The OpenStackManager extension is a web interface for OpenStack, and a manager for a fully integrated test and development network being written primarily for Wikimedia Foundation use.

This is a features and bugfix release of the OpenStackManager extension. There have been extensive changes since the last release. I’ll try my best in the future to do releases more often to avoid having changelogs this long. The following has changed:

• Added support for managing sudo policies. Currently supports adding, modifying and deleting sudo policies with sudouser, sudohost, sudocommand, and sudooptions attributes. Requies wiki admin privileges to use the special page.

The OpenStackManager extension is a web interface for OpenStack, and a manager for a fully integrated test and development network being written primarily for Wikimedia Foundation use.

This is a features and bugfix release of the OpenStackManager extension. The following has changed:

• Added floating ip output to instance list
• Removed cast calls from code pulling info from classes, and added them to the output of the classes (code cleanup)
• Added support for cloud-init via $wgOpenStackManagerInstanceUserData
  • Can currently add cloudconfig, scripts, and upstarts
  • cloudconfig is currently an array that is converted to YAML, whereas scripts and upstarts load from given files

For the past month or so I’ve been working on an extension to manage OpenStack (Nova), for use on the Wikimedia Foundation’s upcoming virtualization cluster. I’ve gotten to a point where I believe the extension is ready for an initial release.

In brief, OpenStack works a lot like EC2, and in fact implements the EC2 API. This extension interacts with the EC2 API and LDAP, to manage a virtual machine infrastructure. It has the following features:

• Integrates with the LdapAuthentication extension, and creates user accounts in LDAP upon user creation
  • Users created with a posix username, uid, and gid; home directory; OpenStack credentials; and wiki credentials

It’s been a while since I’ve written a technical post, so I thought, maybe I should write about what I’ve been working on for the past couple months…

I’ve been building a test and development infrastructure for The Wikimedia Foundation using OpenStack, and a number of other technologies. I’m not done yet, so I won’t get into any gory technical details (I promise I will later!). I will, however, give an overview of the architecture I’m aiming for.

Basic overview

We want a test and development infrastructure for a number of reasons:

I was in Japan November 3rd through November 10th. I went there to give two talks at the Kansai Open Forum conference in Osaka, and one talk at a MediaWiki developer’s meetup in Tokyo. I met a bunch of great fellow community members from the Wikimedia and open source movements at the conferences and on other days that they showed me around their cities.

A new experience for me

The talks were a new experience for me since I’m not used to talking to a Japanese audience, and I’m very much not used to having an interpreter. The experience of being interpreted is quite interesting, and it adds an extra layer of difficulty in speaking, and creating presentations.

A few days ago I wrote a post about why I switched to Rackspace from EC2. While I don’t believe I’m likely to ever switch back to EC2 for my personal site, I’m not going to say they’ll never get my business again. The past few years I’ve sung the praises of EC2 to people I know looking for a decent VPS that isn’t overly costly and gives a good deal of flexibility. I’ll continue to sing their praises a bit in this post as well.

First let me say this isn’t an advertisement for Rackspace Cloud, but it will likely sound like one. In reality, this is more a post about the serious shortcomings of EC2.

That said, I switched hosts from EC2 to Rackspace cloud recently after a couple serious problems with EC2. I knew that EC2′s instances were not persistant. Knowing that, I, thankfully, made sure to have very extensive and very frequent backups that I kept in a couple places. What I didn’t realize is that EC2 has absolutely no support for the basic instance services. You can’t call, you can’t email, you can’t even put in a support ticket. The only support option you get is the ability to post to the user support community forums. There is no guarantee you’ll actually get a response to any post you make.

I likely should have sent this out earlier, but I’ve been super busy as of late.

As of August 23, 2010 I’m working full time for the Wikimedia Foundation, the non-profit that manages Wikipedia and sister sites, as Operations Engineer. Some of the content of this blog may change slightly as my duties are focused in slightly different places now. You’ll likely see less PKI, Red Hat, Solaris, and authentication posts, but you’ll probably see more Puppet, Apache, LVS, Varnish, Squid, MySQL, and virtualization posts.

My goals for the year are:

Long trips without internet access seem to get me in a programming mood. I took a six hour car ride and finally updated the SmoothGallery extension to work properly with newer versions of MediaWiki. I closed out a long standing bug with descriptions while I was at it. Here are the changes:

• Fixed bug when sgallery was used as a tag
• Fixed bug with use of the parser to recursively parse tags
• Fixed bug with descriptions. Descriptions can now be displayed, and wikitext can be used in them.

Web browsers don’t display very friendly error messages to users when SSL client authentication fails. What most people understand from the error message displayed is “This site doesn’t work for me”. This is a usability failure. Your site should always display useful error messages to your users.

Another common usability failure is to allow users to present multiple client certificates when your site only trusts a certain type of certificate. The user has no idea which certificate they need to present, and they shouldn’t need to. The common solution to this problem is to provide documentation as to which certificate should be used. This is a poor solution.