Profile photo of admin

by admin

Avoid Shellshock and the Bash Plague with ManageIQ

September 29, 2014 in Syndicated

Unless you’ve been under a rock the last few days, you’ve no doubt heard of the Shellshock vulnerability affecting a large number of *nix machines with the Bash shell installed. Note: Bash doesn’t even need to be the default shell – plenty of ‘Dash’ users are also affected. Luckily, there’s a way to avoid this mess – a policy management engine in ManageIQ, combined with VM fleecing, that lets you route around the vulnerability, turning off VMs that are vulnerable. This video gives you the goods:

That video comes courtesy of John Hardy, all-around good guy (mostly) and CloudForms man about town. He wrote up an accompanying blog post that includes the bits needed for implementation:

Fancy finding out really quickly if your [linux boxes] are patched correctly? Even if they are turned off right now? Wow that is clever not even the virtual infrastructure players can do that…I know…its cool. Here it is..

Using Cloudforms (or ManageIQ for FREE!) download this policy and import it into Control. Then assign the policy to your targets. The policy will only check Linux systems, though it could do with a makeover to check only RHEL 6.5 systems too.

Download and import this policy profile (GitHub.com)

Protect yourselves out there!

Profile photo of admin

by admin

From Russia with Tenderlove – ManageIQ Podcast

September 26, 2014 in Syndicated

Aaron Patterson joined us from Russia on this fun podcast, covering many topics, from the Rails 4 migration and the ManageIQ Design Summit to why you should “just use Ruby”.

You can see Aaron and lots of other smart people at the upcoming ManageIQ Design Summit on October 7 & 8 in Mahwah, New Jersey.

Profile photo of admin

by admin

Design Summit Podcast – Brad Ascar and John Hardy

September 24, 2014 in Syndicated

John Hardy and Brad Ascar stopped by the studio to discuss their talks at the upcoming ManageIQ Design Summit on October 7 & 8 in Mahwah, NJ

John and Brad’s upcoming talks:

  • Fisher Price: My First State Machine – John Hardy
  • Navigating the ManageIQ Object Model – Brad Ascar
  • Advanced Policy State Management – Brad Ascar
  • New for Anand: RESTful API – John Hardy

Musical intro: Cantina Rag, by Jackson F. Smith

Profile photo of admin

by admin

Breaking: Tenderlove to Discuss Rails 4 Migration Plans at Design Summit

September 19, 2014 in Syndicated


If you’re headed to the ManageIQ Design Summit on October 7 & 8, you’re in for a treat. Aaron Patterson (@tenderlove) will be leading a session in the design track on the topic of migrating ManageIQ to Ruby on Rails 4.

One of the things Aaron will valliantly tackle, in addition to Rails 4 migration and his general all-around awesomeness, is ensuring that ManageIQ stays in sync with upstream gems. At the design summit you’ll have a chance to hear him talk about these and other topics – essential knowledge for developers.

Profile photo of admin

by admin

Sprint 12 Demo Results and Video

September 18, 2014 in Syndicated

We just finished up the Sprint 12 demo, ended September 9.

If you want to read the highlights of the sprint demo, notes are posted below:

Sprint 12 Demo Highlights

  • Overview
  • Sprint Statistics
  • User Interface
  • Automate
  • Appliance
  • REST API
  • Fleecing

Sprints

  • 3 weeks long each ending on a Monday
  • GitHub Milestone per Sprint
  • GitHub Milestone called Roadmap

Sprint 12 Ended Sept 8

  • links to sprint issues
  • Over 90 Pull Requests Merged!
  • 63 issues labeled as “bug”
  • 15 issues labeled as “appliance”
  • 22 issues labeled as “enhancement”

User Interface

  • Form Buttons (css based)
  • Patternfly modified Bootstrap

Automate

  • EMS Refresh (Amazon virtualization type)
  • Exposed cloud relationship in service models
  • Persistent state data through retries
  • Automate Model changes
  • High level rubyrep changes

Amazon Virtualization Type

Service Models: Cloud Relationship

class Flavor
    expose :ext_management_system
    expose :vms
end

class FloatingIp
    expose :ext_management_system
    expose :vm
    expose :cloud_tenant
end

class SecurityGroup
    expose :ext_management_system
    expose :cloud_network
    expose :cloud_tenant
    expose :firewall_rules
    expose :vms
end
class AvailabilityZone
    expose :ext_management_system
    expose :vms
    expose :vms_and_templates
    expose :cloud_subnets
end

class CloudNetwork
    expose :ext_management_system
    expose :cloud_tenant
    expose :cloud_subnets
    expose :security_groups
    expose :vms
end
class CloudSubnet
    expose :cloud_network
    expose :availability_zone
    expose :vms
end
class EmsCloud
    expose :availability_zones
    expose :cloud_networks
    *   expose :cloud_tenants
    expose :flavors
    expose :floating_ips
    expose :key_pairs
    expose :security_groups
end

Persistent state data through retries

  • New automate methods for state machine methods:
    • state_var_exist?(var_name)
    • set_state_var(var_name, value)
  • get_state_var(var_name)

Example:

if $evm.state_var_exist?(“test_data”)
    test_data = $evm.get_state_var(“test_data”)
    # TODO: Something interesting
else
    # First time through, initialize data
    $evm.set_state_var(“test_data”, 1)
end

Automate Model changes

  • Auto-placement run from a state machine step for Cloud and Infrastructure provisioning
  • Added common “Finished” step to all Automate state machine classes

Added eligible* and set* methods for cloud resources to provision task service model

  • eligible_availability_zones
  • eligible_cloud_networks
  • eligible_cloud_subnets
  • eligible_cloud_tenants
  • eligible_floating_ip_addresses
  • eligible_guest_access_key_pairs
  • eligible_instance_types
  • eligible_security_groups

Automate changes

Console

  • Config temp disk for OpenStack Fleecing
  • Key generation

Security

  • CertMonger Integration
  • IPA Research for Single Sign-On
  • Appliance

Appliance

  • Ruby 2.0 changes (compatible with 1.9.3)
  • Logrotate now rotates our logs!
  • Gem upgrades for bugs/enhancements
  • haml
  • net-ldap
  • net-ping
  • Added/labelled issues for ruby2.x/rails4.x

REST API

  • Update for Authentication
    • With External Authentication (httpd) enabled against an IPA Server
    • fixed bug in the REST API and Appliance Console to honor the external credentials like the Web UI when targeting the /api entrypoint

VM Fleecing

XFS Filesystem Support

  • Work in Progress
    • see PR – https://github.com/ManageIQ/manageiq/pull/490
  • Most of the code is complete
  • Lacking Unit Tests
  • Expected to be completed in Sprint 13
Profile photo of admin

by admin

The ManageIQ Design Summit – a small intimate gathering of cloud experts

September 12, 2014 in Syndicated

We’re happy to announce the preliminary agenda for the upcoming ManageIQ Design Summit, a 2-day event on October 7 & 8 in Montvale, NJ. Be sure to RSVP soon, as space is very limited. As mentioned in the title, it’s a small intimate gathering of cloud experts, those interested in pushing the limits of ManageIQ and setting the roadmap for development. If you’re a ManageIQ user who wants to learn how to make the most of its automation and orchestration capabilities, then there will be plenty for you, too:

  • Tour the new RESTful APIs released in Anand
  • Create reusable components for automation and orchestration of your hybrid cloud infrastructure
  • Hack rooms for those who want to dive in

The proud sponsors of the event are Red Hat and Booz Allen Hamilton. I’ve been told to be on the lookout for a new open source cloud broker project from the Booz Allen engineers.

Look forward to seeing you there!

Profile photo of admin

by admin

Moving on From Gluster

May 22, 2014 in Syndicated

All good things must come to an end. I can say with no equivocation that the last three years have been the most rewarding from a work perspective than any other job I’ve ever had. When I accepted this challenge in May, 2011, I had no idea that the project and community would blossom as they have. I had no idea how many great people were already in place to push this project to the forefront of open source development. I had no idea how many great partners we would find who share our vision for open source storage. I also, of course, didn’t know that Gluster, Inc. would be acquired within months of my arrival, which drastically increased the velocity of the project and community. I didn’t know any of that – what I did know was that there was a pretty cool project called GlusterFS and it seemed like the way forward for storage.

After we were acquired, we knew there would be a bit of angst from the community about whether we would still actively support other distributions outside of the Red Hat arena. I’m proud to say that we have done that, with active contributions from various community members for Ubuntu, Debian, NetBSD and OpenSUSE builds. We always strove to make gluster.org a truly open community and, in some respects, “bigger than Red Hat.”

Along the way, we created a board consisting of active community members and organizations. We made the project more transparent and active than ever. We greatly increased the degree that the community is a collaborative experience beyond just the immediate development team. And we greatly increased the reach and scope of the open source storage ecosystem. I can look back and feel privileged to have worked with such amazing visionaries, developers and community evangelists.

Now it’s time to turn the Gluster community over to someone who can build on what we’ve done and take it even further. I’m staying at Red Hat but moving on to other projects and communities. The ideal candidate should know their way around open source projects and communities, should have an unyielding desire to push things beyond the status quo, should know a thing or two about business strategy, and should understand how to identify which organizations should invest in a community and sell them on the vision. As I’ve mentioned before, today’s community leaders are the equivalent of startup executives, having to mesh together product management and marketing, business development and strategy, sales and messaging into a cohesive whole.

Are you the next Gluster Community Leader? Drop me a line on IRC – I’m “johnmark” on the Freenode network.

Profile photo of admin

by admin

An OpenStack Storage Hackathon

May 5, 2014 in Syndicated

With technologies around Open Software-defined Storage emerging as the way to get things done in the cloud, we’ve noticed strong interest in how to take advantage of this emerging software space. Storage is changing from the proprietary, expensive box in the corner to a set of APIs and open source software deployed in a scale-out way on your infrastructure. Storage services are now an integrated part of your scale-out applications.

To accelerate this momentum, we thought it would be fun to have a storage hackathon at the OpenStack Summit to encourage developers to dive into this brave new world.

We’re starting at 1pm on May 11, and we’ll be hacking into the night until 8 or whenever folks get tired. After that, Red Hat will sponsor drinks at a local watering hole.

Experts will be on hand to help new hackers find their way. Come by, learn, collaborate, and write some apps.

RSVP at osstorage-hack.eventbrite.com

Profile photo of admin

by admin

OpenNebula: Native GlusterFS Image Access for KVM Drivers

March 10, 2014 in Syndicated

If you saw our Gluster Spotlight (“Integration Nation”) last week, you’ll recall that Javi and Jaime from the OpenNebula project were discussing their recent advances with GlusterFS and libgfapi access. Here’s a post where they go into some detail about it:

The good news is that for some time now qemu and libvirt have native support for GlusterFS. This makes possible for VMs running from images stored in Gluster to talk directly with its servers making the IO much faster.

In this case, they use GFAPI for direct virtual machine access in addition to the FUSE-based GlusterFS client mount for image registration as an example of using the best tool for a particular job. As they explain, OpenNebula administrators expect a mounted, POSIX filesystem for many operations, so the FUSE-based mount fits best with their workflow while GFAPI works when lower latency and better performance are called for.

Read the full post here.

The GFAPI integration is slated for the 4.6 release of OpenNebula. To get an early look at the code, check out their Git repository. Documentation is available here.

Profile photo of admin

by admin

Gluster Spotlight: Integration Nation

March 6, 2014 in Syndicated

This week’s spotlight will be all about software integrated with storage services. GFAPI has opened the floodgates for this type of integration with GlusterFS. In this spotlight, we’ll hear from people who have been actively working on integrations with Apache CloudStack, Pydio, and OpenNebula.

Hear about how they integrated with GlusterFS and they would suggest to others who wish to deploy any application stack with scale-out storage requirements.

As usual, you can request to be part of the live hangout, or follow along on YouTube. Q&A will be managed from the IRC channel #gluster-meeting.