subject:"\\\[openstack\\\-dev\\\] \\\[neutron\\\] Confusion around the complexity"

Re: [openstack-dev] [neutron] Confusion around the complexity

2017-01-13 Thread Armando M.

On 13 January 2017 at 15:01, Clint Byrum  wrote:

> Excerpts from Armando M.'s message of 2017-01-13 11:39:33 -0800:
> > On 13 January 2017 at 10:47, Clint Byrum  wrote:
> >
> > > Excerpts from Joshua Harlow's message of 2017-01-12 22:38:46 -0800:
> > > > Kevin Benton wrote:
> > > > > If you don't want users to specify network details, then use the
> get me
> > > > > a network extension or just have them boot to a public (or other
> > > > > pre-created) network.
> > > > >
> > > > > In your thought experiment, why is your iPhone app developer not
> just
> > > > > using a PaaS that handles instance scaling, load balancing and HA?
> Why
> > > > > would he/she want to spend time managing security updates and log
> > > > > rotation for an operating system running inside another program
> > > > > pretending to be hardware? Different levels of abstraction solve
> > > > > different use cases.
> > > >
> > > > Fair point, probably mr/mrs iPhone app developer should be doing
> that.
> > > >
> > >
> > > I totally disagree. If PaaS was the answer, they'd all be using PaaS.
> > >
> > > Maybe some day, but that's no excuse for having an overly complex story
> > > for the base. I totally appreciate that "Get me a network" is an effort
> > > to address this. But after reading docs on it, I actually have no idea
> > > how it works or how to make use of it (I do have a decent understanding
> > > of how to setup a default subnetpool as an operator).
> > >
> >
> > I'd be happy to improve the docs, but your feedback is not very
> actionable.
> > Any chance you can elaborate on what you're struggling with?
> >
>
> The docs I found are all extremely Neutron-centric. I was told later
> on IRC that once the default subnet pool is setup, Nova would do some
> magic to tell neutron to allocate a subnet from that pool to the user
> when they create an instance.


> Basically, the docs I found were not at all user-centric. They were
> Neutron-centric and they didn't really explain why, as an operator, I'd
> want to allocate a subnet pool. I mean, they do, but because I don't
> really know if I have that problem or what it is, I just wasn't able
> to grasp where this was going. It tells me to go ahead and list default
> subnet pools, and then pass --nic=net-id=$ID from that. Super confusing
> and not really any more friendly than before.
>
>
If you are referring to [1], I wouldn't expect anything less, it's the
OpenStack networking guide after all.


> So what I want is the story from the user's perspective. Something like:
>
> "Without this extension, your users will need to do these steps in order
> to boot servers with networking:..."
>
> and then
>
> "With this extension, your users will not need to perform those steps,
> and the default subnet pools that you setup will be automatically
> allocated to users upon their first server boot."
>

Problem statement from the user's point of view is typically left to the
specs [2,3].
I am sure one can argue that the content there may not be well written or
organized, but it was enough for getting the nova and the neutron team to
have a mutual understanding and agreement on how to design, implement and
test the feature.

>From what I hear, there is a gap in the networking guide in that the
rationale behind the feature is missing. I suppose we can fill that up, and
thus I filed [4].

Thanks.

[1]
http://docs.openstack.org/newton/networking-guide/config-auto-allocation.html
[2]
http://specs.openstack.org/openstack/neutron-specs/specs/mitaka/get-me-a-network.html
[3]
http://specs.openstack.org/openstack/nova-specs/specs/newton/implemented/get-me-a-network.html
[4] https://bugs.launchpad.net/openstack-manuals/+bug/1656447


> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [neutron] Confusion around the complexity

2017-01-13 Thread Clint Byrum

Excerpts from Armando M.'s message of 2017-01-13 11:39:33 -0800:
> On 13 January 2017 at 10:47, Clint Byrum  wrote:
> 
> > Excerpts from Joshua Harlow's message of 2017-01-12 22:38:46 -0800:
> > > Kevin Benton wrote:
> > > > If you don't want users to specify network details, then use the get me
> > > > a network extension or just have them boot to a public (or other
> > > > pre-created) network.
> > > >
> > > > In your thought experiment, why is your iPhone app developer not just
> > > > using a PaaS that handles instance scaling, load balancing and HA? Why
> > > > would he/she want to spend time managing security updates and log
> > > > rotation for an operating system running inside another program
> > > > pretending to be hardware? Different levels of abstraction solve
> > > > different use cases.
> > >
> > > Fair point, probably mr/mrs iPhone app developer should be doing that.
> > >
> >
> > I totally disagree. If PaaS was the answer, they'd all be using PaaS.
> >
> > Maybe some day, but that's no excuse for having an overly complex story
> > for the base. I totally appreciate that "Get me a network" is an effort
> > to address this. But after reading docs on it, I actually have no idea
> > how it works or how to make use of it (I do have a decent understanding
> > of how to setup a default subnetpool as an operator).
> >
> 
> I'd be happy to improve the docs, but your feedback is not very actionable.
> Any chance you can elaborate on what you're struggling with?
> 

The docs I found are all extremely Neutron-centric. I was told later
on IRC that once the default subnet pool is setup, Nova would do some
magic to tell neutron to allocate a subnet from that pool to the user
when they create an instance.

Basically, the docs I found were not at all user-centric. They were
Neutron-centric and they didn't really explain why, as an operator, I'd
want to allocate a subnet pool. I mean, they do, but because I don't
really know if I have that problem or what it is, I just wasn't able
to grasp where this was going. It tells me to go ahead and list default
subnet pools, and then pass --nic=net-id=$ID from that. Super confusing
and not really any more friendly than before.

So what I want is the story from the user's perspective. Something like:

"Without this extension, your users will need to do these steps in order
to boot servers with networking:..."

and then

"With this extension, your users will not need to perform those steps,
and the default subnet pools that you setup will be automatically
allocated to users upon their first server boot."

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [neutron] Confusion around the complexity

2017-01-13 Thread Kevin Benton

"as an operator"? That's not related to the iPhone developer use case (user
usability) at all.

For users, they just boot a VM and Nova will call the API and neutron will
setup a network/router/etc on demand and return it so there is nothing the
user has to do.

If you have issues with operator usability, that relates to improvements to
the openstack networking guide, but that's not what this thread is about.

On Jan 13, 2017 10:50, "Clint Byrum"  wrote:

Excerpts from Joshua Harlow's message of 2017-01-12 22:38:46 -0800:
> Kevin Benton wrote:
> > If you don't want users to specify network details, then use the get me
> > a network extension or just have them boot to a public (or other
> > pre-created) network.
> >
> > In your thought experiment, why is your iPhone app developer not just
> > using a PaaS that handles instance scaling, load balancing and HA? Why
> > would he/she want to spend time managing security updates and log
> > rotation for an operating system running inside another program
> > pretending to be hardware? Different levels of abstraction solve
> > different use cases.
>
> Fair point, probably mr/mrs iPhone app developer should be doing that.
>

I totally disagree. If PaaS was the answer, they'd all be using PaaS.

Maybe some day, but that's no excuse for having an overly complex story
for the base. I totally appreciate that "Get me a network" is an effort
to address this. But after reading docs on it, I actually have no idea
how it works or how to make use of it (I do have a decent understanding
of how to setup a default subnetpool as an operator).

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [neutron] Confusion around the complexity

2017-01-13 Thread Armando M.

On 13 January 2017 at 10:47, Clint Byrum  wrote:

> Excerpts from Joshua Harlow's message of 2017-01-12 22:38:46 -0800:
> > Kevin Benton wrote:
> > > If you don't want users to specify network details, then use the get me
> > > a network extension or just have them boot to a public (or other
> > > pre-created) network.
> > >
> > > In your thought experiment, why is your iPhone app developer not just
> > > using a PaaS that handles instance scaling, load balancing and HA? Why
> > > would he/she want to spend time managing security updates and log
> > > rotation for an operating system running inside another program
> > > pretending to be hardware? Different levels of abstraction solve
> > > different use cases.
> >
> > Fair point, probably mr/mrs iPhone app developer should be doing that.
> >
>
> I totally disagree. If PaaS was the answer, they'd all be using PaaS.
>
> Maybe some day, but that's no excuse for having an overly complex story
> for the base. I totally appreciate that "Get me a network" is an effort
> to address this. But after reading docs on it, I actually have no idea
> how it works or how to make use of it (I do have a decent understanding
> of how to setup a default subnetpool as an operator).
>

I'd be happy to improve the docs, but your feedback is not very actionable.
Any chance you can elaborate on what you're struggling with?

Thanks,
Armando


>
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [neutron] Confusion around the complexity

2017-01-13 Thread Clint Byrum

Excerpts from Joshua Harlow's message of 2017-01-12 22:38:46 -0800:
> Kevin Benton wrote:
> > If you don't want users to specify network details, then use the get me
> > a network extension or just have them boot to a public (or other
> > pre-created) network.
> >
> > In your thought experiment, why is your iPhone app developer not just
> > using a PaaS that handles instance scaling, load balancing and HA? Why
> > would he/she want to spend time managing security updates and log
> > rotation for an operating system running inside another program
> > pretending to be hardware? Different levels of abstraction solve
> > different use cases.
> 
> Fair point, probably mr/mrs iPhone app developer should be doing that.
> 

I totally disagree. If PaaS was the answer, they'd all be using PaaS.

Maybe some day, but that's no excuse for having an overly complex story
for the base. I totally appreciate that "Get me a network" is an effort
to address this. But after reading docs on it, I actually have no idea
how it works or how to make use of it (I do have a decent understanding
of how to setup a default subnetpool as an operator).

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [neutron] Confusion around the complexity

2017-01-13 Thread Morales, Victor

My two cents on this

Agree with Kevin, IaaS solutions(like CloudStack, OpenNebula, OpenStack, etc.) 
offer a deep level of customization for those apps which requires fine-grained 
control of Cloud resources with the disadvantage of increasing the time 
required for developing them. By other hand, PaaS solutions (e.g Cloud Foundry, 
OpenShift, etc) usually deployed on top of IaaS solutions, offer a quicker 
development process but lower level of customization associated with poor 
performance or scalability controlled by the PaaS solution.  Lastly, my 
understanding is that the term "legacy apps” refers to non-cloud aware 
applications usually with monolithic instead of using microservices 
architecture and/or publish/subscribe pattern.

Regards, 
Victor Morales

irc: electrocucaracha

On 1/13/17, 12:38 AM, "Joshua Harlow"  wrote:

>Kevin Benton wrote:
>> If you don't want users to specify network details, then use the get me
>> a network extension or just have them boot to a public (or other
>> pre-created) network.
>>
>> In your thought experiment, why is your iPhone app developer not just
>> using a PaaS that handles instance scaling, load balancing and HA? Why
>> would he/she want to spend time managing security updates and log
>> rotation for an operating system running inside another program
>> pretending to be hardware? Different levels of abstraction solve
>> different use cases.
>
>Fair point, probably mr/mrs iPhone app developer should be doing that.
>
>>
>> Amazon VPC exists (and is the default) for the same reason neutron
>> provides network virtualization primitives. People moving legacy apps
>> onto these systems end up needing specific addressing schemes and
>> isolation topologies.
>>
>
>What's a legacy app, sounds sorta dirty lol
>
>__
>OpenStack Development Mailing List (not for usage questions)
>Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [neutron] Confusion around the complexity

2017-01-12 Thread Joshua Harlow


Kevin Benton wrote:

If you don't want users to specify network details, then use the get me
a network extension or just have them boot to a public (or other
pre-created) network.

In your thought experiment, why is your iPhone app developer not just
using a PaaS that handles instance scaling, load balancing and HA? Why
would he/she want to spend time managing security updates and log
rotation for an operating system running inside another program
pretending to be hardware? Different levels of abstraction solve
different use cases.


Fair point, probably mr/mrs iPhone app developer should be doing that.



Amazon VPC exists (and is the default) for the same reason neutron
provides network virtualization primitives. People moving legacy apps
onto these systems end up needing specific addressing schemes and
isolation topologies.



What's a legacy app, sounds sorta dirty lol

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [neutron] Confusion around the complexity

2017-01-12 Thread Kevin Benton

If you don't want users to specify network details, then use the get me a
network extension or just have them boot to a public (or other pre-created)
network.

In your thought experiment, why is your iPhone app developer not just using
a PaaS that handles instance scaling, load balancing and HA? Why would
he/she want to spend time managing security updates and log rotation for an
operating system running inside another program pretending to be hardware?
Different levels of abstraction solve different use cases.

Amazon VPC exists (and is the default) for the same reason neutron provides
network virtualization primitives. People moving legacy apps onto these
systems end up needing specific addressing schemes and isolation
topologies.


On Jan 12, 2017 20:59, "Joshua Harlow"  wrote:

Sean M. Collins wrote:

> Joshua Harlow wrote:
>
>> So I don't want to start to much of a flame-war and am really just trying
>> to
>> understand things that may be beyond me (so treat me nicely, ha).
>>
>> The basic question that I've been wondering revolves around the following
>> kind of 'thought experiment' that asks something along the lines of:
>>
>> """
>> If I am a user of openstack, say I'm an iphone developer, trying to get my
>> 'game' and associated 'game APIs' setup in a manner that is HA (say
>> fronted
>> by a load-balancer), using my custom image, secure and visible to either
>> an
>> intranet or to the large internet then what is the steps I would have to
>> do
>> when interacting with openstack to accomplish this and what would the
>> provider of openstack have to give to me as endpoints to make this
>> possible.
>> """
>>
>
>
> We have a guide that sort of fits this usecase:
>
> http://developer.openstack.org/firstapp-libcloud/
>
> The networking section, can always use improvement:
>
> http://developer.openstack.org/firstapp-libcloud/networking.html
>
>
Interesting good to know that this exists; though I still have this weird
gut feeling that the following isn't really what people want to be doing
(though they may have to just because that is what it is):

$ openstack network list
$ openstack network create worker_network
$ openstack network create webserver_network
$ openstack subnet create webserver_subnet --network webserver_network
--subnet-range 10.0.2.0/24
$ openstack network create api_network
$ openstack subnet create api_subnet --network api_network --subnet-range
10.0.3.0/24
$ openstack floating ip create public (1st floating IP)
$ openstack floating ip create public (2nd floating IP)
$ openstack router create project_router
$ openstack router set project_router --external-gateway public
$ openstack router add subnet project_router worker_subnet
$ openstack router add subnet project_router api_subnet
$ openstack router add subnet project_router webserver_subnet

And then:

$ nova boot --flavor m1.tiny --image cirros-0.3.3-x86_64-disk --nic
net-id=953224c6-c510-45c5-8a29-37deffd3d78e worker1

ANNND then:

$ openstack network list
$ nova boot --flavor 1 --image 53ff0943-99ba-42d2-a10d-f66656372f87
--min-count 2 test
$ openstack floating ip create public --fixed-ip-address 10.0.0.2 --port
523331cf-5636-4298-a14c-f545bb32abcf
$ openstack floating ip create public --fixed-ip-address 10.0.2.4 --port
462c92c6-941c-48ab-8cca-3c7a7308f580
$ neutron lb-member-create --address 203.0.113.21 --protocol-port 80 mypool
$ neutron lb-member-create --address 203.0.113.22 --protocol-port 80 mypool

AN then:

... (how many more are there, woah)







__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [neutron] Confusion around the complexity

2017-01-12 Thread Joshua Harlow


Sean M. Collins wrote:

Joshua Harlow wrote:

So I don't want to start to much of a flame-war and am really just trying to
understand things that may be beyond me (so treat me nicely, ha).

The basic question that I've been wondering revolves around the following
kind of 'thought experiment' that asks something along the lines of:

"""
If I am a user of openstack, say I'm an iphone developer, trying to get my
'game' and associated 'game APIs' setup in a manner that is HA (say fronted
by a load-balancer), using my custom image, secure and visible to either an
intranet or to the large internet then what is the steps I would have to do
when interacting with openstack to accomplish this and what would the
provider of openstack have to give to me as endpoints to make this possible.
"""



We have a guide that sort of fits this usecase:

http://developer.openstack.org/firstapp-libcloud/

The networking section, can always use improvement:

http://developer.openstack.org/firstapp-libcloud/networking.html



Interesting good to know that this exists; though I still have this 
weird gut feeling that the following isn't really what people want to be 
doing (though they may have to just because that is what it is):


$ openstack network list
$ openstack network create worker_network
$ openstack network create webserver_network
$ openstack subnet create webserver_subnet --network webserver_network 
--subnet-range 10.0.2.0/24

$ openstack network create api_network
$ openstack subnet create api_subnet --network api_network 
--subnet-range 10.0.3.0/24

$ openstack floating ip create public (1st floating IP)
$ openstack floating ip create public (2nd floating IP)
$ openstack router create project_router
$ openstack router set project_router --external-gateway public
$ openstack router add subnet project_router worker_subnet
$ openstack router add subnet project_router api_subnet
$ openstack router add subnet project_router webserver_subnet

And then:

$ nova boot --flavor m1.tiny --image cirros-0.3.3-x86_64-disk --nic 
net-id=953224c6-c510-45c5-8a29-37deffd3d78e worker1


ANNND then:

$ openstack network list
$ nova boot --flavor 1 --image 53ff0943-99ba-42d2-a10d-f66656372f87 
--min-count 2 test
$ openstack floating ip create public --fixed-ip-address 10.0.0.2 --port 
523331cf-5636-4298-a14c-f545bb32abcf
$ openstack floating ip create public --fixed-ip-address 10.0.2.4 --port 
462c92c6-941c-48ab-8cca-3c7a7308f580

$ neutron lb-member-create --address 203.0.113.21 --protocol-port 80 mypool
$ neutron lb-member-create --address 203.0.113.22 --protocol-port 80 mypool

AN then:

... (how many more are there, woah)






__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [neutron] Confusion around the complexity

2017-01-12 Thread Sean M. Collins

Joshua Harlow wrote:
> So I don't want to start to much of a flame-war and am really just trying to
> understand things that may be beyond me (so treat me nicely, ha).
> 
> The basic question that I've been wondering revolves around the following
> kind of 'thought experiment' that asks something along the lines of:
> 
> """
> If I am a user of openstack, say I'm an iphone developer, trying to get my
> 'game' and associated 'game APIs' setup in a manner that is HA (say fronted
> by a load-balancer), using my custom image, secure and visible to either an
> intranet or to the large internet then what is the steps I would have to do
> when interacting with openstack to accomplish this and what would the
> provider of openstack have to give to me as endpoints to make this possible.
> """


We have a guide that sort of fits this usecase:

http://developer.openstack.org/firstapp-libcloud/

The networking section, can always use improvement:

http://developer.openstack.org/firstapp-libcloud/networking.html

-- 
Sean M. Collins

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [neutron] Confusion around the complexity

2017-01-12 Thread Michael Johnson

Actually we have a single call create for load balancers[1], so I think that
addresses Josh's concern about complexity in the number of required calls.
As for the complexity of the "concept" of a load balancer, I think we have
improved that greatly with the LBaaSv2 API.

That said, if there are things that jump out at you for usability/complexity
please open a bug for us[2].  We welcome the input!

Michael

P.S. Yes, single call create is not in the main API docs, don't ask, yes we
are working on that.

[1]
http://docs.openstack.org/developer/octavia/api/octaviaapi.html#create-fully
-populated-load-balancer
[2] https://bugs.launchpad.net/octavia/+filebug

-Original Message-
From: Curtis [mailto:serverasc...@gmail.com] 
Sent: Thursday, January 12, 2017 3:30 PM
To: OpenStack Development Mailing List (not for usage questions)
<openstack-dev@lists.openstack.org>
Subject: Re: [openstack-dev] [neutron] Confusion around the complexity

On Thu, Jan 12, 2017 at 3:46 PM, Joshua Harlow <harlo...@fastmail.com>
wrote:
> So I don't want to start to much of a flame-war and am really just 
> trying to understand things that may be beyond me (so treat me nicely,
ha).
>
> The basic question that I've been wondering revolves around the 
> following kind of 'thought experiment' that asks something along the lines
of:
>
> """
> If I am a user of openstack, say I'm an iphone developer, trying to 
> get my 'game' and associated 'game APIs' setup in a manner that is HA 
> (say fronted by a load-balancer), using my custom image, secure and 
> visible to either an intranet or to the large internet then what is 
> the steps I would have to do when interacting with openstack to 
> accomplish this and what would the provider of openstack have to give to
me as endpoints to make this possible.
> """
>

Presumably this is a public OpenStack cloud? If so...

It's been a while since I worked at a public OpenStack cloud, but most I
would imagine will auto create a tenant network and router (if they can
afford the public IPv4s for the router :)) and then when a user creates an
instance it just ends up on that initial "default" tenant network. This is
usually left to the public cloud to implement during their customer
on-boarding process. That is assuming the public cloud is allowing tenant
"private" networks, which not all would do. There are other models.

Now, a load balancer, if that is required, is different and bit harder if
you mean one that is managed by the OpenStack cloud, as opposed to a user
creating their own LB instance.

Perhaps what you are really thinking about is the simplicity of a more "VPS"
like interface, ala Digital Ocean (and now somewhat mimicked by AWS with uh,
LightSail I think). I've always thought it would perhaps be a nice project
in OpenStack to do a simple VPS style interface.

Thanks,
Curtis.

> One of the obvious ones is nova and glance, and the API and usage 
> there feels pretty straightforward as is (isn't really relevant to 
> this conversation anyway). The one that feels bulky and confusing (at 
> least for
> me) is the things I'd have to do in neutron to create and/or select 
> networks, create and/or select subnets, create and/or select ports and 
> so-on...
>
> As a supposed iphone developer (dev/ops, yadayada) just trying to get 
> his/her game to market why would I really want to know about selecting 
> networks, create and/or selecting subnets, create and/or selecting 
> ports and so-on...
>
> It may just be how it is, but I'd like to at least ask if others are 
> really happy with the interactions/steps (I guess we could/maybe we 
> should ask similar questions around various other projects as well?); 
> if I'm just an outlier that's ok, at least I asked :-P
>
> -Josh
>
> __
>  OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: 
> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

--
Blog: serverascode.com

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [neutron] Confusion around the complexity

2017-01-12 Thread Curtis

On Thu, Jan 12, 2017 at 3:46 PM, Joshua Harlow  wrote:
> So I don't want to start to much of a flame-war and am really just trying to
> understand things that may be beyond me (so treat me nicely, ha).
>
> The basic question that I've been wondering revolves around the following
> kind of 'thought experiment' that asks something along the lines of:
>
> """
> If I am a user of openstack, say I'm an iphone developer, trying to get my
> 'game' and associated 'game APIs' setup in a manner that is HA (say fronted
> by a load-balancer), using my custom image, secure and visible to either an
> intranet or to the large internet then what is the steps I would have to do
> when interacting with openstack to accomplish this and what would the
> provider of openstack have to give to me as endpoints to make this possible.
> """
>

Presumably this is a public OpenStack cloud? If so...

It's been a while since I worked at a public OpenStack cloud, but most
I would imagine will auto create a tenant network and router (if they
can afford the public IPv4s for the router :)) and then when a user
creates an instance it just ends up on that initial "default" tenant
network. This is usually left to the public cloud to implement during
their customer on-boarding process. That is assuming the public cloud
is allowing tenant "private" networks, which not all would do. There
are other models.

Now, a load balancer, if that is required, is different and bit harder
if you mean one that is managed by the OpenStack cloud, as opposed to
a user creating their own LB instance.

Perhaps what you are really thinking about is the simplicity of a more
"VPS" like interface, ala Digital Ocean (and now somewhat mimicked by
AWS with uh, LightSail I think). I've always thought it would perhaps
be a nice project in OpenStack to do a simple VPS style interface.

Thanks,
Curtis.

> One of the obvious ones is nova and glance, and the API and usage there
> feels pretty straightforward as is (isn't really relevant to this
> conversation anyway). The one that feels bulky and confusing (at least for
> me) is the things I'd have to do in neutron to create and/or select
> networks, create and/or select subnets, create and/or select ports and
> so-on...
>
> As a supposed iphone developer (dev/ops, yadayada) just trying to get
> his/her game to market why would I really want to know about selecting
> networks, create and/or selecting subnets, create and/or selecting ports and
> so-on...
>
> It may just be how it is, but I'd like to at least ask if others are really
> happy with the interactions/steps (I guess we could/maybe we should ask
> similar questions around various other projects as well?); if I'm just an
> outlier that's ok, at least I asked :-P
>
> -Josh
>
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

-- 
Blog: serverascode.com

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [neutron] Confusion around the complexity

2017-01-12 Thread Chris Friesen


On 01/12/2017 04:46 PM, Joshua Harlow wrote:

So I don't want to start to much of a flame-war and am really just trying to
understand things that may be beyond me (so treat me nicely, ha).

The basic question that I've been wondering revolves around the following kind
of 'thought experiment' that asks something along the lines of:

"""
If I am a user of openstack, say I'm an iphone developer, trying to get my
'game' and associated 'game APIs' setup in a manner that is HA (say fronted by a
load-balancer), using my custom image, secure and visible to either an intranet
or to the large internet then what is the steps I would have to do when
interacting with openstack to accomplish this and what would the provider of
openstack have to give to me as endpoints to make this possible.
"""

One of the obvious ones is nova and glance, and the API and usage there feels
pretty straightforward as is (isn't really relevant to this conversation
anyway). The one that feels bulky and confusing (at least for me) is the things
I'd have to do in neutron to create and/or select networks, create and/or select
subnets, create and/or select ports and so-on...

As a supposed iphone developer (dev/ops, yadayada) just trying to get his/her
game to market why would I really want to know about selecting networks, create
and/or selecting subnets, create and/or selecting ports and so-on...


Nova/neutron now support "get me a network" which can simplify basic setups 
quite a bit.


Also, it's possible that the service provider could have created the 
networks/subnets for you when you initially set up the account, at which point 
you just boot up an instance on the right network.


As for why you would want to deal with the nitty gritty, consider a basic setup 
with a loadbalancer, multiple HTTP servers, and a backend DB.  The loadbalancer 
needs to be on a network that is routable to the public internet.  The HTTP 
servers need to be accessible from the loadbalancer, but we probably don't want 
them visible to the public internet.  The backend DB should only be accessible 
from the HTTP servers, not the loadbalancer, and it definitely shouldn't be on 
the public internet.  So we're talking maybe two separate virtual networks.  In 
real life the DB would probably be HA, so you'd have multiple DB servers (likely 
with their own private network for sync traffic) and maybe another loadbalancer 
in front of them.


Chris

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [neutron] Confusion around the complexity

2017-01-12 Thread Armando M.

On 12 January 2017 at 15:07, Armando M.  wrote:

>
>
> On 12 January 2017 at 14:46, Joshua Harlow  wrote:
>
>> So I don't want to start to much of a flame-war and am really just trying
>> to understand things that may be beyond me (so treat me nicely, ha).
>>
>> The basic question that I've been wondering revolves around the following
>> kind of 'thought experiment' that asks something along the lines of:
>>
>> """
>> If I am a user of openstack, say I'm an iphone developer, trying to get
>> my 'game' and associated 'game APIs' setup in a manner that is HA (say
>> fronted by a load-balancer), using my custom image, secure and visible to
>> either an intranet or to the large internet then what is the steps I would
>> have to do when interacting with openstack to accomplish this and what
>> would the provider of openstack have to give to me as endpoints to make
>> this possible.
>> """
>>
>> One of the obvious ones is nova and glance, and the API and usage there
>> feels pretty straightforward as is (isn't really relevant to this
>> conversation anyway). The one that feels bulky and confusing (at least for
>> me) is the things I'd have to do in neutron to create and/or select
>> networks, create and/or select subnets, create and/or select ports and
>> so-on...
>
>
>> As a supposed iphone developer (dev/ops, yadayada) just trying to get
>> his/her game to market why would I really want to know about selecting
>> networks, create and/or selecting subnets, create and/or selecting ports
>> and so-on...
>>
>> It may just be how it is, but I'd like to at least ask if others are
>> really happy with the interactions/steps (I guess we could/maybe we should
>> ask similar questions around various other projects as well?); if I'm just
>> an outlier that's ok, at least I asked :-P
>>
>
> Answering your question in a nutshell is very hard, but I'll try
> nonetheless.
>
> I bet that if you think really hard, complications may arise even when
> dealing with images and compute resources. That's because, in the most
> trivial cases you are not thinking about the services that your image must
> provide (and if so you may start injecting user-data into your boot phase)
> or performance requirements you may have (and if so, you may want your
> hypervisors to provide certain optimizations).
>
> IMO, the networking case is inherently complex because the network
> architecture required by a non trivial application is itself complex, in
> that you may need tiers of security, you need to HA, etc. In the most
> trivial case where you just want a single endpoint to which you can talk
> to, there's get-me-a-network [1,2]. You can fire boot a VM on of top of a
> auto-provisioned network topology and off you go. To get external access
> you're only left with a floating IP association, but that's only one API
> call away.
>
> Cheers,
> Armando
>
> [1] https://specs.openstack.org/openstack/neutron-specs/specs/
> liberty/get-me-a-network.html
> [2] http://docs.openstack.org/newton/networking-guide/
> config-auto-allocation.html
>

Forgot to add the nova-side of the spec:

http://specs.openstack.org/openstack/nova-specs/specs/newton/implemented/get-me-a-network.html


>
>
>
>>
>> -Josh
>>
>> 
>> __
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscrib
>> e
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>
>
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [neutron] Confusion around the complexity

2017-01-12 Thread Armando M.

On 12 January 2017 at 14:46, Joshua Harlow  wrote:

> So I don't want to start to much of a flame-war and am really just trying
> to understand things that may be beyond me (so treat me nicely, ha).
>
> The basic question that I've been wondering revolves around the following
> kind of 'thought experiment' that asks something along the lines of:
>
> """
> If I am a user of openstack, say I'm an iphone developer, trying to get my
> 'game' and associated 'game APIs' setup in a manner that is HA (say fronted
> by a load-balancer), using my custom image, secure and visible to either an
> intranet or to the large internet then what is the steps I would have to do
> when interacting with openstack to accomplish this and what would the
> provider of openstack have to give to me as endpoints to make this possible.
> """
>
> One of the obvious ones is nova and glance, and the API and usage there
> feels pretty straightforward as is (isn't really relevant to this
> conversation anyway). The one that feels bulky and confusing (at least for
> me) is the things I'd have to do in neutron to create and/or select
> networks, create and/or select subnets, create and/or select ports and
> so-on...


> As a supposed iphone developer (dev/ops, yadayada) just trying to get
> his/her game to market why would I really want to know about selecting
> networks, create and/or selecting subnets, create and/or selecting ports
> and so-on...
>
> It may just be how it is, but I'd like to at least ask if others are
> really happy with the interactions/steps (I guess we could/maybe we should
> ask similar questions around various other projects as well?); if I'm just
> an outlier that's ok, at least I asked :-P
>

Answering your question in a nutshell is very hard, but I'll try
nonetheless.

I bet that if you think really hard, complications may arise even when
dealing with images and compute resources. That's because, in the most
trivial cases you are not thinking about the services that your image must
provide (and if so you may start injecting user-data into your boot phase)
or performance requirements you may have (and if so, you may want your
hypervisors to provide certain optimizations).

IMO, the networking case is inherently complex because the network
architecture required by a non trivial application is itself complex, in
that you may need tiers of security, you need to HA, etc. In the most
trivial case where you just want a single endpoint to which you can talk
to, there's get-me-a-network [1,2]. You can fire boot a VM on of top of a
auto-provisioned network topology and off you go. To get external access
you're only left with a floating IP association, but that's only one API
call away.

Cheers,
Armando

[1]
https://specs.openstack.org/openstack/neutron-specs/specs/liberty/get-me-a-network.html
[2]
http://docs.openstack.org/newton/networking-guide/config-auto-allocation.html


>
> -Josh
>
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

[openstack-dev] [neutron] Confusion around the complexity

2017-01-12 Thread Joshua Harlow

So I don't want to start to much of a flame-war and am really just 
trying to understand things that may be beyond me (so treat me nicely, ha).


The basic question that I've been wondering revolves around the 
following kind of 'thought experiment' that asks something along the 
lines of:


"""
If I am a user of openstack, say I'm an iphone developer, trying to get 
my 'game' and associated 'game APIs' setup in a manner that is HA (say 
fronted by a load-balancer), using my custom image, secure and visible 
to either an intranet or to the large internet then what is the steps I 
would have to do when interacting with openstack to accomplish this and 
what would the provider of openstack have to give to me as endpoints to 
make this possible.

"""

One of the obvious ones is nova and glance, and the API and usage there 
feels pretty straightforward as is (isn't really relevant to this 
conversation anyway). The one that feels bulky and confusing (at least 
for me) is the things I'd have to do in neutron to create and/or select 
networks, create and/or select subnets, create and/or select ports and 
so-on...


As a supposed iphone developer (dev/ops, yadayada) just trying to get 
his/her game to market why would I really want to know about selecting 
networks, create and/or selecting subnets, create and/or selecting ports 
and so-on...


It may just be how it is, but I'd like to at least ask if others are 
really happy with the interactions/steps (I guess we could/maybe we 
should ask similar questions around various other projects as well?); if 
I'm just an outlier that's ok, at least I asked :-P


-Josh

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [neutron] Confusion around the complexity

Re: [openstack-dev] [neutron] Confusion around the complexity

Re: [openstack-dev] [neutron] Confusion around the complexity

Re: [openstack-dev] [neutron] Confusion around the complexity

Re: [openstack-dev] [neutron] Confusion around the complexity

Re: [openstack-dev] [neutron] Confusion around the complexity

Re: [openstack-dev] [neutron] Confusion around the complexity

Re: [openstack-dev] [neutron] Confusion around the complexity

Re: [openstack-dev] [neutron] Confusion around the complexity

Re: [openstack-dev] [neutron] Confusion around the complexity

Re: [openstack-dev] [neutron] Confusion around the complexity

Re: [openstack-dev] [neutron] Confusion around the complexity

Re: [openstack-dev] [neutron] Confusion around the complexity

Re: [openstack-dev] [neutron] Confusion around the complexity

Re: [openstack-dev] [neutron] Confusion around the complexity

[openstack-dev] [neutron] Confusion around the complexity

16 matches

Site Navigation

Mail list logo

Footer information