Re: [Openstack] proposal for Russell Bryant to be added to Nova Core
Definite +1 Mark. On Fri, 2012-04-27 at 11:09 -0400, Dan Prince wrote: Russell Bryant wrote the Nova Qpid rpc implementation and is a member of the Nova security team. He has been helping chipping away at reviews and contributing to discussions for some time now. I'd like to seem him Nova core so he can help out w/ reviews... definitely the RPC ones. Dan ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Netstack] OpenStack Quantum plugins
Hi Salman, I think Dan explained pretty well, which will be covered all the quantum thoughts that you have asked me. There might be some code changes are going to happen for Folsom design feature implementation. Also, please have a look at here, 1. http://wiki.openstack.org/QuantumAPIUseCases 2. http://qconlondon.com/dl/qcon-london-2012/slides/SalvatoreOrlando_QuantumVirtualNetworksForOpenStackClouds.pdf 3. http://www.slideshare.net/danwent/quantum-folsom-summit-developer-overview 4. http://www.slideshare.net/danwent/openstack-quantum-intro-os-meetup-32612 If you go to Salvatore's 'Inside_Quamtum' 'slide, It provides quite a good deal of details concerning about How the nova interacts with Quantum. On the VIF driver side, that is a piece which runs in the nova address space, and tells VM being spawned how their VIF should be plugged into networks. There are VIF drivers for Quantum as well as VIF drivers for the other network managers. VIF drivers can be both plugin and hypervisor specific. For instance, nova/virt/hypervisor_driver/vif (e.g.: nova/virt/xenapi/vif). For OVS and more on Network, please refer this link, http://openvswitch.org/support/, go for 1. J. Pettit, J. Gross “Open vSwitch Overview,” 2. S. Horman, “An Introduction to Open vSwitch,” If you want to see advance networking virtualization, refer these papers, 1. J. Pettit, J. Gross, B. Pfaff, M. Casado, S. Crosby, “Virtual Switching in an Era of Advanced Edges,” 2. B. Pfaff, J. Pettit, T. Koponen, K. Amidon, M. Casado, S. Shenker, “Extending Networking into the Virtualization Layer,” I hope these will help. I am also exploring the code :) (still learner) Thanks, Hitesh On Sun, Apr 29, 2012 at 2:41 AM, Dan Wendlandt d...@nicira.com wrote: On Fri, Apr 27, 2012 at 4:44 PM, Salman Malik salma...@live.com wrote: Hi Dan, Thanks for replying. There are few more questions: I am trying to learn the functionality of Quantum plugins used in OpenStack. I have read through the Quantum Admin Guide and had few basic/quick question about quantum and OVS interaction with it: 1) OVS can have ports in which vNICS can be plugged, so why does it need to use an integration bridge for connecting all VMs on the same node to a network? I'm not sure I follow what question you're asking. When OVS is running on a host, it has one or more bridges, and bridges have ports. A linux device representing the vNIC must be added as a port of a bridge being managed by the Quantum plugin. We call this bridge the integration bridge. The Quantum plugin can then configure the ports and bridges appropriately to forward traffic based on the logical model created via the Quantum API. Can you be more precise about what you're asking here? In short it means that the OVS is managing the linux bridges and the linux devices representing vNICs must be added to these bridges (Does Quantum manager adds these devices to bridges?). You have to be a bit careful here, because the linux bridge and open vswitch are two different things (you can think of open vswitch as an advanced version of the linux bridge). A driver in the Nova virt layer is actually the one who creates the linux devices that map to vNICs. For example, libvirt creates these devices as directed by the libvirt driver code: https://github.com/openstack/nova/blob/master/nova/virt/libvirt/vif.py . This code attaches the linux device to an OVS bridge as a port. The rest of the configuration of that port and the OVS bridge is up to the OVS plugin agent. And when you say that quantum plugin configures the ports and bridges appropriately to forward traffic, you mean that it updates the database and then quantum agent then assures the correct mapping of ports/network ids to logical networks at the switch level(by adding flow entries to vSwitch? or by adding the vNICs to right bridges, as there is one bridge per tenant's network on compute node). Right? Its not correct that there is one bridge per tenant network on the compute node. In the case of the OVS plugin, there is a single bridge (e.g., br-int) and different tenants are isolated based on configuration pushed down by the agent. Really the plugin consists of both the code running on the server, and (optionally) agents running on the compute nodes. Not all plugins require agents, for example, if they have some other way of managing the vswitch. Thanks for the reference. I have looked at the code and just to affirm my understanding please confirm/correct/answer the following: Quantum manager is responsible for configuring the network for new instances that spin up. When a tenant adds a port to his logical network the request will be forwarded to this manager by Nova and then Manager (using quantum client) would talk to quantum service/server (where can I see its code?) with the REST API. According to documentation, the quantum service is responsible for loading the plugin and passing
Re: [Openstack] [Netstack] OpenStack Quantum plugins
Thank you both for furnishing the references and providing great explanations. Though I had looked at some of them earlier, but now looking at them again with your explanations in mind, makes a lot of sense. However, there is one last question: I understand that the API client calls are made to the REST API server running at port 9696 (by default), but what I haven't yet understood is how these API calls are passed to/fro the Quantum plugin. After some searching through the Quantum plugins' code directory, I found a rest.py file in Ryu plugin directory that (seems to ) register handler functions with API server that may get called when API server receives a call, but I am not sure. Is it how the OVS plugin works as well? I mean does all plugin register callback functions with API server (just asking because I couldn't find anything similar in rest of plugins' code). Thanks, Salman Date: Sun, 29 Apr 2012 15:01:03 +0530 Subject: Re: [Netstack] [Openstack] OpenStack Quantum plugins From: hitesh.wade...@gmail.com To: salma...@live.com; netst...@lists.launchpad.net; openstack@lists.launchpad.net CC: d...@nicira.com Hi Salman, I think Dan explained pretty well, which will be covered all the quantum thoughts that you have asked me. There might be some code changes are going to happen for Folsom design feature implementation. Also, please have a look at here, 1. http://wiki.openstack.org/QuantumAPIUseCases 2. http://qconlondon.com/dl/qcon-london-2012/slides/SalvatoreOrlando_QuantumVirtualNetworksForOpenStackClouds.pdf 3. http://www.slideshare.net/danwent/quantum-folsom-summit-developer-overview 4. http://www.slideshare.net/danwent/openstack-quantum-intro-os-meetup-32612 If you go to Salvatore's 'Inside_Quamtum' 'slide, It provides quite a good deal of details concerning about How the nova interacts with Quantum. On the VIF driver side, that is a piece which runs in the nova address space, and tells VM being spawned how their VIF should be plugged into networks. There are VIF drivers for Quantum as well as VIF drivers for the other network managers. VIF drivers can be both plugin and hypervisor specific. For instance, nova/virt/hypervisor_driver/vif (e.g.: nova/virt/xenapi/vif). For OVS and more on Network, please refer this link, http://openvswitch.org/support/, go for 1. J. Pettit, J. Gross “Open vSwitch Overview,” 2. S. Horman, “An Introduction to Open vSwitch,” If you want to see advance networking virtualization, refer these papers, 1. J. Pettit, J. Gross, B. Pfaff, M. Casado, S. Crosby, “Virtual Switching in an Era of Advanced Edges,” 2. B. Pfaff, J. Pettit, T. Koponen, K. Amidon, M. Casado, S. Shenker, “Extending Networking into the Virtualization Layer,” I hope these will help. I am also exploring the code :) (still learner) Thanks, Hitesh On Sun, Apr 29, 2012 at 2:41 AM, Dan Wendlandt d...@nicira.com wrote: On Fri, Apr 27, 2012 at 4:44 PM, Salman Malik salma...@live.com wrote: Hi Dan, Thanks for replying. There are few more questions: I am trying to learn the functionality of Quantum plugins used in OpenStack. I have read through the Quantum Admin Guide and had few basic/quick question about quantum and OVS interaction with it: 1) OVS can have ports in which vNICS can be plugged, so why does it need to use an integration bridge for connecting all VMs on the same node to a network? I'm not sure I follow what question you're asking. When OVS is running on a host, it has one or more bridges, and bridges have ports. A linux device representing the vNIC must be added as a port of a bridge being managed by the Quantum plugin. We call this bridge the integration bridge. The Quantum plugin can then configure the ports and bridges appropriately to forward traffic based on the logical model created via the Quantum API. Can you be more precise about what you're asking here? In short it means that the OVS is managing the linux bridges and the linux devices representing vNICs must be added to these bridges (Does Quantum manager adds these devices to bridges?). You have to be a bit careful here, because the linux bridge and open vswitch are two different things (you can think of open vswitch as an advanced version of the linux bridge). A driver in the Nova virt layer is actually the one who creates the linux devices that map to vNICs. For example, libvirt creates these devices as directed by the libvirt driver code: https://github.com/openstack/nova/blob/master/nova/virt/libvirt/vif.py . This code attaches the linux device to an OVS bridge as a port. The rest of the configuration of that port and the OVS bridge is up to the OVS plugin agent. And when you say that quantum plugin configures the ports and bridges appropriately to forward traffic, you mean that it updates the database and then quantum agent then assures the correct mapping of ports/network ids to logical networks at
[Openstack] Energy efficiency
Hi, Me and my colleague are doing research about openstack and energy efficiency during part of our master thesis about cloud computing. And mayby we would like to write something inside nova-scheduler to dynamically manage vms from cloud administrator's point of view. the general idea is to automate process of vm migration to suite current policy. For example, we have 10 servers in cloud with nova-compute, each is capable of running 5 vm. I'd like to run 20 vms. Aaccording to current nova-scheduler (filters), each server will run 2 VMs, but it would be cheaper (this is policy defined by administrator) if we run all of them on just 4 servers. of course, cloud has to keep proper QoS rate (response time etc.). This is general idea. Energy efficiency is really popular topic, when we talk about servers,datacenters and virtualization, but I can't find any papers about it in context of openstack. Are there any projects doing such researches or articles? in fact it would be really surprising if there is nothing about energy efficiency in context of openstack. Cheers, ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Energy efficiency
Hi Szymon, This is a really great that you are working for energy efficiency datacenter. whatever the topics you mentioned that really affects for efficient data center. I would like to add some points on this. You should consider Quantum project to deploy and research for datacenter. Distributed networks play an important role in the data center. May be you can consider OpenVswitch + OpenStack-Quantum+ OpenStack-Nova combination infrastructure. Here are some news that I came across, Clarkson University is going to build energy efficient datacenter at near New York. You can see this news at http://northcountrynow.com/business/clarkson-takes-partners-develop-efficient-data-centers-050575. As far as I know that Prof. Jeanna Matthews is working for it. I am not sure whether they are doing this for OpenStack Cloud. But, You can ask them what exactly they are doing. You can contact these persons, they might redirect you to respective person. I am putting them in CC 1. Dr. Todd Deshane, 2. Mr. Patrick wilbur For Quantum, may be Dan Wendlandt and me can help you to see what parameter you should consider for distributed network Data Center. Its really great that somebody working on OpenStack efficient Data Center. In the mean time, If I find some articles on it then I will forward to you. Thanks, Hitesh Wadekar On Sun, Apr 29, 2012 at 9:58 PM, Szymon Grzybowski semy...@gmail.comwrote: Hi, Me and my colleague are doing research about openstack and energy efficiency during part of our master thesis about cloud computing. And mayby we would like to write something inside nova-scheduler to dynamically manage vms from cloud administrator's point of view. the general idea is to automate process of vm migration to suite current policy. For example, we have 10 servers in cloud with nova-compute, each is capable of running 5 vm. I'd like to run 20 vms. Aaccording to current nova-scheduler (filters), each server will run 2 VMs, but it would be cheaper (this is policy defined by administrator) if we run all of them on just 4 servers. of course, cloud has to keep proper QoS rate (response time etc.). This is general idea. Energy efficiency is really popular topic, when we talk about servers,datacenters and virtualization, but I can't find any papers about it in context of openstack. Are there any projects doing such researches or articles? in fact it would be really surprising if there is nothing about energy efficiency in context of openstack. Cheers, ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Netstack] OpenStack Quantum plugins
On Sun, Apr 29, 2012 at 9:08 AM, Salman Malik salma...@live.com wrote: Thank you both for furnishing the references and providing great explanations. Though I had looked at some of them earlier, but now looking at them again with your explanations in mind, makes a lot of sense. However, there is one last question: I understand that the API client calls are made to the REST API server running at port 9696 (by default), but what I haven't yet understood is how these API calls are passed to/fro the Quantum plugin. After some searching through the Quantum plugins' code directory, I found a rest.py file in Ryu plugin directory that (seems to ) register handler functions with API server that may get called when API server receives a call, but I am not sure. Is it how the OVS plugin works as well? I mean does all plugin register callback functions with API server (just asking because I couldn't find anything similar in rest of plugins' code). No, just look at the Developing a Quantum Plugin section of: http://wiki.openstack.org/QuantumDevelopment . Plugins get calls from the main rest API by implementing the methods in quantum/quantum_plugin_base.py dan Thanks, Salman -- Date: Sun, 29 Apr 2012 15:01:03 +0530 Subject: Re: [Netstack] [Openstack] OpenStack Quantum plugins From: hitesh.wade...@gmail.com To: salma...@live.com; netst...@lists.launchpad.net; openstack@lists.launchpad.net CC: d...@nicira.com Hi Salman, I think Dan explained pretty well, which will be covered all the quantum thoughts that you have asked me. There might be some code changes are going to happen for Folsom design feature implementation. Also, please have a look at here, 1. http://wiki.openstack.org/QuantumAPIUseCases 2. http://qconlondon.com/dl/qcon-london-2012/slides/SalvatoreOrlando_QuantumVirtualNetworksForOpenStackClouds.pdf 3. http://www.slideshare.net/danwent/quantum-folsom-summit-developer-overview 4. http://www.slideshare.net/danwent/openstack-quantum-intro-os-meetup-32612 If you go to Salvatore's 'Inside_Quamtum' 'slide, It provides quite a good deal of details concerning about How the nova interacts with Quantum. On the VIF driver side, that is a piece which runs in the nova address space, and tells VM being spawned how their VIF should be plugged into networks. There are VIF drivers for Quantum as well as VIF drivers for the other network managers. VIF drivers can be both plugin and hypervisor specific. For instance, nova/virt/hypervisor_driver/vif (e.g.: nova/virt/xenapi/vif). For OVS and more on Network, please refer this link, http://openvswitch.org/support/, go for 1. J. Pettit, J. Gross “Open vSwitch Overview,” 2. S. Horman, “An Introduction to Open vSwitch,” If you want to see advance networking virtualization, refer these papers, 1. J. Pettit, J. Gross, B. Pfaff, M. Casado, S. Crosby, “Virtual Switching in an Era of Advanced Edges,” 2. B. Pfaff, J. Pettit, T. Koponen, K. Amidon, M. Casado, S. Shenker, “Extending Networking into the Virtualization Layer,” I hope these will help. I am also exploring the code :) (still learner) Thanks, Hitesh On Sun, Apr 29, 2012 at 2:41 AM, Dan Wendlandt d...@nicira.com wrote: On Fri, Apr 27, 2012 at 4:44 PM, Salman Malik salma...@live.com wrote: Hi Dan, Thanks for replying. There are few more questions: I am trying to learn the functionality of Quantum plugins used in OpenStack. I have read through the Quantum Admin Guide and had few basic/quick question about quantum and OVS interaction with it: 1) OVS can have ports in which vNICS can be plugged, so why does it need to use an integration bridge for connecting all VMs on the same node to a network? I'm not sure I follow what question you're asking. When OVS is running on a host, it has one or more bridges, and bridges have ports. A linux device representing the vNIC must be added as a port of a bridge being managed by the Quantum plugin. We call this bridge the integration bridge. The Quantum plugin can then configure the ports and bridges appropriately to forward traffic based on the logical model created via the Quantum API. Can you be more precise about what you're asking here? In short it means that the OVS is managing the linux bridges and the linux devices representing vNICs must be added to these bridges (Does Quantum manager adds these devices to bridges?). You have to be a bit careful here, because the linux bridge and open vswitch are two different things (you can think of open vswitch as an advanced version of the linux bridge). A driver in the Nova virt layer is actually the one who creates the linux devices that map to vNICs. For example, libvirt creates these devices as directed by the libvirt driver code: https://github.com/openstack/nova/blob/master/nova/virt/libvirt/vif.py . This code attaches the linux device to an OVS bridge as a port. The rest of the
[Openstack] Advanced configuration in Snapshots View
Hi folks, Is anyone working in advanced configuration for Snapshots View in Horizon? Let me explain, Openstack is awesome, and the new dashboard too, but i miss a lot an function to do recurrent snapshots. I think in a schedule view or something like that. Is not crazy do a basic backup with this functionallity i think, and if have deduplication and thin in NFS the backup is so light in total space terms. I know with script is possible but i talk about Horizon new improvement. What do you think? Cheers ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] extending rootwrap securely
As part of the plugin framework, I'm thinking about facilities for adding commands to the nova-rootwrap list without directly editing the code in nova-rootwrap. This is, naturally, super dangerous; I'm worried that I'm going to open a security hole big enough to pass a herd of elephants. It doesn't help that I mostly know about devstack, and don't know a whole lot about the variety of ways that Nova is installed on actual production systems. So, my questions: a) Is the nova code on a production system generally owned by root and read-only? (If the answer to this one is ever 'no' then we're done, because we're already 100% insecure.) b) Does nova usually run as root user? (Again, thinking 'no' because otherwise we wouldn't need a rootwrap tool in the first place.) c) Who generally has rights to modify nova.conf and/or add command-line args to the nova launch? (I want the answer to this to be 'just root' but I fear the answer is 'both root and the nova user.') The crux: If additional commands can be added to rootwrap via nova.conf or the commandline, does that open security holes that aren't already open? Such a facility will give root to anyone who can modify the nova.conf or the nova commandline. So, if the nova user can modify the commandline, the question is: did the nova user /already/ have root access? ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Documentation internship in Austin, TX at Rackspace
Hi all - We're hiring a summer intern at Rackspace to help with OpenStack documentation. Please forward to all college (or graduate) students who will be in the Austin area this summer so they can apply through this link: http://jobs.rackspace.com/job/Austin-Intern-I-US-Job-TX-73301/1861960/ Here's a more detailed job description. Create and deliver materials in collaboration with developers, writers, and community members. Materials cover implementations of cloud computing using the open source OpenStack projects including OpenStack Compute and OpenStack Object Storage as well as an Image Service and Identity Service with a web-based Dashboard. These projects are collaboratively developed with partners in the OpenStack community. Ideally the candidate can: * Edit existing or develop new technical content including: - Administration manuals (installation and configuration, large scale deployment) - API developer manuals (REST-based APIs) - Python developer documentation * Work on a backlog of documentation bugs as well as triage incoming bugs * Work with engineering, QA, and support organizations to the benefit of OpenStack * Work with OpenStack community members to implement technical solutions to documentation issues Please apply through the link above and feel free to contact me with any questions you have. Thanks, Anne Anne Gentle | http://justwriteclick.com/ [image: Facebook] http://facebook.com/conversationandcommunity[image: Linkedin] http://linkedin.com/annegentle[image: Twitter]http://twitter.com/annegentle ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Glance problem
Hi , please help me with this. I try to add a image to glance and i receive the following message: glance add -A 651abbc762f84e8e9b25baeec35c54bd name=$name is_public=true container_format=bare disk_format=raw $imageUploading image 'server' [ 99%] 19.7M/s, ETA 0h 0m 0sFailed to add image. Got error: The request returned a 413 Request Entity Too Large. This generally means that rate limiting or a quota threshold was breached. The response body: 413 Request Entity Too Large The body of your request was too large for this server. Image storage media is full: There is not enough disk space on the image storage media. Note: Your image metadata may still be in the registry, but the image's status will likely be 'killed'. =[100%] 19.7M/s, ETA 0h 0m 0s The problem is that i don't know how to delete this metadata (which i believe is ocupying my glance). When i try to see my images i see only this ones. ctrl@ubuntu:~/devstack$ glance index -A 651abbc762f84e8e9b25baeec35c54bd ID Name Disk Format Container Format Size -- -- ffd57095-0bb5-4678-b6ea-2460140d3084 cirros-0.3.0-x86_64-uec-ramdis ari ari 2254249 48806fc7-2f95-4c83-b7d6-091d59731187 cirros-0.3.0-x86_64-uec-kernel aki aki 4731440 465d5101-9cdd-4a2c-b55d-534c33949491 cirros-0.3.0-x86_64-uec ami ami 25165824 ctrl@ubuntu:~/devstack$ glance details -A 651abbc762f84e8e9b25baeec35c54bd Can anybody help? Andrei-Cosmin Ion telefon: 0727 768 281 email: andrei_t...@yahoo.com Munceste ca si cum n-ai muri niciodata, dar ingrijeste-te de sufletul tau ca si cum ai muri maine!___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack-qa-team] Devstack dependent tests
I think what you mention is a good test. However, I wouldn't be able to run it in most of my test environments. Maybe there should be an invalidate token admin API functionality? I could see reasons for wanting it for functional reasons, and would still allow you to write a test like this. Daryl -- Sent from my HP TouchPad On Apr 29, 2012 11:27 PM, Karajgi, Rohit rohit.kara...@nttdata.com wrote: Hi, We are writing new tests for keystone and some of these tests need to touch keystone database. I really want to avoid this, but unfortunately there are no RESTful APIs supported in stable/essex to do the job. One of the example is 1. Check if get_tenants api fails for expired token. There is no way I can set expiry date of the token using admin RESTful API. So currently I'm planning to use mysql client commands and set the expiry date. All such tests will be put in the attr decorator with the name devstack. So any one who doesn't want to run such tests should run tempest with nosetests -a kind!=devstack. Does it make sense to add such tests? Regards, Rohit __ Disclaimer:This email and any attachments are sent in strictest confidence for the sole use of the addressee and may contain legally privileged, confidential, and proprietary data. If you are not the intended recipient, please advise the sender by replying promptly to this email and then delete and destroy this email and any attachments without any further use, copying or forwarding -- Mailing list: https://launchpad.net/~openstack-qa-team Post to : openstack-qa-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack-qa-team More help : https://help.launchpad.net/ListHelp -- Mailing list: https://launchpad.net/~openstack-qa-team Post to : openstack-qa-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack-qa-team More help : https://help.launchpad.net/ListHelp
