Tag Archives: openstack

Flavio Percoco, PTL of the Zaqar project

Zaqar (formerly called Marconi) is the messaging service in OpenStack. I recently had an opportunity to interview Flavio Percoco, who is the PTL (Project Technical Lead) of that project, about what’s new in Kilo, and what’s coming in Liberty.

The recording is here, and the transcript follows below.



R: This is Rich Bowen. I am the RDO community liaison at Red Hat, and
I’m speaking with Flavio Percoco, who is the PTL of the Zaqar project.
We spoke two years ago about the project, and at that time it had a
different name. I was hoping you could tell us what has been happening
in the Kilo cycle, and what we can expect to see in Liberty.

F: Thanks, Rich, for having me here. Yes, we spoke two years ago, back
in Hong Kong, while the project was called Marconi. Many things have
happened in these last few years. We developed new APIs, we’ve added
new features to the project.

At that time, we had version 1 of the API, and we were still figuring
out what the project was supposed to be like, and what features we
wanted to support, and after that we released a version 1.1 of the
API, which was pretty much the same thing, but with a few changes, and
a few things that would make consuming Zaqar easier for the final

Some other things changed. The community provided a lot of feedback to
the project team. We’ve attempted to graduate two times, and then the
Big Tent discussion happened, and we just fell into the category of
projects that would be a good part of the community – of the Big Tent
discussion. So we are now officially part of OpenStack. We’re part of
this Big Tent group.

We changed the API a little bit. The impression that the old API gave
was that it was a queueing service, whereas what we really wanted to
do was a messaging service. There is a fundamental difference between
the two. Our focus is to provide a messaging API for OpenStack that
would not just allow users to send messages from one point to another,
but it would also allow users to have notifications right away from
that API. So we’ll take advantage of the common storage that we’ll use
for both features, for different services living within the same
service. That’s a big thing, and something we probably didn’t talk
about back then.

The other thing is that in Kilo we dedicated a lot of time to work on
these versions of the API and making sure that all of the feedback
that we got from the community was taken care of and that we were
improving the API based on that feedback, and those long discussions
that we had on the mailing list.

In Liberty, we’ve dedicated time to integrating with other project, as
in, having other projects consume the API. So we’re very excited to
say that in Liberty a few patches have landed in Heat that rely on
Zaqar for having notifications, or to send messages, and communicate
with other parts of the Heat service. This is very exciting for us,
because we have some stories of production environments, but we didn’t
have stories of other projects consuming Zaqar, and this definitely
puts us in a better position to improve the service, and get more
feedback from the community.

In terms of features for the Liberty cycle, we’ve dedicated time to
improve the websocket transport which we started in Kilo, but didn’t
have enough time to complete there. This websocket transport will
allow for persistent connections to be made against the Zaqar service,
so you’ll just connect to the service once, and you’ll keep that
connection alive. This is ideal for several scenarios, and one of
those is connecting to Zaqar from a browser and having Javascript
communication directory to Zaqar, which is something we really want to

Another interesting feature that we implemented in Liberty is called
pre-signed URLs, and what it does is something very similar – if folks
are familiar with Swift temp URLs –
– this is something very similar to that. It generates a URL that
can expire. You will share that URL with people or services that don’t
have an username in Zaqar, so that they can connect to the service and
still send messages. This URL is limited to a single tenant and a
single queue, and it has privileges and policies attached to it so
that we can protect all the data that is going through the service.

I believe those are the two features that excite me the most from the
Liberty cycle. But what excites me the most about this cycle is that
we have other services using Zaqar, and that will allow us to improve
our service a lot.

R: Looking forward to the future, is there anything that you would
like to see in the M cycle? What is the next big thing for Zaqar?

F: In the M cycle, I still see us working on having more projects
consuming Zaqar. There’s several use cases that we’ve talked about
that are not being taken care of in the community. For instance,
talking to guest agents. We have several services that need to have an
agent running in the instances. We can talk about Trove, we can talk
about Sahara, and Murano. We are looking forward to address that use
case, which is what we built presigned URLs for. I’m not sure we’re
going to make it in Liberty, because we’re already on the last
milestone of the cycle, but we’ll still try to make it in Liberty. If
we can’t make it in Liberty, that’s definitely one of the topics we’ll
need to dedicate time to in the M cycle.

But as a higher level view, I
would really like to see a better story for Zaqar in terms of operations
support and deployment – make it very simple for people to go there
and say they want Zaqar, this is all I need, I have my Puppet
manifest, or Anisible playbooks, or whatever people are using now – we
want to address that area that we haven’t paid much attention to.
There is already some effort in the Puppet community to create
manifests for Zaqar, which is amazing. We want to complete that work,
we want to tell operations, hey, you don’t have to struggle to make that
happen, you don’t have to struggle to run Zaqar, this is all you need.

And the second thing that I would like to see Zaqar doing in the
future is to have a better opinion of what the storage it wants to
rely on is. So far we have support for two storages that are unicode
based and there’s a proposal to support a third storage, but in
reality what we would really like to do is have a more opinionated
Zaqar instance of storage, so that we can build a better API, make it
consistent, and make sure it is dependable, and provide specific
features that are supported and that it doesn’t matter what storage
you are using, it doesn’t matter how you deploy Zaqar, you’ll always
get the same API, which is something that right now it’s not true. If
you deploy Redis, for instance, you will not have support for FIFO
queues, which are optional right now in the service. You won’t be able
to have them because that’s something that’s related to the storage
itself. You don’t get the same guarantees that you’d get with other
storage. We want to have a single story that we can tell to users,
regardless of what storage they are using. This doesn’t mean that ops
cannot use their own storage. If you deploy Zaqar and you really want
to use a different storage, that’s fine, we’re not going to remove
plugability from the service. But in terms of support, I would like
Zaqar to be more opinionated.

R: Thanks so much for your time.

F: Thanks for putting this together.


RDO and CentOS

Continuing in the series about the RDO Meetup in Vancouver, in this recording we have Karsten Wade, of the CentOS project, talking about CentOS’s relationship with RDO, and with OpenStack in general. He talks about the CentOS build infrastructure, CI, package repos, and the CentOS Cloud SIG.

(If the player below doesn’t work for you, you can listen HERE.)


Geocaching at OpenStack Summit

Well, I *planned* to go geocaching at OpenStack Summit, but it really didn’t work out. Almost every moment that I wasn’t working the expo hall, I was in my hotel room, in bed. Yes, I spent most of OpenStack Summit week sick, and didn’t get out of the hotel much.

However, I did get out to go Geocaching one morning on the way over to the convention center, and I found Canada Place Cache, my first cache in many moons, and my first cache in Canada.

I also looked for Barrel of Trees, which I didn’t find because the place was overrun with muggles and I never got a chance to go back.

What was really cool, though, was how many OpenStack enthusiasts approached me either at the event, or online, saying that they were also  planning to go geocaching, and thanking me for making them think of it. I always like to find out the *other* hobbies of the people I know in the geek world. That is, their hobbies outside of the particular technical discipline we share. It makes people more human, and way more interesting.

So, stay tuned, and come geocaching with me at Red Hat Summit, and at OpenStack Summit in Tokyo.

Geocaching in Vancover

Coming to the OpenStack Summit in Vancouver?

Like Geocaching?

It looks like there’s a lot of caches around the summit location. This map shows the 500 closest.



I keep meaning to spend a little time at conferences walking around the area and geocaching. Perhaps if I have a few folks with me I’ll see more of it, and meet some interesting people as well.

If you’re interested in Geocaching in Vancover, let me know, and we’ll try to set something up. I’ll be there from Sunday night (May 17th) through Thursday night (May 21st), and although I know it’s an incredibly busy week, I expect we can find an hour or two free in there somewhere.

I’ll also bring my new CryptoCard travel bug to drop off somewhere, since all of my other travel bugs have long since vanished.

cryptoI’m also hoping that by the time Red Hat Summit rolls around, I have some special Red Hat community project geocoins to accompany our geocaching outing. If this works out, I’ll try to make it a regular feature of my conference trips. So, here’s hoping.



What’s new in OpenStack Juno

Originally posted on opensource.com.

OpenStack is on a six-month release cycle, with each release given  a code name starting with consecutive letters of the alphabet. On October 16th, OpenStack Juno will be released, with several new projects, and lots of new features.

Here’s a few of the things you can expect in the next release of
OpenStack. This isn’t intended to be comprehensive – just a taste of
some of the things that are coming.


As the core of OpenStack, Nova needs to be solid. But this doesn’t mean that it’s slow to change, with some significant changes coming in Juno.


NFV – Network Function Virtualization – is a big deal lately, and you
can look to see lots of people working on it, as well as vendors talking about it.

* Live Upgrades

First introduced in Icehouse, live upgrades were still a little rocky.
You’ll see big improvements in this area in Juno.

* More

See more of what’s coming in Juno in Russell Bryant’s blog post at


Ceilometer is the metering/measurement component of OpenStack.

* Speed

Over the last few cycles, the Ceilometer team have identified some
poorly-designed parts of the project, and have taken a lot of time this cycle to pay down the technical debt to regain some of the performance lost to those decisions. So you can look for Ceilometer to be much more efficient, and faster, in Juno.

* Community reboot

The project management is moving from a top-down decision making process to a collaborative community decision making process, so that everyone has a voice in how decisions are being made.

Additionally, some controls are being put in place regarding the code freeze at the end of the cycle, so that people aren’t trying to rush new functionality in at the last minute, resulting in testing gaps.

* QA

Speaking of testing, there’s also an effort to ensure more Tempest and Grenade test coverage in Juno, which should ensure better code

* More

See more of what’s coming in Juno in this interview with Eoghan Glynn of the Ceilometer community:


Heat is the orchestration component of OpenStack, which can be used to set up and tear down infrastructure automatically in response to environmental events, or scripted.

* Rollback

In the past, if a Heat deploy failed, you just moved on, and maybe went back and cleaned up by hand. In Juno, it will be easier to roll back a failed deployment, and be sure that all of the various pieces have been cleaned up.

* Create resources without being admin

In Icehouse and earlier, certain types of resources could only be
created as admin. In Juno, creating users will still require that you be
admin, but you can then delegate privileges to that user so that they
can create resources without having to be admin.

* More

Read more about what’s coming in Juno for Heat at


Glance is “a service where users can upload and discover data assets
that are meant to be used with other services, like images for Nova
and templates for Heat.” This is a new mission statement in Juno, and some of the changes that are coming are:

* Artifacts

The scope is expanding in Juno to be more than just an image registry, to being a generic catalog of various data assets. This will allow for greater flexibility in how it can be used.

* More

Read more about what’s coming in Juno for Glance at


Marconi (Now renamed to Zaqar) is OpenStack’s messaging and queuing system, and so is very important to all of the other components.

* Redis

In Juno, Zaqar will add a storage driver to support redis, and
support for storage engines is in the works. It will be possible to create and tag clusters of storage and then use them based on their capabilities.

* Queues migration

The Zaqar team will be adding support for queues migration between pools of the same type. Read more at

* More

Flavio’s article at
http://blog.flaper87.com/post/juno-preview-glance-marconi/ also covers Zaqar, as well as Glance.


Keystone is the identity management piece of OpenStack, and has some big improvements coming in Juno.

* LDAP integration

Using Keystone against a database is ok, in that it does password
authentication. But what you really want is to integrate it with your
existing user authentication infrastructure. This often means LDAP. In Juno, you can configure Keystone to use multiple identity backends, and integration with LDAP will be much easier.

* Other security projects

The same community that works on Keystone is also very interested in other security related projects in the OpenStack ecosystem. Look for projects Barbican and Kite to be more active in the coming months.

* More

Nathan Kinder’s article at
http://redhatstackblog.redhat.com/2014/08/05/juno-updates-security/ covers more of what’s coming in Juno. See also this blog post: https://blog-nkinder.rhcloud.com/?p=130 for clarification of some of these goals.


TripleO is a project about installing, upgrading, and operating
OpenStack clouds in an automated fashion. This is a big area of interest in Juno – making OpenStack easier to deploy and manage.

* High Availability

A big push in Juno is deploying HA clouds with TripleO. This will be the default behavior, which has the added benefit of getting everyone testing HA deployments, even on “clusters” as small as 1 node.

* Heat templates

TripleO uses Heat as part of the automation of deployment. So in Juno a lot of work has gone into the Heat templates that are used.

* More

Read more about what’s coming in Juno for TripleO in James Slagle’s blog post at http://blog-slagle.rhcloud.com/?p=235


Horizon is the web admin interface for OpenStack. While many people will interact with OpenStack via the command line and APIs, the web interface is still the face of OpenStack for many OpenStack operators.

* Sahara (Hadoop)

Sahara is a new project that makes it easier to deploy Apache Hadoop or Apache Spark on OpenStack. This project has graduated, and so it’s now integrated into the dashboard, so you can deploy Hadoop clusters with a few mouse clicks.

* JavaScript unbundling

As good Open Source citizens, Horizon has moved to unbundling the
Javascript libraries that were previously copied into the Horizon source tree. This not only makes it easier to manage upgrades, but also complies with no-bundling requirements in certain Linux distros like

* More

See more about what the Horizon team is doing for Juno in Matthias
Runge’s blog post at http://www.matthias-runge.de/2014/09/08/horizon-juno-cycle-features/

See also

This is just a sampling of what’s coming in Juno. As well as reading all
of the excellent articles at https://openstack.redhat.com/Juno_previews
see also the YouTube playlist of PTL (Project Technical Lead) webinars.

And come to the OpenStack Summit in Paris to see what we’ll do for an encore in Kilo.

RDO on CentOS 7

With CentOS 7 now available, I quickly put it on my OpenStack demo laptop, and started installing RDO. It mostly just worked, but there were a few roadblocks to circumvent.

As usual, I followed the RDO Quickstart, so I won’t duplicate those steps here, in detail, but it goes like:

sudo yum update -y && sudo yum install -y http://rdo.fedorapeople.org/rdo-release.rpm && sudo yum install -y openstack-packstack && packstack --allinone

Comparison of string with 7 failed

The first problem occurs pretty quickly, in prescript.pp, with the following error message:

Comparison of String with 7 failed

This is due to the change in CentOS versioning scheme – the latest release of CentOS is version 7.0.1406, which is not a number. The script in question assumes that the version number is a number, and does a numerical comparison:

if $::operatingsystem in $el_releases and $::operatingsystemrelease < 7 {

This fails, because $::operatingsystemrelease is a string, not a number.

The solution here is to edit the file /usr/lib/python2.7/site-packages/packstack/puppet/templates/prescript.pp and replace the variable $::operatingsystemrelease with $::operatingsystemmajrelease around line 15.

While you’re at it, do this for every file in that directory, where $operatingsystemrelease is compared to 7.

See https://bugzilla.redhat.com/show_bug.cgi?id=1117035 for more detail, and to track when this is fixed.

mysql vs mariadb

The second problem, I’m not sure I understand just yet. The symptom is that mysql.pp fails with

Error: Could not enable mysqld:

To skip to the end of the story, this appears to be related to the switch from mysql to mariadb about a year ago, finally catching up with CentOS. The related bug is at https://bugzilla.redhat.com/show_bug.cgi?id=981116

The workaround that I used was:

# rm /usr/lib/systemd/system/mysqld.service 
# cp /usr/lib/systemd/system/mariadb.service /usr/lib/systemd/system/mysqld.service
# systemctl stop mariadb
# pkill mysql
# rm -f /var/lib/mysql/mysql.sock

Then run packstack again with the generated answer file from the last time.

However, elsewhere in the thread, we were assured that this shouldn’t be necessary, so YMMV. See https://www.redhat.com/archives/rdo-list/2014-July/msg00055.html for further discussion.

That’s all, folks

After those two workarounds, packstack completed successfully, and I have a working allinone install.

Hope this was helpful to someone.

UPDATE: The next time through, I encountered https://ask.openstack.org/en/question/35705/attempt-of-rdo-aio-install-icehouse-on-centos-7/

The workaround is to replace contents of /etc/redhat-release with “Fedora release 20 (Heisenbug)” and rerun packstack.

Turns out that this also fixes the mysql/mariadb problem above without having to go through the more complicated process.

OpenStack User Survey (Juno Summit)

Last month at the OpenStack Summit in Atlanta, the highly-anticipated OpenStack user survey results were released. For reasons of respondent anonymity, the raw data of the survey will not be released, but rather just a summary of the numbers. Even with that, the new numbers are very interesting.

It should be noted that the results of any survey like this have to be understood in the light of the respondent sample set. People answering this survey are those who are somewhat engaged with the OpenStack Foundation, and (obviously) aware that there even is a survey. When software is available freely, like OpenStack, there is simply no effective way to contact everyone that’s using it, so we’re necessarily seeing only a small percentage of the total population, and have to hope that it’s a representative percentage. There’s also a lot of marketing of the survey in the various “camps” in the OpenStack ecosystem, trying to get people to fill out the survey. Here, too, we have to hope that this is roughly fairly distributed, and does not itself skew the results.

That said …

The results of the survey are here: http://www.slideshare.net/ryan-lane/openstack-atlanta-user-survey

As the RDO community guy, of course my initial interest was in the distribution of deployment OS platform, as well as the deployment tools.

Let’s start with OS.

*Note: Graph corrected – I had the wrong numbers in this earlier*

Note that since the survey combines paid and non-paid Ubuntu, it seems reasonable to combine CentOS and RHEL deployments. I’m sure that there won’t be universal agreement that that’s the right thing to do. So be it.

Compare these to the numbers six months ago:

We’re not comparing apples to apples here, but here’s a graph of all the combined deployments across the categories, in the 2014 survey:

Several interesting conclusions that I draw from these numbers. Although, again, we’re not comparing apples to apples, so I’m sure that other folks will interpret differently.

Overall, the Ubuntu to RHEL/CentOS split moved from 55/34 to 47/39, indicating, overall, a movement away from Ubuntu towards CentOS and RHEL as the preferred platform for OpenStack deployments.

More interesting, looking at the breakdown into poc/dev/prod categories, there’s an even stronger motion towards CentOS (and RHEL) as a preferred platform for *new* deployments. Looking at the versions deployed in production, it’s clear that once folks have something deployed, they leave it alone, with a pretty high number of people running versions that are as far back as Essex, Diablo, or even earlier.

On the deployment tool side, I think that the question could stand to be clarified. I wonder, of the people who indicate that they are using Puppet or Chef to do their deployment, whether they’re using another tool such as crowbar or packstack to run those tools, for example, or if they’re actually writing their own Puppet/Chef scripts. I would also have expected, just anecdotaly based on various conversations, to see devstack much further out in front. Perhaps I’m just talking to a rather unrepresentative group – which is, of course, why surveys like this are so useful.

Also of great interest to me is the distribution of industries. I need to do more work on comparing the numbers side-by-side, but the academic sector (the #2 industry) has grown against the previous survey, from 11 to 13%, and some other industries have also grown a little. The fact that IT is still far and away the largest consumer of this stuff seems to confirm everyone’s impression that we’re still very early days in this stuff, and the more we see it grow in non-IT industries, the more we’ll know that it’s here to stay. (It also seems likely to me that people outside of the IT sector are unaware that there’s even a survey to fill out.) So that’s something to keep watching in the next time around.