As always, 70% of this conference is about building fresh, new clouds
rather than existing use-cases. That made for a very slow start on the
first day, but there were some interesting bits later on. Mark
Shuttleworth gave a brief talk where he re-affirmed Ubuntu's commitment
to supporting OpenStack and K8s in the long-term, and then scolded
attendees for getting distracted by (unspecified) shiny new things
rather than focusing on the fundamentals. I'm not really sure what that
was about but it was nice to hear someone assert that they still think
OpenStack is fundamental to the future of cloud tech.
The following is largely notes for my future self, but Brooke might be
interested in reading up about Rook.
Ceph/Rook:
Everyone is using ceph! Everyone also talks a lot about how hard it is
to deploy. There's a fair amount of buzz around 'Rook' which is a ceph
deployment/management system that we might want to consider. As I
understand it, you set up a k8s cluster with host networking on all of
your OSD nodes, and then Rook dumps a pod on each node which implements
the ceph services. Plenty of people are claiming that it works great,
and I think it supports rolling upgrades so that might be something to
consider instead of a bare puppet-and-debian-package deployment.
Deployment/package management:
There are lots of ways to deploy! Openstack on k8s, openstack on
openstack, openstack in containers pushed out by ansible, etc. etc.
Almost all of these assume that 1) you're starting from scratch and 2)
you want/have ironic control of bare metal. I spent a while thinking
that we should set up a k8s cluster and deploy openstack services
there... 'airship' might support that model (and it would line up with
using Rook to manage the ceph cluster) but I'm not sure that I'm not
just looking for a problem to solve when we don't really have one.
The one thing that might be useful for us is grabbing the kolla project
packages and deploying on simple standalone docker instances... that
would get us out of our current packaging hell. Assuming we don't ever
want to patch the projects, this might be a decent alternative to
deploying from source.
Designate:
The (two) designate developers are still alive and working on the
project. Development is very slow-paced right now, which is mostly good
for us because it means fewer headaches during upgrades :) Mugsie (the
PTL) switched jobs but says he still has someone paying him to work on
the project part-time, so there's no immediate danger of the project
dying off.
The Designate folks think that we should keep using designate-sink until
we're running version O. Then we can switch to the proper REST-based
neutron integration code for creating/deleting records on VM creation
and deletion. We'll want to write our own custom Neutron plugin to
replace the default one in order to replace the custom code that's
currently running in Sink.
The bad news is that the one feature I really want (the ability to share
.wmflabs.org between multiple tenants) is on the back-burner for the
moment. If money and staff dropped into our lap it might be nice for us
to get some contractor dollars devoted to someone working on that
(partly because I feel like we're a free-rider on the project and it
seems starved for resources).
Keystone:
The keystone upstream is finally implementing system-wide scope for
roles, which means that eventually we'll be able to give the 'observer'
users a system-wide scope rather than having to add it to every single
project. They're also in the process of standardizing on a true
project-admin policy which would let us get rid of some of our hacks
that allow project admins to add members to their own projects but not
others.
Of course, none of that is really useful until other projects have also
adopted these concepts, so we won't see any real gains until T or U.