Virtualization OpenNebula Hooks Lead image: Lead Image © Greg Epperson, Photocase.com

Extending OpenNebula with hooks

Action on the Hook

Savvy OpenNebula users can attach their shell programs to hooks and thus automatically trigger actions when the status of a virtual machine changes. By Nils Magnus

Virtualization speeds up the pace of a system administrator's life. With KVM, Xen, and VMware, admins can provision systems far more quickly than they could have procured and installed new hardware back in the days of dedicated servers. You can use the extra time for cloning image configurations, copying directories, and mounting storage resources. However, things get tricky when hardware issues mean you need to shut down, migrate, and restart virtual machines.

If you want to reduce the tedium of working with virtual machines, you could resort to an Infrastructure-as-a-Service (IaaS) cloud solution. The cloud handles the most important tasks of server virtualization, manages the basic infrastructure (e.g., DNS and DHCP), and provides a web interface. Admins can choose from a gallery of open source products, such as OpenStack [1], openQRM [2], Eucalyptus [3], or Ganeti [4], each with its specific functionality and concepts.

Because of the diversity of scenarios, most cloud stacks behave in a complex way and require a lengthy learning curve. OpenNebula [5], which originated in Spain, sets out to prove that things can happen more quickly, if your users have typical requirements.

Lean Cloud Management

OpenNebula spent its childhood in the academic field of grid computing and is now considered a lightweight enterprise solution. The Fermilab particle accelerator uses OpenNebula to manage hundreds of virtual machines, and industrial customers include Telefonica and Akamai. The main developer from C12G Labs offers commercial support and is currently establishing an international network of partners [6].

OpenNebula is characterized by its simple elegance. Whereas other IaaS competitors prompt you to install and configure half a dozen services and components, OpenNebula manages with only a few components and with a single front end for controlling and configuring the private cloud, OpenNebula Sunstone. The "OpenNebula Installation" box outlines the setup, and Figure 1 shows the architecture.

Figure 1: Admins manage and configure OpenNebula mainly with the Sunstone web browser-based interface. The front end uses the API to connect with the OpenNebula server, which in turn controls the virtualization hosts. OpenNebula only requires its hosts to run an SSH server.

OpenNebula Installation

The OpenNebula project delivers complete packages for a variety of distributions, including CentOS, Arch, and Gentoo. To launch OpenNebula on openSUSE, you need to add both the Packman repository and the project repositories and then install the software:

zypper addrepo --no-gpgcheck --refresh -t YUM http://opennebula.org/repo/ openSUSE/12.3/stable/x86_64 opennebula
zypper refresh
zypper install opennebula
zypper install opennebula-sunstone

For Debian and Ubuntu, a tarball is available with several custom Debian packages, of which you need to install opennebula-common, libopennebula-ruby, and their dependencies. The tutorial [7] provides competent help if Ruby warnings happen to stop the installation process.

The installation creates a oneadmin Linux user account, which must exist with the same UID on all OpenNebula hosts, also known as compute nodes. Apart from a running OpenSSH server, the system administrator does not need to install any software there. You just need to make sure that the public SSH key of the oneadmin user is listed in the authorized_keys for this account on all compute nodes and that the cloud service can thus log in everywhere.

Hypervisor-Agnostic Virtualization

Virtualization software is still missing on the hosts because it is not part of OpenNebula. That said, the IaaS stack supports most hypervisors, including KVM, Xen, and VMware, and can also control libvirt.

On the front end, the installation routine creates an application account below ~oneadmin/.one/one_auth. Working as oneadmin, the system administrator can now start the OpenNebula server with the one start command and then issue onevm list to check whether the server's internal API can be reached without error messages. To access the web front end from any host, just add the desired IP address or the following entry:

:host = 0.0.0.0

to the /etc/one/sunstone-server.conf configuration file. Without further changes, Sunstone (Figure 2) only binds to localhost and is accessible on http://localhost:9869/ after running sunstone-server start. In case of problems, you need to check /var/log/one/sunstone.log and the associated error file in the same directory.

By the way, services only run permanently on the front end: OpenNebula's management server is joined by the scheduler, which optionally moves virtual machines from one host to another; the Sunstone web interface; and the API, which developers can use to access cloud functions via OCCI or EC2 APIs. On the hosts themselves, no service runs permanently, except the VMs and the OpenSSH server.

Figure 2: The dashboard displaying important system parameters at the top, such as a simple monitoring view of the hosts (left) and virtual machines (right). Via the menu bar (left), administrators – and users – can create and manage systems in the OpenNebula cloud.

Versions and Features

OpenNebula names its releases after interstellar nebulae. Stable version 4.0, published in May 2013, was named "Eagle" – after the Eagle Nebula (a star cluster discovered in the mid-18th century that is about 7,000 light years from Earth). Compared with the 3.x series, which is roughly two years older, it mainly fixes bugs but also revamps the Sunstone web interface. The changes affected, for example, VNC access to virtual machines.

The latest version 4.2, code-named "Flame," was released in early August 2013. (The eponymous Flame Nebula lies in the Orion constellation; its light takes about 1,000 years to reach earth.) The creators of the project have smoothed off the rough edges in the Sunstone interface for Flame. One new feature is a simplified view that explicitly addresses users who only want to provision one VM – not set up an entire cluster. Admins can now monitor image sizes in an improved way and intervene if a VM is threatening to spiral out of control. To do this, OpenNebula now monitors this resource.

The developers have written the back end for VMware virtualization, which can now be installed easily and has fewer dependencies. The Xen driver now uses the xl-style commands available with version 4.0 of the hypervisor.

OpenNebula users have become accustomed to running the latest version in test environments, while relying on the penultimate version for production operation. Although the programming interface described below existed in version 3, its entire functionality was only reached in version 4.0.

On the Hook

An important reason for virtualizing servers is the pursuit of automation. If your own development department has built a new release of its PHP, Perl, Ruby, or Java application using the Jenkins CI server [8], for example, it can automatically generate a stage VM with the necessary packages and frameworks. Once the requesting department has tested and approved the application, you just need one click to release the associated resources in an ideal world.

The glossy brochures on cloud computing fail to mention that the devil again lies in the details. In many cases, you'll need to update a database schema or start a particular service on a virtual machine. Fortunately, OpenNebula provides hooks for such tasks [9]. The software uses them on many occasions to call external programs that admins can compose in the programming or scripting language of their own choice.

Following Up on Events

The basic principle is, if an OpenNebula user wants to know about changes on a virtual machine, a host, the configured networks, users, groups, or images, they can add their own scripts to the execution sequence. You store your tools in the /var/lib/one/remotes/hooks directory (for Debian, /var/lib/opennebula/remotes/hooks).

To define the events for which you need a response, the cloud administrator identifies the triggering object and event in Table 1 or Table 2 and enters it in /etc/one/oned.conf. For example, Listing 1 registers the shell script from Listing 2 to measure VM uptimes.

Tabelle 1: Virtual Machine Events

Event	When It Occurs
`CREATE`	After OpenNebula has created a new VM
`RUNNING`	Once the VM is actually running
`SHUTDOWN`	After someone has terminated the VM
`STOP`	Once someone has stopped the VM or OpenNebula is migrating a VM from one host to another
`DONE`	After a VM has been permanently stopped
`UNKNOWN`	When a VM changes to an unknown state
`FAILED`	When a VM changes to a failed state
`CUSTOM`	When a user-definable event occurs

Tabelle 2: Events for Other Objects

Event	When It Occurs
Host
CREATE	After OpenNebula adds a host to its management system
ERROR	When a VM detects an error condition
DISABLE	When a host leaves the cluster
Network, User, Group, or Image
CREATE	When someone creates the object
REMOVE	When someone removes the object

Listing 1: Excerpt from /etc/one/oned.conf

01 VM_HOOK = [
02     name      = "vm_switchon",
03     on        = "RUNNING",
04     command   = "account.sh",
05     arguments = "on $ID" ]
06
07 VM_HOOK = [
08     name      = "vm_switchoff",
09     on        = "STOP",
10     command   = "account.sh",
11     arguments = "off $ID" ]
12 [...]

Listing 2: /var/lib/one/remotes/hooks/acccount.sh

01 #!/bin/bash
02
03 ACCOUNTING=/var/log/one/accounting.log
04
05 case "$1" in
06     "on"|"off")
07         mode=$1
08         shift
09         ;;
10      *)
11         echo "$0 error: wrong mode." >&2
12         exit 1
13         ;;
14 esac
15
16 if [ "$1" = "" ]
17 then
18     echo "$0 error: ID missing." >&2
19 fi
20
21 id=$1
22 shift
23
24 echo "$id $(date +%s) $mode" >> $ACCOUNTING

The VM_HOOK construct can appear more than once in the configuration. The on parameter defines the event to which OpenNebula responds (Listing 1, lines 3 and 9). The command entries specify the script to be called; arguments defines a string containing its call parameters. As connoisseurs will immediately see from the syntax, the IaaS management system itself is written in Ruby, but in terms of scripting languages, admins have a choice.

The shell script in Listing 2 checks (lines 5 to 9) for a running VM and then (in line 24) records the Unix epoch timestamp, along with the VM ID, in a configurable logfile. With an Awk script that reads logfiles and parses values, you could easily discover the total uptime of each VM and pass the results on to billing software, a department, or a customer of the IaaS cloud, for example.

The $TEMPLATE Variable

The example passes parameters only in a very simple way. To discover more information about the affected resources, users can pass the content of the $TEMPLATE variable to the script. It uses a kind of XML dialect to store a wide variety of details about the VM, the network, or the storage system. To avoid having to line up the big guns in the form of an external XML parser, the developers provide a tool that divides the content into handy key-value pairs and filters the results. For example, the following bash snippet:

X=/var/lib/one/remotes/datastore/xpath.rb
mem=$($X -b $template HOST_SHARE/MAX_MEM)

returns the contents of the <HOST_SHARE><MAX_MEM> container below the root node. This is the field to which OpenNebula sends the value for total available memory on the virtualization host; Listing 3 shows an example with a number of values.

Listing 3: Content of the $TEMPLATE Variable

01 <HOST>
02   <ID>1</ID>
03   <NAME>one-sandbox</NAME>
04   <STATE>2</STATE>
05   <IM_MAD>kvm</IM_MAD>
06   <VM_MAD>qemu</VM_MAD>
07   <VN_MAD>dummy</VN_MAD>
08   <LAST_MON_TIME>1377716985</LAST_MON_TIME>
09   <CLUSTER_ID>-1</CLUSTER_ID>
10   <CLUSTER/>
11   <HOST_SHARE>
12     <DISK_USAGE>0</DISK_USAGE>
13     <MEM_USAGE>65536</MEM_USAGE>
14     <CPU_USAGE>10</CPU_USAGE>
15     <MAX_DISK>0</MAX_DISK>
16     <MAX_MEM>502568</MAX_MEM>
17     <MAX_CPU>100</MAX_CPU>
18     <FREE_DISK>0</FREE_DISK>
19     <FREE_MEM>259512</FREE_MEM>
20     <FREE_CPU>87</FREE_CPU>
21     <USED_DISK>0</USED_DISK>
22     <USED_MEM>243056</USED_MEM>
23     <USED_CPU>12</USED_CPU>
24     <RUNNING_VMS>1</RUNNING_VMS>
25   </HOST_SHARE>
26   <VMS>
27     <ID>16</ID>
28   </VMS>
29   <TEMPLATE>
30     <ARCH><![CDATA[x86_64]]></ARCH>
31     [...]
32   </TEMPLATE>
33 </HOST>

Monitoring as the Main Application

This simple interface provides a variety of options: If you are prepared to take a detour, in the form of polling logfiles or status files, you can tie in an existing availability monitoring system like Nagios or Zabbix. Alternatively, OpenNebula itself includes a simple performance monitoring system in the form of Ganglia [10] that lets the system administrator keep an eye on important system parameters, such as CPU load or free memory.

If you hook into the CREATE event of a VM, you can install the monitoring agent software via configuration management, or you can roll out a complete application using a continuous integration trigger. Puppet, Chef, and Jenkins offer interfaces for this, and administrators can control them using wget or curl.

Insights and Future

You can set up your own private OpenNebula cloud with comparatively little effort. In the simplest case, you only need two systems, a management console with web access and a virtualization host. Because of its easy-to-handle and open interfaces, OpenNebula expands in a modular way. The way to do this – as described in this article – is to use hooks that latch onto critical events.

Additionally, the IaaS management system provides a number of other APIs for those interested: You can use drivers to integrate new hypervisors in a similarly easy way. EC2 or OCCI (Open Cloud Computing Interface) connectors [11] – a generalized set of API calls that try to unify the different APIs provided by specific IaaS stacks – let cloud captains launch and shut down their own virtual applications. Although you do need to create storage resources manually and are left to your own devices in terms of VLAN management, with OpenNebula, you do get a transparent and understandable private cloud for your own solar system.