[openstack-dev] Auditing Openstack
Jacob Bushman
jacob at bluehost.com
Wed Jul 31 02:48:59 UTC 2013
I haven't opened it because currently it is too tied to our proprietary
platform. I have actually submitted a talk for the summit and planned
on having an open version ready for this.
It is good to hear that I am not the only one out there dealing with
these sorts of issues and trying to find solutions.
On 07/30/2013 05:37 PM, Joshua Harlow wrote:
> I would love that tool, is it opened??
>
> I've thought about such a tool myself actually. Something that keeps
> enough info on the compute node to be able to analyze the actual state of
> the cluster and find discrepancies for what the varying openstack db's
> believe is the 'state' of the clusters.
>
> Seems like a great analysis tool. What corrective actions does it do (if
> any?), aka, DB says X instances, really Y, then?? (delete them??)
>
> On 7/30/13 11:59 AM, "Jacob Bushman" <jacob at bluehost.com> wrote:
>
>> In our deployment we have a custom solution for the orchestration of
>> Openstack through the API that connects with billing and other external
>> systems on the back end.
>>
>> We have found that most of the corruption is introduced by messaging
>> issues in Openstack. There are a myriad of edge cases where the status
>> in the database can become out of sync with what is actually running on
>> a compute node for instance.
>>
>> The basic concept of the auditing tools is to compare the information in
>> the database with the actual state of the compute node and identify
>> discrepancies.
>>
>> This is accomplished by parsing the instance XML, external ids of the
>> tap device and gathering relevant data from the compute node. Then
>> passing this through an API to our orchestration system and using a
>> combination of Openstack API calls and DB queries to audit the compute
>> nodes and make sure the database and the compute nodes are in sync.
>>
>> On 07/30/2013 11:17 AM, Joshua Harlow wrote:
>>> Do u have a writeup of the corruption issues you have seen.
>>>
>>> I would most definitely appreciate said tools.
>>>
>>> Any little overview of what they do/are??
>>>
>>> On 7/30/13 9:44 AM, "Jacob Bushman" <jacob at bluehost.com> wrote:
>>>
>>>> I have been working with various corruption issues within openstack.
>>>> Issues like failed or partial provisions, quantum port / ip corruption
>>>> and database corruption. There are several edge cases that I have run
>>>> into where the existing periodic task to clean up corruption were
>>>> inadequate for our use case.
>>>>
>>>> We really needed a more unified way to query through the entire stack.
>>>> To handle this on the scale that I am working with I have developed out
>>>> of band auditing tools.
>>>>
>>>> I feel something like this belongs in Openstack and would be useful to
>>>> the community. I am wondering what other tools are available and if
>>>> this is something that is of interest.
>>>>
>>>> ~ Jacob
>>>>
>>>> _______________________________________________
>>>> OpenStack-dev mailing list
>>>> OpenStack-dev at lists.openstack.org
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
More information about the OpenStack-dev
mailing list