DOCSLIB.ORG

Bare Metal Trust Openstack Summit Paris Nov 2014

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Bare Metal Trust Openstack Summit Paris Nov 2014 Bare Metal Trust OpenStack Summit Paris Nov 2014 Tan Lin, Wei Chen, Wei Gang, Malini Bhandaru, Shane Wang Agenda • Motivation • Trust - HW & SW • Ironic with Attestation • Demo • Blueprints & References 2 Motivation - Detect Malware/Changes Can we “trust” a node to host an OpenStack Service? Can we “trust” a relinquished Bare Metal Node to be free of malware - to allocate to another tenant? • Detect change in BIOS? YES! • Detect change in PCIe device(s) • number, • firmware • Change in Kernel, VMM, Operating System? OpenSource Technology Center 3 Intel TXT Enables detection on boot, and exit from platform sleep Changes in • BIOS (root kits), replay attacks • PCIe device changes YES! • number of devices • their firmware • Kernel - updates OpenSource Technology Center 4 Motivation - A closer look at the Nodes Compute Nodes: Host Tenant VMs Trusted Compute Pools Service Nodes: Nova, KeyStone, Neutron.. hosts OpenStack services: scheduler, networking, identity etc Bare Metal Nodes Nova Cinder Performance sensitive Tenants Neutron KeyStone HPC, Containers Compute Bare Metal OpenSource Technology Center 5 Trust – TPM, TXT, OAT Platform with TPM module http://en.wikipedia.org/wiki/Trusted_Platform_Module #mediaviewer/File:TPM_Asus.jpg OpenSource Technology Center 7 Trusted Platform Module (TPM) TPM 1.2 SHA-1 hashes TPM 2.0 SHA-1 & SHA-2 hashes & custom hash algorithms 22 PCRs Image credit: http://en.wikipedia.org/wiki/Trusted_Platform_Module#mediaviewer/File:TPM.svg OpenSource Technology Center 8 Trust – Hardware & Software TPM/TXT/TBoot/TrouSerS/OAT OAT, Remote Attestation Mt. Wilson(closed source) 1.7, 2.0 Client, Server (Java) TrouSerS Library to access TPM Open source software (C ) Software Tboot Measures BIOS, Option ROM, kernel Open source software (C ) into TPM registers Intel TXT – VT-X, VT-d, BIOS enable HW and SW virtualization support 1.2 original, 2.0 Global/export, TPM software hash algorithms, Hardware NationZ, Infinion Intel platform OpenSource Technology Center Setup Setup - OAT Server 1. Deploy OAT server in OpenStack 2. Provision Known Good Values • For Bare Metal images • OEMs can provide BIOS and PCIe firmware measures • HPC images deployed 1000s of times are worth full measure OpenSource Technology Center 11 Setup – Node(s) 1. Enable TPM 2. Enable TXT, VT-x, VT-d in BIOS 3. Take TPM ownership Currently manual steps • Scripts nice, need OEM help • Secure save Password OpenSource Technology Center 12 Setup – OpenStack 1. Ironic flavor – trusted 2. Whitelist – Glance image 3. iPXE/PXE boot image 4. Inject OAT client 5. Ironic second boot 6. Attest OpenSource Technology Center 13 Workflow 5. allocate to tenant PXE or OAT iPXE attestation Glance service 4. trusted/not 2. Ironic Boot <image> 3. PCR hash values tboot BIOS 1. Enable VT-x, VT-d, take TPM ownership Intel Platform + TPM hardware OpenSource Technology Center 14 Demos Use Cases • Bare Metal Trust • Detect Fireware change - new PCIe device • Upgrade - whitelist change OpenSource Technology Center 16 Horizon – Bare Metal Instances OpenSource Technology Center 17 Limitations • Linux bare metal images in OpenStack • Trust too • Trust client injection required • OSV adoption (RedHat, Suse, Ubuntu ) will eliminate • Chicken-egg problem: demand/integration/adoption • Manual enable trust-measurement • OEM help for scripts. OpenSource Technology Center Next Steps • Alert Admin about untrusted bare metal – BIOS/firmware/optionROM modified? – Kernel modified? – Missing whitelist entry? • Re-try trusted bare metal schedule (configure #tries) – To avoid Denial-of-service through missing whitelist • Upstream code – https://blueprints.launchpad.net/ironic/+spec/bare-metal-trust – https://blueprints.launchpad.net/horizon/+spec/bare-metal-trust- status Blueprints • https://blueprints.launchpad.net/ironic/+spec /bare-metal-trust References • Trusted Compute Group • http://www.intel.com/content/www/us/en/architecture-and- technology/trusted-execution-technology/malware-reduction-general- technology.html • http://www.intel.com/content/dam/www/public/us/en/documents/white- papers/trusted-execution-technology-security-paper.pdf • http://www.intel.com/content/dam/www/public/us/en/documents/guides/in tel-txt-software-development-guide.pdf • Intel® Trusted Execution Technology for Server Platforms (Apres) • A Guide to More Secure Datacenters -- free eBook -- http://www.apress.com/9781430261483 Backup Inject OAT-Client minicloud@minicloud:~$ disk-image-create -u fedora baremetal local-config stackuser oat-client -o oat-client-21 minicloud@minicloud:/opt/stack/diskimage-builder/elements$ find oat-client/ oat-client/ oat-client/install.d oat-client/install.d/package-installs-oat oat-client/element-deps oat-client/README.md oat-client/pre-install.d oat-client/pre-install.d/02-set-oat-repo OpenSource Technology Center 23 Trust Flavor class PXEDriverFields(GenericDriverFields): def _get_kernel_ramdisk_dict(self, flavor): """Get the deploy ramdisk and kernel IDs from the flavor. :param flavor: the flavor object. :returns: a dict with the pxe options for the deploy ramdisk and kernel if the IDs were found in the flavor, otherwise an empty dict is returned. """ extra_specs = flavor['extra_specs'] deploy_kernel = extra_specs.get('baremetal:deploy_kernel_id') deploy_ramdisk = extra_specs.get('baremetal:deploy_ramdisk_id') deploy_trust = extra_specs.get('baremetal:deploy_trust') deploy_ids = {} if deploy_kernel and deploy_ramdisk: deploy_ids['pxe_deploy_kernel'] = deploy_kernel deploy_ids['pxe_deploy_ramdisk'] = deploy_ramdisk if deploy_trust=='True': deploy_ids['pxe_deploy_trust'] = deploy_trust return deploy_ids OpenSource Technology Center 24 Trust Node def _parse_driver_info(node): def _continue_deploy(self, task, **kwargs): """Gets the driver specific Node deployment info. """Continues the deployment of baremetal node over iSCSI. This method validates whether the 'driver_info' property of the This method continues the deployment of the baremetal node over supplied node contains the required information for this driver to iSCSI deploy images to the node. from where the deployment ramdisk has left off. :param node: a single Node. :param task: a TaskManager instance containing the node to act on. :returns: A dict with the driver_info values. :param kwargs: kwargs for performing iscsi deployment. :raises: MissingParameterValue """ """ info = node.driver_info d_info = {} try: d_info['deploy_kernel'] = info.get('pxe_deploy_kernel') d_info = _parse_deploy_info(node) d_info['deploy_ramdisk'] = info.get('pxe_deploy_ramdisk') trust_boot = d_info['deploy_trust'] d_info['deploy_trust'] = info.get('pxe_deploy_trust', 'False') deploy_utils.switch_pxe_config(pxe_config_path, root_uuid, error_msg = _("Cannot validate PXE bootloader") driver_utils.get_node_capability(node, 'boot_mode'), deploy_utils.check_for_missing_params(d_info, error_msg, 'pxe_') trust_boot) return d_info OpenSource Technology Center 25 PXE configuration with trust_boot default trust_boot label deploy kernel http://10.239.48.36:8081/40595e7e-7841-4ac4-9878-fd7cbcac1d9f/deploy_kernel append initrd=http://10.239.48.36:8081/40595e7e-7841-4ac4-9878-fd7cbcac1d9f/deploy_ramdisk rootfstype=ramfs selinux=0 disk=cciss/c0d0,sda,hda,vda iscsi_target_iqn=iqn-40595e7e-7841-4ac4-9878-fd7cbcac1d9f deployment_id=40595e7e-7841-4ac4-9878-fd7cbcac1d9f deployment_key=Z33C3N5N644QJH50T6SCZDEXR7FIYB0K ironic_api_url=http://10.239.48.36:6385 troubleshoot=0 text nofb nomodeset vga=normal ipappend 3 label boot kernel http://10.239.48.36:8081/40595e7e-7841-4ac4-9878-fd7cbcac1d9f/kernel append initrd=http://10.239.48.36:8081/40595e7e-7841-4ac4-9878-fd7cbcac1d9f/ramdisk root=UUID=106b4e5c-128a-461a-a191-0c035efc4768 ro text nofb nomodeset vga=normal label trust_boot kernel mboot append tboot.gz --- http://10.239.48.36:8081/40595e7e-7841-4ac4-9878-fd7cbcac1d9f/kernel root=UUID=106b4e5c-128a-461a-a191-0c035efc4768 ro text nofb nomodeset vga=normal intel_iommu=on --- http://10.239.48.36:8081/40595e7e-7841-4ac4-9878-fd7cbcac1d9f/ramdisk ~ OpenSource Technology Center 26 TrouSerS • I have a TPM. What can I use TrouSerS for? • TPM services provided through the TSS API are: o RSA key pair generation o RSA encryption and decryption using PKCS v1.5 and OAEP padding o RSA sign/verify o Extend data into the TPM's PCRs and log these events o Seal data to arbitrary PCRs o Random Number Generation o RSA key storage OpenSource Technology Center .
Load more

Recommended publications
  • Cristina Opriceana, Hajime Tazaki (IIJ Research Lab.) Linux Netdev 2.2, Seoul, Korea 08 Nov
    Network stack personality in Android phone Cristina Opriceana, Hajime Tazaki (IIJ Research Lab.) Linux netdev 2.2, Seoul, Korea 08 Nov. 2017 1 Librarified Linux taLks (LLL) Userspace network stack (NUSE) in general (netdev0.1) kernel CI with libos and ns-3 (netdev1.1) Network performance improvement of LKL (netdev1.2, by Jerry Chu) How bad/good with LKL and hrtimer (BBR) (netdev2.1) Updating Android network stack (netdev2.2) 2 Android a platform of billions devices billions installed Linux kernel Questions When our upstreamed code available ? What if I come up with a great protocol ? https://developer.android.com/about/dashboards/index.html 3 Android (cont'd) When our upstreamed code available ? wait until base kernel is upgraded backport specific function What if I come up with a great protocol ? craft your own kernel and put into your image Long delivery to all billions devices 4 Approaches to alleviate the issue Virtualization (KVM on Android) Overhead isn't negligible to embedded devices Project Treble (since Android O) More modular platform implementation Fushia Rewrite OS from scratch QUIC (transport over UDP) Rewrite transport protocols on UDP https://source android com/devices/architecture/treble https://source.android.com/devices/architecture/treble An alternate approach network stack personality use own network stack implemented in userspace no need to replace host kernels but (try to) preserve the application compatibility NUSE (network stack in userspace) No delay of network stack update Application can choose a network stack if needed 56 Userspace implementations Toys, Misguided People Selfish Motivation Trying to present that a Toy is practically useful 7 Linux Kernel Library intro (again) Out-of-tree architecture (h/w-independent) Run Linux code on various ways with a reusable library h/w dependent layer on Linux/Windows /FreeBSD uspace, unikernel, on UEFI, network simulator (ns-3) Android 8 LKL: current status Sent RFC (Nov.
    [Show full text]
  • Installing Management Node Remotely
    Installing Management Node Remotely This chapter contains the following topics: • Overview to Installation of Management Node Remotely, on page 1 • Overview to Cisco VIM Baremetal Manager REST API, on page 5 • Installing Cisco VIM Baremetal Manager Management Node On a UCS C-series Server, on page 6 • Preparing the Cisco VIM Baremetal Manager Management Node from Cisco VIM Software Hub Server, on page 7 Overview to Installation of Management Node Remotely Cisco VIM fully automates the installation operation of the cloud. In releases prior to Cisco VIM 3.4.1, the management node installation was always manual, as the bootstrap of the cloud happens from there. Using this feature, the management node, referred to as Cisco VIM Baremetal Manager is automatically installed over a layer 3 network to accelerate the Cisco VIM installation process. Note In this chapter, the term Cisco VIM Baremetal Manager and Remote Install of Management Node (RIMN) are used interchangeably. Remote Install of Management Node Remote Install of Management Node (RIMN) software is deployed on the RIMN deployment node from where one or more management nodes are installed. Cisco VIM Baremetal Manager or RIMN supports remote installation of servers across WAN or LAN with either IPv4 or IPv6 connectivity. Cisco VIM Baremetal Manager can be installed on the Cisco VIM Baremetal Manager deployment node by using air-gapped installation. After you install the RIMN software on its management node, you must define an input file for bare-metal config (in YAML format) and use Cisco VIM Baremetal Manager CLI or Rest API to deploy the user-specified ISO into the target platform (as depicted in the figure below): Installing Management Node Remotely 1 Installing Management Node Remotely Hardware Requirements for RIMN RIMN solution is built based on the interaction of several components as depicted below: • Rest-API and CLI: Pushes the received input data into Etcd datastore.
    [Show full text]
  • View the Slides
    RedLeaf: Isolation and Communication in a Safe Operating System Vikram Narayanan1, Tianjiao Huang1, David Detweiler1, Dan Appel1, Zhaofeng Li1, Gerd Zellweger2, Anton Burtsev1 OSDI ’20 1University of California, Irvine 2VMware Research History of Isolation Cedar Ka�eOS Multics Pilot Scomp SPIN J-Kernel Mondrian VINO Singularity 1973 1980 1983 1995 1996 1999 2002 2005 Year • Isolation of kernel subsystems • Final report of Multics (1976) • Scomp (1983) • Systems remained monolithic • Isolation was expensive 1 Isolation mechanisms • Hardware Isolation • Segmentation (46 cycles)1 • Page table isolation (797 cycles)2 • VMFUNC (396 cycles)3 • Memory protection keys (20-26 cycles)4 • Language based isolation • Compare drivers written (DPDK-style) in a safe high-level language (C, Rust, Go, C#, etc.)5 • Managed runtime and Garbage collection (20-50% overhead on a device-driver workload) 1L4 Microkernel: Jochen Liedtke 2https://sel4.systems/About/Performance/ 3Lightweight Kernel Isolation with Virtualization and VM Functions, VEE 2020 4Hodor: Intra-process isolation for high-throughput data plane libraries 5The Case for Writing Network Drivers in High-Level Programming Languages, ANCS 2019 2 • Linear types • Enforces type and memory safety • Statically checked at compile time • Safety without runtime garbage collection overhead Rust Traditional Safe languages vs Rust Java, C# etc. A 3 • Linear types • Enforces type and memory safety • Statically checked at compile time • Safety without runtime garbage collection overhead Rust Traditional Safe languages vs Rust Java, C# etc. A Vector 3 • Linear types • Enforces type and memory safety • Statically checked at compile time • Safety without runtime garbage collection overhead Rust Traditional Safe languages vs Rust Java, C# etc.
    [Show full text]
  • Is the Time Ripe for Unikernels to Become
    Building Extremely Fast, Specialized Unikernels The Easy Way Alexander Jung <[email protected]> Felipe Huici <[email protected]> Sharan Santhanam <[email protected]> Simon Kuenzer <[email protected]> FOSDEM’21 This work has received funding from the European Union’s Horizon 2020 research and innovation program under grant agreements no. 871793 (“ACCORDION”) and 825377 (“UNICORE”). This work reflects only the author’s views and the European Commission is not responsible for any use that may be made of the information it contains. Specialization = High Performance 2 © NEC Corporation 2021 Specialization = High Performance ▌ Hardware ● TPUs ● Movidius ● FPGAs Costly… inherently scoped... 3 © NEC Corporation 2021 Specialization = High Performance ▌ Networking ● Sandstorm \w Marinos, Ilias, Robert NM Watson, and Mark Handley. "Network stack specialization for performance." ACM SIGCOMM Computer Communication Review 44.4 (2014): 175-186. ● Kuenzer, Simon, et al. "Towards minimalistic, virtualized content caches with MiniCache." Proceedings of the 2013 workshop on Hot topics in middleboxes and network function virtualization. 2013. ● Martins, Joao, et al. "ClickOS and the art of network function virtualization." 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI’14). 2014. 4 © NEC Corporation 2021 Specialization = High Performance ▌ Language-specific runtime environments ● MirageOS \w Madhavapeddy, Anil, and David J. Scott. "Unikernels: Rise of the virtual library operating system." Queue 11.11 (2013): 30-44. ● Erlang on Xen (LING) http://erlangonxen.org ● runtime.js http://runtimejs.org/ 5 © NEC Corporation 2021 Specialization in Virtualization = Unikernels 1. Small image size 2. Fast boot times 3. Low memory consumption 4. High throughput 5. Potentially more secure 6 © NEC Corporation 2021 Achieving Unikernel Performance 1.
    [Show full text]
  • RTOS) Fundamentals P/N: BE18-7001
    Real-time Operating System (RTOS) Fundamentals P/N: BE18-7001 Page 1 of 6 Course Overview: Embedded systems are becoming complex and even resource constrained devices are requiring a Real- Time Operating System (RTOS). In this workshop, attendees will be walked through RTOS fundamentals starting with simple bare-metal scheduling techniques through the intricacy required to design a RTOS based application. Attendees will examine practical examples and techniques that will decrease their learning curve and help them avoid the common pitfalls many developers fall into when starting to use an RTOS. This course will also leverage Percepio’s Tracealyzer to further enhance attendees RTOS application understanding. Who Should Attend? Attendees are engineers who are interested in or will be designing applications using a Real-time Operating System. The course covers the fundamentals that are rarely discussed in courses or online literature, making the course immediately applicable to the real world. The course is appropriate for engineers with little experience in the area or experienced engineers looking for new techniques and skills. Attendees should understand the fundamentals of the C programming language. Advanced concepts are reviewed as they apply. Key Take-a-ways: • Hands-on experience developing RTOS based applications • How to develop your own real-time scheduler • The steps necessary to decompose an application into tasks • Analysis techniques for setting task priorities • Developing a software architecture • How to synchronize tasks with semaphores, mutexes and more • Memory management strategies for real-time systems • Example code and test hardware platform • Key concepts related to robustness and efficiency • Troubleshooting and debugging techniques • Best practices for RTOS based applications Course Format: Cost: This course is offered live online, as a self-paced Single Regular: $1000 USD course.
    [Show full text]
  • Domains, Hypervisors
    NanoKernel and Hypervisors Advanced Operating Systems Luca Abeni [email protected] Traditional OS Protection • Traditional view • CPU: (at least) 2 privilege levels → distinction between user programs and kernel • User programs: low privilege • Kernel: high privilege mode, must be trusted • So, we can see 2 protection domains • Protection domain 6= address space • User code and kernel can run in the same address space, but page access rights might be different • This was a good idea until Meltdown / Spectre!!! Advanced Operating Systems Real-Time Applications Address Spaces and Protection Domains • Address space: characterized by the mapping between virtual addresses and physical addresses • Page table • In general, space → mapping between virtual resources and physical ones • Protection domain: characterized by the policies in allowing access to resources • If a (virtual) memory page is mapped in physical memory, can it be accessed? • Traditionally, in supervisor mode everything can be accessed Advanced Operating Systems Real-Time Applications Multiple Protection Domains • Why using only 2 protection domains? • Because this model maps naturally to the “least common denominator” provided by different hw architectures • If we extend this concept (allowing multiple protection domains), we can have a more flexible architecture • We can split different OS components in different domains... • ...Or we can have different OSs / OS kernels running in different domains! • How to switch between protection domains? Advanced Operating Systems
    [Show full text]
  • Freescale Embedded Solutions Based on ARM Technology Guide
    Embedded Solutions Based on ARM Technology Kinetis MCUs MAC5xxx MCUs i.MX applications processors QorIQ communications processors Vybrid controller solutions freescale.com/ARM ii Freescale Embedded Solutions Based on ARM Technology Table of Contents ARM Solutions Portfolio 2 i.MX Applications Processors 18 i.MX 6 series applications processors 20 Freescale Embedded Solutions Chart 4 i.MX53 applications processors 22 i.MX28 applications processors 23 Kinetis MCUs 6 Kinetis K series MCUs 7 i.MX and QorIQ Kinetis L series MCUs 9 Processor Comparison 24 Kinetis E series MCUs 11 Kinetis V series MCUs 12 Kinetis M series MCUs 13 QorIQ Communications Kinetis W series MCUs 14 Processors 25 Kinetis EA series MCUs 15 QorIQ LS1 family 26 QorIQ LS2 family 29 MAC5xxx MCUs 16 MAC57D5xx MCUs 17 Vybrid Controller Solutions 31 Vybrid VF3xx family 33 Vybrid VF5xx family 34 Vybrid VF6xx family 35 Design Resources 36 Freescale Enablement Solutions 37 Freescale Connect Partner Enablement Solutions 51 freescale.com/ARM 1 Scalable. Innovative. Leading. Your Number One Choice for ARM Solutions Freescale is the leader in embedded control, offering the market’s broadest and best-enabled portfolio of solutions based on ARM® technology. Our end-to-end portfolio of high-performance, power-efficient MCUs and digital networking processors help realize the potential of the Internet of Things, reflecting our unique ability to deliver scalable, systems- focused processing and connectivity. Our large ARM-powered portfolio includes enablement (software and tool) bundles scalable MCU and MPU families from small from Freescale and the extensive ARM ultra-low-power Kinetis MCUs to i.MX ecosystem.
    [Show full text]
  • Technologies
    Technologies 3 juillet 2017, RMLL St-Etienne, Michael Bright @mjbright Agenda What are Unikernels ? What they are not. Why Unikernels ? Advantages / Characteristics Application domains Implementations & Tools Demos Usage: Baremetal anyone ? Where’s it all heading ? @mjbright What's it all about ? @mjbright What are Unikernels? “Unikernels are specialized, single-address-space machine images constructed by using library operating systems” “What are Unikernels”, unikernel.org @mjbright What are Unikernels? “Unikernels are specialized, single-address-space machine images constructed by using library operating systems” “What are Unikernels”, unikernel.org “VMs aren't heavy, OSes are" Alfred Bratterud, #includeOS @mjbright What are Unikernels? - They are "Library OS" Specialized applications built with only the "OS" components they need. A Unikernel is an image able to run directly as a VM (on bare metal?) "OS" components such as Network stack, File- system, Device drivers are optional typically, there is no filesystem. So configuration is stored in the unikernel @apmpljibcraitgihotn binary Unikernels: What they are not ... General Purpose OS kernels with unneeded features e.g. floppy drivers, designed to run any software on any hardware are huge - lines of code @mjbright Unikernels are not "top-down" minified versions of General Purpose OSes ... Unikernels: What they are not ... minified OS Container hosts Minimal Linux distributions have been created with similar goals to Unikernels, aimed to be minimal host OS for container engines, e.g. CoreOS Linux Project Atomic RancherOS They aim to be Secure Less features/lines of code : reduced attack surface Atomic updates of system (not quite immutable) Fast to boot : Small binary size Specialized to run containers But these are still reduced versions of general purpose OSes and so have many unnecessary features.
    [Show full text]
  • An Experiment on Bare-Metal Bigdata Provisioning
    An Experiment on Bare-Metal BigData Provisioning Ata Turk Ravi S. Gudimetla Emine Ugur Kaynar Boston University Northeastern University Boston University Jason Hennessey Sahil Tikale Peter Desnoyers Orran Krieger Boston University Boston University Northeastern University Boston University Abstract form. Projects such as Ironic [10], MaaS [11], Em- ulab [12] have developed sophisticated mechanisms to Many BigData customers use on-demand platforms in make this process efficient. A recent ASPLOS paper by the cloud, where they can get a dedicated virtual clus- Omote et al. [13] goes a step further to reduce these de- ter in a couple of minutes and pay only for the time they lays, lazily copying the image to local disk while running use. Increasingly, there is a demand for bare-metal big- the application virtualized, and then de-virtualizing when data solutions for applications that cannot tolerate the copying is complete. unpredictability and performance degradation of virtu- Is all this effort really necessary? In fact Omote et alized systems. Existing bare-metal solutions can intro- al [13] observe that network booting was actually faster duce delays of 10s of minutes to provision a cluster by than their approach, but asserted it would incur a “contin- installing operating systems and applications on the lo- ual overhead”, directing every disk I/O over the network. cal disks of servers. This has motivated recent research However, it is not clear if they considered the natural ap- developing sophisticated mechanisms to optimize this in- proach of having a network-mounted boot drive (with OS stallation. These approaches assume that using network files and applications) and using the local drive for just mounted boot disks incur unacceptable run-time over- application data.
    [Show full text]
  • Python-Moganclient Documentation Release
    python-moganclient Documentation Release OpenStack Foundation Sep 14, 2017 Contents 1 Installation 3 2 python-moganclient Contributor Documentation5 2.1 Contributing to python-moganclient...................................5 2.2 Testing..................................................6 3 python-moganclient User Documentation7 3.1 OpenStack Client Command-Line Interface (CLI)...........................7 4 Indices and tables 21 i ii python-moganclient Documentation, Release This is a client for OpenStack Mogan API. There’s a Python API (the moganclient modules), and a set of event related commands which are integrated with the OSC CLI tool. Each implements the entire Mogan API. Contents: Contents 1 python-moganclient Documentation, Release 2 Contents CHAPTER 1 Installation At the command line: $ pip install python-moganclient Or, if you have virtualenvwrapper installed: $ mkvirtualenv python-moganclient $ pip install python-moganclient 3 python-moganclient Documentation, Release 4 Chapter 1. Installation CHAPTER 2 python-moganclient Contributor Documentation 2.1 Contributing to python-moganclient If you’re interested in contributing to the python-moganclient project, the following will help get you started. 2.1.1 #openstack-mogan on Freenode IRC Network There is a very active chat channel at irc://freenode.net/#openstack-mogan. This is usually the best place to ask questions and find your way around. IRC stands for Internet Relay Chat and it is a way to chat online in real time. You can ask a question and come back later to read the answer in the log files. Logs for the #openstack-mogan IRC channel are stored at http://eavesdrop.openstack.org/irclogs/%23openstack-mogan/. 2.1.2 Contributor License Agreement In order to contribute to the python-moganclient project, you need to have signed OpenStack’s contributor’s agreement.
    [Show full text]
  • An Operating System
    Page 1 of 7 What is an Operating System 2.1 Examples: An operating system (OS) is software that manages computer hardware and software resources and provides common services for computer programs. The operating system is an essential component of the system software in a computer system. Application programs usually require an operating system to function. Unix and Unix-like operating systems Unix was originally written in assembly language.[6] Ken Thompson wrote B, mainly based on BCPL, based on his experience in the MULTICS project. B was replaced by C, and Unix, rewritten in C, developed into a large, complex family of inter-related operating systems which have been influential in every modern operating system (see History). The Unix-like family is a diverse group of operating systems, with several major sub-categories including System V, BSD, and Linux. The name "UNIX" is a trademark of The Open Group which licenses it for use with any operating system that has been shown to conform to their definitions. "UNIX-like" is commonly used to refer to the large set of operating systems which resemble the original UNIX. Unix-like systems run on a wide variety of computer architectures. They are used heavily for servers in business, as well as workstations in academic and engineering environments. Free UNIX variants, such as Linux and BSD, are popular in these areas. Four operating systems are certified by The Open Group (holder of the Unix trademark) as Unix. HP's HP-UX and IBM's AIX are both descendants of the original System V Unix and are designed to run only on their respective vendor's hardware.
    [Show full text]
  • Baremetal with Apache Cloudstack Apachecon Europe 2016
    Baremetal with Apache CloudStack ApacheCon Europe 2016 Jaydeep Marfatia Cloud, IOT and Analytics Me Director of Product Management Cloud Products Accelerite Background Project lead for open source project XenMan/ConVirt Co-Founder Convirture Corp. Architect for Oracle 10g Enterprise Manager 2 © 2016 Accelerite. All Rights Reserved. Apache CloudStack • Highly available, highly scalable Infrastructure as a Service (IaaS) cloud computing platform • Easy to deploy, turnkey solution that includes the entire "stack" of features most organizations want with an IaaS cloud • Used by many enterprises for their private cloud, as well as for running large public clouds ! • CloudStack currently supports the most popular hypervisors: VMware, KVM, Citrix XenServer, Hyper-V and more 3 © 2016 Accelerite. All Rights Reserved. Accelerite • Enterprise Infrastructure software company • Acquired CloudPlatform from Citrix early this year • Commercial product based on CloudStack • 50+ engineers and adding more 4 © 2016 Accelerite. All Rights Reserved. Recent contributions by Accelerite • Template upload from browser • DHCP/DNS Offload • LDAP integration • CoreOS/Docker on CloudStack • VPN enhancements • VMWare Networking improvements • Baremetal enhancements • 200+ Bug fixes in the product 5 © 2016 Accelerite. All Rights Reserved. CloudStack User Interface User Console 7 © 2016 Accelerite. All Rights Reserved. Admin Console 8 © 2016 Accelerite. All Rights Reserved. Self-service VM Provisioning Zone Template Compute Disk Affinity Network Launch 9 © 2016 Accelerite. All Rights Reserved. Monitoring Cloud Infrastructure 10 © 2016 Accelerite. All Rights Reserved. © 2016 Accelerite. All rights reserved. Baremetal Team Team • Harikrishna Patnala – Apache Committer, working on CloudStack 4+ years Expertise : Baremetal and Virtual Router • Jayapal Uradi – Apache Committer, 4+ years Expertise : CloudStack Networking • Suresh Sadhu – Quality Assurance of CloudStack, 5+ years Expertise : All rounder 12 © 2016 Accelerite.
    [Show full text]