 Hello. Hey, there we go. Excellent. Welcome everybody. This is for the OpenStack Trove, hands-on lab. Looks like a lot more people than we initially thought we're gonna be here, but that's awesome. Love seeing that. My name is Craig Vivial. I am the PTL working on the Trove platform now. I work for HP. I've been involved with Trove for a couple years now. Pretty much since the inception of it. It was originally working with Rackspace and HP coming together and then to Sora and we've got eBay and and Red Hat. A couple other people have come on board as well. So we have a couple people around here. We have Nikhil here who's the former PTL. He's someone that can help us out as well as Shane. Max Amrith. We have Doug back there and then we also have Peter, who's I'm sure around. There he is. As well as Victoria this year. There she is. And Eddie. We have quite a few people around. So if you run into any trouble with copying these the disc image and getting that set up, sure we can raise your hand and we can come come around and help you out. Is everybody starting the copying process? Yeah. Do we have any more drives? Yeah, there's quite a few more people than we thought. I think we said about 20 to 30 people and it looks like quite a bit more. So commence file copying. So we're going to be copying all the files off the thumb drive onto your machines. We're going to be running with virtual box. Oh, no, sorry VMware. Ideally fusion on the Mac and then it's a workstation on on Linux or Windows. There's another one. There's one right there. So whenever you finish put your hand up with it with the drive and that'll help that'll help us move it along a little better. So once you've completed, we'll move we'll move that along. All right. So a little bit of preparation here. We have a plan. We're going to get this set up on your on your laptop and then we'll talk a little bit about what is Trove. If if you've never heard of it or You're you're semi familiar with it, then we can we can expand that. We're going to be creating a MySQL instance and then we are going to be creating a user and a database and then making a backup of that and showing how easy that is with our Trove CLI and and that's just working through our API. Similar to all the other OpenStack projects. We have a CLI written in Python. Then we then we're also going to be showing one of the one of the things that kind of separates Trove away from other project or just being a provisioning system. We can also customize and tune MySQL, Mongo, Redis, all the different data stores and we can customize their actual configurations. So we can create a customization group, configuration group that you can then apply to multiple instances and that allows you to maybe you need to improve or increase the connection count or the memory that you you're using for for certain certain configuration settings. Am I moving any too fast here or are we we on good pace? What's up? Yes? We do have those in a Google Drive folder, but what do you mean? But it's not very good to copy that from this network is what we've noticed. So it's to a cloud instance. It's not something we actually thought about whenever we initially did that, but to be able to pull this into a cloud instance and run it from that. Why didn't we do that in the past? In a conference setting, it's not always ideal to use the network. We could. So we do have a... So if you go to my Twitter account, it's Twitter slash cp16net. I posted these slides up and so you can at least see those slides there. It should be the latest tweet that I have there, I believe. It should be linked to a Google Google link, right? Did you find that? Okay. Excellent. Any other questions as we're getting started here? Excuse me? A Twitter account is cp16net. Yeah, excellent. Thank you, Amrith. Thank you, Max. Any other questions? You see the Twitter account, you can get the... Any other questions as we're moving along here? In such an orderly fashion. Okay. So how many people have actually completed the copy process so we can kind of get a gauge of how far along we are? Okay, like ten people, like... Excellent. Excellent. There's another one. Yeah, here's another one. The loading for the VM? Yeah, because I have to check if network works. I'm just running it. So the login is OpenStack username and the password is password. Excellent. You need to restore the most recent snapshot. Okay. So as we're moving forward here, there's a couple of things we need to tweak before we start up the VM and be able to get things completely working there, but you're on the right track. Excellent. Can I get another quick show of hands of how many people have completed copying? Excellent. So let me go into a couple Trove terminology things and then we'll get to... We'll talk about Trove for a second and then we'll get into the VM. So there's a couple things in Trove that are unique to Trove. We have a Trove instance, which that basically wraps up a Nova instance that's booted for you that's running a guest agent. That guest agent is a Python code that is connected to the RabbitMQ that listens for events that prepares, creates databases, creates instance for you. There's a notion of a flavor, same as within Nova. It's actually using the same Nova flavors, which constitutes the RAM and the disk size. The Guest Image, we have a unique Guest Image for each one of our data stores that helps you provision. It contains the Guest Image is just a glance image that contains the guest agent already on there. It also you can pre-install your data store as well, which may be MySQL, maybe Redis, maybe Mongo, maybe other data stores. That data store is one of the databases that we have as well. And then we have versions. So we have a data store version, a version being you can have a different version of MySQL. You can have MySQL 5.1, MySQL 5.5, MySQL 5.6, MySQL 6.0, I think is the next one. That's what I recall. 5.7.x Then we have the configuration group, which is basically a set of configurations per data store. So for example, in MySQL, you can set the max connections. You can set the buffer pool size. You can set specific things like that and apply those. So with intro, we have a couple dependencies that we have within that. We depend on Nova. That's providing the compute resources, which is the instance where your database is running. We have a with sender. Sender is providing the actual storage back end. That's where for example, in MySQL you have varlib MySQL. That is where we mount the volume. So it stores all of your data in a volume that then can be replicated, can be detached if needed. Basically gives us a little bit more flexibility to be able to not contain everything on that instance. If your instance dies for whatever reason, then we have a way of getting that data back. Then we have dependency on Swift. That's where we're storing your backups. You back up your database. It's going to object storage in Swift. Neutron, you can make a private subnet. You can connect basically your entire application within that subnet. You can then lock down the permissions for your data store, not to have access basically to the public network or lock down to just your network and not to other other services outside of that. Then we have Keystone, which is basically dependency of making sure that you have tenant networks or your instances are living within that network. I'm sorry, within validation of your tenant, right? So you can, tenants are basically instances that live within different, within different tenants. Does that make sense? Or did I just ramble on for a little bit there? Then glance we have that. That's where we're storing our image. Any questions around that? Excuse me. Heat, we do have support for heat to be able to build the instance and tie everything together with heat, although that's not been part of the pipeline that we've been testing very well. So that's something that it exists, but hasn't been fully vetted and tested. The way I've looked at it is that there's kind of a double, if you look at it like you have heat and then you have what trove is, heat can build a trove instance and run along and then you also then would have trove building using heat to build it. So it'd be like kind of this inception type of building within a building and it provides the same functionality, but trove actually provides extra on top of that. So I look at it like not necessarily, but there can be discussions on that and I'd love input and seeing the direction that we can take that as as a community. The question was does trove support heat and we do support, heat supports trove, and then there's the idea is does trove actually use heat to provision its resources with it? So that's kind of a double answer to that question, sort of. Any other questions about that? So we just, in Liberty, we just released it with MySQL clustering. It's actually using the Percona extra DB cluster is the one that we officially support right now. It's using the master master with glare. Excellent. Yeah, so we have we have replication as well with master slave and master master as well. Excellent. Any other questions? We've got some extra drives if we need to still get some copies made. Excellent. Anybody else need a thumb drive? Excellent. So we have, here's a diagram of how trove interacts with all the different services within OpenStack. So trove API is the endpoint. That's where Horizon or the CLI enters with the with our trove API and it connects to the database as well as the message bus. Message bus being a rabbit or whatever other OpenStack supported Oslo messaging service is available. That then if you create an instance, we'll go through and we will pass that to the message bus and then goes to the task manager. Task manager is meant for long-running tasks like let's create an instance. Let's create a volume. Let's create a network. Let's tie all that together. Let's make sure that actually comes online and it becomes active. So then task manager then passes that along to Nova and creates the Nova instance, creates the sender volume and tight attaches that volume and then we end up having a compute instance where that compute instance is the image from glance that has the guest agent as well as the data store for SQL or NoSQL that we have in our diagram. The guest agent then prepares that instance, installs that data store, secures that data store and makes sure that we attach that volume into the correct location and format that and set it up to where it's active. So then the other we see the guest agent also goes down and points to Swift. Well, that's for the backup. So we call in from the Trove API. We say hey, go create a backup and then it'll go down and it will the guest agent then can put that into the Swift container for for the tenant as the backup. You had a question there, sir? Right. So this has been a talk quite a few times. This has been brought up. What this means is that the question is we have a guest agent that's connected to the control plane for the message bus here. You see that. So we locked. So you have a you have a Nova instance and if this there's there's what we have set up in our dev stack environment is that each one of the compute instances is in the tenant tenants. So technically in that in that type of setup, it's not exactly secure and that that means that it's you can actually SSH, you can you can get in there. You can then see those credentials to the to that instance, not a production type of setup for the record. So so so we've so actually Nikhil just brought in a I were making a remote patch It's something that we can then create those instances in an admin tenant where those those exist in this other tenant but we give access to the the end point to that right so you have the network basically you're attaching that to the network to Your private subnet so then you have access to that and then you don't actually have access to the instance to the volume or To anything else inside of that instance Okay That answer your question Okay, any other questions about that then as before we move on with this fun slide. Yes, sir Yes Yes, you could you can split so you can't the question is can you split the task manager and conductor into three Different controller nodes and be able to split the load Is that And make an HA and load balancing so since task manager is just connected to the message bus you can run that across multiple nodes and It will only a single message that gets passed to a task manager gets executed at a time and then on the same same The same ideas with conductor. It's basically just listening to messages from From the guest agent saying hey the database is active or and hey We're ready basically change the state in the database of that trove instance. So That's those don't need to be necessary Task manager and conductor do not need to be running on a HA proxy or anything because it's running that I would say Yes, if you're running the message bus HA as well then then you would need some kind of a way to To provide HA for the message bus at that point Makes sense. Okay. I Does not provide it So the question is does this this doesn't provide a Diagram for cylinder and meter cylinder Okay, so it doesn't provide a diagram of the cylinder in here, but it does we do Provide messages to salamander for that. We're actually expanding. We have some blueprints in the snack from a talker that have Basically, I expand our messages across all of Any state changes across any instance as far as resizing the instance resizing volume Basically any state changes so we had the start end and error Actually, Peter was actually working on that so no Morgan's working on that but he knows a lot about it Excellent any other questions or did I answer your question correct, sir? Yeah Any other questions? All right, so we should be about finished Getting everything copied everybody good for copying. I take the shallow nods as a guess All right, so there's a couple things here, so it would be good to embers was saying to go back in and set your Reset the instance to or your VM to the latest snapshot. There you go So we so reset reset that and before we start this up then So if we go in to the settings that are wait to snapshots Oh, you do not see that So you go into the snapshots of that VM and then go to your latest snapshot And this is probably my random snapshot that I have. All right, so then we have So getting started here. We have I Have a couple commands here. You might not be able to see this but if you if you pull down the the document on From my Twitter account you should be able to see that in the PDF It's basically a manual way of setting up a virtual network on your on your Your VMware and this is this is specific to VMware fusion here There's a picture on the next slide here that kind of shows another way you can do it. That's not as command line ask Basically going into your network on your on your VM So if we go back here and you go to the VMware fusion preferences You can go to the general You'll see general here and then you go to network and then you can Unlock things Okay, we have issues with the snapshot So launch the VMX Yeah, the VM DK is the image you moved it do not upgrade things Anybody got a 32-bit machine don't bother Yeah And if you don't want to use a gig you can downsize it to four but something might run out of memory So we have it set to eight gigs initially. Okay, okay, that's fine Anybody having problems raise your hand will come over and help you You go help right So anybody else having problems no moving forward what Okay, good luck That might it was it not on the the thumb drive Okay Not for Linux gotcha. So the difference between what now the difference between The snapshot in the original image, I'm not a hundred percent sure So you could you couldn't get back to the snapshot you said Yeah, I probably it's because Dev stack was Shutdown and whenever you try to restart it or if it's alive if it's running live And you're trying to move this and then it's like trying to bring all those services up again in a different environment It's I've seen it where The volume back end doesn't actually reconnect. So that what we have a script in there to Reconnect or recreate and reconnect to your sender volume back in Yeah, anybody else having any troubles that we can help out with there's a Dev stacks shut down or Dev stacks stop Yeah, yeah, it would be the last one there and that looks Dev stacks shut down Yeah So everybody get back to the Dev stack shut down Snapshot did everybody create this network then is the next piece The network being this virtual private network Give a little so So the VM is already connected to a 192 168 115 dot 130 and It makes it a lot easier to be able to SSH into that machine and also to see Horizon dashboard from this if you create this network first and then attach this network to your virtual machine That's your before you boot it back up and you can create that from the from this network control panel by just adding a new one and Setting this setting the subnet and the subnet mask. What was that? The subnet needs to be Yeah, 192 168 115 dot zero But you can still get Okay. All right. So we so moving moving along here. I think Everybody I'm caught up to where we are. I hope so So the next thing is making sure on this VM were to make sure we have at least four gigs of RAM I think it was defaulted to eight So you may be able may need to turn that down at least we need probably a at least four gigs though From my experience and then I've given it for CPUs That's that's to make sure we can boot a VM and have the CPUs and RAM available To Nova and this you can get to from the advanced options on the VM or settings Okay Another another thing is to make sure we enable that hypervisor Setting as well. Otherwise you're gonna get an error immediately whenever you create a Nova instance because the the extensions won't be Enabled And we'll be able to use KVM for that All right, so then we can boot up the machine We have the logging credentials there of open stack and password is the password The first thing we need to do in in this image is to CD into Change the directory to op stack dev stack and that's where we have dev stack set up There's a script inside of there. We can call Bash restart dev stack and that will bring up all of the services One you can either one way you can do this is to call is to SSH into this instance using Open stack at 192 168 115 dot 130 That's the instance IP so we have a We have the the instance IP of 192 168 115 130 you can do from your terminal you should be able to SSH to Open stack at that IP address If you've set up if the network is set up and correct if not you can actually just go into the console For VMware and you can you can use that with Open stack log in and password is the password and then as I was saying go into the dev stack directory Call the the restart dev stack SSH command with bash Yeah, that's why that's what so you can't just execute that script without calling That's why you need to add bash SSH because there's no execute on that on that script So and this should and once you do that it should bring up the screen session that shows all of dev stack running Has anybody not signed in? Thank you So we have the once we have that instance or once we have the screen session running there You can hit control a then D to escape out of that and then you should get back to a console from there Let's Let's see. Did I have anything else? Is everybody caught up to where we have we have open stack running now we have a few excellent Okay, so the network set up this one or the other one the other one You're not able to ping the IP address so that would mean that the network is not set up on that instance So so because that instance was set up originally on that network, and then it was moved You don't have that network set up on your on your laptop It's not going to know how to connect to that to that device, right? Make sense so that was that was creating this network and our In our What is this the global? VMware Fusion Network settings right so we're going to create create this network Let me I can I can enlarge this if I go to my This screen is this any better? How did I get to this screen? I? Will close it, and I will show you so I went to the VMware Fusion preferences And then I have general mouse settings default applications and network You do not know you do not have network Somebody said that because it was the evaluation version that you may have installed that that may not have they not have it The what? Yes How did I open this window? From the I went to VMware Fusion then I went to preferences So I went to here to preferences, and that shows up here If you have but we noticed if you have the evaluation version you won't you won't be able to get that that So the version of Okay, so it was it was the pro pro evaluation has this but the version on the thumb drive does not That's not on the thumb drive I'm confused now. Oh You can choose between pro or the regular version when you install There you go. Okay How are we doing here? Everybody having fun yet Yeah, I haven't mentioned that yet either, but so Here's another poll question How many people have actually been able to? See dev stack start up excellent Looks like we got quite a few over there. There you go. Excellent the next would be if How many people have gotten the VM to boot up correctly? What was that? Is he how many people still need help with getting the VM booted up correctly? Yes Yeah, you should be able to run from there as well You shouldn't need to but it's helpful. It's helpful to be able to shell into the machine So Right, so this is this is saying that we don't have a that network attached to your instance then so you have this you have this here Right. Okay, so you have to close you have to shut down your machine And then go to the settings of this of this VM under network and attach that Okay Okay, so now we have we have the preferences looking in preferences. We see that we see we have the custom network Okay, excellent, so then close close out of the screen Close this and then go to your settings on this VM and then go to network And then we need to set this network Okay, now that we have that this is going to connect that network to that instance and Then now whenever you boot up the instance you should be able to ping it So what I was just describing there was once we have once we have our network set up We have this network setup on this on this on our VMware Then inside for the instance that we have here. We go to the settings We go to our network adapter and then we set that we set this VM this private custom network To this to that to that instance and then then we can boot it up And it will have have that network access and then you should be able to shell into that The IP address like it was describing. All right, so can I get a show of hands of how many people got the network set up? Okay, how about who still needs to set that up? Can we get some? Who else needs needs a needs a hand? Anybody else need a hand here? Anybody else having problems with networking The networking piece So we have it. We have a hand over here In the blue shirt. Well, what's up? Okay, so All right, um, did you did you get the slide that I have? Yeah The slides Yeah Okay So I'd follow those steps in that in the slide there if that works. Are we doing on time? all right, so Does it look like we can We can boot it up should see the machine boot up here open stack at 2.168.1 All right, so once you've If you're able to SSH into your into your box there Then we can We go into op stack dev stack Inside of that inside of that folder. There's a restart dev stack sh and Then this should start up that screen session as we're saying you should see something like that on the screen Yeah, how many people see that? Do we have quorum? All right, so then once we're inside of there we can source the open RC with demo I Username and demo tenant so source open RC demo demo and That will then allow you to then use the the trove CLI so you should be able to use trove list and that should Might take a minute for it to first go through the Keystone authorization and then you should get an empty list. Yes, sir There's no neutron on this on this this is using Nova Network. Yes, sir, so Doug Amrith you said whenever the networking isn't there for the evaluation You just can't you just won't be able to do horizon. You'll just be able to get to the you'll just have to use the Console window and you won't be able to SSH to it, but it shouldn't affect Being able to to get it doing this inside of the console window So we've so now we've here's a slide showing we've sourced the open stack RC and and using demo demo And then we've able to to do the show trove list there Everybody been able to see a show of hands of who's been able to see a trove list That's awesome. That's a lot better than I thought I was gonna see Give yourself a hand Alright, okay, so the next thing we can see is a flavor list This will be the list of flavors that we can that we'll be able to that we can build an instance from Idea, we're only gonna use we're gonna work with two of them that are there and that's flavor seven which is the M1 already tiny and Number eight the M1 already small Those are specific because they're set up to work with the image that we have set up on this instance from within dev stack There's next you should be able to do a data store list Which is a trove space data store dash list Should be able to see My sequel in there. I can't blow that up anymore. Sorry. It's kind of small Everybody be able to see my sequel List excellent. How about the version do a data store? Data store version list and then giving it the the name of my sequel that will list you any of the versions that you have for that data store so each one of these is a is a specific version that you can install for for your instance next thing we can do here is a Created instance so we can so in order to create an instance. We give we do a trove create Give it the name of the instance. We'll call this instance demo next Next parameter is the flavor which will give it seven and Those are positional arguments to the trove command and then we'll give it dash dash size of one Which means we're giving it a volume of one Volume one gig size everything is in gigs So we're giving it a one gig size volume The data store is we pass in as my sequel the data store version is five six and then we can pass in optionally what users we want to automatically provision on this instance whenever we boot it so we're creating a a user one with a password of password and I'll I'll I'll go through that here as well. Oh We got Trove Create oops So we have Trove create if you don't type it with any parameters It gives you a little help there and that's helpful to make sure you you can see what's going on what you need to pass in Trove create. I'll give it demo for the name flavor size of seven Size of one data store my sequel data store version underscore version With five point six and then we give it a users of user one password excellent, and then once you once you do that you should see the payload that comes back giving you the UID flavor data store version name You may get a little box that pops up. It's asking for for your network access to promiscuous mode If you if you enabled that in the network settings there, so then we Then once we have this instance in the build state We can see it in the Trove list and you can see that it's in the build state there You can also call it with Trove show demo And that's basically just calling the details of that single instance and so you can see that and While it's in building here I'll just give it a watch command and it should like sit here in every two seconds make that call and We should eventually see that status that's in build go to active so what it's doing right now is it's actually It's created creating the nova instance. It is creating that volume attaching that form and then and then that once that instance is booted up and It's attached then it will then make sure it pulls in the In install make sure that package is installed which for this case is my sequel five six then it will go into making sure we mount the volume and format that volume in the correct location and Once that once it's mounted that volume there then it will Then it prepares the and then it prepares the my sequel to Install it into that directory. So we're making sure that we we set up the users We secure my sequel we we remove anonymous root users access and basically secure that down with the With the commands Magic turned active You got a question What are the pre-rex for the guest image? so for the for the guest image it is we have it as a It's an Ubuntu image by default, but we also have an ability of using Red Hat or Debian or whatever other image that you have as long as that instance has The guest agent installed on it and then is it can be configured to connect to your to your control plane Which that would be the the the rabid mq set up there then we have Let's see we have the guest then we have we have the data store Can't think of anything else right now that that is there we have We use the the image build elements That we can then build an instance from Right, we you can use the triple-o disk disk image builder. Is there an alternative? You can manually build one yourself. I mean that's that's entirely possible Might take a lot of manual effort But it's possible and I've seen it where you can build it as a As a container and you can you could end up building it and running it as some kind of container if you if that if that is your Virtualization that you're going to be using underneath. What was that emirth? You can use packer and you can use disk image builder to build the containers So you could use docker depending on on what no nova hypervisor Configuration to use And this and this and what our demo is here. It's showing it with the the default KVM hypervisor All right, so we see so we see something else that just showed up after it turned active now We see a volume used that's actually Reporting back and telling you how much of that volume that we give it a one gig It's using point one gigs of that volume so that you can then Key off of that if you needed to for metrics or making sure. Oh, I'm using I'm using like Point nine of my volume. I Probably need to upgrade or I need to maybe increase my volume size for this for this instance Well, there's a resize volume command that we can send to this and we can resize that and it'll go up to for example Two gigs if we need that You have a question sir. It's still in build Okay It should it shouldn't take too long Emory this coming over to take a look at it for you. Yeah, it could it could depend on the speed of your machine too So the so the air may have a little bit of an issue trying to trying to do this with limited resources But but it's a trade-off for being so thin and light, right? Yeah, you can so so if it's taken a little bit you can If you go into your screen You say screen dash X to go back into your into that screen session So we so in order to see this I use a control a and then I double Quote and then you can end your screen session and then you can see a list of all the the screen sessions going on and go to the task manager and You should you should be waiting until you get this Created test instance successfully So you should see that eventually in your in your task manager logs If you don't see that yet, it's probably eventually getting there. So you got it sir Excellent, it'll take a little longer for some for some if in that case and I'll go back out of that So let's see what's so once we have a Once we see that this trove instance went active So let's do some database management or let's create some users and databases on this so that we can easily Connect to it and test that out and show that it doesn't need anything more than than the api's calls that are provided so we have a trove database create and This takes in the the instance name as a positional argument and the database name as a another Positional argument so then we give that and you probably get no no response back from that It's just saying to oh to okay without without giving you back any response if it's successful Then just to test and see that that was successful then we see a database list With demo and then you should see that database name show up there and then now that we created this database We don't have any access to this database. We created that user one in the beginning, right? But it doesn't actually have access to this database because it hasn't been associated So now we need to there's a user grant access. So this is this is in case where you have You have a new user that comes on and they need access to certain databases or you add new databases And you need to give all your users access to that So you could do this if you had root access to your database But this provides you the flexibility of not providing root access to to certain users on that instance And then you can provide it all through through your through the API and Then we can test that we can actually SSR use my sequel from the from the host to this instance and use the username and password and see the databases there So we have IP address of 10 1 or 10 0 0 2 So do we have we have trove database? What how do we know what? So the IP of the instance is going to be in that in the show call So if you do trove show Demo as we see up at the top of the screen here We have trove show demo and then we see the IP address there And so we see 10 0 0 2 and that's just typically the first one that you give whenever you're creating in it Creating it near in your new user space So trove database list oh I forgot positional argument So let's give it a we have no databases So then we can say trove create a database on demo my DB You'll see nothing that comes back. We'll do another list. We'll see that database Everybody see this Everybody see this on your machines. Yes. Oh, you're still in building Okay Yes, switch Neutron subnet is is the trove virtual machine on that is on the defaults The default network Which is the the 10 oh space If you wanted to plug it into a different one you would which the the strategy of creating another one would be you? Create your other neutron network and then there's a if you look in the trove create I'll show the If we look at trove create, right? we see a list of Different options that we can pass into that one is the nick Dash-nick and that one you can pass in a net ID and then equals whatever you you ID of that network that you have And so that way you can then pass it into this private private subnet that you have and that will That will subnet it or isolate it away from it. Yes, if you're using neutron Yeah, and this in this dev stack. We're using Nova networking, but Yep, exactly so Everybody see a database Having some trouble there. All right, we can get somebody over there 0.2 user is What was my user? user1-p password Password Type it. Oh, there we go. All right So then you should be able to log into the instance like that and you should see that you're in my sequel And you should be able to say show Databases Databases if I can type oh I didn't grant access In my my example So we see that so now we need a grant Wait, what was it? grep grant User grant access. That's what it was This is how I how I hack through it. I grep for things, right? Trove user grants access What was the the list of commands there? So we need the instance name We need the name of the the user and that would be user1 We need the database which is my DB and Then if we had other databases were granting we would include those now. We've granted the access there now if I do now if I log in should be able to Log into my sequel here and then do a show Databases we should see Should see the database. Yes, we do excellent This this is a the equivalent of grant That user access to your database not necessarily grant all but Because you you can insert create update, but not not you Yeah, you don't have grant access so you can't grant somebody else access Yeah Not per user so you so you can configure this globally whenever you ask when you say hey grant access to a user What what data store has access to? So you can include if it's all or if it's grant or insert insert update select Whatever subset you would like of those those permissions All right, so everybody see the database there then Who did not see the database whenever they were able if they were able to log in? able to not or who saw it The positive side. Yeah, let's be positive. Who saw it? all right So then the next thing we can do is we can create another user And and grant them access to this database so we can actually include that in one step instead whenever we're Creating this user, so we already have that database might might be so we can say create a new user for on the demo instance We'll call this user to and password to and use the dash dash dash databases And we can give it the database that we created and then whenever we log in with With this user to and user to password then we should be able to see that see that same same database Yes Okay Who is it where is root or who is root? What's the question? so there's a so we have a Service user admin or root root user It's it's a implicit or it's a a different name It's not root, but it's a different named user that we have That that basically allows us to make these calls into the into the instance from the guest Yeah, we so we do have a we do have user access to this database from the guest We have root access at that point and that's in that's that's set up in the actually in The prepare whenever we create this instance that is we create that user and and secure that Right, so it's only locked down to the local host the only the local host What is that the host name of that user is only access from that from that host, right? Yeah Yes, sir, it's via RPC It's all all via RPC to the guest That's Not over SSH. It's through it's through the rabbit connection that we have because the guest also has has access to rabbit to be able to Say hey, I'm basically to send messages back to conductor And it's also bidirectional to task manager as well to be able to know that and it's Something is finished and can respond back to it. They listen to the conductor conductor so conductor is basically just listening for all that to all the instances that are out and on the network and it's basically just Listening to for the heart beats so because every guest has a heartbeat. That's like basically hey Is the sir is your data store active or is it is it running? Is it am I able to connect to it? Everything look okay. Okay. It's active, right? So there's a heartbeat that sent from the guest Periodically saying it's good. It's good. All of a sudden maybe it Maybe you run out of memory or something in that data store dies all of a sudden then we'll send a message back saying all right Well, it's air or it's it stopped. There's something something wrong So we changed the state of that state of that instance and the database so whenever you query The replication of the Yes Liz's to the heartbeat of the of the guest So the sir asking about auto failover and replication for that. So there if This in this case. We have a single instance where there's no there's no replication across for for my sequel We're talking about the the guest instance there We have if that instance dies. Well, we just we report back saying hey You don't have access to this to this instance anymore. Maybe you need to issue a restart or something to fix that Maybe you need to maybe you need to do something more exhaustive than that that We do have access we do have also a Way of doing replication as well so you can create create two nodes as master and a slave and Then we can if one if your master ends up falling off then you can promote your slave That we have that ability as well through the the trove API There's no auto failover There's just a manual way of and and basically that by polling what the what the state of those instances are right now the conductor is basically just Basically all conductor does is just listens to all these instances and writes it to the database. It's just like all right We have we have basically instead of having every instance like Writing its own state or whatever Conductors the central point of knowing or of writing those those database states The trove database as in Sure, your my SQL instance is going to be here. Okay, so in this Nova instance You got my SQL running here, and you got the guest agent all the Craig was talking about is the heartbeat from the guest agent saying My SQL alive alive That state must be written into this database Because if somebody comes in from horizon and says Give me the list of all the databases you ran trove show Where do we get that state from we get it from here? How does the state of this database? Go here so that trove show is going to be able to catch it the guest agent is going to run on my SQL run my SQL ping Success it sends a message over the message bus the conductor picks up that message writes the status in here It does that every so many seconds There are other things which conductor does like for example if you change the route password The response coming over from the guest agent to the conductor is going to be in when you do trove root enable The password is going to come over here, and you're going to get the password through so you can show it to the end user So this is the path from the guest agent through to this database over the message bus Your question earlier was do you do it over SSH? No Task manager never talks to this database directly It always talks to the guest agent because realize the task manager as far as possible should be database agnostic This database may be my SQL Postgres Mongo Cassandra, whatever the hell it is This is the translation between databases so the task manager is only going to talk to here The response from here is going to go back over the message bus and get stored in persistent state That's the reason why this is effectively part of the trove control plane even though it's running on the Nova instance That answer your question, sir. Yeah Yeah, sir So right now the way in which you were to if you were to do this with neutron this guest instance is going to have two interfaces Yeah, one interface is going to be connected on to your management network one interface is going to be connected on to your public network your default when you build an image for a trove and We distribute images. There's images available on tar balls that open stack or the proper configuration would be to bind the Network interface for your host database to the public interface and to restrict your guest agent to the management network that way nobody is going to be able to go from Your you're going to be able to have access from the guest agent to the message bus and The database is never going to listen on the wrong interface. That's the separation. You're going to have with neutron Currently what you're using is a dev stack base set up which has no one networking same thing with no truck correct, so So the question is if you were to actually SSH into the instance the stuff in et cetera Okay, so here's what actually happens the guest image has nothing of that the bear image sitting on glass doesn't have any of that When you run trove create actually you can look at the stuff in there you realize that much of the stuff There's there's one which is called guest config or guest info. That's the ID for the guest So when you do the trove create call the task manager at runtime generates two files And it uses file injection cloud in it. Whatever you want pushes that down here Therefore when this instance is booted using nova when the instance comes up the first task Which runs is going to find these files magically appear there Yeah, it's injected into it No, you know you do those those are two things which commit now I Will be very clear about something which Craig said earlier the entire configuration you've got there is dev stack base This is not a part not an indication of a production network production deployment of show The very fact that you're able to SSH into this instance means this ain't a production setup. Okay. Yeah That's a no-no from production perspective I should repeat the question how many of you run dev stack in production Oh, I got two people raising their hands Excellent. Do we have any other questions around that? Alright, so how many of you were actually able to get much of trove up and running? Excellent, how many of you still have questions about trove? Oh, come on. Somebody was questions about trove. Well There's a bunch of us here go to the HP booth and find any of the HP folks go to the red hat booth You can find Victoria there come to the tesoro booth. All of us are gonna be there happy to answer your questions Otherwise hash open stack trove IRC Hit us up. We'll give you whatever help we can. Yeah, we're always there So the question was about RDO support for trove and that was in in January you said in January So that was that question So the question was if there if RDO supports true Currently it's in tech preview. That means that you we have the automation for it You can't run RDO with true But it still is there are some bugs we are fixing and it may be not be still enough but in general we will release it with full support for it and You will be able to use it with the rest of your RDO infrastructure return That's I'm sorry Excellent. Yes, sir. This went till six. Hi. Okay. Okay, quick one Yeah, so a couple is there a standard or recommended way to set up trove so that The database instances and other trove infrastructure is hidden from the users What what is that? The question is there a standard way to install trove so that the database instances are Hidden from the users so in order to hide hide those The instances and everything from the user there is a way there was a I Believe there's some docs that we that we put together as well for that on the on our wiki page around trove I think we probably need to highlight those a little bit more because those those are some questions that we constantly get I'll make sure I actually I should take an I take an action right now I'm making sure that's on the front page of the of our wiki page for trove but But going forward with it. It's basically it's changing the the remote remote access that we have To to nova and to sender and to and to the other clients that trove is actually using to connect to To to the infrastructure right so you have nova and sender running so and our in our task manager service connects to connects to those Well, we override that with a with a a different user so that kind of it basically kind of proxies it right so you look like it's it's You're coming in as your as user X and then all of a sudden it turns into user admin and then we have that connection to it basically it's Overwriting our remote pie Let me let me try and take another crack at it. Okay you want to do you want to keep the Database instances out of the users reach okay trove is a client of Nova senders with glands and so on okay The only way in which trove communicates with those services is on their public APIs One way in which you can deploy trove in production is by saying that The trove endpoint that the nova endpoint which trove must hit is not the same endpoint Which the end user is going to hit when they run a nova list command The other way in which you can do this is by saying that If you launch an instance a trove instance using your credentials the nova instance can be launched with a different users credentials Those are all configurable within trove At the end of the day the thing which you want to prevent is an end user getting shell access to that instance That's the thing which you want to avoid There's multiple ways in which you can get shell access to it But in most of the cases that I have seen people deploying trove in production The most common thing is there's a different a set of access credentials which the user Has in order to launch the instance. They don't directly use their keystone credentials There's a different veneer on top of the user interface which they use So those are kind of three of the different ways in which we can do it We have much of this stuff documented. Maybe it should be highlighted To who uses So even if he creates a keystone domain on the fly the question is is the end user Going to be able to see it if he or she runs a nova list command the answer is they will be able to Yes, yes as of liberty trove can deploy Liberty yes, that was something we worked on Yeah, you can't you can't you can find me. I'm sure but yes, if you have any questions around that I'm It's very similar, it's it's just the package that's different really We have a it's the prokona extra db cluster package Or cluster server package and that's that's installed and that includes the extra db backup as the replication Type and then using glare as well We deployed MySQL database in version 5.6 or something and then spawns a new year Virtual machine who manages this virtual machine later on patching so life cycle management is just the focus of Your project or is this who who needs to do this later on so so the idea is Who manages this this trove my sequel database after it's launched? The idea is that trove would trove would manage this automatically That's the goal of the project is to where you can just kind of fire and forget and then oh my database is always going to be there There's We're not all the way there. It's there's still some manual steps to that we're going to be adding like monitoring to this to where you can get then and get alerts to of What what's going on with your database basically tying in a bunch of those events that we have that we've built into into trove But to answer the question currently it's it's going to be it's going to rely on The user and then if if the user can't handle it then it goes to the operator of the of the system Right, so if you were going to upgrade that from five six to six point oh my sequel for example, or we're gonna then you would have Then you would have to rebuild that image And there's not I would say in part partially of that There's no guarantee that the data between two different versions of my sequel or Versions of flavors of my sequel that it will work. So highly recommend backing that up and testing that All right, I think that wrap about wraps up for the time. I appreciate everybody coming It's great to see all the on the new faces and very great questions that everybody asked I we really appreciate that if you have any other feedback or questions you can ask any of us up here We'll be glad to glad to talk to you about this Yeah, you can just like you can go back to that snapshot and run through it everyone You can pause it or thank you. Thank you everybody