{"id":1216,"date":"2012-06-29T09:11:55","date_gmt":"2012-06-29T14:11:55","guid":{"rendered":"http:\/\/linux.uits.uconn.edu\/mas02041\/?p=184"},"modified":"2012-06-29T09:11:55","modified_gmt":"2012-06-29T14:11:55","slug":"build-a-paas-using-open-source-software","status":"publish","type":"post","link":"https:\/\/technicalknow-how.com\/wp\/build-a-paas-using-open-source-software\/","title":{"rendered":"Build a PaaS using Open Source Software"},"content":{"rendered":"

Discussion about OpenShift. \u00a0OpenShift has been fully open-sourced, available on GitHub<\/a>\u00a0for local deployment, or directly usable as a hosted solution<\/a>.<\/p>\n

Rule #1: IaaS != PaaS<\/strong><\/p>\n

Virtual machines : Application is not necessarily 1:1<\/p>\n

Rule #2: PaaS is not a silver bullet<\/strong><\/p>\n

<\/strong>Great for Self-service deployment of applications, varied volatile workloads (development, testing, scale-up\/out), with tightly constrained application rules — which implies standardized deployments from template.<\/p>\n

Rule #3: PaaS is about developers — AND OPERATIONS!!!!<\/strong><\/p>\n

Operations becomes about capacity planning, not ticket-drive activities.<\/p>\n

Rule #4: Be ready to learn<\/strong><\/p>\n

<\/strong>Developers want languages variety, scaling models, integration models — and they want it automagically<\/p>\n

Operations want multi-tenancy, familiar installation, and sane configurations — all reproducible.<\/p>\n

What is an application?<\/strong><\/p>\n

Runtime (OpenShift cartridges)<\/p>\n

Code (One Git repository per application)<\/p>\n

Creating an App<\/strong><\/p>\n

The rhc tools are used to create a namespace (domain), then an application space which includes a name and cartridge type, and push the code.<\/p>\n

What do you get from public OpenShift?<\/strong><\/p>\n

<\/strong>A slice of the server, a private Git repository, deployment access.<\/p>\n

The PaaS service is comprised of a Broker (director front-end, RESTful) and Nodes. \u00a0Each node has multiple “gears” (containers secured with SELinux, constrained with cgroups, and isolated with Kernel namespaces and Bind Mounts).<\/p>\n

Extending OpenShift<\/strong><\/p>\n

Custom DNS plugins, auth plugs, security policies, and community cartridges. \u00a0Quick-start frameworks can be offered to community too.<\/p>\n

LXC and SELinux are the future for isolating and securing OpenShift…<\/strong><\/p>\n

… but right now, there are a many moving parts being used to provide isolation and security.<\/p>\n

PaaS demans a new security model<\/strong><\/p>\n

<\/strong>DAC just won’t cut-it, too complicated for PaaS. \u00a0MAC (SELinux!) is necessary.<\/p>\n

Step 1 – Unlearn this (and embrace SELinux)!<\/strong><\/p>\n

setenforce 0<\/pre>\n
Step 2 – Learn the ‘Z’ (to see SELinux contexts)<\/strong><\/p>\n
ls -lZ\nps -efZ<\/pre>\n
(Review of SELinux contexts and syntax provided)<\/strong><\/p>\n
http:\/\/fedoraproject.org\/wiki\/SELinux<\/a><\/p>\n
Demo – deployment of WordPress to OpenShift, in a VirtualBox LiveCD<\/strong><\/p>\n
The OpenShift QuickStart is available here:\u00a0https:\/\/github.com\/openshift\/wordpress-example<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
Discussion about OpenShift.  OpenShift has been fully open-sourced, available on GitHub for local deployment, or directly usable as a hosted solution. Rule #1: IaaS != PaaS Virtual machines : Application is not necessarily 1:1 Rule #2: PaaS is not a silver … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"wds_primary_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[123,128,129],"tags":[],"class_list":["post-1216","post","type-post","status-publish","format-standard","hentry","category-linux","category-redhat","category-summit"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p3749z-jC","_links":{"self":[{"href":"https:\/\/technicalknow-how.com\/wp\/wp-json\/wp\/v2\/posts\/1216"}],"collection":[{"href":"https:\/\/technicalknow-how.com\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technicalknow-how.com\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technicalknow-how.com\/wp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/technicalknow-how.com\/wp\/wp-json\/wp\/v2\/comments?post=1216"}],"version-history":[{"count":0,"href":"https:\/\/technicalknow-how.com\/wp\/wp-json\/wp\/v2\/posts\/1216\/revisions"}],"wp:attachment":[{"href":"https:\/\/technicalknow-how.com\/wp\/wp-json\/wp\/v2\/media?parent=1216"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technicalknow-how.com\/wp\/wp-json\/wp\/v2\/categories?post=1216"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technicalknow-how.com\/wp\/wp-json\/wp\/v2\/tags?post=1216"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}