Fathom.io is an easy-to-run cloud that supports the OpenStack APIs
fathom.ioWow - wasn't quite ready for this to go public, but I guess the (Octo)cat is out of the bag now. FathomCloud is an experiment in a really lightweight cloud, supporting existing cloud APIs, starting with the OpenStack API. It uses LXC so you can set it up on any Linux machine, even on EC2. It's also an experiment in trying to figure out new functionality that may be missing from OpenStack or other clouds.
Anyone that builds an XaaS (or even a complex website) ends up building a management layer on top of their cloud; there's no point in everyone rebuilding the same thing, and it should probably have a sane API. FathomCloud can replace that management layer.
There are definitely lots of rough edges. If anyone wants to try it out, please email me with any issues and I'll do my best. And I'm happy to answer any questions!
The IPv6 looks interesting, but how do the containers talk to the rest of the internet?
Great question! Every container gets an IPv6 and an IPv4 address. The IPv4 address is private (behind NAT), the IPv6 address is routable. So outbound traffic from the instance works to both IPv4 and IPv6.
For a simple instance, inbound traffic only works over IPv6. That's not really practical today, so there's support for floating IPv4 addresses. You can assign one IPv4 to an instance running a load balancer (haproxy, nginx), and then that uses IPv6 to talk to the backend instances. That's going to be documented within the week (I hope!)
Sadly, EC2 doesn't support IPv6, so we use protocol 41 (which wraps IPv6 in IPv4 packets), giving each EC2 instance a 2002: address. They can then talk to each other, or to other FathomCloud instances. They can talk to IPv6 servers that have a 2002: address configured.
Finally, most end-users don't have IPv6 either. There's a trick using SSH and tunnels to give you a quick-and-easy VPN, so you can get onto IPv6 from any machine. I'm going to blog about this, as it's the easiest way to get IPv6 and you get a VPN for free.
So it's a bit messy in the details, but with IPv4 floating IPs I think it all works. Using a single floating IPv4 to a loadbalancer is "the right thing to do" anyway in a cloud webserver setup. And I think it's totally worth it to say goodbye to NAT forever!
Is this using the OpenStack codebase or are the APIs reimplemented from scratch?
The APIs are re-implemented from scratch, from the OpenStack docs. The docs are pretty good, and the OpenStack community has been pretty good about improving them where there were gaps as well.
Part of the idea was not to use _any_ of the existing OpenStack code. Otherwise the temptation to copy-and-paste from OpenStack would have been too high, and copying and pasting defeats the whole purpose of doing a second implementation.
Equally, while I think there are some concepts that I hope will make it into the official OpenStack (such as a consistent Swift), there can be no copy and paste 'upstream' either because of the language barrier, which means that FathomCloud can be a true playground for experimentation.
IMHO that's good. I've done some OpenStack work (a JS client), and I think it could benefit from an alternate implementation - there was too much reverse engineering involved.
Sounds interesting - would love a link to your work if it's open source!
I raised a bug on CORS support[1], and then switched over to doing it all Serverside.
I was writing a cross-provider control console. Got a fair way along, but haven't released it.
Cool idea. I don't see any reason not to support CORS; all the OpenStack requests require a custom Auth http header anyway, so I don't think there's any danger in turning on CORS there. I didn't see anyone in the Launchpad bug report that was against it.
The only call that I think _might_ be dangerous to expose is the login API, but that should be rate-limited and / or have lockout anyway.
I've opened a bug to support CORS in FathomCloud. It's not a lot of work (I already have the filter in the repo, it's just not configured in). I just want to think it through to make sure it's safe: https://github.com/fathomdb/cloud/issues/50
If you follow the bug links there was actually an attempt made to fix it, but it was rejected as being incomplete.
I haven't chased it up, but I think it's an important use-case.
Thanks for pointing out the patch - I'll review the discussion.
It's definitely an important use case - no argument here :-)