[openstack-dev] [Neutron] Port Forwarding API

Hello All, I have sent a spec [1] to resume the work on port forwarding API and reference implementation. Its currently marked as "WIP", however i raised some "TBD" questions for the community. The way i see port forwarding is an API that is very similar to floating IP API and implementation

Re: [openstack-dev] [Congress] Congress Usecases VM

Hi, Greetings for the day. I am finding problem in finding the CLI commands for congress in which I can create, delete a rule within a policy and viewing different data sources. Can you please provide me the list of CLI commands for the same. Waiting for the reply. Regards Himanshu Sharma On

Re: [openstack-dev] [Heat] Integration Test Questions

Speaking of adding tests, we need hands on improving Heat API tests in Tempest [1]. The current test cases there is a weird combination of API tests, resource type tests, template tests etc. If we decide to move functional tests back to individual projects, some test cases may need to be deleted

[openstack-dev] [CINDER] [PTL Candidates] Questions

​PTL nomination emails are good, but I have a few questions that I'd like to ask to help me in making my vote. Some of these are covered in the general proposal announcements, but I'd love to hear some more detail. It would be awesome if the Cinder candidates could spend some time and answer

Re: [openstack-dev] [magnum] Handling password for k8s

Hi Ton, If I understand your proposal correctly, it means the inputted password will be exposed to users in the same tenant (since the password is passed as stack parameter, which is exposed within tenant). If users are not admin, they don't have privilege to create a temp user. As a result,

Re: [openstack-dev] [Openstack-i18n] [nova][i18n] Is there any point in using _() inpython-novaclient?

On 09/20/2015 02:16 PM, Duncan Thomas wrote: Certainly for cinder, and I suspect many other project, the openstack client is a wrapper for python-cinderclient libraries, so if you want translated exceptions then you need to translate python-cinderclient too, unless I'm missing something? Ah -

Re: [openstack-dev] [Openstack-i18n] [nova][i18n] Is there any point in using _() inpython-novaclient?

Certainly for cinder, and I suspect many other project, the openstack client is a wrapper for python-cinderclient libraries, so if you want translated exceptions then you need to translate python-cinderclient too, unless I'm missing something? On 18 September 2015 at 17:46, Andreas Jaeger

[openstack-dev] [neutron] Neutron debugging tool

Hello, I am planning to develop a tool for network debugging. Initially, it will handle DVR case, which can also be extended to other too. Based on my OpenStack deployment/operations experience, I am planning to handle common pitfalls/misconfigurations, such as: 1) check external gateway validity

Re: [openstack-dev] [all][ptl][release] final liberty cycle client library releases needed

> On 19 Sep 2015, at 16:04, Doug Hellmann wrote: > > Excerpts from Renat Akhmerov's message of 2015-09-19 00:35:49 +0300: >> Doug, >> >> python-mistralclient-1.1.0 (also on pypi) is the final release for Liberty. >> Here’s the patch updating global-requirements.txt:

Re: [openstack-dev] [Heat] Integration Test Questions

On 20/09/15 20:24, Qiming Teng wrote: Speaking of adding tests, we need hands on improving Heat API tests in Tempest [1]. The current test cases there is a weird combination of API tests, resource type tests, template tests etc. If we decide to move functional tests back to individual projects,

Re: [openstack-dev] [magnum] Handling password for k8s

Hongbin, I believe the domain approach is the preferred approach for the solution long term. It will require more R to execute then other options but also be completely secure. Regards -steve From: Hongbin Lu > Reply-To: "OpenStack

[openstack-dev] [magnum] Handling password for k8s

Hi Ton, kube-masters will be nova instances only and because any access to nova-instances is already being secured using keystone, I am not able to understand what are the concerns in storing password on master-nodes. Can you please list down concerns in our current approach? -Vikas Choudhary

[openstack-dev] [nova-scheduler] no IRC meeting this week

As discussed last week we won't have a meeting this Mon., 9/21. Everyone can concentrate on getting Liberty out the door and we'll meet again next week, 9/28, to talk about Mitaka planning a little. -- Don Dugger "Censeo Toto nos in Kansa esse decisse." - D. Gale Ph: 303/443-3786

Re: [openstack-dev] [Neutron] Port Forwarding API

Hi shihanzhang, As mentioned in the spec, this doesnt support distributed FIP's, it will still work if the VMs are on different compute nodes, similar to the way centralized DNAT works (from the network node) Distributing port forwarding entries in my opinion is similar to distributing SNAT, and

Re: [openstack-dev] [neutron] [oslo.privsep] Any progress on privsep?

Hello, Li. On Sat, Sep 19, 2015 at 6:15 AM Li Ma wrote: > Thanks for your reply, Gus. That's awesome. I'd like to have a look at > it or test if possible. > > Any source code available in the upstream? > You can find latest (almost approved from the looks of it)

Re: [openstack-dev] [neutron] Neutron debugging tool

AFAIK, there is a project available in the github that does the same thing. https://github.com/yeasy/easyOVS I used it before. On Mon, Sep 21, 2015 at 12:17 AM, Nodir Kodirov wrote: > Hello, > > I am planning to develop a tool for network debugging. Initially, it > will

[openstack-dev] [magnum] Handling password for k8s

Thanks Hongbin. I was not aware of stack-parameters visibility, so was not able to figure out actual concerns in Ton's initial approach. keystone domain approach seems secure enough. -Vikas Hongbin, I believe the domain

Re: [openstack-dev] [magnum] Handling password for k8s

Hi Vikas, It's correct that once the password is saved in the k8s master node, then it would have the same security as the nova-instance. The issue is as Hongbin noted, the password is exposed along the chain of interaction between magnum and heat. Users in the same tenant can potentially

Re: [openstack-dev] [Neutron] Port Forwarding API

2) The same FIP address can be used for different mappings, for example FIP with IP X can be used with different ports to map to different VM's X:4001 -> VM1 IP X:4002 -> VM2 IP (This is the essence of port forwarding). So we also need the port mapping

Re: [openstack-dev] [CINDER] [PTL Candidates] Questions

On Sun, Sep 20, 2015 at 11:30:15AM -0600, John Griffith wrote: > ​PTL nomination emails are good, but I have a few questions that I'd like > to ask to help me in making my vote. Some of these are covered in the > general proposal announcements, but I'd love to hear some more detail. > > It would

[openstack-dev] [openstack-operators][tc][tags] Rally tags

Hi stackers, Rally project is becoming more and more used by Operators to check that live OpenStack clouds perform well and that they are ready for production. Results of PAO OPS meeting showed that there are interest in Rally related tags for projects:

[openstack-dev] [Fuel] Core Reviewers groups restructure

Hi all, as of my larger proposal on improvements to code review workflow [1], we need to have cores for repositories, not for the whole Fuel. It is the path we are taking for a while, and new core reviewers added to specific repos only. Now we need to complete this work. My proposal is: 1.

Re: [openstack-dev] [CINDER] [PTL Candidates] Questions

Hi John, Thank you for these question. Such questions with answers could be a good part of PTL proposal in the future. Please, see my answers inline. Regards, Ivan Kolodyazhny On Sun, Sep 20, 2015 at 8:30 PM, John Griffith wrote: > ​PTL nomination emails are good,

Re: [openstack-dev] [all][ptl][release] final liberty cycle client library releases needed

Excerpts from Renat Akhmerov's message of 2015-09-20 19:06:20 +0300: > > > On 19 Sep 2015, at 16:04, Doug Hellmann wrote: > > > > Excerpts from Renat Akhmerov's message of 2015-09-19 00:35:49 +0300: > >> Doug, > >> > >> python-mistralclient-1.1.0 (also on pypi) is the

[openstack-dev] [magnum] Handling password for k8s

Hi everyone, I am running into a potential issue in implementing the support for load balancer in k8s services. After a chat with sdake, I would like to run this by the team for feedback/suggestion. First let me give a little background for context. In the current k8s cluster, all k8s pods