 All right, looks like this is Start sure start welcome So this is the project update for the open sack charms project So what are the open sack charms? Oh wait? Who are you? Yeah, oh Yeah, I am thrilled north all and ptl for the rocky stein cycle And This is I'm Ryan bisoner. I'm one of the poor charmers for private So what are open sack charms? Open sack charms aim to be Cross-effective deployment and operations of opensack at any scale And we do that We've done that in since 2011 We had a initial commit there and the project has Evolved over time to support opensack exchanges and project splits, you know quantum became neutron and All kinds of things has happened since then We have a wide set of charms many of which We at canonical Maintain and that'll hope there's also a community contributed charms Oh should probably And Stefan is sending you messages Yeah, just a just to kind of expand on this bit here The charms that you see up there. I think everyone on that slide are in the open stack charms project And are fully in the open Yeah, indeed Yeah, I think so. Yep, so we don't on the charms project. We don't necessarily man a one-to-one List of all of the open stack projects You know, there are some that are community contributed some that have just been around a long time some that are core And and then we've got third parties and vendor integrations that generate a charm So again this the full list at the end you'll see a link and then of course you can query the open stack in for Definitions to see all of what we've got anyway, so I go ahead and yeah Playing with that each of the charms are represented by a separate get the repo in the upstream get it So you'll you'll find all the code and everything there Apache license like the rest of the project and So Just want to talk about some of the surrounding tools The icon on the part left there is juju juju is a modeling software And with that you model your applications your machines your networks and your storage You know typically put that down in some YAML Reference which charms you want and you can run to deploy command and it will go deploy on where whatever substrate you want For physical machines, we have a service called mass she's icon there metal as a service And it's it Can basically run your whole data center or physical machines and Naturally, I've been and networks and it can also Point it at a virtual hypervisor Control virtual machines on your laptop for testing or yeah, that's funny the the so juju and mass I mean clearly the charms are leveraging these they're both open source And you know we think very highly of them There's a different forum for that I guess probably first to talk a little bit more about that after this because we've got the community Charms project that we want to move on to so those two things if you're curious of those and you've not used them Hit us after this and we'd be glad to talk about those Yeah and of course you have the the charms charms are encapsulation of the operation and upgrading and Maintenance and configuration of an application of an application And those can be used for other things that are not open stack projects, too but our open stack charms are specialized for You know doing the HA you need for open second deployments and for upgrades especially And of course the opens like logo you all know that And they'll go on the far right is LXD LXD is machine containers real quick Which we hands on with LXD anyone with or without charms Cool be interested in talking more about those use cases with or without charms So we use that to containerize to all the parts of the Deployment there are some things that are not containerized yet because of We need some dependency in kernel and other stuff that we need to develop before it works Yeah block devices and KDM stuff and things like that, but so the the precursor to LXD of course was like see Familiar with that I'm sure What what that says or what I'm getting at with that is the the control plane and the database Cluster and the message cluster and all of that With charms has been something that we've containerized since Trusty since 2013 14 right so that's been a very solid approach And so we've just carried that forward with the LXD where it just basically got demonized. So that's been our Containerized control plane approach That's the bit that allows us to do that Yep So I'm just going to walk through The year in the past what what we've been delivered to each release site so The charms project is a deployment project So we don't actually release on the same date as the upstream open sector lease we we often We try to align them, but the trailing release, which I think is a two week when yeah, so we Try to release two weeks within the release. Yeah, generally we're within two days, but yeah So for February we of course supported opensack Queens release. That's also included in Ubuntu bionic which gives it the privacy or five years long-term support Well, after Mark's announcement yesterday, I guess we have to support it a bit longer Yeah, I think they'll be I think that there's probably going to be some sort of Further announcement on that I guess I'm not I don't know. Yeah, but anyway the charms will support bionic as long as bionic is supported And for that to least be Did the neutron designate integration Actually the designate charms one of the contributed charms. It's not done by the core team. I Think he's an employee in Canada, but yeah And We had a sport for bionic course and we untangled the requirement for using MongoDB with the telemetry stack So that we can use knocky instead so to be clear before 1804 and with Like trust up to trusty mataka, I think you needed MongoDB and then at that break we switched to knocky as that Collector And in May We did a name movement for the neutral and dynamic routing support Which allows you to talk the GP to your existing network infrastructure We implemented encryption at rest through vault which give you on disk encryption for for Seth and for Nova instance storage and Swift yeah, it's worth touching on that real quick So what this the three or four measures for this going into it where? Can you afford to have a hard drive walk away and Know that your data is safe. Can you afford to have an entire rack a pizza box or an entire rack disappear? Or can you entire can you afford to have an entire data center be compromised stolen moved like a pod or a CO and so the idea here is that you've got But we're using vault that has to be unsealed if it ever loses power Right and so all of these things retrieve the the keys from this vault Right, so if you reboot a server as long as your vault is still there and it's still connected Then of course they can decrypt and boot And then if if you just haul off with the whole server turn it back on you're going So I have to go through some procedures, so that's all Something that we think is pretty cool Basic feature for compliance and just general well-being of the data center GDPR that too. Yeah. Yeah He generally tends to undersell this BGP thing So like layer three traffic all the way to the instance at the with the BGP speaker on the edge of neutron It's just a really cool like way to think about More modern telco friendly open-stack cloud, so that's what that does. It's pretty neat It's very neat Froda. Yeah, it's very neat. I love it. They treat So as a general measure that type of question I think is The best answer is to look at the functional tests for the charm itself because in that functional test we're declaring a Fraction of an open stack in other words to deploy just enough open stack to test that in a black box way So it's not a fully HA bundle. Perhaps it's not a full stack with telemetry and all of that but what you'll get is you know Nova Neutron rabbit database and The BGP stuff, right? So if you dig into the charm if you get the repo and dig into the test directory, you'll see a bundle snippet inside there But we don't have one published. I don't think into Like a charm store bundle or something like that Right Yep, so Yeah, we would need to produce a distinct bundle for that But again, you can derive the info with that fraction of a bundle and then just graft that into an existing one if you've got You know an existing deployment what you'll discover in there is what needs to be related to what? Right and what the configs are Yeah, yeah So anyway, let's We'll move on a bit and then if you want to chat a bit of more about that We can help you find an example and I can point you at that directory too that hopefully should describe What you're after yeah Okay, we better move on so and the vault which we use for the encryption at the rest This is has also has support for TLS certificate management So we've added that to to most charms Which gives you as TLS throughout the deployment on the control plane without having to Issue the circuit certificates one by one. It does it automatically you just give it the CA certificate and Shit happens Young word And of course Yeah full 80 or for support good things happen good things happen And in August obviously the rocky support and we flipped default for For a safe to use blue store a storage after validating That we are confident in it working. Okay, so it won't eat your data And we have Mimic support and the did the keystone for a token support Yeah, so for Think it's Queens and later you can configure on the charms for it or not Yes, and then for Rocky and later, of course, it's required and it's just you it is for it at that point Yeah, so that gives you an upgrade path. You can change to provide before upgrading and To have less less problems in the upgrade indeed Our recommendation would be to reconfigure the charm for Furnit tokens at Queens prior to an upgrade I think I've published that yeah, if you do both at once. Yeah, it may still work. Yeah, that's not the path we test And now we are here This release is going out as we will be doing your lease in these days Yeah, it's all staged and ready to drop I think within the next one to two business days. Yeah And with that we are adding Nova cells version two Then the driver for that is we see people having clouds with more than It's a compute. Well, so yeah, you know, we see message bus gets overloaded and such when you get into the two three to three hundred Depending on the load now you may you may seem like well Nova cells have been around a little while It started coming in a pike in Okada, right? So we've been tracking at a while Several releases ago. I think 18 months ago. We changed the deployment topology of the charms under the hood the entire time You were getting a single cell cloud with cells V2 enabled anyway, which made it easy for us to then say Surprise you can now extend that and add cells once we went through and did all the validation of that feature So you're well staged to consume that now. Yeah, so there are there are a few large clouds out there. Yeah, sure And we're adding the support for the Octavia load balancer Octavia is now the reference architecture for low-balancing in OpenSack and Existing one where you install HF proxy in a In a namespace on the gateway is to be removed soon. I don't know if they have a set set date But yeah, so it's preparation for for that And we're doing a volt integration for Barbican Which is kind of a requirement for the Octavia. Yeah, so you have a safe place to store the TLS secrets private keys. I really like this one You know, we've looked at at Barbican and we wrote a preview charm about two years ago and did kind of a soft HSM back in to kind of simulate an HSM The the Castellan work and the work in Barbican We've got some commits out and we're carrying that work in the Ubuntu cloud archive until that lands But it essentially enables the use of vault as a software only secure back end for Barbican rather than spending However much you you might need to to purchase and maintain HSM's Which we would like to see supported as well But you know, I just don't have that hardware in our lab and the first person that comes along That wants that I think it'd be cool to also add that HSM hardware back end as a plug-in for both for Barbican And We're adding a serious upgrade the meaning of that is the ability to upgrade Operating system underneath the deployment. So if you are having machines on trustee, you can upgrade them to senile And from senile to bionic So this is part of the main enablement to To our greater upgrade story. Yeah, and it kind of formalizes the story that you've heard this week. Yeah We should probably cruise on I think we're yeah, I have a few minutes left. Okay, and the Cosmic Cattlefish support. Yeah So future We are Well underway with the Python tree work We've met the goals for the Python tree first Thing by enabling, you know, all All new code will not pass the gate unless it's Python 3 compatible We're also changing the Runtime for in all the packaging. I'm not sure how far we've come with that And so it's kind of a it there two fronts for Python 3. There's the payload of the charm Which is Nova Neutron sender whatever it is upstream that's packaged and distributed and then there's the Python 3 Code that's the charm itself. And so we've started working on the Python 3 conversion for the charms themselves a year and a half two years ago It's basically complete. There's a few more things that we need to polish and then we're working With upstream individual projects to raise and file on fixed bugs and help move along the payload part of that the upstream bit And we are converting all our functional testing of your framework called Sansa Which is also kind of because of the Python 3 at least that United it because our existing functional test framework is Python 3 only So this is it's a new library for it's basically to test any charm. So It's not specific to OpenStack. Even though we Have branded it as that. Yeah. Yeah, exactly. Well, that'll listen up a bit So on the Lexi side of things we have a charm called Lexi that's a subordinate for the Nova compute charm that allows you to spin up system containers with Lexi from Nova and We'll just rename that this cycle to the Nova Lexi charm because there's another Lexi charm that might come along that's a more generic use case for clustering Real quick. I think this one's mine. So we're doing some work in Both juju and Charms to enable us to put neutron Gateway Nova compute and Nova Lexi into Lexi which allows for a denser story with convergence We're going to be looking at putting out some features in the Ceph charms again. Those are not an official Ceph Well Ceph is not part of OpenStack But it the Ceph charms are part of the OpenStack charms, right? So we maintain develop those we'll be putting in rados get we sold site replication RBD mirroring Features into those charms. So this is all for 1904 We'll there's a lot of in the enterprises. We see a lot of proxies and egress limitation Environments and so there are things that you can do today. We've got a few areas. We're going to make that better The the bottom part here is really something I wanted to make sure we touched on we're working on putting out artifacts and templates and examples to make it easier for third parties for contributors for vendors to integrate with existing OpenStack charms and so we'll be putting out For example the generic ice-cazi sender back end of which there are a Hundred vendors or something like that, right? So this will be pretty much a template sort of thing They all essentially look the same as far as the integration Trilio is someone that we're working with as well for the backup restore features. It's a pretty cool feature I Think we're at time. Yep And so we'll leave this up for a bit if you guys have any questions We'll be hanging around and if you miss us lots of orange shirts around and and other community folks Does anybody have a read on the time? Is that really where we are? Cool. Thank you so much. Yeah. Thanks. Thanks for it. That's right. Cheers