Monday, January 30, 2012

Introducing OpenStackAgent for Xen-based Clouds. What?

What it is all about

Not long ago we’ve been working on deployment of OpenStack Cactus-based public cloud using Xen as an underlying hypervisor. One of the problems we’ve faced were Windows guest instances failing to set up their administrator password to those generated by nova on instance creation. As it turned out the overall process of compute-guest instance communication in OpenStack-Xen environment is rather tricky (see the illustration). One of the core components of the process is so called guest agent - a special user space service which runs within a guest OS and executes commands provided from outside. Originally we’ve used the guest agent implementation provided by Rackspace. One can find the source code both for *nix and Windows OS on the Launchpad page. Although the project seemed to be quite stable at the moment the service built from C# code and combined with Cactus version of nova plugin for Xen was unable to set the password for the Windows instances. Deep log analysis revealed the problem at the stage of cryptography engine initialization. It should be noted that the procedure of resetting administrator’s password itself is complex. It first includes Diffie-Hellman key exchange between compute and guest agent. Next the password is encrypted for the sake of security and sent via the public channel i.e. Xen Store to the agent. For the deadline was coming in several hours we had no time to set up a proper environment for debugging and therefore we decided to perform a rather immature step which turned out to be a success afterwards. Hastily we implemented our own guest agent service using pywin32 library. Later on, it acquired several additional features including MSI installer and grew up into a separate project named OpenStackAgent. And now we would like to introduce it to the community.


What it is currently capable of

  • Instance spawn time and run time password changing.
  • Updating itself from network on “update” command retrieval.
  • Running and logging :)
The capabilities look quite limited, don’t they? However it is yet of version 0.0.5 and the development is on the way. Thus visit the project homepage soon to find the new features.


What else is going to be implemented

  • Support *nix OS as well. We’re planning to share the same code base for all the types of guest OSes.
  • Switch to pyInstaller extension for distribution package creation. Get rid of py2exe to make building really cross-platform.
  • Support guest network adapter configuration commands and file injection as well.
  • Tests, tests and once again tests.


What does one need to use it

In order to build the agent one will need the following software to be installed
After everything is ready to build run python guest_agent/ py2exe2msi and find the compiled MSI package in the current working directory.

In order to run the compiled service the following requirements has to be satisfied on the target machine
Just install the MSI package from "Building" step and the service will be started automatically. In order to troubleshoot look up the system application event log or log file located at %WINDIR%\Logs\OpenStackAgent.log

Just install the MSI package of a newer version into the system. It will automatically replace all the required components and restart services.


 What should one do to contribute

Fork it, update it, merge it using the GitHub repository but make sure you follow the Apache 2.0 license.