Re: [Openstack] Keystone client, user belongs to many tenants?

2012-05-10 Thread Joseph Heck 
Guang,

I think you need to re-read the code. The association between a user and tenant 
is what the role represents, and its inaccurate to assert that a user is 
aligned only with a single tenant ever, that is not the case. 

A role is no longer global, specifically to avoid the tremendous confusion and 
inaccuracy of implementation about how to apply a role that relates a tenant 
and user along with a potential "global" role concept that was in the earliest 
implementations of Keystone. The current implementation is simpler and far more 
specific and clear in it's implementation.

-joe

On May 9, 2012, at 10:22 PM, Yee, Guang wrote:
> I think this use case underscores one of the key differences between the fat 
> Keystone (Diablo - E3) and KSL (Essex final).  In fat Keystone, users and 
> tenants are loosely coupled. They are bind together by role assignments. In 
> KSL, users and tenants are tightly coupled, and IMHO very inflexible. Maybe 
> the following example would further clarify this …
>  
> Suppose you have tenants Dodgers, Giants, and Brewers, user Bud Selid, roles 
> Commissioner and Minority Owner, and service MLB. And you want Bud Selid to 
> have the Commissioner role for Dodgers, Giants, and Brewers, but Minority 
> Owner role for Brewers only.
>  
> In fat Keystone, there a couple of ways you can accomplish this.
>  
> 1)  Make Commissioner a “global role” (unscoped) and assign it to user 
> Bud Selid. Assign the Minority Owner role to Bud Selid for tenant Brewers by 
> creating a role reference. When Bud Selid tries to access MLB with his 
> unscoped token, MLB will get his Commissioner role back from Keystone. When 
> Bud Selid tries to access MLB with his token scoped to Brewers, MLB will get 
> both his Commissioner and Minority Owner roles back from Keystone. When Bud 
> Selid tries to acess MLB with his token scoped to Giants or Dodgers, MLB will 
> only get his Commissioner role back from Keystone.
> 2)  Assign the Commissioner role to Bud Selid to tenants Giants, Dodgers, 
> and Brewers individually by creating the respective role references. Assign 
> the Minority Owner role to Bud Selid for tenant Brewers by creating another 
> role reference. In this scenario, Bud Selid will always need a scoped token 
> to access MLB.
>  
> In KSL, there really aren’t any effective ways to accomplish the same thing. 
> Global roles are no longer supported.  A given user must assign to exactly 
> one tenant. I suppose you can have Bud Selid under the “Default Tenant”, and 
> assign both Commissioner and Minority Owner roles to him. But there are two 
> major side effects.
>  
> 1)  Bud Selid must access MLB with the token scoped to the “Default 
> Tenant” in order for MLB to recognize him as Commissioner. Which means he IS 
> ALSO the Minority Owner for Dodgers, Giants, and Brewers. J
> 2)  If Bud Selid tries to access MLB with the token scoped to either 
> Giants, Dodgers, or Brewers, his a NOBODY. J
>  
> The upcoming Domains blueprint (to be implemented for Folsom), which offers 
> true multitenancy, should support these types of use cases.
>  
> https://blueprints.launchpad.net/keystone/+spec/keystone-domains
>  
> With Domains, you can create a MLB domain with tenants Dodgers, Giants, and 
> Brewers. And have Bud Selid under the MLB domain. Notice that users will no 
> longer be assigned to tenants. They will be under a domain. Create roles 
> Commissioner and Minority Owner in the MLB domain. Assign the Commissioner 
> role to Bud Selid, and the Minority Owner role scoped to Brewers. Suppose you 
> have another domain NFL, Bud Selid will not be able to access any tenants in 
> the NFL domain, unless the NFL domain administrator explicitly assign NFL 
> roles to Bud Selid.
>  
>  
> Guang
>  
>  
>  
>  
> From: openstack-bounces+guang.yee=hp@lists.launchpad.net 
> [mailto:openstack-bounces+guang.yee=hp@lists.launchpad.net] On Behalf Of 
> Dolph Mathews
> Sent: Wednesday, May 09, 2012 4:34 PM
> To: Joshua Harlow
> Cc: openstack
> Subject: Re: [Openstack] Keystone client, user belongs to many tenants?
>  
> The user create command is actually creating discrete users, each with a 
> "default tenant" reference.
>  
> While that's fine for a lot of simple use cases, it doesn't directly support 
> a user accessing multiple tenants at all.
>  
> Instead, create a role, and grant that role to a user-tenant pair, creating 
> an explicit relationship between the two. Using default tenants is optional 
> with this method, but will affect how users must auth.
> 
> -Dolph Mathews
> 
> On May 9, 2012, at 3:46 PM, Joshua Harlow  wrote:
> 
> A question,
> 
> I am using anvil to setup the keystone roles/users/tenants.
> 
> It seems like the python keystone  client has the following command:
> 
> client.users.create
> 
> Which seems to take in the following:
> 
> create(self, name, password, email, tenant_id=None, enabled=True):
> 
> I would assume a user name can be used in multipl

Re: [Openstack] Keystone client, user belongs to many tenants?

2012-05-10 Thread Dolph Mathews 
+1

The second "way to accomplish this" is exactly what keystone currently supports 
(explicit role grants), which didn't change between diablo and essex at all.

The first method (using global unscopedness) was dropped because its just as 
confusing as you describe it.

-Dolph Mathews

On May 10, 2012, at 2:35 AM, Joseph Heck  wrote:

> Guang,
> 
> I think you need to re-read the code. The association between a user and 
> tenant is what the role represents, and its inaccurate to assert that a user 
> is aligned only with a single tenant ever, that is not the case. 
> 
> A role is no longer global, specifically to avoid the tremendous confusion 
> and inaccuracy of implementation about how to apply a role that relates a 
> tenant and user along with a potential "global" role concept that was in the 
> earliest implementations of Keystone. The current implementation is simpler 
> and far more specific and clear in it's implementation.
> 
> -joe
> 
> On May 9, 2012, at 10:22 PM, Yee, Guang wrote:
>> I think this use case underscores one of the key differences between the fat 
>> Keystone (Diablo - E3) and KSL (Essex final).  In fat Keystone, users and 
>> tenants are loosely coupled. They are bind together by role assignments. In 
>> KSL, users and tenants are tightly coupled, and IMHO very inflexible. Maybe 
>> the following example would further clarify this …
>>  
>> Suppose you have tenants Dodgers, Giants, and Brewers, user Bud Selid, roles 
>> Commissioner and Minority Owner, and service MLB. And you want Bud Selid to 
>> have the Commissioner role for Dodgers, Giants, and Brewers, but Minority 
>> Owner role for Brewers only.
>>  
>> In fat Keystone, there a couple of ways you can accomplish this.
>>  
>> 1)  Make Commissioner a “global role” (unscoped) and assign it to user 
>> Bud Selid. Assign the Minority Owner role to Bud Selid for tenant Brewers by 
>> creating a role reference. When Bud Selid tries to access MLB with his 
>> unscoped token, MLB will get his Commissioner role back from Keystone. When 
>> Bud Selid tries to access MLB with his token scoped to Brewers, MLB will get 
>> both his Commissioner and Minority Owner roles back from Keystone. When Bud 
>> Selid tries to acess MLB with his token scoped to Giants or Dodgers, MLB 
>> will only get his Commissioner role back from Keystone.
>> 2)  Assign the Commissioner role to Bud Selid to tenants Giants, 
>> Dodgers, and Brewers individually by creating the respective role 
>> references. Assign the Minority Owner role to Bud Selid for tenant Brewers 
>> by creating another role reference. In this scenario, Bud Selid will always 
>> need a scoped token to access MLB.
>>  
>> In KSL, there really aren’t any effective ways to accomplish the same thing. 
>> Global roles are no longer supported.  A given user must assign to exactly 
>> one tenant. I suppose you can have Bud Selid under the “Default Tenant”, and 
>> assign both Commissioner and Minority Owner roles to him. But there are two 
>> major side effects.
>>  
>> 1)  Bud Selid must access MLB with the token scoped to the “Default 
>> Tenant” in order for MLB to recognize him as Commissioner. Which means he IS 
>> ALSO the Minority Owner for Dodgers, Giants, and Brewers. J
>> 2)  If Bud Selid tries to access MLB with the token scoped to either 
>> Giants, Dodgers, or Brewers, his a NOBODY. J
>>  
>> The upcoming Domains blueprint (to be implemented for Folsom), which offers 
>> true multitenancy, should support these types of use cases.
>>  
>> https://blueprints.launchpad.net/keystone/+spec/keystone-domains
>>  
>> With Domains, you can create a MLB domain with tenants Dodgers, Giants, and 
>> Brewers. And have Bud Selid under the MLB domain. Notice that users will no 
>> longer be assigned to tenants. They will be under a domain. Create roles 
>> Commissioner and Minority Owner in the MLB domain. Assign the Commissioner 
>> role to Bud Selid, and the Minority Owner role scoped to Brewers. Suppose 
>> you have another domain NFL, Bud Selid will not be able to access any 
>> tenants in the NFL domain, unless the NFL domain administrator explicitly 
>> assign NFL roles to Bud Selid.
>>  
>>  
>> Guang
>>  
>>  
>>  
>>  
>> From: openstack-bounces+guang.yee=hp@lists.launchpad.net 
>> [mailto:openstack-bounces+guang.yee=hp@lists.launchpad.net] On Behalf Of 
>> Dolph Mathews
>> Sent: Wednesday, May 09, 2012 4:34 PM
>> To: Joshua Harlow
>> Cc: openstack
>> Subject: Re: [Openstack] Keystone client, user belongs to many tenants?
>>  
>> The user create command is actually creating discrete users, each with a 
>> "default tenant" reference.
>>  
>> While that's fine for a lot of simple use cases, it doesn't directly support 
>> a user accessing multiple tenants at all.
>>  
>> Instead, create a role, and grant that role to a user-tenant pair, creating 
>> an explicit relationship between the two. Using default tenants is optional 
>> with this method, but will affect ho

Re: [Openstack] [Metering] Bootstrapping, first counter implementation

2012-05-10 Thread Julien Danjou 
On Wed, May 09 2012, Doug Hellmann wrote:

> I'm not sure what you mean. I was able to use nova.service to create a
> "metering" server and a simple manager that subscribes to the notification
> events. See https://github.com/dhellmann/metering-prototype (metering-test
> is the main program and testmanager.py is the manager class). I borrowed
> your Connection code.

Actually, the Service class is supposed to handle the AMQP (or whatever
backend) connection itself and bind it to a set of topics. But it uses
the nova.rpc.impl_kombu.Connection class that uses ProxyCallback and
that one obviously fails to decode notification. This is why I say I
failed to the Service class.

You cheated since you opened another AMQP connection in your Manager
class, rendering the connection from the Service class useless. I wish
we could access the connection from the Service from the Manager so we
can reuse it at least, but that does not seem possible neither.

On the other hand, even if it's not the cleanest way to do things, I
kind of like using the Service class so I'll probably grab your code
anyway. :-)

Thanks Doug,
-- 
Julien Danjou
// eNovance  http://enovance.com
// ✉ julien.dan...@enovance.com  ☎ +33 1 49 70 99 81

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Metering] schema and counter definitions

2012-05-10 Thread Loic Dachary 
On 05/09/2012 11:11 PM, Doug Hellmann wrote:
>
>
> On Wed, May 9, 2012 at 3:07 PM, Tomasz Paszkowski  > wrote:
>
> On Wed, May 9, 2012 at 8:02 PM, Doug Hellmann
> mailto:doug.hellm...@dreamhost.com>> wrote:
> >
> > Nice!
> >
> > For production code I think we are going to want to separate collection 
> from
> > storage, aren't we? We don't want each compute node to require access 
> to the
> > database server (that's an issue with nova that they are trying to fix
> > during the folsom release, IIRC).
>
> Yes. Part of the code responsible for amqp support is not functional yet 
> :(
>
>
> OK, that's what I thought.
>
> We all seem to be reinventing different parts of the services that we will 
> eventually need, which is good for education but may be wasting a bit of 
> energy. Is it premature to start talking a little more about architecture so 
> we can start splitting up the implementation work and focusing that energy 
> differently? There is a lot of work we can do independently of the remaining 
> decisions outlined in http://wiki.openstack.org/Meetings/MeteringAgenda.
Hi,

It looks like the architecture of metering is indeed always implemented in 
similar ways. I had discussions with a company yesterday about their own 
metering implementation (which will be used in production soon) and it also has 
an architecture matching what has been proposed so far in ceilometer. I added a 
few points to the architecture chapter in the wiki:

http://wiki.openstack.org/EfficientMetering#Architecture

including a note summarizing the conclusions of the discussion regarding need 
for an independent ceilometer agent in addition to the existing meters provided 
by the OpenStack components.

What do you think ?
>  
>
>
>
>
> --
> Tomasz Paszkowski
> SS7, Asterisk, SAN, Datacenter, Cloud Computing
> +48500166299 
>
> ___
> Mailing list: https://launchpad.net/~openstack 
> 
> Post to : openstack@lists.launchpad.net 
> 
> Unsubscribe : https://launchpad.net/~openstack 
> 
> More help   : https://help.launchpad.net/ListHelp
>
>
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp


-- 
Loïc Dachary Chief Research Officer
// eNovance labs   http://labs.enovance.com
// ? l...@enovance.com  ? +33 1 49 70 99 82

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Improving Xen support in the libvirt driver

2012-05-10 Thread Daniel P. Berrange 
On Wed, May 09, 2012 at 11:08:13PM -0600, Jim Fehlig wrote:
> Hi,
> 
> I've been tinkering with improving Xen support in the libvirt driver and
> wanted to discuss a few issues before submitting patches.
> 
> Even the latest upstream release of Xen (4.1.x) contains a rather old
> qemu, version 0.10.2, which rejects qcow2 images with cluster size >
> 64K.  The libvirt driver creates the COW image with cluster size of 2M. 
> Is this for performance reasons?  Any objections to removing that option
> and going with 'qemu-img create' default of 64K?

In general larger cluster size does improve the performance of
qcow2. I'm not sure how much of a delta we get by going from
64k to 2M though. If there's any doubt then I guess it could be
made into a configuration parameter.

> In a setup with both Xen and KVM compute nodes, I've found a few options
> for controlling scheduling of an instance to the correct node.  One
> option uses availability zones, e.g.
> 
> # nova.conf on Xen compute nodes
> node_availability_zone=xen-hosts
> 
> # launching a Xen PV instance
> nova boot --image  --availability_zone xen-hosts ...
> 
> The other involves a recent commit adding additional capabilities for
> compute nodes [1] and the vm_mode image property [2] used by the
> XenServer driver to distinguish HVM vs PV images.  E.g.
> 
> # nova.conf on Xen compute nodes
> additional_compute_capabilities="pv,hvm"
> 
> # Set vm_mode property on Xen image
> glance update  vm_mode=pv
> 
> I prefer that latter approach since vm_mode will be needed in the
> libvirt driver anyhow to create proper config for PV vs HVM instances. 
> Currently, the driver creates usable config for PV instances, but needs
> some adjustments for HVM.

Yes, tagging the image with details of its required guest ABI does
seem like something we need to do to be able to properly support
a choice betweeen PV & HVM images. It is not very good the way we
currently just hardcode PV only for Xen usage in the libvirt driver.

Regards,
Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Improving Xen support in the libvirt driver

2012-05-10 Thread Muriel 

Il 10/05/2012 07:08, Jim Fehlig ha scritto:

Hi,

I've been tinkering with improving Xen support in the libvirt driver and
wanted to discuss a few issues before submitting patches.

Even the latest upstream release of Xen (4.1.x) contains a rather old
qemu, version 0.10.2, which rejects qcow2 images with cluster size>
64K.  The libvirt driver creates the COW image with cluster size of 2M.
Is this for performance reasons?  Any objections to removing that option
and going with 'qemu-img create' default of 64K?


If I remember correctly, the qcow images are not the only problem with 
xen, but I'm far from the code for too long time. In the past (diablo), 
the method for counting the ram (and cpu perhaps?) did not work with xen 
and this affected the choices of the scheduler. I have no idea if this 
happens in essex/folsom.


Regards,
Muriel


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Improving Xen support in the libvirt driver

2012-05-10 Thread Daniel P. Berrange 
On Thu, May 10, 2012 at 09:06:58AM +0100, Daniel P. Berrange wrote:
> On Wed, May 09, 2012 at 11:08:13PM -0600, Jim Fehlig wrote:
> > Hi,
> > 
> > I've been tinkering with improving Xen support in the libvirt driver and
> > wanted to discuss a few issues before submitting patches.
> > 
> > Even the latest upstream release of Xen (4.1.x) contains a rather old
> > qemu, version 0.10.2, which rejects qcow2 images with cluster size >
> > 64K.  The libvirt driver creates the COW image with cluster size of 2M. 
> > Is this for performance reasons?  Any objections to removing that option
> > and going with 'qemu-img create' default of 64K?
> 
> In general larger cluster size does improve the performance of
> qcow2. I'm not sure how much of a delta we get by going from
> 64k to 2M though. If there's any doubt then I guess it could be
> made into a configuration parameter.

I had a quick chat with Kevin Wolf who's the upstream QEMU qcow2 maintainer
and he said that 64k is the current recommended cluster size for qcow2.
Above this size, the cost of COW becomes higher causing an overall
drop in performance.

Looking at GIT history, Nova has used cluster_size=2M since Vish first
added qcow2 support, and there's no mention of why in the commit message.
So unless further info comes to light, I'd say we ought to just switch
to use qemu-img's default setting of 64K for both Xen and KVM.

Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Metering] External API definition

2012-05-10 Thread Loic Dachary 
On 05/10/2012 05:46 AM, Daniel Dyer wrote:
> Is it your assumption that there will be one metering service per 
> "installation" or one per service (i.e swift, nova)? My assumption would be a 
> single metering service, so the API would need to handle some additional use 
> cases:
> -list services supported
> -list metrics for a service type
> -get metric details
>
Hi,

I added the "list services supported" assuming service == OpenStack component 
(nova, swift etc.)

http://wiki.openstack.org/EfficientMetering?action=diff&rev2=66&rev1=65

I added the "list meters for a component"

http://wiki.openstack.org/EfficientMetering?action=diff&rev2=67&rev1=66

I'm not sure what you mean by "metric details", could you expand ? It could be 
a description (human readable ?) of a given meter. Since we're using a fixed 
form storage, I'm not sure what else needs to be returned.

Cheers
> I would also consider separate use cases for accessing raw events vs. 
> aggregated metrics.
>
> Dan Dyer
> dan.d...@hp.com 
>
> On Wed, May 9, 2012 at 10:44 AM, Nick Barcet  > wrote:
>
>
>
> Doug Hellmann  > wrote:
>
> >On Wed, May 9, 2012 at 11:27 AM, Nick Barcet
> >mailto:nick.bar...@canonical.com>>wrote:
> >
> >> On 05/08/2012 08:27 AM, Nick Barcet wrote:
> >> [..]
> >>
> >> Thinking about this, I think we need to expend the API a bit to
> >reflect
> >> the evolutions of the schema that we decided last week.  Here are my
> >> proposals:
> >>
> >> > * Requests allow to
> >> >   GET account_id list
> >>
> >> change to: GET [user_id|project_id|source] list
> >>
> >
> >Does the [value|value] syntax mean "choose one" or "combine"? I assume
> >"choose one" and you are using square brackets because parens are used
> >in some of the other queries.
>
> You assumed correctly :)
>
> >>
> >> >   GET list of counter_type
> >> >   GET list of events per account
> >> > optional start and end for counter_datetime
> >> > optional counter_type
> >>
> >> change to: GET list of events per [user_id|project_id|source]
> >> optional start and end for counter_datetime
> >>optional counter_type
> >>
> >
> >Users may cross projects, so I'm not sure it makes sense to ask for the
> >events generated by a user without restricting it by the project. At
> >the very least we may need to allow them to specify user_id or project_id
> >or both.
>
> Good point. Thanks for catching this.
>
> >>
> >> >   GET sum of (counter_volume, counter_duration) for counter_type
> >and
> >> > account_id
> >> > optional start and end for counter_datetime
> >>
> >>   GET sum of (counter_volume, counter_duration) for counter_type and
> >> [user_id|project_id|source]
> >>  optional start and end for counter_datetime
> >>
> >> Hope this makes sense.
> >>
> >> Another item that we need to discuss is extensibility of this API.
> >>
> >> Nick
>
>
> ___
> Mailing list: https://launchpad.net/~openstack 
> 
> Post to : openstack@lists.launchpad.net 
> 
> Unsubscribe : https://launchpad.net/~openstack 
> 
> More help   : https://help.launchpad.net/ListHelp
>
>
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp


-- 
Loïc Dachary Chief Research Officer
// eNovance labs   http://labs.enovance.com
// ? l...@enovance.com  ? +33 1 49 70 99 82

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] i18n of log message

2012-05-10 Thread Ying Chun Guo 
I18N is an architecture decision. Besides developers, we should also
consult customers' options.

I18N is a very big scope. It includes not only translation, but also
Date/time format, number format,
or even the input of non-English characters. Surely I18N will take some
efforts. But considering
OpenStack may have a long history, it deserve us to pay some time to work
on it. We need to consider
it carefully. Maybe we can just pick out several very popular
locales/languages and work on these localization
firstly. It will ensure we have a correct architecture to suppor I18N, with
a not very big effort.

I'd like to help on the process documenting.

Regards
Daisy

openstack-bounces+guoyingc=cn.ibm@lists.launchpad.net wrote on
05/09/2012 12:55:48 AM:

> Thierry Carrez 
> Sent by: openstack-bounces+guoyingc=cn.ibm@lists.launchpad.net
>
> 05/09/2012 12:55 AM
>
> To
>
> openstack@lists.launchpad.net,
>
> cc
>
> Subject
>
> Re: [Openstack] i18n of log message
>
> Ying Chun Guo wrote:
> > [...]
> > So I prefer option 2. As it is said that   option 3 being not
> > significantly more work than option 2, so option 3 is also acceptable
> > for me.
>
> So there is no strong consensus so far :) One important prerequisite of
> whatever solution we end up choosing is that it should be the same level
> across all OpenStack core projects. Consistency is important... So we
> should definitely ask PTLs which options they are ready to support, as
> it may seriously reduce our options.
>
> We should also have a I18N advocacy czar that will push whatever option
> is chosen to completion by documenting the process, encouraging CI /
> translators / devs to do any needed work. Anyone up to it ?
>
> --
> Thierry Carrez (ttx)
> Release Manager, OpenStack
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Improving Xen support in the libvirt driver

2012-05-10 Thread Alvaro Lopez 
On Thu 10 May 2012 (10:41), Muriel wrote:
> If I remember correctly, the qcow images are not the only problem
> with xen, but I'm far from the code for too long time. In the past
> (diablo), the method for counting the ram (and cpu perhaps?) did not
> work with xen and this affected the choices of the scheduler. I have
> no idea if this happens in essex/folsom.

I've sent to review some code [1] that tries to fix this issue [2].

[1] https://review.openstack.org/#/c/7296/
[2] https://bugs.launchpad.net/nova/+bug/997014

Regards,
-- 
Álvaro López García  al...@ifca.unican.es



___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Cannot get ssh-key in instance

2012-05-10 Thread livemoon 
I running an instance(ubuntu or centos), and it cannot get keypair.

In ubuntu12.04, I have install cloud-init and in centos I have add some
command into /etc/rc.local

There is some of instance's logs about cloud-init:

cloud-init start-local running: Thu, 10 May 2012 10:17:33 +. up 4.47
seconds

no instance data found in start-local

ci-info: lo: 1 127.0.0.1   255.0.0.0   .

ci-info: eth0  : 1 10.0.200.5  255.255.255.224 fa:16:3e:6a:30:7c

ci-info: route-0: 0.0.0.0 10.0.200.1  0.0.0.0 eth0   UG

ci-info: route-1: 10.0.200.0  0.0.0.0 255.255.255.224 eth0   U

cloud-init start running: Thu, 10 May 2012 10:17:33 +. up 5.00 seconds

no instance data found in start

I think it maybe some missing in nova host, How to fix it?


-- 
非淡薄无以明志,非宁静无以致远
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Cannot get ssh-key in instance

2012-05-10 Thread Razique Mahroua 
Hey
 livememon, is it possible to see the content of the rc.local. Also,
 are other instances able to reach the metadata server ? 	   
   	livemoon  
  10 mai 2012 12:24I running an 
instance(ubuntu or centos), and it cannot get keypair.In
 ubuntu12.04, I have install cloud-init and in centos I have add some 
command into /etc/rc.local
There is some of instance's logs about cloud-init:cloud-init start-local 
running: Thu, 10 May 2012 10:17:33 +. up 4.47 seconds
no instance data found in 
start-local
ci-info: lo    : 1 127.0.0.1  
     255.0.0.0       .
ci-info: eth0  : 1 10.0.200.5  
    255.255.255.224 fa:16:3e:6a:30:7c
ci-info: route-0: 0.0.0.0      
   10.0.200.1      0.0.0.0         eth0   UG
ci-info: route-1: 10.0.200.0  
    0.0.0.0         255.255.255.224 eth0   U
cloud-init start running: Thu,
 10 May 2012 10:17:33 +. up 5.00 seconds
no instance data found in 
start
I
 think it maybe some missing in nova host, How to fix it?
-- 非淡薄无以明志,非宁静无以致远

___Mailing list: 
https://launchpad.net/~openstackPost to : 
openstack@lists.launchpad.netUnsubscribe : 
https://launchpad.net/~openstackMore help   : 
https://help.launchpad.net/ListHelp-- Razique
 Mahroua
Nuage & Co - Razique Mahroua 
razique.mahr...@gmail.com


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] [devstack] Quantum support

2012-05-10 Thread Gary Kotton 

Hi,
https://review.openstack.org/#/c/7169/ ensures that all of the open 
source agents have uniform database access. This requires a minor change 
to the devstack code.
In addition to this I have added in some minor chnages which ensure that 
the devstack user is able to run Quantum Plugins and agents on separate 
hosts. The original code would not work if they were on different hosts 
- both need to access the data connection. This is addressed in 
https://review.openstack.org/7300.

Can someone please review.
Thanks
Gary

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] [Metering] Meeting agenda for today 16:00 UTC (May 10th, 2012)

2012-05-10 Thread Loic Dachary 
Hi,

The metering project team holds a meeting in #openstack-meeting, Thursdays at 
1600 UTC 
. 
Everyone is welcome.
I propose an agenda based on the discussions we had on this list.

http://wiki.openstack.org/Meetings/MeteringAgenda
Topic: external API definition

 * API defaults and API extensions
 * API extension
   * extension= loads the  python module
   *  method query is called with the
 * QUERY_STRING
 * a handler to the storage
 * a pointer to the configuration
 * API calls common arguments
   * Datetime range : start and end
 * Transparent cache for aggregation
 * API defaults http://wiki.openstack.org/EfficientMetering#API
   * GET list components
   * GET list components meters (argument : name of the component)
   * GET list accounts
   * GET list of meter_type
   * GET list of events per account
   * GET sum of (meter_volume, meter_duration) for meter_type and account_id
   * other ?
 * open discussion

Cheers

-- 
Loïc Dachary Chief Research Officer
// eNovance labs   http://labs.enovance.com
// ? l...@enovance.com  ? +33 1 49 70 99 82

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Cannot get ssh-key in instance

2012-05-10 Thread Yong Sheng Gong 
have you started the instance with keypair?-openstack-bounces+gongysh=cn.ibm@lists.launchpad.net wrote: -To: livemoon From: Razique Mahroua Sent by: openstack-bounces+gongysh=cn.ibm@lists.launchpad.netDate: 05/10/2012 06:29PMCc: openstack@lists.launchpad.netSubject: Re: [Openstack] Cannot get ssh-key in instance

Hey
 livememon, is it possible to see the content of the rc.local. Also,
 are other instances able to reach the metadata server ?
   livemoon  
  10 mai 2012 12:24I running an 
instance(ubuntu or centos), and it cannot get keypair.In
 ubuntu12.04, I have install cloud-init and in centos I have add some 
command into /etc/rc.local
There is some of instance's logs about cloud-init:cloud-init start-local 
running: Thu, 10 May 2012 10:17:33 +. up 4.47 seconds
no instance data found in 
start-local
ci-info: lo    : 1 127.0.0.1  
     255.0.0.0       .
ci-info: eth0  : 1 10.0.200.5  
    255.255.255.224 fa:16:3e:6a:30:7c
ci-info: route-0: 0.0.0.0      
   10.0.200.1      0.0.0.0         eth0   UG
ci-info: route-1: 10.0.200.0  
    0.0.0.0         255.255.255.224 eth0   U
cloud-init start running: Thu,
 10 May 2012 10:17:33 +. up 5.00 seconds
no instance data found in 
start
I
 think it maybe some missing in nova host, How to fix it?-- 非淡薄无以明志,非宁静无以致远

___Mailing list: 
https://launchpad.net/~openstackPost to : 
openstack@lists.launchpad.netUnsubscribe : 
https://launchpad.net/~openstackMore help   : 
https://help.launchpad.net/ListHelp-- Razique
 Mahroua
Nuage & Co - Razique Mahroua 
razique.mahr...@gmail.com

___Mailing list: https://launchpad.net/~openstackPost to     : openstack@lists.launchpad.netUnsubscribe : https://launchpad.net/~openstackMore help   : https://help.launchpad.net/ListHelp

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Metering] Meeting agenda for today 16:00 UTC (May 10th, 2012)

2012-05-10 Thread Loic Dachary 
On 05/10/2012 02:14 PM, Loic Dachary wrote:
> Hi,
>
> The metering project team holds a meeting in #openstack-meeting, Thursdays at 
> 1600 UTC 
> . 
> Everyone is welcome.
> I propose an agenda based on the discussions we had on this list.
>
> http://wiki.openstack.org/Meetings/MeteringAgenda
> Topic: external API definition
>
>  * API defaults and API extensions
>  * API extension
>* extension= loads the  python module
>*  method query is called with the
>  * QUERY_STRING
>  * a handler to the storage
>  * a pointer to the configuration
>  * API calls common arguments
>* Datetime range : start and end
>  * Transparent cache for aggregation
>  * API defaults http://wiki.openstack.org/EfficientMetering#API
>* GET list components
>* GET list components meters (argument : name of the component)
>* GET list accounts
>* GET list of meter_type
>* GET list of events per account
>* GET sum of (meter_volume, meter_duration) for meter_type and account_id
Based on the discussions on the list I changed the list to:

#info GET list components
#info GET list components meters (argument : name of the component)
#info GET list [user_id|project_id|source]
#info GET list of meter_type
#info GET list of events per [user_id|project_id|source] ( allow to specify 
user_id or project_id
or both )
#info GET sum of (meter_volume, meter_duration) for meter_type and 
[user_id|project_id|source]
#info other ?

>* other ?
>  * open discussion
>
> Cheers
> -- 
> Loïc Dachary Chief Research Officer
> // eNovance labs   http://labs.enovance.com
> // ? l...@enovance.com  ? +33 1 49 70 99 82


-- 
Loïc Dachary Chief Research Officer
// eNovance labs   http://labs.enovance.com
// ? l...@enovance.com  ? +33 1 49 70 99 82

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Accessing VMs in Flat DHCP mode with multiple host

2012-05-10 Thread Michaël Van de Borne 

Hello,

I'm running into troubles accessing my instances.
I have 3 nodes:
1. proxmox that virtualizes in KVM my controller node
1.1 the controller node (10.10.200.50) runs keystone, nova-api, 
network, scheduler, vncproxy and volumes but NOT compute as it is 
already a VM

2. glance in a physical node
3. compute in a physical node

my nova.conf network config is:
--dhcpbridge_flagfile=/etc/nova/nova.conf
--dhcpbridge=/usr/bin/nova-dhcpbridge
--routing_source_ip=10.10.200.50
--libvirt_use_virtio_for_bridges=true
--network_manager=nova.network.manager.FlatDHCPManager
--public_interface=eth0
--flat_interface=eth1
--flat_network_bridge=br100
--fixed_range=192.168.200.0/24
--floating_range=10.10.200.0/24
--network_size=256
--flat_network_dhcp_start=192.168.200.5
--flat_injected=False
--force_dhcp_release
--network_host=10.10.200.50

I even explicitly allows icmp and tcp port 22 traffic like this:

euca-authorize -P icmp -t -1:-1 default
euca-authorize -P tcp -p 22 default


before setting these rules, I was getting 'Operation not permitted' when 
pinging the VM from the compute node. After setting these, I just get no 
output at all (not even 'Destination Host Unreachable')



The network was created like this:
nova-manage network create private --fixed_range_v4=192.168.200.0/24 
--bridge=br100 --bridge_interface=eth1 --num_networks=1 --network_size=256


However I cannot ping or ssh my instances once they're active. I have 
already set up such an Essex environment but the controller node was 
physical. Morevover, every examples in the doc presents a controller 
node that runs nova-compute.


So I'm wondering if either:
- having the controller in a VM
- or not running compute on the controller
would prevent things to work properly.

What can I check? iptables? is dnsmasq unable to give the VM an address?

I'm running out of ideas. Any suggestion would be highly appreciated.

Thank you,

michaël




--
Michaël Van de Borne
R&D Engineer, SOA team, CETIC
Phone: +32 (0)71 49 07 45 Mobile: +32 (0)472 69 57 16, Skype: mikemowgli
www.cetic.be, rue des Frères Wright, 29/3, B-6041 Charleroi

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Glance] Replication implementations

2012-05-10 Thread Eoghan Glynn 


BTW that patch is up for review as:

  https://review.openstack.org/7302

Cheers,
eoghan

> I'm working on a patch to at least make the glance UUID -> S3 image
> ID
> not totally depend on an on-demand insertion order as it does now.
> 
> Agreed, collisions are inevitable given the relative domain and range
> sizes (122 unique bit UUID versus 32-bit hex string) - in testing,
> the first colliding UUID tends to occur after ~75k-80k images IDs
> have been generated.
> 
> So at least it would be useful for smaller deployments to have a
> semi-predictable ID mapping (modulo collisions).
> 
> For larger deployments, the mapping data to be replicated could be
> much reduced by limiting it to the colliding IDs.
> 
> Cheers,
> Eoghan
> 
> > Alternatively, we could just consider the ec2 mapping layer to be
> > global data that must be replicated somehow across the system.  I
> > don't think we can really ensure no collisions mapping from uuid ->
> > ec2_id deterministically, and I don't see a clear path forward when
> > we do get a collision.
> > 
> > Vish
> > 
> > On May 8, 2012, at 12:24 AM, Michael Still wrote:
> > 
> > > On 04/05/12 20:31, Eoghan Glynn wrote:
> > > 
> > > Sorry for the slow reply, I've been trapped in meetings.
> > > 
> > > [snip]
> > > 
> > >> So the way things currently stand, the EC2 image ID isn't really
> > >> capable of
> > >> migration.
> > >> 
> > >> I was thinking however that we should change the EC2 image
> > >> generation logic,
> > >> so that there is a reproducible glance UUID -> EC2 mapping (with
> > >> a
> > >> small
> > >> chance of collision). This change would allow the same EC2 ID to
> > >> be generated
> > >> in multiple regions for a given glance UUID (modulo collisions).
> > >> 
> > >> Would that be helpful in your migration use-case?
> > > 
> > > I do think this is a good idea. Or even if the column wasn't
> > > auto-increment, but just picked a random number or something
> > > (because
> > > that would be marginally less likely to clash). Without somehow
> > > making
> > > these ec2 ids more global, replication between regions is going
> > > to
> > > suffer from ec2 api users having to somehow perform a lookup out
> > > of
> > > band.
> > > 
> > > Now, my use case is a bit special, because I can enforce that
> > > images are
> > > only ever uploaded to one master region, and then copied to all
> > > others.
> > > I think that's probably not true for other users though.
> > > 
> > > Mikal
> > > 
> > > ___
> > > Mailing list: https://launchpad.net/~openstack
> > > Post to : openstack@lists.launchpad.net
> > > Unsubscribe : https://launchpad.net/~openstack
> > > More help   : https://help.launchpad.net/ListHelp
> > 
> > 
> 
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
> 

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Improving Xen support in the libvirt driver

2012-05-10 Thread Muriel 

Il 10/05/2012 11:48, Alvaro Lopez ha scritto:

On Thu 10 May 2012 (10:41), Muriel wrote:

If I remember correctly, the qcow images are not the only problem
with xen, but I'm far from the code for too long time. In the past
(diablo), the method for counting the ram (and cpu perhaps?) did not
work with xen and this affected the choices of the scheduler. I have
no idea if this happens in essex/folsom.

I've sent to review some code [1] that tries to fix this issue [2].

[1] https://review.openstack.org/#/c/7296/
[2] https://bugs.launchpad.net/nova/+bug/997014

Regards,
Great! But there is a reason if are you using /proc/meminfo instead of 
getInfo when calculating the memory used?
You know if there is a way to get, using libvirt, the reserved memory 
for dom0? Or the only solution is to read the configuration file of xen?


Thanks,
Muriel


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Metering] API Extensibility (was: External API definition)

2012-05-10 Thread Loic Dachary 
> Another item that we need to discuss is extensibility of this API.

Hi,

Here is a proposal, which we could discuss further during the meeting.

GET extension=¶m1=foo¶m2=bar

The API looks up /usr/share/ceilometer/extensions/.py and loads it. The 
 module defines a query function that takes the following arguments:

* QUERY_STRING (i.e. extension=¶m1=foo¶m2=bar )
* a handler to the storage
* a pointer to the configuration (assuming there is a /etc/ceilometer.ini file, 
for instance)

The query function would return the result. For instance { 'in': 20001, 'out': 
489324 } if asked for aggregated network usage.

Multiple extensions directories could be specified and searched, allowing a 
mixture of extensions provided in ceilometer and custom extensions to address 
specific needs or to mature an new extension.

The primary benefit of defining extensions in this way is to avoid complex 
conventions for aggregations or other advanced operations. If the API was to 
impose a syntax or conventions to say "sum this field and this one and display 
the result ordered in this way and grouped by this field and this one", it 
would be redundant with the query language of the underlying data. For 
instance, if using mongodb, it would be difficult to expose all the features 
provided by http://www.mongodb.org/display/DOCS/Aggregation or 
http://www.mongodb.org/display/DOCS/MapReduce

Cheers

-- 
Loïc Dachary Chief Research Officer
// eNovance labs   http://labs.enovance.com
// ✉ l...@enovance.com  ☎ +33 1 49 70 99 82


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Cannot get ssh-key in instance

2012-05-10 Thread livemoon 
I am sure image is ok since of I use the same image in both older version
installed via devstack on ubuntu11.10 and new version installed on
ubuntu12.04.

In older version, it can work well. but now it cannot. Am I missing
something in nova.conf ?

On Thu, May 10, 2012 at 8:29 PM, Yong Sheng Gong  wrote:

> have you started the instance with keypair?
>
>
> -openstack-bounces+gongysh=cn.ibm@lists.launchpad.net wrote: -
>
> To: livemoon  
> From: Razique Mahroua 
> Sent by: openstack-bounces+gongysh=cn.ibm@lists.launchpad.net
> Date: 05/10/2012 06:29PM
> Cc: openstack@lists.launchpad.net
> Subject: Re: [Openstack] Cannot get ssh-key in instance
>
> Hey livememon,
> is it possible to see the content of the rc.local. Also, are other
> instances able to reach the metadata server ?
>
>  livemoon 
>  10 mai 2012 12:24
> I running an instance(ubuntu or centos), and it cannot get keypair.
>
> In ubuntu12.04, I have install cloud-init and in centos I have add some
> command into /etc/rc.local
>
> There is some of instance's logs about cloud-init:
>
> cloud-init start-local running: Thu, 10 May 2012 10:17:33 +. up 4.47
> seconds
>
> no instance data found in start-local
>
> ci-info: lo: 1 127.0.0.1   255.0.0.0   .
>
> ci-info: eth0  : 1 10.0.200.5  255.255.255.224 fa:16:3e:6a:30:7c
>
> ci-info: route-0: 0.0.0.0 10.0.200.1  0.0.0.0 eth0   UG
>
> ci-info: route-1: 10.0.200.0  0.0.0.0 255.255.255.224 eth0   U
>
> cloud-init start running: Thu, 10 May 2012 10:17:33 +. up 5.00 seconds
>
> no instance data found in start
>
> I think it maybe some missing in nova host, How to fix it?
>
>
> --
> 非淡薄无以明志,非宁静无以致远
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
>
>
> --
> Razique Mahroua
> Nuage & Co - Razique Mahroua
> razique.mahr...@gmail.com
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
>
>


-- 
非淡薄无以明志,非宁静无以致远
<><>___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Help with security groups ("in use" error) in juju/openstack.

2012-05-10 Thread Jorge Luiz Correa 
Hi all!

I'm having some problems with juju and security groups in openstack. When I
try to instantiate about 10 instances, some of them generate an error
related to the security groups. The log below is from nova-api.log. I'm
using versions from ubuntu 12.04 LTS packages (nova*, keystone etc).

2012-05-10 09:31:04 DEBUG nova.api.ec2.apirequest
[req-2c360b59-311d-4792-a730-e14a750220e9 de0bba964c7b4948bef8bb04d7111cae
fed67a76052340e6b225879aed674846] http://ec2.amazonaws.com/doc/2008-12-01/
">req-2c360b59-311d-4792-a730-e14a750220e965535tcp
0.0.0.0/0
1defaultdefaultfed67a76052340e6b225879aed67484622tcp
0.0.0.0/022-1icmpjuju-samplefed67a76052340e6b225879aed674846-165535tcpjuju-samplefed67a76052340e6b225879aed674846165535udpjuju-samplefed67a76052340e6b225879aed6748461juju-samplejuju
group for
samplefed67a76052340e6b225879aed674846juju-sample-0juju
group for sample machine
0fed67a76052340e6b225879aed674846juju-sample-1juju
group for sample machine
1fed67a76052340e6b225879aed674846juju-sample-10juju
group for sample machine
10fed67a76052340e6b225879aed674846juju-sample-11juju
group for sample machine
11fed67a76052340e6b225879aed674846juju-sample-2juju
group for sample machine
2fed67a76052340e6b225879aed674846juju-sample-3juju
group for sample machine
3fed67a76052340e6b225879aed674846juju-sample-4juju
group for sample machine
4fed67a76052340e6b225879aed674846juju-sample-5juju
group for sample machine
5fed67a76052340e6b225879aed674846juju-sample-6juju
group for sample machine
6fed67a76052340e6b225879aed674846juju-sample-7juju
group for sample machine
7fed67a76052340e6b225879aed674846juju-sample-8juju
group for sample machine
8fed67a76052340e6b225879aed674846juju-sample-9juju
group for sample machine
9fed67a76052340e6b225879aed674846
from (pid=4973) _render_response
/usr/lib/python2.7/dist-packages/nova/api/ec2/apirequest.py:105
2012-05-10 09:31:04 INFO nova.api.ec2
[req-2c360b59-311d-4792-a730-e14a750220e9 de0bba964c7b4948bef8bb04d7111cae
fed67a76052340e6b225879aed674846] 0.296059s 172.16.0.3 GET /services/Cloud
CloudController:DescribeSecurityGroups 200 [Twisted PageGetter] text/plain
text/xml
2012-05-10 09:31:04 DEBUG nova.api.ec2
[req-02334bdb-0fd2-4cc1-a4e6-449e61f954b1 de0bba964c7b4948bef8bb04d7111cae
fed67a76052340e6b225879aed674846] action: DeleteSecurityGroup from
(pid=4973) __call__
/usr/lib/python2.7/dist-packages/nova/api/ec2/__init__.py:435
2012-05-10 09:31:04 DEBUG nova.api.ec2
[req-02334bdb-0fd2-4cc1-a4e6-449e61f954b1 de0bba964c7b4948bef8bb04d7111cae
fed67a76052340e6b225879aed674846] arg: GroupName  val:
juju-sample-11 from (pid=4973) __call__
/usr/lib/python2.7/dist-packages/nova/api/ec2/__init__.py:437
2012-05-10 09:31:04 ERROR nova.api.ec2
[req-02334bdb-0fd2-4cc1-a4e6-449e61f954b1 de0bba964c7b4948bef8bb04d7111cae
fed67a76052340e6b225879aed674846] Unexpected error raised: Group not valid.
Reason: In Use
2012-05-10 09:31:04 TRACE nova.api.ec2 Traceback (most recent call last):
2012-05-10 09:31:04 TRACE nova.api.ec2   File
"/usr/lib/python2.7/dist-packages/nova/api/ec2/__init__.py", line 582, in
__call__
2012-05-10 09:31:04 TRACE nova.api.ec2 result =
api_request.invoke(context)
2012-05-10 09:31:04 TRACE nova.api.ec2   File
"/usr/lib/python2.7/dist-packages/nova/api/ec2/apirequest.py", line 81, in
invoke
2012-05-10 09:31:04 TRACE nova.api.ec2 result = method(context, **args)
2012-05-10 09:31:04 TRACE nova.api.ec2   File
"/usr/lib/python2.7/dist-packages/nova/api/ec2/cloud.py", line 827, in
delete_security_group
2012-05-10 09:31:04 TRACE nova.api.ec2 raise
exception.InvalidGroup(reason="In Use")
2012-05-10 09:31:04 TRACE nova.api.ec2 InvalidGroup: Group not valid.
Reason: In Use
2012-05-10 09:31:04 TRACE nova.api.ec2
2012-05-10 09:31:04 ERROR nova.api.ec2
[req-02334bdb-0fd2-4cc1-a4e6-449e61f954b1 de0bba964c7b4948bef8bb04d7111cae
fed67a76052340e6b225879aed674846] Environment: {"CONTENT_TYPE":
"text/plain", "SCRIPT_NAME": "/services/Cloud", "REQUEST_METHOD": "GET",
"HTTP_HOST": "10.129.10.44:8773", "PATH_INFO": "", "SERVER_PROTOCOL":
"HTTP/1.0", "QUERY_STRING":
"AWSAccessKeyId=08d1790ca04646f3b116331a6565d2a7&Action=DeleteSecurityGroup&GroupName=juju-sample-11&Signature=xY3AzcbV2yQ2QY4N8kAhC5mmnA3dzsAp3lfxMfMQmFs%3D&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-05-10T12%3A30%3A53Z&Version=2008-12-01",
"HTTP_USER_AGENT": "Twisted PageGetter", "SERVER_NAME": "10.129.10.44",
"REMOTE_ADDR": "172.16.0.3", "wsgi.url_scheme": "http", "SERVER_PORT":
"8773", "GATEWAY_INTERFACE": "CGI/1.1"}
2012-05-10 09:31:04 ERROR nova.api.ec2
[req-02334bdb-0fd2-4cc1-a4e6-449e61f954b1 de0bba964c7b4948bef8bb04d7111cae
fed67a76052340e6b225879aed674846] UnknownError: An unknown error has
occurred. Please try your request again.

As we can see it says that a group in invalid because is in use.

I've cleared the nova database so I didnt have any security group. It is
creating the security groups and generating the problem.

When I destroy the environment with juju destroy-environment, some r

Re: [Openstack] Accessing VMs in Flat DHCP mode with multiple host

2012-05-10 Thread Yong Sheng Gong 
HI,First you have to make sure the network between your control node's br100 and your compute node's br100 are connected. and then can you show the output on control node:ps -ef | grep dnsmasqbrctl showifconfig2. can you login to your vm by vnc to see the eth0 configuration and then try to run udhcpc?Thanks-openstack-bounces+gongysh=cn.ibm@lists.launchpad.net wrote: -To: "openstack@lists.launchpad.net" From: Michaël Van de Borne Sent by: openstack-bounces+gongysh=cn.ibm@lists.launchpad.netDate: 05/10/2012 09:03PMSubject: [Openstack] Accessing VMs in Flat DHCP mode with multiple host
  


  
Hello,

I'm running into troubles accessing my instances.
I have 3 nodes:
1. proxmox that virtualizes in KVM my controller node
    1.1 the controller node (10.10.200.50) runs keystone, nova-api,
network, scheduler, vncproxy and volumes but NOT compute as it is
already a VM
2. glance in a physical node
3. compute in a physical node

my nova.conf network config is:
--dhcpbridge_flagfile=/etc/nova/nova.conf
  --dhcpbridge=/usr/bin/nova-dhcpbridge
  --routing_source_ip=10.10.200.50
  --libvirt_use_virtio_for_bridges=true
  --network_manager=nova.network.manager.FlatDHCPManager
  --public_interface=eth0
  --flat_interface=eth1
  --flat_network_bridge=br100
  --fixed_range=192.168.200.0/24
  --floating_range=10.10.200.0/24 
  --network_size=256
  --flat_network_dhcp_start=192.168.200.5
  --flat_injected=False
  --force_dhcp_release
  --network_host=10.10.200.50

I even explicitly allows icmp and tcp port 22 traffic like this:
euca-authorize -P icmp -t -1:-1 defaulteuca-authorize -P tcp -p 22 default
before setting
  these rules, I was getting 'Operation not permitted' when pinging
  the VM from the compute node. After setting these, I just get no
  output at all (not even 'Destination Host Unreachable')

  
  The network was created like this:
  nova-manage network create private
  --fixed_range_v4=192.168.200.0/24 --bridge=br100
  --bridge_interface=eth1 --num_networks=1 --network_size=256
  
  However I cannot ping or ssh my instances once they're active. I
  have already set up such an Essex environment but the controller
  node was physical. Morevover, every examples in the doc presents a
  controller node that runs nova-compute.
  
  So I'm wondering if either:
  - having the controller in a VM
  - or not running compute on the controller
  would prevent things to work properly.
  
  What can I check? iptables? is dnsmasq unable to give the VM an
  address? 
  
  I'm running out of ideas. Any suggestion would be highly
  appreciated.
  
  Thank you,
  
  michaël




-- Michaël Van de BorneR&D Engineer, SOA team, CETICPhone: +32 (0)71 49 07 45 Mobile: +32 (0)472 69 57 16, Skype: mikemowgliwww.cetic.be, rue des Frères Wright, 29/3, B-6041 Charleroi
  ___Mailing list: https://launchpad.net/~openstackPost to     : openstack@lists.launchpad.netUnsubscribe : https://launchpad.net/~openstackMore help   : https://help.launchpad.net/ListHelp


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Improving Xen support in the libvirt driver

2012-05-10 Thread Daniel P. Berrange 
On Thu, May 10, 2012 at 03:17:59PM +0200, Muriel wrote:
> Il 10/05/2012 11:48, Alvaro Lopez ha scritto:
> >On Thu 10 May 2012 (10:41), Muriel wrote:
> >>If I remember correctly, the qcow images are not the only problem
> >>with xen, but I'm far from the code for too long time. In the past
> >>(diablo), the method for counting the ram (and cpu perhaps?) did not
> >>work with xen and this affected the choices of the scheduler. I have
> >>no idea if this happens in essex/folsom.
> >I've sent to review some code [1] that tries to fix this issue [2].
> >
> >[1] https://review.openstack.org/#/c/7296/
> >[2] https://bugs.launchpad.net/nova/+bug/997014
> >
> >Regards,
> Great! But there is a reason if are you using /proc/meminfo instead
> of getInfo when calculating the memory used?
> You know if there is a way to get, using libvirt, the reserved
> memory for dom0? Or the only solution is to read the configuration
> file of xen?

Dom0 appears as just another guest in Xen/libvirt, so you can query
its memory allocation using normal libvirt APIs

Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Keystone client, user belongs to many tenants?

2012-05-10 Thread Lorin Hochstein 
Are there any documented examples out there of how to use roles? I still have a 
hard time building a mental model of how the system works. In particular:

 Do I need to create a new role for every user-tenant pair? Or can I reuse the 
same role? 

Where are the semantics of roles specified?  What I mean is, what determines 
what a role allows a user to do with a specific service? The examples I see 
always create a magical "admin" role, but how does, say, nova, know that this 
role is associated with admin privileges? Is it because the label is "admin"? 
What if I want to create a role that allows users in a tenant to have regular 
access to nova, but not to swift? How do I do that? Do I need to create a 
"novaUser" role? Where do I describe what a "novaUser" role means? In nova? In 
keystone? How?

Pointer to an example here would be really helpful, would love to add this to 
the docs.


Take care,

Lorin
--
Lorin Hochstein
Lead Architect - Cloud Services
Nimbis Services, Inc.
www.nimbisservices.com





On May 10, 2012, at 3:50 AM, Dolph Mathews wrote:

> +1
> 
> The second "way to accomplish this" is exactly what keystone currently 
> supports (explicit role grants), which didn't change between diablo and essex 
> at all.
> 
> The first method (using global unscopedness) was dropped because its just as 
> confusing as you describe it.
> 
> -Dolph Mathews
> 
> On May 10, 2012, at 2:35 AM, Joseph Heck  wrote:
> 
>> Guang,
>> 
>> I think you need to re-read the code. The association between a user and 
>> tenant is what the role represents, and its inaccurate to assert that a user 
>> is aligned only with a single tenant ever, that is not the case. 
>> 
>> A role is no longer global, specifically to avoid the tremendous confusion 
>> and inaccuracy of implementation about how to apply a role that relates a 
>> tenant and user along with a potential "global" role concept that was in the 
>> earliest implementations of Keystone. The current implementation is simpler 
>> and far more specific and clear in it's implementation.
>> 
>> -joe
>> 
>> On May 9, 2012, at 10:22 PM, Yee, Guang wrote:
>>> I think this use case underscores one of the key differences between the 
>>> fat Keystone (Diablo - E3) and KSL (Essex final).  In fat Keystone, users 
>>> and tenants are loosely coupled. They are bind together by role 
>>> assignments. In KSL, users and tenants are tightly coupled, and IMHO very 
>>> inflexible. Maybe the following example would further clarify this …
>>>  
>>> Suppose you have tenants Dodgers, Giants, and Brewers, user Bud Selid, 
>>> roles Commissioner and Minority Owner, and service MLB. And you want Bud 
>>> Selid to have the Commissioner role for Dodgers, Giants, and Brewers, but 
>>> Minority Owner role for Brewers only.
>>>  
>>> In fat Keystone, there a couple of ways you can accomplish this.
>>>  
>>> 1)  Make Commissioner a “global role” (unscoped) and assign it to user 
>>> Bud Selid. Assign the Minority Owner role to Bud Selid for tenant Brewers 
>>> by creating a role reference. When Bud Selid tries to access MLB with his 
>>> unscoped token, MLB will get his Commissioner role back from Keystone. When 
>>> Bud Selid tries to access MLB with his token scoped to Brewers, MLB will 
>>> get both his Commissioner and Minority Owner roles back from Keystone. When 
>>> Bud Selid tries to acess MLB with his token scoped to Giants or Dodgers, 
>>> MLB will only get his Commissioner role back from Keystone.
>>> 2)  Assign the Commissioner role to Bud Selid to tenants Giants, 
>>> Dodgers, and Brewers individually by creating the respective role 
>>> references. Assign the Minority Owner role to Bud Selid for tenant Brewers 
>>> by creating another role reference. In this scenario, Bud Selid will always 
>>> need a scoped token to access MLB.
>>>  
>>> In KSL, there really aren’t any effective ways to accomplish the same 
>>> thing. Global roles are no longer supported.  A given user must assign to 
>>> exactly one tenant. I suppose you can have Bud Selid under the “Default 
>>> Tenant”, and assign both Commissioner and Minority Owner roles to him. But 
>>> there are two major side effects.
>>>  
>>> 1)  Bud Selid must access MLB with the token scoped to the “Default 
>>> Tenant” in order for MLB to recognize him as Commissioner. Which means he 
>>> IS ALSO the Minority Owner for Dodgers, Giants, and Brewers. J
>>> 2)  If Bud Selid tries to access MLB with the token scoped to either 
>>> Giants, Dodgers, or Brewers, his a NOBODY. J
>>>  
>>> The upcoming Domains blueprint (to be implemented for Folsom), which offers 
>>> true multitenancy, should support these types of use cases.
>>>  
>>> https://blueprints.launchpad.net/keystone/+spec/keystone-domains
>>>  
>>> With Domains, you can create a MLB domain with tenants Dodgers, Giants, and 
>>> Brewers. And have Bud Selid under the MLB domain. Notice that users will no 
>>> longer be assigned to tenants. They will be under a domain.

Re: [Openstack] Improving Xen support in the libvirt driver

2012-05-10 Thread Alvaro Lopez 
On Thu 10 May 2012 (15:17), Muriel wrote:
> Great! But there is a reason if are you using /proc/meminfo instead
> of getInfo when calculating the memory used?
> You know if there is a way to get, using libvirt, the reserved
> memory for dom0? Or the only solution is to read the configuration
> file of xen?

I calculated the memory looking into /proc/meminfo because if the memory
is not limited (i.e. no dom0_mem option) the dom0 might take all the
memory available, that then will be ballooned out. For example, in a
machine with 16GB RAM you could have:

  # xm li
  NameID   Mem VCPUs  State   
Time(s)
  Domain-0 0 15030 8 r-   1312.8

If you query libvirt for the dom0 mem, the free memory will be around
1GB, but you can create a machine with more RAM (since ballooning is
enabled):

  # xm li
  NameID   Mem VCPUs  State   
Time(s)
  Domain-0 0  9188 8 r-   1328.6
  test 4  7000 4 -b   3.5

If the dom0 memory is fixed and ballooning is disabled, then yes, you
can query libvirt directly.

Regards,
-- 
Álvaro López García  al...@ifca.unican.es



___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Keystone client, user belongs to many tenants?

2012-05-10 Thread Dolph Mathews 
On Thu, May 10, 2012 at 9:00 AM, Lorin Hochstein
wrote:

> Are there any documented examples out there of how to use roles? I still
> have a hard time building a mental model of how the system works. In
> particular:
>
>  Do I need to create a new role for every user-tenant pair? Or can I reuse
> the same role?
>

You can recycle roles. Role names are also unique. A "member" role is
frequently used in the docs, where you can grant membership to a user on a
specific tenant.

Creating and granting this role to two users on different tenants using
keystoneclient looks something like:

# create two tenants
$ keystone tenant-create --name="Tenant A"

$ keystone tenant-create --name="Tenant B"


# create two users
$ keystone user-create --name="User A"

$ keystone user-create --name="User B"


# create a membership role
$ keystone role-create --name=member


# (Neither user can access either tenant at this point.)

# grant User A membership on Tenant A
$ keystone user-role-add --role_id= --tenant_id=
--user_id=
# User A is now a "member" of Tenant A.
# (User B still has access to nothing at this point.)

# grant User B membership on Tenant B
$ keystone user-role-add --role_id=
--tenant_id= --user_id=
# User B is now a "member" of Tenant B, but not Tenant A.
# (and User A is still a "member" of Tenant A, but not Tenant B.)



>
> Where are the semantics of roles specified?  What I mean is, what
> determines what a role allows a user to do with a specific service?
>

Right now, that's entirely managed by each service's policy.json --
keystone does nothing but provide the role names to each OpenStack service.

This will change a bit during folsom, with the introduction of RBAC (bp
https://blueprints.launchpad.net/keystone/+spec/rbac-keystone). The
contents of each service's policy.json will be centrally managed in
keystone, and the "meaning" of the roles a user has (the user's set of
capabilities in the current authentication context) will be provided to
OpenStack services -- so service's will no longer need to "understand" role
names.


> The examples I see always create a magical "admin" role, but how does,
> say, nova, know that this role is associated with admin privileges? Is it
> because the label is "admin"?
>

Today, this is configurable via Nova's policy.json:
https://github.com/openstack/nova/blob/master/etc/nova/policy.json


> What if I want to create a role that allows users in a tenant to have
> regular access to nova, but not to swift? How do I do that? Do I need to
> create a "novaUser" role? Where do I describe what a "novaUser" role means?
> In nova? In keystone? How?
>

See above; not sure about swift's status, though.


> Pointer to an example here would be really helpful, would love to add this
> to the docs.
>

Let me know if you find the above useful; or feel free to revise and submit
:)


>
>
> Take care,
>
> Lorin
> --
> Lorin Hochstein
> Lead Architect - Cloud Services
> Nimbis Services, Inc.
> www.nimbisservices.com
>
>
>
>
>
> On May 10, 2012, at 3:50 AM, Dolph Mathews wrote:
>
> +1
>
> The second "way to accomplish this" is exactly what keystone currently
> supports (explicit role grants), which didn't change between diablo and
> essex at all.
>
> The first method (using global unscopedness) was dropped because its just
> as confusing as you describe it.
>
> -Dolph Mathews
>
> On May 10, 2012, at 2:35 AM, Joseph Heck  wrote:
>
> Guang,
>
> I think you need to re-read the code. The association between a user and
> tenant is what the role represents, and its inaccurate to assert that a
> user is aligned only with a single tenant ever, that is not the case.
>
> A role is no longer global, specifically to avoid the tremendous confusion
> and inaccuracy of implementation about how to apply a role that relates a
> tenant and user along with a potential "global" role concept that was in
> the earliest implementations of Keystone. The current implementation is
> simpler and far more specific and clear in it's implementation.
>
> -joe
>
> On May 9, 2012, at 10:22 PM, Yee, Guang wrote:
>
> I think this use case underscores one of the key differences between the
> fat Keystone (Diablo - E3) and KSL (Essex final).  In fat Keystone, users
> and tenants are loosely coupled. They are bind together by role
> assignments. In KSL, users and tenants are tightly coupled, and IMHO very
> inflexible. Maybe the following example would further clarify this …
> ** **
> Suppose you have tenants Dodgers, Giants, and Brewers, user Bud Selid,
> roles Commissioner and Minority Owner, and service MLB. And you want Bud
> Selid to have the Commissioner role for Dodgers, Giants, and Brewers, but
> Minority Owner role for Brewers only.
> ** **
> In fat Keystone, there a couple of ways you can accomplish this.
> ** **
> 1)  Make Commissioner a “global role” (unscoped) and assign it to
> user Bud Selid. Assign the Minority Owner role to Bud Selid for tenant
> Brewers by creating a role reference. When Bud S

Re: [Openstack] [Metering] API Extensibility (was: External API definition)

2012-05-10 Thread Nick Barcet 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Loic Dachary  wrote:

>> Another item that we need to discuss is extensibility of this API.
>
>Hi,
>
>Here is a proposal, which we could discuss further during the meeting.
>
>GET extension=¶m1=foo¶m2=bar
>
>The API looks up /usr/share/ceilometer/extensions/.py and loads it.
>The  module defines a query function that takes the following
>arguments:
>
>* QUERY_STRING (i.e. extension=¶m1=foo¶m2=bar )
>* a handler to the storage
>* a pointer to the configuration (assuming there is a
>/etc/ceilometer.ini file, for instance)
>
>The query function would return the result. For instance { 'in': 20001,
>'out': 489324 } if asked for aggregated network usage.
>
>Multiple extensions directories could be specified and searched,
>allowing a mixture of extensions provided in ceilometer and custom
>extensions to address specific needs or to mature an new extension.
>
>The primary benefit of defining extensions in this way is to avoid
>complex conventions for aggregations or other advanced operations. If
>the API was to impose a syntax or conventions to say "sum this field
>and this one and display the result ordered in this way and grouped by
>this field and this one", it would be redundant with the query language
>of the underlying data. For instance, if using mongodb, it would be
>difficult to expose all the features provided by
>http://www.mongodb.org/display/DOCS/Aggregation or
>http://www.mongodb.org/display/DOCS/MapReduce

I like this approach and the possibilities it provides. It will introduce some 
interesting questions for caching implementation, but we hound not worry about 
that yet, I think.

- --
Nick Barcet 
aka: nicolas, nijaba
-BEGIN PGP SIGNATURE-
Version: APG v1.0.8

iGsEAREIACsFAk+r0LkkHE5pY29sYXMgQmFyY2V0IDxuaWNvbGFzQGJhcmNldC5j
b20+AAoJEFiD3l2iIpt4/zQAmQEqxPvRVlTpndcwNwhl0SeHq9i8AKCXMsGcPI0g
NNaIx8a+3rwi2Dlaeg==
=WkXC
-END PGP SIGNATURE-


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Openstack Beginners guide for Ubuntu 12.04/Essex

2012-05-10 Thread Atul Jha 
Hi all,

We at Csscorp have been publishing series of beginners guide on 
Ubuntu/Openstack (versions), in continuation with that we have released  the 
latest version of our book with Essex and Ubuntu 12.04.

http://cssoss.wordpress.com/2012/05/07/openstack-beginners-guide-v3-0-for-essex-on-ubuntu-12-04-precise-pangolin/

The code can be found at https://code.launchpad.net/openstackbook

We would love to see the book localized in some other languages too, say 
Chinese/Japanese/German to reach to as many people as possible. :)

Suggestion/criticism would be highly appreciated.






Cheers!!

Atul Jha

Application Specialist
Csscorp pvt ltd, Chennai, India

http://www.csscorp.com/common/email-disclaimer.php

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Metering] External API definition

2012-05-10 Thread Nick Barcet 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Daniel Dyer  wrote: One per installation, at least, since 
the source field could allow to aggregate informations from multiple 
installations.

>Is it your assumption that there will be one metering service per
>"installation" or one per service (i.e swift, nova)? My assumption
>would be
>a single metering service, so the API would need to handle some
>additional
>use cases:
>-list services supported
>-list metrics for a service type
>-get metric details

One per installation, at least, since the source field could allow to aggregate 
information from multiple installations. Can't See any reason why not to offer 
what you list above, even though one may deduce the component from the counter 
name.

>I would also consider separate use cases for accessing raw events vs.
>aggregated metrics.

I think the extension proposal from Loic would cover that and more.

>Dan Dyer
>dan.d...@hp.com
>
>On Wed, May 9, 2012 at 10:44 AM, Nick Barcet
>wrote:
>
>>
>>
>> Doug Hellmann  wrote:
>>
>> >On Wed, May 9, 2012 at 11:27 AM, Nick Barcet
>> >wrote:
>> >
>> >> On 05/08/2012 08:27 AM, Nick Barcet wrote:
>> >> [..]
>> >>
>> >> Thinking about this, I think we need to expend the API a bit to
>> >reflect
>> >> the evolutions of the schema that we decided last week.  Here are
>my
>> >> proposals:
>> >>
>> >> > * Requests allow to
>> >> >   GET account_id list
>> >>
>> >> change to: GET [user_id|project_id|source] list
>> >>
>> >
>> >Does the [value|value] syntax mean "choose one" or "combine"? I
>assume
>> >"choose one" and you are using square brackets because parens are
>used
>> >in some of the other queries.
>>
>> You assumed correctly :)
>>
>> >>
>> >> >   GET list of counter_type
>> >> >   GET list of events per account
>> >> > optional start and end for counter_datetime
>> >> > optional counter_type
>> >>
>> >> change to: GET list of events per [user_id|project_id|source]
>> >> optional start and end for counter_datetime
>> >>optional counter_type
>> >>
>> >
>> >Users may cross projects, so I'm not sure it makes sense to ask for
>the
>> >events generated by a user without restricting it by the project. At
>> >the very least we may need to allow them to specify user_id or
>project_id
>> >or both.
>>
>> Good point. Thanks for catching this.
>>
>> >>
>> >> >   GET sum of (counter_volume, counter_duration) for counter_type
>> >and
>> >> > account_id
>> >> > optional start and end for counter_datetime
>> >>
>> >>   GET sum of (counter_volume, counter_duration) for counter_type
>and
>> >> [user_id|project_id|source]
>> >>  optional start and end for counter_datetime
>> >>
>> >> Hope this makes sense.
>> >>
>> >> Another item that we need to discuss is extensibility of this API.
>> >>
>> >> Nick
>>
>>
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>


- --
Nick Barcet 
aka: nicolas, nijaba
-BEGIN PGP SIGNATURE-
Version: APG v1.0.8

iGsEAREIACsFAk+r0yYkHE5pY29sYXMgQmFyY2V0IDxuaWNvbGFzQGJhcmNldC5j
b20+AAoJEFiD3l2iIpt4+w0AmgIBEBQUXHAeOiTko3X5lYcGjqi4AKCQcUC9DyPe
FBhL9NxeTMtAv1xsJg==
=7Udb
-END PGP SIGNATURE-


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Accessing VMs in Flat DHCP mode with multiple host

2012-05-10 Thread Michaël Van de Borne 

ok I'm gonna check this and I'll keep you posted.

By the way, how could I check the network between the control node's 
br100 and the compute node's br100? I guess I can do this by checking 
that each bridge knows the other in the ARP table. Or did you have 
another idea?



Michaël Van de Borne
R&D Engineer, SOA team, CETIC
Phone: +32 (0)71 49 07 45 Mobile: +32 (0)472 69 57 16, Skype: mikemowgli
www.cetic.be, rue des Frères Wright, 29/3, B-6041 Charleroi


Le 10/05/2012 15:31, Yong Sheng Gong a écrit :

HI,
First you have to make sure the network between your control node's 
br100 and your compute node's br100 are connected.

and then can you show the output on control node:
ps -ef | grep dnsmasq
brctl show
ifconfig
2. can you login to your vm by vnc to see the eth0 configuration and 
then try to run udhcpc?


Thanks
-openstack-bounces+gongysh=cn.ibm@lists.launchpad.net wrote: -

To: "openstack@lists.launchpad.net" 
From: Michaël Van de Borne 
Sent by: openstack-bounces+gongysh=cn.ibm@lists.launchpad.net
Date: 05/10/2012 09:03PM
Subject: [Openstack] Accessing VMs in Flat DHCP mode with multiple
host

Hello,

I'm running into troubles accessing my instances.
I have 3 nodes:
1. proxmox that virtualizes in KVM my controller node
1.1 the controller node (10.10.200.50) runs keystone,
nova-api, network, scheduler, vncproxy and volumes but NOT compute
as it is already a VM
2. glance in a physical node
3. compute in a physical node

my nova.conf network config is:
--dhcpbridge_flagfile=/etc/nova/nova.conf
--dhcpbridge=/usr/bin/nova-dhcpbridge
--routing_source_ip=10.10.200.50
--libvirt_use_virtio_for_bridges=true
--network_manager=nova.network.manager.FlatDHCPManager
--public_interface=eth0
--flat_interface=eth1
--flat_network_bridge=br100
--fixed_range=192.168.200.0/24
--floating_range=10.10.200.0/24
--network_size=256
--flat_network_dhcp_start=192.168.200.5
--flat_injected=False
--force_dhcp_release
--network_host=10.10.200.50

I even explicitly allows icmp and tcp port 22 traffic like this:
euca-authorize -P icmp -t -1:-1 default
euca-authorize -P tcp -p 22 default

before setting these rules, I was getting 'Operation not
permitted' when pinging the VM from the compute node. After
setting these, I just get no output at all (not even 'Destination
Host Unreachable')


The network was created like this:
nova-manage network create private
--fixed_range_v4=192.168.200.0/24 --bridge=br100
--bridge_interface=eth1 --num_networks=1 --network_size=256

However I cannot ping or ssh my instances once they're active. I
have already set up such an Essex environment but the controller
node was physical. Morevover, every examples in the doc presents a
controller node that runs nova-compute.

So I'm wondering if either:
- having the controller in a VM
- or not running compute on the controller
would prevent things to work properly.

What can I check? iptables? is dnsmasq unable to give the VM an
address?

I'm running out of ideas. Any suggestion would be highly appreciated.

Thank you,

michaël




-- 
Michaël Van de Borne

R&D Engineer, SOA team, CETIC
Phone: +32 (0)71 49 07 45 Mobile: +32 (0)472 69 57 16, Skype:
mikemowgli
www.cetic.be, rue des Frères Wright, 29/3, B-6041 Charleroi
___
Mailing list: https://launchpad.net/~openstack

Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack

More help   : https://help.launchpad.net/ListHelp



___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Cannot get ssh-key in instance

2012-05-10 Thread George Mihaiescu 
Hi,
 
First, check if nova-api is running on the host where your nova-network runs 
(same as nova-compute if using a multi_host=true setup).
 
Second, using the console of the instance check if your instance can access the 
API service by doing a:
GET http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
 
You can also read this doc for more info about the metadata service:
http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/AESDG-chapter-instancedata.html
 
 
George
 


From: openstack-bounces+george.mihaiescu=q9@lists.launchpad.net 
[mailto:openstack-bounces+george.mihaiescu=q9@lists.launchpad.net] On 
Behalf Of livemoon
Sent: Thursday, May 10, 2012 9:26 AM
To: Yong Sheng Gong
Cc: openstack@lists.launchpad.net
Subject: Re: [Openstack] Cannot get ssh-key in instance


I am sure image is ok since of I use the same image in both older version 
installed via devstack on ubuntu11.10 and new version installed on ubuntu12.04. 

In older version, it can work well. but now it cannot. Am I missing something 
in nova.conf ?


On Thu, May 10, 2012 at 8:29 PM, Yong Sheng Gong  wrote:



have you started the instance with keypair?



-openstack-bounces+gongysh=cn.ibm@lists.launchpad.net wrote: 
-



To: livemoon   
From: Razique Mahroua  
 
Sent by: 
openstack-bounces+gongysh=cn.ibm@lists.launchpad.net
Date: 05/10/2012 06:29PM
Cc: openstack@lists.launchpad.net
Subject: Re: [Openstack] Cannot get ssh-key in instance


Hey livememon, 
is it possible to see the content of the rc.local. Also, are 
other instances able to reach the metadata server ?



 
livemoon  
10 mai 2012 12:24

I running an instance(ubuntu or centos), and it cannot 
get keypair.

In ubuntu12.04, I have install cloud-init and in centos 
I have add some command into /etc/rc.local

There is some of instance's logs about cloud-init:

cloud-init start-local running: Thu, 10 May 2012 
10:17:33 +. up 4.47 seconds


no instance data found in start-local


ci-info: lo: 1 127.0.0.1   255.0.0.0   .


ci-info: eth0  : 1 10.0.200.5  255.255.255.224 
fa:16:3e:6a:30:7c


ci-info: route-0: 0.0.0.0 10.0.200.1  
0.0.0.0 eth0   UG


ci-info: route-1: 10.0.200.0  0.0.0.0 
255.255.255.224 eth0   U


cloud-init start running: Thu, 10 May 2012 10:17:33 
+. up 5.00 seconds


no instance data found in start


I think it maybe some missing in nova host, How to fix 
it?


-- 
非淡薄无以明志,非宁静无以致远

___
Mailing list: https://launchpad.net/~openstack 
 
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack 
 
More help : https://help.launchpad.net/ListHelp



-- 
Razique Mahroua
Nuage & Co - Razique Mahroua 
razique.mahr...@gmail.com

 

___
Mailing list: https://launchpad.net/~openstack 
 
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack 
 
More help   : https://help.launchpad.net/ListHelp







-- 
非淡薄无以明志,非宁静无以致远

<><>___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] i18n of log message

2012-05-10 Thread 彭勇 
we are here talking about I18N of log information

i prefer to English only log:

1. easy to search and share

2. easy to maintain

2012/5/10 Ying Chun Guo :
> I18N is an architecture decision. Besides developers, we should also consult
> customers' options.
>
> I18N is a very big scope. It includes not only translation, but also
> Date/time format, number format,
> or even the input of non-English characters. Surely I18N will take some
> efforts. But considering
> OpenStack may have a long history, it deserve us to pay some time to work on
> it. We need to consider
> it carefully. Maybe we can just pick out several very popular
> locales/languages and work on these localization
> firstly. It will ensure we have a correct architecture to suppor I18N, with
> a not very big effort.
>
> I'd like to help on the process documenting.
>
> Regards
> Daisy
>
> openstack-bounces+guoyingc=cn.ibm@lists.launchpad.net wrote on
> 05/09/2012 12:55:48 AM:
>
>> Thierry Carrez 
>> Sent by: openstack-bounces+guoyingc=cn.ibm@lists.launchpad.net
>>
>> 05/09/2012 12:55 AM
>>
>> To
>>
>> openstack@lists.launchpad.net,
>>
>> cc
>
>
>>
>> Subject
>>
>> Re: [Openstack] i18n of log message
>>
>> Ying Chun Guo wrote:
>> > [...]
>> > So I prefer option 2. As it is said that   option 3 being not
>> > significantly more work than option 2, so option 3 is also acceptable
>> > for me.
>>
>> So there is no strong consensus so far :) One important prerequisite of
>> whatever solution we end up choosing is that it should be the same level
>> across all OpenStack core projects. Consistency is important... So we
>> should definitely ask PTLs which options they are ready to support, as
>> it may seriously reduce our options.
>>
>> We should also have a I18N advocacy czar that will push whatever option
>> is chosen to completion by documenting the process, encouraging CI /
>> translators / devs to do any needed work. Anyone up to it ?
>>
>> --
>> Thierry Carrez (ttx)
>> Release Manager, OpenStack
>>
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>



-- 
彭勇 (Peng Yong)
常州贝特康姆(BitComm)软件技术有限公司
地址:常州市科教城信息产业园南4楼
电话:+86.519.68887168
传真:+86.519.68887169
手机:+86.18915883399
邮箱:p...@pubyun.com

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Metering] Meeting agenda for today 16:00 UTC (May 3rd, 2012)

2012-05-10 Thread Nick Barcet 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Daniel Dyer  wrote:

>A question/comment about the scope of the schema or maybe the
>architecture.
>Assuming the services will provide the instrumentation to populate the
>raw
>metric data, it seems likely that you will need to define an interface
>between the services/agents
>that are providing the data and the metering system which stores the
>generated metric data in the database (as opposed to having the
>services
>write directly to the DB). Is the schema intended to be this kind of
>interop format between the services and
>the meter's datastore or just the end result of the storage?

Just the end result, we have a discussion and decision on May 24th regarding 
the internal API for the agents to use when communicating on the queue.

http://wiki.openstack.org/Meetings/MeteringAgenda#Meeting%20topics

>Thanks,
>Dan Dyer
>
>On Thu, May 3, 2012 at 11:10 AM, Loic Dachary 
>wrote:
>
>>  On 05/03/2012 02:22 PM, Loic Dachary wrote:
>>
>> Hi,
>>
>> The metering project team holds a meeting in #openstack-meeting,
>> Thursdays at 1600
>UTC.
>> Everyone is welcome.
>> I propose an agenda based on the discussions we had on this list.
>>
>> http://wiki.openstack.org/Meetings/MeteringAgenda
>> Topic : schema and counter definitions
>>
>>  * counter definitions
>>* Proposed http://wiki.openstack.org/EfficientMetering#Counters
>>  * schema definition
>>* Proposed http://wiki.openstack.org/EfficientMetering#Storage
>>  * discuss storage assumptions
>>* the storage will store all events
>>* no aggregated value is permanently stored
>>  * discuss API assumptions
>>* the API provide a sum() function to aggregate values
>>* the API may transparently store results of the sum function in a
>cache
>>  * discuss event collection
>>* events are collected from a components when possible
>>* ceilometer agent is installed on a node when the a component
>does not
>> provide the value
>>* contribute to the component instead of developping a ceilometer
>agent
>> plugin
>>  * engaging discussions with core components
>>* nova
>>* cinder
>>* glance
>>* swift
>>* quantum
>>  *  open discussion
>>
>>  For the record, the first two points used all the time but that was
>the
>> goal of the meeting. The other points would have been nice to discuss
>but
>> can each be turned into a mailing list thread ;-)
>>
>> ==
>> #openstack-meeting Meeting
>> ==
>>
>>
>> Meeting started by dachary at 16:00:16 UTC.  The full logs are
>available
>>
>athttp://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-03-16.00.log.html
>> .
>>
>>
>>
>> Meeting summary
>> ---
>>
>> * actions from previous meetings  (dachary, 16:00:36)
>>   * creation of the ceilometer project  (dachary, 16:00:36)
>>   * The repository for the ceilometer project has been created
>> (dachary, 16:00:36)
>>   * LINK: https://github.com/stackforge/ceilometer  (dachary,
>16:00:36)
>>   * and the first commit was successfully reviewed and merged today
>> https://review.stackforge.org/#/c/25/  (dachary, 16:00:37)
>>
>> * meeting organisation  (dachary, 16:01:03)
>>   * This is 1/5 meetings to decide the architecture of the Metering
>> project https://launchpad.net/ceilometer  (dachary, 16:01:03)
>>   * Today's focus is on the definition of the counters / meters and
>the
>> associated schema for the storage  (dachary, 16:01:03)
>>   * It is the conclusion of the discussions held on the mailing list
>and
>> the goal is to make a final choice that will then be implemented.
>> (dachary, 16:01:03)
>>   * The meeting is time boxed and there will not be enough time to
>> introduce inovative ideas and research for solutions.  (dachary,
>> 16:01:03)
>>   * The debate will be about the pro and cons of the options already
>> discussed on the mailing list.  (dachary, 16:01:03)
>>   * LINK: https://lists.launchpad.net/openstack/msg10810.html
>(dachary,
>> 16:01:03)
>>
>> * counter definitions  (dachary, 16:02:10)
>>   * Proposed http://wiki.openstack.org/EfficientMetering#Counters
>> (dachary, 16:02:10)
>>   * ACTION: dachary fix the note for net_float still talks about
>"number
>> of floating IPs"  (dachary, 16:09:18)
>>   * ACTION: jd___ include Number of object in Swift, Number of
>> containers in Swift, Number of GET/HEAD/PUT/POST requests in
>Swift
>> in the table  (dachary, 16:10:11)
>>   * ACTION: dachary add note about the fact that the resource_id for
>the
>> object count is the container_id  (dachary, 16:21:44)
>>   * LINK: http://wiki.openstack.org/EfficientMetering#Counters is
>agreed
>> on, provided the actions listed above are carried out.  (dachary,
>> 16:25:35)
>>   * ACTION: jd___ document the resource_id for each counter
>(dachary,
>> 16:30:33)
>>   *

[Openstack] Keystone 2012.1 - global and private endpoints

2012-05-10 Thread Leandro Reox 
Hi all,

I was wondering if is there any way to create private and global endpoints
in Keystone essex final, what for ?

I have users defined for specific applications, for example i want that the
"images" user, just to have access to the SWIFT endpoint, but no to nova,
and etc

In previous versions of Keystone, you can define "is_global" attribute for
an endpoint, or create a direct relationship between a tenant and an
endpoint if your endpoint was previously defined as non global.

Is there any way to do this on the new Essex Final Keystone ? If not, how
do i avoid the swift users to create instances on nova?

Regards
Lele
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Glance][Nova] Can't list images

2012-05-10 Thread Leander Bessa Beernaert 
Can anyone pinpoint what exactly is wrong with this. I've been stuck here
for the past three days, and nothing i do seems to be working :/

On Tue, May 8, 2012 at 12:11 PM, Leander Bessa  wrote:

> I fixed the swift ip and i'm still getting the same error.
>
> Here are the log files and the config files:
>
> nova-api > http://paste.openstack.org/show/16176/
>
> glance-api.log
>
>> 2012-05-08 11:39:55 6143 INFO [eventlet.wsgi.server] Starting single
>>> process server
>>
>> 2012-05-08 11:40:01 6255 INFO [eventlet.wsgi.server] Starting single
>>> process server
>>
>>
> glance-registery.log > http://paste.openstack.org/show/16180/
>
> glance-api.conf > http://paste.openstack.org/show/16184/
>
> glance-registry.conf > http://paste.openstack.org/show/16185/
>
> glance-api-paste.ini > http://paste.openstack.org/show/16186/
>
> glance-registry-pastet-ini > http://paste.openstack.org/show/16187/
>
> keystone log is empty.
>
> Regards,
>
> Leander
>
> On Mon, May 7, 2012 at 4:51 PM, Dolph Mathews wrote:
>
>> There's not enough information in those logs to say (check your glance
>> config and glance/keystone logs) -- but you'll definitely need to recreate
>> that endpoint with SWIFT_HOST defined in your env to use swift through your
>> service catalog.
>>
>> -Dolph
>>
>>
>> On Mon, May 7, 2012 at 9:11 AM, Leander Bessa wrote:
>>
>>> Does that mean that glance is somehow configured to use swift as storage
>>> instead of the local file system or is does the error simply occur due to
>>> the a parsing error because of ${SWIFT_HOST}?
>>>
>>>
>>> On Mon, May 7, 2012 at 2:59 PM, Dolph Mathews 
>>> wrote:
>>>
 Your swift endpoint appears to be literally configured in keystone as
 "http://${SWIFT_HOST}:8080/v1/..."; -- I'm guessing that's unreachable
 :)

 Based on your logs, I'm not certain that will fix your 500, however.

 -Dolph

 On Mon, May 7, 2012 at 5:23 AM, Leander Bessa wrote:

> This is as much as i can capture at the moment.
> http://paste.openstack.org/show/15899/
>
> For some reason, nothing is written to the logs, am i forgetting a
> flag or something?
>
>
> On Fri, May 4, 2012 at 11:30 PM, Yuriy Taraday wrote:
>
>> Please post to http://paste.openstack.org error text and backtrace
>> from nova-api.log.
>>
>> Kind regards, Yuriy.
>>
>>
>> On Fri, May 4, 2012 at 6:13 PM, Leander Bessa 
>> wrote:
>> > Hello,
>> >
>> > I seem to be unable to list the images available in glance. I'm not
>> sure why
>> > this is happening. I've check the logs for nova-api, glance-api and
>> > glance-registry and am unable to found anything out of the ordinary.
>> >
>> > Below is an output from the command 'nova image-list'
>> >>
>> >> REQ: curl -i http://192.168.164.128:5000/v2.0/tokens -X POST -H
>> >> "Content-Type: application/json" -H "Accept: application/json" -H
>> >> "User-Agent: python-novaclient"
>> >> REQ BODY: {"auth": {"tenantName": "admin", "passwordCredentials":
>> >> {"username": "admin", "password": "nova"}}}
>> >> RESP:{'date': 'Fri, 04 May 2012 14:08:53 GMT', 'transfer-encoding':
>> >> 'chunked', 'status': '200', 'vary': 'X-Auth-Token', 'content-type':
>> >> 'application/json'} {"access": {"token": {"expires":
>> "2012-05-05T14:08:53Z",
>> >> "id": "c6d3145f1e924982982b54e52b97bec9", "tenant":
>> {"description": null,
>> >> "enabled": true, "id": "765a2012198f4751b8457c49932ec80d", "name":
>> >> "admin"}}, "serviceCatalog": [{"endpoints": [{"adminURL":
>> >> "http://192.168.164.128:8776/v2/765a2012198f4751b8457c49932ec80d";,
>> "region":
>> >> "nova", "internalURL":
>> >> "http://192.168.164.128:8776/v2/765a2012198f4751b8457c49932ec80d";,
>> >> "publicURL":
>> >> "http://192.168.164.128:8776/v2/765a2012198f4751b8457c49932ec80d
>> "}],
>> >> "endpoints_links": [], "type": "volume", "name": "volume"},
>> {"endpoints":
>> >> [{"adminURL":
>> >> "http://
>> ${SWIFT_HOST}:8080/v1/AUTH_765a2012198f4751b8457c49932ec80d",
>> >> "region": "nova", "internalURL": "http://127.0.0.1:8080";,
>> "publicURL":
>> >> "http://
>> ${SWIFT_HOST}:8080/v1/AUTH_765a2012198f4751b8457c49932ec80d"}],
>> >> "endpoints_links": [], "type": "storage", "name": "swift"},
>> {"endpoints":
>> >> [{"adminURL": "http://192.168.164.128:9292/v1";, "region": "nova",
>> >> "internalURL": "http://192.168.164.128:9292/v1";, "publicURL":
>> >> "http://192.168.164.128:9292/v1"}], "endpoints_links": [],
>> "type": "image",
>> >> "name": "glance"}, {"endpoints": [{"adminURL":
>> >> "http://192.168.164.128:8774/v2/765a2012198f4751b8457c49932ec80d";,
>> "region":
>> >> "nova", "internalURL":
>> >> "http://192.168.164.128:8774/v2/765a2012198f4751b8457c49932ec80d";,
>> >> "publicURL":
>> >> "http://192.168.164.128:8774/v2/765a2012198f4751b8457c49932

Re: [Openstack] Keystone client, user belongs to many tenants?

2012-05-10 Thread Duncan McGreggor 
Hey guys,

Just wanted to say that I'm deep, deep into some Keystone right now
(auth'ing against DreamHost's existing infrastructure and granting
access to  tenants, etc.) and this email just saved me about a week of
work :-)

Thanks!

d

On Thu, May 10, 2012 at 10:25 AM, Dolph Mathews  wrote:
>
>
> On Thu, May 10, 2012 at 9:00 AM, Lorin Hochstein 
> wrote:
>>
>> Are there any documented examples out there of how to use roles? I still
>> have a hard time building a mental model of how the system works. In
>> particular:
>>
>>  Do I need to create a new role for every user-tenant pair? Or can I reuse
>> the same role?
>
>
> You can recycle roles. Role names are also unique. A "member" role is
> frequently used in the docs, where you can grant membership to a user on a
> specific tenant.
>
> Creating and granting this role to two users on different tenants using
> keystoneclient looks something like:
>
> # create two tenants
> $ keystone tenant-create --name="Tenant A"
> 
> $ keystone tenant-create --name="Tenant B"
> 
>
> # create two users
> $ keystone user-create --name="User A"
> 
> $ keystone user-create --name="User B"
> 
>
> # create a membership role
> $ keystone role-create --name=member
> 
>
> # (Neither user can access either tenant at this point.)
>
> # grant User A membership on Tenant A
> $ keystone user-role-add --role_id= --tenant_id=
> --user_id=
> # User A is now a "member" of Tenant A.
> # (User B still has access to nothing at this point.)
>
> # grant User B membership on Tenant B
> $ keystone user-role-add --role_id=
> --tenant_id= --user_id=
> # User B is now a "member" of Tenant B, but not Tenant A.
> # (and User A is still a "member" of Tenant A, but not Tenant B.)
>
>
>>
>>
>> Where are the semantics of roles specified?  What I mean is, what
>> determines what a role allows a user to do with a specific service?
>
>
> Right now, that's entirely managed by each service's policy.json -- keystone
> does nothing but provide the role names to each OpenStack service.
>
> This will change a bit during folsom, with the introduction of RBAC
> (bp https://blueprints.launchpad.net/keystone/+spec/rbac-keystone). The
> contents of each service's policy.json will be centrally managed in
> keystone, and the "meaning" of the roles a user has (the user's set of
> capabilities in the current authentication context) will be provided to
> OpenStack services -- so service's will no longer need to "understand" role
> names.
>
>>
>> The examples I see always create a magical "admin" role, but how does,
>> say, nova, know that this role is associated with admin privileges? Is it
>> because the label is "admin"?
>
>
> Today, this is configurable via Nova's
> policy.json: https://github.com/openstack/nova/blob/master/etc/nova/policy.json
>
>>
>> What if I want to create a role that allows users in a tenant to have
>> regular access to nova, but not to swift? How do I do that? Do I need to
>> create a "novaUser" role? Where do I describe what a "novaUser" role means?
>> In nova? In keystone? How?
>
>
> See above; not sure about swift's status, though.
>
>>
>> Pointer to an example here would be really helpful, would love to add this
>> to the docs.
>
>
> Let me know if you find the above useful; or feel free to revise and submit
> :)
>
>>
>>
>>
>> Take care,
>>
>> Lorin
>> --
>> Lorin Hochstein
>> Lead Architect - Cloud Services
>> Nimbis Services, Inc.
>> www.nimbisservices.com
>>
>>
>>
>>
>>
>> On May 10, 2012, at 3:50 AM, Dolph Mathews wrote:
>>
>> +1
>>
>> The second "way to accomplish this" is exactly what keystone currently
>> supports (explicit role grants), which didn't change between diablo and
>> essex at all.
>>
>> The first method (using global unscopedness) was dropped because its just
>> as confusing as you describe it.
>>
>> -Dolph Mathews
>>
>> On May 10, 2012, at 2:35 AM, Joseph Heck  wrote:
>>
>> Guang,
>>
>> I think you need to re-read the code. The association between a user and
>> tenant is what the role represents, and its inaccurate to assert that a user
>> is aligned only with a single tenant ever, that is not the case.
>>
>> A role is no longer global, specifically to avoid the tremendous confusion
>> and inaccuracy of implementation about how to apply a role that relates a
>> tenant and user along with a potential "global" role concept that was in the
>> earliest implementations of Keystone. The current implementation is simpler
>> and far more specific and clear in it's implementation.
>>
>> -joe
>>
>> On May 9, 2012, at 10:22 PM, Yee, Guang wrote:
>>
>> I think this use case underscores one of the key differences between the
>> fat Keystone (Diablo - E3) and KSL (Essex final).  In fat Keystone, users
>> and tenants are loosely coupled. They are bind together by role assignments.
>> In KSL, users and tenants are tightly coupled, and IMHO very inflexible.
>> Maybe the following example would further clarify this …
>>
>> Suppose you have tenants Dodgers, Giants, and Brewers, user Bud Se

Re: [Openstack] Openstack Beginners guide for Ubuntu 12.04/Essex

2012-05-10 Thread Razique Mahroua 
As usual, amazing work.Congratulations
 to all the team sir :) 	   
   	Atul Jha  
  10 mai 2012 16:33Hi all,We at 
Csscorp have been publishing series of beginners guide on 
Ubuntu/Openstack (versions), in continuation with that we have released 
 the latest version of our book with Essex and Ubuntu 12.04.http://cssoss.wordpress.com/2012/05/07/openstack-beginners-guide-v3-0-for-essex-on-ubuntu-12-04-precise-pangolin/The
 code can be found at https://code.launchpad.net/openstackbookWe
 would love to see the book localized in some other languages too, say 
Chinese/Japanese/German to reach to as many people as possible. :)Suggestion/criticism
 would be highly appreciated.Cheers!!Atul
 JhaApplication SpecialistCsscorp pvt ltd, Chennai, Indiahttp://www.csscorp.com/common/email-disclaimer.php___Mailing
 list: https://launchpad.net/~openstackPost to : 
openstack@lists.launchpad.netUnsubscribe : 
https://launchpad.net/~openstackMore help   : 
https://help.launchpad.net/ListHelp-- Razique
 Mahroua
Nuage & Co - Razique Mahroua 
razique.mahr...@gmail.com


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Glance][Nova] Can't list images

2012-05-10 Thread Dolph Mathews 
Concerning your keystone.log being empty (empty for the duration of the
request, or completely empty?)... is logging to a specific file configured
in your keystone.conf? If not, keystone just "logs" to stdout.

-Dolph

On Thu, May 10, 2012 at 10:20 AM, Leander Bessa Beernaert <
leande...@gmail.com> wrote:

> Can anyone pinpoint what exactly is wrong with this. I've been stuck here
> for the past three days, and nothing i do seems to be working :/
>
>
> On Tue, May 8, 2012 at 12:11 PM, Leander Bessa wrote:
>
>> I fixed the swift ip and i'm still getting the same error.
>>
>> Here are the log files and the config files:
>>
>> nova-api > http://paste.openstack.org/show/16176/
>>
>> glance-api.log
>>
>>> 2012-05-08 11:39:55 6143 INFO [eventlet.wsgi.server] Starting single
 process server
>>>
>>> 2012-05-08 11:40:01 6255 INFO [eventlet.wsgi.server] Starting single
 process server
>>>
>>>
>> glance-registery.log > http://paste.openstack.org/show/16180/
>>
>> glance-api.conf > http://paste.openstack.org/show/16184/
>>
>> glance-registry.conf > http://paste.openstack.org/show/16185/
>>
>> glance-api-paste.ini > http://paste.openstack.org/show/16186/
>>
>> glance-registry-pastet-ini > http://paste.openstack.org/show/16187/
>>
>> keystone log is empty.
>>
>> Regards,
>>
>> Leander
>>
>> On Mon, May 7, 2012 at 4:51 PM, Dolph Mathews wrote:
>>
>>> There's not enough information in those logs to say (check your glance
>>> config and glance/keystone logs) -- but you'll definitely need to recreate
>>> that endpoint with SWIFT_HOST defined in your env to use swift through your
>>> service catalog.
>>>
>>> -Dolph
>>>
>>>
>>> On Mon, May 7, 2012 at 9:11 AM, Leander Bessa wrote:
>>>
 Does that mean that glance is somehow configured to use swift as
 storage instead of the local file system or is does the error simply occur
 due to the a parsing error because of ${SWIFT_HOST}?


 On Mon, May 7, 2012 at 2:59 PM, Dolph Mathews 
 wrote:

> Your swift endpoint appears to be literally configured in keystone as
> "http://${SWIFT_HOST}:8080/v1/..."; -- I'm guessing that's unreachable
> :)
>
> Based on your logs, I'm not certain that will fix your 500, however.
>
> -Dolph
>
> On Mon, May 7, 2012 at 5:23 AM, Leander Bessa wrote:
>
>> This is as much as i can capture at the moment.
>> http://paste.openstack.org/show/15899/
>>
>> For some reason, nothing is written to the logs, am i forgetting a
>> flag or something?
>>
>>
>> On Fri, May 4, 2012 at 11:30 PM, Yuriy Taraday 
>> wrote:
>>
>>> Please post to http://paste.openstack.org error text and backtrace
>>> from nova-api.log.
>>>
>>> Kind regards, Yuriy.
>>>
>>>
>>> On Fri, May 4, 2012 at 6:13 PM, Leander Bessa 
>>> wrote:
>>> > Hello,
>>> >
>>> > I seem to be unable to list the images available in glance. I'm
>>> not sure why
>>> > this is happening. I've check the logs for nova-api, glance-api and
>>> > glance-registry and am unable to found anything out of the
>>> ordinary.
>>> >
>>> > Below is an output from the command 'nova image-list'
>>> >>
>>> >> REQ: curl -i http://192.168.164.128:5000/v2.0/tokens -X POST -H
>>> >> "Content-Type: application/json" -H "Accept: application/json" -H
>>> >> "User-Agent: python-novaclient"
>>> >> REQ BODY: {"auth": {"tenantName": "admin", "passwordCredentials":
>>> >> {"username": "admin", "password": "nova"}}}
>>> >> RESP:{'date': 'Fri, 04 May 2012 14:08:53 GMT',
>>> 'transfer-encoding':
>>> >> 'chunked', 'status': '200', 'vary': 'X-Auth-Token',
>>> 'content-type':
>>> >> 'application/json'} {"access": {"token": {"expires":
>>> "2012-05-05T14:08:53Z",
>>> >> "id": "c6d3145f1e924982982b54e52b97bec9", "tenant":
>>> {"description": null,
>>> >> "enabled": true, "id": "765a2012198f4751b8457c49932ec80d", "name":
>>> >> "admin"}}, "serviceCatalog": [{"endpoints": [{"adminURL":
>>> >> "http://192.168.164.128:8776/v2/765a2012198f4751b8457c49932ec80d";,
>>> "region":
>>> >> "nova", "internalURL":
>>> >> "http://192.168.164.128:8776/v2/765a2012198f4751b8457c49932ec80d
>>> ",
>>> >> "publicURL":
>>> >> "http://192.168.164.128:8776/v2/765a2012198f4751b8457c49932ec80d
>>> "}],
>>> >> "endpoints_links": [], "type": "volume", "name": "volume"},
>>> {"endpoints":
>>> >> [{"adminURL":
>>> >> "http://
>>> ${SWIFT_HOST}:8080/v1/AUTH_765a2012198f4751b8457c49932ec80d",
>>> >> "region": "nova", "internalURL": "http://127.0.0.1:8080";,
>>> "publicURL":
>>> >> "http://
>>> ${SWIFT_HOST}:8080/v1/AUTH_765a2012198f4751b8457c49932ec80d"}],
>>> >> "endpoints_links": [], "type": "storage", "name": "swift"},
>>> {"endpoints":
>>> >> [{"adminURL": "http://192.168.164.128:9292/v1";, "region": "nova",
>>> >> "internalURL": "http://192.168.164

Re: [Openstack] Improving Xen support in the libvirt driver

2012-05-10 Thread Muriel 

Il 10/05/2012 16:08, Alvaro Lopez ha scritto:

On Thu 10 May 2012 (15:17), Muriel wrote:

Great! But there is a reason if are you using /proc/meminfo instead
of getInfo when calculating the memory used?
You know if there is a way to get, using libvirt, the reserved
memory for dom0? Or the only solution is to read the configuration
file of xen?

I calculated the memory looking into /proc/meminfo because if the memory
is not limited (i.e. no dom0_mem option) the dom0 might take all the
memory available, that then will be ballooned out. For example, in a
machine with 16GB RAM you could have:

   # xm li
   NameID   Mem VCPUs  State   
Time(s)
   Domain-0 0 15030 8 r-   
1312.8

If you query libvirt for the dom0 mem, the free memory will be around
1GB, but you can create a machine with more RAM (since ballooning is
enabled):

   # xm li
   NameID   Mem VCPUs  State   
Time(s)
   Domain-0 0  9188 8 r-   
1328.6
   test 4  7000 4 -b   3.5

If the dom0 memory is fixed and ballooning is disabled, then yes, you
can query libvirt directly.

Regards,
Thank you for remarking this point, sometimes I forget the balooning 
system :).
I messed up the question: if you consider the case where the memory is 
limited (dom0_mem) the value of MemTotal in meminfo is wrong. Do you 
think it makes sense to take the total memory value from libvirt and 
from meminfo the rest?

Thus it should work in both cases.

Thanks,
M.

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Glance][Nova] Can't list images

2012-05-10 Thread Leander Bessa Beernaert 
Both. The log file is completely empty and the stdout only prints
deprecation warnings :/

On Thu, May 10, 2012 at 4:32 PM, Dolph Mathews wrote:

> Concerning your keystone.log being empty (empty for the duration of the
> request, or completely empty?)... is logging to a specific file configured
> in your keystone.conf? If not, keystone just "logs" to stdout.
>
> -Dolph
>
> On Thu, May 10, 2012 at 10:20 AM, Leander Bessa Beernaert <
> leande...@gmail.com> wrote:
>
>> Can anyone pinpoint what exactly is wrong with this. I've been stuck here
>> for the past three days, and nothing i do seems to be working :/
>>
>>
>> On Tue, May 8, 2012 at 12:11 PM, Leander Bessa wrote:
>>
>>> I fixed the swift ip and i'm still getting the same error.
>>>
>>> Here are the log files and the config files:
>>>
>>> nova-api > http://paste.openstack.org/show/16176/
>>>
>>> glance-api.log
>>>
 2012-05-08 11:39:55 6143 INFO [eventlet.wsgi.server] Starting
> single process server

 2012-05-08 11:40:01 6255 INFO [eventlet.wsgi.server] Starting
> single process server


>>> glance-registery.log > http://paste.openstack.org/show/16180/
>>>
>>> glance-api.conf > http://paste.openstack.org/show/16184/
>>>
>>> glance-registry.conf > http://paste.openstack.org/show/16185/
>>>
>>> glance-api-paste.ini > http://paste.openstack.org/show/16186/
>>>
>>> glance-registry-pastet-ini > http://paste.openstack.org/show/16187/
>>>
>>> keystone log is empty.
>>>
>>> Regards,
>>>
>>> Leander
>>>
>>> On Mon, May 7, 2012 at 4:51 PM, Dolph Mathews 
>>> wrote:
>>>
 There's not enough information in those logs to say (check your glance
 config and glance/keystone logs) -- but you'll definitely need to recreate
 that endpoint with SWIFT_HOST defined in your env to use swift through your
 service catalog.

 -Dolph


 On Mon, May 7, 2012 at 9:11 AM, Leander Bessa wrote:

> Does that mean that glance is somehow configured to use swift as
> storage instead of the local file system or is does the error simply occur
> due to the a parsing error because of ${SWIFT_HOST}?
>
>
> On Mon, May 7, 2012 at 2:59 PM, Dolph Mathews  > wrote:
>
>> Your swift endpoint appears to be literally configured in keystone as
>> "http://${SWIFT_HOST}:8080/v1/..."; -- I'm guessing that's
>> unreachable :)
>>
>> Based on your logs, I'm not certain that will fix your 500, however.
>>
>> -Dolph
>>
>> On Mon, May 7, 2012 at 5:23 AM, Leander Bessa wrote:
>>
>>> This is as much as i can capture at the moment.
>>> http://paste.openstack.org/show/15899/
>>>
>>> For some reason, nothing is written to the logs, am i forgetting a
>>> flag or something?
>>>
>>>
>>> On Fri, May 4, 2012 at 11:30 PM, Yuriy Taraday 
>>> wrote:
>>>
 Please post to http://paste.openstack.org error text and backtrace
 from nova-api.log.

 Kind regards, Yuriy.


 On Fri, May 4, 2012 at 6:13 PM, Leander Bessa 
 wrote:
 > Hello,
 >
 > I seem to be unable to list the images available in glance. I'm
 not sure why
 > this is happening. I've check the logs for nova-api, glance-api
 and
 > glance-registry and am unable to found anything out of the
 ordinary.
 >
 > Below is an output from the command 'nova image-list'
 >>
 >> REQ: curl -i http://192.168.164.128:5000/v2.0/tokens -X POST -H
 >> "Content-Type: application/json" -H "Accept: application/json" -H
 >> "User-Agent: python-novaclient"
 >> REQ BODY: {"auth": {"tenantName": "admin", "passwordCredentials":
 >> {"username": "admin", "password": "nova"}}}
 >> RESP:{'date': 'Fri, 04 May 2012 14:08:53 GMT',
 'transfer-encoding':
 >> 'chunked', 'status': '200', 'vary': 'X-Auth-Token',
 'content-type':
 >> 'application/json'} {"access": {"token": {"expires":
 "2012-05-05T14:08:53Z",
 >> "id": "c6d3145f1e924982982b54e52b97bec9", "tenant":
 {"description": null,
 >> "enabled": true, "id": "765a2012198f4751b8457c49932ec80d",
 "name":
 >> "admin"}}, "serviceCatalog": [{"endpoints": [{"adminURL":
 >> "http://192.168.164.128:8776/v2/765a2012198f4751b8457c49932ec80d";,
 "region":
 >> "nova", "internalURL":
 >> "http://192.168.164.128:8776/v2/765a2012198f4751b8457c49932ec80d
 ",
 >> "publicURL":
 >> "http://192.168.164.128:8776/v2/765a2012198f4751b8457c49932ec80d
 "}],
 >> "endpoints_links": [], "type": "volume", "name": "volume"},
 {"endpoints":
 >> [{"adminURL":
 >> "http://
 ${SWIFT_HOST}:8080/v1/AUTH_765a2012198f4751b8457c49932ec80d",
 >> "region": "nova", "internalURL": "http://127.0.0.1:8080";,
 "publicURL":

Re: [Openstack] [Metering] Meeting agenda for today 16:00 UTC (May 3rd, 2012)

2012-05-10 Thread Doug Hellmann 
On Thu, May 10, 2012 at 12:17 AM, Daniel Dyer  wrote:

> A question/comment about the scope of the schema or maybe the
> architecture. Assuming the services will provide the instrumentation to
> populate the raw metric data, it seems likely that you will need to define
> an interface between the services/agents
> that are providing the data and the metering system which stores the
> generated metric data in the database (as opposed to having the services
> write directly to the DB). Is the schema intended to be this kind of
> interop format between the services and
> the meter's datastore or just the end result of the storage?
>

It may be both, at first, but we also may find some benefit to letting them
diverge later so I don't think we need to make it a hard requirement.


>
> Thanks,
> Dan Dyer
>
> On Thu, May 3, 2012 at 11:10 AM, Loic Dachary  wrote:
>
>>  On 05/03/2012 02:22 PM, Loic Dachary wrote:
>>
>> Hi,
>>
>> The metering project team holds a meeting in #openstack-meeting,
>> Thursdays at 1600 
>> UTC.
>> Everyone is welcome.
>> I propose an agenda based on the discussions we had on this list.
>>
>> http://wiki.openstack.org/Meetings/MeteringAgenda
>> Topic : schema and counter definitions
>>
>>  * counter definitions
>>* Proposed http://wiki.openstack.org/EfficientMetering#Counters
>>  * schema definition
>>* Proposed http://wiki.openstack.org/EfficientMetering#Storage
>>  * discuss storage assumptions
>>* the storage will store all events
>>* no aggregated value is permanently stored
>>  * discuss API assumptions
>>* the API provide a sum() function to aggregate values
>>* the API may transparently store results of the sum function in a
>> cache
>>  * discuss event collection
>>* events are collected from a components when possible
>>* ceilometer agent is installed on a node when the a component does
>> not provide the value
>>* contribute to the component instead of developping a ceilometer
>> agent plugin
>>  * engaging discussions with core components
>>* nova
>>* cinder
>>* glance
>>* swift
>>* quantum
>>  *  open discussion
>>
>>  For the record, the first two points used all the time but that was the
>> goal of the meeting. The other points would have been nice to discuss but
>> can each be turned into a mailing list thread ;-)
>>
>> ==
>> #openstack-meeting Meeting
>> ==
>>
>>
>> Meeting started by dachary at 16:00:16 UTC.  The full logs are available
>> athttp://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-03-16.00.log.html
>> .
>>
>>
>>
>> Meeting summary
>> ---
>>
>> * actions from previous meetings  (dachary, 16:00:36)
>>   * creation of the ceilometer project  (dachary, 16:00:36)
>>   * The repository for the ceilometer project has been created
>> (dachary, 16:00:36)
>>   * LINK: https://github.com/stackforge/ceilometer  (dachary, 16:00:36)
>>   * and the first commit was successfully reviewed and merged today
>> https://review.stackforge.org/#/c/25/  (dachary, 16:00:37)
>>
>> * meeting organisation  (dachary, 16:01:03)
>>   * This is 1/5 meetings to decide the architecture of the Metering
>> project https://launchpad.net/ceilometer  (dachary, 16:01:03)
>>   * Today's focus is on the definition of the counters / meters and the
>> associated schema for the storage  (dachary, 16:01:03)
>>   * It is the conclusion of the discussions held on the mailing list and
>> the goal is to make a final choice that will then be implemented.
>> (dachary, 16:01:03)
>>   * The meeting is time boxed and there will not be enough time to
>> introduce inovative ideas and research for solutions.  (dachary,
>> 16:01:03)
>>   * The debate will be about the pro and cons of the options already
>> discussed on the mailing list.  (dachary, 16:01:03)
>>   * LINK: https://lists.launchpad.net/openstack/msg10810.html  (dachary,
>> 16:01:03)
>>
>> * counter definitions  (dachary, 16:02:10)
>>   * Proposed http://wiki.openstack.org/EfficientMetering#Counters
>> (dachary, 16:02:10)
>>   * ACTION: dachary fix the note for net_float still talks about "number
>> of floating IPs"  (dachary, 16:09:18)
>>   * ACTION: jd___ include Number of object in Swift, Number of
>> containers in Swift, Number of GET/HEAD/PUT/POST requests in Swift
>> in the table  (dachary, 16:10:11)
>>   * ACTION: dachary add note about the fact that the resource_id for the
>> object count is the container_id  (dachary, 16:21:44)
>>   * LINK: http://wiki.openstack.org/EfficientMetering#Counters is agreed
>> on, provided the actions listed above are carried out.  (dachary,
>> 16:25:35)
>>   * ACTION: jd___ document the resource_id for each counter  (dachary,
>> 16:30:33)
>>   * ACTION: jd___  describes the general table schema and then something
>> that s

Re: [Openstack] [Metering] Bootstrapping, first counter implementation

2012-05-10 Thread Doug Hellmann 
On Thu, May 10, 2012 at 3:57 AM, Julien Danjou
wrote:

> On Wed, May 09 2012, Doug Hellmann wrote:
>
> > I'm not sure what you mean. I was able to use nova.service to create a
> > "metering" server and a simple manager that subscribes to the
> notification
> > events. See https://github.com/dhellmann/metering-prototype(metering-test
> > is the main program and testmanager.py is the manager class). I borrowed
> > your Connection code.
>
> Actually, the Service class is supposed to handle the AMQP (or whatever
> backend) connection itself and bind it to a set of topics. But it uses
> the nova.rpc.impl_kombu.Connection class that uses ProxyCallback and
> that one obviously fails to decode notification. This is why I say I
> failed to the Service class.
>
> You cheated since you opened another AMQP connection in your Manager
> class, rendering the connection from the Service class useless. I wish
> we could access the connection from the Service from the Manager so we
> can reuse it at least, but that does not seem possible neither.
>

"Cheated" is a bit harsh. :-)

Yeah, I wanted to use the handle owned by the service, but couldn't get to
it. I thought asking for a connection without specifying that it had to be
a new one would be a work-around. I was surprised that the manager object
wasn't given access to the service so it could subscribe to messages, but I
guess that's supposed to be the Service's job.


>
> On the other hand, even if it's not the cleanest way to do things, I
> kind of like using the Service class so I'll probably grab your code
> anyway. :-)
>

It does give us access to other parts of the framework like logging. And we
may eventually find a need to communicate with the service via RPC.


>
> Thanks Doug,
> --
> Julien Danjou
> // eNovance  http://enovance.com
> // ✉ julien.dan...@enovance.com  ☎ +33 1 49 70 99 81
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Glance][Nova] Can't list images

2012-05-10 Thread Dolph Mathews 
Can you paste those deprecation warnings, your keystone.conf, and logging.conf?

-Dolph Mathews

On May 10, 2012, at 10:37 AM, Leander Bessa Beernaert  
wrote:

> Both. The log file is completely empty and the stdout only prints deprecation 
> warnings :/
> 
> On Thu, May 10, 2012 at 4:32 PM, Dolph Mathews  
> wrote:
> Concerning your keystone.log being empty (empty for the duration of the 
> request, or completely empty?)... is logging to a specific file configured in 
> your keystone.conf? If not, keystone just "logs" to stdout.
> 
> -Dolph
> 
> On Thu, May 10, 2012 at 10:20 AM, Leander Bessa Beernaert 
>  wrote:
> Can anyone pinpoint what exactly is wrong with this. I've been stuck here for 
> the past three days, and nothing i do seems to be working :/
> 
> 
> On Tue, May 8, 2012 at 12:11 PM, Leander Bessa  wrote:
> I fixed the swift ip and i'm still getting the same error.
> 
> Here are the log files and the config files:
> 
> nova-api > http://paste.openstack.org/show/16176/
> 
> glance-api.log 
> 2012-05-08 11:39:55 6143 INFO [eventlet.wsgi.server] Starting single 
> process server
> 2012-05-08 11:40:01 6255 INFO [eventlet.wsgi.server] Starting single 
> process server
>  
> glance-registery.log > http://paste.openstack.org/show/16180/
> 
> glance-api.conf > http://paste.openstack.org/show/16184/
> 
> glance-registry.conf > http://paste.openstack.org/show/16185/
> 
> glance-api-paste.ini > http://paste.openstack.org/show/16186/
> 
> glance-registry-pastet-ini > http://paste.openstack.org/show/16187/
> 
> keystone log is empty.
> 
> Regards,
> 
> Leander
> 
> On Mon, May 7, 2012 at 4:51 PM, Dolph Mathews  wrote:
> There's not enough information in those logs to say (check your glance config 
> and glance/keystone logs) -- but you'll definitely need to recreate that 
> endpoint with SWIFT_HOST defined in your env to use swift through your 
> service catalog.
> 
> -Dolph
> 
> 
> On Mon, May 7, 2012 at 9:11 AM, Leander Bessa  wrote:
> Does that mean that glance is somehow configured to use swift as storage 
> instead of the local file system or is does the error simply occur due to the 
> a parsing error because of ${SWIFT_HOST}? 
> 
> 
> On Mon, May 7, 2012 at 2:59 PM, Dolph Mathews  wrote:
> Your swift endpoint appears to be literally configured in keystone as 
> "http://${SWIFT_HOST}:8080/v1/..."; -- I'm guessing that's unreachable :)
> 
> Based on your logs, I'm not certain that will fix your 500, however.
> 
> -Dolph
> 
> On Mon, May 7, 2012 at 5:23 AM, Leander Bessa  wrote:
> This is as much as i can capture at the moment. 
> http://paste.openstack.org/show/15899/
> 
> For some reason, nothing is written to the logs, am i forgetting a flag or 
> something?
> 
> 
> On Fri, May 4, 2012 at 11:30 PM, Yuriy Taraday  wrote:
> Please post to http://paste.openstack.org error text and backtrace
> from nova-api.log.
> 
> Kind regards, Yuriy.
> 
> 
> On Fri, May 4, 2012 at 6:13 PM, Leander Bessa  wrote:
> > Hello,
> >
> > I seem to be unable to list the images available in glance. I'm not sure why
> > this is happening. I've check the logs for nova-api, glance-api and
> > glance-registry and am unable to found anything out of the ordinary.
> >
> > Below is an output from the command 'nova image-list'
> >>
> >> REQ: curl -i http://192.168.164.128:5000/v2.0/tokens -X POST -H
> >> "Content-Type: application/json" -H "Accept: application/json" -H
> >> "User-Agent: python-novaclient"
> >> REQ BODY: {"auth": {"tenantName": "admin", "passwordCredentials":
> >> {"username": "admin", "password": "nova"}}}
> >> RESP:{'date': 'Fri, 04 May 2012 14:08:53 GMT', 'transfer-encoding':
> >> 'chunked', 'status': '200', 'vary': 'X-Auth-Token', 'content-type':
> >> 'application/json'} {"access": {"token": {"expires": 
> >> "2012-05-05T14:08:53Z",
> >> "id": "c6d3145f1e924982982b54e52b97bec9", "tenant": {"description": null,
> >> "enabled": true, "id": "765a2012198f4751b8457c49932ec80d", "name":
> >> "admin"}}, "serviceCatalog": [{"endpoints": [{"adminURL":
> >> "http://192.168.164.128:8776/v2/765a2012198f4751b8457c49932ec80d";, 
> >> "region":
> >> "nova", "internalURL":
> >> "http://192.168.164.128:8776/v2/765a2012198f4751b8457c49932ec80d";,
> >> "publicURL":
> >> "http://192.168.164.128:8776/v2/765a2012198f4751b8457c49932ec80d"}],
> >> "endpoints_links": [], "type": "volume", "name": "volume"}, {"endpoints":
> >> [{"adminURL":
> >> "http://${SWIFT_HOST}:8080/v1/AUTH_765a2012198f4751b8457c49932ec80d";,
> >> "region": "nova", "internalURL": "http://127.0.0.1:8080";, "publicURL":
> >> "http://${SWIFT_HOST}:8080/v1/AUTH_765a2012198f4751b8457c49932ec80d"}],
> >> "endpoints_links": [], "type": "storage", "name": "swift"}, {"endpoints":
> >> [{"adminURL": "http://192.168.164.128:9292/v1";, "region": "nova",
> >> "internalURL": "http://192.168.164.128:9292/v1";, "publicURL":
> >> "http://192.168.164.128:9292/v1"}], "endpoints_links": [], "type": "image",
> >> "name": "glance"}, {"endpoints": [{"adminURL":
> >> "http://192.168.

Re: [Openstack] [Metering] API Extensibility (was: External API definition)

2012-05-10 Thread Doug Hellmann 
On Thu, May 10, 2012 at 9:22 AM, Loic Dachary  wrote:

> > Another item that we need to discuss is extensibility of this API.
>
> Hi,
>
> Here is a proposal, which we could discuss further during the meeting.
>
> GET extension=¶m1=foo¶m2=bar
>
> The API looks up /usr/share/ceilometer/extensions/.py and loads it.
> The  module defines a query function that takes the following arguments:
>

Andrew Bogott is doing some work with a standardized plugin mechanism for
Nova which will eventually be put in the common lib for all of the
projects. We should look at his work and use it, rather than inventing
something else. I think it will eventually use setuptools entrypoints,
which eliminates the need to worry about search paths.

Why would the extension be a query parameter, rather than a URL component?
That is, why wouldn't the extension just add new endpoints that could be
queried directly using their own API? Maybe I don't understand the types of
extensions you are thinking of.


>
> * QUERY_STRING (i.e. extension=¶m1=foo¶m2=bar )
>
* a handler to the storage
> * a pointer to the configuration (assuming there is a /etc/ceilometer.ini
> file, for instance)
>
> The query function would return the result. For instance { 'in': 20001,
> 'out': 489324 } if asked for aggregated network usage.
>
> Multiple extensions directories could be specified and searched, allowing
> a mixture of extensions provided in ceilometer and custom extensions to
> address specific needs or to mature an new extension.
>
> The primary benefit of defining extensions in this way is to avoid complex
> conventions for aggregations or other advanced operations. If the API was
> to impose a syntax or conventions to say "sum this field and this one and
> display the result ordered in this way and grouped by this field and this
> one", it would be redundant with the query language of the underlying data.
> For instance, if using mongodb, it would be difficult to expose all the
> features provided by http://www.mongodb.org/display/DOCS/Aggregation or
> http://www.mongodb.org/display/DOCS/MapReduce
>
> Cheers
>
> --
> Loïc Dachary Chief Research Officer
> // eNovance labs   http://labs.enovance.com
> // ✉ l...@enovance.com  ☎ +33 1 49 70 99 82
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Help with security groups ("in use" error) in juju/openstack.

2012-05-10 Thread Russell Bryant 
On 05/10/2012 09:28 AM, Jorge Luiz Correa wrote:
> Hi all!
> 
> I'm having some problems with juju and security groups in openstack.
> When I try to instantiate about 10 instances, some of them generate an
> error related to the security groups. The log below is from
> nova-api.log. I'm using versions from ubuntu 12.04 LTS packages (nova*,
> keystone etc). 



> As we can see it says that a group in invalid because is in use. 

This error occurs when you try to delete a security group that is still
in use by an instance.  If this is an automated tear down, it could be
that the instances were stopped, but it hadn't actually completed yet
when the request to delete the security groups came in.  You have to
wait until the instances are gone before the security groups can be deleted.

-- 
Russell Bryant

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Glance][Nova] Can't list images

2012-05-10 Thread Leander Bessa Beernaert 
keystone deprecation: http://paste.openstack.org/show/16778/

keystone conf: http://paste.openstack.org/show/16779/

logging conf: http://paste.openstack.org/show/16780/

On Thu, May 10, 2012 at 4:49 PM, Dolph Mathews wrote:

> Can you paste those deprecation warnings, your keystone.conf, and
> logging.conf?
>
> -Dolph Mathews
>
> On May 10, 2012, at 10:37 AM, Leander Bessa Beernaert 
> wrote:
>
> Both. The log file is completely empty and the stdout only prints
> deprecation warnings :/
>
> On Thu, May 10, 2012 at 4:32 PM, Dolph Mathews wrote:
>
>> Concerning your keystone.log being empty (empty for the duration of the
>> request, or completely empty?)... is logging to a specific file configured
>> in your keystone.conf? If not, keystone just "logs" to stdout.
>>
>> -Dolph
>>
>> On Thu, May 10, 2012 at 10:20 AM, Leander Bessa Beernaert <
>> leande...@gmail.com> wrote:
>>
>>> Can anyone pinpoint what exactly is wrong with this. I've been stuck
>>> here for the past three days, and nothing i do seems to be working :/
>>>
>>>
>>> On Tue, May 8, 2012 at 12:11 PM, Leander Bessa wrote:
>>>
 I fixed the swift ip and i'm still getting the same error.

 Here are the log files and the config files:

 nova-api > http://paste.openstack.org/show/16176/

 glance-api.log

> 2012-05-08 11:39:55 6143 INFO [eventlet.wsgi.server] Starting
>> single process server
>
> 2012-05-08 11:40:01 6255 INFO [eventlet.wsgi.server] Starting
>> single process server
>
>
 glance-registery.log > http://paste.openstack.org/show/16180/

 glance-api.conf > http://paste.openstack.org/show/16184/

 glance-registry.conf > http://paste.openstack.org/show/16185/

 glance-api-paste.ini > http://paste.openstack.org/show/16186/

 glance-registry-pastet-ini > http://paste.openstack.org/show/16187/

 keystone log is empty.

 Regards,

 Leander

 On Mon, May 7, 2012 at 4:51 PM, Dolph Mathews 
 wrote:

> There's not enough information in those logs to say (check your glance
> config and glance/keystone logs) -- but you'll definitely need to recreate
> that endpoint with SWIFT_HOST defined in your env to use swift through 
> your
> service catalog.
>
> -Dolph
>
>
> On Mon, May 7, 2012 at 9:11 AM, Leander Bessa wrote:
>
>> Does that mean that glance is somehow configured to use swift as
>> storage instead of the local file system or is does the error simply 
>> occur
>> due to the a parsing error because of ${SWIFT_HOST}?
>>
>>
>> On Mon, May 7, 2012 at 2:59 PM, Dolph Mathews <
>> dolph.math...@gmail.com> wrote:
>>
>>> Your swift endpoint appears to be literally configured in keystone
>>> as "http://${SWIFT_HOST}:8080/v1/..."; -- I'm guessing that's
>>> unreachable :)
>>>
>>> Based on your logs, I'm not certain that will fix your 500, however.
>>>
>>> -Dolph
>>>
>>> On Mon, May 7, 2012 at 5:23 AM, Leander Bessa 
>>> wrote:
>>>
 This is as much as i can capture at the moment.
 http://paste.openstack.org/show/15899/

 For some reason, nothing is written to the logs, am i forgetting a
 flag or something?


 On Fri, May 4, 2012 at 11:30 PM, Yuriy Taraday >>> > wrote:

> Please post to http://paste.openstack.org error text and backtrace
> from nova-api.log.
>
> Kind regards, Yuriy.
>
>
> On Fri, May 4, 2012 at 6:13 PM, Leander Bessa 
> wrote:
> > Hello,
> >
> > I seem to be unable to list the images available in glance. I'm
> not sure why
> > this is happening. I've check the logs for nova-api, glance-api
> and
> > glance-registry and am unable to found anything out of the
> ordinary.
> >
> > Below is an output from the command 'nova image-list'
> >>
> >> REQ: curl -i http://192.168.164.128:5000/v2.0/tokens -X POST -H
> >> "Content-Type: application/json" -H "Accept: application/json"
> -H
> >> "User-Agent: python-novaclient"
> >> REQ BODY: {"auth": {"tenantName": "admin",
> "passwordCredentials":
> >> {"username": "admin", "password": "nova"}}}
> >> RESP:{'date': 'Fri, 04 May 2012 14:08:53 GMT',
> 'transfer-encoding':
> >> 'chunked', 'status': '200', 'vary': 'X-Auth-Token',
> 'content-type':
> >> 'application/json'} {"access": {"token": {"expires":
> "2012-05-05T14:08:53Z",
> >> "id": "c6d3145f1e924982982b54e52b97bec9", "tenant":
> {"description": null,
> >> "enabled": true, "id": "765a2012198f4751b8457c49932ec80d",
> "name":
> >> "admin"}}, "serviceCatalog": [{"endpoints": [{"adminURL":
> >> "
> http://192.168.164.1

Re: [Openstack] Improving Xen support in the libvirt driver

2012-05-10 Thread Alvaro Lopez 
On Thu 10 May 2012 (17:33), Muriel wrote:
> I messed up the question: if you consider the case where the memory
> is limited (dom0_mem) the value of MemTotal in meminfo is wrong. Do
> you think it makes sense to take the total memory value from libvirt
> and from meminfo the rest?
> Thus it should work in both cases.

Yes, you're totally right, I missed that!

I'll fix it ASAP and submit it again.

Thank you for pointing it out,
-- 
Álvaro López García  al...@ifca.unican.es



___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Will keystone be the bottleneck?

2012-05-10 Thread 陈军 
Every service that receives requests with a token needs to communicate with 
keystone to verify a user's identity.
A rough diagram of how keystone works can be found in the sequence 
diagram:http://docs.openstack.org/trunk/openstack-identity/admin/content/what-is.html

While there is a mass of users or the scale of cloud becomes huge,will keystone 
be the bottlenect?
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] [Documentation] Missing section in documentation

2012-05-10 Thread Milind 
Hi,

In Admin installation document guide of Ubuntu 12.04  in the section 5.
Installing OpenStack Compute and Image Service

Following settings are missing.

[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
service_protocol = http service_host = *IP*
service_port = 5000
auth_host = *IP*
auth_port = *35357 *
auth_protocol = http
auth_uri = http://*IP*:5000/
admin_token = 012345SECRET99TOKEN012345


This is very much annoying because lot of people are getting error when
they try to upload image in glance and get the following error which also
has type *"Unavilable"*

*The request returned 503 Service Unavilable. This generally occurs on
service overload or other transient outage. *


Regards,
Milind Patil

+919890119176
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] OpenStack Install & Understand Guide by Me :)

2012-05-10 Thread Bilel Msekni 






Hi everyone , i proudly present 30 days of work.30 days ago , i was an 
OpenStack Noobie, Today i have much more knowledge about this awesome project.I 
wanted to share this work with those who are still taking the fist steps into 
the world of cloud computing.It's a one host install guide, pretty simple and 
covers almost everything.
take a look, help me out with comments to enhance my work and if you want to 
participate join me at : 
https://github.com/mseknibilel/OpenStack-Install-and-Understand-Guide#openstack-install-and-understand-guide
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] [OpenStack][Keystone] Blueprint to store quota data in Keystone

2012-05-10 Thread Everett Toews 
Hi All,

I've started a 
blueprintand
spec  to store quota data
in Keystone. Please have a look if you're interested and any feedback is
welcome.

Of course, writing up the spec brought up number of questions for me. You
can find more detail in the spec but here they are to get some more
exposure.

1. For the keystone CLI I'm proposing using JSON for batch create, update,
and delete of quotas. I don't believe this is done anywhere else in
OpenStack. Good idea? Bad idea?
My plan is to go with the JSON.

2. For the RESTful API, do we have just one DELETE with details of what to
delete in the body of the request?
My plan is to go with just one DELETE.

3. For the implementation I'm proposing two options. 1. Store the data in
the current metadata table. 2. Store the data in a new metadata_per_tenant
table. Thoughts?
My plan is to use option 2.

4. If you change the word quota to the word metadata in the User Stories
and the Design sections, this becomes a generic mechanism for accessing
metadata per tenant. Do we want a generic metadata service for keystone or
stick with a service specific to quotas, while keeping the underlying
implementation generic?
I'm on the fence about this one. On one hand, it's very clear to have a
well defined API that's just used for quotas. On the other hand, it's very
flexible to have a generic API that can be used for any metadata (although
maybe that promotes abuse of the feature).

Regards,
Everett
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] 'nova flavor-list' fails with "ERROR: string indices must be integers, not str", but 'nova-manage flavor list' succeeds.

2012-05-10 Thread James R Penick 
Unfortunately there's something wrong with my logging configuration. Nova-api 
doesn't log anything after it starts up. I've got debug enabled, and 
verbose=true. But once it finished binding that last port.. Nothing. I've tried 
grabbing the sample logging.conf and using that, but it doesn't get me 
anywhere. Running strace on nova-api, I can see the clients connecting. So I'm 
pretty sure my endpoint is configured correctly. Anyhow, short-story long: I 
don't have the trace from nova-api :(

-James

From: Chris Behrens mailto:cbehr...@codestud.com>>
To: James R Penick mailto:pen...@yahoo-inc.com>>
Cc: Vishvananda Ishaya mailto:vishvana...@gmail.com>>, 
"openstack@lists.launchpad.net" 
mailto:openstack@lists.launchpad.net>>
Subject: Re: [Openstack] 'nova flavor-list' fails with "ERROR: string indices 
must be integers, not str", but 'nova-manage flavor list' succeeds.

That's the traceback from novaclient.  If you're getting a 503, there's likely 
a traceback in the nova-api service logs.

- Chris

On May 9, 2012, at 5:38 PM, James R Penick 
mailto:pen...@yahoo-inc.com>> wrote:

Sorry, forgot to include that:

bash-4.1$ nova —debug image-list
connect: (127.0.0.1, 5000)
send: 'POST /v2.0/tokens HTTP/1.1\r\nHost: 127.0.0.1:5000\r\nAccept-Encoding: 
identity\r\nContent-Length: 101\r\ncontent-type: application/json\r\naccept: 
application/json\r\nuser-agent: python-novaclient\r\n\r\n'
send: '{"auth": {"tenantName": "vmops", "passwordCredentials": {"username": 
"penick", "password": "tacos"}}}'
reply: 'HTTP/1.1 200 OK\r\n'
header: Content-Type: application/json
header: Vary: X-Auth-Token
header: Content-Length: 1903
header: Date: Thu, 10 May 2012 00:37:02 GMT
connect: (208.67.66.91, 8774)
send: u'GET /v2/c9d7f45d980d494fab3d69d9fc57547c/images/detail 
HTTP/1.1\r\nHost: 208.67.66.91:8774\r\nx-auth-project-id: 
vmops\r\nx-auth-token: 3261ef74e6494561830949780838\r\naccept-encoding: 
compress, gzip\r\naccept: application/json\r\nuser-agent: 
python-novaclient\r\n\r\n'
reply: 'HTTP/1.1 503 Service Unavailable\r\n'
header: Content-Length: 100
header: Content-Type: text/plain; charset=UTF-8
header: Date: Thu, 10 May 2012 00:37:02 GMT
DEBUG (shell:415) string indices must be integers, not str
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/novaclient/shell.py", line 412, in main
OpenStackComputeShell().main(sys.argv[1:])
  File "/usr/lib/python2.6/site-packages/novaclient/shell.py", line 363, in main
args.func(self.cs, args)
  File "/usr/lib/python2.6/site-packages/novaclient/v1_1/shell.py", line 350, 
in do_image_list
image_list = cs.images.list()
  File "/usr/lib/python2.6/site-packages/novaclient/v1_1/images.py", line 47, 
in list
return self._list("/images/detail", "images")
  File "/usr/lib/python2.6/site-packages/novaclient/base.py", line 80, in _list
data = body[response_key]
TypeError: string indices must be integers, not str
ERROR: string indices must be integers, not str
bash-4.1$


From: Vishvananda Ishaya mailto:vishvana...@gmail.com>>
To: James R Penick mailto:pen...@yahoo-inc.com>>
Cc: "openstack@lists.launchpad.net" 
mailto:openstack@lists.launchpad.net>>
Subject: Re: [Openstack] 'nova flavor-list' fails with "ERROR: string indices 
must be integers, not str", but 'nova-manage flavor list' succeeds.


Is there a traceback from nova-api?

___
Mailing list: https://launchpad.net/~openstack
Post to : 
openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Glance][Nova] Can't list images

2012-05-10 Thread Brian Waldon 
Glance isn't able to authenticate who you are. What happens if you speak to 
glance directly?


On May 10, 2012, at 8:20 AM, Leander Bessa Beernaert wrote:

> Can anyone pinpoint what exactly is wrong with this. I've been stuck here for 
> the past three days, and nothing i do seems to be working :/
> 
> On Tue, May 8, 2012 at 12:11 PM, Leander Bessa  wrote:
> I fixed the swift ip and i'm still getting the same error.
> 
> Here are the log files and the config files:
> 
> nova-api > http://paste.openstack.org/show/16176/
> 
> glance-api.log 
> 2012-05-08 11:39:55 6143 INFO [eventlet.wsgi.server] Starting single 
> process server
> 2012-05-08 11:40:01 6255 INFO [eventlet.wsgi.server] Starting single 
> process server
>  
> glance-registery.log > http://paste.openstack.org/show/16180/
> 
> glance-api.conf > http://paste.openstack.org/show/16184/
> 
> glance-registry.conf > http://paste.openstack.org/show/16185/
> 
> glance-api-paste.ini > http://paste.openstack.org/show/16186/
> 
> glance-registry-pastet-ini > http://paste.openstack.org/show/16187/
> 
> keystone log is empty.
> 
> Regards,
> 
> Leander
> 
> On Mon, May 7, 2012 at 4:51 PM, Dolph Mathews  wrote:
> There's not enough information in those logs to say (check your glance config 
> and glance/keystone logs) -- but you'll definitely need to recreate that 
> endpoint with SWIFT_HOST defined in your env to use swift through your 
> service catalog.
> 
> -Dolph
> 
> 
> On Mon, May 7, 2012 at 9:11 AM, Leander Bessa  wrote:
> Does that mean that glance is somehow configured to use swift as storage 
> instead of the local file system or is does the error simply occur due to the 
> a parsing error because of ${SWIFT_HOST}? 
> 
> 
> On Mon, May 7, 2012 at 2:59 PM, Dolph Mathews  wrote:
> Your swift endpoint appears to be literally configured in keystone as 
> "http://${SWIFT_HOST}:8080/v1/..."; -- I'm guessing that's unreachable :)
> 
> Based on your logs, I'm not certain that will fix your 500, however.
> 
> -Dolph
> 
> On Mon, May 7, 2012 at 5:23 AM, Leander Bessa  wrote:
> This is as much as i can capture at the moment. 
> http://paste.openstack.org/show/15899/
> 
> For some reason, nothing is written to the logs, am i forgetting a flag or 
> something?
> 
> 
> On Fri, May 4, 2012 at 11:30 PM, Yuriy Taraday  wrote:
> Please post to http://paste.openstack.org error text and backtrace
> from nova-api.log.
> 
> Kind regards, Yuriy.
> 
> 
> On Fri, May 4, 2012 at 6:13 PM, Leander Bessa  wrote:
> > Hello,
> >
> > I seem to be unable to list the images available in glance. I'm not sure why
> > this is happening. I've check the logs for nova-api, glance-api and
> > glance-registry and am unable to found anything out of the ordinary.
> >
> > Below is an output from the command 'nova image-list'
> >>
> >> REQ: curl -i http://192.168.164.128:5000/v2.0/tokens -X POST -H
> >> "Content-Type: application/json" -H "Accept: application/json" -H
> >> "User-Agent: python-novaclient"
> >> REQ BODY: {"auth": {"tenantName": "admin", "passwordCredentials":
> >> {"username": "admin", "password": "nova"}}}
> >> RESP:{'date': 'Fri, 04 May 2012 14:08:53 GMT', 'transfer-encoding':
> >> 'chunked', 'status': '200', 'vary': 'X-Auth-Token', 'content-type':
> >> 'application/json'} {"access": {"token": {"expires": 
> >> "2012-05-05T14:08:53Z",
> >> "id": "c6d3145f1e924982982b54e52b97bec9", "tenant": {"description": null,
> >> "enabled": true, "id": "765a2012198f4751b8457c49932ec80d", "name":
> >> "admin"}}, "serviceCatalog": [{"endpoints": [{"adminURL":
> >> "http://192.168.164.128:8776/v2/765a2012198f4751b8457c49932ec80d";, 
> >> "region":
> >> "nova", "internalURL":
> >> "http://192.168.164.128:8776/v2/765a2012198f4751b8457c49932ec80d";,
> >> "publicURL":
> >> "http://192.168.164.128:8776/v2/765a2012198f4751b8457c49932ec80d"}],
> >> "endpoints_links": [], "type": "volume", "name": "volume"}, {"endpoints":
> >> [{"adminURL":
> >> "http://${SWIFT_HOST}:8080/v1/AUTH_765a2012198f4751b8457c49932ec80d";,
> >> "region": "nova", "internalURL": "http://127.0.0.1:8080";, "publicURL":
> >> "http://${SWIFT_HOST}:8080/v1/AUTH_765a2012198f4751b8457c49932ec80d"}],
> >> "endpoints_links": [], "type": "storage", "name": "swift"}, {"endpoints":
> >> [{"adminURL": "http://192.168.164.128:9292/v1";, "region": "nova",
> >> "internalURL": "http://192.168.164.128:9292/v1";, "publicURL":
> >> "http://192.168.164.128:9292/v1"}], "endpoints_links": [], "type": "image",
> >> "name": "glance"}, {"endpoints": [{"adminURL":
> >> "http://192.168.164.128:8774/v2/765a2012198f4751b8457c49932ec80d";, 
> >> "region":
> >> "nova", "internalURL":
> >> "http://192.168.164.128:8774/v2/765a2012198f4751b8457c49932ec80d";,
> >> "publicURL":
> >> "http://192.168.164.128:8774/v2/765a2012198f4751b8457c49932ec80d"}],
> >> "endpoints_links": [], "type": "compute", "name": "nova"}, {"endpoints":
> >> [{"adminURL": "http://192.168.164.128:5000/v2.0";, "region": "nova",
> >> "internalURL": "http://192.168.164.128:5000/v2.0";,

Re: [Openstack] Improving Xen support in the libvirt driver

2012-05-10 Thread Vishvananda Ishaya 

On May 10, 2012, at 1:56 AM, Daniel P. Berrange wrote:

> On Thu, May 10, 2012 at 09:06:58AM +0100, Daniel P. Berrange wrote:
> 
> I had a quick chat with Kevin Wolf who's the upstream QEMU qcow2 maintainer
> and he said that 64k is the current recommended cluster size for qcow2.
> Above this size, the cost of COW becomes higher causing an overall
> drop in performance.
> 
> Looking at GIT history, Nova has used cluster_size=2M since Vish first
> added qcow2 support, and there's no mention of why in the commit message.
> So unless further info comes to light, I'd say we ought to just switch
> to use qemu-img's default setting of 64K for both Xen and KVM.
> 

This is good info.  Sounds like we should switch to 64K

Vish___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Improving Xen support in the libvirt driver

2012-05-10 Thread Vishvananda Ishaya 

On May 9, 2012, at 10:08 PM, Jim Fehlig wrote:

> Hi,
> 
> I've been tinkering with improving Xen support in the libvirt driver and
> wanted to discuss a few issues before submitting patches.

Awesome!

> 
> Even the latest upstream release of Xen (4.1.x) contains a rather old
> qemu, version 0.10.2, which rejects qcow2 images with cluster size >
> 64K.  The libvirt driver creates the COW image with cluster size of 2M. 
> Is this for performance reasons?  Any objections to removing that option
> and going with 'qemu-img create' default of 64K?

As per other email, 64K seems correct.
> 
> In a setup with both Xen and KVM compute nodes, I've found a few options
> for controlling scheduling of an instance to the correct node.  One
> option uses availability zones, e.g.
> 
> # nova.conf on Xen compute nodes
> node_availability_zone=xen-hosts
> 
> # launching a Xen PV instance
> nova boot --image  --availability_zone xen-hosts ...
> 
> The other involves a recent commit adding additional capabilities for
> compute nodes [1] and the vm_mode image property [2] used by the
> XenServer driver to distinguish HVM vs PV images.  E.g.
> 
> # nova.conf on Xen compute nodes
> additional_compute_capabilities="pv,hvm"
> 
> # Set vm_mode property on Xen image
> glance update  vm_mode=pv
> 
> I prefer that latter approach since vm_mode will be needed in the
> libvirt driver anyhow to create proper config for PV vs HVM instances. 
> Currently, the driver creates usable config for PV instances, but needs
> some adjustments for HVM.

Agree that this is best. Once general host aggregates[1] is done, the 
capabilities and the availability zone will move into aggregate metadata and it 
will just be making sure that we have reasonable image properties to help the 
scheduler place the guest correctly.

Vish

[1] https://blueprints.launchpad.net/nova/+spec/general-host-aggregates ___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] questions on the dynamic loading of virt drivers in nova

2012-05-10 Thread Thierry Carrez 
You might want to talk to Soren and fix it within:

https://blueprints.launchpad.net/nova/+spec/hypervisor-code-consolidation

since this will also result in refactoring in the same area.

Vishvananda Ishaya wrote:
> No this is mostly just legacy stuff that was never refactored.
> 
> Vish
> 
> On May 9, 2012 3:33 PM, "Sean Dague"  > wrote:
> 
> I'm familiarizing myself with the nova code and trying to reconcile
> that while there is dynamic class based loading in ComputeManager
> using import_utils in __init__() there is also a defaulting to the
> nova.virt.connection.get_ connection function.
> 
> That's actually got a big if / else statement of string literals of
> known virt drivers, and then loads specific virt drivers from there.
> 
> Is there a reason for both approaches? Can we refactor to a point
> where we don't need need of a common file with driver specific
> imports and string literals? Is there a reason not to?
> 
> Thanks,
> 
>-Sean
> 
> -- 
> Sean Dague
> IBM Linux Technology Center
> email: sda...@linux.vnet.ibm.com 
> alt-email: slda...@us.ibm.com 
> 
> 
> __ _
> Mailing list: https://launchpad.net/~ openstack
> 
> Post to : openstack@lists.launchpad.net
> 
> Unsubscribe : https://launchpad.net/~ openstack
> 
> More help   : https://help.launchpad.net/ ListHelp
> 
> 
> 
> 
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp


-- 
Thierry Carrez (ttx)
Release Manager, OpenStack

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Translation and Internationalization in OpenStack

2012-05-10 Thread Stefano Maffulli 
Thanks Gabriel for the work. I agree with Thierry:

On 05/08/2012 09:56 PM, Thierry Carrez wrote:
> Great! I'm happy to defer the tool decision to the people that will own
> and push that work forward ;)

I like the basic reporting offered by Transifex. Do you know if there is
a way to identify the people that do the translations? I couldn't find a
way.

thanks,
stef

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Openstack Beginners guide for Ubuntu 12.04/Essex

2012-05-10 Thread Rick Jones 

On 05/10/2012 07:33 AM, Atul Jha wrote:

Suggestion/criticism would be highly appreciated.


Tried a few times to send this directly to Atul and the 
css.ossbo...@csscorp.com  address in the paper, but was getting rejected 
content for Atul's email destination and no such user for the 
css.ossbooks email.  So, some feedback, mostly little things, 
wording/format/etc:



11th Page - List of Tables - "This is a tutorial style beginner’s guide
for OpenStackTM on Ubuntu 12.04, Precise Pangolin. The aim is to help
the reader in setting up a minimal installation of OpenStack." doesn't
seem like a list of tables.

13th page, section 1.1 - since it is a beginners guide, a short sentence
describing IaaS, PaaS and SaaS would be a good thing to include.


13th page, section 1.2 - similar to previous, a short sentence
describing what a Compute, Storage, Imaging, Identity and UI service
are/do would be goodness.


14th page - Perhaps a dialect thing but should it be "The diagram below"
rather than "The below diagram?" Also, I would put the overall diagram
before the Nova-specific one and then call them "Overall Architecture"
and "Nova Architecture" respectively.  Show the beginner the overall 
first before hitting him with the complex :)


Also, in the overall diagram, should Glance be called "STORE" or should
that be "IMAGE" to maintain consistency with previous discussion -
someone seeing Glance:Store and Swift:Storage will wonder about the
difference.

15th page - section 1.2.1.2.2 - I think that should start with
"OpenStack components communicate"

section 1.2.1.2.3 - "Compute workers deal with the instance management
life cycle..." and I might add "based on the scheduling algorithm used
by nova-scheduler."

Section 1.2.1.2.4 - security groups are mentioned without prior definition.

16th page - section 1.2.1.2.6 - previously, it was said that OpenStack
Nova provides EC2 apis and the native was mentioned just as an aside.
Now though we read "The scheduler maps the nova-API calls to the ..." -
what has become of EC2?

section 1.2.2 - might it be worthwhile to include the "Swift" project
name along with "Open Stack Object Store" in the second bullet item?

22nd page - section 2.2.2 - should there be some sort of caveat about
using IP addresses appropriate for the admin's specific situation?

Section 2.2.3 - the NTP gods are quite adamant about configuring at
least four sources of time. That allows the bad clock detection
heuristics to operate even if one of the time sources is unavailable.

"IP addresses of the servers are resolvable" sounds like asking for PTR
records to go from IP to name, but I think you mean to verify that the
names can be resolved to IPs no? Perhaps "Ensure that the hostnames can
be resolved to their respective IP addresses. If they are not
resolvable via DNS, you can add entries to the /etc/hosts file."

Some discussion of how long it will take Server1 to get its time
synchronized and so be willing to serve time to others is probably in order.

27th page - it might be an artifact of document viewer, but it isn't
possible to cut-and-paste the keystone commands from the document. And
even if it was, where I'd expect to find a backslash '\' there is an
arrow with a curled shaft - is that something bash et all will recognize
and deal with properly as a "continued on the next line" indication?


40th page - why is "Server2" a child of "Server1" section 2.2 instead of
its own section 2.3? Also, the interfaces file seems to be the first
indication that Server2 needs to have two NICs.

42nd page - same sort of question about Client1

56th page - 5.2.1 Instances - the text is on this page, but the image is
on the 57th page. And that continues with the other sections.
Something should be done to force the text and image to be on the same page.

58th page - section 5.2.3 - Flavors as a term just sort of magically
appears for the first time here.

80th page - section 8.1 - not an issue with the document per-se but with
the terms nova chose. To someone with much knowledge of TCP "From Port"
sounds like the source port number and "To Port" sounds like the
destination port number. That is very different from what they are in
this context, which are the Beginning and Ending port numbers of an
instance-local range of ports being opened. Some verbiage about that
might be goodness.

Also the example description for adding port 22 is incomplete - it isn't
allowing tcp traffic traffic generally. It is allowing ssh/scp traffic
specifically

hope that helps,

rick jones

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] ERROR: Malformed request url (HTTP 400)

2012-05-10 Thread Igor Laskovy 
Hi Dolph and Kevin,
thank you for your attention and sorry for delay reply.

Here are what I have in nova-api.log :

2012-05-10 14:40:08 INFO nova.api.openstack.wsgi
[req-c6b9ea76-bbe1-4796-a231-41fc41c7695f
50be127b9b7f49dcbf5ffea06d23d83a ebf29e67cbd445daa5ad09f76cdf69f9] GET
http://192.168.1.71:8774/v2/7033300637bc4964a8d0a43649fcf898/images/detail

2012-05-10 14:40:08 DEBUG nova.api.openstack.wsgi
[req-c6b9ea76-bbe1-4796-a231-41fc41c7695f
50be127b9b7f49dcbf5ffea06d23d83a ebf29e67cbd445daa5ad09f76cdf69f9]
Unrecognized Content-Type provided in request from (pid=1005) get_body
/usr/lib/python2.7/dist-packages/nova/api/openstack/wsgi.py:697

On Thu, May 10, 2012 at 2:27 AM, Dolph Mathews  wrote:
> Hrm, good catch! I see no problems with that request at all...
>
> -Dolph Mathews
>
> On May 9, 2012, at 5:58 PM, "Kevin L. Mitchell" 
>  wrote:
>
>> On Wed, 2012-05-09 at 15:32 -0500, Dolph Mathews wrote:
>>> It also just occurred to me that perhaps you're using a *very* old
>>> novaclient against a more recent version of keystone?
>>
>> Actually, if you look a little more closely:
>>
>>>                $ nova --debug image-list
>>>                connect: (192.168.1.71, 5000)
>>>                send: 'POST /v2.0/tokens HTTP/1.1\r\nHost:
>>>                192.168.1.71:5000\r\nContent-Length: 117\r
>>>                \ncontent-type:
>>>                application/json\r\naccept-encoding: gzip, deflate\r
>>>                \naccept:
>>>                application/json\r\nuser-agent: python-novaclient\r\n
>>>                \r\n{"auth":
>>            
>>>                {"tenantName": "labSpaceDemo", "passwordCredentials":
>>>                {"username":
>>>                "adminUser", "password": "lfplhfgthvf"}}}'
>>
>> The request body for Keystone is not, in fact, malformed.  It would be
>> interesting to look at the nova-api logs for this request…
>> --
>> Kevin L. Mitchell 
>>



-- 
Igor Laskovy

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Help with security groups ("in use" error) in juju/openstack.

2012-05-10 Thread Jorge Luiz Correa 
Hi! Thank you for the reply. I'm not trying to delete de secgroup manually.
All the tasks are made by juju and nova. I've made a detailed description
of the problem. Take a look at:

http://pastebin.com/SnC4GLEi

Thanks!

On Thu, May 10, 2012 at 12:57 PM, Russell Bryant  wrote:

> On 05/10/2012 09:28 AM, Jorge Luiz Correa wrote:
> > Hi all!
> >
> > I'm having some problems with juju and security groups in openstack.
> > When I try to instantiate about 10 instances, some of them generate an
> > error related to the security groups. The log below is from
> > nova-api.log. I'm using versions from ubuntu 12.04 LTS packages (nova*,
> > keystone etc).
>
> 
>
> > As we can see it says that a group in invalid because is in use.
>
> This error occurs when you try to delete a security group that is still
> in use by an instance.  If this is an automated tear down, it could be
> that the instances were stopped, but it hadn't actually completed yet
> when the request to delete the security groups came in.  You have to
> wait until the instances are gone before the security groups can be
> deleted.
>
> --
> Russell Bryant
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>



-- 
- MSc. Correa, J.L.
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Improving Xen support in the libvirt driver

2012-05-10 Thread Jim Fehlig 
Vishvananda Ishaya wrote:
>
> On May 10, 2012, at 1:56 AM, Daniel P. Berrange wrote:
>
>> On Thu, May 10, 2012 at 09:06:58AM +0100, Daniel P. Berrange wrote:
>>
>> I had a quick chat with Kevin Wolf who's the upstream QEMU qcow2
>> maintainer
>> and he said that 64k is the current recommended cluster size for qcow2.
>> Above this size, the cost of COW becomes higher causing an overall
>> drop in performance.
>>
>> Looking at GIT history, Nova has used cluster_size=2M since Vish first
>> added qcow2 support, and there's no mention of why in the commit message.
>> So unless further info comes to light, I'd say we ought to just switch
>> to use qemu-img's default setting of 64K for both Xen and KVM.
>>
>
> This is good info.  Sounds like we should switch to 64K

Right.  I'll submit a patch for that shortly.

Regards,
Jim


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Will keystone be the bottleneck?

2012-05-10 Thread Adam Young 

On 05/07/2012 10:08 PM, ?? wrote:
Every service that receives requests with a token needs to communicate 
with keystone to verify a user's identity.
A rough diagram of how keystone works can be found in the sequence 
diagram:http://docs.openstack.org/trunk/openstack-identity/admin/content/what-is.html


While there is a mass of users or the scale of cloud becomes huge,will 
keystone be the bottlenect?



___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

I think so, which is why I am working on this:
https://blueprints.launchpad.net/keystone/+spec/pki


THe tl;dr  version:  provide the roles in the token as a 
cryptographically signed document.  The services like Glance and Nova 
will use a public key from Keystone to verify the tokens and roles 
instead of talking back to the Keystone server.
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] 'admin' role hard-coded in keystone and nova, and policy.json

2012-05-10 Thread Salman A Baset 

It seems that 'admin' role is hard-coded cross nova and horizon. As a
result if I want to define 'myadmin' role, and grant it all the admin
privileges, it does not seem possible. Is this a recognized limitation?

Further, is there some good documentation on policy.json for nova,
keystone, and glance?

Thanks.

Best Regards,

Salman A. Baset
Research Staff Member, IBM T. J. Watson Research Center
Tel: +1-914-784-6248
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] [client] Event handling

2012-05-10 Thread Matt Joyce 
How are we doing event handling in the client?  Is there a blueprint on
this somewhere?

-Matt
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Help with security groups ("in use" error) in juju/openstack.

2012-05-10 Thread Russell Bryant 
On 05/10/2012 03:30 PM, Jorge Luiz Correa wrote:
> Hi! Thank you for the reply. I'm not trying to delete de secgroup
> manually. All the tasks are made by juju and nova. I've made a detailed
> description of the problem. Take a look at:
> 
> http://pastebin.com/SnC4GLEi

This seems like a juju bug to me.

-- 
Russell Bryant

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] i18n of log message

2012-05-10 Thread Hua ZZ Zhang 
+1

From the perspective of developer and English user, totally agree with you
to keep it simple. But OpenStack is an BIG community includes lots of
countries and users, we should also consider their requirements and
opinions. To mature this platform and community, it is really important.



   
 彭勇  
  
 Sent by:   To 
 openstack-bounces Ying Chun Guo/China/IBM@IBMCN,  
 +zhuadl=cn.ibm.co  cc 
 m@lists.launchpad Thierry Carrez  
 .net  ,
   openstack@lists.launchpad.net   
   Subject 
 2012-05-10 下午   Re: [Openstack] i18n of log message 
 10:46 
   
   
   
   
   




we are here talking about I18N of log information

i prefer to English only log:

1. easy to search and share

2. easy to maintain

2012/5/10 Ying Chun Guo :
> I18N is an architecture decision. Besides developers, we should also
consult
> customers' options.
>
> I18N is a very big scope. It includes not only translation, but also
> Date/time format, number format,
> or even the input of non-English characters. Surely I18N will take some
> efforts. But considering
> OpenStack may have a long history, it deserve us to pay some time to work
on
> it. We need to consider
> it carefully. Maybe we can just pick out several very popular
> locales/languages and work on these localization
> firstly. It will ensure we have a correct architecture to suppor I18N,
with
> a not very big effort.
>
> I'd like to help on the process documenting.
>
> Regards
> Daisy
>
> openstack-bounces+guoyingc=cn.ibm@lists.launchpad.net wrote on
> 05/09/2012 12:55:48 AM:
>
>> Thierry Carrez 
>> Sent by: openstack-bounces+guoyingc=cn.ibm@lists.launchpad.net
>>
>> 05/09/2012 12:55 AM
>>
>> To
>>
>> openstack@lists.launchpad.net,
>>
>> cc
>
>
>>
>> Subject
>>
>> Re: [Openstack] i18n of log message
>>
>> Ying Chun Guo wrote:
>> > [...]
>> > So I prefer option 2. As it is said that   option 3 being not
>> > significantly more work than option 2, so option 3 is also acceptable
>> > for me.
>>
>> So there is no strong consensus so far :) One important prerequisite of
>> whatever solution we end up choosing is that it should be the same level
>> across all OpenStack core projects. Consistency is important... So we
>> should definitely ask PTLs which options they are ready to support, as
>> it may seriously reduce our options.
>>
>> We should also have a I18N advocacy czar that will push whatever option
>> is chosen to completion by documenting the process, encouraging CI /
>> translators / devs to do any needed work. Anyone up to it ?
>>
>> --
>> Thierry Carrez (ttx)
>> Release Manager, OpenStack
>>
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>



--
彭勇 (Peng Yong)
常州贝特康姆(BitComm)软件技术有限公司
地址:常州市科教城信息产业园南4楼
电话:+86.519.68887168
传真:+86.519.68887169
手机:+86.18915883399
邮箱:p...@pubyun.com

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp
<><><>___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Cannot get ssh-key in instance

2012-05-10 Thread Scott Moser 
On Thu, 10 May 2012, George Mihaiescu wrote:

> Hi,
>
> First, check if nova-api is running on the host where your nova-network runs 
> (same as nova-compute if using a multi_host=true setup).
>
> Second, using the console of the instance check if your instance can access 
> the API service by doing a:
> GET http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
>
> You can also read this doc for more info about the metadata service:
> http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/AESDG-chapter-instancedata.html
>
>
> George
>
> 
>
> From: openstack-bounces+george.mihaiescu=q9@lists.launchpad.net 
> [mailto:openstack-bounces+george.mihaiescu=q9@lists.launchpad.net] On 
> Behalf Of livemoon
> Sent: Thursday, May 10, 2012 9:26 AM
> To: Yong Sheng Gong
> Cc: openstack@lists.launchpad.net
> Subject: Re: [Openstack] Cannot get ssh-key in instance
>
>
> I am sure image is ok since of I use the same image in both older version 
> installed via devstack on ubuntu11.10 and new version installed on 
> ubuntu12.04.
>
> In older version, it can work well. but now it cannot. Am I missing something 
> in nova.conf ?
>
>
> On Thu, May 10, 2012 at 8:29 PM, Yong Sheng Gong  wrote:
>
>
>
>   have you started the instance with keypair?
>
>
>
>   -openstack-bounces+gongysh=cn.ibm@lists.launchpad.net wrote: 
> -
>
>
>
>   To: livemoon  
>   From: Razique Mahroua  
> 
>   Sent by: 
> openstack-bounces+gongysh=cn.ibm@lists.launchpad.net
>   Date: 05/10/2012 06:29PM
>   Cc: openstack@lists.launchpad.net
>   Subject: Re: [Openstack] Cannot get ssh-key in instance
>
>
>   Hey livememon,
>   is it possible to see the content of the rc.local. Also, are 
> other instances able to reach the metadata server ?
>
>
>
>
>   livemoon 
>   10 mai 2012 12:24
>
>   I running an instance(ubuntu or centos), and it cannot 
> get keypair.
>   In ubuntu12.04, I have install cloud-init and in centos 
> I have add some command into /etc/rc.local
>   There is some of instance's logs about cloud-init:
>   cloud-init start-local running: Thu, 10 May 2012 
> 10:17:33 +. up 4.47 seconds
>   no instance data found in start-local
>   ci-info: lo: 1 127.0.0.1   255.0.0.0   .
>   ci-info: eth0  : 1 10.0.200.5  255.255.255.224 
> fa:16:3e:6a:30:7c
>   ci-info: route-0: 0.0.0.0 10.0.200.1  
> 0.0.0.0 eth0   UG
>   ci-info: route-1: 10.0.200.0  0.0.0.0 
> 255.255.255.224 eth0   U
>   cloud-init start running: Thu, 10 May 2012 10:17:33 
> +. up 5.00 seconds
>   no instance data found in start

Did you snip this log?  I would have thought you'd see cloud-init
complaining about lack of data source. (re-trying on the meta-data
source).

Also, in order to debug why there is no user data service, there are 2
things you can do:
 a.) mount an ubuntu image loopback, generate private ssh keys for the
host, set a password ...  basically make it so that you can get in even if
there is no data source.
 b.) try cirros (http://launchpad.net/cirros) upload and run one of those,
even if it fails to get the metadata service, you'll be able to log in
with password auth as 'cirros' with 'cubswin:)' as the password.


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] i18n of log message

2012-05-10 Thread Gabriel Hurley 
A few key points:


1.   I would re-frame the options as “English Only”, “User-Facing 
Messages”, or “All Strings”. These three categories more accurately cover the 
purposes of translating different scopes in the application. The key difference 
being that web interfaces and API/CLI messages are both user-facing, and should 
be treated similarly.

2.   Horizon has already strongly committed to i18n for user-facing 
messages, and we’re keeping an eye on l10n (localization) as well in the 
future. Nova also has strong i18n support; as such I’d see “English Only” as a 
regression and a disservice to the community.

3.   With all due consideration of input from the community, this is 
ultimately going to have to be decided by the PPB since it needs to span all 
projects and since unanimous community consensus is unlikely.

I, personally, will continue to advocate for translation, internationalization 
and localization for all user-facing messages; and I’ll do what I can to keep 
supporting the community in its translation efforts. I’m happy to answer 
questions as well.

All the best,


-  Gabriel

From: openstack-bounces+gabriel.hurley=nebula@lists.launchpad.net 
[mailto:openstack-bounces+gabriel.hurley=nebula@lists.launchpad.net] On 
Behalf Of Hua ZZ Zhang
Sent: Thursday, May 10, 2012 5:05 PM
To: 彭勇
Cc: openstack-bounces+zhuadl=cn.ibm@lists.launchpad.net; Thierry Carrez; 
openstack@lists.launchpad.net
Subject: Re: [Openstack] i18n of log message


+1

From the perspective of developer and English user, totally agree with you to 
keep it simple. But OpenStack is an BIG community includes lots of countries 
and users, we should also consider their requirements and opinions. To mature 
this platform and community, it is really important.


[Inactive hide details for 彭勇 ---2012-05-10 下午 11:57:19---彭勇 
]彭勇 ---2012-05-10 下午 11:57:19---彭勇 
mailto:p...@pubyun.com>>
彭勇 mailto:p...@pubyun.com>>
Sent by: 
openstack-bounces+zhuadl=cn.ibm@lists.launchpad.net

2012-05-10 下午 10:46


To


Ying Chun Guo/China/IBM@IBMCN,


cc


Thierry Carrez mailto:thie...@openstack.org>>, 
openstack@lists.launchpad.net


Subject


Re: [Openstack] i18n of log message








we are here talking about I18N of log information

i prefer to English only log:

1. easy to search and share

2. easy to maintain

2012/5/10 Ying Chun Guo mailto:guoyi...@cn.ibm.com>>:
> I18N is an architecture decision. Besides developers, we should also consult
> customers' options.
>
> I18N is a very big scope. It includes not only translation, but also
> Date/time format, number format,
> or even the input of non-English characters. Surely I18N will take some
> efforts. But considering
> OpenStack may have a long history, it deserve us to pay some time to work on
> it. We need to consider
> it carefully. Maybe we can just pick out several very popular
> locales/languages and work on these localization
> firstly. It will ensure we have a correct architecture to suppor I18N, with
> a not very big effort.
>
> I'd like to help on the process documenting.
>
> Regards
> Daisy
>
> openstack-bounces+guoyingc=cn.ibm@lists.launchpad.net
>  wrote on
> 05/09/2012 12:55:48 AM:
>
>> Thierry Carrez mailto:thie...@openstack.org>>
>> Sent by: 
>> openstack-bounces+guoyingc=cn.ibm@lists.launchpad.net
>>
>> 05/09/2012 12:55 AM
>>
>> To
>>
>> openstack@lists.launchpad.net,
>>
>> cc
>
>
>>
>> Subject
>>
>> Re: [Openstack] i18n of log message
>>
>> Ying Chun Guo wrote:
>> > [...]
>> > So I prefer option 2. As it is said that   option 3 being not
>> > significantly more work than option 2, so option 3 is also acceptable
>> > for me.
>>
>> So there is no strong consensus so far :) One important prerequisite of
>> whatever solution we end up choosing is that it should be the same level
>> across all OpenStack core projects. Consistency is important... So we
>> should definitely ask PTLs which options they are ready to support, as
>> it may seriously reduce our options.
>>
>> We should also have a I18N advocacy czar that will push whatever option
>> is chosen to completion by documenting the process, encouraging CI /
>> translators / devs to do any needed work. Anyone up to it ?
>>
>> --
>> Thierry Carrez (ttx)
>> Release Manager, OpenStack
>>
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to : 
>> openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : 
> openstack@lists.launchpad.n

Re: [Openstack] 'admin' role hard-coded in keystone and nova, and policy.json

2012-05-10 Thread Dolph Mathews 
policy.json is entirely end-user configurable (it's not hardcoded at all):
replace every instance of "role:admin" in your policy.json (there's two by
default in nova's policy.json, for example) with "role:myadmin", create the
corresponding "myadmin" role in keystone, and grant it to the appropriate
users instead of "admin".

You can also have multiple roles with admin-like behaviors (see nova's
admin_or_owner as an example), or roles with very limited sets of
capabilities, e.g.:

"volume:create": [["role:custom_role_that_can_only_create_volumes"]]

-Dolph

On Thu, May 10, 2012 at 4:32 PM, Salman A Baset  wrote:

> It seems that 'admin' role is hard-coded cross nova and horizon. As a
> result if I want to define 'myadmin' role, and grant it all the admin
> privileges, it does not seem possible. Is this a recognized limitation?
>
> Further, is there some good documentation on policy.json for nova,
> keystone, and glance?
>
> Thanks.
>
> Best Regards,
>
> Salman A. Baset
> Research Staff Member, IBM T. J. Watson Research Center
> Tel: +1-914-784-6248
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] 'admin' role hard-coded in keystone and nova, and policy.json

2012-05-10 Thread Brian Waldon 
Dolph: I think what Salman is looking for is some want to configure what role 
is used to determine admin-ness within a service. For example, Glance allows 
you to set a 'service_role' option. The context.is_admin checks make sure 
whatever role defined in service_role is found in the roles returned by 
Keystone rather than assuming it is 'admin'.

Salman: As for documentation, you can look to 
http://glance.openstack.org/policies.html for an overview of what is available 
in Glance.


Brian


On May 10, 2012, at 6:10 PM, Dolph Mathews wrote:

> policy.json is entirely end-user configurable (it's not hardcoded at all): 
> replace every instance of "role:admin" in your policy.json (there's two by 
> default in nova's policy.json, for example) with "role:myadmin", create the 
> corresponding "myadmin" role in keystone, and grant it to the appropriate 
> users instead of "admin".
> 
> You can also have multiple roles with admin-like behaviors (see nova's 
> admin_or_owner as an example), or roles with very limited sets of 
> capabilities, e.g.:
> 
> "volume:create": [["role:custom_role_that_can_only_create_volumes"]]
> 
> -Dolph
> 
> On Thu, May 10, 2012 at 4:32 PM, Salman A Baset  wrote:
> It seems that 'admin' role is hard-coded cross nova and horizon. As a result 
> if I want to define 'myadmin' role, and grant it all the admin privileges, it 
> does not seem possible. Is this a recognized limitation? 
> 
> Further, is there some good documentation on policy.json for nova, keystone, 
> and glance?
> 
> Thanks.
> 
> Best Regards,
> 
> Salman A. Baset
> Research Staff Member, IBM T. J. Watson Research Center
> Tel: +1-914-784-6248
> 
> 
> 
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
> 
> 
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] i18n of log message

2012-05-10 Thread Christopher B Ferris 
+1Cheers,Christopher FerrisIBM Distinguished Engineer, CTO Industry and Cloud StandardsMember, IBM Academy of TechnologyIBM Software Group, Standards Strategyemail: chris...@us.ibm.comTwitter: christo4ferrisphone: +1 508 234 2986-openstack-bounces+chrisfer=us.ibm@lists.launchpad.net wrote: -To: "openstack@lists.launchpad.net" From: Gabriel Hurley Sent by: openstack-bounces+chrisfer=us.ibm@lists.launchpad.netDate: 05/10/2012 09:02PMSubject: Re: [Openstack] i18n of log messageA few key points:
 

1.  
I would re-frame the options as “English Only”, “User-Facing Messages”, or “All Strings”. These three categories more accurately cover the purposes
 of translating different scopes in the application. The key difference being that web interfaces and API/CLI messages are both user-facing, and should be treated similarly.

2.  
Horizon has already strongly committed to i18n for user-facing messages, and we’re keeping an eye on l10n (localization) as well in the future. Nova
 also has strong i18n support; as such I’d see “English Only” as a regression and a disservice to the community.

3.  
With all due consideration of input from the community, this is ultimately going to have to be decided by the PPB since it needs to span all projects
 and since unanimous community consensus is unlikely.
 
I, personally, will continue to advocate for translation, internationalization and localization for all user-facing messages; and I’ll do what I can to keep
 supporting the community in its translation efforts. I’m happy to answer questions as well.
 
All the best,
 

- 
Gabriel
 From: openstack-bounces+gabriel.hurley=nebula@lists.launchpad.net [mailto:openstack-bounces+gabriel.hurley=nebula@lists.launchpad.net]
On Behalf Of Hua ZZ Zhang
Sent: Thursday, May 10, 2012 5:05 PM
To: 彭勇
Cc: openstack-bounces+zhuadl=cn.ibm@lists.launchpad.net; Thierry Carrez; openstack@lists.launchpad.net
Subject: Re: [Openstack] i18n of log message


 
+1

From the perspective of developer and English user, totally agree with you to keep it simple. But OpenStack is an BIG community includes lots of countries and users, we should also consider their requirements and opinions. To mature this platform and community,
 it is really important.


彭勇
 ---2012-05-10 下午 11:57:19---彭勇 
彭勇 

Sent by: 
openstack-bounces+zhuadl=cn.ibm@lists.launchpad.net 
2012-05-10 下午 10:46ToYing Chun Guo/China/IBM@IBMCN, 

ccThierry Carrez ,
openstack@lists.launchpad.net

SubjectRe: [Openstack] i18n of log message
 

we are here talking about I18N of log information

i prefer to English only log:

1. easy to search and share

2. easy to maintain

2012/5/10 Ying Chun Guo :
> I18N is an architecture decision. Besides developers, we should also consult
> customers' options.
>
> I18N is a very big scope. It includes not only translation, but also
> Date/time format, number format,
> or even the input of non-English characters. Surely I18N will take some
> efforts. But considering
> OpenStack may have a long history, it deserve us to pay some time to work on
> it. We need to consider
> it carefully. Maybe we can just pick out several very popular
> locales/languages and work on these localization
> firstly. It will ensure we have a correct architecture to suppor I18N, with
> a not very big effort.
>
> I'd like to help on the process documenting.
>
> Regards
> Daisy
>
> 
openstack-bounces+guoyingc=cn.ibm@lists.launchpad.net wrote on
> 05/09/2012 12:55:48 AM:
>
>> Thierry Carrez 
>> Sent by: 
openstack-bounces+guoyingc=cn.ibm@lists.launchpad.net
>>
>> 05/09/2012 12:55 AM
>>
>> To
>>
>> openstack@lists.launchpad.net,
>>
>> cc
>
>
>>
>> Subject
>>
>> Re: [Openstack] i18n of log message
>>
>> Ying Chun Guo wrote:
>> > [...]
>> > So I prefer option 2. As it is said that   option 3 being not
>> > significantly more work than option 2, so option 3 is also acceptable
>> > for me.
>>
>> So there is no strong consensus so far :) One important prerequisite of
>> whatever solution we end up choosing is that it should be the same level
>> across all OpenStack core projects. Consistency is important... So we
>> should definitely ask PTLs which options they are ready to support, as
>> it may seriously reduce our options.
>>
>> We should also have a I18N advocacy czar that will push whatever option
>> is chosen to completion by documenting the process, encouraging CI /
>> translators / devs to do any needed work. Anyone up to it ?
>>
>> --
>> Thierry Carrez (ttx)
>> Release Manager, OpenStack
>>
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>
>
> __

Re: [Openstack] 'admin' role hard-coded in keystone and nova, and policy.json

2012-05-10 Thread Joshua Harlow 
I was also wondering about this, it seems there are lots of policy.json files 
with hard coded roles in them, which is weird since keystone supports the 
creation of roles and such, but if u create a role which isn't in a policy.json 
then u have just caused yourself a problem, which isn't very apparent...

On 5/10/12 2:32 PM, "Salman A Baset"  wrote:

It seems that 'admin' role is hard-coded cross nova and horizon. As a result if 
I want to define 'myadmin' role, and grant it all the admin privileges, it does 
not seem possible. Is this a recognized limitation?

Further, is there some good documentation on policy.json for nova, keystone, 
and glance?

Thanks.

Best Regards,

Salman A. Baset
Research Staff Member, IBM T. J. Watson Research Center
Tel: +1-914-784-6248


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Cannot get ssh-key in instance

2012-05-10 Thread livemoon 
George:

I can GET http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key in
instance.

Now I found some error about key injecting when launching instance:

2012-05-11 10:30:41 INFO nova.virt.libvirt.connection
[req-e9463bab-044f-4a79-a0a4-40499894fd51 faa39ad681294b8097070541cb62e91f
1b11ffe707ea44c49ba829a5b6859b00] [instance:
2977ba83-17b5-43d4-8a95-4a97fb6ab9dd] Injecting key into image
ea9903d1-098b-4f61-b87f-30d96778202f
2012-05-11 10:30:42 WARNING nova.virt.libvirt.connection
[req-e9463bab-044f-4a79-a0a4-40499894fd51 faa39ad681294b8097070541cb62e91f
1b11ffe707ea44c49ba829a5b6859b00] [instance:
2977ba83-17b5-43d4-8a95-4a97fb6ab9dd] Ignoring error injecting data into
image ea9903d1-098b-4f61-b87f-30d96778202f (
--
Failed to mount filesystem: Unexpected error while running command.
Command: sudo nova-rootwrap mount /dev/nbd15 /tmp/tmpYGGWcf
Exit code: 32
Stdout: ''
Stderr: 'mount: /dev/nbd15 already mounted or /tmp/tmpYGGWcf busy\n'
--
Failed to mount filesystem: Unexpected error while running command.
Command: sudo nova-rootwrap guestmount --rw -a
/data/openstack/nova/instances/instance-0014/disk -m /dev/sda
/tmp/tmpYGGWcf
Exit code: 1
Stdout: ''
Stderr: 'Traceback (most recent call last):\n  File
"/usr/bin/nova-rootwrap", line 69, in \n
 env=filtermatch.get_environment(userargs))\n  File
"/usr/lib/python2.7/subprocess.py", line 679, in __init__\nerrread,
errwrite)\n  File "/usr/lib/python2.7/subprocess.py", line 1249, in
_execute_child\nraise child_exception\nOSError: [Errno 2] No such file
or directory\n')
^C


On Thu, May 10, 2012 at 10:42 PM, George Mihaiescu
wrote:

> **
> Hi,
>
> First, check if nova-api is running on the host where your nova-network
> runs (same as nova-compute if using a multi_host=true setup).
>
> Second, using the console of the instance check if your instance can
> access the API service by doing a:
> *GET http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key*
>
> You can also read this doc for more info about the metadata service:
>
> http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/AESDG-chapter-instancedata.html
>
>
> George
>
>  --
>  *From:* openstack-bounces+george.mihaiescu=q9@lists.launchpad.net[mailto:
> openstack-bounces+george.mihaiescu=q9@lists.launchpad.net] *On Behalf
> Of *livemoon
> *Sent:* Thursday, May 10, 2012 9:26 AM
> *To:* Yong Sheng Gong
>
> *Cc:* openstack@lists.launchpad.net
> *Subject:* Re: [Openstack] Cannot get ssh-key in instance
>
> I am sure image is ok since of I use the same image in both older version
> installed via devstack on ubuntu11.10 and new version installed on
> ubuntu12.04.
>
> In older version, it can work well. but now it cannot. Am I missing
> something in nova.conf ?
>
> On Thu, May 10, 2012 at 8:29 PM, Yong Sheng Gong wrote:
>
>> have you started the instance with keypair?
>>
>>
>> -openstack-bounces+gongysh=cn.ibm@lists.launchpad.net wrote:
>> -
>>
>> To: livemoon  
>> From: Razique Mahroua 
>> Sent by: openstack-bounces+gongysh=cn.ibm@lists.launchpad.net
>> Date: 05/10/2012 06:29PM
>> Cc: openstack@lists.launchpad.net
>> Subject: Re: [Openstack] Cannot get ssh-key in instance
>>
>>  Hey livememon,
>> is it possible to see the content of the rc.local. Also, are other
>> instances able to reach the metadata server ?
>>
>>   livemoon 
>> 10 mai 2012 12:24
>>  I running an instance(ubuntu or centos), and it cannot get keypair.
>>
>> In ubuntu12.04, I have install cloud-init and in centos I have add some
>> command into /etc/rc.local
>>
>> There is some of instance's logs about cloud-init:
>>
>> cloud-init start-local running: Thu, 10 May 2012 10:17:33 +. up 4.47
>> seconds
>>
>> no instance data found in start-local
>>
>> ci-info: lo: 1 127.0.0.1   255.0.0.0   .
>>
>> ci-info: eth0  : 1 10.0.200.5  255.255.255.224 fa:16:3e:6a:30:7c
>>
>> ci-info: route-0: 0.0.0.0 10.0.200.1  0.0.0.0 eth0
>> UG
>>
>> ci-info: route-1: 10.0.200.0  0.0.0.0 255.255.255.224 eth0   U
>>
>> cloud-init start running: Thu, 10 May 2012 10:17:33 +. up 5.00 seconds
>>
>> no instance data found in start
>>
>> I think it maybe some missing in nova host, How to fix it?
>>
>>
>> --
>> 非淡薄无以明志,非宁静无以致远
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help : https://help.launchpad.net/ListHelp
>>
>>
>>  --
>> Razique Mahroua
>> Nuage & Co - Razique Mahroua
>> razique.mahr...@gmail.com
>>
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>>
>>
>
>
> --
> 非淡薄无以明志,非宁静无以致远
>



-- 
非淡薄无以明志,非宁静无以致远
<><>___
Mailing list: ht

Re: [Openstack] [Documentation] Missing section in documentation

2012-05-10 Thread Dolph Mathews 
There's a very related open review in progress concerning the auth_token
docs at http://keystone.openstack.org/ as well.

https://review.openstack.org/#/c/7217

-Dolph

On Thu, May 10, 2012 at 12:09 AM, Milind  wrote:

> Hi,
>
> In Admin installation document guide of Ubuntu 12.04  in the section 5.
> Installing OpenStack Compute and Image Service
>
> Following settings are missing.
>
> [filter:authtoken]
> paste.filter_factory = keystone.middleware.auth_token:filter_factory
> service_protocol = http service_host = *IP*
> service_port = 5000
> auth_host = *IP*
> auth_port = *35357 *
> auth_protocol = http
> auth_uri = http://*IP*:5000/
> admin_token = 012345SECRET99TOKEN012345
>
>
> This is very much annoying because lot of people are getting error when
> they try to upload image in glance and get the following error which also
> has type *"Unavilable"*
>
> *The request returned 503 Service Unavilable. This generally occurs on
> service overload or other transient outage. *
>
>
> Regards,
> Milind Patil
>
> +919890119176
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] glance keystone authentication problem

2012-05-10 Thread Shashi Kanth Boddula 
Ubuntu 12.04 Essex.

# glance index
Failed to show index. Got error:
You are not authenticated.
Details: 401 Unauthorized

This server could not verify that you are authorized to access the document
you requested. Either you supplied the wrong credentials (e.g., bad
password), or your browser does not understand how to supply the
credentials required.

 Authentication required

# glance --os_username=glance --os_password=glance --os_tenant=service
--os_auth_url=http://127.0.0.1:5000/v2.0 index

Failed to show index. Got error:
You are not authenticated.
Details: 401 Unauthorized

This server could not verify that you are authorized to access the document
you requested. Either you supplied the wrong credentials (e.g., bad
password), or your browser does not understand how to supply the
credentials required.

 Authentication required


---

In the keystone log file i see the error bellow.


2012-05-11 10:03:11 18461 INFO [keystone.middleware.auth_token]
Retrying validation
2012-05-11 10:03:11 18461 INFO [keystone.middleware.auth_token]
Keystone rejected admin token {'X-Auth-Token':
u'6f220a2e7e324bf4bd7a96040f364316'}, resetting
2012-05-11 10:03:11 18461  WARNING [keystone.middleware.auth_token] Invalid
user token: 238dc305de1e418b8b81bee4f648f984. Keystone response: {u'error':
{u'message': u'The request you have made requires authentication.',
u'code': 401, u'title': u'Not Authorized'}}.
2012-05-11 10:03:11 18461 INFO [keystone.middleware.auth_token] Invalid
user token - rejecting request



Not understanding where could be the problem.

glace user is mapped to admin role in the service tenant.

glance endpoint is created.

I have specified glance user name, password and the service tenant in
glance-api/registry files, and keystone authentication specified.


Anyone tell me what could be the problem?  Thank you.



-- 
Thanks & Regards,
Shashi Kanth
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] VM loses network conectivity

2012-05-10 Thread Carlos Alvarez 
Hi all.

I am using ubuntu 12.04 essex. 3.2.0-23-generic #36-Ubuntu SMP Tue Apr
10 20:39:51 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux.

After a while, with high traffic, the instances loses network and they
end being unreachables, only being able to connect using terminal. My
network/interfaces are


auto lo
iface lo inet loopback

# The primary network interface
auto bond0
iface bond0 inet manual
slaves eth0 eth1
bond_mode 4
bond_miimon 100
bond_downdelay 200
bond_updelay 200
bond_lacp_rate 1

auto vlan11
iface vlan11 inet static
address 10.1.8.13
netmask 255.255.255.0
gateway 10.1.8.1
dns-search despexds.net
vlan-raw-device bond0

auto vlan55
iface vlan55 inet manual
vlan-raw-device bond0

I've seen this,
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/584048 but it
is quite old and I think the patches are merged in the distribution I
am using. Also, as far as I understand, there they talk about bridge
changing mac address and I don't see it is happening.

Also, I've seen this, http://bugs.centos.org/view.php?id=5526 which
matches my case except I am using ubuntu.

Sorry if it is not the right list to post.


Thanks.
Carlos.

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Metering] Meeting agenda for today 16:00 UTC (May 10th, 2012)

2012-05-10 Thread Loic Dachary 
On 05/10/2012 02:14 PM, Loic Dachary wrote:
> Hi,
>
> The metering project team holds a meeting in #openstack-meeting, Thursdays at 
> 1600 UTC 
> . 
> Everyone is welcome.
> I propose an agenda based on the discussions we had on this list.
>
> http://wiki.openstack.org/Meetings/MeteringAgenda
> Topic: external API definition
>
>  * API defaults and API extensions
>  * API extension
>* extension= loads the  python module
>*  method query is called with the
>  * QUERY_STRING
>  * a handler to the storage
>  * a pointer to the configuration
>  * API calls common arguments
>* Datetime range : start and end
>  * Transparent cache for aggregation
>  * API defaults http://wiki.openstack.org/EfficientMetering#API
>* GET list components
>* GET list components meters (argument : name of the component)
>* GET list accounts
>* GET list of meter_type
>* GET list of events per account
>* GET sum of (meter_volume, meter_duration) for meter_type and account_id
>* other ?
>  * open discussion
>
For the record. There were too many issues raised during the meeting to agree 
on the API. Instead, another meeting was scheduled and the agenda calendar 
postponed for a week. 
http://wiki.openstack.org/Meetings/MeteringAgenda?action=diff&rev2=20&rev1=19

==
#openstack-meeting Meeting
==


Meeting started by dachary at 16:00:22 UTC.  The full logs are available
at
http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-10-16.00.log.html
.



Meeting summary
---

* LINK: https://lists.launchpad.net/openstack/msg11523.html  (dachary,
  16:00:22)
* actions from previous meetings  (dachary, 16:00:22)
  * LINK:

http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-03-16.00.html
(dachary, 16:00:22)
  * dachary removed obsolete comment about floating IP
http://wiki.openstack.org/EfficientMetering?action=diff&rev2=70&rev1=69
(dachary, 16:00:22)
  * dachary o6 : note that the resource_id is the container id.
http://wiki.openstack.org/EfficientMetering?action=diff&rev2=71&rev1=70
(dachary, 16:00:23)
  * The discussion about adding the source notion to the schema took
place on the mailing list
https://lists.launchpad.net/openstack/msg11217.html  (nijaba,
16:01:25)
  * The conclusion was to add a source field to the event record, but no
additional record type to list existing sources.  (nijaba, 16:01:25)
  * jd___ add Swift counters, add resource ID info in counter
definition, describe the table
http://wiki.openstack.org/EfficientMetering?action=diff&rev2=57&rev1=54
(jd___, 16:03:08)

* meeting organisation  (dachary, 16:04:37)
  * This is 2/5 meetings to decide the details of the architecture of
the Metering project https://launchpad.net/ceilometer  (dachary,
16:04:37)
  * Today's focus is on the definition of external REST API  (dachary,
16:04:37)
  * There has not been enough discussions on the list to cover all
aspects and the focus of this meeting was modified to cope with it.
(dachary, 16:04:37)
  * The meeting is time boxed and there will not be enough time to
introduce inovative ideas and research for solutions.  (dachary,
16:04:37)
  * The debate will be about the pro and cons of the options already
discussed on the mailing list.  (dachary, 16:04:38)
  * LINK: https://lists.launchpad.net/openstack/msg11368.html  (dachary,
16:04:38)

* API defaults and API extensions  (dachary, 16:05:28)
  * AGREED: Ceilometer shouldn't invent its own API extensions
mechanism... it should use the system in Nova.  (dachary, 16:09:20)
  * LINK: https://github.com/cloudbuilders/openstack-munin  (dachary,
16:10:18)
  * LINK: https://github.com/sileht/openstack-munin  (dachary, 16:10:23)
  * ACTION: dachary add info to the wiki on the topic of poll versus
push  (dachary, 16:12:17)

* API defaults  (dachary, 16:13:08)
  * GET list components  (dachary, 16:13:14)
  * GET list components meters (argument : name of the component)
(dachary, 16:13:14)
  * GET list [user_id|project_id|source]  (dachary, 16:13:14)
  * GET list of meter_type  (dachary, 16:13:14)
  * GET list of events per [user_id|project_id|source] ( allow to
specify user_id or project_id  (dachary, 16:13:14)
  * GET sum of (meter_volume, meter_duration) for meter_type and
[user_id|project_id|source]  (dachary, 16:13:15)
  * other ?  (dachary, 16:13:16)
  * GET list of events per user_id && project_id  (dachary, 16:14:20)
  * LINK: http://wiki.openstack.org/OpenStackRESTAPI  (dachary,
16:15:48)
  * LINK: http://wiki.openstack.org/EfficientMetering#Meters  (dachary,
16:16:48)
  * LINK: http://wiki.openstack.org/EfficientMetering#API  (nijaba,
16:23:45)
  * AGREED: all meters have a [start,end[  ( start <= timestamp