PaaS Evolves with Linux Containers and OpenStack

Having spent three years now working on OpenShift, the lesson I’ve learned from working in the cloud space is that if you aren’t evolving, you are doing something wrong. PaaS isn’t a static solution but a constantly progressing set of technologies to enable a better approach to building and running applications. But at Red Hat, the open source way is a critical aspect of how we work. To us, that means finding the best technology and best communities out there and working with them instead of against them. That is why we created OpenShift Origin with the mission of being able to experiment along with other communities to find the best solutions for our users. With that mission in mind, we are always looking for those adjacent communities and determining if they are a good fit. Looking ahead to next year, I see a couple of exciting community developments on the horizon, one centered around Linux Containers and the other centered around OpenStack.

First, let’s talk about Linux Containers. Personally, I think Linux Containers is one of the most exciting developments in the Linux kernel today. The combination of kernel namespace capabilities, coupled with Linux Control groups and a strong security model is changing how users think about isolating applications running on the same machine. But much like PaaS, Linux Containers isn’t a static solution. There are a lot of options that can be utilized to strike the right balance of isolation versus overhead. On OpenShift, we’ve been using our own variant of Linux Containers since day one. There's been a lot of community activity around containers and a few months ago, we noticed Docker. Docker introduced an innovative approach to container isolation and packaging which had the potential to both simplify our cartridges in OpenShift and increase user application portability.

A lot of stuff looks interesting on the surface, however we wanted to really dive in (i.e. start hacking) to see if this would be a good fit. We had a great experience working with the leads behind Docker and were able to close many of the initial gaps we hit to make Docker run seamlessly on the platforms critical to us, Fedora and RHEL, to enable us to start utilizing it on OpenShift. During that same time period, Docker was accepted as a Nova driver to the OpenStack project. With that foundation, we are getting ever closer to having a consistent portable container layer across the operating system (e.g. RHEL), IaaS (e.g. OpenStack) and PaaS (e.g. OpenShift). Better still is that we are able to take our experience with containers and work with hundreds of other community members to come up with the best approach going forward.

As excited as we are about the evolution of containers and better portability of applications, we also know the operational experience is equally critical. And more and more, that operational experience is centered around OpenStack. While we can run OpenShift very well on OpenStack and are even enabling better integration through projects like Heat and Neutron, we’ve had the feeling that there is a more fundamental set of capabilities in our platform today that could be native to OpenStack itself. And in doing that, we could drastically improve the operational experience.

It helps to talk through some of those operational challenges. An example of this is the visibility of containers in OpenStack. Almost every PaaS on the market right now uses some form of Linux containers. Arguably, it’s what makes a PaaS so efficient – this highly elastic mesh of containers that form your applications. However, if that PaaS doesn’t natively integrate with OpenStack, your operations team isn’t going to see those containers. They are just going to see the virtual machines in OpenStack and not have deeper visibility.

If that PaaS is natively integrated into OpenStack, things get really interesting. The containers themselves could be managed in OpenStack, opening up full visibility to the operations team. They wouldn’t just see a virtual machine that is working really hard, they would see exactly why. It would enable them to start using projects like Ceilometer to monitor those resources, Heat to deploy them, etc. In other words they could start leveraging more of OpenStack to do their jobs better. But where do you draw that line? Should OpenStack know about the applications themselves or just containers? In looking for those answers, we wanted to embrace the OpenStack community to help us draw that line, just like we did with Linux Containers.

OpenStack has a tremendous community and various areas where we could have started - Nova, Neutron, Heat, Ceilometer, Keystone, etc. At the end of the day, we were going to need to interact with all of them. That led to the Solum project. You might have seen the announcement today around the new community project. We will be working with a group of like minded companies and individuals to figure out the approach that makes the most sense for OpenStack. While OpenStack is a fast moving space, we have a lot of experience with it and believe that there is tremendous potential to align our PaaS approach with this project. Being Red Hat, we love community driven innovation, and we’re excited to jump in and help move this effort forward.

I think 2014 is going to be the most exciting year for PaaS to date. There is great traction in the market, developer expectations are starting to solidify and we’re seeing more and more traction in production. I believe the next advancements will come as much in the operational experience as with the developer experience. And I’m excited to find healthy and vibrant communities looking to solve the same problem. The end result will be that OpenShift users benefit from greater portability as well as deeper integration with OpenStack. This has been one of those moments that just crystallizes why I love working in open source.

If you are interested in finding out more, follow our progress at OpenShift Origin or get involved with the Solum project directly. And I’m sure there will be a lot of activity at the OpenStack Design Summit in Hong Kong, so if you're going to be there, come find us at one of our talks so we can hack on this together!

Tags: