Alicloud & RedHat Linux 7.4 BYOS

alibaba-cloud-logo

Alibaba Cloud (Alicloud or Aliyun) is a promising Chinese cloud provider that is becoming popular in the Asia-Pacific region. If you want to release services in China and be able to comply with Chinese privacy law, all your data need to stay in China. For this reason, Alicloud can be handy to start your journey in the Asian country.

Most businesses want to have the same certified workloads in China as well, and those are mostly based on RedHat Enterprise Linux (RHEL). Alicloud is a RedHat Certified Cloud Provider and offers RHEL images in their marketplace, but these images include a RedHat subscription. What if you have an Enterprise agreement and you want to use a Bring Your Own Subscription (BYOS) method?

Here are some handy tricks to bring RHEL 7.4 BYOS into Alicloud and start serving your customers in China.

Alicloud supports importing images in RAW and VHD format, which help us a lot. If you have an active RedHat subscription, you should download the RHEL 7.4 KVM guest image (see image below). This image is compatible with the Alicloud virtualization system; Alicloud is also compatible with cloud-init to customize the virtual machine at boot time. The direct link to the download page is here: https://access.redhat.com/downloads/content/69/ver=/rhel—7/7.4/x86_64/product-software

rhel guest.PNG

The next step would be converting the QCOW2 image into a RAW format. However, the conversion will expand the 500MB QCOW2 image into a 10GB RAW format. Uploading such a big file would be problematic if you do not sit in China and you have to traverse the Great Firewall of China.

As such, we will upload the QCOW2 image into Alicloud  Object Storage Service (OSS) and convert it using a temporary virtual machine in China. Create a bucket through the console and upload the image. Shall you need a GUI to perform the upload, an official GUI client named “OSS Browser” is available here: https://github.com/aliyun/oss-browser/blob/master/all-releases.md

I strongly recommend downloading also ossutil64, a CLI based tool for OSS, to be able to upload your image from the temporary Linux instance. The tool is available here: https://www.alibabacloud.com/help/doc-detail/50452.htm

Create a small Linux instance with the distro of your choice (I recommend CentOS) in your Chinese region (in my case Beijing), but ensure you have sufficient disk space. Once the instance is reachable, login and download the QCOW2 from the bucket using curl and the object URL. Convert it using qemu-img tool:

qcow-img -f qcow2 -O raw rhel-server-7.4-x86_64-kvm.qcow2 rhel-server-7.4-x86_64-kvm.img

Once converted, use the ossutil64 to upload the image to your previously created bucket.

Object Storage Service 1.PNG

If you click on the file, you can get its public URL in the preview. Copy the file URL as we will feed it into the image importer,

Object Storage Service detail.PNG

Go back to the Elastic Compute Service (ECS), select Image on the menu on the left and start the import through the “Import Image” functionality. In the OSS Object Address, insert the URL as copied before. Use Linux as operating system and RedHat as system platform. Mind to specify RAW as image format.

import image1.PNG

import image 2.PNG

The Alicloud image service will (slowly) import the image. If everything is successful, you should see an image similar to the one below:

image2.PNG

You can start a virtual machine with your newly created image and register your RedHat subscription with subscription-manager 🙂

Mia moglie vuole lo scontrino: una analisi dell’adozione cloud in Europa

I miei personali obiettivi del 2018 sono la semplificazione e la riduzione del “disagio” quotidiano. Una  e’ il proliferare di scontrini che si moltiplicano come i gremlins: la “collezione” di scontrini ormai a casa rasentava un livello inaccettabile.

Qualche giorno fa ho installato a mia moglie l’applicazione di un famoso supermercato, visto che offe la possibiimg_20130228_131815.jpglità di avere degli scontrini virtuali. All’atto della spesa, il supermercato in questione ti crea immediatamente un PDF, che e’ consultabile sia tramite app che tramite sito Internet.

Anche se l’applicazione e’ molto semplice da usare, dopo qualche spesa fatta in autonomia, mia moglie si e’ arrabbiata: “come si usa questo coso” e “non posso vedere quanti punti ho e se hanno sbagliato”, ha detto. Anche se bastava semplicemente guardare sull’applicazione, praticamente mi ha costretto a disabilitare la funzionalità dello scontrino virtuale: l’abitudine dello scontrino fisico ha vinto.

Vi chiederete: bella storia, ma cosa c’entra con il cloud?

Beh, e’ che nelle mie molteplici consulenze, con alcuni tipi di clienti alcune abitudini di avere “qualcosa di fisico” non muore.

Nel 2017 ho fatto un grande lavoro -insieme al mio team- per portare una piccola banca di affari di Londra totalmente su Amazon Web Services. Non avendo personale IT interno, ma soltanto persone che si occupavano del supporto desktop, l’idea che avevo avuto era di eliminare qualsiasi hardware on-site che non fosse strettamente necessario a far funzionare i desktop stessi. Se qualcosa si rompe, qualcuno deve metterla a posto, no? Se non c’e’ nessuno, chi sostituisce (ad esempio) un disco????

In realtà il management era molto favorevole a non avere “rogne” di gestione, quindi passata la “forca” del legal & compliance, abbiamo proceduto lentamente alla migrazione, facendo attenzione che non si “rompesse nulla”.

Server-relocation1Ora, a distanza di poco piu’ di un anno e completata la migrazione, il cliente ha chiesto di tornare indietro. Non per problemi tecnici, ne’ per problemi di performance. Con una linea veloce e ridondata, e a pochi hop da AWS, la sensazione era come essere leggermente piu’ lenti dei server locali.

Quindi qual’e’ il problema?? La paura di non avere piu’ i dati “nello sgabuzzino” e di perdere il controllo ha innescato un meccanismo psicologico al CEO che lo ha portato a prendere la decisione di tornare indietro, pur con un TCO più elevato e con la gesione dei possibili fault. Vorrei farvi notare che sto parlando di una banca della city di Londra, non dell’officina di “Zio Tonino”.

Cosa mi ha insegnato questa storia?

Mi ha insegnato che la tecnologia ci da a disposizione una infinita’ di strumenti e di possibilità, ma alcune mentalità sono veramente difficili da sradicare.

Piu’ vado da clienti in Europa e piu’ sto assistendo ad un vero e proprio paradosso. Con l’avvento di fibra e link radio ad alta velocità, le PMI Europee che maggiormente trarrebbero vantaggi dall’uso del cloud, sono quelle che sono piu’ restie al cambiamento. Al contrario, le grosse aziende che potrebbero fare economia di scala con l’adozione di un private cloud, oltre ad avere maggior controllo sulla sicurezza del dato, si rivolgono invece al public cloud (AWS, Azure, Google Compute Engine) perche’ cosi’ hanno “meno rogne” nella gestione del ciclo di vita dell’hardware e nei processi interni.

Cosa possiamo fare noi consulenti quindi?

La mia esperienza come entusiasta su Linux mi ha insegnato che le guerre di religione non servono a niente, ed -in fondo- e’ il cliente che paga. Il nostro ruolo e’ quindi quello di consigliare al meglio il cliente a seconda di quello che vuole fare.

Mentre aspettiamo che alcune tecnologie vengano “digerite” meglio, ho visto che una strategia vincente per chi vuole l’hardware on-premise e’ quello di offrire i servizi cloud sia per la parte di front-end web (ragioni di immagine), ma soprattutto quella di offrire la possibilità di avere un disaster recovery veloce, rapido e a basso costo.

Dall’altra parte, invece, possiamo proporre a chi ha tutto in cloud, la possibilità di creare un micro-ambiente interno su cui poggiare l’infrastruttura, ad esempio con un private cloud basato su OpenStack con soli 3 nodi, un object storage per il backup o un sistema Kubernetes/Docker, tenendosi pronti a “scalare” con automatismi quando “in emergenza” dovremmo accendere i sistemi in casa.

Backing up GitLab on OpenStack

When I walk in a new customer, is not just about OpenStack, but also help them automating their internal processes, usually with Ansible. As soon as I have OpenStack up&running, the first thing I do is deploy an internal Gitlab.

I use git to keep track of the changes and the stable releases of the Ansible scripts I use to customize OpenStack images after provisioning.

Backing up Gitlab is very critical, as it holds many hours of my job. As I’m an OpenStack maniac, I find very handy to use Swift as a backup area. It is technically possibile to backup Gitlab on Swift, but in my opinion poorly documented. Here’s a quick howto I decided to share.

In Gitlab configuration file /etc/gitlab/gitlab.rb add OpenStack as follows:

gitlab_rails['backup_keep_time'] = 604800

gitlab_rails['backup_upload_connection'] = {
'provider' => 'OpenStack',
'openstack_auth_url' => 'http://keystone.openstack:5000/v2.0/tokens',
'openstack_username' => 'admin',
'openstack_api_key' => 'admin',
'openstack_tenant' => 'admin'
}
gitlab_rails['backup_upload_remote_directory'] = 'gitlab'

Note that the keystone endpoint (auth uri) MUST include the version 2.0 and MUST end with “tokens”, otherwise the fog component will fail (the ruby library used by Gitlab). As openstack_api_key specify your keystone password. If your OpenStack installation has  multiple regions, you need to add the following to the previous:

'openstack_region' => 'region-two'

Now that the file editing is done, you have to refresh the Gitlab configuration with:

sudo gitlab-ctl reconfigure

You can test if the backup is working by using the Gitlab backup command with the following command:

gitlab-rake gitlab:backup:create

In my setups, ansible files aren’t changed that much once done. I usually create a script in /etc/cron.weekly/ to backup the files every week.

Et voila’, bon appetit 🙂

Interviewed on Swiss National Television

RSIXScreenX1 The TV show Falò from the Swiss National Television reports on Swiss-related news.  On October 2015, the national television investigated on the migration of people from the Swiss-italian part Ticino, to Zurich.

During this report, I was interviewed as a “success story” of migration and shows my success in Zürich with RackSpace and HP. If you understand italian, you can watch it here: http://www.rsi.ch/la1/programmi/informazione/falo/Via-dal-Ticino—Dipendenze-digitali-6149179.html

Mentioned on Forrester report on OpenStack

On May 18 2015 Forrester Research Inc, the well-known independent technology and market research company, has published a paper “OpenStack is ready, are you?“.

I’m happy that I’ve been mentioned as a source for their OpenStack security research. It’s a small step, but it’s the top recognition of OpenStack knowledge, along the HP Most Valuable Professional award on OpenStack.

You can download the paper from the link below:

https://www.openstack.org/assets/pdf-downloads/OpenStack-Is-Ready-Are-You.pdf

End of OpenStack Explained e-book campaign

ScreenXShotX2015-07-22XatX17.32.02London & Zurich, July 22nd 2015 – My e-book campaign is over. The OpenStack Explained ebook collected almost 5’000 CHF that will allow Helvetas to help the Nepalese population after the terrible earthquake of last April 2015.

I must admit that the initial goal of 20’000 CHF was pretty ambitious: it was based on my calculation that my previous publication on the subject (Comparing IaaS) had almost 30’000 views on Slideshare.

I honestly don’t if the donation of even 1 CHF was a psychological barrier that prevented to reach the same goal. What I can tell you is that I expected much more cooperation from journalists and the “echo effect” from the social media.

Nevertheless, I need to thank who supported me the most during this campaign, i.e. Suzanna Litwin from HP and Vera Schneider from SuSE , who pushed really hard on all the social networks.

Many thanks also goes to Jeff Cotten (Managing Director of Rackspace International), Gianluca Pancaccini (CIO of Telecom Italia) and Ralf Flaxa (Vice President of Engineering at SUSE): they provided great quotes to sustain my ebook during the campaign.

But most,  I need to thank all the donors who contributed to help the Nepalese population. I will contact them one-by-one to give a personal thank you message.

Follow me on:

[fruitful_btn link=”https://twitter.com/gpaterno”%5DTwitter%5B/fruitful_btn%5D [fruitful_btn link=”https://www.facebook.com/gpaterno”%5DFacebook%5B/fruitful_btn%5D

HP Most Valuable Professional Award

MVP-logoI am very honored to receive today the HP Helion Most Valuable Professional Award for:

your considerable community contributions to OpenStack and your strong presence in the community. This exclusive award is presented to a select group of individuals, like yourself, who show strong technical skills combined with community leadership.

Suzanna K. Litwin, HP Helion Community Manager

Thanks to Suzanna Litwin and Enrico Gaetani from HP