud admin can automate OpenStack user and project creation, governance based Heat template deployment or other common aspects of VIO consumption through vRA governance. Once OpenStack resources are on-boarded, vRA integration allows cloud admins and users to view the VIO Horizon dashboard directly from the vRA portal using SSO integration with vIDM.

Networking Advanced Capabilities

VIO 4.0 greatly simplifies network addressing and reachability management leveraging dynamic routing.  Instead of relying on NAT to provide address uniqueness, cloud admins can leverage Neutron address pools or get-me-a-network feature to define a scope of unique addresses spaces.  Tenants needing unique address space can allocate subnets from this pool without worrying about overlapping with another tenant.  With BGP routing, another VIO 4.0 new feature, cloud admin can enable end-to-end connectivity dynamically without managing low-level static routes.

Enhanced Neutron availability zone support allows OpenStack tenants to place NSX ESG workloads to different physical clusters, across different racks for increased availability.  Finally, Firewall-as-a-Service and guest VLAN tagging are some of the other major Neutron enhancements.

Enhanced Platform Support

We are extremely proud of multi-vCenter support in VIO 4.0.  Multi-VC support with NSX-T allows VIO customers the ability to define multiple fault/availability zones, avoiding single point of failure.  Multi-VC can also be used for scaling out VIO by adding more vCenters upon reaching concurrency or total object limits.

Enterprise workloads require both horizontal and vertical scaling.  While horizontal scaling is made simple through Heat or Terraform, vertical scaling often requires downtime/outage window.  With VIO 4.0, cloud admins can offer Glance images that support live resize: OpenStack tenants can increase CPU, Memory, and disk of their virtual machine without VM powering down.  VIO 4.0 also provides increased resiliency with vCenter HA and LVM support on the OMS server to allow flexible storage growth.

Enterprise Grade Container

Finally, VIO offers enterprise grade Kubernetes with built in security, HA and scale (up or down).  Out of box, VIO provides Cloud Admins with simplified day 1 deployment automation for Kubernetes with multi-tenancy and user management.  Once deployed, VIO Kubernetes integrates easily with SDDC vRealize suite of products solving day 2 operational challenges in container life cycle Management, monitoring and logging.  Persistent storage, load balancing and container networking powered by VMware NSX are also standard out of box.

Adopting agile processes is a key driver to help business digitally transform.  It is changing not only the way applications are coded, but also the process they are built and operated.  In the new DevOps driven era, infrastructure admins and developers are solving the same problem – faster time to value.  VIO 4.0 is the answer for any organization looking to digitally transform their business.

VIO 4.0 Data Center edition will enable DevOps teams to build and deliver:

  • Container based micro-services, in addition to traditional VM based workloads
  • End-to-end infrastructure automation leveraging existing tools
  • OpenStack deployment scale out using multi-VC, OpenStack placement API and Cells v2
  • Advanced Neutron and container networking to simplify addressing and reachability while ensuring application security
  • Solving Day 2 operational challenges in Infrastructure life cycle management

Supported by the most rock solid VMware SDDC Infrastructure, VIO enables businesses faster time to value.

Try VMware Integrated OpenStack Today

Take a free test drive, no installation required, with the VMware Integrated OpenStack Hands-on Lab.  Try out the latest VIO 4.0 HOL If you are attending VMworld Vegas or Barcelona.

 

Introducing VMware Integrated OpenStack 4.0

We’re excited to announce the new release of VMware Integrated OpenStack 4.0 today at VMworld US 2017, as part of the VMware SDDC story. You can read more about it here.

VMware Integrated OpenStack (VIO) is an OpenStack distribution supported by VMware, optimized to run on top of VMware’s SDDC infrastructure. In the past few months we have been hard at work, adding additional enterprise grade capabilities into VIO, making it even more robust, scalable and secure, yet keeping it easy to deploy, operate and use.

VMware Integrated OpenStack 4.0 is based on Ocata, and some of the highlights include:

Containers support – users can run VMs alongside containers on VIO. Out-of-the-box container support enables developers to consume Kubernetes APIs, leveraging all the enterprise grade capabilities of VIO such as multi-tenancy, persistent volumes, high availability (HA), and so on.

Integration with vRealize Automation – vRealize Automation customers can now embed OpenStack components in blueprints. They can also manage their OpenStack deployments through the Horizon UI as a tab in vRealize Automation. This integration provides additional governance as well as single-sign-on for users.

Multi vCenter support – customers can manage multiple VMware vCenters with a single VIO deployment, for additional scale and isolation.

Additional capabilities for better performance and scale, such as live resize of VMs (changing RAM, CPU and disk without shutting down the VM), Firewall as a Service (FWaaS), CPU pinning and more.

Our customers use VMware Integrated OpenStack for a variety of use cases, including:

Developer cloud – providing public cloud-like user experience to developers, as well as more choice of consumption (Web UI, CLI or API), self-service and programmable access to VMware infrastructure. With the new container management support, developers will be able to consume Kubernetes APIs.
IaaS platform for enterprise automation – adding automation and self-service provisioning on top of best-of-breed VMware SDDC.
Advanced, programmable network – leveraging network virtualization with VMware NSX for advanced network capabilities.

Our customers tell us (consistently) that VIO is easy to deploy (“it just worked!”) and manage. Since it’s deployed on top of VMware virtualization technologies, they are able to deploy and manage it by themselves, without hiring new people or professional services. Their development and DevOps teams like VIO because it gives them the agility and user experience they want, with self-service and standard OpenStack APIs.

In most cases, in a short amount of time (few weeks!) customers trust VIO enough to run their business-critical applications, such as e-commerce website or online travel system, in production.

VMware Integrated OpenStack will be available as a standalone product later this quarter. For more information go to our website, check out the product walkthrough and try out the hands-on lab.

If you are attending VMworld, please stop by our booth (#1139) to see demos and speak with OpenStack specialists. We’re looking forward to seeing you!

OpenStack Sessions at VMworld 2017 Las Vegas

Don’t Miss Out!

VMworld 2017 Las Vegas is just around the corner and we can’t wait to meet our customers and partners, and explore all the great sessions, workshops and activities planned for next week. With over 500 sessions across all categories, it may be overwhelming to understand which sessions are most beneficial for you. Here is the list of all the OpenStack related session, make sure you register and mark your calendar in advance so you don’t miss out!

In addition, make sure to stop by the VMware Integrated OpenStack (VIO) booth (#1139) to learn more and see a demo or two.

When/Where

Description

Monday, Aug 28, 11:30 a.m. – 1:00 p.m. | South Pacific Ballroom, Lower Level, HOL 5

[ELW182001U] VMware Integrated OpenStack (VIO) – Getting Started Workshop
Monday, Aug 28, 1:00 p.m. – 2:00 p.m. | Islander C, Lower Level

[MGT2609BU] VMware Integrated OpenStack: What’s New
It is not OpenStack or VMware; it is OpenStack on VMware.
Come and learn what is new in VMware Integrated OpenStack and our plans for the future of OpenStack on the software-defined data center.
Monday, Aug 28, 2:00 p.m. – 3:00 p.m. | Islander F, Lower Level

[LDT1844BU] Open Source at VMware: A Key Ingredient to Our Success and Yours
Open-source components are part of practically every software product or service today. VMware products are no exception. And increasingly, IT departments are presented with many application roll-out requests that include large open-source components as part of the infrastructure on which they rely. From OpenStack to Docker to Kubernetes and beyond, open source is a reality of the enterprise environment. VMware is investing in open source both as a user of many components (and contributor to many of those projects) and as a creator of many successful open-source projects such as Open vSwitch, Harbor, Clarity, and many more. This session will talk about the what, the why, and the how of our engagement in open source: our vision and strategy and why all this is critically important for our customers.
Monday, Aug 28, 3:15 p.m. – 4:00 p.m. | Meet the Experts, 2nd floor foyer, Table #5 Wednesday, Aug 30, 2:15 p.m. – 3:00 p.m. | Meet the Experts, 2nd floor foyer, Table #5 Thursday, Aug 31, 11:45 a.m. – 12:30 p.m. | Meet the Experts, 2nd floor foyer, Table #5

[MTE4733U] Implementing OpenStack with VIO
Meet Xiao Gao, VMware Integrated OpenStack expert. Bring your questions!
Tuesday, Aug 29, 12:15 p.m. – 1:00 p.m. | Meet the Experts, 2nd floor foyer, Table #7

[MTE4803U] OpenStack in the Enterprise with Marcos Hernandez
Speak with Expert Marcos Hernandez about the benefits of running OpenStack in private Cloud environments.
Tuesday, Aug 29, 4:00 p.m. – 5:00 p.m. | Oceanside D, Level 2

[MGT1785PU] OpenStack in the Real World: VMware Integrated OpenStack Customer Session
More and more customers are looking to leverage OpenStack to add automation and provide open API to their application development teams. In this session, VMware Integrated OpenStack customers will share their OpenStack journey and the benefits VMware Integrated OpenStack provides to development teams and IT.
Tuesday, Aug 29, 4:00 p.m. – 4:15 p.m. | VMvillage – VMTN Community Theater

[VMTN6664U] Networking and Security Challenges in OpenStack
CloudsDecided it’s time to implement OpenStack to build your Cloud? Have you tested in the lab, evaluated the various distributions available, and hired a specialized team for OpenStack? However, when it arrives the time to put into production Neutron is not integrating with your physical network? If the above story closely resembles what you have been facing, this TechTalk is critical for you to understand the challenges of Networking and Security with any OpenStack distribution and what solutions are missing for your Cloud to fully works. NOTE: Community TechTalk taking place in VMvillage.
Tuesday, Aug 29, 5:30 p.m. – 6:30 p.m. | Mandalay Bay Ballroom B, Level 2

[NET1338BU] VMware Integrated OpenStack and NSX Integration Deep Dive
OpenStack offers a very comprehensive set of Network and Security workflows provided by a core project called Neutron. Neutron can leverage VMware NSX as a backend to bring advanced services to the applications owned by OpenStack. In this session we will cover the use cases for Neutron, and the various topologies available in OpenStack with NSX, with a focus on security. We will walk you through a number of design considerations leveraging Neutron Security Groups and the NSX Stateful Distributed Firewall integration, along with Service Chaining in NSX for Next Generation Security Integration, all available today.
Wednesday, Aug 30, 8:00 a.m. – 9:00 a.m. | Surf A, Level 2

[FUT3076BU] Simplifying Your Open-Source Cloud With VMware
Open source or VMware? Clearly, you can’t have both, right? Wrong. As open-source, cloud-based solutions continue to evolve, IT leaders are challenged with the adoption and implementation of large-scale deployments such as OpenStack and network function virtualization from both a business and technical perspective. Learn how VMware’s solutions can simplify existing open-source innovation, resulting in new levels of operations, standardization (app compatibility), and delivery of enterprise support.
Wednesday, Aug 30, 2:00 p.m. – 3:00 p.m. | Surf A, Level 2

[FUT1744BU] The Benefits of VMware Integrated OpenStack for Your NFV Platform
Communication Service Providers (CSPs) embracing network functions virtualization (NFV) are building platforms with three imperatives in mind: service agility, service uptime and platform openness. These capabilities require the cloud platform they choose to be able to easily model, deploy and modify a service, to run it on a tightly-integrated robust virtual infrastructure and migrate the service horizontally across cloud platforms when/if needed. Come to this session to learn about VIO, a VMware-supported OpenStack (OS) distribution, at the heart of the VMware NFV platform and how it can help CSPs meet those requirements. We will look in detail at the role of VIO as virtual infrastructure manager as well as its native integration with the other components of the VMware software-defined data center architecture (vSphere, NSX and VSAN).
Thursday, Aug 31, 10:45 a.m. – 11:30 a.m. | Meet the Experts, 2nd floor foyer, Table #8

[MTE4832U] How VMware IT Operates VMware integrated OpenStack
with Cloud Architect Chris Mutchler
Learn from VMware IT’s implementation of VMware’s Integrated OpenStack.

VMware Integrated OpenStack Glance Image Best Practices

A production cloud isn’t very efficacious unless users have the ability to run virtual machine images required by their application.  A cloud image is a single file that contains a virtual disk that has an operating system.  For many organizations, the simplest way to obtain a virtual machine image is to download a prebuilt base cloud image with a pre-packaged version of cloud-init to support user-data injection.  Once downloaded, an organization would leverage tools such as Packer to further customize and harden on top of the base image before rolling to production.  Most operating system projects and vendors maintain official images for direct download.  Openstack.org maintains a list of most commonly used images here.

 

 

 

 

 

 

 

 

 

Recently we received some queries about the proper way to import prebuilt QCOW2 native cloud images into VMware Integrated OpenStack.  Images import correctly, but would not successfully boot.  Common symptoms are “no Operating System found” messages generated by the virtual machine’s BIOS, the guest OS hanging during the boot cycle, or DHCP failure when trying to acquire an IP address.  After further analysis, problems were either caused by older upstream tooling or simple adjustments required in the cloud image to match the vSphere environment.  Specifically:

  • Some storage vendors need StreamOptimized image format.
  • Guest Images are attempting to write boot log to ttyS0, but the serial interface is not available on the VM.
  • Defects in earlier versions of the qemu-img tool while creating streamOptimized images.
  • DHCP binding failure caused by Predictive Network Interface Naming.

To overcome these issues, we came up with the following set of best practices to help you simplify the image import process.  I thought it would be a good idea to share our recommendations so others can avoid running into similar issues.

1). VIO 3.x and earlier, serial console output is not enabled.  When booting an image that requires serial console support, use libguestfs to edit the grub.cfg and remove all references to “console=ttyS0”.  Libguestfs provides a suite of tools for accessing and editing VM disk images.  Once installed the “guest mount” command-line tool can be used to mount qcow2 based images.  By default, the disk image mounts in read-write mode.  More info on Libguestfs here.

# guestmount -a xxx-cloudimg-amd64.img -m /dev/sda1 /mnt

# vi /mnt/boot/grub/grub.cfg

# umount mnt

See below screen Capture:

 

 

 

 

 

 

2). VMware vSAN requires all images to be in streamOptimized format.  When converting to VMDK format, use the –o flag to specify the subformat as streamOptimized:

# qemu-img convert -f qcow2 -O vmdk -o subformat=streamOptimized -o adapter_type=lsilogic xxx-server-cloudimg-amd64.img xxx-server-cloudimg-amd64.vmdk ; printf ‘\x03’ | dd conv=notrunc of=xxx-server-cloudimg-amd64.vmdk bs=1 seek=$((0x4))

A few additional items to call out:

  • “lsilogic” is the recommended adapter type.  Although it is possible to set the adapter type during image upload into glance, we recommend as a good practice to always set the adapter type as part of the image conversion process.
  • Older versions of the qemu-img tool contain a bug that causes problems with the streamOptimized subformat.  The following command can be run after converting an image to correct the problem: printf ‘\x03’ | dd conv=notrunc of=xxx-server-cloudimg-amd64.vmdk bs=1 seek=$((0x4)).   It is harmless to execute the printf even if you’re using a version of qemu-tools that has the fix: all the command does is set the VMDK version to “3” which correct version of qemu-img will already have done.  If you are not sure what version of qemu-tools you have, apply the printf command.

3). In the case of CentOS, Udev rule ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules as part of the image bundle is ignored during CentOS image boot up and Predictable Network Interface Naming is enabled as a result.  Our recommendation is to disable predictive naming using grub.  You can find more information on my previous blog.

4). Finally, with Cirros QOCW image, preserve the adapter type as ‘ide’ during the QCOW2 to VMDK conversion process.  There’s currently an upstream bug open.

# qemu-img convert –f qcow2 –O vmdk /var/www/images/cirros-0.3.5-x86_64-disk.img /var/www/images/cirros-0.3.5-x86_64-disk.idk.vmdk

qemu-img defaults to IDE if no adapter type is specified.

Once converted, you can look into the image metadata and validate information such as disk and image type before uploading into Glance image repository.  Image metadata can be viewed by display the first 20 lines of the VMDK

# cat xxx-server-cloudimg-amd64.vmdk | head -20

You can add the newly converted image into glance using OpenStack CLI or Horizon.  Set the public flag when ready for end user consumption.

OpenStack CLI:

# openstack image create –disk-format vmdk –public –file ./xxx-server-cloudimg-amd64.vmdk –property vmware_adaptertype=’lsiLogic’ –property vmware_disktype=’streamOptimized’ <Image display name>

Horizon:

 

 

 

 

 

 

 

 

 

 

Your cloud is as useful as the application and virtual machine images you can support.  By following above simple best practice guidelines, you will deliver a better user experience to your end users by offering more Virtual machine varieties with significantly reduced lead time.

Visit us at VMworld in Las Vegas; we have a large number of Demo and speaking sessions planned:

MGT2609BU:  VMware Integrated OpenStack 4.0: What’s New
MGT1785BU:  OpenStack in the Real World: VMware Integrated OpenStack Customer Panel
NET1338BU:  VMware Integrated OpenStack and NSX Integration Deep Dive
FUT3076BU:  Simplifying Your Open-Source Cloud With VMware
LDT2834BU:  Running Hybrid Applications: Mainframes to Containers
SPL182001U:  VMware Integrated OpenStack (VIO) – Getting Started
ELW182001U: VMware Integrated OpenStack (VIO) – Getting Started
SPL188602U: vCloud Network Functions Virtualization – Advanced Topics
LDT1844BU: Open Source at VMware: A Key Ingredient to Our Success and Yours

OpenStack Boston Summit VMware Sessions Recap

Watch below to experience VMware’s Speaker Sessions at this year’s OpenStack Summit in Boston!


OpenStack & VMware Getting the Best of Both

Speaker: Andrew Pearce

Come and understand the true value to your organization of combining Openstack and VMware. In this session you will understand the value of having a defcore / Openstack powered solution to enable your developers to provision IaaS, in a way that they want, using the tools that they want. In addition you will be able to enable your operations team to continue to utilize the tools, resources and methodology that they use to ensure that your organization has a production grade environment to support your developers.Deploying Openstack, and getting the advantages of Openstack does not need to be a rip and replace strategy. See how other customers have had their cake and eat it.


OpenStack and VMware: Enterprise-Grade IaaS Built on Proven Foundation

Speakers: Xiao Hu Gao & Hari Kannan 

Running production workloads on OpenStack requires a rock solid IaaS running on a trusted infrastructure platform. Think about upgrading, patching, managing the environment, high availability, disaster recovery, security and the list goes on. VMware delivers a top-notch OpenStack distribution that allows you all of the above and much more. Come to this session to see (with a demo) how you can easily and quickly deploy OpenStack for your dev test as well as production workloads.


Is Neutron Challenging to You? Learn How VMware NSX is the Solution for Regular OpenStack Network & Security Services and Kubernetes

Speakers: Dmitri Desmidt, Yves Fauser

Neutron is challenging in many aspects. The main ones reported by OpenStack admins are: complex implementation of network and security services, high-availability, management/operation/troubleshooting, scale. Additionally, with new Kubernetes and Containers deployments, security between containers and management of container traffic is a new headache. VMware NSX offers a plugin for all Neutron OpenStack installations for ESXi and KVM hypervisors. Learn in this session with multiple live demos how VMware NSX plugin resolves all the Neutron challenges in an easy way.


 Digital Transformation with OpenStack for Modern Service Providers

Speakers: Misbah Mahmoodi, Kenny Lee

The pace of technological change is accelerating at an exponential rate. With the advent of 5G networks and IoT, Communications Service Providers success depends not only on their ability to adapt to changes quickly but to do so faster than competitors. Speed is the of the essence in developing new services, deploying them to subscribers, delivering a superior Quality of Experience, and increasing operational efficiency with lowered cost structures. For CSPs to adapt and remain competitive, they are faced with important questions as they explore the digital transformatVMwareion of their business and infrastructure, and how they can leverage NFV, and OpenStack and open hardware platforms to accelerate change and modernization.


Running Kubernates on a Thin OpenStack

Speakers: Mayan Weiss & Hari Kannan 

Kubernetes is leading the container mindshare and OpenStack community has built integrations to support it. However, running production workloads on Kubernetes is still a challenge. What if there was a production ready, multi-tenant K8s distro? Dream no more. Come to this session to see how we adapted OpenStack + K8s to provide container networking, persistent storage, RBAC, LBaaS and more on VMware SDDC.


OpenStack and OVN: What’s New with OVS 2.7

Speakers: Russel Bryant, Ben Pfaff, Justin Pettit

OVN is a virtual networking project built by the Open vSwitch community.
OpenStack can make use of OVN as its backend networking implementation
for Neutron. OVN and its Neutron integration are ready for use in OpenStack
deployments.

This talk will cover the latest developments in the OVN project and the
latest release, part of OVS 2.7. Enhancements include better performance,
improved debugging capabilities, and more flexible L3 gateways. 
We will take a look ahead the next set of things we expect to work on for
OVN, which includes logging for OVN ACLs (security groups), encrypted
tunnels, native DNS integration, and more.

We will also cover some of the performance comparison results of OVN
as compared with the original OVS support in Neutron (ML2/OVS). Finally, 
we will discuss how to deploy OpenStack with OVN or migrate an existing
deployment from ML2/OVS to OVN.


DefCore to Interop and Back Again: OpenStack Programs and Certifications Explained

Speakers: Mark Voelker & Egle Sigler

Openstack Interop (formerly DefCore) guidelines have been in place for 2 years now, and anyone wanting to use OpenStack logo must pass these guidelines. How are guidelines created and updated? How would your favorite project be added to it? How can you guarantee that your OpenStack deployment will comply with the new guidelines? In this session we will cover OpenStack Interop guidelines and components, as well as explain how they are created and updated.


Senlin: An ideal Bridge Between NFV Orchestrator and OpenStack

Speakers: Xinhui Li, Ethan Lynn, Yanyan Hu

Resource Management is a top requirement in NFV field. Usually, the Orchestrator take the responsibility of parsing a virtual network function into different virtual units (VDU) to deploy and operate over Cloud. Senlin, positioned as clustering resource manager since the born time, can be the ideal bridge between NFV orchestrator with OpenStack: it uses a consolidate model which is directly mapped to a VDU to interact with different backend services like Nova, Neutron, Cinder for compute, network and storage resources per Orchestrator’s demand; it provides rich operational functions like auto-scaling, load-balancing and auto healing. We use a popular VIMS typed VNF to illustrate how to easily deploy a VNF on OpenStack and manage it in a scalable and flexible way.


High Availability and Scalability Management of VNF

Speakers: Haiwei Xu, Xinhui Li, XueFeng Liu

Now network function virtualization (NFV) is growing rapidly and widely adopted by many telcom enterprises. In openstack Tacker takes the responsibility of building a Generic VNF Manager (VNFM) and a NFV Orchestrator (NFVO) to deploy and operate Network Services and Virtual Network Functions (VNFs) on the infrastructure platform. For the VNFs which can work as a loadbalancer or a firewall, Tacker needs to consider the availability of each VNF to ensure they are not overloaded or out of work. To prevent VNFs from being overloaded or down, Tacker need to make VNFs HA and auto-scaling. So in fact the VNFs of certain function should not be a single node, but a cluster.

That comes out a problem of cluster managing. In OpenStack environment there is a Clustering service called Senlin which provides scalability management and HA functions for the nodes, those features are exactly fit for Tacker’s requirement.

In this talk we will give you a general introduction of this feature.


How an Interop Capability Becomes Part of the OpenStack Interop Guidelines

Speakers: Rochelle Grober, Mark Voelker, Luz Cazares

OpenStack Interop Working Group (formerly DefCore) produces the OpenStack Powered (TM) Guidelines (a.k.a. Interoperability Guidelines). But, how do we decide what goes into the guideline? How do we define these so called “Capabilities”? And how does the team “score” them? Attend this session to learn what we mean by “Capability”, the requirements a capability must meet, the process the group follows to grade those capabilities… And, you know what, lets score your favorite thing live.


OpenStack Interoperability Challenge and Interoperability Workgroup Updates: The Adventure Continues

Speakers: Brad Topol, Mark Voelker, Tong Li

The OpenStack community has been driving initiatives on two sides of the interoperability coin: workload portability and API/code standards for OpenStack Powered products. The first phase of the OpenStack Interoperability Challenge culminated with a Barcelona Summit Keynote demo comprised of 16 vendors all running the same enterprise workload to illustrate that OpenStack enables workload portability across OpenStack clouds. Building on this momentum for its second phase, the multi-vendor Interop Challenge team has selected new advanced workloads based on Kubernetes and NFV applications to flush out portability issues in these commonly deployed workloads. Meanwhile, the recently formed Interop Working Group continues to roll out new Guidelines, drive new initiatives, and is considering expanding its scope to cover more vertical use cases. In this presentation, we describe the progress, challenges, and lessons learned from both of these efforts.