Re: [Openstack-community] founded first german user group
Hi Yoyo, Thanks mate your feedback is appreciated... it would be awesome to do an international meetup sometime! Other ways we publicised: LinkedIn - look for and join any cloud oriented groups and let them know. Twitter - hash tag OpenStack. The focus of our first events was for a casual event to gauge interest. Following these now that we've seen there is local interest enough to sustain a group, we're going to step things up a few notches for the next meetups. In the next couple of weeks I'm going to meet with the other vendors and sponsors and discuss plans. Following that I'll feedback our ideas and plans to the list and the wiki. I must say too that because we're a bunch of techies this kind of event planning has been quite a new experience for me and my team, but we're having a great time, the attendees are leaving happy and we know they're forming relationships around OpenStack. The next event can't come soon enough! Cheers Tristan -Original Message- From: openstack-community-bounces+tristan=aptira@lists.launchpad.net [mailto:openstack-community-bounces+tristan=aptira@lists.launchpad.net] On Behalf Of yoyochi...@itri.org.tw Sent: Wednesday, 1 February 2012 2:56 PM To: openstack-community@lists.launchpad.net Subject: Re: [Openstack-community] founded first german user group Good sharing, Tristan! You just highlighted all good points we can do! We are more than lucky in Taiwan that we have had a cloud computing association and there are already hundreds of members there... our BEST target to promote OpenStack! Maybe someday we can have a joint-meet up with you guys in Aus (not the BIG one in US... I mean more locally but still can cross country or continent^^) Cheers, Yoyo Chiang Strategy Business Division CCMA / ITRI Tel : +886-3-591-4561 Fax : +886-3-583-8246 Mobile : +886-988-580-206 Email : yoyochi...@itri.org.tw -Original Message- From: openstack-community-bounces+yoyochiang=itri.org...@lists.launchpad.net [mailto:openstack-community-bounces+yoyochiang=itri.org...@lists.launchpad.net] On Behalf Of Tristan Goode Sent: Monday, January 30, 2012 3:27 PM To: 'Christian Berendt'; openstack-community@lists.launchpad.net Subject: Re: [Openstack-community] founded first german user group Hi Christian, Congratulations and welcome! We started an Australian group in November (aosug.openstack.org.au), we have 115 members and we've had 2 successful meetups so far in 2 cities with 2 more planned for March. Here are some things we've done to get people along to your first meetups... 1. Get vendors along. By various methods we got people from Dell, Citrix, Rackspace, F5, Cisco and others coming along and giving talks about their company involvement. Go through the list at http://openstack.org/community/companies/ and contact who you can in your area. 2. Write to the Heads of Schools of the University IT faculties and invite them and their school along. We had a great attendance from many universities, lots of folks doing PhDs and some with them already, all were really excited by OpenStack and many are hands on. 3. A bar tab. If you can stretch for it, good, if not, this is where your vendors may be able to help. Free beer is always attractive. :-) 4. Look for local sysops/sysadmin/network ops email lists or online forums and promote your events there to get folks along. Meetup.com has worked well for us, but it has a limitation that's annoying. It's disappointing that they make you tie the group to a city, as we have a sparse population in Australia and to keep the community from fragmenting into cities at this early stage we wanted just a single group to cover the country, and as we're doing meetups in multiple locations we have to keep changing the location. We asked them to allow for us to have a national group but they will not. Cheers Tristan -Original Message- From: openstack-community-bounces+tristan=aptira@lists.launchpad.net [mailto:openstack-community-bounces+tristan=aptira.com@lists.launchpad .net] On Behalf Of Christian Berendt Sent: Saturday, 28 January 2012 10:18 AM To: openstack-community@lists.launchpad.net Subject: [Openstack-community] founded first german user group Hallo together. We founded the first german user group a few minutes ago. We'll try meetup.com for organizing our meetups (http://www.meetup.com/openstack-germany) and will probably setup an additional mailling list for technical discussions in the next weeks. Our first informal meeting will take place during the CeBIT (takes place in Hannover/Germany). We plan hosting regular hackathons (in our HQ), providing german documentation/articles and regular informal meetings on several fairs in Germany. Anything else will show the future. Bye, Christian. -- Christian Berendt Linux / Unix Consultant Developer
[Openstack] Reminder: OpenStack Project meeting - 21:00 UTC
Hello everyone, Our weekly project release status meeting will take place at 21:00 UTC this Tuesday in #openstack-meeting on IRC. PTLs, if you can't make it, please name a substitute on [2]. I'll be on a train so I /may/ be a bit late. This is the first meeting for the Essex-4 subcycle. We'll look at proposed blueprints in a feature freeze context and define targets for the upcoming Bug Squashing Day. You can doublecheck what 21:00 UTC means for your timezone at [1]: [1] http://www.timeanddate.com/worldclock/fixedtime.html?iso=20120124T21 See the meeting agenda, edit the wiki to add new topics for discussion: [2] http://wiki.openstack.org/Meetings/ProjectMeeting Cheers, -- Thierry Carrez (ttx) Release Manager, OpenStack ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Libvirt File Injection
2012/1/30 Brian Waldon brian.wal...@rackspace.com: After implementing a working version of file injection on Libvirt, a good question was brought up on the merge prop: how should we handle a file injection failure? Injection could fail for several reasons: missing necessary libraries, unsupported image formats and bad permissions are just a few. There seem to be two clear paths forward: 1) Log an error, set the instance to ERROR, add an asynchronous fault to the instance in the db 2) Log a warning, move on with the boot process It's not obvious which of these is the best route to take from a user's point of view. I'm currently leaning towards option 1 as I wouldn't want to have an instance come up (and be billed for it) while it wasn't what I explicitly requested. I agree with this. -- Soren Hansen | http://linux2go.dk/ Ubuntu Developer | http://www.ubuntu.com/ OpenStack Developer | http://www.openstack.org/ ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Libvirt File Injection
2012/1/30 Dan Prince princ...@alumni.jmu.edu: On Mon, Jan 30, 2012 at 1:05 PM, Brian Waldon brian.wal...@rackspace.com wrote: After implementing a working version of file injection on Libvirt, a good question was brought up on the merge prop: how should we handle a file injection failure? Injection could fail for several reasons: missing necessary libraries, unsupported image formats and bad permissions are just a few. There seem to be two clear paths forward: 1) Log an error, set the instance to ERROR, add an asynchronous fault to the instance in the db 2) Log a warning, move on with the boot process My preference would be to log a warning and move on with the boot process (#2). Or perhaps we could address this with some sort of async error messages concept? If getting those files injected isn't critical to getting the machine up and running, you can use one of the many other ways to get data into your instances. If the API calls says to inject a file, and we know that failed, we should bail out. I certainly wouldn't want to pay for something that isn't going to work. Sure, most of the times when I've booted things on EC2 or on the Rackspace cloud, I've done so interactively and have had the chance to see any errors, but that's going to be more and more of a niche use case. I fully expect the majority of consumer of OpenStack in the future to be applications wanting more ressources. If we can't deliver on their requests, we should fail early so that they can take appropriate action ASAP. -- Soren Hansen | http://linux2go.dk/ Ubuntu Developer | http://www.ubuntu.com/ OpenStack Developer | http://www.openstack.org/ ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Libvirt File Injection
On Tue, Jan 31, 2012 at 1:38 PM, Soren Hansen so...@linux2go.dk wrote: 2012/1/30 Dan Prince princ...@alumni.jmu.edu: If getting those files injected isn't critical to getting the machine up and running, you can use one of the many other ways to get data into your instances. If the API calls says to inject a file, and we know that failed, we should bail out. I certainly wouldn't want to pay for something that isn't going to work. Completely agreed - If I ask nova to do something for me as an end user, I expect it either to be completed in its entirety or not at all. If we just log and error and move on, end users can no longer rely on that file injection having completed successfully. Say a user has an image that uses the injected file to determine the correct server role and provision itself, they now need to to something equivalent to wait for the instance to boot, ssh in, and check the file exists. Kiall ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] E4 - And So It Begins!
Hi all, 2012/1/31 Brian Waldon brian.wal...@rackspace.com: On Jan 30, 2012, at 8:58 AM, Jesse Andrews wrote: Bug Squash Day We are doing a number of things in preparation for the Bug Squash day on Thursday. * Triaging bugs - hopefully all bugs will have a priority by Thursday * Tagging bugs with low-hanging-fruit if we feel that they are relatively easy fixes - This will give the folks that are new to the code base a place to get their feet wet: https://bugs.launchpad.net/nova/+bugs?field.tag=low-hanging-fruit * Preparing step-by-step documentation for installing a dev environment, getting set up with the CLA and gerrit, assigning yourself a bug and fixing it: http://wiki.openstack.org/BugSquashingDay * Creating OpenStack VMs for people to use at the SF Bug Squash Day Meetup: http://www.meetup.com/openstack/events/48362422/ I added a quickstart guide at http://wiki.openstack.org/DevQuickstart with an introduction for new developers to OpenStack. It walks a newbie through setting up a development environment, establishing accounts on all the necessary systems, and fixing bugs. I aimed for the minimum amount of information, so if anybody wants to add to it, keep that in mind. I went ahead and added a link on the BugSquashingDay page as well. Japanese translation here: http://wiki.openstack.org/DevQuickstart/ja It's a very good textbook for our study meeting in japan tomorrow. I appreciate any comments, especially about i18n of wiki pages. Best regards, Akira Yoshiyama akirayoshiy...@gmail.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Libvirt File Injection
I'd also add that from a security standpoint, it seems like a better option for it to just fail. If I'm using injected files for a hardening purpose (sshd config, ssh keys, pam configuration, etc) and the box comes up without those modifications, my instance is not as secure as I intended. Not sure anyone is doing that yet, just a possible use case. Thanks, Jarret Raim ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Problem with meeting logs?
The meetings logs at http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/ only have one entry (Jan 24) since Jan 18. I think there was an openstack-qa meeting on the 25th. Is this the right link to find meeting logs? I have been using it for a number of months. -David ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Problem with meeting logs?
David Kranz wrote: The meetings logs at http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/ only have one entry (Jan 24) since Jan 18. I think there was an openstack-qa meeting on the 25th. Is this the right link to find meeting logs? I have been using it for a number of months. Looks like Meetbot is no longer in the channel. I don't know who ran that bot... I saw Monty testing earlier today, maybe he is already looking into fixing this. I seem to remember Ant (cc-ed) was running it, but I may be wrong... Would be good to have it fixed before all the meetings today :) -- Thierry Carrez (ttx) Release Manager, OpenStack ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] moved planet config
Hey all! We've been going through cleaning up some of the infrastructure. One of the things that popped out was that the management of the config for the planet.openstack.org blog aggregator was still done via bzr. That seemed silly. So now you can clone openstack/openstack-planet and submit changes via git review just like everything else. That being said - the last blog feed that was added was back in October: http://wiki.openstack.org/AddingYourBlog http://planet.openstack.org/ Monty ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Problem with meeting logs?
On 01/31/2012 10:24 AM, Thierry Carrez wrote: David Kranz wrote: The meetings logs at http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/ only have one entry (Jan 24) since Jan 18. I think there was an openstack-qa meeting on the 25th. Is this the right link to find meeting logs? I have been using it for a number of months. Looks like Meetbot is no longer in the channel. I don't know who ran that bot... I saw Monty testing earlier today, maybe he is already looking into fixing this. I seem to remember Ant (cc-ed) was running it, but I may be wrong... Would be good to have it fixed before all the meetings today :) Something is busted and I don't have access to the machine so I can't fix it. I've been asking for access to it for a couple of months now to no avail. So consider this an escalation... if anybody has access to eavesdrop.openstack.org, I need a login and sudo access ASAP. Same goes for the etherpad server, but it's less essential that I get that his instant. Thanks! Monty ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Problem with meeting logs?
On 01/31/2012 10:06 AM, David Kranz wrote: The meetings logs at http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/ only have one entry (Jan 24) since Jan 18. I think there was an openstack-qa meeting on the 25th. Is this the right link to find meeting logs? I have been using it for a number of months. -David ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp There are meetings today, and I'll check to see if there are problems, but it might be that there are only meetings on Tuesdays. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Fast cloning - FF-Exception request
Hi, I am asking for a Feature-Freeze exception for the blueprint https://blueprints.launchpad.net/nova/+spec/fast-cloning-for-xenserver. I appreciate that it is now late for getting this feature in, however we are ready to get this feature early in E4. We have got a few reviews in the queue, and we are close to completing them. It is my understanding that E4 was not for big changes. However, this change only touches the xenapi code for instance creation. I have tested these change extensively to make sure it doesn't break anything. Moreover, it will help close the gap between KVM and XenAPI. Thanks, Devdeep ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Fast cloning - FF-Exception request
I'm ok with this going in, but I would like to leave it up to the guys who are using Xen on a daily basis. So if Chris Behrens and Paul Voccio are ok with it, I think an FFE is fine. Vish On Jan 31, 2012, at 10:31 AM, Devdeep Singh wrote: Hi, I am asking for a Feature-Freeze exception for the blueprinthttps://blueprints.launchpad.net/nova/+spec/fast-cloning-for-xenserver. I appreciate that it is now late for getting this feature in, however we are ready to get this feature early in E4. We have got a few reviews in the queue, and we are close to completing them. It is my understanding that E4 was not for big changes. However, this change only touches the xenapi code for instance creation. I have tested these change extensively to make sure it doesn’t break anything. Moreover, it will help close the gap between KVM and XenAPI. Thanks, Devdeep ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Fast cloning - FF-Exception request
I just chatted with Paul. We're okay with this if we can have a flag to allow turning off the caching part of things, since both cow and caching are behavior changes for the Xen side. There's already a flag for 'cow', so that's covered, but there is not one for caching in the current branch up for review. I understand that they should default to 'on' to match libvirt functionality, but I think we need to have a way to have Xen operate how it did before since it has been stable. I'm definitely looking forward to these features, but would like to minimize the impact in case it is unstable or people simply want the current behavior. (I posted the same comments on the review) - Chris On Jan 31, 2012, at 11:02 AM, Vishvananda Ishaya wrote: I'm ok with this going in, but I would like to leave it up to the guys who are using Xen on a daily basis. So if Chris Behrens and Paul Voccio are ok with it, I think an FFE is fine. Vish On Jan 31, 2012, at 10:31 AM, Devdeep Singh wrote: Hi, I am asking for a Feature-Freeze exception for the blueprinthttps://blueprints.launchpad.net/nova/+spec/fast-cloning-for-xenserver. I appreciate that it is now late for getting this feature in, however we are ready to get this feature early in E4. We have got a few reviews in the queue, and we are close to completing them. It is my understanding that E4 was not for big changes. However, this change only touches the xenapi code for instance creation. I have tested these change extensively to make sure it doesn’t break anything. Moreover, it will help close the gap between KVM and XenAPI. Thanks, Devdeep ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] [FF-Exception request] - Bare-metal provisioning with Tilera tiled-processor back-end
Hello, I am asking for a Feature-Freeze exception for the blueprint https://blueprints.launchpad.net/nova/+spec/heterogeneous-tilera-architecture-support . This change doesn't touch any core code. Only new connection type is added (nova/virt/connection.py) and nova/virt/baremetal/* nova/tests/baremetal/* are added. Currently this implements bare-metal provisioning with Tilera tiled-processor back-end, but it can be used by other architecture/machine after adding its back-end processing. I have tested these change extensively to make sure it doesn’t break anything. Thanks, Mikyung - Original Message - From: Vish Ishaya vishvana...@gmail.com To: do...@list.east.isi.edu Sent: Monday, January 30, 2012 5:36:24 PM Subject: [DODCS] [Blueprint heterogeneous-tilera-architecture-support] Bare-metal provisioning with Tilera tiled-processor back-end Blueprint changed by Vish Ishaya: Whiteboard changed: - Gerrit topic: https://review.openstack.org/#q,topic:bp/heterogeneous- - tilera-architecture-support,n,z + Gerrit topic: https://review.openstack.org/#q,topic:bp/heterogeneous-tilera-architecture-support,n,z Addressed by: https://review.openstack.org/1402 Implements blueprint heterogeneous-tilera-architecture-support -- Bare-metal provisioning with Tilera tiled-processor back-end https://blueprints.launchpad.net/nova/+spec/heterogeneous-tilera-architecture-support ___ DODCS mailing list do...@mailman.isi.edu http://mailman.isi.edu/mailman/listinfo/dodcs ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] nova/puppet blueprint, and some questions
Sorry for the slow response on this. There has been a lot to do for e-3. In any case, here are my thoughts on the subject. I am really not convinced that configuration management needs to be part of nova at all. This is stuff that should be built on top of nova. We have a bit of work to do cleaning up and improving metadata to make this type of thing easier, but I don't see any big needs for this to be in nova. A horizon plugin that handles this seems like it would be much more interesting. Then cli users can't use this, and other web frontends can't use it and everyone would very likely implement it differently. My hope was a consistent interface for this kind of stuff, so that users would be able to use this at different providers, and so that libraries could implement this consistently. - Ryan ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] keystone still has DEFINE_string in its middleware/ec2_token.py file
Hi, I'm using up-to-date nova. nova-api cannot start because of the following error. It says AttributeError: 'module' object has no attribute 'DEFINE_string'. I know DEFINE_string becomes obsolete and nova does not have it at all. I checked out the keystone package from github. It still uses DEFINE_string. Is it a bug? Or is my configuration of nova is wrong? I'll appreciate comments/answers/... David. 2012-01-31 15:04:20,848 CRITICAL nova [-] 'module' object has no attribute 'DEFINE_string' (nova): TRACE: Traceback (most recent call last): (nova): TRACE: File /usr/local/nova//bin/nova-api, line 51, in module (nova): TRACE: servers.append(service.WSGIService(api)) (nova): TRACE: File /usr/local/nova/nova/service.py, line 328, in __init__ (nova): TRACE: self.app = self.loader.load_app(name) (nova): TRACE: File /usr/local/nova/nova/wsgi.py, line 388, in load_app (nova): TRACE: return deploy.loadapp(config:%s % self.config_path, name=name) (nova): TRACE: File /usr/lib/python2.6/site-packages/paste/deploy/loadwsgi.py, line 247, in loadapp (nova): TRACE: return loadobj(APP, uri, name=name, **kw) (nova): TRACE: File /usr/lib/python2.6/site-packages/paste/deploy/loadwsgi.py, line 272, in loadobj (nova): TRACE: return context.create() (nova): TRACE: File /usr/lib/python2.6/site-packages/paste/deploy/loadwsgi.py, line 710, in create (nova): TRACE: return self.object_type.invoke(self) (nova): TRACE: File /usr/lib/python2.6/site-packages/paste/deploy/loadwsgi.py, line 144, in invoke (nova): TRACE: **context.local_conf) (nova): TRACE: File /usr/lib/python2.6/site-packages/paste/deploy/util.py, line 56, in fix_call (nova): TRACE: val = callable(*args, **kw) (nova): TRACE: File /usr/lib/python2.6/site-packages/paste/urlmap.py, line 25, in urlmap_factory (nova): TRACE: app = loader.get_app(app_name, global_conf=global_conf) (nova): TRACE: File /usr/lib/python2.6/site-packages/paste/deploy/loadwsgi.py, line 350, in get_app (nova): TRACE: name=name, global_conf=global_conf).create() (nova): TRACE: File /usr/lib/python2.6/site-packages/paste/deploy/loadwsgi.py, line 362, in app_context (nova): TRACE: APP, name=name, global_conf=global_conf) (nova): TRACE: File /usr/lib/python2.6/site-packages/paste/deploy/loadwsgi.py, line 450, in get_context (nova): TRACE: global_additions=global_additions) (nova): TRACE: File /usr/lib/python2.6/site-packages/paste/deploy/loadwsgi.py, line 562, in _pipeline_app_context (nova): TRACE: for name in pipeline[:-1]] (nova): TRACE: File /usr/lib/python2.6/site-packages/paste/deploy/loadwsgi.py, line 458, in get_context (nova): TRACE: section) (nova): TRACE: File /usr/lib/python2.6/site-packages/paste/deploy/loadwsgi.py, line 517, in _context_from_explicit (nova): TRACE: value = import_string(found_expr) (nova): TRACE: File /usr/lib/python2.6/site-packages/paste/deploy/loadwsgi.py, line 22, in import_string (nova): TRACE: return pkg_resources.EntryPoint.parse(x= + s).load(False) (nova): TRACE: File /usr/lib/python2.6/site-packages/pkg_resources.py, line 1948, in load (nova): TRACE: entry = __import__(self.module_name, globals(),globals(), ['__name__']) (nova): TRACE: File /usr/lib/python2.6/site-packages/keystone-2012.1-py2.6.egg/keystone/middleware/ec2_token.py, line 35, in module (nova): TRACE: flags.DEFINE_string('keystone_ec2_url', (nova): TRACE: AttributeError: 'module' object has no attribute 'DEFINE_string' -- Dr. Dong-In David Kang Computer Scientist USC/ISI ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] [FF-Exception request] - Bare-metal provisioning with Tilera tiled-processor back-end
Hello, I am asking for a Feature-Freeze exception for the blueprint https://blueprints.launchpad.net/nova/+spec/heterogeneous-tilera-architecture-support . This change doesn't touch any core code. Only new connection type is added (nova/virt/connection.py) and nova/virt/baremetal/* nova/tests/baremetal/* are added. Currently this implements bare-metal provisioning with Tilera tiled-processor back-end, but it can be used by other architecture/machine after adding its back-end processing. I have tested these change extensively to make sure it doesn’t break anything. Thanks, Mikyung - Original Message - From: Vish Ishaya vishvana...@gmail.com To: do...@list.east.isi.edu Sent: Monday, January 30, 2012 5:36:24 PM Subject: [DODCS] [Blueprint heterogeneous-tilera-architecture-support] Bare-metal provisioning with Tilera tiled-processor back-end Blueprint changed by Vish Ishaya: Whiteboard changed: - Gerrit topic: https://review.openstack.org/#q,topic:bp/heterogeneous- - tilera-architecture-support,n,z + Gerrit topic: https://review.openstack.org/#q,topic:bp/heterogeneous-tilera-architecture-support,n,z Addressed by: https://review.openstack.org/1402 Implements blueprint heterogeneous-tilera-architecture-support -- Bare-metal provisioning with Tilera tiled-processor back-end https://blueprints.launchpad.net/nova/+spec/heterogeneous-tilera-architecture-support ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] nova/puppet blueprint, and some questions
On Jan 31, 2012, at 1:52 PM, Ryan Lane wrote: Sorry for the slow response on this. There has been a lot to do for e-3. In any case, here are my thoughts on the subject. I am really not convinced that configuration management needs to be part of nova at all. This is stuff that should be built on top of nova. We have a bit of work to do cleaning up and improving metadata to make this type of thing easier, but I don't see any big needs for this to be in nova. A horizon plugin that handles this seems like it would be much more interesting. Then cli users can't use this, and other web frontends can't use it and everyone would very likely implement it differently. My hope was a consistent interface for this kind of stuff, so that users would be able to use this at different providers, and so that libraries could implement this consistently. - Ryan Sounds like it could be its own openstack project with its own standard api. The scope of nova has the potential to get quite unwieldy, and I think we should make sure to keep it lean and mean. There is already quite a bit of stuff in that really should be a separate service. Nova does provide some really cool libraries and code for making services easily, but we should separate all of that stuff into openstack-common so that new services can use it. There is some prior art for putting stuff in nova and pulling it into its own project later: see melange and nova-volume for example, but I think as the project grows that is going to become more and more difficult. Vish ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Nova + KeyStone Admin Question
Hi, I've got a quick question regarding RightScale's OpenStack integration. At one point, when someone decides to connect their OpenStack cloud with RightScale, we need to authenticate that that user is authorized to connect their cloud to RightScale. (Those users get some extra privileges, not the least of which is the ability to delete the cloud from the system, which could have an impact to an unaware user). We recognize authorization by requesting that the user give us admin credentials to their cloud. (Think of this as an enterprise user who wants to connect their Piston OpenStack cloud with RightScale.) The question I have is -- how do you recommend we validate that the credentials we've received are in fact Admin? In our current integration of Diablo + KeyStone, we post to the provided KeyStone endpoint with the supposedly admin credentials. We then ensure that the role Admin is included in the response along with the Nova service in the service catalog. Should we add a check to see if the user is associated with any tenant? We are currently thinking about checking if TenantID is nil hoping that this means 'admin of all tenants'. What would you recommend we do? Ideally, there would be an API call that only admin credentials on Nova would be allowed to make. Is there such an API call (we couldn't see any such call in the Nova API Documentation)? Do you have any other suggestions? Thanks! -- Shivan Bindal Product Manager shi...@rightscale.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Glance and Keystone
On 01/31/2012 06:00 PM, Paras pradhan wrote: Hi, How do I check if glance is working with keystone? This is what I've done so far and getting errors # glance -A details 16afc976-4dfa-4175-a7ea-ec8446f636b3 Needs to be: glance -A 16afc976-4dfa-4175-a7ea-ec8446f636b3 details Cheers! -jay ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Nova + KeyStone Admin Question
We have been treating 'Admin' (or 'admin' as I prefer) as meaning admin of the entire cloud, regardless of whether a tenant id is set. The recent rbac changes introduced allows the policy to be completely customized by the deployer however, so they would be free to define a different role such as 'superuser'. We currently do however have some special handling in nova based on the role 'admin', so that seems like the best choice. As a side note, we do want to remove the special handling, but at that point we might introduce a flag to represent a role that should be considered to have superuser privileges. Vish On Jan 31, 2012, at 4:08 PM, Shivan Bindal wrote: Hi, I've got a quick question regarding RightScale's OpenStack integration. At one point, when someone decides to connect their OpenStack cloud with RightScale, we need to authenticate that that user is authorized to connect their cloud to RightScale. (Those users get some extra privileges, not the least of which is the ability to delete the cloud from the system, which could have an impact to an unaware user). We recognize authorization by requesting that the user give us admin credentials to their cloud. (Think of this as an enterprise user who wants to connect their Piston OpenStack cloud with RightScale.) The question I have is -- how do you recommend we validate that the credentials we've received are in fact Admin? In our current integration of Diablo + KeyStone, we post to the provided KeyStone endpoint with the supposedly admin credentials. We then ensure that the role Admin is included in the response along with the Nova service in the service catalog. Should we add a check to see if the user is associated with any tenant? We are currently thinking about checking if TenantID is nil hoping that this means 'admin of all tenants'. What would you recommend we do? Ideally, there would be an API call that only admin credentials on Nova would be allowed to make. Is there such an API call (we couldn't see any such call in the Nova API Documentation)? Do you have any other suggestions? Thanks! -- Shivan Bindal Product Manager shi...@rightscale.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Nova + KeyStone Admin Question
Great. Thanks Vish! We'll revert with further questions if they come up. -- Shivan Bindal Product Manager shi...@rightscale.com On Tue, Jan 31, 2012 at 4:43 PM, Vishvananda Ishaya vishvana...@gmail.comwrote: We have been treating 'Admin' (or 'admin' as I prefer) as meaning admin of the entire cloud, regardless of whether a tenant id is set. The recent rbac changes introduced allows the policy to be completely customized by the deployer however, so they would be free to define a different role such as 'superuser'. We currently do however have some special handling in nova based on the role 'admin', so that seems like the best choice. As a side note, we do want to remove the special handling, but at that point we might introduce a flag to represent a role that should be considered to have superuser privileges. Vish On Jan 31, 2012, at 4:08 PM, Shivan Bindal wrote: Hi, I've got a quick question regarding RightScale's OpenStack integration. At one point, when someone decides to connect their OpenStack cloud with RightScale, we need to authenticate that that user is authorized to connect their cloud to RightScale. (Those users get some extra privileges, not the least of which is the ability to delete the cloud from the system, which could have an impact to an unaware user). We recognize authorization by requesting that the user give us admin credentials to their cloud. (Think of this as an enterprise user who wants to connect their Piston OpenStack cloud with RightScale.) The question I have is -- how do you recommend we validate that the credentials we've received are in fact Admin? In our current integration of Diablo + KeyStone, we post to the provided KeyStone endpoint with the supposedly admin credentials. We then ensure that the role Admin is included in the response along with the Nova service in the service catalog. Should we add a check to see if the user is associated with any tenant? We are currently thinking about checking if TenantID is nil hoping that this means 'admin of all tenants'. What would you recommend we do? Ideally, there would be an API call that only admin credentials on Nova would be allowed to make. Is there such an API call (we couldn't see any such call in the Nova API Documentation)? Do you have any other suggestions? Thanks! -- Shivan Bindal Product Manager shi...@rightscale.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Glance authentication with Keystone woes...
On 01/31/2012 06:28 PM, Lillie Ross-CDSR11 wrote: I'm reinstalling the various Openstack services from packages in the ManagedIT PPA to pull in the latest Diablo bug fixes. I'm following the latest directions in the newly release installation guide as I perform these upgrades (http://docs.openstack.org/diablo/openstack-compute/install/content/index.html). However, I'm having trouble getting Glance to authenticate with Keystone. All config files have been copied from the examples posted in the installation guide (and modified accordingly for my admin token, IP addresses, etc.). Regardless, I continually get the following error message and stack dump when trying to verify the Glance/Keystone integration: Step 1: Grab a token # curl -d '{auth: {tenantName: default, passwordCredentials:{username: admin, password: admin}}}' -H Content-type: application/json http://173.23.181.1:35357/v2.0/tokens | python -mjson.tool ... token: { expires: 2012-02-01T15:24:33, id: fa89fb9a-60d2-4921-b12d-6aee1c177823, tenant: { id: 1, name: default } } You're going to want to grab a long-lived token (sometimes called a service token) to use for the Glance API - Glance Registry connection. This service token should be used in the glance-registry.conf file. In glance-registry.conf, you'll see a section looking like this: [filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory service_protocol = http service_host = 127.0.0.1 service_port = 5000 auth_host = 127.0.0.1 auth_port = 35357 auth_protocol = http auth_uri = http://127.0.0.1:5000/ admin_token = 999888777666 Replace admin_token = 999888777666 with the relevant long-lived service token. Cheers! -jay Step 2: Try a Glance command # glance details -A fa89fb9a-60d2-4921-b12d-6aee1c177823 Failed to show details. Got error: Internal Server error: Traceback (most recent call last): File /usr/lib/python2.7/dist-packages/eventlet/wsgi.py, line 336, in handle_one_response result = self.application(self.environ, start_response) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 147, in __call__ resp = self.call_func(req, *args, **self.kwargs) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 208, in call_func return self.func(req, *args, **kwargs) File /usr/lib/python2.7/dist-packages/glance/common/wsgi.py, line 113, in __call__ response = req.get_response(self.application) File /usr/lib/python2.7/dist-packages/webob/request.py, line 1053, in get_response application, catch_exc_info=False) File /usr/lib/python2.7/dist-packages/webob/request.py, line 1022, in call_application app_iter = application(self.environ, start_response) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 147, in __call__ resp = self.call_func(req, *args, **self.kwargs) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 208, in call_func return self.func(req, *args, **kwargs) File /usr/lib/python2.7/dist-packages/glance/common/wsgi.py, line 110, in __call__ response = self.process_request(req) File /usr/lib/python2.7/dist-packages/glance/common/context.py, line 104, in process_request raise exception.NotAuthorized() NotAuthorized: None From the Glance api.log file we see the following (with the traceback identical to above removed): 2012-01-31 17:14:30 DEBUG [glance.api.middleware.version_negotiation] Processing request: GET /v1/images/detail Accept: 2012-01-31 17:14:30 DEBUG [glance.api.middleware.version_negotiation] Matched versioned URI. Version: 1.0 2012-01-31 17:14:30 DEBUG [eventlet.wsgi.server] Traceback (most recent call last): ? (traceback removed) 2012-01-31 17:14:30 DEBUG [eventlet.wsgi.server] 127.0.0.1 - - [31/Jan/2012 17:14:30] GET /v1/images/detail?limit=10 HTTP/1.1 500 1528 0.001163 This is probably a config blunder on my part, but I've poured over the config files numerous times. Regardless, I've attached the glance-api and registry conf files. Any suggestions? Regards, Ross ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Glance authentication with Keystone woes...
Hi Ann! cc'ing the mailing list since this is generally useful information... On 01/31/2012 08:59 PM, Anne Gentle wrote: Hi Jay - I'm pretty sure this has tripped me up before and I'm going to have to change the docs for the install/deploy guide. What exactly is the call for the long-lived service token? Is it a keystone admin api call - admin tenant, admin user on the admin tenant? Yeah, it's confusing, I know :( The best information on this particular subject is here: http://keystone.openstack.org/configuringservices.html#defining-an-administrative-service-token Basically, in Keystone, you can create a token that can be used by a service (for service-to-service communication, like that needed by the Glance API to Glance registry communication) by using the keystone-manage command like so: keystone-manage token add TOKEN_ID SERVICE_USER SERVICE_TENANT TIMESTAMP where TIMESTAMP is something like 2015-02-05T00:00 Cheers! -jay ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Swift Consistency Guarantees?
On 31/01/2012, at 2:48 PM, andi abes wrote: The current semantics allow you to do 1) the the most recent cached copy, using the http caching mechanism. This will ignore any updates to the swift cluster, as long as the cache is not stale 2) get a recent copy from swift (when setting no cache) 3) do a quorum call on all the storage nodes to get the most accurate answer swift can provide. You're proposing that 2 3 are the same, since they're both different than 1. But their performance implications on 2 3 are quite different. Effectively. My point, however, is that inventing new mechanisms -- especially new headers -- should be avoided if possible, as they generally cause more trouble than they're worth. Is there really a use case for #2 being distinct from #3? If there is, it'd be better expressed as a new Cache-Control request directive (e.g., Cache-Control: authoritative), next time things get revised. Anyway, not a big deal, as it's already out there. Cheers, -- Mark Nottingham http://www.mnot.net/ ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Glance authentication with Keystone woes...
Yep, Ross's attached conf files show that substitution in the admin_token line. I'd like to ensure we can validate that glance and keystone are talking. These steps happen prior to installing nova at all. So far the validation steps are, get a token with a curl command, then use glance details -A $token. [1] When the validation doesn't work, what are good troubleshooting steps? I think they're: - make sure you restarted the registry and api services with new configs - double-check conf files - double-check environment (source creds file properly) - ensure endpointTemplates are correct IP addresses - check the logs - use netstat to ensure ports are listening (9191 and 9292 for glance) I'm re-running the instructions myself and now I get this: glance -A 21f07580-629e-4c8c-9689-b6fb1fff806f details Failed to show details. Got error: Connect error/bad request to Auth service at URL %(url)s. I can tell the endpointTemplates in Keystone are fine with a keystone-manage endpointTemplates list. What else will help troubleshoot (and validate that an install is working with keystone)? Thanks for the help Jay! Anne [1] http://docs.openstack.org/diablo/openstack-compute/install/content/images-verifying-install.html On Jan 31, 2012, at 8:53 PM, Jay Pipes jaypi...@gmail.com wrote: Hi Ann! cc'ing the mailing list since this is generally useful information... On 01/31/2012 08:59 PM, Anne Gentle wrote: Hi Jay - I'm pretty sure this has tripped me up before and I'm going to have to change the docs for the install/deploy guide. What exactly is the call for the long-lived service token? Is it a keystone admin api call - admin tenant, admin user on the admin tenant? Yeah, it's confusing, I know :( The best information on this particular subject is here: http://keystone.openstack.org/configuringservices.html#defining-an-administrative-service-token Basically, in Keystone, you can create a token that can be used by a service (for service-to-service communication, like that needed by the Glance API to Glance registry communication) by using the keystone-manage command like so: keystone-manage token add TOKEN_ID SERVICE_USER SERVICE_TENANT TIMESTAMP where TIMESTAMP is something like 2015-02-05T00:00 Cheers! -jay ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp