On 28/06/18 15:09, Fox, Kevin M wrote:
I'll weigh in a bit with my operator hat on as recent experience it pertains to 
the current conversation....

Kubernetes has largely succeeded in common distribution tools where OpenStack 
has not been able to.
kubeadm was created as a way to centralize deployment best practices, config, 
and upgrade stuff into a common code based that other deployment tools can 
build on.

I think this has been successful for a few reasons:
  * kubernetes followed a philosophy of using k8s to deploy/enhance k8s. 
(Eating its own dogfood)

This is also TripleO's philosophy :)

  * was willing to make their api robust enough to handle that self 
enhancement. (secrets are a thing, orchestration is not optional, etc)

I don't even think that self-upgrading was the most important consequence of that. Fundamentally, they understood how applications would use it and made sure that the batteries were included. I think the fact that they conceived it explicitly as an application operation technology made this an obvious choice. I suspect that the reason we've lagged in standardising those things in OpenStack is that there's so many other ways to think of OpenStack before you get to that one.

  * they decided to produce a reference product (very important to adoption IMO. You 
don't have to "build from source" to kick the tires.)
  * made the barrier to testing/development as low as 'curl 
http://......minikube; minikube start' (this spurs adoption and contribution)

That's not so different from devstack though.

  * not having large silo's in deployment projects allowed better communication 
on common tooling.
  * Operator focused architecture, not project based architecture. This 
simplifies the deployment situation greatly.
  * try whenever possible to focus on just the commons and push vendor specific 
needs to plugins so vendors can deal with vendor issues directly and not 
corrupt the core.

I agree with all of those, but to be fair to OpenStack, you're leaving out arguably the most important one:

    * Installation instructions start with "assume a working datacenter"

They have that luxury; we do not. (To be clear, they are 100% right to take full advantage of that luxury. Although if there are still folks who go around saying that it's a trivial problem and OpenStackers must all be idiots for making it look so difficult, they should really stop embarrassing themselves.)

I've upgraded many OpenStacks since Essex and usually it is multiple weeks of 
prep, and a 1-2 day outage to perform the deed. about 50% of the upgrades, 
something breaks only on the production system and needs hot patching on the 
spot. About 10% of the time, I've had to write the patch personally.

I had to upgrade a k8s cluster yesterday from 1.9.6 to 1.10.5. For comparison, 
what did I have to do? A couple hours of looking at release notes and trying to 
dig up examples of where things broke for others. Nothing popped up. Then:

on the controller, I ran:
yum install -y kubeadm #get the newest kubeadm
kubeadm upgrade plan #check things out

It told me I had 2 choices. I could:
  * kubeadm upgrade v1.9.8
  * kubeadm upgrade v1.10.5

I ran:
kubeadm upgrade v1.10.5

The control plane was down for under 60 seconds and then the cluster was 
upgraded. The rest of the services did a rolling upgrade live and took a few 
more minutes.

I can take my time to upgrade kubelets as mixed kubelet versions works well.

Upgrading kubelet is about as easy.

Done.

There's a lot of things to learn from the governance / architecture of 
Kubernetes..

+1

Fundamentally, there isn't huge differences in what Kubernetes and OpenStack 
tries to provide users. Scheduling a VM or a Container via an api with some 
kind of networking and storage is the same kind of thing in either case.

Yes, from a user perspective that is (very) broadly accurate. But again, Kubernetes assumes that somebody else has provided the bottom few layers of implementation, while OpenStack *is* the somebody else.

The how to get the software (openstack or k8s) running is about as polar 
opposite you can get though.

I think if OpenStack wants to gain back some of the steam it had before, it 
needs to adjust to the new world it is living in. This means:
  * Consider abolishing the project walls. They are driving bad architecture 
(not intentionally but as a side affect of structure)

In the spirit of cdent's blog post about random ideas: one idea I keep coming back to (and it's been around for a while, I don't remember who it first came from) is to start treating the compute node as a single project (I guess the k8s equivalent would be a kubelet). Have a single API - commands go in, events come out.

Note that this would not include just the compute-node functionality of Nova, Neutron and Cinder, but ultimately also that of Ceilometer, Watcher, Freezer, Masakari (and possibly Congress and Vitrage?) as well. Some of those projects only exist at all because of boundaries between stuff on the compute node, while others are just unnecessarily complicated to add to a deployment because of those boundaries. (See https://julien.danjou.info/lessons-from-openstack-telemetry-incubation/ for some insightful observations on that topic - note that you don't have to agree with all of it to appreciate the point that the balkanisation of the compute node architecture leads to bad design decisions.)

In theory doing that should make it easier to build e.g. a cut-down compute API of the kind that Jay was talking about upthread.

I know that the short-term costs of making a change like this are going to be high - we aren't even yet at a point where making a stable API for compute drivers has been judged to meet a cost/benefit analysis. But maybe if we can do a comprehensive job of articulating the long-term benefits, we might find that it's still the right thing to do.

  * focus on the commons first.
  * simplify the architecture for ops:
    * make as much as possible stateless and centralize remaining state.
    * stop moving config options around with every release. Make it promote 
automatically and persist it somewhere.
    * improve serial performance before sharding. k8s can do 5000 nodes on one 
control plane. No reason to do nova cells and make ops deal with it except for 
the most huge of clouds
  * consider a reference product (think Linux vanilla kernel. distro's can 
provide their own variants. thats ok)
  * come up with an architecture team for the whole, not the subsystem. The 
whole thing needs to work well.

We probably actually need two groups: one to think about the architecture of the user experience of OpenStack, and one to think about the internal architecture as a whole.

I'd be very enthusiastic about the TC chartering some group to work on this. It has worried me for a long time that there is nobody designing OpenStack as an whole; design is done at the level of individual projects, and OpenStack is an ad-hoc collection of what they produce. Unfortunately we did have an Architecture Working Group for a while (in the sense of the second definition above), and it fizzled out because there weren't enough people with enough time to work on it. Until we can identify at least a theoretical reason why a new effort would be more successful, I don't think there is going to be any appetite for trying again.

cheers,
Zane.

  * encourage current OpenStack devs to test/deploy Kubernetes. It has some 
very good ideas that OpenStack could benefit from. If you don't know what they 
are, you can't adopt them.

And I know its hard to talk about, but consider just adopting k8s as the 
commons and build on top of it. OpenStack's api's are good. The implementations 
right now are very very heavy for ops. You could tie in K8s's pod scheduler 
with vm stuff running in containers and get a vastly simpler architecture for 
operators to deal with. Yes, this would be a major disruptive change to 
OpenStack. But long term, I think it would make for a much healthier OpenStack.

Thanks,
Kevin
________________________________________
From: Zane Bitter [zbit...@redhat.com]
Sent: Wednesday, June 27, 2018 4:23 PM
To: openstack-dev@lists.openstack.org
Subject: Re: [openstack-dev] [tc] [all] TC Report 18-26

On 27/06/18 07:55, Jay Pipes wrote:
WARNING:

Danger, Will Robinson! Strong opinions ahead!

I'd have been disappointed with anything less :)

On 06/26/2018 10:00 PM, Zane Bitter wrote:
On 26/06/18 09:12, Jay Pipes wrote:
Is (one of) the problem(s) with our community that we have too small
of a scope/footprint? No. Not in the slightest.

Incidentally, this is an interesting/amusing example of what we talked
about this morning on IRC[1]: you say your concern is that the scope
of *Nova* is too big and that you'd be happy to have *more* services
in OpenStack if they took the orchestration load off Nova and left it
just to handle the 'plumbing' part (which I agree with, while noting
that nobody knows how to get there from here); but here you're
implying that Kata Containers (something that will clearly have no
effect either way on the simplicity or otherwise of Nova) shouldn't be
part of the Foundation because it will take focus away from
Nova/OpenStack.

Above, I was saying that the scope of the *OpenStack* community is
already too broad (IMHO). An example of projects that have made the
*OpenStack* community too broad are purpose-built telco applications
like Tacker [1] and Service Function Chaining. [2]

I've also argued in the past that all distro- or vendor-specific
deployment tools (Fuel, Triple-O, etc [3]) should live outside of
OpenStack because these projects are more products and the relentless
drive of vendor product management (rightfully) pushes the scope of
these applications to gobble up more and more feature space that may or
may not have anything to do with the core OpenStack mission (and have
more to do with those companies' product roadmap).

I'm still sad that we've never managed to come up with a single way to
install OpenStack. The amount of duplicated effort expended on that
problem is mind-boggling. At least we tried though. Excluding those
projects from the community would have just meant giving up from the
beginning.

I think Thierry's new map, that collects installer services in a
separate bucket (that may eventually come with a separate git namespace)
is a helpful way of communicating to users what's happening without
forcing those projects outside of the community.

On the other hand, my statement that the OpenStack Foundation having 4
different focus areas leads to a lack of, well, focus, is a general
statement on the OpenStack *Foundation* simultaneously expanding its
sphere of influence while at the same time losing sight of OpenStack
itself -- and thus the push to create an Open Infrastructure Foundation
that would be able to compete with the larger mission of the Linux
Foundation.

[1] This is nothing against Tacker itself. I just don't believe that
*applications* that are specially built for one particular industry
belong in the OpenStack set of projects. I had repeatedly stated this on
Tacker's application to become an OpenStack project, FWIW:

https://review.openstack.org/#/c/276417/

[2] There is also nothing wrong with service function chains. I just
don't believe they belong in *OpenStack*. They more appropriately belong
in the (Open)NFV community because they just are not applicable outside
of that community's scope and mission.

[3] It's interesting to note that Airship was put into its own
playground outside the bounds of the OpenStack community (but inside the
bounds of the OpenStack Foundation).

I wouldn't say it's inside the bounds of the Foundation, and in fact
confusion about that is a large part of why I wrote the blog post. It is
a 100% unofficial project that just happens to be hosted on our infra.
Saying it's inside the bounds of the Foundation is like saying
Kubernetes is inside the bounds of GitHub.

Airship is AT&T's specific
deployment tooling for "the edge!". I actually think this was the
correct move for this vendor-opinionated deployment tool.

So to answer your question:

<jaypipes> zaneb: yeah... nobody I know who argues for a small stable
core (in Nova) has ever said there should be fewer higher layer services.
<jaypipes> zaneb: I'm not entirely sure where you got that idea from.

Note the emphasis on *Nova* above?

Also note that when I've said that *OpenStack* should have a smaller
mission and scope, that doesn't mean that higher-level services aren't
necessary or wanted.

Thank you for saying this, and could I please ask you to repeat this
disclaimer whenever you talk about a smaller scope for OpenStack.
Because for those of us working on higher-level services it feels like
there has been a non-stop chorus (both inside and outside the project)
of people wanting to redefine OpenStack as something that doesn't
include us.

The reason I haven't dropped this discussion is because I really want to
know if _all_ of those people were actually talking about something else
(e.g. a smaller scope for Nova), or if it's just you. Because you and I
are in complete agreement that Nova has grown a lot of obscure
capabilities that make it fiendishly difficult to maintain, and that in
many cases might never have been requested if we'd had higher-level
tools that could meet the same use cases by composing simpler operations.

IMHO some of the contributing factors to that were:

* The aforementioned hostility from some quarters to the existence of
higher-level projects in OpenStack.
* The ongoing hostility of operators to deploying any projects outside
of Keystone/Nova/Glance/Neutron/Cinder (*still* seen playing out in the
Barbican vs. Castellan debate, where we can't even correct one of
OpenStack's original sins and bake in a secret store - something k8s
managed from day one - because people don't want to install another ReST
API even over a backend that they'll already have to install anyway).
* The illegibility of public Nova interfaces to potential higher-level
tools.

It's just that Nova has been a dumping ground over the past 7+ years for
features that, looking back, should never have been added to Nova (or at
least, never added to the Compute API) [4].

What we were discussing yesterday on IRC was this:

"Which parts of the Compute API should have been implemented in other
services?"

What we are discussing here is this:

"Which projects in the OpenStack community expanded the scope of the
OpenStack mission beyond infrastructure-as-a-service?"

and, following that:

"What should we do about projects that expanded the scope of the
OpenStack mission beyond infrastructure-as-a-service?"

Note that, clearly, my opinion is that OpenStack's mission should be to
provide infrastructure as a service projects (both plumbing and porcelain).

This is MHO only. The actual OpenStack mission statement [5] is
sufficiently vague as to provide no meaningful filtering value for
determining new entrants to the project ecosystem.

I think this is inevitable, in that if you want to define cloud
computing in a single sentence it will necessarily be very vague.

That's the reason for pursuing a technical vision statement
(brainstorming for which is how this discussion started), so we can
spell it out in a longer form.

cheers,
Zane.

I *personally* believe that should change in order for the *OpenStack*
community to have some meaningful definition and differentiation from
the broader cloud computing, application development, and network
orchestration ecosystems.

All the best,
-jay

[4] ... or never brought into the Compute API to begin with. You know,
vestigial tail and all that.

[5] for reference: "The OpenStack Mission is to produce a ubiquitous
Open Source Cloud Computing platform that is easy to use, simple to
implement, interoperable between deployments, works well at all scales,
and meets the needs of users and operators of both public and private
clouds."

I guess from all the people who keep saying it ;)

Apparently somebody was saying it a year ago too :D
https://twitter.com/zerobanana/status/883052105791156225

cheers,
Zane.

[1]
http://eavesdrop.openstack.org/irclogs/%23openstack-tc/%23openstack-tc.2018-06-26.log.html#t2018-06-26T15:30:33


__________________________________________________________________________

OpenStack Development Mailing List (not for usage questions)
Unsubscribe:
openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to