Summary of 19th Quattor workshop (3-5/3/2015, Grenoble)
Round table - Expectations
- Release: solve the issues with release process
- RH 7 support
- Information on how to use Quattor more efficiently
Site news
RAL: Aquilon is now in production
- Private cloud, including a VM provisioning prototype service
- Also need to do some cleanup in Aquilon when the VM is shut down
- Ceph
- Template library used
- Interest of new groups for Aquilon: idea is to share the Aquilon instance
MS
- Focus on support finer granularity changes: main challenge is allowing non expert user to use Aquilon/Quattor
- Quattor Remote Deployer: still used for virtualization but no manpower to implement the necessary improvements
Platform Support
UGent manages RHEL7 machines since last summer. Several minor issues with pull requests open:
- AII Kickstart config
- KS variant available but misnamed
rhel7rc
instead ofel7
- KS variant available but misnamed
- LVM: several commands require
--force
flag
Major issue: ncm-chkconfig
, started to work on ncm-systemd
- RHEL7 provides a
chkconfig
wrapper but--list
doesn’t work ncm-systemd
can digest thencm-chkconfig
configuration, opening the path for some “backward compatibility”: details still to be figured out- Gabor: the service configuration should be independent of a particular component, as it is the case for interfaces…
- Preference for
/software/services
- Service description should be as generic/high-level as possible: enable/disable components
- Preference for
- New schema: see https://github.com/quattor/configuration-modules-core/pull/424/files
- Agreement to start with this schema for the component specific schema
- For
/software/services
, no ability to define unit type (onlyservice
can be configured) or target (default target only)
Grub2: no need to write a new component to start but will probably be needed to support reverting or definining explicit versions of kernel, kernel arguments
- Main issue is to get the mapping between a grub entry value and a kernel version: no trivial match between kernel version in Quattor config and the kernel title in Grub conf
UGent deadline for solving all issues: June
MS reports problems with ncm-pam
: should open an issue
ncm-spma new approach by MS - J. Novy
A different yum.pm
to ensure convergence to the defined state in one run, like it was the case with SPMA
- MS runs
ncm-spma
only at boot time, so very rarely - All packages not needed must be removed at the first run
Use a first fake install (in fact only the transaction contents is generated) in a test chroot to know what the list should be.
- Performance similar to current
yum.pm
implementation - Also use YUM
FastestMirror
plugin
Complete rewrite of yum.pm
: need to be exposed on GitHub for further discussions
Release process and current release status
14.12 didn’t come out because of the changes in the way unit tests are run during the build process
- Before: Unit tests were run as a separate step, then RPMs were built and release was tagged.
- Now: unit tests are required to run successfully for the release being tagged
- Required to build templates for metaconfig modules
- In principle a good change: unit tests have to succeed on all supported platforms or they are not useful.
Supported platforms at this time: EL5, EL6, EL7
- Solaris 11: should add it as a supported platform starting with 15.4
- Do not build packages but run the unit tests as part of the release process
There is also the issue of providing versions more recent than EPEL for some package in Quattor externals: general agreement that is should be avoided as much as possible
- Providing our own version of a package creates an obligation to maintain it
- Open question about Template Toolkit. Version in EPEL doesn’t work for some metaconfig services, need to see if we can work around.
Currently, the release is blocked by a couple of metaconfig services that don’t pass the unit tests
- Move these services to next release to unblock the release process
- Still the problem of EL5: more tests failing…
- Release without EL5 tests: check and list problematic services on EL5, acceptable to have metaconfig services unsupported in EL5
Nexus central repo: need to ensure that enough people have the right to do new releases of build tools
- Michel to check
Quattor externals
Agreement to replace existing externals
repo on yum.quattor.org
by the new structure based on archs and OS versions
- Add EL5 and EL7 to the preliminary new
externals
- Duplicate panc for every platform
- Previous
externals
now inlegacy
perl-AppConfig-caf: move to last 13.1 release
Update the template library to use these new repos instead of quattorsrv.lal.in2p3.fr
Fine grained access control to configuration modification
SCDB: GRIF experienced with access control based on SVN but did not prove to add any real value and had drawbacks, in particular causing unnecessary forks
- In fact template access control doesn’t bring much control on configuration changes: any template can change any part of the config
RAL: would be interested to give admin rights on some machines to people with little admin expertise or not well integrated with the core team
- Currently, protect the standard library from direct modifications through commit hooks: a pull request is required
- Requiring a pull request/peer review for everything doesn’t seem desirable and would not scale
- No real need for restricting changes to some part of the configuration, rather to limit changes to some machines
- This should be implemented after the compilation and before deployment, looking at affected machines: may be doable a the broker level, not requiring compiler changes
- But this would require some sort of host grouping and ownership in Aquilon
- Difficult in SCDB as no real authentication against the deployment server: only SVN transaction is authenticated
CCM
JSON and types: the way we are reading JSON profiles (JSON::XS
) results in typed information being lost
- Booleans, numbers and strings all interpreted as strings
- A problem when building configuration files where the data should be types
- Stijn added a the ability to do a “typed interpretation” of JSON data: giving the same results as an XML profiles for unit tests
- Idea is to have it enabled/disabled by a property in CCM
- Agreement to put it disabled in 15.2 and enabled by default in 15.4 after testing by sites
ncm-query: need to support more output formats (like JSON) and add unit tests for output formats
- Proposal
- move output formatting to a CCM module (CCMFormatter?)
- Move ncm-query to CCM repo
ncm-query tab completion: current implementation is killed by the time to get the information from the database
- Proposal: cache all paths present in the profile in a text file and use this file for time completion
- Could be done transparently by
CCM/Fetch.pm
- Could be done transparently by
XML profile support remains and no intention to drop it!
- Problem with XML profiles fixed in December: will be part of next release
TextRender and metaconfig
Getting Started doc for TextRender
available at https://github.com/stdweird/maven-tools/blob/getting_started/TextRender.md
- Final repository for the doc to be discussed:
TextRender
is aCAF
componennt but its unit tests are inmaven-tools
repo…
TextRender
is based on the engine of first version of ncm-metaconfig
ncm-metaconfig
now usesTextRender
and provide an higher level to it
TextRender
can either auto-stringify the contents from the configuration or generate a contents that can be manipulated with a FileWriter
- Contents defined in a pan dict
Rendering can be done in several formats, defined by the module
- Several built-in formats supported: json, yaml, properties, tiny, general
- Some modules have issues with reproducibility: a timestamp is added and sometimes ordering is not preserved
- Additional rendering can be defined if using a module name other than a built-in format: interpreted as a TT Toolkit template
- Template location is defined by
includepath
andrelpath
- When using
metaconfig
they are pre-defined -
See examples in the doc for TT Toolkit usage. A basic example is:
perl -e 'use Template; my $tttext="Hello [% world %]\n"; Template->new()->process(\$tttext, { world => "Quattor" });'
- Several advanced features: loops, newline management
- Possibility to expose to the TT template some pan configuration properties or some functions defined in the component
- Template location is defined by
TT Toolkit template are very powerfull and can replace perl codes… but they may also be a source of bugs! Thus the need for unit tests
- A test framework developed:
Test::Quattor::RegexpTest
- Part of the test framework provided in
maven-tools
- Part of the test framework provided in
- Allow regexp pattern matching on
TextRender
output: ordered list of regexp can be defined- By default, regexp are compiled multilines
- Possibility to negate regexps, either all of thems or a single one (COUNT statement)
ncm-metaconfig
: high level interface to TextRender
- Files managed by
metaconfig
are calledservices
- File name can now be defined in a global variable (see examples) but unfortunatly the variable cannot be used yet in configuration path assignments (see https://github.com/quattor/pan/issues/77)
- Can bind the contents to a schema
- Can restart a list of daemons in case of changes using
CAF::Service
daemons
property: an action can be specified on the daemon (daemon
property has been obsoleted at the previous workshop)
- Support usual
FileWriter
attributes - Includes ability to unit test service TT templates
- Uses
Test::Quattor::TextRender::metaconfig
internally - Requires one or more profiles in the service
tests/profile
directory and one or more files containing regexps to apply to the profiles - Also requires a Perl test file for the service under
ncm-metaconfig
src/test/perl
directory (by conventionservice-name.t
)
- Uses
Defining site-specific services: currently TT files have to be shipped with ncm-metaconfig
RPM, thus they have to be developed under ncm-metaconfig
directory
includepath
currently hardcoded and restricted to one value- Today restricted to developing services that are shared with the community: good side, will improve the quality by exposing the code! But need to see
how to allow site-specific services
- Will require at least the ability to ship TT files independently of
ncm-metaconfig
: this also implies the required support in maven tools… - This must maintain the ability to unit test things
- More discussion needed: see https://github.com/quattor/configuration-modules-core/issues/436
- James: must not lead to less site sharing and a bigger mess…
- Will require at least the ability to ship TT files independently of
Issue to be addressed with the building process of TT files: currently done in the test
phase which is not intended to produce anything required to
build the package: need to enhance the build tools to allow doing it in the compile
phase.
- See https://github.com/quattor/maven-tools/issues/40
First candidates for ncm-metaconfig replacement
Core configuration modules: see quattor/configuration-modules-core#434
- Deprecated: ncm-fsprobe
Need to do the same review for grid components.
- Start with the components still relying on ncm-templates: use
CAF::TextRender
where the need for a dedicated component remains (e.g.glitestartup
)
Some components may require the ability to configure path where part of the path is a variable
- See https://github.com/quattor/pan/issues/77
Documentation - W. Depypere
Currently
- 14.6 and 14.8: configuration modules doc on quattor.org
- 14.10: first attempt at using readthedocs.org
Documentation source: currently a mix of inline documentation for Perl modules and separate pod files for the config modules schema
- Config modules schema could be moved to annotations but will require a tool to process pan annotations to generate a documentation file
- Review Nick’s tool to see if it is a good basis: see https://github.com/quattor/release/issues/46
- Michel: will attempt to annotate one schema file to help agreeing on the tags
- Config modules pod files
- Broken link and reference to bugs, dependencies
- Hard coded references to people / email addresses
- Special characters are often not properly escaped with
C<< >>
Current build tools don’t check the pod syntax for pod files
- Only for the .pm files
Repo to use with readthedocs.org: create a separate repo not maintained by humans
- Contents updated by scripts from other repos
Cloud Support
OpenStack Support Status - J. Pansanel
OpenStack versions used: Havana and Icehouse
- Icehouse support currently in a pull request
Components that can be configured: Nova, Glance, Cipher Keystone
- Nova and Glance used in prod at IPHC
- Includes mysql backend and RabbitMQ
- memcache to be added in the future
IPHC uses standard OpenStack RPM
Quattor configuration relies on filecopy/metaconfig
- Puppet modules not really worth using… not offering the same level of flexibility as Quattor
OpenStack templates will be put in a repo template-library-openstack
- Examples to be put in the
template-library-examples
master branchcreate-vanilla-SCDB
will need to be adjusted to download it, ideally selectively- Need to tag it as part of the release
Other cloud platforms
StratusLab available and maintained
OpenNebula: UGent has a set of private templates, used partly by RAL
- Will try to start a
template-library-opennebula
repo in 15.4- Also required a
ncm-opennebula
update: currently a pull request is open
- Also required a
Dashboards
Current dashboard prototype allowing to browse information in SCDB and/or Aquilon and to report the nodes that in install state in AII/PXE
- Also lists and gives access to Aquilon sandboxes
- Currently working mainly by greping templates: an improvement would be to use ElasticSearch to issue request on JSON profiles
- Base version in repo
dashboard
- Aquilon info is not in this version
RAL also developed an Aquilon web console that allows to execute any Aquilon command
- Based on CherryPy
- See https://github.com/amazerfrazer/aquilonconsole
- Dashboard prototype could be merged with it
ULB started also some developments based on the initial dashboard prototype
- Need to pull a request to get it merged in to the
dashboard
repo
Conclusions
Next workshop (the 20th!) at LAL in Orsay
- the first workshop happened at LAL, Spring 2006
- Michel will start a Doodle for the second half of September