Providing Solutions For Life

Learning OpenStack - The Easy Way



Dear Friends,


Our Dream has come true!


It takes 9 months for a mother to bring another life. That is the amount of time it has taken me to demystify the otherwise terse and abstract cloud computing concepts. And thanks to Packt Publishing I for helping me impart this knowledge in the most engaging way.


The Full video course is out you can get more details about it here.



You can get more details about the course here without registering.

The Overview video is out for all.

It was a tough negotiation with publisher to give out this valuable video for free I hope that it will get you started on your "Infrastructure as Code" journey.


Three points I would like to share, which might help you are:-
  1. People are watching us! Packt publishing approached me watching the screencasts I had posted on Youtube. (Which until then I was certain that nobody was watching).
  2. Good news is Video course royalty is 3 times that of a book! Bad news is because its 3 times the effort :-)
  3. Publishing field has also taken the Agile approach.

A course has several sections and sections have chapters. The script for every section is reviewed just like a book, and then the visuals also go through another stringent review process. After several iterations, we get the permission to go ahead and record the video, which is then handed over to the publisher for final editing. The section gets published, after which we repeat these steps for the next section. (Meeting deadlines was tough, having signed the contract most of the work was done in between my travels to 5 cities in Brazil, followed by Eu and Israel... needless to say most of the work in the 9 months was done in airports and planes)


I wish I could pen down the names of all those amazing people who've made this possible but since they already know who they are, I would just say thank you for having helped me on this arduous journey.

​Feel free to spread the word about this course, I have a discount code for us and followers on Social media

#LearningOpenStack


Discount Code: LOpStk25


Expiry Date: 15th October 2016
 

Creating an SSL certificate and adding it to Apache

Just a brain dump, will format it latter

https://letsencrypt.org/getting-started/

~/letsencrypt$ sudo ./letsencrypt-auto certonly -d venumurthy.com -d www.venumurthy.com

Congratulations! Your certificate and chain have been saved at
 


https://letsencrypt.org/getting-started/

 /etc/letsencrypt/live/obhiyo.com/fullchain.pem

cert.pem  chain.pem  fullchain.pem  privkey.pem


vim sites-enabled/000-default.conf


<VirtualHost 54.169.00.52:443>

        ServerName www.venumurtyy.com

        ServerAdmin contact@venumurty.com
        DocumentRoot /var/www/venumurthy
        SSLEngine on
        SSLCertificateFile /etc/letsencrypt/live/vm.com/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/vm.com/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/vm.com/fullchain.pem



        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>


vim /etc/apache2/sites-available/default-ssl.conf

                  SSLEngine on

                #   A self-signed (snakeoil) certificate can be created by installing
                #   the ssl-cert package. See
                #   /usr/share/doc/apache2/README.Debian.gz for more info.
                #   If both key and certificate are stored in the same file, only the
                #   SSLCertificateFile directive is needed.
                SSLCertificateFile     /etc/letsencrypt/live/VM.com/cert.pem
                SSLCertificateKeyFile  /etc/letsencrypt/live/VM.com/privkey.pem


                #   Server Certificate Chain:
                #   Point SSLCertificateChainFile at a file containing the
                #   concatenation of PEM encoded CA certificates which form the
                #   certificate chain for the server certificate. Alternatively
                #   the referenced file can be the same as SSLCertificateFile
                #   when the CA certificates are directly appended to the server
                #   certificate for convinience.
                SSLCertificateChainFile /etc/letsencrypt/live/VM.com/chain.pem

                #   Certificate Authority (CA):
                #   Set the CA certificate verification path where to find CA
                #   certificates for client authentication or alternatively one
                #   huge file containing all of them (file must be PEM encoded)
                #   Note: Inside SSLCACertificatePath you need hash symlinks
                #                to point to the certificate files. Use the provided
                #                Makefile to update the hash symlinks after changes.
                #SSLCACertificatePath /etc/ssl/certs/
                SSLCACertificateFile /etc/letsencrypt/live/VM.com/fullchain.pem



sudo a2ensite default-ssl.conf

 service apache2 reload

Very helpful link




Choosing Apache mod_wsgi over Eventlet in OpenStack Kilo and Liberity

While installing OpenStack Liberty release you disable the keystone service from starting up automatically and we also see a note such as

"In Kilo and Liberty releases, the keystone project deprecates eventlet in favor of a separate web server with WSGI extensions. This guide uses the Apache HTTP server with mod_wsgi to serve Identity service requests on port 5000 and 35357. By default, the keystone service still listens on ports 5000 and 35357. Therefore, this guide disables the keystone service. The keystone project plans to remove eventlet support in Mitaka."

 
The reason behind this is

Eventlet by design performs well in networked environments and handles everything in a single thread. Due to Apache's ability to do multi-threading it was better to use it as the frontend.

Keystone depends on apache/web-server modules to handle federated identity (validation of SAML and etc) and similar Single Sign On type authentication.

Eventlet has proven problematic when it comes to workloads within Keystone, notably that a number of actions cannot yield (either due to lacking in Eventlet, or that the dependent library uses C-bindings that eventlet is not able to work with).

Apache has many modules available which can be used.