Brainstorming session for agents support in Nova code. Current state of agents, its support in Nova. New architecture of agents-Nova communication, agnostic to hypervisor, is suggested.
Scaling API-first – The story of a global engineering organization
Guest Agents Support & Implementation Presentation
1. Guest Agents
Support & Implementation
Presentation available at http://goo.gl/WRGep
Brainstorming Session
by Artem Andreev, Mirantis Inc.
2. What is a guest agent?
A background process executed within the VM,
which provides the controlling nova-compute
service with various instance management
capabilities in context of the guest operating
system.
3. Session Goals
● Give an idea of the current status of guest
agents in OpenStack
● Share the vision of what an ideal guest
agent should be
● Discuss the sphere of it's responsibility and
implementation details
● Collect tons of criticism and suggestions
● As a result prepare source material for a
blue print
4. What do we have right now? Guest
agents for XenServer
● Derivative from the original code by Rackspace
● XCP/XenServer support only
● Linux (Python+C) and Windows (C#) target OS
● Utilizes XenStore as a communication channel
● Uses simple JSON-based asynchronous protocol
● Launchpad project https://launchpad.net/openstack-guest-agents
● Able to ...
○ Configure network locally
○ Set root user password
○ Inject files
○ Update itself, etc
6. Existing OpenStack-side Support
● nova.virt.driver
○ agent_update
○ set_admin_password
○ reset_network
○ inject_file
● nova-manage agent command
○ agent version tracking and update
■ list
■ create
■ modify
■ delete
● nova root-password
7. There is always something to
improve... Motivation
● Support for KVM, vmWare and other
hypervisors
● There're lots of possible applications for
agents waiting to be supported
● The current code is a mess of languages
and technologies, there's a tiny piece of
shared code base for different targets
● XenStore is definitely not the best way to
communicate especially when it comes up to
timings and security, we need a more
reliable channel
9. An ideal guest agent should be
responsible for ... (1/2)
● Instance access recovery
○ Root password and network configuration
reset
● Block device advanced management
○ Volume automounting and ejection
preparation
○ Auto-creation of filesystem on newly
attached volumes
● Advanced status monitoring
○ Detailed memory/disk usage statistics
10. An ideal guest agent should be
responsible for ... (2/2)
● Software management
○ Updating itself and PV drivers
○ Chef/Puppet bootstrapping
● Spawn-time resize of Windows
instances
● Guest-side support for snapshotting
○ Running sysprep in Windows
guests
● Anything else?
11. An ideal guest agent implementation
should be like...
● Development
○ Python as the primary development tool
■ http://github.com/Mirantis/osagent/
■ Generally cross-platform
Sharable code base
● Packaging
○ pyInstaller is a really good solution to create
standalone software packages in Python, no system
integration required
● Delivery
○ Explicit installation into golden image VMs for
Windows
○ Automatic injection into Linux VMs on startup
12. An ideal channel for nova-compute
<> agent communication would be ...
● A virtual serial port
○ Simple & Secure
○ Supported by KVM, ESX, XenServer
○ Complicated guest side port discovery :(
○ No channel-level connectivity tracking :(
● Cloud-init style metadata exchange
○ Vulnerable to spoofing and sniffing :(
○ Requires networking to be properly configured :(
● Configuration drives
○ Nice for one-shot startup time configuration but
seems weird for continuous usage
○ Too visible to end-user, thus more vulnerable
● Anything else?
13. An ideal protocol for OpenStack <>
agent communication would be ...
● QEMU Guest Agent Protocol
○ Supposed to be used with serial-port like channels
○ Lightweight, text-based, easy to parse data format
○ Asynchronous messages support (ie. events)
○ It works!
● Anything else?
> { "execute": "guest-sync-delimited", "arguments": { "id": 123456 } }
< { "return": 123456}
> 7b 27 65 78 65 63 75 74 65 27 3a 27 67 75 65 73 74 2d 73 79 6e 63 2d 64
65 6c 69 6d 69 74 65 64 27 2c 27 61 72 67 75 6d 65 6e 74 73 27 3a 7b 27
69 64 27 3a 31 32 33 34 35 36 7d 7d 0a
< ff 7b 22 72 65 74 75 72 6e 22 3a 20 31 32 33 34 35 36 7d 0a
14. Thank you for your cooperation!
Artem Andreev, Mirantis Inc.
aandreev@mirantis.com