openstack team mailing list archive
Mailing list archive
Re: XCP and Openstack questions
> -----Original Message-----
> From: openstack-bounces+ewan.mellor=citrix.com@xxxxxxxxxxxxxxxxxxx
> On Behalf Of Thomas Goirand
> Sent: 12 January 2012 08:56
> To: Todd Deshane; openstack@xxxxxxxxxxxxxxxxxxx
> Subject: [Openstack] XCP and Openstack questions
> Hi Todd, and other openstackers,
> With the release of XCP 1.3-15 in Debian SID (which I uploaded 4 days
> ago), we have a python-xenapi package, and I already modified nova to
> build-depends on it, and nova-compute-xen to depends on it. I've tested
> it, and it works. However, all this is for the moment only in the git
> alioth.debian.org, where we keep all our packaging work in Debian.
> I already started writing a README.xcp_and_openstack to document how to
> do an Openstack + XCP setup.
Thanks for doing this! Your hard work is very much appreciated.
> However, there's still a lot that I don't know, and I'd be delighted to
> get help. Let me enumerate my issues.
> 1/ Networking
> I'm unsure what network manager will work with XCP. On this page:
> it's written to use:
> But would the VLan manage work? Also, should I use openvswitch? If yes,
> how does this work?
Flat, VLAN, and the various HA modes should all work. Flat is by far the simplest for getting started with though.
Open vSwitch would be a good idea. It's what we use on XenServer 6.0 onwards, so it's well tested. Is it packaged for Sid? If you have the Open vSwitch components installed in domain 0, then there are a few scripts that wrap around it to set up the isolation rules used in flat mode. These are in nova/plugins/xenapi/networking.
> Does OpenStack + XCP still use nova-network? Is all traffic for the VMs
> routed through it as with KVM and libvirt? Should I still create a
> bridge on the nova-network domU?
It depends on which network mode you're using. If you're using the HA modes, then yes, traffic goes through nova-network. In flat mode it will come directly to domain 0 and the vSwitch.
Devstack has all of the domU setup for HA networking -- see https://blueprints.launchpad.net/nova/+spec/xenapi-ha-nova-network.
> How does Openstack injects IP addresses in an XCP VM? Can this even be
It talks to an in-guest agent, typically. It writes it to XenStore, and then this is picked up by the agent inside the VM. I can't see any reason why this would be any different on XCP -- it should work exactly the same as it does on XenServer.
> Should I use dnsmaq on my nova domU?
I don't think you need it. There's a comment in devstack that says that the dnsmasq packages are needed for dhcp_release though, so you may want to make sure that you have that at least.
> I did:
> nova-manage network create private 10.0.0.0/8 1 64
> That seem to work. Now, how would I do to add a single, public, IP
> address, and assign it to a VM?
I'm not sure, but I think you're asking about this: http://docs.openstack.org/diablo/openstack-compute/admin/content/associating-public-ip.html.
Security groups have only recently been implemented for XenAPI: https://blueprints.launchpad.net/nova/+spec/xenapi-security-groups. That got merged less than two weeks ago.
> 2/ Images
> What are OVF images? How to generate it? Where to download some?
They can be exported from XenServer using XenCenter. VMware have a tool too, but I expect that those that VMware generate won't work with OpenStack yet, because they'll use VMDK for the disk images, and I'd be surprised if OpenStack can handle that.
You don't need them -- raw images should work fine.
> 3/ Console
> on the same wiki page, it tells about using VNC. While this does work,
> didn't have access to the login prompt. What's the way, if using
> openstack, to tell that the console is hvc0 (or whatever is the Xen
> console device name)?
That's dependent on the in-guest setup. I think on latest Sid you'll need to have an entry in /etc/init/hvc0.conf, similar to this:
start on stopped rc RUNLEVEL=
stop on runlevel [!2345]
exec /sbin/getty -L hvc0 9600 linux
> Then, what's the normal way to access to the console, without using
> hack (eg: customers obviously, wouldn't have ssh access to the dom0 in
> order to do port forwarding)?
Anthony Young at Rackspace has recently reworked all of this. It should be the same on XenAPI and KVM now. https://review.openstack.org/#change,2949. That went in last week.
> For the moment, I have this:
> root@GPLHost:openstack>_ ~# euca-get-console-output i-00000002
> FAKE CONSOLE OUTPUT of instance
> I'd like to have something better than a "FAKE CONSOLE"! :)
That still needs to be implemented. Now that Anthony has done a lot of the heavy lifting on the VNC console side, getting text consoles done too shouldn't be too hard.