Posts Tagged ‘HPLinux’

Last day at LinuxCon NA 2014

2014/08/27

Today the keynotes were dedicated to Openness and Hardware. The first was from a company, Makerbot, which spoke a lot about Openness, but that I saw more as trying to sell their 3D printers, rather then anything else :-( I even learned later from an attendee that they even tend to block innovation with their patents ! So maybe the LinuxFoundation should take care of not “giving” opportunity to such actors to speak to an Open Source audience if their state of mind is nearer from the closed source business. Having a community sharing 3D design doesn’t sound sufficient to me.

Jonathan Kuniholm

The second keynote was on the topic that even is 3D printing is such a hype at the moment, disallowed people still have a hard time finding useful prothesis, modern ones, les expensive ones, or building their own. I really encourage you to listen to Jonathan Kuniholm (the keynote doesn’t seem to be online, but TED provides one very similar). This was puzzling for me to see how few technology is helping people like him :-( So I think that if you have time, you should look at helping his initiative at openprosthetics.org/ rather than inventing yet another piece of software just because the existing one doesn’t happen to please you.

IBM Keynote

Finally we had the “usual” IBM keynote, showing how Linux on Power was great, and presenting the foundation built around it. But if you look at uses cases, you see that most of them are academics, where probably the hardware was given so it weakened the talk IMO. Of course, I’m working for a competitor, so I’m not completely neutral here. Anyway having a portable Linux is extremely important, but I think it will reveal its capabilities on x86 (well it has of course!) or ARM. It had on Itanium or Sparc or Power (Linux can enable them) but the problem is that market doesn’t want such high-end platforms anymore, as they were representing a closed approach even if that has changed since. Openness is what allows mass distribution today (in processors as those mentionned, or software as Android and hopefully Linux on the desktop ;-))

UEFI Summit

After the break, I passed my day in the UEFI mini-Summit. The goal was different from last year PlugFest during LinuxCon. Instead of targetting developers, the goal was to expain the technology to potential and existing Linux sysadmin or devops. And I think it went pretty well with regards to demystifying how UEFI works woith Linux, including SecureBoot and brought back the discussion at a technical level rather than an emotional one.

An introduction talk by Dong Wei, HP served as positioning the UEFI Forum, the various groups in it (with the inclusion of ACPI), the history of UEFI, current status, and helped put everybody at the same level.

Q&A session

After that we had a (always too short IMO) round table were the audience was given the possibility to ask questions to the panelists. And there were very tough questions asked around the usefulness of UEFI, the lockdown brough by SecureBoot, … and everytime clear and honets answers were given showing why UEFI is useful, why SecureBoot help increasing Linux security without restricting users possibilties and control over their platform. All in all a lot of myths were just addressed during that Q&A session which was really interactive.

After that, we had more formal presentations:

  • UEFI Secure Boot – Strengthening the Chain of Trust – Jeff Bobzin, Insyde Software & Kevin Lane, HP
    This session was mainly about how Secureboot is working from a technology perspective, and the various solutions existing with Linux and its boot loaders to use it, benefit from it as it really increase security by providing a chain of trust from firmware up to the kernel+intrd booted, with either standard UEFI keys or its own ones.
  • Jeff Bobzin & Kevin Lane

  • UEFI Test Tools for Linux Developers – Brian Richardson, Intel & Alex Hung, Canonical
    This session was on FWTS from Canonical which provides a UEFI firmware and ACPI test suite, used alot by manufacturers to check the conformity of their platform with the UEFI and ACPI specifications. Chipsec and LuvOS were also covered which provides other areas of test with regards to respectively security and an integrated Linux distribution calling all these tools and more, both developed by Intel.
  • Brian Richardson

  • Building ARM Servers with UEFI and ACPI – Dong Wei, HP & Roy Franz, Linaro
    This session was to give a status on UEFI support for ARM architecture, and was pretty interesting for me as I had no clue on where we are on this domain. And it seems they are catching up with Intel Architecture now and should be at parity very soon. ACPI is still less advanced, but will be there for ARM servers as requested by customers, whereas device tree will probably remain what will be used on nn server platforms.
  • Dong Wei

  • Self-signing the Linux Kernel (the hobbyist approach) – Zach Bobroff, AMI

    This last session was IMHO the best of the serie, because it was demo oriented (and I like demos !) and more over, it just worked !! The goal was to show how to register its own key used to sign its own kernel with SecureBoot, and rebooting a machine with and without key loaded to demonstrate the increased security brought by that mechanism. Was very clear and illustrative of what was described during the first session of the mini-Summit by Jeff and Kevin. Zach did an excellent job explaining each step and provided great details on how all that works, and finally showed to the audience that we shouldn’t be afraid of the feature, because we have the possibility with the shim bootloade to use our own keys without issue.
  • Zach's pres

You can listen to all these presentations at the UEFI web site. And I think it’s worth doing so for those who still have questions on the SecureBoot topic, as it will enlighten you and remove and barrier you may still see there.

UEFI Summit end

The event was then over, so it was time to benefit from my speaker gift, which was the possibility to use a boat and have a cruise around Chicago, which I did with Dong and it was a very good idea from the organizers to offer that gift. Hope the pictures will give ou a good idea of how we enjoyed it.

Second day at LinuxCon NA 2014

2014/08/23

Well I missed the first keynote this morning, not on purpose, even it was a Cisco one ;-) As Chicago climate was “foggy” I think I didn’t missed anything.

S. Hykes keynote

The second I didn’t want to miss was made by Solomon Hykes on Docker (which, as he rightly said, is the word you can’t miss on the Internet nowadays)
His topic was Docker explained through the ground reasons of its creation perspective. It was interesting to see his ability to step back and have a clear look on all the ways people are using his software, identify them through clear use cases, and looking forward on what his community still has to do in order to cover all the use cases he mentionned. I was pretty impressed by his vision, his humble but decided attitude, his optimism. I think our FLOSS ecosystem as clearly a new star here.

Solomon Hykes

And that’s probably among the reasons why the project is so successful. As I wanted to share my my HP colleagues how much I was impressed, I asked to him after the keynote whether he would accept to be one of our TuXTalk speaker for our FLOSS Profession, and to my surprise he accepted right away. Staying as accessible as that is for me another proof we have a new great flagship thinker. I really look forward listening more lenghtly to his thoughts and of course working with docker as such a clever person has for sure created a clever project ! My revelation of the week.

The last Keynote was from Dirk Hohndel from Intel. He stand up instead of the original Intel speaker who had an issue, and didn’t reused his material but used the 20 minutes of the talk to freely talk about two subjects: IoT and the Cloud (that being warned the day before).

Dirk Hohndel

He made a pretty funny talk, gathering easily the devs and devops in the room saying that “The Internet was made of things way before marketers get hold of it” or putting emphasis on us as a community rather than on corporations, or ditching the wireless network of the vent (which BTW was flacky indeed). He used that trick to made it easier for him to have adhesion of the audience, which he got. But at the end he passed few messages: one around the need of an Enterprise Group for OpenStack which was created, and another one around Intel promoting a new open standard and open source implementation for discovering and managing devices part of the IoT. More at openinterconnect.org. But don’t expect too much, as there is only 5 companies involved for now. I’m a bit afraid it could become like wimax in the past. But ok, it was an entertaining talk, and rather good due to the lack of preparation.

I then attended a talk from Linda Wang, Red Hat on Docker usage in Enterprise. I was rather disappointed as it remained a high level presentation without too much concrete. I’d have expect more here. The only interesting aspect was the analogy of docker with appartments in a building vs houses for VMs (cgroups being control of electricity, water, …) and the mention of Kubernetes, a container orchestration & management tool from Google.

Anita Kuno

As I had appreciated Anita Kuno’s talk at LCA this year I then chose to hear her again talking this time about OpenStack Technical Governance.

And while I knew already quite a lot, I leanred some interesting details about the roles and mechanisms around +1, +2, PTL, Technical Comitee, ATC, the election procedure and its Condorcet method. In particular she explained very well the difference between an OpenStack project (git repo) and an OpenStack program (entity recognized by TC, with a PTL, a mission statement)

With some examples around the theoritical definitions, this will become a very good talk people interested in FLOSS governance should listen to. And to stay around OpenStack, after the lunch, I then passed the rest of the afternoon in the HP Helion Workshop, delivered by Mark Dunnett from HP and coordinated by Sisi Chen from HP.

HP Helion Workshop

While I knew already quite a lot about the topic, I learned some additional details that I wasn’t aware of, which was the goal for me to attend, as well as to network with my Helion peers !

Mark passed in my opinion a bit too much time on the reminders around OpenStack, especially for the audience around.

He then detailed precisely the differences between HP Helion OpenStack Community and HP Helion OpenStack (why are our marketing guys making it so difficult to just understand stuff by not adding Enterprise to the last one is out of my understanding, and out of the one of many customers I’m interacting with). He thus underlined in the Community edition vs the Enterprise edition the support of KVM vs KVM + ESX (vCenter needed), the 6 weeks release cycle vs Quarterly release e.g. He also talked about the VXLAN support, Icinga addition and ESX proxying in the enterprise version (again my terminology, not HP’s). And our work on the TripleO and Ironic Programs (thanks Anita !), and their usage in all HP Helion OpenStack versions.

Mark Dunnett

He introduced a new component called sirius for the deployment of our storage systems, I ignored (and thus isn’t in the slideset referenced earlier yet). And explained more precisely than my slides how the HA environment is done with ha-proxy and keepalived added in overcloud controler, longside XtraDB for MySQL and RabbitMQ cluster.
And he contrates with the role of the Overcloud management controler which provides in addition some nova, ceilometer and sherpa services (in non-HA mode).

Finally he gave details on the embedded applications provided such as

  • the Distributed Virtual Router (DVR) for ovs available to ease east-west traffic between VMs, solving a performance issue and dependency on the network controller, being a SPOF. The DVR will also ease north-south traffic for floating IPs.
  • The L2 Gateway which adds mapping between VXLAN and VLAN (which are not able to communicate otherwise) using HP Network switch 59xx

The workshop should have contained a demo which would have made more concrete and real all the concepts seen and show the added value thatHP brings here by making the installation and preconfiguration of all these components just an easy task that every devops or sysadmin can perform to have a quick OpenStack distribution running. However, the demo had an issue and we weren’t able to go very far. Too bad as this is IMO key in such a workshop. Hopefully next version won’t have that issue.

Anyway A very good entry point for understanding our OpenStack based cloud offering, and I look forward working with them to replicate it in EMEA for our customers.

First day at LinuxCon NA 2014

2014/08/22

Porec

Interesting to pass from vacation with family in Croatia to France after 10 hours of drive and then the day after being in a plane, flying to Chicago to attend my 3rd LinuxCon, held this time in the mythic Chicago city.

Chicago

While I arrived Monday evening, I had time to catch up some mail, make some conf calls on Tuesday before attending the first part of the event, which was the VIP dinner. An opportunity to talk to HP colleagues I met for the first time physically, even if we already interacted electronically previously.

VIP dinner

A view on the VIP Dinner

Wednesday the 20th was the first day of the event which started as usual with Jim Zemlin’s Keynote. This time he chose to talk about what the Linux Foundation rules disallow: The Linux Foundation itself ! And more largely about the roles of foundations to support open source development, their key cleaning facility role.

Jim Zemlin

Jim had a quite funny slide exaplining how everybody is seeing him, while what he is really doing is cleaning stuff so Linus, Greg and thouands of others could code and manage Linux.

He also announced the new LF certification program (Certified sysadmin and Engineers). While I understand the need of having more recognized Open Source ad Linux Professionals, unlinked to a company (such as the RHCE one) I wonder whether we were needing a new certification wile we do have LPI. I hope the 2 will cooperate to avoid again proliferation. Not that proliferation is bad per se. But why dedicate multiple times efforts to create training supports, manage registrations, … when someone already works on that, maybe in a different way, but maybe patchable to be adopted by the LF. Hopefully this will be solved somehow.

LF certifications

After that we had the also traditional Linux Kernel panel moderated by Greg Kroah-Hartmann with Andy, S, Andrew Morton and Linus Torvalds of course. Nothing really new came out. Anyway, it’s always refreshing to see our heros on stage full of confidence and hope for what they do.

Kernel Round Table

Linus insisted once more on the fact he wants Linux to be more dominant on the desktop market. As a 21 years linux desktop user myself, I can only be in agreement with that. Where is however the docker of the desktop, that will make everybody want to change and move to it ? When people see my Mageia distro they’re always surprised how many stuff you can do out of the box with a Linux Desktop. Phones have helped people go away from the monopoly interface but Macs do not help bringing back people to Linux. If at least all people attending LinuxCon and developing FLOSS would run Linux, that would be great !

Linus Torvalds

Then it was time for elective sessions. I chose first to know more about devstack.
Sean Dague from HP presented OpenStack in 10 Minutes with devstack
devstack pulls everything from git. As it heavily modifies your system so do rather that in a VM/Container. devstack launches tempest (the OpenStack test suite) at the end for the install. Sean insisted on the flow of requests generated inside OpenStack and demonstrated how you can easily modify the devstack environment and re-run it to test easily your modification.

devstack provides an easy way to support modifications through a conf file. Example given if you add
API_RATE_LIMIT=False
you’ll avoid waiting for an answers from the server in case of devstack exceeding the standard rate of queries.
You can also use localrc.conf to pass specific variables up to the right component.

In order to use it, you’d need 4GB RAM (recommended). It can run in a VM (cirros will work nested). Sean warned that it does not reclone git trees by default and clean.sh should put everything back in order (but cleans stuff !)

Sean Dague

Good presentation, easy to follow and having a quick demo part which confirms that devstack is easy to use :-)

Then I attended Joe Brockmeier’s (Red Hat) presentation around Solving the package issue

Joe explained the notion of SW collections (living under /opt). It’s Available for RHEL, CentOS and Fedora. It brings a new scl command. If you type for example
scl enable php54 “app –option”
that app uses now php 5.4 while the rest of the system ignores it.
For that you’ll need new packages: scl-utils and scl-utils-build
There is a tool spec2scl to convert spec files to generate scl compatible packages.
For more info you can look at http://softwarecollections.org

A remark I made to myself and which was later explicitely said during the presentation is that scl is useful for RHEL to provide newer versions of SW onto the enterprise distributions, while it can also help provide older versions of SW into Fedora (which is moving so fast that not all SW can adapt !).
It’s a sort of Debian backports for RHEL.
Joe also presented rpm-ostree (derived from ostree, git-like for system binaries providing an immutable tree). Under development for now, so not completely usable and probably the least interesting solution.
He moved on with docker, but was pretty generic (on purpose) and seeing it as complementary to package management, whether I think docker is another way of deploying software, which is not caring of packages by providing a layered deployment approach. While I have packaged docker for Mageia, I’m not yet familiar eough with it to be sure of that, and I’m currently working on combining it with project-builder.org. So will comment later on on that.

Joe Brockmeier

Then it was time to animate the FLOSS Governance roundtable for which I was attending LinuxCon. I had what I think is probably the best panel to cover the vast topic with Eileen Evans from HP, Tom Callaway from Red Hat, Gary O’Neall from Source Auditor Inc., Bradley Kuhn from Software Freedom Conservancy (and of course 45 minutes wasn’t sufficient to talk about all the subjects part of this), but I think the interactions were very interesting and lively and hope the audience enjoyed them and learned new aspects of this capital topic for our ecosystem. Of course we talked about licenses, SPDX and its future new 2.0 version, but also of foundations (echoing Jim Zemlin’s keynote), contribution agreements or tax usage (Thanks Bradley !).

FLOSS Governance Roundtable

And this is just the first of a series of such round tables I’ll lead in future events, but more on that later on.

After that, I discussed with Bradley Kuhn and Jilayne Lovejoy about licenses, AGPL, and various related topics, and their feedback were as usual very rich.

Was then time to go back to the latest keynote sessions. The first one I followed was from a new company (for me) CEO, Jay Rogers from Local Motors who tries to make open hardware in the automotive sector.Worth looking at and following whether they will be successful.

Jay Rogers

Then, our own Eileen Evans was on stage to explain her view on the new FLOSS Professional. And I think at her place I’d have been even more impressed as she had a full room so probably some pressure to talk to all these devs and devops. And I think her voice showed that at the begining. But when she entered in the details of the presentation, she did as usual a great job and was particularly convincing. She showed how the FLOSS professional was more than others issued from diverse backgrounds, as she illustrated with her own one. She also showed the variety of activities that each of these people have to cope with everyday, again with an illustration of one of her day of work passing from a contract management or OSRB meeting to an OpenStack foundation board conf call.

Eileen Evans keynote

And that approach of the new FLOSS professional was a convincing echo to Jim Zemlin’s call for more professionals and the focus on people that many speakers have underlined. The FLOSS ecosystem indeed needs so many various competencies in addition to developers and FLOSS is so ubiquituous that the lack of resources is delaying some projects. And Eileen explained why this notion of FLOSS Professional is arising now. Which is in short because FLOSS usage has moved from hobbist developing for themselves to professional developing during work hours. And she also covered the impact on companies where the work in network/communities, between peers is the rule compared to the siloed classical approach. And so companies need people understanding this way of working to evolve.

Eileen Evans

It was then time to catch a bus and enjoy discussing with peers at the Museum of Science and Industry during the evening event where we could also explore the museum.

Museum of Science and Industry of Chicago

First attempt to present during the upcoming OpenStack Summit in Paris

2014/08/03

Just before leaving for vacation (Croatia is a great place to visit), I made 2 submissions for the next OpenStack Summit in Paris. It’s the first time I try to submit talks for this event. I could have done before, but this time, it’s very convenient as much nearer from where I live so thought it was a good opportunity to try.

So if you want to see me around for sure, vote for my talks ;-)

The first proposal is to have a round table on collaboration and coopetition in OpenStack, with speakers from HP (of course ;-)), Red Hat, SUSE and Mirantis, as I have good candidates in mind for this one that should generate interesting discussions and lower the heat If I can !

The second one is about a collaboration we recently had with ObjectifLibre around cinder improvements to support our MSA storage system. I think this is a good demonstration of collaboration between HP (a large corporation) and one of our VAR (value added reseller – SMB) around Open Source technology and pave the way for hopefully future improvements.

So if you find these talks can help make that Summit better, don’t hesitate to vote for them ! In any case, I’ll try to attend, as I’m more involved in HP Helion OpenStack and being there is definitely what I need to do to improve my network in this area. See you there then (or sooner in Chicago for LinuxCon)

Meet at HP ExpertOne Technology & Solutions Summit Again !

2014/06/13

For those of you working for an HP value added reseller (VAR) and attending the HP ExpertOne Technology & Solutions Summit in (again) Barcelona from the 24th to the 27th of June, feel free to meet during one of the session I’ll (co-)deliver:

For those of you wondering why project-builder.org and MondoRescue versions are not published more regularly, that gives you a hint ;-)

See you there to talk of these subjects or something else as you see fit. I’m around the whole week.

Fourth OpenStack Meetup for Rhône Alpes

2014/06/04

The fourth meetup for the OpenStack regional group will be organized again by HP at the HP/Intel Solution Center the 1st of July 2014.

We should have presentations about a new deployment tool by Mirantis, HP Helion by HP and Icehouse features and Juno roadmap.

Refer to http://www.meetup.com/OpenStack-Rhone-Alpes/ (in french) for more details and registration for those of you around.

Join us at HP: 5, avenue Raymond Chanas, Eybens, France
Access B10 HP

Do not forget Forj around Helion

2014/05/20

Caveat: I’m an HP employee, but info mentionned here are all public, and opinions/errors are just mine, as usual on my blog.

The recent announce of HP around Helion is really reinforcing investment made by my company in OpenStack and presenting the new involvement in CloudFoundry.

The key takeaway I got from it, after reading most of what was written is that we are providing every 6 weeks (think about it !) a new distribution of OpenStack (current being based on IceHouse), as an Open Source distribution, for which customers will be able to buy support. It’s based on TripleO for the bare metal deployment. This distribution is using HP’s own Linux for the controller and hypervisors nodes which is Debian based. Another interesting feature is the embedded update mechanism provided to make OpenStack updates easier (up to now, was simpler to reinstall a new version, not so much to update).

Another key point is the indemnification program. Martin Fink, who is behind this program, has been a long time advocate of Linux indemnification from HP. It was formely introduced when the SCO story was hot. It’s a strong commitment that HP know the code for both its OpenStack and Linux embedded distribution, believe in its licenses, and in its IP.

And last but not least, we do underline that Open Source business is mostly a service (and hardware for us) play, so we’re announcing OpenStack related services, and from my own tries with debugging OpenStack related issues, it will be probably very well received by customers, as it’s a real job, you need strong people knowing how it works, and where to look in order to debug issues.

And frankly, I feel better when I see 1 billion USD announced from HP in R&D around OpenStack technologies, than I felt when IBM announced last year its billion around PowerPC Linux. I think our dollars will produce more concrete results in the ecosystem (even if every USD dedicated to what is called today at LinuxCon “external” R&D is a good sign of the vitality of our ecossytem and some end up benefiting end customers). I think this part is as important as the one IBM made more than 10 years ago around Linux (not Power related) and shows that OpenStack will really become the commodity IaaS solution for all in a short future. It will for sure help a lot of customers consider that technology as being well supported by us (as well as many others). And reverse the trend we saw this morning when we asked how many companies were using Cloud (not even OpenStack) in their production environement, and only few hands raised !!.

I know this is changing quite a lot how IT departments handle IT today, but if they identify that they need an IaaS, then OpenStack is clearly the way to go: with our Helion announce we also do have the fact that hpcloud.com will soon be available on 20 additional HP data centers, meaning that we do consider it as production ready, even if it takes quite some efforts to reach that level, as we disclosed during an OpenStack meetup by presenting all the test work we do to reach enterprise grade level with a production OpenStack env.

Of course, as Martin Fink said rightly, “traditional” IT doesn’t go away. I have customers still operating mainframes, client-server apps, RDBMs, SMB shares, … and will for a long time. But in this new style of IT HP is promoting, for some new workloads and use cases, scaling out easily, it makes a lot of sense to adopt Cloud to support them. And if you adopt Cloud, then you should definitely look at OpenStack (and HP Helion of course) as the most promising technology to help you build it successfully.

And while it wasn’t part of the Helion announcement, as already presented during our last Discover event (and will be again in June), I think it’s important to remind readers of the availability of the Forj project. For development teams, this tool provides continuous integration à la OpenStack for just every development team, without the hassle of managing your own jenkins and associated tools. Definitely part for me of the Helion ecosystem and worth sharing around.

Soon back in the air and on the roads…

2014/04/17

There will be possibilities to meet with me in some exotic places (at least for me as I never travelled there before in May !

I’ll first be in Wien, Austria, early May but that’s to celebrate somewhere my 50th birthday (half a century as my kids like to call that ;-)) and during vacations so won’t talk something else than early music or rchitecture and pictures of the nice building over there !!

But after that, I’ll attend the UEFI plugfest in Seatlle again, and be in charge of managing the interface between Linux distributions and HP. So if you plan to attend, and want to test your Linux distribution on nice shiny UEFI hardware platforms, feel free to contact me so we can organize that meeting over there.

The week after that I’ll be in Japan to present again during a LinuxCon event ! I’m very lucky first to be retained as a presenter to talk another time about Mageia. And then to be sponsored by our VP & Deputy General Counsel, Cloud Computing and Open Source Eileen Evans who is leading HP’s Open Source Program Office and allowing me to attend.

So feel free to drop me a mail if you want to chat about any topic I can decently talk about such as Disaster Recovery and Imaging or Continuous Packaging and some other surely HP related !

See you there.

6th Technical Excellence Symposium (TES) in Grenoble 21-27 March 2014

2014/02/20

If you are an HP employee, or a Value Added Reseller (VAR), then I’d like to invite you to come to an Event I’m co-organizing:

TES logo

High Performance Computing and Open Source Linux
Technical Excellence Symposium
17 – 21 March 2014
Grenoble, France

TES fond

The goal is to gain expertise and increase your sales and earnings potential.

You are invited to the 2014 High Performance Computing and Open Source & Linux Technical Excellence Symposium. This highly regarded technological event dedicated to professionals is the unique opportunity to boost your skills and knowledge in just 4.5 days!!

Why should you attend the EMEA HPC & OSL event?

  • Receive an update on the entire HPC and Open Source & Linux solutions including Enterprise Storage, Servers and Networking (EG) portfolio.
  • Reinforce your knowledge in this focus area.
  • Connect with the HP management and peers in the HP Certified Professional Community.

Do not miss this exclusive opportunity to give your career a boost and be part of the HPC and OSL community. This is also an excellent opportunity to get the latest technology updates even if you participated in this event before.

Pre-register today to secure your seat by clicking on the following link: http://hp.inviteo.fr/HPC_OSL_TES2014/

Choose among over 100 technological and solution sessions, a mix of hands-on labs, breakout demos and round tables.

This technical event covers the HP’s broad enterprise products and solutions in an open source environment of high performance computing, web services portfolio and new product introductions (e.g. Moonshot program and big data solutions).

Along the sessions, you will meet the HPC and OSL experts to share knowledge and insights in many key business areas including competitive tools.

Back home and freshly armed with an enhanced skills set, you will be ready to provide a great business value to your customers.

Throughout the event, we will offer detailed tracks on High Performance Computing solutions portfolio using our HP Blade System, ProLiant Scalable servers, Storage Works and Network products and solutions using Open Source & Linux software products and services.

We will have a huge emphasis on topics like Hyperscale products, smart storage, purpose-built servers for big data, Moonshot program wave 2 solutions as well as open cloud solutions.

Our High-level agenda is available. The detailed one will be sent to you after your registration.

In addition, there will be:

  • Sponsor sessions delivered by top names in the industry
  • Presentations by HPC and Open Source experts
  • Evening events

For detailed program information, please visit the event website

Any question? We invite you to contact us at: TES-event_at_hp.com

We are looking forward to meeting you at the 2014 HPC and OSL Technical Symposium!

Gouvernance informatique: Il est temps d’y intégrer l’Open Source

2014/01/24

Dans le cadre de mes activités pour le Conseil des technologistes d’HP France, j’ai écrit un article pour le Webzine IT experts sur la l’intégration de Open Source et la gouvernance informatique disponible sur http://www.it-expertise.com/gouvernance-informatique-il-faut-integrer-lopen-source/. Un grand merci à Aurélie Magniez pour m’avoir aidé à faire cette publication.

Ci-dessous, une version légèrement modifiée qui tient compte de retours et rétablit certaines formules auxquelles je tiens, quoique moins journalistiquement correctes et certains liens (jugés trop nombreux par le Webzine, mais je tiens à citer mes sources, et Tim Berners-Lee ne les a pas inventés pour que l’on ne s’en serve pas non ? :-))

Bonne lecture !

Aujourd’hui en 2013, toutes les entités, publiques comme privées, en France, comme partout dans le monde, utilisent massivement des Logiciels Free, Libres et Open Source (abrégé en FLOSS (1)). Quelques exemples de cet état de fait sont fournis par la Linux Foundation, comme les 600 000 télévisions intelligentes vendues quotidiennement fonctionnant sous Linux ou les 1,3 millions de téléphones Andoïd activés chaque jour. Le dernier rapport de top500.org, présentant les super-calculateurs mondiaux, indique une utilisation de Linux à 96,4%. Des sociétés ayant aujourd’hui un impact quotidien sur notre environnement numérique telles que FaceBook ou Twitter ont non seulement bâti leur infrastructure sur une grande variété de FLOSS, mais ont aussi publié de grandes quantités de code et des projets complets sous licence libre. Ceci concerne aussi des acteurs plus classiques du monde de l’informatique comme HP ou IBM.

Ceci peut sembler normal, car on évolue là dans le monde du numérique, mais le phénomène touche tous les secteurs comme le montre une récente étude de l’INSEE, qui reporte que 43% des entreprises françaises d’au moins 10 personnes utilisent des suites bureautique FLOSS ou encore que 15% des sociétés de construction utilisent un système d’exploitation FLOSS par exemple. Cette large adoption se trouve corroborée par le développement de la filière FLOSS en France, comme rapporté par le CNLL, représentant en 2013 2,5 milliard d’Euros et 30 000 emplois.

Enfin, le secteur public n’est pas en reste avec la publication en septembre 2012 de la circulaire du premier ministre qui reconnait la longue pratique de l’administration des FLOSS, et incite celle-ci, à tous les niveaux, à un “bon usage du logiciel libre”, ce qui se vérifie dans certains ministères comme celui de l’intérieur ou de l’économie. Le ministère de l’éducation nationale a ainsi déployé 23 000 serveurs EOLE sous Linux et utilise de nombreux projets FLOSS pour la gestion multi-fonctions (réseau, sécurité, partage) des établissements scolaires.

Services impliqués dans la gouvernance FLOSS

Dans ce contexte d’utilisation généralisée, se posent certaines questions quant à la gouvernance particulière à mettre en place ou l’adaptation de celle existante pour accroître l’usage, la distribution, la contribution au FLOSS, tant pour les fournisseurs que pour les utilisateurs de ces technologies. En effet, les FLOSS ont des spécificités tant techniques qu’organisationnelles (rapport à la communauté, méthodologie de développement, licence utilisée) qui ont un impact sur la façon de les gérer dans une entité. La Gouvernance Open Source, aujourd’hui, doit donc être partie intégrante d’une Gouvernance Informatique.

Contrairement à ce qu’une rapide analyse pourrait laisser penser, ce n’est pas uniquement le service informatique qui est concerné par l’utilisation des FLOSS. Celle-ci touche la totalité de l’entité et le modèle de gouvernance doit donc être adapté en conséquence. En effet, le service des achats se voit souvent court-circuité par l’utilisation de composants logiciels téléchargés et non achetés en suivant les procédures qu’il met en place, le service du personnel ne dispose pas de contrats de travail statuant sur les contributions des employés à des projets FLOSS (ne parlons pas des stagiaires ou co-traitants), le service juridique doit apprendre à distinguer la licence Apache de la GPLv2, ou v3, le service de propriété intellectuelle considérer si telle modification faite à un projet FLOSS peut ou doit être reversée au projet, et dans quel contexte, voire le PDG évaluer, lors d’une scission de sa société en différentes entitées juridiques, l’impact représenté sur la redistribution de logiciels faite à cette occasion et le respect des licences utilisées. Ce ne sont que quelques exemples des questions auxquelles les entités doivent répondre dans le cadre d’une Gouvernance Informatique intégrant les FLOSS.

Ceci n’est pas un débat oiseux: il y a eu maintenant trop d’exemples allant jusqu’au procès et sur des problématiques de non-respect des licences FLOSS pour que les entreprises et services publics ignorent le problème. Les conséquences tant financières que sur leur image de marque peuvent être très importantes et causer des dommages beaucoup plus graves que ne le représente la mise en conformité (qui consiste le plus souvent en la seule publications des codes sources modifiés).

Il ne s’agit pas ici d’énoncer des éléments qui tendraient à restreindre l’utilisation des FLOSS dans une entité. Au contraire, les bénéfices de leur utilisation sont aujourd’hui trop évidents, la baisse des coûts induite par la mutualisation, les gains technologiques d’avoir des souches logicielles si versatiles et éprouvées doivent juste s’accompagner des mesures de gestion nécessaires pour en retirer tous les bénéfices annoncés. L’analyse des risques fait partie des choix quotidiens exercés au sein d’une entité et de même que pour une démarche qualité, l’impulsion doit venir du sommet de la hiérarchie de l’entité. Celle-ci doit soutenir la création des instances nécessaires à l’établissement d’une gouvernance FLOSS en leur donnant le pouvoir requis et l’interaction avec les différents services de l’entité.

Composants d’une gouvernance FLOSS

Tout d’abord, il s’agira de développer la compréhension de l’écosystème libre au sein de l’entité pour en appréhender les spécificités.

La première d’entre elles est la licence gouvernant les FLOSS. Comme pour toute utilisation d’un logiciel, ou d’un service, un utilisateur se voit décrit ses droits et ses devoirs au sein de ce document. Ceux-ci diffèrent selon que la licence est permissive (type Apache v2 par exemple), qui permet une utilisation (y compris pour des développement non-FLOSS) et une redistribution avec peu de contraintes (mentions légales et paternité par exemple). Elle permet ainsi à des sociétés de vendre des versions propriétaires d’Andoïd distribué sous Licence Apache v2 embarquées dans leurs téléphones portables. C’est ce qui permet de considérer cette licence comme “libre”. En regard on donnera également l’exemple des licences de gauche d’auteur (copyleft en anglais, type GPL v2 par exemple), qui permettent une utilisation tant que le logiciel distribué s’accompagne des sources (éventuellement modifiées) servant à le fabriquer. Elle permet à des projets comme le noyau Linux d’être développé par des milliers de développeurs tout en restant toujours accessible dans toutes ses variantes par la mise à disposition de son code source, dû à cette contrainte. C’est ce qui permet de considérer cette licence comme “libre”. Simplement les libertés sont vues ici sous l’angle du projet (qui le reste ad vitam aeternam) plutôt que sous celui de l’utilisateur comme dans l’autre cas. C’est la raison pour laquelle toutes ces licences sont considérées comme Open Source par l’OSI.

Une entité doit donc choisir les briques FLOSS qu’elle souhaite utiliser en fonction de l’usage prévu pour respecter les droits et devoirs d’usage codifiés dans les licences (ni plus ni moins qu’avec une offre non-FLOSS), sachant que, dans la plupart des cas, l’élément déclenchant l’application de la licence est la distribution du logiciel. Ainsi une société peut parfaitement utiliser un logiciel sous licence GPL v2, y faire des modifications et ne pas les publier, tant que l’usage reste interne à sa structure juridique (cas fréquent en mode utilisation de logiciel dans un département informatique). En revanche, si elle l’incorpore à un produit qu’elle commercialise, elle devra juste se mettre en conformité avec la licence et fournir en parallèle du produit un acccès aux dites sources.

Ceci n’est finalement pas si compliqué, eu égard aux gains énormes qu’elle peut en retirer en bénéficiant d’une brique logicielle éprouvée qu’elle n’a ni à développer, ni à maintenir. Dans tous les cas, il est important que son service juridique ait une compréhension des droits et devoirs des licences utilisées pour apporter le conseil requis, comme lors de la signature de contrats avec tout fournisseur.

On le voit, la formation du service juridique est à la base de la mise en place de toute gouvernance. D’autre part, il faut organiser au sein de l’entité la mise en relation entre ce service juridique et les équipes de développement. Non seulement pour qu’elles apprennent à se connaître, mais aussi pour qu’elles échangent sur leurs besoins réciproques et qu’elles comprennent comment chacune cherche à protéger l’entité pour laquelle elle oeuvre. Les uns le faisant eu égard au respect des règles de droit, ce qui comprend l’explication envers les développeurs des licences libres, les autres eu égard au mode d’utilisation des composants techniques spécifiques des équipes de développement.

Personnellement, en tant qu’ingénieur de formation, il m’a été très bénéfique de discuter avec divers avocats spécialistes des licences libres, pour mieux comprendre leur volonté de protéger l’entreprise pour laquelle ils travaillent et comment ils devaient le faire dans ce contexte. Et réciproquement, je sais que les informations techniques et exemples parfois complexes d’agrégats de composants logiciels les aident en retour à mieux tenir compte des cas particuliers qui peuvent se faire jour. La communication sur ce sujet doit dépasser dans l’entité les structures classiques et fonctionner comme une communauté.

Du reste, la seconde spécificité du logiciel libre est le fait qu’il est développé par une communauté de personnes partageant un intérêt pour ce logiciel. Il en existe de toute taille (d’un développeur assurant tout, jusqu’à plusieurs centaines de personnes comme les larges fondations comme Apache ou OpenStack). Etudier une communauté avant d’utiliser le composant libre qu’elle produit est une bonne pratique pour avoir des informations sur sa vitalité, son organisation, sa feuille de route, en plus des caractéristiques purement techniques du composant. Certains sites comme Ohloh peuvent aider à se forger une opinion dans ce domaine, pour les projets suivis. De même qu’il peut être alors pertinent de se poser la question des modes de contributions en retour. Cela peut consister en des correctifs, du code apportant de nouvelles fonctions, de la documentation, des traductions, une animation de communauté, de l’achat de prestation intellectuelle auprès de professionnels oeuvrant sur le composant ou un soutien financier à l’organisation d’un événement permettant le rassemblement physique de la communauté. Certaines entreprises, comme la Compagnie Nationale des Commissaires aux Comptes témoignent de leurs contributions en retour envers un projet tel que LibreOffice.

Comme précédemment, chacun de ces aspects pourra faire l’objet d’une étude dans le volet Open Source de la Gouvernance Informatique. On notera que la gestion de la proprété intellectuelle sera à considérer tout particulièrement pour les contributions sous forme de code, et en liaison avec la licence utilisée. Mais cet aspect peut aussi avoir un impact sur les contrats de travail des employés, des co-traitants, des stagiaires, afin de déterminer sous quelles conditions leurs contributions sont autorisées.

Encore une fois, il s’agit d’inciter les entités utilisatrices de logiciels libres à ne pas se contenter d’être de simples utilisatrices de FLOSS, mais à être actrices de l’écosystème et à contribuer à leur tour à l’améliorer en s’intégrant dans les communautés. Le dynamisme actuel autour des FLOSS est le fait du soutien très actif de nombreux utilisateurs. Pour ne citer qu’un exemple, on regardera la synergie créée autour du projet GENIVI par ses 120+ membres, dont de nombreuses sociétés hors secteur informatique.

Enfin la dernière spécifcité du logiciel libre est la méthodologie de développement utilisée par la communauté. Quoiqu’elles soient toutes attachées à l’accès au code, elles varient énormément d’un projet à l’autre, en fonction de sa taille, de son style de gouvernance, des outils utilisés et de son historique. Mais il est important pour une entité qui souhaite interagir avec une communauté d’en comprendre la culture. Si le noyau Linux a une méthodologie organisée autour d’un “dictateur bénévole” (Linus Torvalds) qui prend les ultimes décisions et de ses lieutenants, nommés, en qui il a toute confiance pour prendre les décisions concernant une branche de développement, d’autres projets comme OpenStack cherchent à adopter le mode le plus “méridémocratique” en procédant à l’élection des représentants techniques des branches du projet par les développeurs, et à celle des représentants au conseil d’administration par la totalité des membres de la fondation, quels que soient leurs rôles. Le processus d’intégration continue d’OpenStack implique des étapes précises pour y ajouter un patch par exemple. Cela nécessite d’abord une application sur l’arbre courant sans erreur, avant de devoir recevoir deux votes positifs puis de satisfaire le passage de l’ensemble des tests automatiques prévus. Et ceci s’applique aussi bien aux représentants techniques des branches du projet qui proposent des centaines de patches par an, ou au contributeur occasionnel faisant une modification mineure de documentation. En revanche, celui qui souhaite soumettre une modification sur le noyau Linux devra passer par des listes de diffusion où les échanges peuvent parfois se révéler vifs, et s’adapter aux desiderata potentiellement différents des mainteneurs de branches.

Bonnes pratiques de gouvernance FLOSS

Face à tous ces aspects de ce monde foisonnant, certaines bonnes pratiques simples peuvent permettre aux entreprises de faire les bons choix et de s’assurer une utilisation optimale des FLOSS en en tirant le meilleur profit sans mettre à risque leur bonne réputation par des actions mal vues des communautés.

Une première bonne pratique peut consister à créer un comité Open Source. Par exemple, pour un grand groupe, il peut être utile pour la direction générale de nommer des représentants des différents services (achats, ressources humaines, informatique, technique, juridique, propriété intellectuelle) pour définir la politique à mettre en place. Ce comité devra se réunir régulièrement, tant dans la phase de définition de la partie Open Source de la Gouvernance Informatique, qu’ultérieurement pour la réviser sur la base des retours des utilisateurs et l’évolution de projets. Il devra également avoir les moyens associés à ses missions. Un groupe de travail du Syntec Numérique a développé, pour les aider dans cette activité, des contrats types pour leurs fournisseurs, leur demandant de préciser avec leur livraison logicielle, l’inventaire exhaustif des licences utilisées. Une présentation sur les contrats faite au sein de ce groupe pourra être aussi consultée avec profit. La FSF France propose aussi des avenants de contrats de travail type pour les employés contribuant à des projets libres, et l’AFUL des modèles économiques et financement de projets FLOSS ou de communautés. Il sera ensuite facile de donner des missions et des pouvoirs plus étendus à ce groupe de personnes quand l’utilisation des FLOSS augmente. Dans le cadre d’une PME, un correspondant FLOSS sera sans doute suffisant (comme il peut y avoir un correspondant sécurité ou CNIL), tâche qui pourra même être sous-traitée à des sociétés specialisées dans le domaine.

Une fois le comité/correspondant nommé et la politique FLOSS établie, il faudra prévoir des cycles de formations. D’une part pour le service juridique pour le cas où il manquerait de compétences sur le domaine spécifique des licences libres. La société Alterway propose par exemple une formation par un juriste pour des juristes. D’autre part, en interne, auprès de l’ensemble du personnel pour expliquer cette nouvelle politique FLOSS.

En parallèle, il est important d’avoir une vision précise de l’utilisation actuelle des FLOSS dans son entité. Notamment pour vérifier que leur utilisation est conforme aux licences sous lesquelles ils sont utilisés. Les non-conformités sont plus souvent dûes à la méconnaissance qu’à une réelle volonté d’enfreindre les licences. Cette tâche peut paraître fastidieuse de prime abord, mais elle est à mon sens fondamentale pour se prémunir, en particulier si votre activité vous amène à redistribuer du logiciel à vos clients. Heureusement des outils existent pour automatiser ce travail d’inventaire et faciliter l’analyse des licences utilisées. Le premier à recommander est libre: FOSSology a été développé par HP pour son utilisation interne, puis rendu libre en 2007 sous licence GPLv2. Il collecte dans une base de données toutes les meta-données associées aux logiciels analyés (il peut traiter des distributions Linux entières sans problème) et permet l’analyse des licences réellement trouvées dans le code depuis une interface Web. De nombreuses entités outre HP comme Alcatel-Lucent, l’INRIA ou OW2 l’utilisent, y compris pour certains, en couplage avec leurs forges de développement. Mais son accès libre et sa facilité de mise en oeuvre ne le réserve pas qu’aux grands groupes et il devrait être systématiquement utilisé comme complément naturel d’un gestionnaire de source, ou d’outillage d’intégration continue. En complément, des outils non-FLOSS peuvent également aider à ce travail d’inventaire en donnant accès à des bases préétablies de composants connus et déjà inventoriés et fournissent de nombreuses autres fonctions. La société française Antelink, émanation de l’INRIA, a développé une grande expertise dans ce domaine et a couplé son outillage avec FOSSology. D’autres acteurs tels que Blackduck et Palamida ont également un outillage complémentaire à considérer.

On pourra de plus prévoir ultérieurement un mode de déclaration des usages de FLOSS, voire, si les requêtes sont nombreuses et régulières, créer un comité de revue spécifique en charge de les évaluer et de les approuver.

Enfin certains documents de référence tel que le Guide Open Source du Syntec Numérique, les fondamentaux de la Gouvernance des logiciels libres, la vision des grandes entreprises sur la gouvernance et maturité de l’Open Source et le site de référence FOSSBazaar pourront permettre un approfondissement des sujets évoqués et donner des bonnes pratiques additionnelles quant à la mise en oeuvre d’une gouvernance Open Source.

Et pour ceux qui souhaiteraient être accompagnés dans la démarche, des sociétés telles que Smile, Alterway, Linagora, Atos, Inno3 ou HP disposent de prestations d’aide à la mise en oeuvre d’une gouvernance Open Source. Mais que vous le fassiez seuls ou accompagnés, il est temps et j’espère que cet article vous aura donné quelques clefs pour intégrer l’Open Source dans votre politique de Gouvernance Informatique.

(1): Dans tout ce document, on utilise le terme de FLOSS comme terme générique recouvrant aussi bien la notion de « logiciel libre », « Free Software » qu’« Open Source », tout en sachant que des nuances existent.


Follow

Get every new post delivered to your Inbox.

Join 103 other followers