[Openstack] When are the IRC meetings for Nova, Glance and Swift?

[Sheng Bo Hou]

Hi OpenStackers,

From this link http://wiki.openstack.org/Meetings/, I cannot find when the 
IRC meetings for Nova, Glance and Swift will be.
Can someone tell me when these meetings take place?
Thank you in advanced.


Best wishes.
Vincent Hou (侯胜博)

Software Engineer, Standards Growth Team, Emerging Technology Institute, 
IBM China Software Development Lab

Tel: 86-10-82450778 Fax: 86-10-82453660
Notes ID: Sheng Bo Hou/China/IBM@IBMCNE-mail: sb...@cn.ibm.com 
Address:3F Ring, Building 28 Zhongguancun Software Park, 8 Dongbeiwang 
West Road, Haidian District, Beijing, P.R.C.100193
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Networking issue with VlanManager and Floating IPs

[Edgar Magana (eperdomo)]

Folks,

We are using Essex for our multi-host OpenStack deployment with Vlan Manager.
All the private IPs are working as expected in a multi-tenant scenario but the 
problem that we are seen is with Floating IPs.

We have three tenants,  all of them are able to use  Floating IPs and then VMs 
are reachable from the public network but the inter VMs connectivity by private 
IPs is totally lost. Once we dissociate the Floating IPs to the corresponding 
VMs, the connectivity is back. The odd part is that we are seeing this behavior 
in just two of the three tenants that we have tested so far.

Is anyone aware of any bug or misconfiguration in Nova-network that could 
explain this behavior? We will be running more tests and we can provide 
detailed information of our environment if needed.

Thanks for your help,

Edgar
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] quota question

[Eoghan Glynn]

 We're running a system with a really wide variety of node types. This
 variety (nodes with 24GB, 48GB, GPU nodes, and 1TB mem nodes) causes
 some real trouble with quotas. Basically, for any tenant that is going
 to use the large memory nodes (even in smaller slices), we need to set
 quotas that are high enough that they are useless when it comes to all
 other instance types. Also, instances aren't comparable across our
 range of hardware either.
 
 Is there a clever solution to this problem that I'm missing? Is
 anyone
 else running into this sort of properly operationally? I'm a little
 bit worried that a slightly too simple notion of quotas has been baked
 into openstack at a fairly deep level.
 thanks for any insight..

Hi Narayan,

I had the idea previously of applying a weighting function to the
resource usage being allocated from the quota, as opposed to simply
counting raw instances.

The notion I had in mind was more related to image usage in glance,
where the image footprint can vary very widely. However I think it
could be useful for some nova resources also.

Now for some resource types, for example say volumes, usage can be
controlled along multiple axes (i.e. number of volumes and total size),
so that gives more flexibility.

But if I'm hearing you correctly, you'd want to apply a lower weighting
to instances that are scheduled onto one of the higher-memory compute
nodes, and vice versa a higher weighting to instances that happen to
be run on lower-memory nodes.

Does that sum it up, or have I misunderstood?

BTW what kind of nova-scheduler config are you using?

Cheers,
Eoghan

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] vm on compute node cannot connect internet

[Xiaolin Zhang]

Hi Jiaan,

The problem may relates to SNAT iptables set by nova-network. Based on the
description, I guess you have only one nova-network running on Controller.

Please try:

1. add the following line to /etc/nova/nova.conf
--mutil_host=true

2. start a nova-network instance on Compute Node
service nova-network start

3. reboot your instance, to enforce network filters on Controller
nova reboot $id

try to access your vm instance.


*Best Regards,
Xiaolin Zhang*



On Sat, Jul 14, 2012 at 10:58 AM, Jiaan Zeng l.alle...@gmail.com wrote:

 Hi List,

 I have a network problem while setting up essex.  The instances on control
 node can access internet, while instances on compute node cannot. I tcpdump
 the ping traffic and found something weird. VM on compute node can send
 ICMP request out and the src ip of the ICMP package is changed to ip of
 control node. Destination can receive the request and reply back to control
 node. But VM on compute node gets nothing back. I can ping control node
 from VM on compute node though. Based on that, I think there should be
 something wrong with the gateway set up by nova-network. But I don't know
 how to do further debug.

 Any suggestions would be greatly appreciated!

 I set up on two machines. Each has only *one* NIC. I use FlatDHCPManager
 and place the bridge on the public NIC. Below is my configuration file of
 network part.

 --network_manager=nova.network.manager.FlatDHCPManager
 --public_interface=eth0
 --flat_interface=eth0
 --flat_network_bridge=br100
 --fixed_range=192.168.22.32/27
 --floating_range=10.42.0.32/27
 --network_size=32
 --flat_network_dhcp_start=192.168.22.33
 --flat_injected=False
 --force_dhcp_release=True

 --
 Regards,
 Jiaan

 ___
 Mailing list: https://launchpad.net/~openstack
 Post to : openstack@lists.launchpad.net
 Unsubscribe : https://launchpad.net/~openstack
 More help   : https://help.launchpad.net/ListHelp


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] vm on compute node cannot connect internet

[Xiaolin Zhang]

Hi Jiaan,

You may need to change your db, to set nova.network's 'multi_host' to 1 as
well.

Hope it helps.

*Best Regards,
Xiaolin Zhang*



On Fri, Jul 20, 2012 at 5:54 PM, Xiaolin Zhang zhangxiaol...@gmail.comwrote:

 Hi Jiaan,

 The problem may relates to SNAT iptables set by nova-network. Based on the
 description, I guess you have only one nova-network running on Controller.

 Please try:

 1. add the following line to /etc/nova/nova.conf
 --mutil_host=true

 2. start a nova-network instance on Compute Node
 service nova-network start

 3. reboot your instance, to enforce network filters on Controller
 nova reboot $id

 try to access your vm instance.


 *Best Regards,
 Xiaolin Zhang*



 On Sat, Jul 14, 2012 at 10:58 AM, Jiaan Zeng l.alle...@gmail.com wrote:

 Hi List,

 I have a network problem while setting up essex.  The instances on
 control node can access internet, while instances on compute node cannot. I
 tcpdump the ping traffic and found something weird. VM on compute node can
 send ICMP request out and the src ip of the ICMP package is changed to ip
 of control node. Destination can receive the request and reply back to
 control node. But VM on compute node gets nothing back. I can ping control
 node from VM on compute node though. Based on that, I think there should be
 something wrong with the gateway set up by nova-network. But I don't know
 how to do further debug.

 Any suggestions would be greatly appreciated!

 I set up on two machines. Each has only *one* NIC. I use FlatDHCPManager
 and place the bridge on the public NIC. Below is my configuration file of
 network part.

 --network_manager=nova.network.manager.FlatDHCPManager
 --public_interface=eth0
 --flat_interface=eth0
 --flat_network_bridge=br100
 --fixed_range=192.168.22.32/27
 --floating_range=10.42.0.32/27
 --network_size=32
 --flat_network_dhcp_start=192.168.22.33
 --flat_injected=False
 --force_dhcp_release=True

 --
 Regards,
 Jiaan

 ___
 Mailing list: https://launchpad.net/~openstack
 Post to : openstack@lists.launchpad.net
 Unsubscribe : https://launchpad.net/~openstack
 More help   : https://help.launchpad.net/ListHelp



___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] quota question

[Narayan Desai]

On Fri, Jul 20, 2012 at 4:38 AM, Eoghan Glynn egl...@redhat.com wrote:

 Hi Narayan,

 I had the idea previously of applying a weighting function to the
 resource usage being allocated from the quota, as opposed to simply
 counting raw instances.

 The notion I had in mind was more related to image usage in glance,
 where the image footprint can vary very widely. However I think it
 could be useful for some nova resources also.

 Now for some resource types, for example say volumes, usage can be
 controlled along multiple axes (i.e. number of volumes and total size),
 so that gives more flexibility.

 But if I'm hearing you correctly, you'd want to apply a lower weighting
 to instances that are scheduled onto one of the higher-memory compute
 nodes, and vice versa a higher weighting to instances that happen to
 be run on lower-memory nodes.

 Does that sum it up, or have I misunderstood?

I think you've got it. I hadn't really asked with a particular
solution in mind, i was mainly looking for ideas.

I think that weighting would help. Effectively we need to discount
memory usage on the bigmem nodes, or something like that.

The harder part is that we need to be able to specify
independent/orthogonal quota constraints on different flavors. It
would be really useful to be able to say basically, you can have 2TB
of memory from this flavor, and 4TB of memory from that flavor. This
would allow saying something like you can have up to 3 1TB instances,
and independently have up to 3TB of small instances as well.

 BTW what kind of nova-scheduler config are you using?

We're using the filter scheduler. We've defined a bunch of custom
flavors, in addition to the stock ones, that allow us to fill up all
of our node types. So for each node type, we define flavors for the
complete node (minus a GB of memory for the hypervisor), and 3/4, 1/2,
1/4, and 1/8, 1/16, and 1/32 of the node. We've used a machine type
prefix for each one. The compute nodes are IBM idataplex, so we have
idp.{100,75,50,25,12,6,3}. We've done this for each machine type, so
we have idp.*, mem.*, gpu.*, etc. Each machine type has a unique
hostname prefix (cc for the idp nodes, cm for the bigmem nodes, cg for
gpu nodes, etc), and the filter scheduler is setup to route requests
for these custom flavors only to nodes with the appropriate hostname
prefix. This isn't an ideal solution, but it minimizes risk of
fragmentation. (With the default flavors, we'd see a lot of cases
where there was idle capacity left on the nodes that wasn't usable
because the ratio was wrong for the default flavors)

So far, this scheduling scheme has worked pretty well, aside from
leaving some instances in a weird state when you try to start a bunch
(20-50) at a time. I haven't had time to track that down yet.
 -nld

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Solaris Fails as Guest VM

[John Garbutt]

You might be able to use XenServer/XCP.

It's not supported as such, and I have never tried it, but these people seem to 
have:
http://360is.blogspot.co.uk/2010/03/paravirtualized-opensolaris-solaris-on.html

 -Original Message-
 From: openstack-bounces+john.garbutt=eu.citrix@lists.launchpad.net
 [mailto:openstack-bounces+john.garbutt=eu.citrix@lists.launchpad.net]
 On Behalf Of Narayan Desai
 Sent: Thursday, July 19, 2012 7:28 PM
 To: Joshua
 Cc: openstack@lists.launchpad.net
 Subject: Re: [Openstack] Solaris Fails as Guest VM
 
 That is worth a shot. I haven't played with Xen personally, so I don't know 
 what
 would be involved, but iirc there was a solaris xen port.
  -nld
 
 On Thu, Jul 19, 2012 at 1:07 PM, Joshua j...@root.bz wrote:
  Would xen as the hypervisor be able to boot the solaris vm?
 
 
  On Thu, Jul 19, 2012 at 11:35 AM, Joshua j...@root.bz wrote:
 
  Thanks for the updates, it hurts to hear that solaris is not support.
  I was hoping I could nest the vm, but even that has been removed as a
 feature.
  Anyone have any workarounds on getting solaris running within openstack.
 
 
  On Wed, Jul 18, 2012 at 6:48 PM, Narayan Desai
  narayan.de...@gmail.com
  wrote:
 
  On Wed, Jul 18, 2012 at 7:38 PM, Michael March mma...@gmail.com
 wrote:
   I don't follow Solaris that closely but I vaguely remember the
   Joyent folks ported all of KVM to Solaris, right?  Or am I just
   missing the whole point here?
 
  They did, and it is a fairly impressive piece of work. Their focus
  (as a hosting provider) was running kvm virtual machines in a
  illumos host. That support is completely separate from the guest
  drivers to make virtio work for block and network devices. afaict,
  network device support is complete, but block device support isn't
  finished yet. This means you can't run illumos/solaris as a guest using 
  kvm
 with virtio.
   -nld
 
 
 
 
 ___
 Mailing list: https://launchpad.net/~openstack
 Post to : openstack@lists.launchpad.net
 Unsubscribe : https://launchpad.net/~openstack
 More help   : https://help.launchpad.net/ListHelp

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] When are the IRC meetings for Nova, Glance and Swift?

[John Griffith]

On Fri, Jul 20, 2012 at 8:34 AM, Jay Pipes jaypi...@gmail.com wrote:
 Glance does not have any regular weekly IRC meetings.

 Not sure about Swift or Nova.

 Best,
 -jay

 On 07/20/2012 02:40 AM, Sheng Bo Hou wrote:
 Hi OpenStackers,

 From this link http://wiki.openstack.org/Meetings/, I cannot find when
 the IRC meetings for Nova, Glance and Swift will be.
 Can someone tell me when these meetings take place?
 Thank you in advanced.


 Best wishes.
 Vincent Hou (侯胜博)

 Software Engineer, Standards Growth Team, Emerging Technology Institute,
 IBM China Software Development Lab

 Tel: 86-10-82450778 Fax: 86-10-82453660
 Notes ID: Sheng Bo Hou/China/IBM@IBMCNE-mail: sb...@cn.ibm.com
 Address:3F Ring, Building 28 Zhongguancun Software Park, 8 Dongbeiwang
 West Road, Haidian District, Beijing, P.R.C.100193


 ___
 Mailing list: https://launchpad.net/~openstack
 Post to : openstack@lists.launchpad.net
 Unsubscribe : https://launchpad.net/~openstack
 More help   : https://help.launchpad.net/ListHelp


 ___
 Mailing list: https://launchpad.net/~openstack
 Post to : openstack@lists.launchpad.net
 Unsubscribe : https://launchpad.net/~openstack
 More help   : https://help.launchpad.net/ListHelp

Hey Vincent,

You can look at the meetings wiki page to see if there's an applicable
meeting or sub-group meeting.  Not sure if all of these are up to date
but they seem to be.

http://wiki.openstack.org/Meetings/

John

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] quota question

[Eoghan Glynn]

 Sounds like one solution alright..
 
 But - what about making quotas pluggable, like the scheduler?

Yeah, that could certainly be a direction to head in the longer term.

The way things stand though, the decision as to which quota is being
checked against in made at the enforcement point, and the question
posed of the quotas engine is really just a dict mapping resource names
to the numbers requested (i.e. there isn't any further context provided).

So in order to allow the quotas engine ask more detailed questions
about the kind of resource required (i.e. is the instance requested
SSD-backed or whatever), we'd have provide a lot more context than we
currently do.

Cheers,
Eoghan

 This would allow for even more complex quotas, like limiting the
 number of SSD backed instances across the entire cloud per tenant,
 while still keeping the core implementation lean.
 
 Kiall
 On Jul 20, 2012 3:48 PM, Eoghan Glynn  egl...@redhat.com  wrote:
 
 
 
  The harder part is that we need to be able to specify
  independent/orthogonal quota constraints on different flavors. It
  would be really useful to be able to say basically, you can have
  2TB
  of memory from this flavor, and 4TB of memory from that flavor.
  This
  would allow saying something like you can have up to 3 1TB
  instances,
  and independently have up to 3TB of small instances as well.
 
 OK, so its the as well aspect that's problematic here.
 
 (If it were an either-or situation as opposed to a both, then
 obviously
 a combination of the instances and RAM quotas would get you part of
 the way at least).
 
 So just thinking aloud, we could potentially add new per-flavor quota
 resources so that for each existing instance-type, there was the
 potential
 to add a new quota limiting *only* that instance type (and maybe keep
 the existing instances quotas as an over-arching limit).
 
 For example, if the following quotas where set:
 
 instances: 100
 instances-m1.xlarge: 10
 instances-m1.large: 20
 instances-m1.small: 50
 instances-m1.tiny: 100
 
 and a user requested an additional xlarge instance, we'd first check
 if we
 had headroom on the instances-m1.xlarge quota and then if we also had
 headroom
 on the over-arching instances quota (before going on to check the ram
  cores
 if necessary). Whereas, if a medium instance was requested, we would
 only check
 the overarching limit, as there is no instances-medium quota defined.
 
 This would require some change to the quotas logic, to allow the set
 of
 resources that may be limited by quotas to be more dynamic (currently
 we have a fairly fixed set, whereas new instance types may be defined
 at any time).
 
 Would that address your requirement?
 
 Cheers,
 Eoghan
 
 ___
 Mailing list: https://launchpad.net/~openstack
 Post to : openstack@lists.launchpad.net
 Unsubscribe : https://launchpad.net/~openstack
 More help : https://help.launchpad.net/ListHelp
 

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Networking issue with VlanManager and Floating IPs

[Edgar Magana (eperdomo)]

Thanks for the pointers Xu, we will give it a try in our testbed and let you 
know.

Thanks,

Edgar

From: xche...@gmail.com [mailto:xche...@gmail.com] On Behalf Of Xu (Simon) Chen
Sent: Friday, July 20, 2012 8:10 AM
To: Wael Ghandour (wghandou)
Cc: Edgar Magana (eperdomo); openstack@lists.launchpad.net
Subject: Re: [Openstack] Networking issue with VlanManager and Floating IPs

Yes, one solution is to modify the iptables driver, so that you don't SNAT for 
internal subnets...

So, at the beginning of the nova-network-floating-snat rules, you add something 
like this:
-A nova-network-floating-snat -s 10.0.0.0/24http://10.0.0.0/24 -d 
10.0.0.0/24http://10.0.0.0/24 -j ACCEPT
...
-A nova-network-floating-snat -s 10.0.88.16/32http://10.0.88.16/32 -j SNAT 
--to-source pub1
-A nova-network-floating-snat -s 10.0.16.7/32http://10.0.16.7/32 -j SNAT 
--to-source pub2
-A nova-network-floating-snat -s 10.0.4.11/32http://10.0.4.11/32 -j SNAT 
--to-source pub3

Then it should solve the unnecessary NATting issue...

On Fri, Jul 20, 2012 at 10:13 AM, Wael Ghandour (wghandou) 
wghan...@cisco.commailto:wghan...@cisco.com wrote:

I can confirm that the VM traffic is undergoing NAT with using its floating IP 
on the private interface of the nova-compute node when it tries to reach the 
private address of the VMs belonging to the same tenant and on other compute 
nodes. That obviously is breaking internal connectivity

Regards,

Wael



On Jul 20, 2012, at 5:42 AM, Xu (Simon) Chen wrote:


There was an issue that we saw in an earlier nova-network...

Due to multi_host configuration, the nova-network runs on every nova-compute 
node. Therefore the floating IP assignment happens on the compute nodes 
directly. So between two VMs within the same tenant on different hosts, 
private-public SNAT happens unnecessarily.

Not sure if this is fixed in Essex...
On Fri, Jul 20, 2012 at 3:49 AM, Edgar Magana (eperdomo) 
eperd...@cisco.commailto:eperd...@cisco.com wrote:
Folks,

We are using Essex for our multi-host OpenStack deployment with Vlan Manager.
All the private IPs are working as expected in a multi-tenant scenario but the 
problem that we are seen is with Floating IPs.

We have three tenants,  all of them are able to use  Floating IPs and then VMs 
are reachable from the public network but the inter VMs connectivity by private 
IPs is totally lost. Once we dissociate the Floating IPs to the corresponding 
VMs, the connectivity is back. The odd part is that we are seeing this behavior 
in just two of the three tenants that we have tested so far.

Is anyone aware of any bug or misconfiguration in Nova-network that could 
explain this behavior? We will be running more tests and we can provide 
detailed information of our environment if needed.

Thanks for your help,

Edgar

___
Mailing list: https://launchpad.net/~openstack
Post to : 
openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp



___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] quota question

[Kevin L. Mitchell]

On Fri, 2012-07-20 at 15:59 +0100, Kiall Mac Innes wrote:
 But - what about making quotas pluggable, like the scheduler?

They are; see the quota_driver configuration option.  However…

 This would allow for even more complex quotas, like limiting the
 number of SSD backed instances across the entire cloud per tenant,
 while still keeping the core implementation lean.

As Eoghan points out, a lot more context would need to be provided than
the current quota system uses, and you'd end up with something
considerably more complex.

(BTW, I'd like to point out the Boson proposal and thread…)
-- 
Kevin L. Mitchell kevin.mitch...@rackspace.com


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] quota question

[Eoghan Glynn]

  Would that address your requirement?
 
 I think so. If these acted as a hard limit in conjunction with
 existing quota constraints, I think it would do the trick.

I've raised this a nova blueprint, so let's see if it gets any traction: 

  https://blueprints.launchpad.net/nova/+spec/flavor-specific-instance-quotas

Cheers,
Eoghan

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Quantum] Public Network spec proposal

[Dan Wendlandt]

On Fri, Jul 20, 2012 at 8:20 AM, Jay Pipes jaypi...@gmail.com wrote:

 On 07/20/2012 10:24 AM, Lew Tucker wrote:
  We might want to think a bit about words here.  I believe it would be
  less confusing to call this something else such as a shared network
  instead of public.  As Salvatore indicates below, this is simply a
  network that is shared among several tenants. A common use case as
  given by the blueprint is to allow tenant access to service-provider
  created networks.  By calling it a public network, many would assume
  Internet access.  I believe this capability is very important as it
  could open up the possibility not only for the service provider but also
  for one tenant to offer services to others by allowing multiple tenants
  to connect to a shared network without using public IP addresses.
   Perhaps for right now, the authZ work could simply support sharing with
  All, but this could be refined later so that the owner of a shared
  network could implement finer-grained control such that only certain
  tenants (e.g. subscribers) could create ports.

 Totally agree here. In Glance, a public image is shared with everyone,
 no restrictions. Shared images are images that have their access
 shared with one or more image access members. A similar concept seems to
 apply perfectly here...


What Salvatore is proposing now is the shared with everyone,
no restrictions model (i.e., what glance calls public), and he wanted to
avoid a name that implies that there was any more fine-grained authz
mechanism for sharing.  Glance used public for this, so the thought was
to copy it, but I agree that public has wider connotations in the
networking space, so it would be good to find an alternative if possible.
 We use the term global for this in the Essex release of Quantum (no name
I've heard quite avoid unintended connotations).

Ideally we would have a better flushed out design for what the general
authz model for sharing networks would be, and then just expose this as a
special share all case.  That said, supporting this based share all use
case is something Quantum already had in Essex, and is a strict requirement
for Folsom, so we will likely have to make a decision on how to expose it
before a full authz design is available.

Dan





 Best,
 -jay

 
  On Jul 19, 2012, at 5:16 PM, Salvatore Orlando wrote:
 
  Indeed, public in our context means shared among several tenants.
  We are not dealing with tenant access to the Internet or direct
  association of VIF to public IP addresses.
 
  The basic model is still the 'guest network' model. This blueprint,
  for which some code is already available on gerrit, just addresses the
  authZ work necessary for ensuring multiple tenants can share the same
  network object.
 
  Salvatore
 
  On 19 July 2012 17:03, Tomoe Sugihara to...@midokura.com
  mailto:to...@midokura.com wrote:
 
  Hi Dan,
 
  On Thu, Jul 19, 2012 at 11:58 PM, Dan Wendlandt d...@nicira.com
  mailto:d...@nicira.com wrote:
  
  
   On Tue, Jul 17, 2012 at 7:39 PM, Tomoe Sugihara
  to...@midokura.com mailto:to...@midokura.com wrote:
  
   Hi Salvatore,
  
   I have a few questions regarding your proposal mostly related to
 L3
   services.
   I've read in another thread that L3 services are out of
  Quantum's scope
   for
   Folsom
  
  
   Actually, for Folsom-3 we are working on a blueprint
  
  (https://blueprints.launchpad.net/quantum/+spec/quantum-l3-fwd-nat)
 to
   support the simple L3 and NAT/Floating-IP forwarding available
  in Nova (plus
   a bit more flexibility).
 
  Thanks for the info. This is very good to know.
  Now I'm assuming that *public* network just as the legacy network
  still get private IP prefix and they can have floating ip
 associated.
  Let me know if I'm missing something.
 
  Thanks,
  Tomoe
 
 
  
   Dan
  
  
  
   but I'd like to know how this publ networks?
  
  
- How does VM on public network get internet connectivity?
  Would it
   get private IP
  first and then floating IP associated with it just as legacy
   nova+quantum network,
  or would public network get public IP connectivity directly?
  
- What about the non-public networks? Would VMs on non-public
   networks be able to
  get internet connectivity with floating ip and masquerading
  using
   nova-network? Or
 they wouldn't get internet access because it's not public?
  
  
   2. How ports in a public network for different tenants are
  isolated? or
   not isolated at all?
  
If I understand correctly, ports on the same quantum network
  should
   get virtual L2
connectivity (within a single broadcast domain). So I'm
  assuming that
   ports on the same network
are not isolated (unless security groups 

[Openstack] [nova] Proposal for Sean Dague to join nova-core

[Vishvananda Ishaya]

Hello Everyone,

When I was going through the list of reviewers to see who would be good for 
nova-core a few days ago, I left one out. Sean has been doing a lot of reviews 
lately[1] and did the refactor and cleanup of the driver loading code. I think 
he would also be a great addition to nova-core.

Vish 

[1] https://review.openstack.org/#/dashboard/2750
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Volume with ZVol : opinion on code

[Nicolas de BONFILS]

Hi,

Following my ideas about using ZFS (ZVol) instead of LVM for the volume 
(https://lists.launchpad.net/openstack/msg13009.html). I write a piece 
of code : in attachment or on github/nicolas2bonfils 
https://github.com/nicolas2bonfils/cinder/blob/master/cinder/volume/driver_zvol.py 
(for line comments or push request).
I write and test the code with ZFSOnLinux http://zfsonlinux.org/ and 
Debian sid.


What it does :

 * create ZVol instead of LVM,
 * use ISCSI sharing from the existing cinder driver,
 * use ZFS snapshot for the snapshot feature,
 * is working for create/delete volume,
 * can create/delete native ZFS snapshot (see below for the linked
   problem).


What need to be improve :

 * check if native ZFS snapshot can be use for volume snapshot (same
   use/meaning ?),
 * when deleting a volume with snapshot (ZFS one), do we delete the
   derived snapshot or export them as independent volume.


What it does not (yet) :

 * share with native ZFS ISCSI (due to ZFSOnLinux limitation)


Thanks for all your ideas, advice, ...

--- Nicolas de Bonfils
# vim: tabstop=4 shiftwidth=4 softtabstop=4

# Copyright 2012 Nicolas de Bonfils openst...@nicolas2bonfils.com
#
#Licensed under the Apache License, Version 2.0 (the License); you may
#not use this file except in compliance with the License. You may obtain
#a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
#Unless required by applicable law or agreed to in writing, software
#distributed under the License is distributed on an AS IS BASIS, WITHOUT
#WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#License for the specific language governing permissions and limitations
#under the License.

#TODO(nicolas) : i18n the log message

from cinder.volume.driver import *

class ZVolDriver(ISCSIDriver):

Drivers for volumes using Zvol instead of LVM.
Tested with ZFSOnLinux on a Debian sid system



def __init__(self, *args, **kwargs):
#TODO(nicolas) : use configuration flag
self.zfs_bin = /sbin/zfs
self.zpool_bin = /sbin/zpool
super(ZVolDriver, self).__init__(*args, **kwargs)

def check_for_setup_error(self):
Returns an error if prerequisites aren't met
out, err = self._execute('%s' % self.zfs_bin, 'list', run_as_root=True)
volume_groups = out.split()
if not FLAGS.volume_group in volume_groups:
raise exception.Error(_(zfs base volume group '%s' doesn't exist)
  % FLAGS.volume_group)

def _create_volume(self, volume_name, sizestr):
LOG.debug('Create volume with command %s create -V %s %s/%s' % (self.zfs_bin, sizestr, FLAGS.volume_group, volume_name))
self._try_execute('%s' % self.zfs_bin, 'create', 
		  '-V', sizestr,
  '%s/%s' % (FLAGS.volume_group, volume_name), 
  run_as_root=True)

def _copy_volume(self, srcstr, deststr, size_in_g):
LOG.debug('copy volume with method dd if=%s of=%s count=%d bs=1M' % (srcstr, deststr, (size_in_g * 1024)))
self._execute('dd', 'if=%s' % srcstr, 'of=%s' % deststr,
  'count=%d' % (size_in_g * 1024), 'bs=1M',
  run_as_root=True)

def _volume_not_present(self, volume_name):
path_name = '%s/%s' % (FLAGS.volume_group, volume_name)
out, err = self._execute('%s' % self.zfs_bin, 'list', run_as_root=True)
volume_search = out.split()
LOG.debug('List volume with command %s list' % self.zfs_bin)
LOG.debug(volume_search)
return not path_name in volume_search

def _delete_volume(self, volume, size_in_g):
Deletes a zvol.
# zero out old volumes to prevent data leaking between users
# TODO(ja): reclaiming space should be done lazy and low priority
self._copy_volume('/dev/zero', self.local_path(volume), size_in_g)
LOG.debug('Destroy volume with command %s destroy %s/%s' % (self.zfs_bin, FLAGS.volume_group, volume['name']))
self._try_execute('%s' % self.zfs_bin, 'destroy', 
  '%s/%s' % (FLAGS.volume_group, volume['name']),
  run_as_root=True)

def delete_volume(self, volume):
Deletes a zvol.
if self._volume_not_present(volume['name']):
# If the volume isn't present, then don't attempt to delete
return True

		# When snapshots exist, what to do ?
		# remove them or export them as new independent volume
 
self._delete_volume(volume, volume['size'])

def create_snapshot(self, snapshot):
Creates a snapshot.
LOG.debug('Snapshot volume with command %s snapshot %s/%s' % (self.zfs_bin, 
FLAGS.volume_group, 
self._snapshot_full_name(snapshot)))
 

Re: [Openstack] [nova] Proposal for Sean Dague to join nova-core

[Tong Li]

+1,
Sean will be a great addition to the nova-core. He has always been willing
to lend a helping hand in the community.

Tong Li
Emerging Technologies  Standards
Building 501/B205
liton...@us.ibm.com



From:   Vishvananda Ishaya vishvana...@gmail.com
To: Openstack (openstack@lists.launchpad.net)
(openstack@lists.launchpad.net)
openstack@lists.launchpad.net
Date:   07/20/2012 01:53 PM
Subject:[Openstack] [nova] Proposal for Sean Dague to join nova-core
Sent by:openstack-bounces+litong01=us.ibm@lists.launchpad.net



Hello Everyone,

When I was going through the list of reviewers to see who would be good for
nova-core a few days ago, I left one out. Sean has been doing a lot of
reviews lately[1] and did the refactor and cleanup of the driver loading
code. I think he would also be a great addition to nova-core.

Vish

[1] https://review.openstack.org/#/dashboard/2750
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

inline: graycol.gif___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [OpenStack][Swift] Some questions about the performance of swift .

[Paulo Ricardo Motta Gomes]

Have you monitored the cpu utilization of the proxy server and the storage
nodes? I did similar tests with Swift and the proxy server exhausted its
capacity with a only few concurrent requests for very small objects.

If you notice object servers are not overloaded, but proxy is overloaded, a
solution might be to have more proxy servers if you hav

It seems a problem of overload, since there are only 4 servers in the
system and a large level of concurrency. Have you tried slowly increasing
the number of concurrency to find the point where the problem starts? This
point may be the capacity of your system.

Also, are you using persistent connections to the proxy server to send the
object? If so, maybe try to renew them once in a while.

Cheers,

Paulo

2012/7/20 Kuo Hugo tonyt...@gmail.com

 Hi Sam , and all openstacker

 This is Hugo . I'm facing an issue about the performance  *degradation*  of
 swift .
 I tried to figure out the problem of the issue which I faced in recent
 days.

 Environment :
 Swift version : master branch . latest code.
 Tried on Ubuntu 12.04/11.10
 1 Swift-proxy : 32GB-ram / CPU 4*2 / 1Gb NIC*2
 3 Storage-nodes : each for 32GB-ram / CPU 4*2 / 2TB*7 / 1Gb NIC*2

 storage nodes runs only main workers(object-server , container-server ,
 account-server)

 I'm in testing with 4K size objects by swift-bench.

 Per round bench.conf
 object_size = 4096
 Concurrency : 200
 Object number: 20
 Containers : 200
 no delete objects ..

 At beginning , everything works fine in my environment.  The average speed
 of PUT is reached to 1200/s .
 After several rounds test . I found that the performance is down to
 300~400/s
 And after more rounds , failures appeared  , and ERROR in proxy's log as
 followed

 Jul 20 18:44:54 angryman-proxy-01 proxy-server ERROR with Object server
 192.168.100.101:36000/DISK5 re: Trying to get final status of PUT to
 /v1/AUTH_admin/9cbb3f9336b34019a6e7651adfc06a86_51/87b48a3474c7485c95aeef95c6911afb:
 Timeout (10s) (txn: txb4465d895c9345be95d81632db9729af) (client_ip:
 172.168.1.2)
 Jul 20 18:44:54 angryman-proxy-01 proxy-server ERROR with Object server
 192.168.100.101:36000/DISK4 re: Trying to get final status of PUT to
 /v1/AUTH_admin/9cbb3f9336b34019a6e7651adfc06a86_50/7405e5824cff411f8bb3ecc7c52ffd5a:
 Timeout (10s) (txn: txe0efab51f99945a7a09fa664b821777f) (client_ip:
 172.168.1.2)
 Jul 20 18:44:55 angryman-proxy-01 proxy-server ERROR with Object server
 192.168.100.101:36000/DISK5 re: Trying to get final status of PUT to
 /v1/AUTH_admin/9cbb3f9336b34019a6e7651adfc06a86_33/f322f4c08b124666bf7903812f4799fe:
 Timeout (10s) (txn: tx8282ecb118434f828b9fb269f0fb6bd0) (client_ip:
 172.168.1.2)


 After trace the code of object-server swift/obj/server.py and insert a
 timer on
 https://github.com/openstack/swift/blob/master/swift/obj/server.py#L591


 for chunk in iter(lambda: reader(self.network_chunk_size), ''):


 Seems that the reader sometimes took a lot of time for receiving data from
 wsgi.input. Not every request , it looks like has a time of periods.

 So that I check the history of Swift , I saw your commit
 https://github.com/openstack/swift/commit/783f16035a8e251d2138eb5bbaa459e9e4486d90
  . That's the only one which close to my issue.  So that I hope that
 there's some suggestions for me.

 My considerations :

 1. Does it possible  caused by greenio switch ?

 2. Does it related to the number of objects existing on storage disks ?

 3. Did someone play with swift by small size + fast client request ?

 4. I found that the performance would never back to 1200/s . The only way
 to do is flush all data from disk. Once disk cleaned , the performance get
 back to  the best one.

 5. I re-read entire workflow of object server to handle a PUT request , I
 don't understand the reason why that the number of objects will affect
 reading wsgi.input data. With 4K size objects. no need to be chunked as I
 know.


 The time consumed by *reader(self.network_chunk_size)*

 Jul 20 17:09:36 angryman-storage-01 object-server Reader: 0.001391

 Jul 20 17:09:36 angryman-storage-01 object-server Reader: 0.001839

 Jul 20 17:09:36 angryman-storage-01 object-server Reader: 0.00164

 Jul 20 17:09:36 angryman-storage-01 object-server Reader: 0.002786

 Jul 20 17:09:36 angryman-storage-01 object-server Reader: 2.716707

 Jul 20 17:09:36 angryman-storage-01 object-server Reader: 1.005659

 Jul 20 17:09:36 angryman-storage-01 object-server Reader: 0.055982

 Jul 20 17:09:36 angryman-storage-01 object-server Reader: 0.002205


 Jul 20 18:39:14 angryman-storage-01 object-server WTF: 0.000968

 Jul 20 18:39:14 angryman-storage-01 object-server WTF: 0.001328

 Jul 20 18:39:14 angryman-storage-01 object-server WTF: 10.003368

 Jul 20 18:39:14 angryman-storage-01 object-server WTF: 0.001243

 Jul 20 18:39:14 angryman-storage-01 object-server WTF: 0.001562


 Jul 20 17:52:41 angryman-storage-01 object-server WTF: 0.001067

 Jul 20 17:52:41 angryman-storage-01 object-server WTF: 13.804413

[Openstack] [nova] nova-manage is getting deprecated?

[Tong Li]

Awhile back, there was a comment on a nova-manage defect stated that
nova-manage is getting deprecated. Can any one tell what and when the
replacement will be? Thanks.

Tong Li
Emerging Technologies  Standards
Building 501/B205
liton...@us.ibm.com___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [nova] Proposal for Sean Dague to join nova-core

[Matt Dietz]

+1

From: Tong Li liton...@us.ibm.commailto:liton...@us.ibm.com
Date: Friday, July 20, 2012 1:34 PM
To: Vishvananda Ishaya vishvana...@gmail.commailto:vishvana...@gmail.com
Cc: 
openstack-bounces+litong01=us.ibm@lists.launchpad.netmailto:openstack-bounces+litong01=us.ibm@lists.launchpad.net
 
openstack-bounces+litong01=us.ibm@lists.launchpad.netmailto:openstack-bounces+litong01=us.ibm@lists.launchpad.net,
 Openstack 
(openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net) 
(openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net) 
openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net
Subject: Re: [Openstack] [nova] Proposal for Sean Dague to join nova-core


+1,
Sean will be a great addition to the nova-core. He has always been willing to 
lend a helping hand in the community.

Tong Li
Emerging Technologies  Standards
Building 501/B205
liton...@us.ibm.commailto:liton...@us.ibm.com

[Inactive hide details for Vishvananda Ishaya ---07/20/2012 01:53:48 PM---Hello 
Everyone, When I was going through the list of r]Vishvananda Ishaya 
---07/20/2012 01:53:48 PM---Hello Everyone, When I was going through the list 
of reviewers to see who would be good for nova-cor

From: Vishvananda Ishaya vishvana...@gmail.commailto:vishvana...@gmail.com
To: Openstack 
(openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net) 
(openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net) 
openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net
Date: 07/20/2012 01:53 PM
Subject: [Openstack] [nova] Proposal for Sean Dague to join nova-core
Sent by: 
openstack-bounces+litong01=us.ibm@lists.launchpad.netmailto:openstack-bounces+litong01=us.ibm@lists.launchpad.net





Hello Everyone,

When I was going through the list of reviewers to see who would be good for 
nova-core a few days ago, I left one out. Sean has been doing a lot of reviews 
lately[1] and did the refactor and cleanup of the driver loading code. I think 
he would also be a great addition to nova-core.

Vish

[1] https://review.openstack.org/#/dashboard/2750
___
Mailing list: https://launchpad.net/~openstack
Post to : 
openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp


attachment: graycol.gif___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [nova] Proposal for Sean Dague to join nova-core

[Anne Gentle]

I agree, especially after seeing how thorough Sean is. I'm not on
nova-core myself but wanted to give a thumbs up to his nomination.

On Fri, Jul 20, 2012 at 12:49 PM, Vishvananda Ishaya
vishvana...@gmail.com wrote:
 Hello Everyone,

 When I was going through the list of reviewers to see who would be good for 
 nova-core a few days ago, I left one out. Sean has been doing a lot of 
 reviews lately[1] and did the refactor and cleanup of the driver loading 
 code. I think he would also be a great addition to nova-core.

 Vish

 [1] https://review.openstack.org/#/dashboard/2750
 ___
 Mailing list: https://launchpad.net/~openstack
 Post to : openstack@lists.launchpad.net
 Unsubscribe : https://launchpad.net/~openstack
 More help   : https://help.launchpad.net/ListHelp

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Swift] LFS patch (Ia32c9c34)

[Stefano Maffulli]

[consider moving the thread to OpenStack-Dev]

John raises an important point below that I think deserves attention not
only from SWIFT developers but also from the INFRA team. Testing patches
for specific systems raises the need for testing environments, for
Solaris and ZFS.

INFRA-Team: what's your take on this?

/stef

On 07/18/2012 02:50 PM, John Dickinson wrote:
 Nexenta's LFS patch (https://review.openstack.org/#/c/7524/) has
 languished for a while, and I'd like to address that.
 
 First, thank you for your patch submission. This patch adds new
 functionality that potentially can allow swift to be deployed in more
 places. The original version of the patch, which you referenced, was
 quite a bit more complex. Thanks for listening to the feedback from
 the reviewers and refactoring out most of the complexity. The current
 state of the patch appears to be much improved. I do hope that the
 patch can be approved and merged into swift.
 
 However, there are two things which make it more difficult to approve
 this patch: review time and ability to test.
 
 This patch touches the ring builder, which is a rather complex part
 of swift. To properly review it, it will take two of the core devs at
 least a day each. Unfortunately, putting other normal job duties on
 hold for a day or more is very hard to do. This isn't a problem with
 Nexenta or the patch itself; it actually points to a problem with
 swift. We shouldn't have a part of the code so integral to the system
 that requires a full dev day every time it's touched.
 
 The other issue with approving the patch is testing. Any new feature
 that is merged into swift becomes something that all swift
 contributors must now support and maintain. The maintenance burden is
 lessened (but not eliminated) by any sort of testing that can be
 provided. The LFS patch adds functionality that cannot be well
 tested. At best, we can only test that the patch doesn't break any
 existing functionality. But we have no way to ensure that later
 patches won't break the functionality that this patch provides. Since
 this patch is currently only really useful with Nexenta's separate
 lfs middleware for ZFS, and since there is no testing infrastructure
 set up to test swift on Solaris/ZFS, we cannot offer any sort of
 support or maintenance for the feature this patch provides.
 
 If Nexenta would like to provide and run some hardware for testing
 purposes, it would go a long way to helping ensure that this feature
 and others like it can be properly added to and maintained in swift.
 If this LFS patch is indeed accepted, it will be Nextenta's
 responsibility to ensure that all future patches in swift do not
 break the LFS functionality. (This applies to the previously merged
 patch for Solaris compatibility, too.)
 
 
 
 --John
 
 
 
 
 
 On Jul 16, 2012, at 3:45 PM, Victor Rodionov wrote:
 
 Hello
 
 I've submit patch (https://review.openstack.org/#/c/7101/), that
 help Swift use special features of file system on that it working.
 
 One of the  changes in this patch is for reduce number of network
 replicas of partition if user use self-repairing mirrored device.
 For this user should add mirror_copies parameter to each device. By
 default mirror_copies for all devices is 1, so changes of code
 don't take any effect for current Swift deployments.  For almost
 all systems three singleton replicas can be replaced by two
 mirrored replicas. So if all user devices is mirrored
 (mirror_copies = 2), then number of network copies of most
 partition will be reduced, and then for operation like PUT and POST
 we will make less request. The definition of mirroring specifically
 requires the local file system detect the bad replica on its own,
 such as by calculating checksums of the content, and automatically
 repairing data defects when discovered.  So if one of devices fail
 recovery will be done by file system without coping data from other
 device. This changes was made in ring builder and take effect if
 mirror_copies  1, so this code is not danger for current Swift
 users, but for other users can provide new possibility.
 
 Also this patch add hooks, that can be used for manipulation with
 file system, when Swift operate with account, container or object
 files. This hooks used by middleware that is separate project, so
 if user don't install it this changes will not take effect.
 
 This feature only enabled by customers that have chosen to install
 the enabling software and turn it on and it is easy to test that
 this patches have no impact on the generic deployments.
 
 Most of patch code was restructured, most of logic was moved to
 middleware level and use hooks in Swift code. I create separate
 project (LFS middleware https://github.com/nexenta/lfs) for now
 there are only 2 supported file system types (XFS and ZFS) there.
 Also this middleware provide API for getting file system status
 information (for example, for ZFS it's current pool status, etc).
 
 Further the 

Re: [Openstack] VM can't ping self floating IP after a snapshot is taken

[Gabriel Hurley]

I ran into some similar issues with the _enable_hairpin() call. The call is 
allowed to fail silently and (in my case) was failing. I couldn't for the life 
of me figure out why, though, and since I'm really not a networking person I 
didn't trace it along too far.

Just thought I'd share my similar pain.


-  Gabriel

From: openstack-bounces+gabriel.hurley=nebula@lists.launchpad.net 
[mailto:openstack-bounces+gabriel.hurley=nebula@lists.launchpad.net] On 
Behalf Of Sam Su
Sent: Thursday, July 19, 2012 11:50 AM
To: Brian Haley
Cc: openstack
Subject: Re: [Openstack] VM can't ping self floating IP after a snapshot is 
taken

Thank you for your support.

I checked the file  nova/virt/libvirt/connection.py, the sentence  
self._enable_hairpin(instance) is already added to the function  _hard_reboot().
It looks like there are some difference between taking snapshot and reboot 
instance. I tried to figure out how to fix this bug but failed.

It will be much appreciated if anyone can give some hints.

Thanks,
Sam

On Thu, Jul 19, 2012 at 8:37 AM, Brian Haley 
brian.ha...@hp.commailto:brian.ha...@hp.com wrote:
On 07/17/2012 05:56 PM, Sam Su wrote:
 Hi,

 Just This always happens in Essex release. After I take a snapshot of my VM ( 
 I
 tried Ubuntu 12.04 or CentOS 5.8), VM can't ping its self floating IP; before 
 I
 take a snapshot though, VM can ping its self floating IP.

 This looks closely related to https://bugs.launchpad.net/nova/+bug/933640, but
 still a little different. In 933640, it sounds like VM can't ping its self
 floating IP regardless whether we take a snapshot or not.

 Any suggestion to make an easy fix? And what is the root cause of the problem?
It might be because there's a missing _enable_hairpin() call in the reboot()
function.  Try something like this...

nova/virt/libvirt/connection.py, _hard_reboot():

 self._create_new_domain(xml)
+self._enable_hairpin(instance)
 self.firewall_driver.apply_instance_filter(instance, network_info)

At least that's what I remember doing myself recently when testing after a
reboot, don't know about snapshot.

Folsom has changed enough that something different would need to be done there.

-Brian

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] [KeyStone] Requestid, context, notification in Keystone

[Nachi Ueno]

Hi Joe

Nova ,Glance,Quantum(WIP)  support Requestid, context, notification concept.
IMO, Keystone should also have same functionality.
Do you have any thought about this?

Thank you in advance
Nachi Ueno

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Weird nova-network bridging problem with precise/essex

[Narayan Desai]

Just for the record, we found the issue. There was some filtering
being applied in the bridge code which randomly (?) dropped some DNS
requests. Setting:
net.bridge.bridge-nf-call-arptables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-ip6tables = 0

completely resolved the problem.

I've written up full details here:
http://buriedlede.blogspot.com/2012/07/debugging-networking-problems-with.html
 -nld

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [OpenStack][Swift] Some questions about the performance of swift .

[Kuo Hugo]

2012/7/21 Paulo Ricardo Motta Gomes pauloricard...@gmail.com

 Have you monitored the cpu utilization of the proxy server and the storage
 nodes? I did similar tests with Swift and the proxy server exhausted its
 capacity with a only few concurrent requests for very small objects.


Maximum CPU utilization on Proxy is reached to 100% on all cores at
beginning. and 60~70 % on storage nodes.
It seems up and down in a periodical duration. I did several system tunings
, such as sysctl , ulimit etc... The concurrency request could be 500+  for
4K size though.


 If you notice object servers are not overloaded, but proxy is overloaded,
 a solution might be to have more proxy servers if you hav


Result still same with multiple proxy servers(2-4) . and each powerful
swift-bench clients for each proxy node.  Also , I did a test by
swift-benc's direct client function to a particular node . I found there's
a closed result .  Once more objects been uploaded . The

for chunk in iter(lambda: reader(self.network_chunk_size), ''):

take lots of time periodically.




 It seems a problem of overload, since there are only 4 servers in the
 system and a large level of concurrency. Have you tried slowly increasing
 the number of concurrency to find the point where the problem starts? This
 point may be the capacity of your system.


Last week , I got more servers from another HW providers with more
CPU/RAM/DISKs . 12 Disks in each storage node.  This deployment of swift
cluster keep in better performance for longer time. Unfortunately , after
15,000,000 object . The performance reduced to half and the Failure
appeared.
I concerned about that if the (total number objs/disk numbers) = ?  will
cause such affect in large deployment.(aka. cloud storage provider ,
telecom , bank etc.)

Really confusing  ..



 Also, are you using persistent connections to the proxy server to send the
 object? If so, maybe try to renew them once in a while.


Renew connections for each round in swift-bench as I know.

Well , swift-bench create a connection pool with concurrency = x
connections . I think that connections been renew in every round.

Something strange is that the performance back to beginning while I flush
all data on storage nodes. (whatever by format disk / r m )



 Cheers,

 Paulo

Thanks for your reply


 2012/7/20 Kuo Hugo tonyt...@gmail.com

 Hi Sam , and all openstacker

 This is Hugo . I'm facing an issue about the performance  *degradation*  of
 swift .
 I tried to figure out the problem of the issue which I faced in recent
 days.

 Environment :
 Swift version : master branch . latest code.
 Tried on Ubuntu 12.04/11.10
 1 Swift-proxy : 32GB-ram / CPU 4*2 / 1Gb NIC*2
 3 Storage-nodes : each for 32GB-ram / CPU 4*2 / 2TB*7 / 1Gb NIC*2

 storage nodes runs only main workers(object-server , container-server ,
 account-server)

 I'm in testing with 4K size objects by swift-bench.

 Per round bench.conf
 object_size = 4096
 Concurrency : 200
 Object number: 20
 Containers : 200
 no delete objects ..

 At beginning , everything works fine in my environment.  The average
 speed of PUT is reached to 1200/s .
 After several rounds test . I found that the performance is down to
 300~400/s
 And after more rounds , failures appeared  , and ERROR in proxy's log as
 followed

 Jul 20 18:44:54 angryman-proxy-01 proxy-server ERROR with Object server
 192.168.100.101:36000/DISK5 re: Trying to get final status of PUT to
 /v1/AUTH_admin/9cbb3f9336b34019a6e7651adfc06a86_51/87b48a3474c7485c95aeef95c6911afb:
 Timeout (10s) (txn: txb4465d895c9345be95d81632db9729af) (client_ip:
 172.168.1.2)
 Jul 20 18:44:54 angryman-proxy-01 proxy-server ERROR with Object server
 192.168.100.101:36000/DISK4 re: Trying to get final status of PUT to
 /v1/AUTH_admin/9cbb3f9336b34019a6e7651adfc06a86_50/7405e5824cff411f8bb3ecc7c52ffd5a:
 Timeout (10s) (txn: txe0efab51f99945a7a09fa664b821777f) (client_ip:
 172.168.1.2)
 Jul 20 18:44:55 angryman-proxy-01 proxy-server ERROR with Object server
 192.168.100.101:36000/DISK5 re: Trying to get final status of PUT to
 /v1/AUTH_admin/9cbb3f9336b34019a6e7651adfc06a86_33/f322f4c08b124666bf7903812f4799fe:
 Timeout (10s) (txn: tx8282ecb118434f828b9fb269f0fb6bd0) (client_ip:
 172.168.1.2)


 After trace the code of object-server swift/obj/server.py and insert a
 timer on
 https://github.com/openstack/swift/blob/master/swift/obj/server.py#L591


 for chunk in iter(lambda: reader(self.network_chunk_size), ''):


 Seems that the reader sometimes took a lot of time for receiving data
 from wsgi.input. Not every request , it looks like has a time of periods.

 So that I check the history of Swift , I saw your commit
 https://github.com/openstack/swift/commit/783f16035a8e251d2138eb5bbaa459e9e4486d90
  . That's the only one which close to my issue.  So that I hope that
 there's some suggestions for me.

 My considerations :

 1. Does it possible  caused by greenio switch ?

 2. Does it related to the number of objects existing on 

[Openstack-ubuntu-testing-notifications] Build Fixed: precise_folsom_deploy #80

[openstack-testing-bot]

Title: precise_folsom_deploy
General InformationBUILD SUCCESSBuild URL:https://jenkins.qa.ubuntu.com/job/precise_folsom_deploy/80/Project:precise_folsom_deployDate of build:Fri, 20 Jul 2012 12:47:02 -0400Build duration:13 minBuild cause:Started by command lineBuilt on:masterHealth ReportWDescriptionScoreBuild stability: 2 out of the last 5 builds failed.60ChangesNo ChangesBuild Artifactslogs/syslog.tar.gzlogs/test-02.os.magners.qa.lexington-log.tar.gzlogs/test-03.os.magners.qa.lexington-log.tar.gzlogs/test-04.os.magners.qa.lexington-log.tar.gzlogs/test-06.os.magners.qa.lexington-log.tar.gzlogs/test-07.os.magners.qa.lexington-log.tar.gzlogs/test-08.os.magners.qa.lexington-log.tar.gzlogs/test-09.os.magners.qa.lexington-log.tar.gzlogs/test-10.os.magners.qa.lexington-log.tar.gzlogs/test-11.os.magners.qa.lexington-log.tar.gzConsole Output[...truncated 2395 lines...]  -> Relation: nova-cloud-controller:identity-service <-> keystone:identity-service  -> Relation: glance:shared-db <-> mysql:shared-db  -> Relation: glance:identity-service <-> keystone:identity-service  -> Relation: nova-volume:shared-db <-> mysql:shared-db  -> Relation: nova-volume:amqp <-> rabbitmq:amqp  -> Relation: openstack-dashboard:identity-service <-> keystone:identity-service  -> Relation: nova-compute:shared-db <-> mysql:shared-db  -> Relation: nova-compute:amqp <-> rabbitmq:amqp  -> Relation: nova-compute:image-service <-> glance:image-service  -> Relation: nova-compute:network-manager <-> nova-cloud-controller:network-manager  -> Relation: nova-compute:identity-service <-> keystone:identity-service- Ensuring relation state- Deployment complete in 776 seconds.- Juju command log:juju deploy --config=/tmp/tmpuhVUI0 --repository=/var/lib/jenkins/jobs/precise_folsom_deploy/workspace local:nova-compute nova-computejuju deploy --config=/tmp/tmpuhVUI0 --repository=/var/lib/jenkins/jobs/precise_folsom_deploy/workspace local:nova-volume nova-volumejuju deploy --config=/tmp/tmpuhVUI0 --repository=/var/lib/jenkins/jobs/precise_folsom_deploy/workspace local:nova-cloud-controller nova-cloud-controllerjuju deploy --config=/tmp/tmpuhVUI0 --repository=/var/lib/jenkins/jobs/precise_folsom_deploy/workspace local:keystone keystonejuju deploy --repository=/var/lib/jenkins/jobs/precise_folsom_deploy/workspace local:rabbitmq rabbitmqjuju deploy --repository=/var/lib/jenkins/jobs/precise_folsom_deploy/workspace local:mysql mysqljuju deploy --repository=/var/lib/jenkins/jobs/precise_folsom_deploy/workspace local:openstack-dashboard openstack-dashboardjuju deploy --config=/tmp/tmpuhVUI0 --repository=/var/lib/jenkins/jobs/precise_folsom_deploy/workspace local:glance glancejuju add-relation keystone:shared-db mysql:shared-dbjuju add-relation nova-cloud-controller:shared-db mysql:shared-dbjuju add-relation nova-cloud-controller:amqp rabbitmq:amqpjuju add-relation nova-cloud-controller:image-service glance:image-servicejuju add-relation nova-cloud-controller:identity-service keystone:identity-servicejuju add-relation glance:shared-db mysql:shared-dbjuju add-relation glance:identity-service keystone:identity-servicejuju add-relation nova-volume:shared-db mysql:shared-dbjuju add-relation nova-volume:amqp rabbitmq:amqpjuju add-relation openstack-dashboard:identity-service keystone:identity-servicejuju add-relation nova-compute:shared-db mysql:shared-dbjuju add-relation nova-compute:amqp rabbitmq:amqpjuju add-relation nova-compute:image-service glance:image-servicejuju add-relation nova-compute:network-manager nova-cloud-controller:network-managerjuju add-relation nova-compute:identity-service keystone:identity-service+ rc=0+ echo 'Deployer returned: 0'Deployer returned: 0+ [[ 0 != 0 ]]+ jenkins-cli build precise_folsom_coverage+ exit 0Archiving artifactsEmail was triggered for: FixedTrigger Success was overridden by another trigger and will not send an email.Sending email for trigger: Fixed-- 
Mailing list: https://launchpad.net/~openstack-ubuntu-testing-notifications
Post to : openstack-ubuntu-testing-notifications@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack-ubuntu-testing-notifications
More help   : https://help.launchpad.net/ListHelp

[Openstack-ubuntu-testing-notifications] Build Fixed: quantal_folsom_horizon_trunk #51

[openstack-testing-bot]

Title: quantal_folsom_horizon_trunk
General InformationBUILD SUCCESSBuild URL:https://jenkins.qa.ubuntu.com/job/quantal_folsom_horizon_trunk/51/Project:quantal_folsom_horizon_trunkDate of build:Fri, 20 Jul 2012 19:01:55 -0400Build duration:4 min 24 secBuild cause:Started by an SCM changeBuilt on:pkg-builderHealth ReportWDescriptionScoreBuild stability: 4 out of the last 5 builds failed.20ChangesPartial sync of jsonutils from openstack-commonby vuntzedithorizon/openstack/common/jsonutils.pyFix the more link on the images tableby markmcedithorizon/dashboards/nova/images_and_snapshots/views.pyConsole Output[...truncated 5793 lines...]gpg: Good signature from "Openstack Ubuntu Testing Bot (Jenkins Key) "gpg: Signature made Fri Jul 20 19:04:23 2012 EDT using RSA key ID 9935ACDCgpg: Good signature from "Openstack Ubuntu Testing Bot (Jenkins Key) "Checking signature on .changesGood signature on /tmp/tmpN46f1_/horizon_2012.2+git201207201902~quantal-0ubuntu1_source.changes.Checking signature on .dscGood signature on /tmp/tmpN46f1_/horizon_2012.2+git201207201902~quantal-0ubuntu1.dsc.Uploading to ppa (via ftp to ppa.launchpad.net):  Uploading horizon_2012.2+git201207201902~quantal-0ubuntu1.dsc: done.  Uploading horizon_2012.2+git201207201902~quantal.orig.tar.gz: done.  Uploading horizon_2012.2+git201207201902~quantal-0ubuntu1.debian.tar.gz: done.  Uploading horizon_2012.2+git201207201902~quantal-0ubuntu1_source.changes: done.Successfully uploaded packages.INFO:root:Installing build artifacts into /var/lib/jenkins/www/aptDEBUG:root:['reprepro', '--waitforlock', '10', '-Vb', '/var/lib/jenkins/www/apt', 'include', 'quantal-folsom', 'horizon_2012.2+git201207201902~quantal-0ubuntu1_amd64.changes']Exporting indices...Successfully created '/var/lib/jenkins/www/apt/dists/quantal-folsom/Release.gpg.new'Successfully created '/var/lib/jenkins/www/apt/dists/quantal-folsom/InRelease.new'Deleting files no longer referenced...deleting and forgetting pool/main/h/horizon/openstack-dashboard-ubuntu-theme_2012.2+git201207092207~quantal-0ubuntu1_all.debdeleting and forgetting pool/main/h/horizon/openstack-dashboard_2012.2+git201207092207~quantal-0ubuntu1_all.debdeleting and forgetting pool/main/h/horizon/python-django-horizon_2012.2+git201207092207~quantal-0ubuntu1_all.debdeleting and forgetting pool/main/h/horizon/python-django-openstack_2012.2+git201207092207~quantal-0ubuntu1_all.debINFO:root:Pushing changes back to bzr testing branchDEBUG:root:['bzr', 'push', 'lp:~openstack-ubuntu-testing/horizon/quantal-folsom']Pushed up to revision 112.INFO:root:Storing current commit for next build: d174c791231d6694466520b16e4ac76556f3daceINFO:root:Complete command log:INFO:root:Destroying schroot.git archive master --format tar --prefix horizon-2012.2-201207201902/git archive master --format tar --prefix horizon-2012.2-201207201902/git log -n1 --no-merges --pretty=format:%Hgit log f3dc3b93c49d922505b2d15e6b064ba9ed716413..HEAD --no-merges --pretty=format:[%h] %sbzr branch lp:~openstack-ubuntu-testing/horizon/quantal-folsom-proposed horizonbzr merge lp:~openstack-ubuntu-testing/horizon/quantal-folsom --forcedch -b -D quantal --newversion 2012.2+git201207201902~quantal-0ubuntu1 Automated Ubuntu testing build:dch -b -D quantal --newversion 2012.2+git201207201902~quantal-0ubuntu1 Automated Ubuntu testing build:debcommitbzr builddeb -S -- -sa -us -ucmk-build-deps -i -r -t apt-get -y /tmp/tmpN46f1_/horizon/debian/controlbzr builddeb -S -- -sa -us -ucdebsign -k9935ACDC horizon_2012.2+git201207201902~quantal-0ubuntu1_source.changessbuild -d quantal-folsom -n -A horizon_2012.2+git201207201902~quantal-0ubuntu1.dscdput ppa:openstack-ubuntu-testing/folsom-trunk-testing horizon_2012.2+git201207201902~quantal-0ubuntu1_source.changesreprepro --waitforlock 10 -Vb /var/lib/jenkins/www/apt include quantal-folsom horizon_2012.2+git201207201902~quantal-0ubuntu1_amd64.changesbzr push lp:~openstack-ubuntu-testing/horizon/quantal-folsomEmail was triggered for: FixedTrigger Success was overridden by another trigger and will not send an email.Sending email for trigger: Fixed-- 
Mailing list: https://launchpad.net/~openstack-ubuntu-testing-notifications
Post to : openstack-ubuntu-testing-notifications@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack-ubuntu-testing-notifications
More help   : https://help.launchpad.net/ListHelp