Re: [openstack-dev] [neutron] Confusion around the complexity
On 13 January 2017 at 15:01, Clint Byrumwrote: > Excerpts from Armando M.'s message of 2017-01-13 11:39:33 -0800: > > On 13 January 2017 at 10:47, Clint Byrum wrote: > > > > > Excerpts from Joshua Harlow's message of 2017-01-12 22:38:46 -0800: > > > > Kevin Benton wrote: > > > > > If you don't want users to specify network details, then use the > get me > > > > > a network extension or just have them boot to a public (or other > > > > > pre-created) network. > > > > > > > > > > In your thought experiment, why is your iPhone app developer not > just > > > > > using a PaaS that handles instance scaling, load balancing and HA? > Why > > > > > would he/she want to spend time managing security updates and log > > > > > rotation for an operating system running inside another program > > > > > pretending to be hardware? Different levels of abstraction solve > > > > > different use cases. > > > > > > > > Fair point, probably mr/mrs iPhone app developer should be doing > that. > > > > > > > > > > I totally disagree. If PaaS was the answer, they'd all be using PaaS. > > > > > > Maybe some day, but that's no excuse for having an overly complex story > > > for the base. I totally appreciate that "Get me a network" is an effort > > > to address this. But after reading docs on it, I actually have no idea > > > how it works or how to make use of it (I do have a decent understanding > > > of how to setup a default subnetpool as an operator). > > > > > > > I'd be happy to improve the docs, but your feedback is not very > actionable. > > Any chance you can elaborate on what you're struggling with? > > > > The docs I found are all extremely Neutron-centric. I was told later > on IRC that once the default subnet pool is setup, Nova would do some > magic to tell neutron to allocate a subnet from that pool to the user > when they create an instance. > Basically, the docs I found were not at all user-centric. They were > Neutron-centric and they didn't really explain why, as an operator, I'd > want to allocate a subnet pool. I mean, they do, but because I don't > really know if I have that problem or what it is, I just wasn't able > to grasp where this was going. It tells me to go ahead and list default > subnet pools, and then pass --nic=net-id=$ID from that. Super confusing > and not really any more friendly than before. > > If you are referring to [1], I wouldn't expect anything less, it's the OpenStack networking guide after all. > So what I want is the story from the user's perspective. Something like: > > "Without this extension, your users will need to do these steps in order > to boot servers with networking:..." > > and then > > "With this extension, your users will not need to perform those steps, > and the default subnet pools that you setup will be automatically > allocated to users upon their first server boot." > Problem statement from the user's point of view is typically left to the specs [2,3]. I am sure one can argue that the content there may not be well written or organized, but it was enough for getting the nova and the neutron team to have a mutual understanding and agreement on how to design, implement and test the feature. >From what I hear, there is a gap in the networking guide in that the rationale behind the feature is missing. I suppose we can fill that up, and thus I filed [4]. Thanks. [1] http://docs.openstack.org/newton/networking-guide/config-auto-allocation.html [2] http://specs.openstack.org/openstack/neutron-specs/specs/mitaka/get-me-a-network.html [3] http://specs.openstack.org/openstack/nova-specs/specs/newton/implemented/get-me-a-network.html [4] https://bugs.launchpad.net/openstack-manuals/+bug/1656447 > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron] Confusion around the complexity
Excerpts from Armando M.'s message of 2017-01-13 11:39:33 -0800: > On 13 January 2017 at 10:47, Clint Byrumwrote: > > > Excerpts from Joshua Harlow's message of 2017-01-12 22:38:46 -0800: > > > Kevin Benton wrote: > > > > If you don't want users to specify network details, then use the get me > > > > a network extension or just have them boot to a public (or other > > > > pre-created) network. > > > > > > > > In your thought experiment, why is your iPhone app developer not just > > > > using a PaaS that handles instance scaling, load balancing and HA? Why > > > > would he/she want to spend time managing security updates and log > > > > rotation for an operating system running inside another program > > > > pretending to be hardware? Different levels of abstraction solve > > > > different use cases. > > > > > > Fair point, probably mr/mrs iPhone app developer should be doing that. > > > > > > > I totally disagree. If PaaS was the answer, they'd all be using PaaS. > > > > Maybe some day, but that's no excuse for having an overly complex story > > for the base. I totally appreciate that "Get me a network" is an effort > > to address this. But after reading docs on it, I actually have no idea > > how it works or how to make use of it (I do have a decent understanding > > of how to setup a default subnetpool as an operator). > > > > I'd be happy to improve the docs, but your feedback is not very actionable. > Any chance you can elaborate on what you're struggling with? > The docs I found are all extremely Neutron-centric. I was told later on IRC that once the default subnet pool is setup, Nova would do some magic to tell neutron to allocate a subnet from that pool to the user when they create an instance. Basically, the docs I found were not at all user-centric. They were Neutron-centric and they didn't really explain why, as an operator, I'd want to allocate a subnet pool. I mean, they do, but because I don't really know if I have that problem or what it is, I just wasn't able to grasp where this was going. It tells me to go ahead and list default subnet pools, and then pass --nic=net-id=$ID from that. Super confusing and not really any more friendly than before. So what I want is the story from the user's perspective. Something like: "Without this extension, your users will need to do these steps in order to boot servers with networking:..." and then "With this extension, your users will not need to perform those steps, and the default subnet pools that you setup will be automatically allocated to users upon their first server boot." __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron] Confusion around the complexity
"as an operator"? That's not related to the iPhone developer use case (user usability) at all. For users, they just boot a VM and Nova will call the API and neutron will setup a network/router/etc on demand and return it so there is nothing the user has to do. If you have issues with operator usability, that relates to improvements to the openstack networking guide, but that's not what this thread is about. On Jan 13, 2017 10:50, "Clint Byrum"wrote: Excerpts from Joshua Harlow's message of 2017-01-12 22:38:46 -0800: > Kevin Benton wrote: > > If you don't want users to specify network details, then use the get me > > a network extension or just have them boot to a public (or other > > pre-created) network. > > > > In your thought experiment, why is your iPhone app developer not just > > using a PaaS that handles instance scaling, load balancing and HA? Why > > would he/she want to spend time managing security updates and log > > rotation for an operating system running inside another program > > pretending to be hardware? Different levels of abstraction solve > > different use cases. > > Fair point, probably mr/mrs iPhone app developer should be doing that. > I totally disagree. If PaaS was the answer, they'd all be using PaaS. Maybe some day, but that's no excuse for having an overly complex story for the base. I totally appreciate that "Get me a network" is an effort to address this. But after reading docs on it, I actually have no idea how it works or how to make use of it (I do have a decent understanding of how to setup a default subnetpool as an operator). __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron] Confusion around the complexity
On 13 January 2017 at 10:47, Clint Byrumwrote: > Excerpts from Joshua Harlow's message of 2017-01-12 22:38:46 -0800: > > Kevin Benton wrote: > > > If you don't want users to specify network details, then use the get me > > > a network extension or just have them boot to a public (or other > > > pre-created) network. > > > > > > In your thought experiment, why is your iPhone app developer not just > > > using a PaaS that handles instance scaling, load balancing and HA? Why > > > would he/she want to spend time managing security updates and log > > > rotation for an operating system running inside another program > > > pretending to be hardware? Different levels of abstraction solve > > > different use cases. > > > > Fair point, probably mr/mrs iPhone app developer should be doing that. > > > > I totally disagree. If PaaS was the answer, they'd all be using PaaS. > > Maybe some day, but that's no excuse for having an overly complex story > for the base. I totally appreciate that "Get me a network" is an effort > to address this. But after reading docs on it, I actually have no idea > how it works or how to make use of it (I do have a decent understanding > of how to setup a default subnetpool as an operator). > I'd be happy to improve the docs, but your feedback is not very actionable. Any chance you can elaborate on what you're struggling with? Thanks, Armando > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron] Confusion around the complexity
Excerpts from Joshua Harlow's message of 2017-01-12 22:38:46 -0800: > Kevin Benton wrote: > > If you don't want users to specify network details, then use the get me > > a network extension or just have them boot to a public (or other > > pre-created) network. > > > > In your thought experiment, why is your iPhone app developer not just > > using a PaaS that handles instance scaling, load balancing and HA? Why > > would he/she want to spend time managing security updates and log > > rotation for an operating system running inside another program > > pretending to be hardware? Different levels of abstraction solve > > different use cases. > > Fair point, probably mr/mrs iPhone app developer should be doing that. > I totally disagree. If PaaS was the answer, they'd all be using PaaS. Maybe some day, but that's no excuse for having an overly complex story for the base. I totally appreciate that "Get me a network" is an effort to address this. But after reading docs on it, I actually have no idea how it works or how to make use of it (I do have a decent understanding of how to setup a default subnetpool as an operator). __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron] Confusion around the complexity
My two cents on this Agree with Kevin, IaaS solutions(like CloudStack, OpenNebula, OpenStack, etc.) offer a deep level of customization for those apps which requires fine-grained control of Cloud resources with the disadvantage of increasing the time required for developing them. By other hand, PaaS solutions (e.g Cloud Foundry, OpenShift, etc) usually deployed on top of IaaS solutions, offer a quicker development process but lower level of customization associated with poor performance or scalability controlled by the PaaS solution. Lastly, my understanding is that the term "legacy apps” refers to non-cloud aware applications usually with monolithic instead of using microservices architecture and/or publish/subscribe pattern. Regards, Victor Morales irc: electrocucaracha On 1/13/17, 12:38 AM, "Joshua Harlow"wrote: >Kevin Benton wrote: >> If you don't want users to specify network details, then use the get me >> a network extension or just have them boot to a public (or other >> pre-created) network. >> >> In your thought experiment, why is your iPhone app developer not just >> using a PaaS that handles instance scaling, load balancing and HA? Why >> would he/she want to spend time managing security updates and log >> rotation for an operating system running inside another program >> pretending to be hardware? Different levels of abstraction solve >> different use cases. > >Fair point, probably mr/mrs iPhone app developer should be doing that. > >> >> Amazon VPC exists (and is the default) for the same reason neutron >> provides network virtualization primitives. People moving legacy apps >> onto these systems end up needing specific addressing schemes and >> isolation topologies. >> > >What's a legacy app, sounds sorta dirty lol > >__ >OpenStack Development Mailing List (not for usage questions) >Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron] Confusion around the complexity
Kevin Benton wrote: If you don't want users to specify network details, then use the get me a network extension or just have them boot to a public (or other pre-created) network. In your thought experiment, why is your iPhone app developer not just using a PaaS that handles instance scaling, load balancing and HA? Why would he/she want to spend time managing security updates and log rotation for an operating system running inside another program pretending to be hardware? Different levels of abstraction solve different use cases. Fair point, probably mr/mrs iPhone app developer should be doing that. Amazon VPC exists (and is the default) for the same reason neutron provides network virtualization primitives. People moving legacy apps onto these systems end up needing specific addressing schemes and isolation topologies. What's a legacy app, sounds sorta dirty lol __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron] Confusion around the complexity
If you don't want users to specify network details, then use the get me a network extension or just have them boot to a public (or other pre-created) network. In your thought experiment, why is your iPhone app developer not just using a PaaS that handles instance scaling, load balancing and HA? Why would he/she want to spend time managing security updates and log rotation for an operating system running inside another program pretending to be hardware? Different levels of abstraction solve different use cases. Amazon VPC exists (and is the default) for the same reason neutron provides network virtualization primitives. People moving legacy apps onto these systems end up needing specific addressing schemes and isolation topologies. On Jan 12, 2017 20:59, "Joshua Harlow"wrote: Sean M. Collins wrote: > Joshua Harlow wrote: > >> So I don't want to start to much of a flame-war and am really just trying >> to >> understand things that may be beyond me (so treat me nicely, ha). >> >> The basic question that I've been wondering revolves around the following >> kind of 'thought experiment' that asks something along the lines of: >> >> """ >> If I am a user of openstack, say I'm an iphone developer, trying to get my >> 'game' and associated 'game APIs' setup in a manner that is HA (say >> fronted >> by a load-balancer), using my custom image, secure and visible to either >> an >> intranet or to the large internet then what is the steps I would have to >> do >> when interacting with openstack to accomplish this and what would the >> provider of openstack have to give to me as endpoints to make this >> possible. >> """ >> > > > We have a guide that sort of fits this usecase: > > http://developer.openstack.org/firstapp-libcloud/ > > The networking section, can always use improvement: > > http://developer.openstack.org/firstapp-libcloud/networking.html > > Interesting good to know that this exists; though I still have this weird gut feeling that the following isn't really what people want to be doing (though they may have to just because that is what it is): $ openstack network list $ openstack network create worker_network $ openstack network create webserver_network $ openstack subnet create webserver_subnet --network webserver_network --subnet-range 10.0.2.0/24 $ openstack network create api_network $ openstack subnet create api_subnet --network api_network --subnet-range 10.0.3.0/24 $ openstack floating ip create public (1st floating IP) $ openstack floating ip create public (2nd floating IP) $ openstack router create project_router $ openstack router set project_router --external-gateway public $ openstack router add subnet project_router worker_subnet $ openstack router add subnet project_router api_subnet $ openstack router add subnet project_router webserver_subnet And then: $ nova boot --flavor m1.tiny --image cirros-0.3.3-x86_64-disk --nic net-id=953224c6-c510-45c5-8a29-37deffd3d78e worker1 ANNND then: $ openstack network list $ nova boot --flavor 1 --image 53ff0943-99ba-42d2-a10d-f66656372f87 --min-count 2 test $ openstack floating ip create public --fixed-ip-address 10.0.0.2 --port 523331cf-5636-4298-a14c-f545bb32abcf $ openstack floating ip create public --fixed-ip-address 10.0.2.4 --port 462c92c6-941c-48ab-8cca-3c7a7308f580 $ neutron lb-member-create --address 203.0.113.21 --protocol-port 80 mypool $ neutron lb-member-create --address 203.0.113.22 --protocol-port 80 mypool AN then: ... (how many more are there, woah) __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron] Confusion around the complexity
Sean M. Collins wrote: Joshua Harlow wrote: So I don't want to start to much of a flame-war and am really just trying to understand things that may be beyond me (so treat me nicely, ha). The basic question that I've been wondering revolves around the following kind of 'thought experiment' that asks something along the lines of: """ If I am a user of openstack, say I'm an iphone developer, trying to get my 'game' and associated 'game APIs' setup in a manner that is HA (say fronted by a load-balancer), using my custom image, secure and visible to either an intranet or to the large internet then what is the steps I would have to do when interacting with openstack to accomplish this and what would the provider of openstack have to give to me as endpoints to make this possible. """ We have a guide that sort of fits this usecase: http://developer.openstack.org/firstapp-libcloud/ The networking section, can always use improvement: http://developer.openstack.org/firstapp-libcloud/networking.html Interesting good to know that this exists; though I still have this weird gut feeling that the following isn't really what people want to be doing (though they may have to just because that is what it is): $ openstack network list $ openstack network create worker_network $ openstack network create webserver_network $ openstack subnet create webserver_subnet --network webserver_network --subnet-range 10.0.2.0/24 $ openstack network create api_network $ openstack subnet create api_subnet --network api_network --subnet-range 10.0.3.0/24 $ openstack floating ip create public (1st floating IP) $ openstack floating ip create public (2nd floating IP) $ openstack router create project_router $ openstack router set project_router --external-gateway public $ openstack router add subnet project_router worker_subnet $ openstack router add subnet project_router api_subnet $ openstack router add subnet project_router webserver_subnet And then: $ nova boot --flavor m1.tiny --image cirros-0.3.3-x86_64-disk --nic net-id=953224c6-c510-45c5-8a29-37deffd3d78e worker1 ANNND then: $ openstack network list $ nova boot --flavor 1 --image 53ff0943-99ba-42d2-a10d-f66656372f87 --min-count 2 test $ openstack floating ip create public --fixed-ip-address 10.0.0.2 --port 523331cf-5636-4298-a14c-f545bb32abcf $ openstack floating ip create public --fixed-ip-address 10.0.2.4 --port 462c92c6-941c-48ab-8cca-3c7a7308f580 $ neutron lb-member-create --address 203.0.113.21 --protocol-port 80 mypool $ neutron lb-member-create --address 203.0.113.22 --protocol-port 80 mypool AN then: ... (how many more are there, woah) __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron] Confusion around the complexity
Joshua Harlow wrote: > So I don't want to start to much of a flame-war and am really just trying to > understand things that may be beyond me (so treat me nicely, ha). > > The basic question that I've been wondering revolves around the following > kind of 'thought experiment' that asks something along the lines of: > > """ > If I am a user of openstack, say I'm an iphone developer, trying to get my > 'game' and associated 'game APIs' setup in a manner that is HA (say fronted > by a load-balancer), using my custom image, secure and visible to either an > intranet or to the large internet then what is the steps I would have to do > when interacting with openstack to accomplish this and what would the > provider of openstack have to give to me as endpoints to make this possible. > """ We have a guide that sort of fits this usecase: http://developer.openstack.org/firstapp-libcloud/ The networking section, can always use improvement: http://developer.openstack.org/firstapp-libcloud/networking.html -- Sean M. Collins __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron] Confusion around the complexity
Actually we have a single call create for load balancers[1], so I think that addresses Josh's concern about complexity in the number of required calls. As for the complexity of the "concept" of a load balancer, I think we have improved that greatly with the LBaaSv2 API. That said, if there are things that jump out at you for usability/complexity please open a bug for us[2]. We welcome the input! Michael P.S. Yes, single call create is not in the main API docs, don't ask, yes we are working on that. [1] http://docs.openstack.org/developer/octavia/api/octaviaapi.html#create-fully -populated-load-balancer [2] https://bugs.launchpad.net/octavia/+filebug -Original Message- From: Curtis [mailto:serverasc...@gmail.com] Sent: Thursday, January 12, 2017 3:30 PM To: OpenStack Development Mailing List (not for usage questions) <openstack-dev@lists.openstack.org> Subject: Re: [openstack-dev] [neutron] Confusion around the complexity On Thu, Jan 12, 2017 at 3:46 PM, Joshua Harlow <harlo...@fastmail.com> wrote: > So I don't want to start to much of a flame-war and am really just > trying to understand things that may be beyond me (so treat me nicely, ha). > > The basic question that I've been wondering revolves around the > following kind of 'thought experiment' that asks something along the lines of: > > """ > If I am a user of openstack, say I'm an iphone developer, trying to > get my 'game' and associated 'game APIs' setup in a manner that is HA > (say fronted by a load-balancer), using my custom image, secure and > visible to either an intranet or to the large internet then what is > the steps I would have to do when interacting with openstack to > accomplish this and what would the provider of openstack have to give to me as endpoints to make this possible. > """ > Presumably this is a public OpenStack cloud? If so... It's been a while since I worked at a public OpenStack cloud, but most I would imagine will auto create a tenant network and router (if they can afford the public IPv4s for the router :)) and then when a user creates an instance it just ends up on that initial "default" tenant network. This is usually left to the public cloud to implement during their customer on-boarding process. That is assuming the public cloud is allowing tenant "private" networks, which not all would do. There are other models. Now, a load balancer, if that is required, is different and bit harder if you mean one that is managed by the OpenStack cloud, as opposed to a user creating their own LB instance. Perhaps what you are really thinking about is the simplicity of a more "VPS" like interface, ala Digital Ocean (and now somewhat mimicked by AWS with uh, LightSail I think). I've always thought it would perhaps be a nice project in OpenStack to do a simple VPS style interface. Thanks, Curtis. > One of the obvious ones is nova and glance, and the API and usage > there feels pretty straightforward as is (isn't really relevant to > this conversation anyway). The one that feels bulky and confusing (at > least for > me) is the things I'd have to do in neutron to create and/or select > networks, create and/or select subnets, create and/or select ports and > so-on... > > As a supposed iphone developer (dev/ops, yadayada) just trying to get > his/her game to market why would I really want to know about selecting > networks, create and/or selecting subnets, create and/or selecting > ports and so-on... > > It may just be how it is, but I'd like to at least ask if others are > really happy with the interactions/steps (I guess we could/maybe we > should ask similar questions around various other projects as well?); > if I'm just an outlier that's ok, at least I asked :-P > > -Josh > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: > openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Blog: serverascode.com __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron] Confusion around the complexity
On Thu, Jan 12, 2017 at 3:46 PM, Joshua Harlowwrote: > So I don't want to start to much of a flame-war and am really just trying to > understand things that may be beyond me (so treat me nicely, ha). > > The basic question that I've been wondering revolves around the following > kind of 'thought experiment' that asks something along the lines of: > > """ > If I am a user of openstack, say I'm an iphone developer, trying to get my > 'game' and associated 'game APIs' setup in a manner that is HA (say fronted > by a load-balancer), using my custom image, secure and visible to either an > intranet or to the large internet then what is the steps I would have to do > when interacting with openstack to accomplish this and what would the > provider of openstack have to give to me as endpoints to make this possible. > """ > Presumably this is a public OpenStack cloud? If so... It's been a while since I worked at a public OpenStack cloud, but most I would imagine will auto create a tenant network and router (if they can afford the public IPv4s for the router :)) and then when a user creates an instance it just ends up on that initial "default" tenant network. This is usually left to the public cloud to implement during their customer on-boarding process. That is assuming the public cloud is allowing tenant "private" networks, which not all would do. There are other models. Now, a load balancer, if that is required, is different and bit harder if you mean one that is managed by the OpenStack cloud, as opposed to a user creating their own LB instance. Perhaps what you are really thinking about is the simplicity of a more "VPS" like interface, ala Digital Ocean (and now somewhat mimicked by AWS with uh, LightSail I think). I've always thought it would perhaps be a nice project in OpenStack to do a simple VPS style interface. Thanks, Curtis. > One of the obvious ones is nova and glance, and the API and usage there > feels pretty straightforward as is (isn't really relevant to this > conversation anyway). The one that feels bulky and confusing (at least for > me) is the things I'd have to do in neutron to create and/or select > networks, create and/or select subnets, create and/or select ports and > so-on... > > As a supposed iphone developer (dev/ops, yadayada) just trying to get > his/her game to market why would I really want to know about selecting > networks, create and/or selecting subnets, create and/or selecting ports and > so-on... > > It may just be how it is, but I'd like to at least ask if others are really > happy with the interactions/steps (I guess we could/maybe we should ask > similar questions around various other projects as well?); if I'm just an > outlier that's ok, at least I asked :-P > > -Josh > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Blog: serverascode.com __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron] Confusion around the complexity
On 01/12/2017 04:46 PM, Joshua Harlow wrote: So I don't want to start to much of a flame-war and am really just trying to understand things that may be beyond me (so treat me nicely, ha). The basic question that I've been wondering revolves around the following kind of 'thought experiment' that asks something along the lines of: """ If I am a user of openstack, say I'm an iphone developer, trying to get my 'game' and associated 'game APIs' setup in a manner that is HA (say fronted by a load-balancer), using my custom image, secure and visible to either an intranet or to the large internet then what is the steps I would have to do when interacting with openstack to accomplish this and what would the provider of openstack have to give to me as endpoints to make this possible. """ One of the obvious ones is nova and glance, and the API and usage there feels pretty straightforward as is (isn't really relevant to this conversation anyway). The one that feels bulky and confusing (at least for me) is the things I'd have to do in neutron to create and/or select networks, create and/or select subnets, create and/or select ports and so-on... As a supposed iphone developer (dev/ops, yadayada) just trying to get his/her game to market why would I really want to know about selecting networks, create and/or selecting subnets, create and/or selecting ports and so-on... Nova/neutron now support "get me a network" which can simplify basic setups quite a bit. Also, it's possible that the service provider could have created the networks/subnets for you when you initially set up the account, at which point you just boot up an instance on the right network. As for why you would want to deal with the nitty gritty, consider a basic setup with a loadbalancer, multiple HTTP servers, and a backend DB. The loadbalancer needs to be on a network that is routable to the public internet. The HTTP servers need to be accessible from the loadbalancer, but we probably don't want them visible to the public internet. The backend DB should only be accessible from the HTTP servers, not the loadbalancer, and it definitely shouldn't be on the public internet. So we're talking maybe two separate virtual networks. In real life the DB would probably be HA, so you'd have multiple DB servers (likely with their own private network for sync traffic) and maybe another loadbalancer in front of them. Chris __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron] Confusion around the complexity
On 12 January 2017 at 15:07, Armando M.wrote: > > > On 12 January 2017 at 14:46, Joshua Harlow wrote: > >> So I don't want to start to much of a flame-war and am really just trying >> to understand things that may be beyond me (so treat me nicely, ha). >> >> The basic question that I've been wondering revolves around the following >> kind of 'thought experiment' that asks something along the lines of: >> >> """ >> If I am a user of openstack, say I'm an iphone developer, trying to get >> my 'game' and associated 'game APIs' setup in a manner that is HA (say >> fronted by a load-balancer), using my custom image, secure and visible to >> either an intranet or to the large internet then what is the steps I would >> have to do when interacting with openstack to accomplish this and what >> would the provider of openstack have to give to me as endpoints to make >> this possible. >> """ >> >> One of the obvious ones is nova and glance, and the API and usage there >> feels pretty straightforward as is (isn't really relevant to this >> conversation anyway). The one that feels bulky and confusing (at least for >> me) is the things I'd have to do in neutron to create and/or select >> networks, create and/or select subnets, create and/or select ports and >> so-on... > > >> As a supposed iphone developer (dev/ops, yadayada) just trying to get >> his/her game to market why would I really want to know about selecting >> networks, create and/or selecting subnets, create and/or selecting ports >> and so-on... >> >> It may just be how it is, but I'd like to at least ask if others are >> really happy with the interactions/steps (I guess we could/maybe we should >> ask similar questions around various other projects as well?); if I'm just >> an outlier that's ok, at least I asked :-P >> > > Answering your question in a nutshell is very hard, but I'll try > nonetheless. > > I bet that if you think really hard, complications may arise even when > dealing with images and compute resources. That's because, in the most > trivial cases you are not thinking about the services that your image must > provide (and if so you may start injecting user-data into your boot phase) > or performance requirements you may have (and if so, you may want your > hypervisors to provide certain optimizations). > > IMO, the networking case is inherently complex because the network > architecture required by a non trivial application is itself complex, in > that you may need tiers of security, you need to HA, etc. In the most > trivial case where you just want a single endpoint to which you can talk > to, there's get-me-a-network [1,2]. You can fire boot a VM on of top of a > auto-provisioned network topology and off you go. To get external access > you're only left with a floating IP association, but that's only one API > call away. > > Cheers, > Armando > > [1] https://specs.openstack.org/openstack/neutron-specs/specs/ > liberty/get-me-a-network.html > [2] http://docs.openstack.org/newton/networking-guide/ > config-auto-allocation.html > Forgot to add the nova-side of the spec: http://specs.openstack.org/openstack/nova-specs/specs/newton/implemented/get-me-a-network.html > > > >> >> -Josh >> >> >> __ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscrib >> e >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > > __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron] Confusion around the complexity
On 12 January 2017 at 14:46, Joshua Harlowwrote: > So I don't want to start to much of a flame-war and am really just trying > to understand things that may be beyond me (so treat me nicely, ha). > > The basic question that I've been wondering revolves around the following > kind of 'thought experiment' that asks something along the lines of: > > """ > If I am a user of openstack, say I'm an iphone developer, trying to get my > 'game' and associated 'game APIs' setup in a manner that is HA (say fronted > by a load-balancer), using my custom image, secure and visible to either an > intranet or to the large internet then what is the steps I would have to do > when interacting with openstack to accomplish this and what would the > provider of openstack have to give to me as endpoints to make this possible. > """ > > One of the obvious ones is nova and glance, and the API and usage there > feels pretty straightforward as is (isn't really relevant to this > conversation anyway). The one that feels bulky and confusing (at least for > me) is the things I'd have to do in neutron to create and/or select > networks, create and/or select subnets, create and/or select ports and > so-on... > As a supposed iphone developer (dev/ops, yadayada) just trying to get > his/her game to market why would I really want to know about selecting > networks, create and/or selecting subnets, create and/or selecting ports > and so-on... > > It may just be how it is, but I'd like to at least ask if others are > really happy with the interactions/steps (I guess we could/maybe we should > ask similar questions around various other projects as well?); if I'm just > an outlier that's ok, at least I asked :-P > Answering your question in a nutshell is very hard, but I'll try nonetheless. I bet that if you think really hard, complications may arise even when dealing with images and compute resources. That's because, in the most trivial cases you are not thinking about the services that your image must provide (and if so you may start injecting user-data into your boot phase) or performance requirements you may have (and if so, you may want your hypervisors to provide certain optimizations). IMO, the networking case is inherently complex because the network architecture required by a non trivial application is itself complex, in that you may need tiers of security, you need to HA, etc. In the most trivial case where you just want a single endpoint to which you can talk to, there's get-me-a-network [1,2]. You can fire boot a VM on of top of a auto-provisioned network topology and off you go. To get external access you're only left with a floating IP association, but that's only one API call away. Cheers, Armando [1] https://specs.openstack.org/openstack/neutron-specs/specs/liberty/get-me-a-network.html [2] http://docs.openstack.org/newton/networking-guide/config-auto-allocation.html > > -Josh > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [neutron] Confusion around the complexity
So I don't want to start to much of a flame-war and am really just trying to understand things that may be beyond me (so treat me nicely, ha). The basic question that I've been wondering revolves around the following kind of 'thought experiment' that asks something along the lines of: """ If I am a user of openstack, say I'm an iphone developer, trying to get my 'game' and associated 'game APIs' setup in a manner that is HA (say fronted by a load-balancer), using my custom image, secure and visible to either an intranet or to the large internet then what is the steps I would have to do when interacting with openstack to accomplish this and what would the provider of openstack have to give to me as endpoints to make this possible. """ One of the obvious ones is nova and glance, and the API and usage there feels pretty straightforward as is (isn't really relevant to this conversation anyway). The one that feels bulky and confusing (at least for me) is the things I'd have to do in neutron to create and/or select networks, create and/or select subnets, create and/or select ports and so-on... As a supposed iphone developer (dev/ops, yadayada) just trying to get his/her game to market why would I really want to know about selecting networks, create and/or selecting subnets, create and/or selecting ports and so-on... It may just be how it is, but I'd like to at least ask if others are really happy with the interactions/steps (I guess we could/maybe we should ask similar questions around various other projects as well?); if I'm just an outlier that's ok, at least I asked :-P -Josh __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev