[Openstack] Project Alignment
Hello Everyone, The PTLs had a quick meeting the other day to try and align some things between the projects. In order for openstack to be successful, it is very important that we create a consistent user experience for users and administrators. We realize that it is hard to find agreement between all developers on implementation details, so we focused less on the idea of code-sharing and more on the idea of bringing the user-experience into alignment. If we are going to be successful in this effort, we all need to realize that we should value doing things the same way over doing things the best way. We have a few actions that we are taking to help move in this direction. 1. Consistent Auth -- all of the projects are working on integrating the keystone project so that we have one auth system. For nova, this means that we may lose some of the rbac features we provide for the ec2 api, but by the diablo release we expect to have equivalent features and a migration plan for cactus deployments. 2. Consistent Daemonization -- Jay is working on turning swift-init into a pypy library that can be used by all of the projects. This will allow consistent init scripts etc. 3. Consistent Logging -- We are going to make an effort for all of the projects to support python's logging.config for advanced logging configuration. We would also like to provide a sane set of defaults (i.e. default to syslog or file), since currently they are all different. 4. Skeleton Project -- We are going to attempt to provide a simple skeleton projects for people experimenting with new services to use as a base. It will include the above items pre-configured, as well as provide some sane defaults for wsgi and REST apis. There are a few disagreements as to the best libraries to use, so both Jay and Termie are going to work on these. My guess is that they will agree on 90% of the skeleton, and just have a few differences, which is a great place to put in pluggability. We should end up with a nice simple base project with a small number of feature options. (FUTURE) Configs vs. Flags: There is a desire to move to consistent configuration for the services. Nova uses gflags, whereas the other projects use config files and option parsing. It would be nice to converge here, but we are delaying for the moment because there are a lot of changes going into nova right now. We will reexamine this later. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Project Alignment
On 16/05/11 18:11, Vishvananda Ishaya wrote: Hello Everyone, The PTLs had a quick meeting the other day to try and align some things between the projects. In order for openstack to be successful, it is very important that we create a consistent user experience for users and administrators. We realize that it is hard to find agreement between all developers on implementation details, so we focused less on the idea of code-sharing and more on the idea of bringing the user-experience into alignment. If we are going to be successful in this effort, we all need to realize that we should value doing things the same way over doing things the best way. We have a few actions that we are taking to help move in this direction. 1. Consistent Auth -- all of the projects are working on integrating the keystone project so that we have one auth system. For nova, this means that we may lose some of the rbac features we provide for the ec2 api, but by the diablo release we expect to have equivalent features and a migration plan for cactus deployments. SNIP Hi Vish, This is really useful to know, thank you for the highlevel outline. I didn't quite understand the Consistent Auth, and what it means for ec2 api for the Diablo release. Would you be able to confirm the extent / roadmap of the ec2 api breakage expected? Are you expecting the base ec2 api functionality to be near stable throughout the transition, or are you expecting large breakage? In regards to the loss of RBAC, is this expected to be transitional; and be fixable in time for Diabalo release? Essentially, can you clarify equivalent features. The blueprint[0] or specification on the wiki[1] doesn't seem to mention ec2' anywhere, can you confirm where this was discussed? I'd also like to check if consideration on how this might impact possible future implementation of comparative feature of AWS Identity and Access Management (IAM)[2] support in both ec2 and openstack API was discussed? Additionally, are the logs of the PTL's meeting available anywhere? Thanks. [0] https://blueprints.launchpad.net/nova/+spec/integrate-nova-authn [1] http://wiki.openstack.org/openstack-authn [2] http://aws.amazon.com/documentation/iam/ Kind Regards, Dave Walker ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] python-novaclient
Just FYI: I've set up a couple of Jenkins jobs for python-novaclient: python-novaclient-tarball: builds tarballs of python-novaclient on commits to trunk. python-novaclient-ppa: applies packaging magic and uploads the above mentioned tarballs to the nova-core/trunk ppa. This means you can always get the freshest python-novaclient from the nova-core/trunk ppa. Enjoy. -- Soren Hansen | http://linux2go.dk/ Ubuntu Developer | http://www.ubuntu.com/ OpenStack Developer | http://www.openstack.org/ ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Project Alignment
On May 16, 2011, at 12:33 PM, Dave Walker wrote: Hi Vish, This is really useful to know, thank you for the highlevel outline. I didn't quite understand the Consistent Auth, and what it means for ec2 api for the Diablo release. Would you be able to confirm the extent / roadmap of the ec2 api breakage expected? Are you expecting the base ec2 api functionality to be near stable throughout the transition, or are you expecting large breakage? If you will be tracking milestone releases, there will most likely be breakages relating to roles and authz. It may also require using a modified ec2 access key for a while as we determine the best way to map access and secret keys using keystone. In regards to the loss of RBAC, is this expected to be transitional; and be fixable in time for Diabalo release? Essentially, can you clarify equivalent features. The blueprint[0] or specification on the wiki[1] doesn't seem to mention ec2' anywhere, can you confirm where this was discussed? Authz checking will most likely be moving out of the top level apis, so that a deployment can have consistent authz regardless of which api a user is using. That means that a certain level of access can be specified for launching instances and it would apply to the euca-run-instances and the servers create apis. I'd also like to check if consideration on how this might impact possible future implementation of comparative feature of AWS Identity and Access Management (IAM)[2] support in both ec2 and openstack API was discussed? we haven't discussed IAM Additionally, are the logs of the PTL's meeting available anywhere? It was an impromptu meeting that was held in openstack-meeting last tuesday, but we neglected to use the start-meeting and stop-meeting directives so it looks like it wasn't logged anywhere. Thanks. [0] https://blueprints.launchpad.net/nova/+spec/integrate-nova-authn [1] http://wiki.openstack.org/openstack-authn [2] http://aws.amazon.com/documentation/iam/ Kind Regards, Dave Walker ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Swift users managing
Hi! Just for the record: I think, this link may be also very helpful: http://wiki.openstack.org/openstack-authn On 15.05.2011 18:18, andi abes wrote: Have a peek here: http://swift.openstack.org/development_auth.html http://swift.openstack.org/development_auth.htmlNote that if you configure your proxy without swauth or any other auth provider in the main pipeline, then you can effectively bypass any built in authentication, and replace it with yours. You might also want to check into the overall authn/z work that's going on, in attempts to create a common authentication framework for all openstack services. I've just started looking into the work that's going on there, so I'm not sure the following pointers reflect the most current work (but they're a start); - http://wiki.openstack.org/FederatedAuthZwithZones - http://wiki.openstack.org/AuthnAuthz or more correctly http://plansthis.com/auth which is referenced from there http://plansthis.com/authhth, -- M. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Project Alignment
Dave, While I'm not Vish, I have been working on/around authentication for the past couple weeks and I'll provide my thoughts. EC2 and OpenStack Nova APIs should not be affected by the authentication work going on. The Keystone project is the only candidate I'm aware of, and it seems like it is, or soon will be, a good candidate for integration into the stack. Migration to a separate authentication service is going to be tricky, but the goal is to do it as seamlessly as possible. Near stable should be able to be promised. This is the phased approach myself and Brian Waldon have been playing around with: http://wiki.openstack.org/Nova/AuthManagerSpec Keystone should be able to provide the features of IAM. I'm not able to find the PTL meeting logs, perhaps a #startmeeting was never issued for it? I was eavesdropping at the time but can't find the logs, perhaps someone can find them or send them out. The meeting I'm refering to was right after this: http://eavesdrop.openstack.org/meetings/openstack-meeting/2011/openstack-meeting.2011-05-10-21.01.log.html -Original Message- From: Dave Walker davewal...@ubuntu.com Sent: Monday, May 16, 2011 3:33pm To: openstack@lists.launchpad.net Subject: Re: [Openstack] Project Alignment On 16/05/11 18:11, Vishvananda Ishaya wrote: Hello Everyone, The PTLs had a quick meeting the other day to try and align some things between the projects. In order for openstack to be successful, it is very important that we create a consistent user experience for users and administrators. We realize that it is hard to find agreement between all developers on implementation details, so we focused less on the idea of code-sharing and more on the idea of bringing the user-experience into alignment. If we are going to be successful in this effort, we all need to realize that we should value doing things the same way over doing things the best way. We have a few actions that we are taking to help move in this direction. 1. Consistent Auth -- all of the projects are working on integrating the keystone project so that we have one auth system. For nova, this means that we may lose some of the rbac features we provide for the ec2 api, but by the diablo release we expect to have equivalent features and a migration plan for cactus deployments. SNIP Hi Vish, This is really useful to know, thank you for the highlevel outline. I didn't quite understand the Consistent Auth, and what it means for ec2 api for the Diablo release. Would you be able to confirm the extent / roadmap of the ec2 api breakage expected? Are you expecting the base ec2 api functionality to be near stable throughout the transition, or are you expecting large breakage? In regards to the loss of RBAC, is this expected to be transitional; and be fixable in time for Diabalo release? Essentially, can you clarify equivalent features. The blueprint[0] or specification on the wiki[1] doesn't seem to mention ec2' anywhere, can you confirm where this was discussed? I'd also like to check if consideration on how this might impact possible future implementation of comparative feature of AWS Identity and Access Management (IAM)[2] support in both ec2 and openstack API was discussed? Additionally, are the logs of the PTL's meeting available anywhere? Thanks. [0] https://blueprints.launchpad.net/nova/+spec/integrate-nova-authn [1] http://wiki.openstack.org/openstack-authn [2] http://aws.amazon.com/documentation/iam/ Kind Regards, Dave Walker ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Project Alignment
On 16/05/11 21:06, Brian Lamar wrote: Dave, While I'm not Vish, I have been working on/around authentication for the past couple weeks and I'll provide my thoughts. EC2 and OpenStack Nova APIs should not be affected by the authentication work going on. The Keystone project is the only candidate I'm aware of, and it seems like it is, or soon will be, a good candidate for integration into the stack. Migration to a separate authentication service is going to be tricky, but the goal is to do it as seamlessly as possible. Near stable should be able to be promised. This is the phased approach myself and Brian Waldon have been playing around with: http://wiki.openstack.org/Nova/AuthManagerSpec Keystone should be able to provide the features of IAM. I'm not able to find the PTL meeting logs, perhaps a #startmeeting was never issued for it? I was eavesdropping at the time but can't find the logs, perhaps someone can find them or send them out. The meeting I'm refering to was right after this: http://eavesdrop.openstack.org/meetings/openstack-meeting/2011/openstack-meeting.2011-05-10-21.01.log.html SNIP Thanks Vish and Brian for your replies, it makes more sense now. I did find the meeting in my IRC logs here: http://pb.daviey.com/U0db/ Kind Regards, Dave Walker ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Project Alignment
I still had meeting in scrollback. Pastie'd here: http://pastie.org/1912671 On May 16, 2011, at 1:06 PM, Brian Lamar wrote: Dave, While I'm not Vish, I have been working on/around authentication for the past couple weeks and I'll provide my thoughts. EC2 and OpenStack Nova APIs should not be affected by the authentication work going on. The Keystone project is the only candidate I'm aware of, and it seems like it is, or soon will be, a good candidate for integration into the stack. Migration to a separate authentication service is going to be tricky, but the goal is to do it as seamlessly as possible. Near stable should be able to be promised. This is the phased approach myself and Brian Waldon have been playing around with: http://wiki.openstack.org/Nova/AuthManagerSpec Keystone should be able to provide the features of IAM. I'm not able to find the PTL meeting logs, perhaps a #startmeeting was never issued for it? I was eavesdropping at the time but can't find the logs, perhaps someone can find them or send them out. The meeting I'm refering to was right after this: http://eavesdrop.openstack.org/meetings/openstack-meeting/2011/openstack-meeting.2011-05-10-21.01.log.html -Original Message- From: Dave Walker davewal...@ubuntu.com Sent: Monday, May 16, 2011 3:33pm To: openstack@lists.launchpad.net Subject: Re: [Openstack] Project Alignment On 16/05/11 18:11, Vishvananda Ishaya wrote: Hello Everyone, The PTLs had a quick meeting the other day to try and align some things between the projects. In order for openstack to be successful, it is very important that we create a consistent user experience for users and administrators. We realize that it is hard to find agreement between all developers on implementation details, so we focused less on the idea of code-sharing and more on the idea of bringing the user-experience into alignment. If we are going to be successful in this effort, we all need to realize that we should value doing things the same way over doing things the best way. We have a few actions that we are taking to help move in this direction. 1. Consistent Auth -- all of the projects are working on integrating the keystone project so that we have one auth system. For nova, this means that we may lose some of the rbac features we provide for the ec2 api, but by the diablo release we expect to have equivalent features and a migration plan for cactus deployments. SNIP Hi Vish, This is really useful to know, thank you for the highlevel outline. I didn't quite understand the Consistent Auth, and what it means for ec2 api for the Diablo release. Would you be able to confirm the extent / roadmap of the ec2 api breakage expected? Are you expecting the base ec2 api functionality to be near stable throughout the transition, or are you expecting large breakage? In regards to the loss of RBAC, is this expected to be transitional; and be fixable in time for Diabalo release? Essentially, can you clarify equivalent features. The blueprint[0] or specification on the wiki[1] doesn't seem to mention ec2' anywhere, can you confirm where this was discussed? I'd also like to check if consideration on how this might impact possible future implementation of comparative feature of AWS Identity and Access Management (IAM)[2] support in both ec2 and openstack API was discussed? Additionally, are the logs of the PTL's meeting available anywhere? Thanks. [0] https://blueprints.launchpad.net/nova/+spec/integrate-nova-authn [1] http://wiki.openstack.org/openstack-authn [2] http://aws.amazon.com/documentation/iam/ Kind Regards, Dave Walker ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Project Alignment
On 16/05/11 21:06, Brian Lamar wrote: Dave, While I'm not Vish, I have been working on/around authentication for the past couple weeks and I'll provide my thoughts. EC2 and OpenStack Nova APIs should not be affected by the authentication work going on. The Keystone project is the only candidate I'm aware of, and it seems like it is, or soon will be, a good candidate for integration into the stack. Migration to a separate authentication service is going to be tricky, but the goal is to do it as seamlessly as possible. Near stable should be able to be promised. This is the phased approach myself and Brian Waldon have been playing around with: http://wiki.openstack.org/Nova/AuthManagerSpec Keystone should be able to provide the features of IAM. I'm not able to find the PTL meeting logs, perhaps a #startmeeting was never issued for it? I was eavesdropping at the time but can't find the logs, perhaps someone can find them or send them out. The meeting I'm refering to was right after this: http://eavesdrop.openstack.org/meetings/openstack-meeting/2011/openstack-meeting.2011-05-10-21.01.log.html SNIP Thanks Vish and Brian for your replies, it makes more sense now. I did find the meeting in my IRC logs here: http://pb.daviey.com/U0db/ Thanks again. Kind Regards, Dave Walker ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Proposal for Nova Core
2011/5/10 Paul Voccio paul.voc...@rackspace.com: All, I would like to nominate Dan Prince (https://launchpad.net/~dan-prince) for nova-core. He has been a solid contributor in terms of code, reviews and discussions during the summit. I added Dan to the team this morning and to the review rotation a couple of minutes ago. Welcome to the team, Dan! -- Soren Hansen | http://linux2go.dk/ Ubuntu Developer | http://www.ubuntu.com/ OpenStack Developer | http://www.openstack.org/ ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Real World Nova Deployments
Hi, As interest continues to grow in the openstack project and with nova in particular. I would like to get a better idea of how people are deploying multi machine environemnts and hopefully start a discussion about it: * Are you using mysql or postgresql or sqllite? * Are you using flat networking or something else? * How are you deploying nova? Regards chuck ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Quantum service API draft: now on wiki pages
On Fri, May 13, 2011 at 4:21 AM, Salvatore Orlando salvatore.orla...@eu.citrix.com wrote: Hi, The quantum API draft document has been converted into wiki pages: API specification: http://wiki.openstack.org/QuantumAPISpec Use Cases: http://wiki.openstack.org/QuantumAPIUseCases There are anchors for each operation and use case, which can be used in the etherpad http://etherpad.openstack.org/PbTpgXnnZZ discussion. For instance http://wiki.openstack.org/QuantumAPISpec#op3 refers to the “Create network” operation. You can also use the anchors created by the table of contents. Thanks Salvatore! Great work. I'm taking another pass through the spec use cases and posting feedback to the etherpad. For those interested in hacking on the Quantum project, we have a set of initial blueprints that are visible at: https://blueprints.launchpad.net/network-service . Please let me know if there are areas you are interested in working on. Dan Cheers, Salvatore ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp -- ~~~ Dan Wendlandt Nicira Networks, Inc. www.nicira.com | www.openvswitch.org Sr. Product Manager cell: 650-906-2650 ~~~ ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Networking-related question for 2 nodes config
Hi Team, Could you pleas help us with below questions. Thanks, -Vladimir On May 16, 2011, at 8:50 PM, Alex Lyakas a...@zadarastorage.com wrote: I am trying to achieve a two-node nova installation using FlatDHCP network manager. On node-A, I have two network interfaces: eth0 is connected to public network, while eth1 is unconfigured (just as the administration manual recommends). I start all nova services on node-A. I see that a br100 bridge is created, eth1 is added to that bridge, and the bridge receives an IP address within the project network (which is a part of a fixed range). When I spawn instances on node-A, everything works fine: the instance receives an IP address within the project network, I can ssh into it from within node-A. I can also assign a floating IP within my public network to the instance. Then I am able to ssh into the instance from anywhere. On node-B, I have only the nova-compute running. Node-B has also eth0 and eth1 interfaces. Similar to node-A, eth0 has a public address and eth1 is unconfigured. Whenever I spawn an instance on node-B, I see that br100 is also created on node-B, and eth1 is added to it. However, I am unable to ssh into the instance. I am able to connect to the instance via VNC. Then I see that it has not received an IP address (the instance image is configured to use DHCP). I understand that the instance should receive an address from nova-network via DHCP. My questions are: How the br100 bridge on node-B should connect to br100 on Node-A? Should nova-network connect them somehow, or do I need to do something manually? I assume that if br100s were connected on both nodes, things would have worked, but perhaps I am wrong. Looking at the code of FlatDHCPManager, I see that in setup_compute_network() method, ensure_bridge() is called without the‘net_attrs’ parameter, and so the following code is not executed: if net_attrs: # NOTE(vish): The ip for dnsmasq has to be the first address on the # bridge for it to respond to reqests properly suffix = net_attrs['cidr'].rpartition('/')[2] out, err = _execute('sudo', 'ip', 'addr', 'add', %s/%s % (net_attrs['gateway'], suffix), 'brd', net_attrs['broadcast'], 'dev', bridge, check_exit_code=False) while on the node-A with nova-network, this code is executed, and an entry added to the routing table. I tried to do this code manually on node-B, but still I am unable to ssh into the instance. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Real World Nova Deployments
We've got a system comprised of 336 compute nodes, a head node with everything else except for the network and volume pieces, 12 volume servers, and 2 network servers. We're using mysql. We've deployed using VlanManager. We deploy using a custom node imaging system here for base builds and bcfg2 for configuration management. -nld On Mon, May 16, 2011 at 3:43 PM, Chuck Short chuck.sh...@canonical.com wrote: Hi, As interest continues to grow in the openstack project and with nova in particular. I would like to get a better idea of how people are deploying multi machine environemnts and hopefully start a discussion about it: * Are you using mysql or postgresql or sqllite? * Are you using flat networking or something else? * How are you deploying nova? Regards chuck ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Networking-related question for 2 nodes config
Below On May 16, 2011, at 2:22 PM, Vladimir wrote: Hi Team, Could you pleas help us with below questions. Thanks, -Vladimir On May 16, 2011, at 8:50 PM, Alex Lyakas a...@zadarastorage.com wrote: I am trying to achieve a two-node nova installation using FlatDHCP network manager. On node-A, I have two network interfaces: eth0 is connected to public network, while eth1 is unconfigured (just as the administration manual recommends). I start all nova services on node-A. I see that a br100 bridge is created, eth1 is added to that bridge, and the bridge receives an IP address within the project network (which is a part of a fixed range). When I spawn instances on node-A, everything works fine: the instance receives an IP address within the project network, I can ssh into it from within node-A. I can also assign a floating IP within my public network to the instance. Then I am able to ssh into the instance from anywhere. On node-B, I have only the nova-compute running. Node-B has also eth0 and eth1 interfaces. Similar to node-A, eth0 has a public address and eth1 is unconfigured. Whenever I spawn an instance on node-B, I see that br100 is also created on node-B, and eth1 is added to it. However, I am unable to ssh into the instance. I am able to connect to the instance via VNC. Then I see that it has not received an IP address (the instance image is configured to use DHCP). I understand that the instance should receive an address from nova-network via DHCP. My questions are: How the br100 bridge on node-B should connect to br100 on Node-A? Should nova-network connect them somehow, or do I need to do something manually? as long as you have set --flat_interface=eth1 it should be enough. I assume that if br100s were connected on both nodes, things would have worked, but perhaps I am wrong. It should work Looking at the code of FlatDHCPManager, I see that in setup_compute_network() method, ensure_bridge() is called without the ‘net_attrs’ parameter, and so the following code is not executed: This code is not supposed to run on the second host. Only nova-network needs an ip on the bridge. The compute host doesn't need an ip if net_attrs: # NOTE(vish): The ip for dnsmasq has to be the first address on the # bridge for it to respond to reqests properly suffix = net_attrs['cidr'].rpartition('/')[2] out, err = _execute('sudo', 'ip', 'addr', 'add', %s/%s % (net_attrs['gateway'], suffix), 'brd', net_attrs['broadcast'], 'dev', bridge, check_exit_code=False) while on the node-A with nova-network, this code is executed, and an entry added to the routing table. I tried to do this code manually on node-B, but still I am unable to ssh into the instance. Somehow your dhcp traffic is not working. It is hard to say what could be causing this. Generally what i do is use: tcpdump -i eth1 -n port 67 and port 68 on all the interfaces and see if i can figure out which packet isn't making it correctly. Also make sure that you have --fixed_range=XXX set properly and that the nova-network host has ip_forward set in syscontrol. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] OpenStack security / automated python testing
Is anyone in the OpenStack community using automated tools to perform code analysis? If not, are you familiar with such tools that will work with python? We're specifically interested in tools that can be used to provide rapid feedback to developers about potentially dangerous code (for example, SQL statements that are not scrubbed, query strings that are not properly validated). I've used such tools in the past for PHP and other languages, but I'm kind of at a loss when it comes to python. What we'd really like to see is for someone to pick up the security task and run with it, with regular penetration testing and detailed analytics so that we can ensure that OpenStack products are reliably secure. Automated code testing is an early step in that process. [cid:F414D321-0144-4256-A1AB-F8051E60ED24] Confidentiality Notice: This e-mail message (including any attached or embedded documents) is intended for the exclusive and confidential use of the individual or entity to which this message is addressed, and unless otherwise expressly indicated, is confidential and privileged information of Rackspace. Any dissemination, distribution or copying of the enclosed material is prohibited. If you receive this transmission in error, please notify us immediately by e-mail at ab...@rackspace.com, and delete the original message. Your cooperation is appreciated. inline: signature[1].png___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Real World Nova Deployments
I know I speak for a number of people interested in real world deployments when I say thanks in advance to anyone who posts to this thread with real-world experiences. Trying to capture and document best practices for large-scale deployments is part of the focus for the Chef deployment cookbooks and documentation I'm working on with a couple of other folks. Feel free to send me details privately if you don't want to publicly talk about your deployments. I'll be sharing feedback on large installations as we continue to deploy them. Thanks, Matt Ray Senior Technical Evangelist | Opscode Inc. m...@opscode.com | (512) 731-2218 Twitter, IRC, GitHub: mattray On Mon, May 16, 2011 at 3:43 PM, Chuck Short chuck.sh...@canonical.com wrote: Hi, As interest continues to grow in the openstack project and with nova in particular. I would like to get a better idea of how people are deploying multi machine environemnts and hopefully start a discussion about it: * Are you using mysql or postgresql or sqllite? * Are you using flat networking or something else? * How are you deploying nova? Regards chuck ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp