incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mattmann, Chris A (388J)" <>
Subject Re: [VOTE] CloudStack for Apache Incubator
Date Tue, 10 Apr 2012 17:47:21 GMT
+1 from me (binding).



On Apr 9, 2012, at 6:32 PM, Kevin Kluge wrote:

> Hi All.  I'd like to call for a VOTE for CloudStack to enter the Incubator.  The proposal
is available at [1] and I have also included it below.   Please vote with:
> +1: accept CloudStack into Incubator
> +0: don't care
> -1: do not accept CloudStack into Incubator (please explain the objection)
> The vote is open for at least 72 hours from now (until at least 19:00 US-PST on April
12, 2012).
> Thanks for the consideration.
> -kevin
> [1]
> Abstract
> CloudStack is an IaaS ("Infrastracture as a Service") cloud orchestration platform.
> Proposal
> CloudStack provides control plane software that can be used to create an IaaS cloud.
It includes an HTTP-based API for user and administrator functions and a web UI for user and
administrator access. Administrators can provision physical infrastructure (e.g., servers,
network elements, storage) into an instance of CloudStack, while end users can use the CloudStack
self-service API and UI for the provisioning and management of virtual machines, virtual disks,
and virtual networks.
> Citrix Systems, Inc. submits this proposal to donate the CloudStack source code, documentation,
websites, and trademarks to the Apache Software Foundation ("ASF").
> Background
> Amazon and other cloud pioneers invented IaaS clouds. Typically these clouds provide
virtual machines to end users. CloudStack additionally provides baremetal OS installation
to end users via a self-service interface. The management of physical resources to provide
the larger goal of cloud service delivery is known as "orchestration". IaaS clouds are usually
described as "elastic" -- an elastic service is one that allows its user to rapidly scale
up or down their need for resources.
> A number of open source projects and companies have been created to implement IaaS clouds. started CloudStack in 2008 and released the source under GNU General Public License
version 3 ("GPL v3") in 2010. Citrix acquired, including CloudStack, in 2011. Citrix
re-licensed the CloudStack source under Apache License v2 in April, 2012.
> Rationale
> IaaS clouds provide the ability to implement datacenter operations in a programmable
fashion. This functionality is tremendously powerful and benefits the community by providing:
> - More efficient use of datacenter personnel
> - More efficient use of datacenter hardware
> - Better responsiveness to user requests
> - Better uptime/availability through automation
> While there are several open source IaaS efforts today, none are governed by an independent
foundation such as ASF. Vendor influence and/or proprietary implementations may limit the
community's ability to choose the hardware and software for use in the datacenter. The community
at large will benefit from the ability to enhance the orchestration layer as needed for particular
hardware or software support, and to implement algorithms and features that may reduce cost
or increase user satisfaction for specific use cases. In this respect the independent nature
of the ASF is key to the long term health and success of the project.
> Initial Goals
> The CloudStack project has two initial goals after the proposal is accepted and the incubation
has begun.
> The Cloudstack Project's first goal is to ensure that the CloudStack source includes
only third party code that is licensed under the Apache License or open source licenses that
are approved by the ASF for use in ASF projects. The CloudStack Project has begun the process
of removing third party code that is not licensed under an ASF approved license. This is an
ongoing process that will continue into the incubation period. Third party code contributed
to CloudStack under the CloudStack contribution agreement was assigned to in exchange
for distributing CloudStack under GPLv3. The CloudStack project has begun the process of amending
the previous CloudStack contribution agreements to obtain consent from existing contributors
to change the CloudStack project's license. In the event that an existing contributor does
not consent to this change, the project is prepared to remove that contributor's code. Additionally,
there are binary dependencies on redistributed libraries that are not provided with an ASF-approved
license. Finally, the CloudStack has source files incorporated from third parties that were
not provided with an ASF-approved license. We have begun the process of re-writing this software.
This is an ongoing process that will extend into the incubation period. These issues are discussed
in more detail later in the proposal.
> Although CloudStack is open source, many design documents and discussions that should
have been publicly available and accessible were not publicized. The Project's second goal
will be to fix this lack of transparency by encouraging the initial committers to publicize
technical documentation and discuss technical issues in a public forum.
> Current Status
> Meritocracy
> CloudStack was originally developed by Sheng Liang, Alex Huang, Chiradeep Vittal, and
Will Chan. Since the initial CloudStack version, approximately 30 others have made contributions
to the project. Today, Sheng and Will are less involved in code development, but others have
stepped in to continue the development of their seminal contributions.
> Most of the current code contributors are paid contributors, employed by Citrix. Over
the past six months CloudStack has received several contributions from non-Citrix employees
for features and bug fixes that are important to the contributors. We have developed a process
for accepting these contributions that includes validating the execution of a CLA and incorporating
the contribution in the CloudStack in a manner that reflects the contributor's identity. This
process has not followed the Apache model.
> The CloudStack Project has had an open bug database for two years. While this database
includes ideas for enhancements to CloudStack, the committers have historically not asked
the greater community for pointed assistance. Going forward the Project will encourage all
community members to become committers and will make clear suggestions for features and bug
fixes that would most benefit the community and Project.
> Community
> CloudStack has an existing community comprising approximately 8,000 forum members on and 28,000 registrations for e-mail lists and newsletters relating to CloudStack.
All forums, developer and administrator mailing lists, and IRC channels are active. A number
of commercial entities (e.g., RightScale, AppFog, EnStratus) and open source projects (e.g.,
jClouds, Chef) have integrated with CloudStack.
> To date, the community comprises users - people that download a CloudStack binary and
install it to implement an IaaS cloud. The project expects that with independent governance
and the openness of the Apache development model we will significantly increase the amount
of developer participation within the community.
> Core Developers
> CloudStack spans a wide array of technologies: user interface, virtualization, storage,
networking, fault tolerance, database access and data modeling, and Java, Python, and bash
programming. There is significant diversity of knowledge and experience in this regard.
> Several of the initial committers have experience with other open source projects. Alex
Huang contributed to SCM-bug. Anthony Xu, Edison Su, Frank Zhang, and Sheng Yang have prior
experience with a combination of Xen and KVM. Chiradeep Vittal has contributed to OpenStack.
David Nalley has been contributing to Fedora for several years. David has also contributed
to Zenoss, Cobbler, GLPI, OCS-NG, OpenGroupware, Ceph, and Sheepdog.
> CloudStack development to date has largely been done in the U.S. and India.
> CloudStack has largely been developed by paid contributors.
> Alignment
> CloudStack has significant integration with existing Apache projects, and there are several
exciting opportunities for future cross-project collaboration.
> The CloudStack Management Server (i.e., the control plane) is deployed as a web application
inside one or more Tomcat instances.
> The Management Server uses Apache Web Services, Apache Commons, Apache XML RPC, Apache
log4j, and Apache HttpComponents httpcore. It is built with Apache Ant.
> There are strong opportunities for collaboration with other Apache Projects. Collaboration
with Hadoop has at least two exciting aspects:
> - CloudStack could provide an object store technology (similar to Amazon's S3 service)
in conjunction with the compute service (similar to Amazon's EC2 service) that it already
offers. HDFS from the Hadoop project is a promising technology for the implementation of the
object store.
> - It would also be possible to have CloudStack provision Hadoop compute nodes, either
through virtualization or directly to baremetal. With this CloudStack could become an optional
or required part of the infrastructure control plane for Hadoop.
> ZooKeeper might be helpful to implement a distributed cloud control plane in the future.
> Derby could be used as alternative database; CloudStack currently uses MySQL.
> ActiveMQ is a good option for some of the communication that occurs in the orchestration
of the cloud.
> It would be natural for Apache libcloud and Apache DeltaCloud to support the CloudStack
API and public clouds that expose it.
> As mentioned earlier the proposers are seeking an independent foundation to provide governance
for the project. ASF has clearly been successful in providing this, and we believe ASF is
the best match for the future goals of the project.
> Known Risks
> Orphaned products
> Citrix will work with the community to create the most widely deployed cloud orchestration
software. Citrix's internal "plan of record" commits significant budget to developing the
Project through 2014. Investment past 2014 is unspecified, but likely to continue given known
and predicted revenues from derivative commercial products.
> Citrix is developing a thriving business in conjunction with the prior and continued
success of the community and use of CloudStack. The project may be orphaned in the condition
where the Project has failed to obtain either non-paid committers or paid committers from
other vendors, and the committers paid by Citrix are re-assigned to another project.
> Inexperience with Open Source
> CloudStack has been open source since May, 2010, with the CloudStack 2.0 release by
> From May, 2010 to August, 2011 CloudStack was "open core", wherein approximately 95%
of the code was available with a GPLv3 license and 5% of the code was proprietary. During
this time the bug database was open and the source code was available. Project direction and
technical discussions occurred in a closed fashion. Few technical documents were publicly
> In August, 2011 CloudStack transitioned to 100% open source. The 5% proprietary code
was released publicly with a GPLv3 license. The bug database remained open. Project direction
and technical discussions occurred in a closed fashion. Some technical documents were shared
> During 2012 the proposers have posted a significant fraction of technical documents pertaining
to the recent CloudStack 3.0 release publicly. Some technical discussion has occurred in the
> In April, 2012 CloudStack was re-licensed under the Apache License v2.
> Several contributors have prior open source experience. This is discussed in the "Core
Developers" section.
> The CloudStack development process must change significantly to conform to the Apache
model. These changes include: carry on all technical conversations in a public forum, develop
all technical documentation publicly, follow the vote process on contribution approvals, and
promote individuals beyond the initial committers to committer status, based on merit.
> Homogenous Developers
> The Project has committers in two locations in India, one location in the UK, and one
location in the U.S. The technical knowledge of the committers is diverse, as evidenced by
the wide range of technologies that converge in CloudStack. The range of professional experience
of the committers is diverse as well, from a few months to 20+ years.
> The initial committers are all associated with the sponsoring entity. The Project will
have to work with the community to diversify in this area.
> Reliance on Salaried Developers
> The initial committers are all salaried committers.
> The initial committers have worked with great devotion to the project and have enjoyed
its success. We hope this will create an emotional bond to the project that will last beyond
their employment with Citrix Systems.
> We expect salaried committers from a variety of companies. CloudStack is an opportunity
for many vendors to enable their software and hardware to participate in the changes brought
by the development of an API that can manage datacenter infrastructure. It is also an opportunity
for datacenter operators to implement features they find helpful and share them with the community.
> We hope to attract unpaid committers. CloudStack is interesting technology that solves
many challenging problems, and cloud computing is popular in the industry media now. But,
few people will run a CloudStack deployment for personal use, and this may limit our ability
to attract unpaid committers. We hope that the technical domain is interesting to new committers
that will join us in improving CloudStack.
> Relationships with Other Apache Products
> Please see the Alignment section above.
> Apache Brand Awareness
> We expect that licensing CloudStack under the AL and associating it with the Apache brand
will attract additional contributors and CloudStack users. However, we have selected the ASF
as the best governance option for the project for the reasons discussed in the Rationale.
Further, we expect to continue development of the CloudStack under the AL with or without
the support of ASF.
> Citrix currently sells a proprietary version of CloudStack released as "Citrix CloudStack".
For the foreseeable future, Citrix expects to continue to sell orchestration software based
on CloudStack. Citrix will work with the ASF Incubator PMC and within the Podling Branding
guidelines to ensure that a new branding scheme is selected for Citrix's proprietary version
of CloudStack that is consistent with ASF's branding policies.
> Documentation
> The CloudStack project has publicly available administrator documentation, source code,
forums, and technical specifications. This documentation is available at the following sites:
> - forums, latest news, downloads, blogs; a good starting point.
> - installation guide, administration guide, API documentation,
technical specifications
> - past and future release plans, additional technical
> - current source. See the 3.0.x and master branches.
> Initial Source
> The genesis of CloudStack's source is discussed in the "Inexperience with Open Source"
> Citrix Systems currently owns the CloudStack code base. Committers use the repository
at to access and submit code. This repository is located in the U.S.
> We propose to donate the basis for the 3.0.x series of CloudStack releases. This is the
current release stream. Prior CloudStack versions have been kept as GPLv3 and currently receive
limited maintenance and no feature development. The software associated with these prior versions
will not be donated to ASF. Further, many branches exist and we see no benefit in recreating
this historical complexity within ASF infrastructure.
> Source and Intellectual Property Submission Plan
> Multiple intellectual property assets are associated with the CloudStack project. First
and foremost, the CloudStack source is protected by copyright. Upon acceptance into the ASF
incubation program, Citrix Systems anticipates licensing the CloudStack source to the ASF.
The licensed code will include all source code from the "master" branch at
> In addition to the source code, Citrix systems owns a number of trademark and domain
name assets that are used by the CloudStack project. Citrix anticipates donating substantially
all of these trademark and domain name assets upon acceptance into the ASF incubation program.
In particular, Citrix anticipates donating at least the CloudStack trademark and related domain
> CloudStack is protected by a number of pending patent applications owned by Citrix Systems.
Citrix Systems anticipates continuing to prosecute and maintain these patent applications
upon entry into the ASF incubation program. Citrix Systems is dedicated to protecting the
larger CloudStack community and will continue to obtain patents on CloudStack technology as
a way to protect contributors and members of the CloudStack community from outside threats.
> Internal Dependencies
> The CloudStack Management Server has some externally developed code embedded in it. This
code has come from a variety of sources and has a variety of licenses, some of which are not
approved by ASF for use in Apache projects. We have already begun the process of removing
and/or re-implementing code that does not have an approved license.
> [ Please see web page for this content ]
> Contributions made to the CloudStack prior to the switch to AL were done based on a CLA
that did not authorize re-licensing the contribution to AL. Citrix legal has prepared a new
document that requests contributors to authorize the re-license to AL. We are asking each
such contributor to sign this agreement. We will remove and/or re-implement the contributions
of prior committers that do not sign this agreement. We do not expect this issue to materially
impact the project.
> Citrix legal has also prepared a new CLA for the project that authorizes AL licensing
of contributions. This CLA will be used for contributions between the switch to AL and an
eventual donation of the source to ASF.
> External Dependencies
> The CloudStack Management Server uses a significant number of libraries. These libraries
are redistributed with CloudStack in binary form. Some of them have licenses that are not
approved by ASF for use in Apache projects. We will replace them with other libraries with
approved licenses or re-write the functions provided by the libraries.
> We expect that it will take 3 months to remove and/or re-implement the problematic embedded
source and problematic redistributed libraries.
> Binary Dependencies
> [ Please see web page for this content ]
> System Virtual Machines
> The CloudStack uses multiple Debian-based virtual machines to implement features of the
software. The source code that comprises the Debian-based virtual machines is GPL licensed.
> The CloudStack source code includes (AL) scripts that will download and build this software.
This software is downloaded from repositories external to, and will presumably
also be external to any Apache-owned infrastructure.
> The CloudStack will download and deploy virtual machines that are built with this GPL
software. Once deployed, the CloudStack will install AL-licensed software on to these virtual
> Since this GPL software is not present in the CloudStack repository we believe these
mechanisms will be approved by ASF for use in the Project, but we have included this explanation
for completeness.
> Cryptography
> The CloudStack makes use of encryption functions available via Java and the underlying
OS. We expect that the CloudStack will have to follow the export control procedures described
at When the CloudStack was previously registered with
BIS the open source version qualified for the TSU exception.
> The CloudStack uses https to communicate to XenServer and vCenter. ssh and scp are used
between the Management Server and hypervisor hosts as well.
> The CloudStack stores an MD5 hash of user password data. The CloudStack uses MySQL encryption
to store some data in an encrypted fashion.
> The CloudStack stores a pair of API public/secret keypairs for users. This is done using
javax.crypto.KeyGenerator with HMAC-SHA-1.
> The CloudStack does not specify key lengths explicitly. It uses SSH, SCP and lets them
negotiate encryption.
> The CloudStack provides a public HTTP-based API to provision and deprovision VPN users.
The CloudStack has internal Java-based abstractions for managing VPN users. This Java software
makes private API calls to another system, which will then provision the VPN user in the VPN
software on that other system. The actual set up of the VPN session is done using L2TP/IPSec.
> As mentioned earlier the CloudStack includes software to build and later deploy Debian-based
virtual machines. These VMs are stripped down versions of Debian that include encryption sufficient
for ssh/scp, https, and IPSec VPN to work. The CloudStack does not include the source for
these VMs. The maximum encrypted throughput of the VPN has not been determined.
> Required Resources
> Mailing Lists
> We request mailing lists to match the mailing lists currently in use, plus the recommended
private list. These are:
>    cloudstack-private: for confidential PPMC discussion
>    cloudstack-dev: for development discussions
>    cloudstack-user: for administrator and discussions
> Subversion Directory
> The CloudStack has used git for approximately two years. We understand that there is
a "prototype" git server available. We request an allocation on this git server. We believe
this will be less disruptive to the committers than a change to SVN.
> We request "/repos/asf/incubator/cloudstack".
> Issue Tracking
> We would like an allocation for Jira. CloudStack uses bugzilla today, but we have been
planning a move to Jira for some time. We request that the project name be "CloudStack".
> Other Resources
> The CloudStack Project includes several websites. Donation of these websites was discussed
in the IP submission plan. We would like to engage in discussion on the logistics of this.
> Initial Committers
> In the past few months several new developers have joined the Citrix CloudStack team.
We are recommending that only the developers with several months of experience with CloudStack
join as initial committers. The Project will then follow the meritocratic process to enable
the newer team members to become committers. We believe this will be a good exercise for us
as we transition to an Apache development model in the Project.
> The list of initial committers follows. At this time none of the initial committers has
a CLA on file with ASF.
>    Abhinandan Prateek,
>    Alena Prokharchyk,
>    Alex Huang,
>    Anthony Xu,
>    Brian Federle,
>    Chiradeep Vittal,
>    David Nalley,
>    Edison Su,
>    Frank Zhang,
>    Janardhana Reddy,
>    Jessica Tomechak,
>    Jessica Wang,
>    Kelven Yang,
>    Kevin Kluge,
>    Kishan Kavala,
>    Murali Reddy,
>    Nitin Mehta,
>    Prachi Damle,
>    Sam Robertson,
>    Sheng Yang,
>    Sonny Chhen,
>    Will Chan,
> Affiliations
> The initial committers are all affiliated with Citrix Systems.
> Sponsors
> Champion
> Jim Jagielski
> Nominated Mentors
> Jim Jagielski, Daniel Kulp, Alex Karasulu, Olivier Lamy, Brett Porter, Mohammad Nour,
Matt Hogstrom
> Sponsoring Entity
> We request that the Incubator sponsor this effort.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

Chris Mattmann, Ph.D.
Senior Computer Scientist
NASA Jet Propulsion Laboratory Pasadena, CA 91109 USA
Office: 171-266B, Mailstop: 171-246
Adjunct Assistant Professor, Computer Science Department
University of Southern California, Los Angeles, CA 90089 USA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message