[Openstack] Quotas in folsom
I'm running into quota problems trying to increase the number of security groups and rules within security groups per tenant. Setting quota_security_groups and quota_security_group_rules in nova.conf seem to have no effect. There also doesn't seem to be any way to change the quota limits for security groups through the nova client or horizon. How do I go about changing these quotas or is there a way to disable all quotas all together? ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] EC2 api and tenants
Ryan, This looks like what the problem was. I'm running 2012.1 from the epel packages on centos 6.2. The ec2 layer doesn't look like it follows policy.json by default. It still has roles for netadmin, sysadmin and projectmanager hard coded in nova/api/ec2/__init__.py. Right now, I'm just making use of netadmin and sysadmin rather than creating new rules in policy.json. On Thu, Aug 2, 2012 at 6:51 PM, Ryan Lane rl...@wikimedia.org wrote: On Thu, Aug 2, 2012 at 1:23 PM, Mitchell Broome mitchell.bro...@gmail.com wrote: I'm using essex 2012.1 and I'm running into an issue with tenant separation using the ec2 api. I end up having to give a user the 'admin' role in keytone to create instances within a tenant. I can live with that but the problem is, now that the user has 'admin', they also see all of the instances including ones from other tenants via a describe_instances(). If I only give them the 'Member' role, they can only see the instances within thier default tenant but they can't create instances. Also, if they only have 'Member', I'm able to create instances via horizon manually. I'm assuming I'm missing some combination of roles I need to setup to allow a users to create instances in thier default tenant but not see other instances in other tenants. So far, from what I can tell, you need to add custom roles (or continue using sysadmin and netadmin), and add these roles to the proper actions in policy.json. - Ryan ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] EC2 api and tenants
I'm using essex 2012.1 and I'm running into an issue with tenant separation using the ec2 api. I end up having to give a user the 'admin' role in keytone to create instances within a tenant. I can live with that but the problem is, now that the user has 'admin', they also see all of the instances including ones from other tenants via a describe_instances(). If I only give them the 'Member' role, they can only see the instances within thier default tenant but they can't create instances. Also, if they only have 'Member', I'm able to create instances via horizon manually. I'm assuming I'm missing some combination of roles I need to setup to allow a users to create instances in thier default tenant but not see other instances in other tenants. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Anyone using instance metadata?
We are using metadata tags to maintain assorted information about instances that doesn't have to be provided to the instance it's self. Things like letting users assign notes to their instances which shouldn't be exposed as userdata (which we use to configure the machines). It would be really nice to have metadata exposed via the ec2 compatibility api with create_tags() and the like as right now, I have to create an exception to set tags on instances differently when they are created in openstack vs amazon. On Tue, Jul 3, 2012 at 6:10 PM, Steve Baker st...@stevebaker.org wrote: Hi Vish On Wed, Jul 4, 2012 at 6:28 AM, Vishvananda Ishaya vishvana...@gmail.com wrote: Metadata is supposed to be user tags that are associated with a guest that are available via the api. We discussed displaying these tags inside the guest as well. I've just been looking into what is already in place to implement the CreateTags, DeleteTags, DescribeTags API and I also came across the *_instance_metadata compute API. http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/Using_Tags.html#Using_Tags_API The tags API can add tags to a number of resource types, but currently there only seems to be a metadata tables for instances and volumes. Would there be interest in me working on a change to implement CreateTags, DeleteTags, DescribeTags for instances and volumes? Later changes could add new metadata tables for the other taggable resource types. cheers ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Configuring Openstack (Essex) to use existing Dynamic DNS servers
I didn't find anything that caught my eye either. I'm not sure if it's the kind of thing your looking for but I ended up writing my own integration. Basically, I'm watching the qpid queue (haven't tried rabbitmq) for messages related to the creation and deletion of instances and pushing the data into mysql that powerdns is using as a backend. I'm still using dnsmasq for the dhcp. It's still very much a work in progress but it 's been working fine in my test environment for a few weeks now. If you want, you can give it a try at: https://github.com/mbroome/openstackdns On Tue, Jun 12, 2012 at 12:31 PM, Lillie Ross-CDSR11 ross.lil...@motorolasolutions.com wrote: All, I'm finally starting the upgrade to our internal cloud to the Essex release that's part of Ubuntu 12.04LTS. I'd like to setup the cloud to register instance names with our existing internal DNS servers. While there's some mention of this searching the Web, I haven't stumbled across anything definitive. My guess is that I need to replace the default dnsmasq server with an alternate backend such as nsupdate, however I'm unsure how the overall DHCP/DNS plumbing is configured. Are there any pointers and/or design documents that I could be pointed towards to give me a better understanding to help me implement this functionality? Also, I see that there appears to be a nova-compute extension in the current development branch that appears to provide this functionality if I've read things correctly. However I'd rather rely upon released packages for our essex deployment, rather than pulling in code from the development trunk. Anyways, any pointers would be appreciated. Thanks in advance, and regards, Ross ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp