incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gianugo Rabellino <>
Subject Re: [VOTE] CloudStack for Apache Incubator
Date Tue, 10 Apr 2012 22:34:36 GMT
+1 (binding)

From: Kevin Kluge
Sent: 4/9/2012 18:32
Subject: [VOTE] CloudStack for Apache Incubator
Hi All.  I'd like to call for a VOTE for CloudStack to enter the
Incubator.  The proposal is available at [1] and I have also included
it below.   Please vote with:
+1: accept CloudStack into Incubator
+0: don't care
-1: do not accept CloudStack into Incubator (please explain the objection)

The vote is open for at least 72 hours from now (until at least 19:00
US-PST on April 12, 2012).

Thanks for the consideration.




CloudStack is an IaaS ("Infrastracture as a Service") cloud
orchestration platform.


CloudStack provides control plane software that can be used to create
an IaaS cloud. It includes an HTTP-based API for user and
administrator functions and a web UI for user and administrator
access. Administrators can provision physical infrastructure (e.g.,
servers, network elements, storage) into an instance of CloudStack,
while end users can use the CloudStack self-service API and UI for the
provisioning and management of virtual machines, virtual disks, and
virtual networks.

Citrix Systems, Inc. submits this proposal to donate the CloudStack
source code, documentation, websites, and trademarks to the Apache
Software Foundation ("ASF").


Amazon and other cloud pioneers invented IaaS clouds. Typically these
clouds provide virtual machines to end users. CloudStack additionally
provides baremetal OS installation to end users via a self-service
interface. The management of physical resources to provide the larger
goal of cloud service delivery is known as "orchestration". IaaS
clouds are usually described as "elastic" -- an elastic service is one
that allows its user to rapidly scale up or down their need for

A number of open source projects and companies have been created to
implement IaaS clouds. started CloudStack in 2008 and
released the source under GNU General Public License version 3 ("GPL
v3") in 2010. Citrix acquired, including CloudStack, in
2011. Citrix re-licensed the CloudStack source under Apache License v2
in April, 2012.


IaaS clouds provide the ability to implement datacenter operations in
a programmable fashion. This functionality is tremendously powerful
and benefits the community by providing:

- More efficient use of datacenter personnel
- More efficient use of datacenter hardware
- Better responsiveness to user requests
- Better uptime/availability through automation

While there are several open source IaaS efforts today, none are
governed by an independent foundation such as ASF. Vendor influence
and/or proprietary implementations may limit the community's ability
to choose the hardware and software for use in the datacenter. The
community at large will benefit from the ability to enhance the
orchestration layer as needed for particular hardware or software
support, and to implement algorithms and features that may reduce cost
or increase user satisfaction for specific use cases. In this respect
the independent nature of the ASF is key to the long term health and
success of the project.

Initial Goals

The CloudStack project has two initial goals after the proposal is
accepted and the incubation has begun.

The Cloudstack Project's first goal is to ensure that the CloudStack
source includes only third party code that is licensed under the
Apache License or open source licenses that are approved by the ASF
for use in ASF projects. The CloudStack Project has begun the process
of removing third party code that is not licensed under an ASF
approved license. This is an ongoing process that will continue into
the incubation period. Third party code contributed to CloudStack
under the CloudStack contribution agreement was assigned to
in exchange for distributing CloudStack under GPLv3. The CloudStack
project has begun the process of amending the previous CloudStack
contribution agreements to obtain consent from existing contributors
to change the CloudStack project's license. In the event that an
existing contributor does not consent to this change, the project is
prepared to remove that contributor's code. Additionally, there are
binary dependencies on redistributed libraries that are not provided
with an ASF-approved license. Finally, the CloudStack has source files
incorporated from third parties that were not provided with an
ASF-approved license. We have begun the process of re-writing this
software. This is an ongoing process that will extend into the
incubation period. These issues are discussed in more detail later in
the proposal.

Although CloudStack is open source, many design documents and
discussions that should have been publicly available and accessible
were not publicized. The Project's second goal will be to fix this
lack of transparency by encouraging the initial committers to
publicize technical documentation and discuss technical issues in a
public forum.

Current Status


CloudStack was originally developed by Sheng Liang, Alex Huang,
Chiradeep Vittal, and Will Chan. Since the initial CloudStack version,
approximately 30 others have made contributions to the project. Today,
Sheng and Will are less involved in code development, but others have
stepped in to continue the development of their seminal contributions.

Most of the current code contributors are paid contributors, employed
by Citrix. Over the past six months CloudStack has received several
contributions from non-Citrix employees for features and bug fixes
that are important to the contributors. We have developed a process
for accepting these contributions that includes validating the
execution of a CLA and incorporating the contribution in the
CloudStack in a manner that reflects the contributor's identity. This
process has not followed the Apache model.

The CloudStack Project has had an open bug database for two years.
While this database includes ideas for enhancements to CloudStack, the
committers have historically not asked the greater community for
pointed assistance. Going forward the Project will encourage all
community members to become committers and will make clear suggestions
for features and bug fixes that would most benefit the community and


CloudStack has an existing community comprising approximately 8,000
forum members on and 28,000 registrations for e-mail
lists and newsletters relating to CloudStack. All forums, developer
and administrator mailing lists, and IRC channels are active. A number
of commercial entities (e.g., RightScale, AppFog, EnStratus) and open
source projects (e.g., jClouds, Chef) have integrated with CloudStack.

To date, the community comprises users - people that download a
CloudStack binary and install it to implement an IaaS cloud. The
project expects that with independent governance and the openness of
the Apache development model we will significantly increase the amount
of developer participation within the community.

Core Developers

CloudStack spans a wide array of technologies: user interface,
virtualization, storage, networking, fault tolerance, database access
and data modeling, and Java, Python, and bash programming. There is
significant diversity of knowledge and experience in this regard.

Several of the initial committers have experience with other open
source projects. Alex Huang contributed to SCM-bug. Anthony Xu, Edison
Su, Frank Zhang, and Sheng Yang have prior experience with a
combination of Xen and KVM. Chiradeep Vittal has contributed to
OpenStack. David Nalley has been contributing to Fedora for several
years. David has also contributed to Zenoss, Cobbler, GLPI, OCS-NG,
OpenGroupware, Ceph, and Sheepdog.

CloudStack development to date has largely been done in the U.S. and India.

CloudStack has largely been developed by paid contributors.


CloudStack has significant integration with existing Apache projects,
and there are several exciting opportunities for future cross-project

The CloudStack Management Server (i.e., the control plane) is deployed
as a web application inside one or more Tomcat instances.

The Management Server uses Apache Web Services, Apache Commons, Apache
XML RPC, Apache log4j, and Apache HttpComponents httpcore. It is built
with Apache Ant.

There are strong opportunities for collaboration with other Apache
Projects. Collaboration with Hadoop has at least two exciting aspects:
- CloudStack could provide an object store technology (similar to
Amazon's S3 service) in conjunction with the compute service (similar
to Amazon's EC2 service) that it already offers. HDFS from the Hadoop
project is a promising technology for the implementation of the object
- It would also be possible to have CloudStack provision Hadoop
compute nodes, either through virtualization or directly to baremetal.
With this CloudStack could become an optional or required part of the
infrastructure control plane for Hadoop.

ZooKeeper might be helpful to implement a distributed cloud control
plane in the future.

Derby could be used as alternative database; CloudStack currently uses MySQL.

ActiveMQ is a good option for some of the communication that occurs in
the orchestration of the cloud.

It would be natural for Apache libcloud and Apache DeltaCloud to
support the CloudStack API and public clouds that expose it.

As mentioned earlier the proposers are seeking an independent
foundation to provide governance for the project. ASF has clearly been
successful in providing this, and we believe ASF is the best match for
the future goals of the project.

Known Risks

Orphaned products

Citrix will work with the community to create the most widely deployed
cloud orchestration software. Citrix's internal "plan of record"
commits significant budget to developing the Project through 2014.
Investment past 2014 is unspecified, but likely to continue given
known and predicted revenues from derivative commercial products.

Citrix is developing a thriving business in conjunction with the prior
and continued success of the community and use of CloudStack. The
project may be orphaned in the condition where the Project has failed
to obtain either non-paid committers or paid committers from other
vendors, and the committers paid by Citrix are re-assigned to another

Inexperience with Open Source

CloudStack has been open source since May, 2010, with the CloudStack
2.0 release by

>From May, 2010 to August, 2011 CloudStack was "open core", wherein
approximately 95% of the code was available with a GPLv3 license and
5% of the code was proprietary. During this time the bug database was
open and the source code was available. Project direction and
technical discussions occurred in a closed fashion. Few technical
documents were publicly available.

In August, 2011 CloudStack transitioned to 100% open source. The 5%
proprietary code was released publicly with a GPLv3 license. The bug
database remained open. Project direction and technical discussions
occurred in a closed fashion. Some technical documents were shared

During 2012 the proposers have posted a significant fraction of
technical documents pertaining to the recent CloudStack 3.0 release
publicly. Some technical discussion has occurred in the open.

In April, 2012 CloudStack was re-licensed under the Apache License v2.

Several contributors have prior open source experience. This is
discussed in the "Core Developers" section.

The CloudStack development process must change significantly to
conform to the Apache model. These changes include: carry on all
technical conversations in a public forum, develop all technical
documentation publicly, follow the vote process on contribution
approvals, and promote individuals beyond the initial committers to
committer status, based on merit.

Homogenous Developers

The Project has committers in two locations in India, one location in
the UK, and one location in the U.S. The technical knowledge of the
committers is diverse, as evidenced by the wide range of technologies
that converge in CloudStack. The range of professional experience of
the committers is diverse as well, from a few months to 20+ years.

The initial committers are all associated with the sponsoring entity.
The Project will have to work with the community to diversify in this

Reliance on Salaried Developers

The initial committers are all salaried committers.

The initial committers have worked with great devotion to the project
and have enjoyed its success. We hope this will create an emotional
bond to the project that will last beyond their employment with Citrix

We expect salaried committers from a variety of companies. CloudStack
is an opportunity for many vendors to enable their software and
hardware to participate in the changes brought by the development of
an API that can manage datacenter infrastructure. It is also an
opportunity for datacenter operators to implement features they find
helpful and share them with the community.

We hope to attract unpaid committers. CloudStack is interesting
technology that solves many challenging problems, and cloud computing
is popular in the industry media now. But, few people will run a
CloudStack deployment for personal use, and this may limit our ability
to attract unpaid committers. We hope that the technical domain is
interesting to new committers that will join us in improving

Relationships with Other Apache Products

Please see the Alignment section above.

Apache Brand Awareness

We expect that licensing CloudStack under the AL and associating it
with the Apache brand will attract additional contributors and
CloudStack users. However, we have selected the ASF as the best
governance option for the project for the reasons discussed in the
Rationale. Further, we expect to continue development of the
CloudStack under the AL with or without the support of ASF.

Citrix currently sells a proprietary version of CloudStack released as
"Citrix CloudStack". For the foreseeable future, Citrix expects to
continue to sell orchestration software based on CloudStack. Citrix
will work with the ASF Incubator PMC and within the Podling Branding
guidelines to ensure that a new branding scheme is selected for
Citrix's proprietary version of CloudStack that is consistent with
ASF's branding policies.


The CloudStack project has publicly available administrator
documentation, source code, forums, and technical specifications. This
documentation is available at the following sites:
- forums, latest news, downloads, blogs; a good
starting point.
- installation guide, administration
guide, API documentation, technical specifications
- past and future release plans,
additional technical documentation
- current source. See the 3.0.x and master branches.

Initial Source

The genesis of CloudStack's source is discussed in the "Inexperience
with Open Source" section.

Citrix Systems currently owns the CloudStack code base. Committers use
the repository at to access and submit code. This
repository is located in the U.S.

We propose to donate the basis for the 3.0.x series of CloudStack
releases. This is the current release stream. Prior CloudStack
versions have been kept as GPLv3 and currently receive limited
maintenance and no feature development. The software associated with
these prior versions will not be donated to ASF. Further, many
branches exist and we see no benefit in recreating this historical
complexity within ASF infrastructure.

Source and Intellectual Property Submission Plan

Multiple intellectual property assets are associated with the
CloudStack project. First and foremost, the CloudStack source is
protected by copyright. Upon acceptance into the ASF incubation
program, Citrix Systems anticipates licensing the CloudStack source to
the ASF. The licensed code will include all source code from the
"master" branch at

In addition to the source code, Citrix systems owns a number of
trademark and domain name assets that are used by the CloudStack
project. Citrix anticipates donating substantially all of these
trademark and domain name assets upon acceptance into the ASF
incubation program. In particular, Citrix anticipates donating at
least the CloudStack trademark and related domain names.

CloudStack is protected by a number of pending patent applications
owned by Citrix Systems. Citrix Systems anticipates continuing to
prosecute and maintain these patent applications upon entry into the
ASF incubation program. Citrix Systems is dedicated to protecting the
larger CloudStack community and will continue to obtain patents on
CloudStack technology as a way to protect contributors and members of
the CloudStack community from outside threats.

Internal Dependencies

The CloudStack Management Server has some externally developed code
embedded in it. This code has come from a variety of sources and has a
variety of licenses, some of which are not approved by ASF for use in
Apache projects. We have already begun the process of removing and/or
re-implementing code that does not have an approved license.

[ Please see web page for this content ]

Contributions made to the CloudStack prior to the switch to AL were
done based on a CLA that did not authorize re-licensing the
contribution to AL. Citrix legal has prepared a new document that
requests contributors to authorize the re-license to AL. We are asking
each such contributor to sign this agreement. We will remove and/or
re-implement the contributions of prior committers that do not sign
this agreement. We do not expect this issue to materially impact the

Citrix legal has also prepared a new CLA for the project that
authorizes AL licensing of contributions. This CLA will be used for
contributions between the switch to AL and an eventual donation of the
source to ASF.

External Dependencies

The CloudStack Management Server uses a significant number of
libraries. These libraries are redistributed with CloudStack in binary
form. Some of them have licenses that are not approved by ASF for use
in Apache projects. We will replace them with other libraries with
approved licenses or re-write the functions provided by the libraries.

We expect that it will take 3 months to remove and/or re-implement the
problematic embedded source and problematic redistributed libraries.

Binary Dependencies

[ Please see web page for this content ]

System Virtual Machines

The CloudStack uses multiple Debian-based virtual machines to
implement features of the software. The source code that comprises the
Debian-based virtual machines is GPL licensed.

The CloudStack source code includes (AL) scripts that will download
and build this software. This software is downloaded from repositories
external to, and will presumably also be external to any
Apache-owned infrastructure.

The CloudStack will download and deploy virtual machines that are
built with this GPL software. Once deployed, the CloudStack will
install AL-licensed software on to these virtual machines.

Since this GPL software is not present in the CloudStack repository we
believe these mechanisms will be approved by ASF for use in the
Project, but we have included this explanation for completeness.


The CloudStack makes use of encryption functions available via Java
and the underlying OS. We expect that the CloudStack will have to
follow the export control procedures described at When the CloudStack was
previously registered with BIS the open source version qualified for
the TSU exception.

The CloudStack uses https to communicate to XenServer and vCenter. ssh
and scp are used between the Management Server and hypervisor hosts as

The CloudStack stores an MD5 hash of user password data. The
CloudStack uses MySQL encryption to store some data in an encrypted

The CloudStack stores a pair of API public/secret keypairs for users.
This is done using javax.crypto.KeyGenerator with HMAC-SHA-1.

The CloudStack does not specify key lengths explicitly. It uses SSH,
SCP and lets them negotiate encryption.

The CloudStack provides a public HTTP-based API to provision and
deprovision VPN users. The CloudStack has internal Java-based
abstractions for managing VPN users. This Java software makes private
API calls to another system, which will then provision the VPN user in
the VPN software on that other system. The actual set up of the VPN
session is done using L2TP/IPSec.

As mentioned earlier the CloudStack includes software to build and
later deploy Debian-based virtual machines. These VMs are stripped
down versions of Debian that include encryption sufficient for
ssh/scp, https, and IPSec VPN to work. The CloudStack does not include
the source for these VMs. The maximum encrypted throughput of the VPN
has not been determined.

Required Resources

Mailing Lists

We request mailing lists to match the mailing lists currently in use,
plus the recommended private list. These are:

    cloudstack-private: for confidential PPMC discussion
    cloudstack-dev: for development discussions
    cloudstack-user: for administrator and discussions

Subversion Directory

The CloudStack has used git for approximately two years. We understand
that there is a "prototype" git server available. We request an
allocation on this git server. We believe this will be less disruptive
to the committers than a change to SVN.

We request "/repos/asf/incubator/cloudstack".

Issue Tracking

We would like an allocation for Jira. CloudStack uses bugzilla today,
but we have been planning a move to Jira for some time. We request
that the project name be "CloudStack".

Other Resources

The CloudStack Project includes several websites. Donation of these
websites was discussed in the IP submission plan. We would like to
engage in discussion on the logistics of this.

Initial Committers

In the past few months several new developers have joined the Citrix
CloudStack team. We are recommending that only the developers with
several months of experience with CloudStack join as initial
committers. The Project will then follow the meritocratic process to
enable the newer team members to become committers. We believe this
will be a good exercise for us as we transition to an Apache
development model in the Project.

The list of initial committers follows. At this time none of the
initial committers has a CLA on file with ASF.

    Abhinandan Prateek,
    Alena Prokharchyk,
    Alex Huang,
    Anthony Xu,
    Brian Federle,
    Chiradeep Vittal,
    David Nalley,
    Edison Su,
    Frank Zhang,
    Janardhana Reddy,
    Jessica Tomechak,
    Jessica Wang,
    Kelven Yang,
    Kevin Kluge,
    Kishan Kavala,
    Murali Reddy,
    Nitin Mehta,
    Prachi Damle,
    Sam Robertson,
    Sheng Yang,
    Sonny Chhen,
    Will Chan,


The initial committers are all affiliated with Citrix Systems.



Jim Jagielski

Nominated Mentors

Jim Jagielski, Daniel Kulp, Alex Karasulu, Olivier Lamy, Brett Porter,
Mohammad Nour, Matt Hogstrom

Sponsoring Entity

We request that the Incubator sponsor this effort.

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message