[Openstack] Single Network Interface Configuration
Hello, Up until now i have followed various configuration for openstack. What i failed to notice was that all those configurations assumed there were two network interfaces available on my system. Unfortunately, i have only one network interface available per machine. My question now is, can i still use VLAN for inter-instance communication or do i need to use a different network setup? Regards, Leander ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Nova] Essex dead wood cutting
We use Ubuntu KVM + Libivrt and have helped several clients build private clouds and all of them are using Windows guests (Win 2003, Win 2008, Win 7). For all the issues that we had with windows guests on KVM, we had to figure out ourselves or get help from kvm community forums. MS would only support if you use Windows 2008 Datacenter or other commercial certified hypervisors Ranga On Sat, Jan 28, 2012 at 3:32 PM, Wayne Walls wa...@openstack.org wrote: Greetings, Tim! Took a quick stab, answers/comments in-line. Cheers, Wayne On 1/28/12 2:34 PM, Tim Bell tim.b...@cern.ch wrote: With the Hyper-V support being phased out, I would be interested to understand: - What hypervisors are being used for running Windows guests (both Windows 7 and Windows Server) on top of OpenStack ? The quick and dirty answer is KVM, and somewhere along the lines we'll see Citrix XenServer join the race (hopefully sooner rather than later :)). Plug for XenServer: http://wiki.openstack.org/XenServerDevelopment -- maybe Ewan/Anne has an update for when we'll see full blown XenServer+OpenStack install guides? - To what extent will Microsoft support problems reported with a Windows guest running on a non-Microsoft hypervisor ? I think this is a much harder question to answer, as in the past (http://www.redhat.com/promo/svvp) there has been a reciprocal agreement between RedHat and MS to support each others efforts on their own respective virtualization platforms. Seeing that a) Ubuntu+KVM/libvirt is the current standard, and b) RedHat is not actively participating in the OpenStack community it leaves us with a big question mark. Any companies out there that are running KVM clouds w/ Windows care to address this? Do you have customers that want to know how upstream KVM issues are handled? Citrix and Microsoft on the other hand have a fairly long standing partnership, so anything MS products running on XenServer should see a clear escalation path I'd think. - Are there other sites who are affected by this proposal who would be willing to invest effort to maintain the Hyper-V support ? Is there a group that has taken ownership of this? I know that Jordan Rinke (Rackspace), Alex Landman and Peter Pouliot (Novell MS Interop Lab @ SUSE) spent a lot of time on Hyper-V in the Bexar/Cactus releases. They made pretty significant strides in that period, but the progress has since subsided. With the latest movement in the Hyper-V arena, especially around them trying to get full Ubuntu and Debian support in there, does that mean it's less and less likely MS will support their products or competing HV's? Tim Bell CERN -Original Message- From: openstack-bounces+tim.bell=cern...@lists.launchpad.net [mailto:openstack-bounces+tim.bell=cern...@lists.launchpad.net] On Behalf Of Sandy Walsh Sent: 27 January 2012 16:45 To: Thierry Carrez; openstack@lists.launchpad.net Subject: Re: [Openstack] [Nova] Essex dead wood cutting I'll be taking the existing Zones code out of API and Distributed Scheduler. The new Zones infrastructure is an optional component. -S From: openstack-bounces+sandy.walsh=rackspace@lists.launchpad.net [openstack-bounces+sandy.walsh=rackspace@lists.launchpad.net] on behalf of Thierry Carrez [thie...@openstack.org] Sent: Friday, January 27, 2012 11:23 AM To: openstack@lists.launchpad.net Subject: [Openstack] [Nova] Essex dead wood cutting Just as Nova enters feature freeze, it sounds like a good moment to consider removing deprecated, known-buggy-and-unmaintained or useless feature code from the Essex tree. Here are my suggestions for removal: - Ajaxterm (unmaintained, security issues, replaced by VNC console) - Hyper-V support (known broken and unmaintained) I'm sure that everyone has suggestions on other dead wood that we should cut now rather than ship in Essex... please comment. -- Thierry Carrez (ttx) Release Manager, OpenStack ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help :
Re: [Openstack] Fast cloning - FF-Exception request
Hi, I have updated the fast cloning changes with an new patch set. Caching is off by default for xenapi and the default behavior doesn't change (for libvirt or xenapi). It also addresses the other review comments that were given for the feature. Regards, Devdeep -Original Message- From: Chris Behrens [mailto:chris.behr...@rackspace.com] Sent: Wednesday, February 01, 2012 1:25 AM To: Vishvananda Ishaya Cc: Chris Behrens; Devdeep Singh; openstack@lists.launchpad.net Subject: Re: [Openstack] Fast cloning - FF-Exception request I just chatted with Paul. We're okay with this if we can have a flag to allow turning off the caching part of things, since both cow and caching are behavior changes for the Xen side. There's already a flag for 'cow', so that's covered, but there is not one for caching in the current branch up for review. I understand that they should default to 'on' to match libvirt functionality, but I think we need to have a way to have Xen operate how it did before since it has been stable. I'm definitely looking forward to these features, but would like to minimize the impact in case it is unstable or people simply want the current behavior. (I posted the same comments on the review) - Chris On Jan 31, 2012, at 11:02 AM, Vishvananda Ishaya wrote: I'm ok with this going in, but I would like to leave it up to the guys who are using Xen on a daily basis. So if Chris Behrens and Paul Voccio are ok with it, I think an FFE is fine. Vish On Jan 31, 2012, at 10:31 AM, Devdeep Singh wrote: Hi, I am asking for a Feature-Freeze exception for the blueprinthttps://blueprints.launchpad.net/nova/+spec/fast-cloning-for-xenserver. I appreciate that it is now late for getting this feature in, however we are ready to get this feature early in E4. We have got a few reviews in the queue, and we are close to completing them. It is my understanding that E4 was not for big changes. However, this change only touches the xenapi code for instance creation. I have tested these change extensively to make sure it doesn't break anything. Moreover, it will help close the gap between KVM and XenAPI. Thanks, Devdeep ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Please be careful with reviews
Nova-core reviewers: In these times of feature freeze and as we get closer to releases, please be extra-careful with reviews. Case in point: https://review.openstack.org/#change,3609 This was approved while still missing a second core review, and it very much looks like a feature (should have blueprint and feature freeze exception granted). Good thing Jenkins didn't let it pass. -- Thierry Carrez (ttx) Release Manager, OpenStack ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Glance and Keystone
Didn't work here is the o/p root@server3:~# glance -A 16afc976-4dfa-4175-a7ea-ec8446f636b3 details Failed to show details. Got error: Internal Server error: Traceback (most recent call last): File /usr/lib/python2.7/dist-packages/eventlet/wsgi.py, line 336, in handle_one_response result = self.application(self.environ, start_response) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 147, in __call__ resp = self.call_func(req, *args, **self.kwargs) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 208, in call_func return self.func(req, *args, **kwargs) File /usr/lib/python2.7/dist-packages/glance/common/wsgi.py, line 113, in __call__ response = req.get_response(self.application) File /usr/lib/python2.7/dist-packages/webob/request.py, line 1053, in get_response application, catch_exc_info=False) File /usr/lib/python2.7/dist-packages/webob/request.py, line 1022, in call_application app_iter = application(self.environ, start_response) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 147, in __call__ resp = self.call_func(req, *args, **self.kwargs) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 208, in call_func return self.func(req, *args, **kwargs) File /usr/lib/python2.7/dist-packages/glance/common/wsgi.py, line 110, in __call__ response = self.process_request(req) File /usr/lib/python2.7/dist-packages/glance/common/context.py, line 104, in process_request raise exception.NotAuthorized() NotAuthorized: None root@server3:~# Thanks Paras. On Tue, Jan 31, 2012 at 6:23 PM, Jay Pipes jaypi...@gmail.com wrote: On 01/31/2012 06:00 PM, Paras pradhan wrote: Hi, How do I check if glance is working with keystone? This is what I've done so far and getting errors # glance -A details 16afc976-4dfa-4175-a7ea-ec8446f636b3 Needs to be: glance -A 16afc976-4dfa-4175-a7ea-ec8446f636b3 details Cheers! -jay ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Glance and Keystone
If you do: curl -v -H X-Auth-Token: 16afc976-4dfa-4175-a7ea-ec8446f636b3 GLANCE_API_HOST:GLANCE_API_PORT/v2/images What is returned? -jay On 02/01/2012 11:19 AM, Paras pradhan wrote: Didn't work here is the o/p root@server3:~# glance -A 16afc976-4dfa-4175-a7ea-ec8446f636b3 details Failed to show details. Got error: Internal Server error: Traceback (most recent call last): File /usr/lib/python2.7/dist-packages/eventlet/wsgi.py, line 336, in handle_one_response result = self.application(self.environ, start_response) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 147, in __call__ resp = self.call_func(req, *args, **self.kwargs) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 208, in call_func return self.func(req, *args, **kwargs) File /usr/lib/python2.7/dist-packages/glance/common/wsgi.py, line 113, in __call__ response = req.get_response(self.application) File /usr/lib/python2.7/dist-packages/webob/request.py, line 1053, in get_response application, catch_exc_info=False) File /usr/lib/python2.7/dist-packages/webob/request.py, line 1022, in call_application app_iter = application(self.environ, start_response) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 147, in __call__ resp = self.call_func(req, *args, **self.kwargs) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 208, in call_func return self.func(req, *args, **kwargs) File /usr/lib/python2.7/dist-packages/glance/common/wsgi.py, line 110, in __call__ response = self.process_request(req) File /usr/lib/python2.7/dist-packages/glance/common/context.py, line 104, in process_request raise exception.NotAuthorized() NotAuthorized: None root@server3:~# Thanks Paras. On Tue, Jan 31, 2012 at 6:23 PM, Jay Pipesjaypi...@gmail.com wrote: On 01/31/2012 06:00 PM, Paras pradhan wrote: Hi, How do I check if glance is working with keystone? This is what I've done so far and getting errors # glance -A details 16afc976-4dfa-4175-a7ea-ec8446f636b3 Needs to be: glance -A 16afc976-4dfa-4175-a7ea-ec8446f636b3 details Cheers! -jay ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Glance and Keystone
Got this -- root@server3:/etc/nova# curl -v -H X-Auth-Token: 16afc976-4dfa-4175-a7ea-ec8446f636b3 192.168.122.14:9292/v2/images * About to connect() to 192.168.122.14 port 9292 (#0) * Trying 192.168.122.14... connected * Connected to 192.168.122.14 (192.168.122.14) port 9292 (#0) GET /v2/images HTTP/1.1 User-Agent: curl/7.21.6 (x86_64-pc-linux-gnu) libcurl/7.21.6 OpenSSL/1.0.0e zlib/1.2.3.4 libidn/1.22 librtmp/2.3 Host: 192.168.122.14:9292 Accept: */* X-Auth-Token: 16afc976-4dfa-4175-a7ea-ec8446f636b3 HTTP/1.1 300 Multiple Choices Content-Type: application/json Content-Length: 216 Date: Wed, 01 Feb 2012 16:29:25 GMT * Connection #0 to host 192.168.122.14 left intact * Closing connection #0 {versions: [{status: CURRENT, id: v1.1, links: [{href: http://0.0.0.0:9292/v1/;, rel: self}]}, {status: SUPPORTED, id: v1.0, links: [{href: http://0.0.0.0:9292/v1/;, rel: self}]}]} -- Paras. On Wed, Feb 1, 2012 at 10:22 AM, Jay Pipes jaypi...@gmail.com wrote: If you do: curl -v -H X-Auth-Token: 16afc976-4dfa-4175-a7ea-ec8446f636b3 GLANCE_API_HOST:GLANCE_API_PORT/v2/images What is returned? -jay On 02/01/2012 11:19 AM, Paras pradhan wrote: Didn't work here is the o/p root@server3:~# glance -A 16afc976-4dfa-4175-a7ea-ec8446f636b3 details Failed to show details. Got error: Internal Server error: Traceback (most recent call last): File /usr/lib/python2.7/dist-packages/eventlet/wsgi.py, line 336, in handle_one_response result = self.application(self.environ, start_response) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 147, in __call__ resp = self.call_func(req, *args, **self.kwargs) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 208, in call_func return self.func(req, *args, **kwargs) File /usr/lib/python2.7/dist-packages/glance/common/wsgi.py, line 113, in __call__ response = req.get_response(self.application) File /usr/lib/python2.7/dist-packages/webob/request.py, line 1053, in get_response application, catch_exc_info=False) File /usr/lib/python2.7/dist-packages/webob/request.py, line 1022, in call_application app_iter = application(self.environ, start_response) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 147, in __call__ resp = self.call_func(req, *args, **self.kwargs) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 208, in call_func return self.func(req, *args, **kwargs) File /usr/lib/python2.7/dist-packages/glance/common/wsgi.py, line 110, in __call__ response = self.process_request(req) File /usr/lib/python2.7/dist-packages/glance/common/context.py, line 104, in process_request raise exception.NotAuthorized() NotAuthorized: None root@server3:~# Thanks Paras. On Tue, Jan 31, 2012 at 6:23 PM, Jay Pipesjaypi...@gmail.com wrote: On 01/31/2012 06:00 PM, Paras pradhan wrote: Hi, How do I check if glance is working with keystone? This is what I've done so far and getting errors # glance -A details 16afc976-4dfa-4175-a7ea-ec8446f636b3 Needs to be: glance -A 16afc976-4dfa-4175-a7ea-ec8446f636b3 details Cheers! -jay ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Glance authentication with Keystone woes...
Hi Jay, Yes, this confused me, however I get the same error using the token I generated and added (via the keystone-manage command). To wit: root@nova:~# keystone-manage token list token userexpiration tenant --- 101112131415161718191 2022-01-01 00:00:00 2 fa89fb9a-60d2-4921-b12d-6aee1c1778231 2012-02-01 15:24:33 1 b06c5e4e-5e59-4293-aa54-ce6879f113712 2012-02-01 15:26:41 1 where the first token is the long-lived one I supplied during installation. Running the glance command yields identical results: root@nova:~# glance -v -A 10111213141516171819 details Failed to show details. Got error: Internal Server error: Traceback (most recent call last): File /usr/lib/python2.7/dist-packages/eventlet/wsgi.py, line 336, in handle_one_response result = self.application(self.environ, start_response) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 147, in __call__ resp = self.call_func(req, *args, **self.kwargs) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 208, in call_func return self.func(req, *args, **kwargs) File /usr/lib/python2.7/dist-packages/glance/common/wsgi.py, line 113, in __call__ response = req.get_response(self.application) File /usr/lib/python2.7/dist-packages/webob/request.py, line 1053, in get_response application, catch_exc_info=False) File /usr/lib/python2.7/dist-packages/webob/request.py, line 1022, in call_application app_iter = application(self.environ, start_response) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 147, in __call__ resp = self.call_func(req, *args, **self.kwargs) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 208, in call_func return self.func(req, *args, **kwargs) File /usr/lib/python2.7/dist-packages/glance/common/wsgi.py, line 110, in __call__ response = self.process_request(req) File /usr/lib/python2.7/dist-packages/glance/common/context.py, line 104, in process_request raise exception.NotAuthorized() NotAuthorized: None Completed in 0.0031 sec. Interestingly (perhaps) I see nothing in the keystone.log file. In fact, I don't even see the keystone log file. Keystone opens to log files named 'admin.log' and 'keystone_legacy_auth.log'. Is this right? Also, if I run keystone interactively (keystone -v -d) then issue the glance command, I see nothing in the keystone window. This doesn't seem right to me, but I'm just getting started with keystone integration. Thanks in advance for any insight... Regards, Ross On Jan 31, 2012, at 6:48 PM, Jay Pipes wrote: On 01/31/2012 06:28 PM, Lillie Ross-CDSR11 wrote: I'm reinstalling the various Openstack services from packages in the ManagedIT PPA to pull in the latest Diablo bug fixes. I'm following the latest directions in the newly release installation guide as I perform these upgrades (http://docs.openstack.org/diablo/openstack-compute/install/content/index.html). However, I'm having trouble getting Glance to authenticate with Keystone. All config files have been copied from the examples posted in the installation guide (and modified accordingly for my admin token, IP addresses, etc.). Regardless, I continually get the following error message and stack dump when trying to verify the Glance/Keystone integration: Step 1: Grab a token # curl -d '{auth: {tenantName: default, passwordCredentials:{username: admin, password: admin}}}' -H Content-type: application/json http://173.23.181.1:35357/v2.0/tokens | python -mjson.tool ... token: { expires: 2012-02-01T15:24:33, id: fa89fb9a-60d2-4921-b12d-6aee1c177823, tenant: { id: 1, name: default } } You're going to want to grab a long-lived token (sometimes called a service token) to use for the Glance API - Glance Registry connection. This service token should be used in the glance-registry.conf file. In glance-registry.conf, you'll see a section looking like this: [filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory service_protocol = http service_host = 127.0.0.1 service_port = 5000 auth_host = 127.0.0.1 auth_port = 35357 auth_protocol = http auth_uri = http://127.0.0.1:5000/ admin_token = 999888777666 Replace admin_token = 999888777666 with the relevant long-lived service token. Cheers! -jay Step 2: Try a Glance command # glance details -A fa89fb9a-60d2-4921-b12d-6aee1c177823 Failed to show details. Got error: Internal Server error: Traceback (most recent call last): File /usr/lib/python2.7/dist-packages/eventlet/wsgi.py, line 336, in handle_one_response result = self.application(self.environ, start_response) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 147, in __call__ resp = self.call_func(req, *args, **self.kwargs) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 208, in call_func return self.func(req,
Re: [Openstack] Swift Consistency Guarantees?
Mark Nottingham on 01 February 2012 05:19 wrote: On 31/01/2012, at 2:48 PM, andi abes wrote: The current semantics allow you to do 1) the the most recent cached copy, using the http caching mechanism. This will ignore any updates to the swift cluster, as long as the cache is not stale 2) get a recent copy from swift (when setting no cache) 3) do a quorum call on all the storage nodes to get the most accurate answer swift can provide. You're proposing that 2 3 are the same, since they're both different than 1. But their performance implications on 2 3 are quite different. Effectively. My point, however, is that inventing new mechanisms -- especially new headers -- should be avoided if possible, as they generally cause more trouble than they're worth. Is there really a use case for #2 being distinct from #3? If there is, it'd be better expressed as a new Cache-Control request directive (e.g., Cache-Control: authoritative), next time things get revised. It isn't a caching directive though, it's asking for a change of behavior on the part of the swift server... ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Glance and Keystone
np. here is it root@server3:/etc/nova# curl -v -H X-Auth-Token: 16afc976-4dfa-4175-a7ea-ec8446f636b3 192.168.122.14:9292/v1/images * About to connect() to 192.168.122.14 port 9292 (#0) * Trying 192.168.122.14... connected * Connected to 192.168.122.14 (192.168.122.14) port 9292 (#0) GET /v1/images HTTP/1.1 User-Agent: curl/7.21.6 (x86_64-pc-linux-gnu) libcurl/7.21.6 OpenSSL/1.0.0e zlib/1.2.3.4 libidn/1.22 librtmp/2.3 Host: 192.168.122.14:9292 Accept: */* X-Auth-Token: 16afc976-4dfa-4175-a7ea-ec8446f636b3 HTTP/1.1 500 Internal Server Error Content-Type: text/plain Content-Length: 1386 Date: Wed, 01 Feb 2012 16:42:07 GMT Connection: close Traceback (most recent call last): File /usr/lib/python2.7/dist-packages/eventlet/wsgi.py, line 336, in handle_one_response result = self.application(self.environ, start_response) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 147, in __call__ resp = self.call_func(req, *args, **self.kwargs) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 208, in call_func return self.func(req, *args, **kwargs) File /usr/lib/python2.7/dist-packages/glance/common/wsgi.py, line 113, in __call__ response = req.get_response(self.application) File /usr/lib/python2.7/dist-packages/webob/request.py, line 1053, in get_response application, catch_exc_info=False) File /usr/lib/python2.7/dist-packages/webob/request.py, line 1022, in call_application app_iter = application(self.environ, start_response) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 147, in __call__ resp = self.call_func(req, *args, **self.kwargs) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 208, in call_func return self.func(req, *args, **kwargs) File /usr/lib/python2.7/dist-packages/glance/common/wsgi.py, line 110, in __call__ response = self.process_request(req) File /usr/lib/python2.7/dist-packages/glance/common/context.py, line 104, in process_request raise exception.NotAuthorized() NotAuthorized: None * Closing connection #0 root@server3:/etc/nova# My glance-api.conf looks http://pastebin.com/1pqVKZkV Thanks Paras. On Wed, Feb 1, 2012 at 10:40 AM, Jay Pipes jaypi...@gmail.com wrote: Sorry about that... should have been v1 not v2 :) -jay On 02/01/2012 11:29 AM, Paras pradhan wrote: Got this -- root@server3:/etc/nova# curl -v -H X-Auth-Token: 16afc976-4dfa-4175-a7ea-ec8446f636b3 192.168.122.14:9292/v2/images * About to connect() to 192.168.122.14 port 9292 (#0) * Trying 192.168.122.14... connected * Connected to 192.168.122.14 (192.168.122.14) port 9292 (#0) GET /v2/images HTTP/1.1 User-Agent: curl/7.21.6 (x86_64-pc-linux-gnu) libcurl/7.21.6 OpenSSL/1.0.0e zlib/1.2.3.4 libidn/1.22 librtmp/2.3 Host: 192.168.122.14:9292 Accept: */* X-Auth-Token: 16afc976-4dfa-4175-a7ea-ec8446f636b3 HTTP/1.1 300 Multiple Choices Content-Type: application/json Content-Length: 216 Date: Wed, 01 Feb 2012 16:29:25 GMT * Connection #0 to host 192.168.122.14 left intact * Closing connection #0 {versions: [{status: CURRENT, id: v1.1, links: [{href: http://0.0.0.0:9292/v1/;, rel: self}]}, {status: SUPPORTED, id: v1.0, links: [{href: http://0.0.0.0:9292/v1/;, rel: self}]}]} -- Paras. On Wed, Feb 1, 2012 at 10:22 AM, Jay Pipesjaypi...@gmail.com wrote: If you do: curl -v -H X-Auth-Token: 16afc976-4dfa-4175-a7ea-ec8446f636b3 GLANCE_API_HOST:GLANCE_API_PORT/v2/images What is returned? -jay On 02/01/2012 11:19 AM, Paras pradhan wrote: Didn't work here is the o/p root@server3:~# glance -A 16afc976-4dfa-4175-a7ea-ec8446f636b3 details Failed to show details. Got error: Internal Server error: Traceback (most recent call last): File /usr/lib/python2.7/dist-packages/eventlet/wsgi.py, line 336, in handle_one_response result = self.application(self.environ, start_response) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 147, in __call__ resp = self.call_func(req, *args, **self.kwargs) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 208, in call_func return self.func(req, *args, **kwargs) File /usr/lib/python2.7/dist-packages/glance/common/wsgi.py, line 113, in __call__ response = req.get_response(self.application) File /usr/lib/python2.7/dist-packages/webob/request.py, line 1053, in get_response application, catch_exc_info=False) File /usr/lib/python2.7/dist-packages/webob/request.py, line 1022, in call_application app_iter = application(self.environ, start_response) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 147, in __call__ resp = self.call_func(req, *args, **self.kwargs) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 208, in call_func return self.func(req, *args, **kwargs) File /usr/lib/python2.7/dist-packages/glance/common/wsgi.py, line 110, in __call__ response = self.process_request(req) File /usr/lib/python2.7/dist-packages/glance/common/context.py,
Re: [Openstack] Glance and Keystone
I think i pasted the wrong one . Here is it again. -- root@server3:/etc/glance# curl -v -H X-Auth-Token: 16afc976-4dfa-4175-a7ea-ec8446f636b3 192.168.122.14:9292/v1/images * About to connect() to 192.168.122.14 port 9292 (#0) * Trying 192.168.122.14... connected * Connected to 192.168.122.14 (192.168.122.14) port 9292 (#0) GET /v1/images HTTP/1.1 User-Agent: curl/7.21.6 (x86_64-pc-linux-gnu) libcurl/7.21.6 OpenSSL/1.0.0e zlib/1.2.3.4 libidn/1.22 librtmp/2.3 Host: 192.168.122.14:9292 Accept: */* X-Auth-Token: 16afc976-4dfa-4175-a7ea-ec8446f636b3 HTTP/1.1 500 Internal Server Error Content-Type: text/plain Content-Length: 1386 Date: Wed, 01 Feb 2012 16:44:56 GMT Connection: close Traceback (most recent call last): File /usr/lib/python2.7/dist-packages/eventlet/wsgi.py, line 336, in handle_one_response result = self.application(self.environ, start_response) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 147, in __call__ resp = self.call_func(req, *args, **self.kwargs) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 208, in call_func return self.func(req, *args, **kwargs) File /usr/lib/python2.7/dist-packages/glance/common/wsgi.py, line 113, in __call__ response = req.get_response(self.application) File /usr/lib/python2.7/dist-packages/webob/request.py, line 1053, in get_response application, catch_exc_info=False) File /usr/lib/python2.7/dist-packages/webob/request.py, line 1022, in call_application app_iter = application(self.environ, start_response) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 147, in __call__ resp = self.call_func(req, *args, **self.kwargs) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 208, in call_func return self.func(req, *args, **kwargs) File /usr/lib/python2.7/dist-packages/glance/common/wsgi.py, line 110, in __call__ response = self.process_request(req) File /usr/lib/python2.7/dist-packages/glance/common/context.py, line 104, in process_request raise exception.NotAuthorized() NotAuthorized: None * Closing connection #0 root@server3:/etc/glance# -- Thanks Paras. On Wed, Feb 1, 2012 at 10:44 AM, Paras pradhan pradhanpa...@gmail.com wrote: np. here is it root@server3:/etc/nova# curl -v -H X-Auth-Token: 16afc976-4dfa-4175-a7ea-ec8446f636b3 192.168.122.14:9292/v1/images * About to connect() to 192.168.122.14 port 9292 (#0) * Trying 192.168.122.14... connected * Connected to 192.168.122.14 (192.168.122.14) port 9292 (#0) GET /v1/images HTTP/1.1 User-Agent: curl/7.21.6 (x86_64-pc-linux-gnu) libcurl/7.21.6 OpenSSL/1.0.0e zlib/1.2.3.4 libidn/1.22 librtmp/2.3 Host: 192.168.122.14:9292 Accept: */* X-Auth-Token: 16afc976-4dfa-4175-a7ea-ec8446f636b3 HTTP/1.1 500 Internal Server Error Content-Type: text/plain Content-Length: 1386 Date: Wed, 01 Feb 2012 16:42:07 GMT Connection: close Traceback (most recent call last): File /usr/lib/python2.7/dist-packages/eventlet/wsgi.py, line 336, in handle_one_response result = self.application(self.environ, start_response) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 147, in __call__ resp = self.call_func(req, *args, **self.kwargs) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 208, in call_func return self.func(req, *args, **kwargs) File /usr/lib/python2.7/dist-packages/glance/common/wsgi.py, line 113, in __call__ response = req.get_response(self.application) File /usr/lib/python2.7/dist-packages/webob/request.py, line 1053, in get_response application, catch_exc_info=False) File /usr/lib/python2.7/dist-packages/webob/request.py, line 1022, in call_application app_iter = application(self.environ, start_response) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 147, in __call__ resp = self.call_func(req, *args, **self.kwargs) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 208, in call_func return self.func(req, *args, **kwargs) File /usr/lib/python2.7/dist-packages/glance/common/wsgi.py, line 110, in __call__ response = self.process_request(req) File /usr/lib/python2.7/dist-packages/glance/common/context.py, line 104, in process_request raise exception.NotAuthorized() NotAuthorized: None * Closing connection #0 root@server3:/etc/nova# My glance-api.conf looks http://pastebin.com/1pqVKZkV Thanks Paras. On Wed, Feb 1, 2012 at 10:40 AM, Jay Pipes jaypi...@gmail.com wrote: Sorry about that... should have been v1 not v2 :) -jay On 02/01/2012 11:29 AM, Paras pradhan wrote: Got this -- root@server3:/etc/nova# curl -v -H X-Auth-Token: 16afc976-4dfa-4175-a7ea-ec8446f636b3 192.168.122.14:9292/v2/images * About to connect() to 192.168.122.14 port 9292 (#0) * Trying 192.168.122.14... connected * Connected to 192.168.122.14 (192.168.122.14) port 9292 (#0) GET /v2/images HTTP/1.1 User-Agent: curl/7.21.6 (x86_64-pc-linux-gnu) libcurl/7.21.6 OpenSSL/1.0.0e zlib/1.2.3.4 libidn/1.22
Re: [Openstack] Glance and Keystone
Sorry about that... should have been v1 not v2 :) -jay On 02/01/2012 11:29 AM, Paras pradhan wrote: Got this -- root@server3:/etc/nova# curl -v -H X-Auth-Token: 16afc976-4dfa-4175-a7ea-ec8446f636b3 192.168.122.14:9292/v2/images * About to connect() to 192.168.122.14 port 9292 (#0) * Trying 192.168.122.14... connected * Connected to 192.168.122.14 (192.168.122.14) port 9292 (#0) GET /v2/images HTTP/1.1 User-Agent: curl/7.21.6 (x86_64-pc-linux-gnu) libcurl/7.21.6 OpenSSL/1.0.0e zlib/1.2.3.4 libidn/1.22 librtmp/2.3 Host: 192.168.122.14:9292 Accept: */* X-Auth-Token: 16afc976-4dfa-4175-a7ea-ec8446f636b3 HTTP/1.1 300 Multiple Choices Content-Type: application/json Content-Length: 216 Date: Wed, 01 Feb 2012 16:29:25 GMT * Connection #0 to host 192.168.122.14 left intact * Closing connection #0 {versions: [{status: CURRENT, id: v1.1, links: [{href: http://0.0.0.0:9292/v1/;, rel: self}]}, {status: SUPPORTED, id: v1.0, links: [{href: http://0.0.0.0:9292/v1/;, rel: self}]}]} -- Paras. On Wed, Feb 1, 2012 at 10:22 AM, Jay Pipesjaypi...@gmail.com wrote: If you do: curl -v -H X-Auth-Token: 16afc976-4dfa-4175-a7ea-ec8446f636b3 GLANCE_API_HOST:GLANCE_API_PORT/v2/images What is returned? -jay On 02/01/2012 11:19 AM, Paras pradhan wrote: Didn't work here is the o/p root@server3:~# glance -A 16afc976-4dfa-4175-a7ea-ec8446f636b3 details Failed to show details. Got error: Internal Server error: Traceback (most recent call last): File /usr/lib/python2.7/dist-packages/eventlet/wsgi.py, line 336, in handle_one_response result = self.application(self.environ, start_response) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 147, in __call__ resp = self.call_func(req, *args, **self.kwargs) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 208, in call_func return self.func(req, *args, **kwargs) File /usr/lib/python2.7/dist-packages/glance/common/wsgi.py, line 113, in __call__ response = req.get_response(self.application) File /usr/lib/python2.7/dist-packages/webob/request.py, line 1053, in get_response application, catch_exc_info=False) File /usr/lib/python2.7/dist-packages/webob/request.py, line 1022, in call_application app_iter = application(self.environ, start_response) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 147, in __call__ resp = self.call_func(req, *args, **self.kwargs) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 208, in call_func return self.func(req, *args, **kwargs) File /usr/lib/python2.7/dist-packages/glance/common/wsgi.py, line 110, in __call__ response = self.process_request(req) File /usr/lib/python2.7/dist-packages/glance/common/context.py, line 104, in process_request raise exception.NotAuthorized() NotAuthorized: None root@server3:~# Thanks Paras. On Tue, Jan 31, 2012 at 6:23 PM, Jay Pipesjaypi...@gmail.comwrote: On 01/31/2012 06:00 PM, Paras pradhan wrote: Hi, How do I check if glance is working with keystone? This is what I've done so far and getting errors # glance -A details 16afc976-4dfa-4175-a7ea-ec8446f636b3 Needs to be: glance -A 16afc976-4dfa-4175-a7ea-ec8446f636b3 details Cheers! -jay ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Glance and Keystone
I think Jay gave you the wrong command to try, he probably meant: (notice the v2 changed to v1.1) curl -v -H X-Auth-Token: 16afc976-4dfa-4175-a7ea-ec8446f636b3 GLANCE_API_HOST:GLANCE_API_PORT/v1.1/images Thanks, Kiall On Wed, Feb 1, 2012 at 4:29 PM, Paras pradhan pradhanpa...@gmail.comwrote: Got this -- root@server3:/etc/nova# curl -v -H X-Auth-Token: 16afc976-4dfa-4175-a7ea-ec8446f636b3 192.168.122.14:9292/v2/images * About to connect() to 192.168.122.14 port 9292 (#0) * Trying 192.168.122.14... connected * Connected to 192.168.122.14 (192.168.122.14) port 9292 (#0) GET /v2/images HTTP/1.1 User-Agent: curl/7.21.6 (x86_64-pc-linux-gnu) libcurl/7.21.6 OpenSSL/1.0.0e zlib/1.2.3.4 libidn/1.22 librtmp/2.3 Host: 192.168.122.14:9292 Accept: */* X-Auth-Token: 16afc976-4dfa-4175-a7ea-ec8446f636b3 HTTP/1.1 300 Multiple Choices Content-Type: application/json Content-Length: 216 Date: Wed, 01 Feb 2012 16:29:25 GMT * Connection #0 to host 192.168.122.14 left intact * Closing connection #0 {versions: [{status: CURRENT, id: v1.1, links: [{href: http://0.0.0.0:9292/v1/;, rel: self}]}, {status: SUPPORTED, id: v1.0, links: [{href: http://0.0.0.0:9292/v1/;, rel: self}]}]} -- Paras. On Wed, Feb 1, 2012 at 10:22 AM, Jay Pipes jaypi...@gmail.com wrote: If you do: curl -v -H X-Auth-Token: 16afc976-4dfa-4175-a7ea-ec8446f636b3 GLANCE_API_HOST:GLANCE_API_PORT/v2/images What is returned? -jay On 02/01/2012 11:19 AM, Paras pradhan wrote: Didn't work here is the o/p root@server3:~# glance -A 16afc976-4dfa-4175-a7ea-ec8446f636b3 details Failed to show details. Got error: Internal Server error: Traceback (most recent call last): File /usr/lib/python2.7/dist-packages/eventlet/wsgi.py, line 336, in handle_one_response result = self.application(self.environ, start_response) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 147, in __call__ resp = self.call_func(req, *args, **self.kwargs) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 208, in call_func return self.func(req, *args, **kwargs) File /usr/lib/python2.7/dist-packages/glance/common/wsgi.py, line 113, in __call__ response = req.get_response(self.application) File /usr/lib/python2.7/dist-packages/webob/request.py, line 1053, in get_response application, catch_exc_info=False) File /usr/lib/python2.7/dist-packages/webob/request.py, line 1022, in call_application app_iter = application(self.environ, start_response) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 147, in __call__ resp = self.call_func(req, *args, **self.kwargs) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 208, in call_func return self.func(req, *args, **kwargs) File /usr/lib/python2.7/dist-packages/glance/common/wsgi.py, line 110, in __call__ response = self.process_request(req) File /usr/lib/python2.7/dist-packages/glance/common/context.py, line 104, in process_request raise exception.NotAuthorized() NotAuthorized: None root@server3:~# Thanks Paras. On Tue, Jan 31, 2012 at 6:23 PM, Jay Pipesjaypi...@gmail.com wrote: On 01/31/2012 06:00 PM, Paras pradhan wrote: Hi, How do I check if glance is working with keystone? This is what I've done so far and getting errors # glance -A details 16afc976-4dfa-4175-a7ea-ec8446f636b3 Needs to be: glance -A 16afc976-4dfa-4175-a7ea-ec8446f636b3 details Cheers! -jay ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Single Network Interface Configuration
You can do it with one network, although it is more difficult to setup. You probably want to trunk a bunch of vlans and manually create one vlan interface to use for the native stuff. For example, designate eth0 as your vlan_interface, but manually create vlan10 and specify vlan10 as your public_interface. Use the ip on vlan10 as --my_ip Vish On Feb 1, 2012, at 6:11 AM, Leander Bessa wrote: Hello, Up until now i have followed various configuration for openstack. What i failed to notice was that all those configurations assumed there were two network interfaces available on my system. Unfortunately, i have only one network interface available per machine. My question now is, can i still use VLAN for inter-instance communication or do i need to use a different network setup? Regards, Leander ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Swift Consistency Guarantees?
Mark Nottingham wrote: On 31/01/2012, at 2:48 PM, andi abes wrote: The current semantics allow you to do 1) the the most recent cached copy, using the http caching mechanism. This will ignore any updates to the swift cluster, as long as the cache is not stale 2) get a recent copy from swift (when setting no cache) 3) do a quorum call on all the storage nodes to get the most accurate answer swift can provide. You're proposing that 2 3 are the same, since they're both different than 1. But their performance implications on 2 3 are quite different. Effectively. My point, however, is that inventing new mechanisms -- especially new headers -- should be avoided if possible, as they generally cause more trouble than they're worth. Is there really a use case for #2 being distinct from #3? If there is, it'd be better expressed as a new Cache-Control request directive (e.g., Cache-Control: authoritative), next time things get revised. Anyway, not a big deal, as it's already out there. On a purely functional analysis you are correct. But my preferences in API design are that options are to be used for things that are optional. A distinct function, like check for most recent version, Should be a distinct command. Otherwise the verb ends up being meaningless and the options become the real verb. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] LXC Volumes - FFE
Hi, https://blueprints.launchpad.net/nova/+spec/lxc-volumes I am asking for a FFE for adding LXC volume support. I realize that this feature is pretty late in the development cycle, but it has been well tested and it is a relatively simple change. If you have any questions please let me know. Regards chuck ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] FW: dashboard in oneric
On 02/01/2012 07:27 AM, George Mihaiescu wrote: I hope that any of the Dashboard developers can provide instructions on how to install Dashboard from a milestone-release source code (Essex2 or Essex3) while using MySQL for DB and Apache2 as the web server, AND NOT by using virtual-env + sqlite. I don't know about essex-2, but essex-3 should work reasonably well. If you don't like virtual-env, don't use it and use pip to directly install the appropriate dependencies. You can specify the use of MySQL in the local settings file, and if you prefer Apache2, you can read the general Django setup instructions: https://docs.djangoproject.com/en/1.3/topics/install/#install-apache-and-mod-wsgi ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] LXC Volumes - FFE
+1 from me. changes are pretty minor. On Feb 1, 2012, at 10:14 AM, Devin Carlen wrote: +1! On Wednesday, February 1, 2012 at 9:54 AM, Chuck Short wrote: Hi, https://blueprints.launchpad.net/nova/+spec/lxc-volumes I am asking for a FFE for adding LXC volume support. I realize that this feature is pretty late in the development cycle, but it has been well tested and it is a relatively simple change. If you have any questions please let me know. Regards chuck ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] nova-manage network create + Essex-3 + Quantum : not working
Hi guys ! Were having an issue with nova-manage trying to create a network on quatum authenticating with keystone, detailed here : Detailed question here: https://answers.launchpad.net/quantum/+question/186541 Regards! Lean ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Remove Zones code - FFE
As part of the new (and optional) Zones code coming down the pipe, part of this is to remove the old Zones implementation. More info in the merge prop: https://review.openstack.org/#change,3629 So, can I? can I? Huh? ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Remove Zones code - FFE
I would prefer that if it can be done super-super fast. :) Vish On Feb 1, 2012, at 1:04 PM, Chris Behrens wrote: I wonder if we can use some of the architecture of the new code and move the current implementation to that model. It'd preserve the existing functionality, set us up for the new implementation, and fits in with 'cleanup' for E4, etc. On Feb 1, 2012, at 2:41 PM, Vishvananda Ishaya vishvana...@gmail.com wrote: I am all for pulling this out, but I'm a bit concerned with the fact that we have nothing to replace it with. There are some groups still trying to use it. MercadoLibre is trying to use it for example. I know you guys are trying to replace this with something better, but it would be nice not to break people for 7+ months So I guess I have some questions: 1.a) is the current implementation completely broken? 1.b) if yes, is it fixable 2) If we do remove this, what can we tell people that need something like zones between now and the Folsom release? Vish On Feb 1, 2012, at 12:16 PM, Sandy Walsh wrote: As part of the new (and optional) Zones code coming down the pipe, part of this is to remove the old Zones implementation. More info in the merge prop: https://review.openstack.org/#change,3629 So, can I? can I? Huh? ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Remove Zones code - FFE
+1 On Feb 1, 2012 4:13 PM, Vishvananda Ishaya vishvana...@gmail.com wrote: I would prefer that if it can be done super-super fast. :) Vish On Feb 1, 2012, at 1:04 PM, Chris Behrens wrote: I wonder if we can use some of the architecture of the new code and move the current implementation to that model. It'd preserve the existing functionality, set us up for the new implementation, and fits in with 'cleanup' for E4, etc. On Feb 1, 2012, at 2:41 PM, Vishvananda Ishaya vishvana...@gmail.com wrote: I am all for pulling this out, but I'm a bit concerned with the fact that we have nothing to replace it with. There are some groups still trying to use it. MercadoLibre is trying to use it for example. I know you guys are trying to replace this with something better, but it would be nice not to break people for 7+ months So I guess I have some questions: 1.a) is the current implementation completely broken? 1.b) if yes, is it fixable 2) If we do remove this, what can we tell people that need something like zones between now and the Folsom release? Vish On Feb 1, 2012, at 12:16 PM, Sandy Walsh wrote: As part of the new (and optional) Zones code coming down the pipe, part of this is to remove the old Zones implementation. More info in the merge prop: https://review.openstack.org/#change,3629 So, can I? can I? Huh? ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Image cache management - FFE
Hi. https://blueprints.launchpad.net/nova/+spec/nova-image-cache-management This change has been in code review for a while (https://review.openstack.org/#change,2902). It didn't make it in before the feature freeze because I got called away and didn't have a chance to address the last few review comments. The change stops the unbounded growth of libvirt image caches on compute nodes, which operators currently have to manually clean up out of band. Thanks, Mikal ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Image cache management - FFE
+1 because: makes administration much easier only affects one driver implemented as a periodic callback and doesn't mess with core code. Vish On Feb 1, 2012, at 1:19 PM, Michael Still wrote: Hi. https://blueprints.launchpad.net/nova/+spec/nova-image-cache-management This change has been in code review for a while (https://review.openstack.org/#change,2902). It didn't make it in before the feature freeze because I got called away and didn't have a chance to address the last few review comments. The change stops the unbounded growth of libvirt image caches on compute nodes, which operators currently have to manually clean up out of band. Thanks, Mikal ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Remove Zones code - FFE
Hi guys. Its true that we are trying to make multizones work, actually we did, but we get into an instance were listing all vms from the parent zone ( where is has to go thru all the child zones ) is buggy ( if not impossible by now ). So, if there is a new zone architecture that actually works ( we want to stop using our own deployer to do that ) or has a chance to be fully working when 2012-1 is out, (we would prefer not to wait till Folsom) we are totally into it ! since by now, we were actually waiting for this new Zones code to come out to try again. Alejandro. On 02/01/2012 06:17 PM, Nathanael Burton wrote: +1 On Feb 1, 2012 4:13 PM, Vishvananda Ishaya vishvana...@gmail.com mailto:vishvana...@gmail.com wrote: I would prefer that if it can be done super-super fast. :) Vish On Feb 1, 2012, at 1:04 PM, Chris Behrens wrote: I wonder if we can use some of the architecture of the new code and move the current implementation to that model. It'd preserve the existing functionality, set us up for the new implementation, and fits in with 'cleanup' for E4, etc. On Feb 1, 2012, at 2:41 PM, Vishvananda Ishaya vishvana...@gmail.com mailto:vishvana...@gmail.com wrote: I am all for pulling this out, but I'm a bit concerned with the fact that we have nothing to replace it with. There are some groups still trying to use it. MercadoLibre is trying to use it for example. I know you guys are trying to replace this with something better, but it would be nice not to break people for 7+ months So I guess I have some questions: 1.a) is the current implementation completely broken? 1.b) if yes, is it fixable 2) If we do remove this, what can we tell people that need something like zones between now and the Folsom release? Vish On Feb 1, 2012, at 12:16 PM, Sandy Walsh wrote: As part of the new (and optional) Zones code coming down the pipe, part of this is to remove the old Zones implementation. More info in the merge prop: https://review.openstack.org/#change,3629 So, can I? can I? Huh? ___ Mailing list: https://launchpad.net/~openstack https://launchpad.net/%7Eopenstack Post to : openstack@lists.launchpad.net mailto:openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack https://launchpad.net/%7Eopenstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack https://launchpad.net/%7Eopenstack Post to : openstack@lists.launchpad.net mailto:openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack https://launchpad.net/%7Eopenstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack https://launchpad.net/%7Eopenstack Post to : openstack@lists.launchpad.net mailto:openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack https://launchpad.net/%7Eopenstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [FF-Exception request] - Bare-metal provisioning with Tilera tiled-processor back-end
+1 on this. This has been under review for a long time. It is a separate driver, so there aren't risks for existing drivers. I really want to get to robust bare metal support and this moves us in the right direction. Vish On Jan 31, 2012, at 11:59 AM, Mikyung Kang wrote: Hello, I am asking for a Feature-Freeze exception for the blueprint https://blueprints.launchpad.net/nova/+spec/heterogeneous-tilera-architecture-support . This change doesn't touch any core code. Only new connection type is added (nova/virt/connection.py) and nova/virt/baremetal/* nova/tests/baremetal/* are added. Currently this implements bare-metal provisioning with Tilera tiled-processor back-end, but it can be used by other architecture/machine after adding its back-end processing. I have tested these change extensively to make sure it doesn’t break anything. Thanks, Mikyung - Original Message - From: Vish Ishaya vishvana...@gmail.com To: do...@list.east.isi.edu Sent: Monday, January 30, 2012 5:36:24 PM Subject: [DODCS] [Blueprint heterogeneous-tilera-architecture-support] Bare-metal provisioning with Tilera tiled-processor back-end Blueprint changed by Vish Ishaya: Whiteboard changed: - Gerrit topic: https://review.openstack.org/#q,topic:bp/heterogeneous- - tilera-architecture-support,n,z + Gerrit topic: https://review.openstack.org/#q,topic:bp/heterogeneous-tilera-architecture-support,n,z Addressed by: https://review.openstack.org/1402 Implements blueprint heterogeneous-tilera-architecture-support -- Bare-metal provisioning with Tilera tiled-processor back-end https://blueprints.launchpad.net/nova/+spec/heterogeneous-tilera-architecture-support ___ DODCS mailing list do...@mailman.isi.edu http://mailman.isi.edu/mailman/listinfo/dodcs ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Glance and Keystone
I think i found the problem Added/Edited the following to glance-api.conf pipeline = authtoken keystone_shim registryapp and pipeline = versionnegotiation authtoken keystone_shim apiv1app to glance-registry.conf I am not geeting any errors now. Paras. On Wed, Feb 1, 2012 at 11:06 AM, Paras pradhan pradhanpa...@gmail.com wrote: So this one? -- root@server3:/home/localadmin/creds# curl -v -H X-Auth-Token: 16afc976-4dfa-4175-a7ea-ec8446f636b3 192.168.122.14:9292/v1.1/images * About to connect() to 192.168.122.14 port 9292 (#0) * Trying 192.168.122.14... connected * Connected to 192.168.122.14 (192.168.122.14) port 9292 (#0) GET /v1.1/images HTTP/1.1 User-Agent: curl/7.21.6 (x86_64-pc-linux-gnu) libcurl/7.21.6 OpenSSL/1.0.0e zlib/1.2.3.4 libidn/1.22 librtmp/2.3 Host: 192.168.122.14:9292 Accept: */* X-Auth-Token: 16afc976-4dfa-4175-a7ea-ec8446f636b3 HTTP/1.1 300 Multiple Choices Content-Type: application/json Content-Length: 216 Date: Wed, 01 Feb 2012 17:06:19 GMT * Connection #0 to host 192.168.122.14 left intact * Closing connection #0 {versions: [{status: CURRENT, id: v1.1, links: [{href: http://0.0.0.0:9292/v1/;, rel: self}]}, {status: SUPPORTED, id: v1.0, links: [{href: http://0.0.0.0:9292/v1/;, rel: self}]}]} -- Paras. On Wed, Feb 1, 2012 at 10:52 AM, Kiall Mac Innes ki...@managedit.ie wrote: I think Jay gave you the wrong command to try, he probably meant: (notice the v2 changed to v1.1) curl -v -H X-Auth-Token: 16afc976-4dfa-4175-a7ea-ec8446f636b3 GLANCE_API_HOST:GLANCE_API_PORT/v1.1/images Thanks, Kiall On Wed, Feb 1, 2012 at 4:29 PM, Paras pradhan pradhanpa...@gmail.com wrote: Got this -- root@server3:/etc/nova# curl -v -H X-Auth-Token: 16afc976-4dfa-4175-a7ea-ec8446f636b3 192.168.122.14:9292/v2/images * About to connect() to 192.168.122.14 port 9292 (#0) * Trying 192.168.122.14... connected * Connected to 192.168.122.14 (192.168.122.14) port 9292 (#0) GET /v2/images HTTP/1.1 User-Agent: curl/7.21.6 (x86_64-pc-linux-gnu) libcurl/7.21.6 OpenSSL/1.0.0e zlib/1.2.3.4 libidn/1.22 librtmp/2.3 Host: 192.168.122.14:9292 Accept: */* X-Auth-Token: 16afc976-4dfa-4175-a7ea-ec8446f636b3 HTTP/1.1 300 Multiple Choices Content-Type: application/json Content-Length: 216 Date: Wed, 01 Feb 2012 16:29:25 GMT * Connection #0 to host 192.168.122.14 left intact * Closing connection #0 {versions: [{status: CURRENT, id: v1.1, links: [{href: http://0.0.0.0:9292/v1/;, rel: self}]}, {status: SUPPORTED, id: v1.0, links: [{href: http://0.0.0.0:9292/v1/;, rel: self}]}]} -- Paras. On Wed, Feb 1, 2012 at 10:22 AM, Jay Pipes jaypi...@gmail.com wrote: If you do: curl -v -H X-Auth-Token: 16afc976-4dfa-4175-a7ea-ec8446f636b3 GLANCE_API_HOST:GLANCE_API_PORT/v2/images What is returned? -jay On 02/01/2012 11:19 AM, Paras pradhan wrote: Didn't work here is the o/p root@server3:~# glance -A 16afc976-4dfa-4175-a7ea-ec8446f636b3 details Failed to show details. Got error: Internal Server error: Traceback (most recent call last): File /usr/lib/python2.7/dist-packages/eventlet/wsgi.py, line 336, in handle_one_response result = self.application(self.environ, start_response) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 147, in __call__ resp = self.call_func(req, *args, **self.kwargs) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 208, in call_func return self.func(req, *args, **kwargs) File /usr/lib/python2.7/dist-packages/glance/common/wsgi.py, line 113, in __call__ response = req.get_response(self.application) File /usr/lib/python2.7/dist-packages/webob/request.py, line 1053, in get_response application, catch_exc_info=False) File /usr/lib/python2.7/dist-packages/webob/request.py, line 1022, in call_application app_iter = application(self.environ, start_response) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 147, in __call__ resp = self.call_func(req, *args, **self.kwargs) File /usr/lib/python2.7/dist-packages/webob/dec.py, line 208, in call_func return self.func(req, *args, **kwargs) File /usr/lib/python2.7/dist-packages/glance/common/wsgi.py, line 110, in __call__ response = self.process_request(req) File /usr/lib/python2.7/dist-packages/glance/common/context.py, line 104, in process_request raise exception.NotAuthorized() NotAuthorized: None root@server3:~# Thanks Paras. On Tue, Jan 31, 2012 at 6:23 PM, Jay Pipesjaypi...@gmail.com wrote: On 01/31/2012 06:00 PM, Paras pradhan wrote: Hi, How do I check if glance is working with keystone? This is what I've done so far and getting errors # glance -A details 16afc976-4dfa-4175-a7ea-ec8446f636b3 Needs to be: glance -A 16afc976-4dfa-4175-a7ea-ec8446f636b3 details Cheers! -jay ___ Mailing
Re: [Openstack] Remove Zones code - FFE
Sounds pretty good Vish. Since we are mostly deployers, and the ones who are gonna try the new code from day zero, whats good for Sandy, its good for us. Alejandro. On 02/01/2012 06:57 PM, Vishvananda Ishaya wrote: Thanks for the feedback. It is good to get input from one of the largest openstack installs! So it sounds like the existing code is pretty broken. Based on this feedback I would like to propose the following: 1) cut out zones code (meaning merge the existing branch) 2) grant an FFe for the new rpc based zone code as long is it can be merged without heavily modifying core. This means: a) it should be deployable with the feature disabled b) it should only include minor modifications to core components c) if a major change is needed to distributed_scheduler (for example), consider leaving the existing version in, and copying the code to a new file (distributed_scheduler_v2) and doing the modifications there. That way we can minimize chances of breakage d) it needs to be merged by the 15th Does that seem reasonable? Vish On Feb 1, 2012, at 1:42 PM, Alejandro Comisario wrote: Hi guys. Its true that we are trying to make multizones work, actually we did, but we get into an instance were listing all vms from the parent zone ( where is has to go thru all the child zones ) is buggy ( if not impossible by now ). So, if there is a new zone architecture that actually works ( we want to stop using our own deployer to do that ) or has a chance to be fully working when 2012-1 is out, (we would prefer not to wait till Folsom) we are totally into it ! since by now, we were actually waiting for this new Zones code to come out to try again. Alejandro. On 02/01/2012 06:17 PM, Nathanael Burton wrote: +1 On Feb 1, 2012 4:13 PM, Vishvananda Ishaya vishvana...@gmail.com mailto:vishvana...@gmail.com wrote: I would prefer that if it can be done super-super fast. :) Vish On Feb 1, 2012, at 1:04 PM, Chris Behrens wrote: I wonder if we can use some of the architecture of the new code and move the current implementation to that model. It'd preserve the existing functionality, set us up for the new implementation, and fits in with 'cleanup' for E4, etc. On Feb 1, 2012, at 2:41 PM, Vishvananda Ishaya vishvana...@gmail.com mailto:vishvana...@gmail.com wrote: I am all for pulling this out, but I'm a bit concerned with the fact that we have nothing to replace it with. There are some groups still trying to use it. MercadoLibre is trying to use it for example. I know you guys are trying to replace this with something better, but it would be nice not to break people for 7+ months So I guess I have some questions: 1.a) is the current implementation completely broken? 1.b) if yes, is it fixable 2) If we do remove this, what can we tell people that need something like zones between now and the Folsom release? Vish On Feb 1, 2012, at 12:16 PM, Sandy Walsh wrote: As part of the new (and optional) Zones code coming down the pipe, part of this is to remove the old Zones implementation. More info in the merge prop: https://review.openstack.org/#change,3629 So, can I? can I? Huh? ___ Mailing list: https://launchpad.net/~openstack https://launchpad.net/%7Eopenstack Post to : openstack@lists.launchpad.net mailto:openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack https://launchpad.net/%7Eopenstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack https://launchpad.net/%7Eopenstack Post to : openstack@lists.launchpad.net mailto:openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack https://launchpad.net/%7Eopenstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack https://launchpad.net/%7Eopenstack Post to : openstack@lists.launchpad.net mailto:openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack https://launchpad.net/%7Eopenstack More help : https://help.launchpad.net/ListHelp ___ Mailing list:https://launchpad.net/~openstack Post to :openstack@lists.launchpad.net Unsubscribe :https://launchpad.net/~openstack More help :https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack https://launchpad.net/%7Eopenstack Post to : openstack@lists.launchpad.net mailto:openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack https://launchpad.net/%7Eopenstack
[Openstack] euca2ools
Hi, Is this the correct command to add to keystone in order for euca2ools to work? keystone-manage credentials add adminUser EC2 'secretword' adminTenant This is what I am getting when i list credentials -- root@server3:~# keystone-manage credentials list ERROR: 'NoneType' object has no attribute 'name' Traceback (most recent call last): File /usr/bin/keystone-manage, line 16, in module keystone.manage.main() File /usr/lib/python2.7/dist-packages/keystone/manage/__init__.py, line 286, in main raise exc AttributeError: 'NoneType' object has no attribute 'name' root@server3:~# -- Thanks Paras. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Remove Zones code - FFE
Understood, timing is everything. I'll let Chris talk about expected timing for the replacement. From a deployers side, nothing would really change, just some configuration options ... but a replacement should be available. I'm sure we could get it working pretty easily. The Keystone integration was the biggest pita. I can keep this branch fresh with trunk for when we're ready to pull the trigger. -S From: Joshua McKenty [jos...@pistoncloud.com] Sent: Wednesday, February 01, 2012 4:45 PM To: Vishvananda Ishaya Cc: Sandy Walsh; openstack@lists.launchpad.net Subject: Re: [Openstack] Remove Zones code - FFE +1 to Vish's points. I know there are some folks coming online in the Folsom timeline that can help out with the new stuff, but this feels a bit like going backwards. -- Joshua McKenty, CEO Piston Cloud Computing, Inc. w: (650) 24-CLOUD m: (650) 283-6846 http://www.pistoncloud.com Oh, Westley, we'll never survive! Nonsense. You're only saying that because no one ever has. On Wednesday, February 1, 2012 at 12:41 PM, Vishvananda Ishaya wrote: I am all for pulling this out, but I'm a bit concerned with the fact that we have nothing to replace it with. There are some groups still trying to use it. MercadoLibre is trying to use it for example. I know you guys are trying to replace this with something better, but it would be nice not to break people for 7+ months So I guess I have some questions: 1.a) is the current implementation completely broken? 1.b) if yes, is it fixable 2) If we do remove this, what can we tell people that need something like zones between now and the Folsom release? Vish On Feb 1, 2012, at 12:16 PM, Sandy Walsh wrote: As part of the new (and optional) Zones code coming down the pipe, part of this is to remove the old Zones implementation. More info in the merge prop: https://review.openstack.org/#change,3629 So, can I? can I? Huh? ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Nova] Essex dead wood cutting
What kind of support from MS is needed to support Hyper-V in Openstack? From: openstack-bounces+sriram=computenext@lists.launchpad.net [mailto:openstack-bounces+sriram=computenext@lists.launchpad.net] On Behalf Of Rangababu Chakravarthula Sent: Wednesday, February 01, 2012 6:17 AM To: Wayne Walls Cc: openstack@lists.launchpad.net Subject: Re: [Openstack] [Nova] Essex dead wood cutting We use Ubuntu KVM + Libivrt and have helped several clients build private clouds and all of them are using Windows guests (Win 2003, Win 2008, Win 7). For all the issues that we had with windows guests on KVM, we had to figure out ourselves or get help from kvm community forums. MS would only support if you use Windows 2008 Datacenter or other commercial certified hypervisors Ranga On Sat, Jan 28, 2012 at 3:32 PM, Wayne Walls wa...@openstack.orgmailto:wa...@openstack.org wrote: Greetings, Tim! Took a quick stab, answers/comments in-line. Cheers, Wayne On 1/28/12 2:34 PM, Tim Bell tim.b...@cern.chmailto:tim.b...@cern.ch wrote: With the Hyper-V support being phased out, I would be interested to understand: - What hypervisors are being used for running Windows guests (both Windows 7 and Windows Server) on top of OpenStack ? The quick and dirty answer is KVM, and somewhere along the lines we'll see Citrix XenServer join the race (hopefully sooner rather than later :)). Plug for XenServer: http://wiki.openstack.org/XenServerDevelopment -- maybe Ewan/Anne has an update for when we'll see full blown XenServer+OpenStack install guides? - To what extent will Microsoft support problems reported with a Windows guest running on a non-Microsoft hypervisor ? I think this is a much harder question to answer, as in the past (http://www.redhat.com/promo/svvp) there has been a reciprocal agreement between RedHat and MS to support each others efforts on their own respective virtualization platforms. Seeing that a) Ubuntu+KVM/libvirt is the current standard, and b) RedHat is not actively participating in the OpenStack community it leaves us with a big question mark. Any companies out there that are running KVM clouds w/ Windows care to address this? Do you have customers that want to know how upstream KVM issues are handled? Citrix and Microsoft on the other hand have a fairly long standing partnership, so anything MS products running on XenServer should see a clear escalation path I'd think. - Are there other sites who are affected by this proposal who would be willing to invest effort to maintain the Hyper-V support ? Is there a group that has taken ownership of this? I know that Jordan Rinke (Rackspace), Alex Landman and Peter Pouliot (Novell MS Interop Lab @ SUSE) spent a lot of time on Hyper-V in the Bexar/Cactus releases. They made pretty significant strides in that period, but the progress has since subsided. With the latest movement in the Hyper-V arena, especially around them trying to get full Ubuntu and Debian support in there, does that mean it's less and less likely MS will support their products or competing HV's? Tim Bell CERN -Original Message- From: openstack-bounces+tim.bell=cern...@lists.launchpad.netmailto:cern...@lists.launchpad.net [mailto:openstack-bounces+tim.bellmailto:openstack-bounces%2Btim.bell=cern...@lists.launchpad.netmailto:cern...@lists.launchpad.net] On Behalf Of Sandy Walsh Sent: 27 January 2012 16:45 To: Thierry Carrez; openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net Subject: Re: [Openstack] [Nova] Essex dead wood cutting I'll be taking the existing Zones code out of API and Distributed Scheduler. The new Zones infrastructure is an optional component. -S From: openstack-bounces+sandy.walsh=rackspace@lists.launchpad.netmailto:rackspace@lists.launchpad.net [openstack-bounces+sandy.walsh=rackspace@lists.launchpad.netmailto:rackspace@lists.launchpad.net] on behalf of Thierry Carrez [thie...@openstack.orgmailto:thie...@openstack.org] Sent: Friday, January 27, 2012 11:23 AM To: openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net Subject: [Openstack] [Nova] Essex dead wood cutting Just as Nova enters feature freeze, it sounds like a good moment to consider removing deprecated, known-buggy-and-unmaintained or useless feature code from the Essex tree. Here are my suggestions for removal: - Ajaxterm (unmaintained, security issues, replaced by VNC console) - Hyper-V support (known broken and unmaintained) I'm sure that everyone has suggestions on other dead wood that we should cut now rather than ship in Essex... please comment. -- Thierry Carrez (ttx) Release Manager, OpenStack ___ Mailing list: https://launchpad.net/~openstackhttps://launchpad.net/%7Eopenstack Post to : openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstackhttps://launchpad.net/%7Eopenstack
[Openstack] Capture of the Keystone/LDAP Role discussion
As part of the effort to get LDAP support into Keystone Light, we had a bit of a design discussion on IRC. The discussion focused on Roles, and I would like to sum up what was said in that discussion. When we talk about Roles, we mean the permissions a given user has in a given tenant. As such, it is a three way relationship, and LDAP does not handle those well. Group member ship is done using a multivalued attribute, such that a Group has a list of users in an attribute named members.This cannot be extended to roles directly, as the attribute would have to hold two values: the user, and the role. One proposal was to do just that: to append the role name on to the user name, and them as a single string inside a single attribute. A drawback to this approach is that the LDAP rules have no way of enforcing that the values placed into the concatenated string are valid values. Another drawback is that the parsing of the string is then placed on the system that consumes the roles. Groups can be containers of other objects. As such, another alternative is to put a collection of roles under the tenant group, and then to add the user names to each of the roles.The drawback to this approach is that the tenant then becomes a subtree, and the management of subtrees is more involved in LDAP than the management of single objects. / /Roles tend to map to permissions on external objects. For example, a role might indicate that a given user can create a new network inside of quantum, or deploy a new template image into glance. If the set of roles is known a-priori, they could be done as a set of attributes on the tenant group. The drawback with this approach is that making changes to the LDAP schema after deployment is generally not allowed in large organizations, so adding a new role would be impossible/. If the objects being managed were entirely within the Directory Server, one possible solution would be to use the Directory servers access controls to manage who could do what. For example, in order for a user to be able to create a new network, they wound need write access to the networks collection for their tenancy. The reason we cannot do that is that many of the objects are maintained in external databases, and not in the directory server. Plus, the access controls for LDAP are not guaranteed to be consistent across different LDAP management systems. / One point that came up repeatedly is that different organizations are going to have very different LDAP structures, and the Keystone architecture would ideally be flexible enough to map to what any given organization has implemented, albeit with some customization. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Swift S3 with Keystone anyone?
Hello: Does anyone happen to have Swift running with S3 and Keystone? If yes, send me the proxy-server.conf, please. Also, I'd like to ask a few questions, if I may. I tried to piece it together from the code, but failed. The authentication is done with a special hook into Keystone. It supplies middleware, keystone/keystone/middleware/s3_token.py, which invokes a POST to v2 Keysone with OS-KSS3:s3Credentials, then sets a req. header X-Auth-Token. So far so good. However, how does it fit in with Swift? The actual S3 operations are implemented by swift/common/middleware/swift3.py, which rolls up the canonical string, then stuffs it into env['HTTP_X_AUTH_TOKEN']. The intent is, as I understand, to invoke the special purpose code in tempauth and thus is useless for Keystone. So, how is this supposed to work? I imagine the pipeline should look something like this: [pipeline:main] pipeline = healthcheck cache s3auth swift3 proxy-server [filter:s3auth] use = egg:keystone#swiftauth service_protocol = http service_host = 192.168.129.18 service_port = 5000 [filter:swift3] use = egg:swift#swift3 Except... There is no entry point for s3_auth in keystone egg. Documentation seems to be absent. I suppose I could put it together, if I got it all working at least once. Confused, -- Pete ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Swift S3 with Keystone anyone?
I would love to know more about this topic too. push Hugo Kuo 2012/2/2 Pete Zaitcev zait...@redhat.com Hello: Does anyone happen to have Swift running with S3 and Keystone? If yes, send me the proxy-server.conf, please. Also, I'd like to ask a few questions, if I may. I tried to piece it together from the code, but failed. The authentication is done with a special hook into Keystone. It supplies middleware, keystone/keystone/middleware/s3_token.py, which invokes a POST to v2 Keysone with OS-KSS3:s3Credentials, then sets a req. header X-Auth-Token. So far so good. However, how does it fit in with Swift? The actual S3 operations are implemented by swift/common/middleware/swift3.py, which rolls up the canonical string, then stuffs it into env['HTTP_X_AUTH_TOKEN']. The intent is, as I understand, to invoke the special purpose code in tempauth and thus is useless for Keystone. So, how is this supposed to work? I imagine the pipeline should look something like this: [pipeline:main] pipeline = healthcheck cache s3auth swift3 proxy-server [filter:s3auth] use = egg:keystone#swiftauth service_protocol = http service_host = 192.168.129.18 service_port = 5000 [filter:swift3] use = egg:swift#swift3 Except... There is no entry point for s3_auth in keystone egg. Documentation seems to be absent. I suppose I could put it together, if I got it all working at least once. Confused, -- Pete ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp -- +Hugo Kuo+ tonyt...@gmail.com hugo@cloudena.com +886-935-004-793 www.cloudena.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Remove Zones code - FFE
I talked with chris a bit offline, and I'm a little concerned that we will be pushing too hard to try and get this into a working state by Essex. I think even if we to slam it in we will be faced with bugs that will make the essex version potentially as broken as the current zones code is. It is probably much more reasonable to target F1 as a delivery date for this feature. Alejandro, is your team ok with deploying milestone releases? I know it would take a lot of pressure off of Chris, Sandy, et. al. since they are trying to meet some pretty hard delivery dates as it is. Vish On Feb 1, 2012, at 3:44 PM, Alejandro Comisario wrote: Sounds pretty good Vish. Since we are mostly deployers, and the ones who are gonna try the new code from day zero, whats good for Sandy, its good for us. Alejandro. On 02/01/2012 06:57 PM, Vishvananda Ishaya wrote: Thanks for the feedback. It is good to get input from one of the largest openstack installs! So it sounds like the existing code is pretty broken. Based on this feedback I would like to propose the following: 1) cut out zones code (meaning merge the existing branch) 2) grant an FFe for the new rpc based zone code as long is it can be merged without heavily modifying core. This means: a) it should be deployable with the feature disabled b) it should only include minor modifications to core components c) if a major change is needed to distributed_scheduler (for example), consider leaving the existing version in, and copying the code to a new file (distributed_scheduler_v2) and doing the modifications there. That way we can minimize chances of breakage d) it needs to be merged by the 15th Does that seem reasonable? Vish On Feb 1, 2012, at 1:42 PM, Alejandro Comisario wrote: Hi guys. Its true that we are trying to make multizones work, actually we did, but we get into an instance were listing all vms from the parent zone ( where is has to go thru all the child zones ) is buggy ( if not impossible by now ). So, if there is a new zone architecture that actually works ( we want to stop using our own deployer to do that ) or has a chance to be fully working when 2012-1 is out, (we would prefer not to wait till Folsom) we are totally into it ! since by now, we were actually waiting for this new Zones code to come out to try again. Alejandro. On 02/01/2012 06:17 PM, Nathanael Burton wrote: +1 On Feb 1, 2012 4:13 PM, Vishvananda Ishaya vishvana...@gmail.com wrote: I would prefer that if it can be done super-super fast. :) Vish On Feb 1, 2012, at 1:04 PM, Chris Behrens wrote: I wonder if we can use some of the architecture of the new code and move the current implementation to that model. It'd preserve the existing functionality, set us up for the new implementation, and fits in with 'cleanup' for E4, etc. On Feb 1, 2012, at 2:41 PM, Vishvananda Ishaya vishvana...@gmail.com wrote: I am all for pulling this out, but I'm a bit concerned with the fact that we have nothing to replace it with. There are some groups still trying to use it. MercadoLibre is trying to use it for example. I know you guys are trying to replace this with something better, but it would be nice not to break people for 7+ months So I guess I have some questions: 1.a) is the current implementation completely broken? 1.b) if yes, is it fixable 2) If we do remove this, what can we tell people that need something like zones between now and the Folsom release? Vish On Feb 1, 2012, at 12:16 PM, Sandy Walsh wrote: As part of the new (and optional) Zones code coming down the pipe, part of this is to remove the old Zones implementation. More info in the merge prop: https://review.openstack.org/#change,3629 So, can I? can I? Huh? ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net
Re: [Openstack] [Nova] Essex dead wood cutting
We don't need support from microsoft specifically. What we need is one or more companies committed to: a) actually using the Hyper-V driver b) writing tests and fakes so that the existing functionality doesn't break c) providing test hardware and jenkins integration for functional testing d) adding new features to get the feature set closer to the level of the other drivers The existing hyper-v code has been removed for Essex, but I would be more than happy to see it come back in Folsom if we can get some commitment around the above list. Vish On Feb 1, 2012, at 5:49 PM, Sriram Subramanian wrote: What kind of support from MS is needed to support Hyper-V in Openstack? From: openstack-bounces+sriram=computenext@lists.launchpad.net [mailto:openstack-bounces+sriram=computenext@lists.launchpad.net] On Behalf Of Rangababu Chakravarthula Sent: Wednesday, February 01, 2012 6:17 AM To: Wayne Walls Cc: openstack@lists.launchpad.net Subject: Re: [Openstack] [Nova] Essex dead wood cutting We use Ubuntu KVM + Libivrt and have helped several clients build private clouds and all of them are using Windows guests (Win 2003, Win 2008, Win 7). For all the issues that we had with windows guests on KVM, we had to figure out ourselves or get help from kvm community forums. MS would only support if you use Windows 2008 Datacenter or other commercial certified hypervisors Ranga On Sat, Jan 28, 2012 at 3:32 PM, Wayne Walls wa...@openstack.org wrote: Greetings, Tim! Took a quick stab, answers/comments in-line. Cheers, Wayne On 1/28/12 2:34 PM, Tim Bell tim.b...@cern.ch wrote: With the Hyper-V support being phased out, I would be interested to understand: - What hypervisors are being used for running Windows guests (both Windows 7 and Windows Server) on top of OpenStack ? The quick and dirty answer is KVM, and somewhere along the lines we'll see Citrix XenServer join the race (hopefully sooner rather than later :)). Plug for XenServer: http://wiki.openstack.org/XenServerDevelopment -- maybe Ewan/Anne has an update for when we'll see full blown XenServer+OpenStack install guides? - To what extent will Microsoft support problems reported with a Windows guest running on a non-Microsoft hypervisor ? I think this is a much harder question to answer, as in the past (http://www.redhat.com/promo/svvp) there has been a reciprocal agreement between RedHat and MS to support each others efforts on their own respective virtualization platforms. Seeing that a) Ubuntu+KVM/libvirt is the current standard, and b) RedHat is not actively participating in the OpenStack community it leaves us with a big question mark. Any companies out there that are running KVM clouds w/ Windows care to address this? Do you have customers that want to know how upstream KVM issues are handled? Citrix and Microsoft on the other hand have a fairly long standing partnership, so anything MS products running on XenServer should see a clear escalation path I'd think. - Are there other sites who are affected by this proposal who would be willing to invest effort to maintain the Hyper-V support ? Is there a group that has taken ownership of this? I know that Jordan Rinke (Rackspace), Alex Landman and Peter Pouliot (Novell MS Interop Lab @ SUSE) spent a lot of time on Hyper-V in the Bexar/Cactus releases. They made pretty significant strides in that period, but the progress has since subsided. With the latest movement in the Hyper-V arena, especially around them trying to get full Ubuntu and Debian support in there, does that mean it's less and less likely MS will support their products or competing HV's? Tim Bell CERN -Original Message- From: openstack-bounces+tim.bell=cern...@lists.launchpad.net [mailto:openstack-bounces+tim.bell=cern...@lists.launchpad.net] On Behalf Of Sandy Walsh Sent: 27 January 2012 16:45 To: Thierry Carrez; openstack@lists.launchpad.net Subject: Re: [Openstack] [Nova] Essex dead wood cutting I'll be taking the existing Zones code out of API and Distributed Scheduler. The new Zones infrastructure is an optional component. -S From: openstack-bounces+sandy.walsh=rackspace@lists.launchpad.net [openstack-bounces+sandy.walsh=rackspace@lists.launchpad.net] on behalf of Thierry Carrez [thie...@openstack.org] Sent: Friday, January 27, 2012 11:23 AM To: openstack@lists.launchpad.net Subject: [Openstack] [Nova] Essex dead wood cutting Just as Nova enters feature freeze, it sounds like a good moment to consider removing deprecated, known-buggy-and-unmaintained or useless feature code from the Essex tree. Here are my suggestions for removal: - Ajaxterm (unmaintained, security issues, replaced by VNC console) - Hyper-V support (known broken and unmaintained) I'm sure that everyone has suggestions on other dead wood that we should cut now
Re: [Openstack] Capture of the Keystone/LDAP Role discussion
Nice summary. As you said ldap structures are going to vary by company. I am curious if AD has a standard way of dealing with this that we could use. FWIW, the nova deprecated ldap auth code uses subtrees for roles, and yes it is painful, but it might be the way to go if we want something quick and we assume organizations are going to have to write their own version anyway. Vish On Feb 1, 2012, at 7:56 PM, Adam Young wrote: As part of the effort to get LDAP support into Keystone Light, we had a bit of a design discussion on IRC. The discussion focused on Roles, and I would like to sum up what was said in that discussion. When we talk about Roles, we mean the permissions a given user has in a given tenant. As such, it is a three way relationship, and LDAP does not handle those well. Group member ship is done using a multivalued attribute, such that a Group has a list of users in an attribute named members. This cannot be extended to roles directly, as the attribute would have to hold two values: the user, and the role. One proposal was to do just that: to append the role name on to the user name, and them as a single string inside a single attribute. A drawback to this approach is that the LDAP rules have no way of enforcing that the values placed into the concatenated string are valid values. Another drawback is that the parsing of the string is then placed on the system that consumes the roles. Groups can be containers of other objects. As such, another alternative is to put a collection of roles under the tenant group, and then to add the user names to each of the roles.The drawback to this approach is that the tenant then becomes a subtree, and the management of subtrees is more involved in LDAP than the management of single objects. Roles tend to map to permissions on external objects. For example, a role might indicate that a given user can create a new network inside of quantum, or deploy a new template image into glance. If the set of roles is known a-priori, they could be done as a set of attributes on the tenant group. The drawback with this approach is that making changes to the LDAP schema after deployment is generally not allowed in large organizations, so adding a new role would be impossible. If the objects being managed were entirely within the Directory Server, one possible solution would be to use the Directory servers access controls to manage who could do what. For example, in order for a user to be able to create a new network, they wound need write access to the networks collection for their tenancy. The reason we cannot do that is that many of the objects are maintained in external databases, and not in the directory server. Plus, the access controls for LDAP are not guaranteed to be consistent across different LDAP management systems. One point that came up repeatedly is that different organizations are going to have very different LDAP structures, and the Keystone architecture would ideally be flexible enough to map to what any given organization has implemented, albeit with some customization. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] First patch for LocalFS enhancement available for review
Hi Caitlin, I'm interested in ZFS support in Swift. lfszfs.py in your patch imports nspyzfs, but I could not find it. Where can I get it from? The first patch has been posted for review: https://github.com/vineethrp/swift/commit/c062d4bad5fd8aa4a7bc5ad481b23c07216f281a This patch creates the LocalFS class, and includes a default when no enhanced LocalFS has been installed. Nexenta is developing the ZFS version for the LocalFS, and the first version is in the above patch. Others could implement the same capabilities over other file systems. Regards, Akihiro MOTOKI Date: Fri, 21 Oct 2011 18:04:57 + From: Caitlin Bestler caitlin.best...@nexenta.com Subject: [Openstack] First patch for LocalFS enhancement available for review The LocalFS proposal was first posted a month ago, which is quoted below. To quickly recap the purpose is to enable enhanced Object Servers that provide features such as self-healing mirrors, which can achieve the same availability with fewer network replications being required. Read the blueprint for details. Specifically, Nexenta is interested in enabling use of ZFS self-healing mirroring. A replica produced by the ZFS file system does not consume network bandwidth, But unlike conventional simple disk mirroring, ZFS self-healing mirroring will detect and heal latent disk errors. Relying on self-healing mirroring essentially makes a replica with local IO bandwidth rather than with network bandwidth. Physically the replicas are just as independent as a network replica. A deployment that has two network replicas, that each have two local copies, should provide superior availability than three network replicas. The superior availability also comes with reduced consumption of network bandwidth. Further, there would be no degradation in transaction latency. The first patch has been posted for review: https://github.com/vineethrp/swift/commit/c062d4bad5fd8aa4a7bc5ad481b23c07216f281a This patch creates the LocalFS class, and includes a default when no enhanced LocalFS has been installed. Nexenta is developing the ZFS version for the LocalFS, and the first version is in the above patch. Others could implement the same capabilities over other file systems. There is one major issue that the concept of self-healing mirrors introduces. Basically a replica of a partition can be in a degraded state when the full set of mirrors are not up. Obviously such a replica will probably need to be replicated, but unlike an unmirrored replica that has had a drive failure it is not useless. We suspect that a lower priority replication is the correct response, but this is something that should be discussed by the team as a whole. On 09/15/2011 10:18 AM, Caitlin Bestler wrote: Greetings, A blueprint has been submitted for an extension to enable Local File Systems to take responsibility for certain operations, allowing generic Swift code to offload some burdens when these optional capabilities are available. The goal of this proposal is to allow an Object Server to take advantage of the capabilities of the ZFS file system, but it could be applied for other enhanced file systems as well. The blueprint is: https://blueprints.launchpad.net/swift/+spec/localfs The etherpad description is: http://etherpad.openstack.org/YMTqYzPmZQ This is the first of what will probably be a handful of proposals from Nexenta Systems, all with the goal of enabling value added Object Servers. So we should introduce ourselves. Nexenta brings open source solutions built on ZFS to provide software-based NAS/SAN appliances. The core value of the ZFS file system is delivered in an enterprise class storage solution. We intend to bring the value of ZFS as a local file system to Cloud Storage as well. From http://en.wikipedia.org/wiki/ZFS In computing, ZFS is a combined file system and logical volume manager designed by Sun Microsystems. The features of ZFS include data integrity verification against data corruption modes (like bit rot), support for high storage capacities, integration of the concepts of filesystem and volume management,snapshots and copy-on-write clones, continuous integrity checking and automatic repair, RAID-Z and native NFSv4 ACLs. ZFS is implemented as open-source software, licensed under the Common Development and Distribution License (CDDL). The ZFS name is a trademark of Oracle.[3] To take advantage of ZFS capabilities we will need to work with the Swift project to define how the core Swift code discovers and exploits optional capabilities. This is a role similar to that of a graphics chip or network interface vendor working with an open source OS project. The goal is to enable enhanced functionality with interfaces that make the enhanced functionality optional and largely vendor neutral. Other
[Openstack-qa-team] Getting rid of bad vms
Due to some bugs in nova it can happen that a vm fails to start and, due to another bug, 'nova delete' will not delete it. There was a mention somewhere that you have to manually remove it from the database but I am not sure exactly what command will do that. Can some one help me out? -David -- Mailing list: https://launchpad.net/~openstack-qa-team Post to : openstack-qa-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack-qa-team More help : https://help.launchpad.net/ListHelp