[Openstack] Is It Safe to Use The OpenStack Packages Distributed in Ubuntu 12.04 Official Repository?

Dave Walker dave.walker at canonical.com
Mon Aug 20 09:57:26 UTC 2012 

>> ----- Reply message -----
>> From: "Ji Zhang" <zhangji87 at gmail.com>
>> To: "openstack at lists.launchpad.net" <openstack at lists.launchpad.net>
>> Subject: [Openstack] Is It Safe to Use The OpenStack Packages Distributed in Ubuntu 12.04 Official Repository?
>> Date: Mon, Aug 20, 2012 04:58
>> 
>> 
>> 
>> Hi,
>> 
>> I'm to deploy OpenStack Essex in production environment. According to
>> the official manual, I should either install it manually or use
>> dodai-deploy. After briefly browsing these methods, it seems that both
>> of them are using the packages distributed in official repository
>> (i.e. apt-get install keystone), not building from source like
>> DevStack does.
>> 
>> So my question is, as is said in the title, are these packages
>> production ready? Or should I checkout the stable/essex branch of each
>> project and build it by myself?
>> 
>> Thanks.
>> 
>
>On Mon, Aug 20, 2012 at 08:53:23AM +0200, Ruzicka, Marek wrote:
> Hi,
> 
> Guys around will probably disagree,but I have spent last 5-6weeks
> creating POC using repos is ubuntu, and I have to say it is not
> production rdy yet.
> 
> Versions in repos are about 2months old if I'm not mistaken...too
> old for such fast paced project.
> 
> Marek Ruzicka
> System Engineer (storage)
> T-Systems Slovakia s.r.o.
> 
> Sent from my mobile, please excuse typos.

Hi,

Hmm, I do disagree with this stance.  There are 3 issues being mingled
together, but do have overlap.

1. Is it 'safe' for production.
   - All distributions commit to an assurance level of software they
     ship.  This differs between distributions, and the level of the
     assurance.  However, you can be pretty sure - that any major
     distro will be taking great care of their openstack packages.
   - In relation to Ubuntu, by using the distribution packages you can
     be assured that:
     - Security updates will be included promptly, usually on the day
       the embargo is lifted.
     - Assurance that the software has been tested in given scenarios
       with the dependencies and libraries that are shipped.  Any
       distribution will tell you that a project such as this, the
       core software is only half of the complexity, the dependencies
       carry significant burden.
     - Safe upgrade for security and bug fixes for the release, and
       reasonably easy transition between major versions.  A git
       checkout, doesn't promise safe upgrade.
   - With these factors taken into account, unless significant
     investment into controlling these issues on your own deployment,
     i'd consider it *un-safe* to use anything other than a
     distributions packages.

2. How current are the packages?
   - As mentioned in Marek's email, the packages are about 2 months
     old.  Originally, 12.04 released with Essex Final and some local
     distro patches.  The patches were incorporated upstream, and many
     others contributed fixes.  For this reason, we undertook the
     process of a Stable Release Update.  Due to the level of upstream
     CI, Ubuntu CI and further extended testing, we were able to
     release a snapshot, which seems to have proved to have been
     regression free (!).  This is a testament to the amount of
     pre-release work that went into this update.
   - We are currently preparing the next update, based on Essex
     Stable, which will undergo the same level of care, and should hit
     a mirror near you in a timely manner.
   - For a *stable* release of both upstream, and the distribution
     platform.. I would consider 2 months between updates to be pretty
     good. Some distributions refuse this model for stable updates.

3. Is it 'production ready':
   - Marek seemed to think this was /too/ old.  I'd like specific
     issues to be outlined, regarding the stable tree and our last
     update, which render the distribution packages unsuitable for
     production usage.  If this cannot be done, please re-consider
     this statement.
   - To add to this, Canonical run a two-region hybrid cloud, which is
     purely based on the 12.04/Precise packages. 

I'd also like to take this opportunity to mention the effort that is
going on for Folsom on 12.04.  However, i'll cover this in a separate
mail.

-- 
Kind Regards,

Dave Walker <Dave.Walker at canonical.com>
Engineering Manager,
Ubuntu Server Infrastructure
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 230 bytes
Desc: Digital signature
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120820/e8a2a9d0/attachment.sig>

More information about the Openstack mailing list