Barely Functional Keystone Deployment with Docker

My eventual goal is to deploy Keystone using Kubernetes. However, I want to understand things from the lowest level on up. Since Kubernetes will be driving Docker for my deployment, I wanted to get things working for a single node Docker deployment before I move on to Kubernetes. As such, you’ll notice I took a few short cuts. Mostly, these involve configuration changes. Since I will need to use Kubernetes for deployment and configuration, I’ll postpone doing it right until I get to that layer. With that caveat, let’s begin.
Continue reading

Keystone, MySQL and Fedora 18

It looks like the access model for MySQL has changed between F17 and F18.

openstack-db fails with a permission on the root user.  However, the following works:

  1. As the keystone user (I suspect the openstack-db call made the keystone user, or maybe that is done by the RPM install?)
  2. run mysql,  (no params, using the default identification, which I assume is PAM based?)
  3. create a user named keystone.
  4. and grant that user perms to create a db.
su - keystone
create user 'keystone'@'localhost' identified by 'keystone';
grant all  PRIVILEGES on *.* to 'keystone'@'localhost';

exit mysql and log in as that user:

mysql --user=keystone --password=keystone

Create the keystone database:

create database keystone;

Log out and run the dbsync

keystone-manage db_sync

Obviously, this leaves the DB User with too many permissions, but it is a start.

If I now try to run the command

openstack-db --service glance --init
Please enter the password for the 'root' MySQL user:

Even setting the password in MySQL doesn’t work

UPDATE mysql.user SET Password=PASSWORD('keystone') WHERE User='root' AND Host='localhost';
[root@f18-keystone mysql]# openstack-db --service glance --init
Please enter the password for the 'root' MySQL user:
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
Failed to connect to the MySQL server.  Please check your root user credentials.

I tried it with the unix password as well.

Note that I can connect using the following SQL Alchemy URL:

connection = mysql://keystone:keystone@localhost/keystone?unix_socket=/var/lib/mysql/mysql.sock

I think this is preferable to exposing TCP sockets around in the case that the Keystone server and MySQL server are co-located.

Map Reduce is kinda like “Normalize on the Fly”

One undervalued aspect of Data modeling is that you actually get time to consider the form of the data before you get the data. In a Map reduce job, you kow that your map phase is going to get the data, and that it is not going to be normalized . I could have said, not likely to be normalized, but the reality is that if you are using Map-Reduced, you are not going to get structured data.

Continue reading

Immutability in Databases and Database Access

If we are to follow the advice of Joshua Bloch in Effective Java, we should minimize the mutability of our objects. How does this apply to data access layers, and databases in general?

A good rule of thumb for databases is that if it is important enough to record in a database, it is important enough not to delete from your database…at least, not in the normal course of events. If Databases tables are primarily read only, then then the action of reading the current item will be “select * from table where key =  max (key)”.  Deletes indicate an error made. And so on.  Business objects are then required to provide the rule to select which is the current record for a given entity.

A good example is the Physical fitness test given in the Army (the APFT).  A soldier takes this test at least once per year, probably more.  In order to be considered “in good standing” they have to score more than the minimum in push ups and sit-ups, and run two miles in less than the maximum time, all scored according to age.  The interesting thing is that the active record for a soldier may not be the latest record, but merely the highest score inside of a time range.  Failing an APFT only puts a solider in bad standing if  they do not have another test scored in the same time period that is above the minimum standards.  A soldier might take the APFT for some reason beyond just minimum qualifications, such as for entry into a school or for a competition.

As an aside, notice that the tests are scored based on age.  Age should not be recorded, rather calculated from the date of the test and the soldiers birth date.   Never record what you can calculate, especially if the result of the calculation will change over time.  Although in this case, it would be OK to record the Age of the soldier at the time of the test as a performance optimization, providing  said calculation was done by the computer and not the person entering the scores.  Note, however, that doing so will prevent adjustments like  recalculating the scores if we find out a soldier lied about his birthday.

Relations are tricky in this regard.  for instance, should removing an item from a shopping cart in an eCommerce application be recorded directly or IAW the “No-delete” rule?  If possible, go with the no-delete, as it allows you to track the addto, remove from cart actions of the shopper, something that the marketing side probably wants to know.  For a performance optimization, you can delete the relation, but make sure you send the events to some other backing store as well.

My Ideal Technology Setup for work

“Since I’m dreaming, I’d like a pony” –Susie, in Calvin and Hobbes.

“I’m not just the President of the Hair Club for Men, I’m also a client.” –President of the Hair Club for Men

Not only do I write software, I use it. A whole bunch. I am a Linux guy, and when ever I end up in a situation where I have to work around a proprietary solution that just doesn’t make sense for what I am trying to do, it ads a point or two to my Diastolic. So here is my dream setup:

First of all, I’d like a company that doesn’t use Exchange. I want to be able to talk to my mail server, and my calendar server using standards based protocols. I want email based notifications of meeting. GMail does nice job of sending them via SMS. I don’t want to have to run Outlook to book a conference room. Is there such a solution out there? Probably. I haven’t looked, but I am sure I could find many. Let’s start with Exim for mail, and then find a decent Calendaring program that talks email and iCal. Squirrelmail is a clunky webmail client, so I hope we could find something better, but it still beats Exchanges webmail. Basically, I want to run the Mozilla tools on my desktop.  An I want to sync mail to my Palm based Cell phone without installin Goodlink.

Ubuntu Linux as the default developer install.  I have never been so happy with my desktop as I am now.  Debian package management rules, and Ubuntu desktop support is the best I’ve worked with in Linux.  Of course, I would probably be just as happy with Fedora, but haven’t used it in a while.  Most of my Red Hat work has been with Red Hat Enterprise and that is a fine, stable server architecture, but doesn’t suite my needs for a developer work station…too stable.

I want an internet proxy that allows me to talk to ports other than 80 and 443. Yes I realize this is a configuration issue. I want to be able to SSH in and out, and check in and out from public CVS, Subversion, and Git repositories. I want to be able to hit a website on port 8080.

For Revision Control, I would like to use Either Subversion or Git. Probably Git mixed with Quilt. Note that this is not just for software, but also document preparation. For document preparation: Open Office across the board. It does what I need for Presentations, Spreadsheets, and Word Processing.

A single unified indexing system for all of the companies information system.

All emails sent to public mailing lists should be indexed.

Blog sites for individual developers. Word Press seems to work nicely, but Drupal was good, too.  The more publically available the information in a development environemnt, the bettwer it supports community type development.

Decent IDE support for Refactoring. Refactoring support it baseline, regardless of language. I was incredibly productive using Eclipse for Java, but have not been able to get it to work well for our C++ projects. XRefactory looks promising, but I haven’t tried it yet. Slick Edit wasn’t able to handle our source setup, either. But whatever we chose, the team needs to support it.

A commitment to open source software.  There are few things more motivating to a developer than knowing that the effort they put into learning a code base will not get flushed when they leave the company…and you might even use this as a way to hire new talent, too.