[openstack-dev] [Congress] Error running scripts/run_api_server
Hi, I recently cloned the latest Congress source code and tried to run unit-tests on my Ubuntu PC. Using *scripts/run_api_server*, I found this following error: *Jun 20 11:28:11|0|__main__|INFO|Starting congress server* *Traceback (most recent call last):* * File /usr/lib/python2.7/dist-packages/eventlet/greenpool.py, line 80, in _spawn_n_impl* *func(*args, **kwargs)* * File server.py, line 82, in ad_update_thread* *ad_model.update_from_ad() # XXX: blocks eventlet* * File /home/madhu/Project/policyFW/congress/congress/server/ad_sync.py, line 72, in update_from_ad* *l.simple_bind_s(BIND_USER, BIND_PW)* * File /usr/lib/python2.7/dist-packages/ldap/ldapobject.py, line 206, in simple_bind_s* *msgid = self.simple_bind(who,cred,serverctrls,clientctrls)* * File /usr/lib/python2.7/dist-packages/ldap/ldapobject.py, line 200, in simple_bind* *return self._ldap_call(self._l.simple_bind,who,cred,EncodeControlTuples(serverctrls),EncodeControlTuples(clientctrls))* * File /usr/lib/python2.7/dist-packages/ldap/ldapobject.py, line 96, in _ldap_call* *result = func(*args,**kwargs)* *SERVER_DOWN: {'desc': Can't contact LDAP server}* *(5065) wsgi starting up on http://0.0.0.0:8080/ http://0.0.0.0:8080/* Does other guys face this error too ? Am i missing any prerequisite to run the congress unit-test ? make was successful and had no issues. Please suggest a way to proceed further. Thanks and Regards, Madhu Mohan ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Mistral] Start task, and support for 'requires' / reverse workflow.
Just a clarification: “reverse” flow is what I usually call “dependency based flow” when we specify dependencies between tasks rather then direct transitions (do this then on success do that). * Put it off till the engine refactoring, factor the requirement of supporting two modes into the refactoring. It will be easy to do, but takes the longest. I personally would prefer this latest option since I don’t see any rush with refactoring the current API/impl to have two separate workflow types right now. Renat Akhmerov @ Mirantis Inc. On 20 Jun 2014, at 12:33, Dmitri Zimine dzim...@stackstorm.com wrote: https://review.openstack.org/#/c/100390/ Angus asked: Why do we even need start: start-task? Can't we parse the workbook and figure out what to run? Tasks at the bottom of the tree have no on-{fail,success} and then follow upwards until you find a task that is not referenced by anything. Yes we can do this (patch almost ready). And It makes a perfect behavior for a direct flow [1]: all the top-level tasks begin to execute in parallel, and dependent tasks scheduled as dependencies resolve. No need to specify . Parallel execution is a default, unless explicitly constrained by on-success/on-error/on-finish. But for Reversed flow [2] it’s a BIG change of behavior. Instead of running only a subflow to satisfy a target task, it will run all the tasks (respecting dependencies). This is not practical. Eventually we want to support both direct and reverse as two types of workflow, without mixing the two syntaxes within the same workflow. This will require big refactoring (already planned). On the Atlanta summit we agreed to temporarily drop reversed workflow and re-introduce it later. [3] The start task in the API is a big pain for a direct flow. How should we proceed? Options I can think of: * Drop ‘reverse flow’ right now, stabilize ‘direct flow', reintroduce ‘reverse flow’ later (next cycle). This will give us a clean final API on a good set of functionality, [almost] immediately. * Introduce two workflow types and correspondent API changes/additions on the current code base, before refactoring. * Put it off till the engine refactoring, factor the requirement of supporting two modes into the refactoring. It will be easy to do, but takes the longest. Other options? Opinions? Requests? DZ [1] Direct flow has dependencies expressed by on-success/on-error/on-finish keyword on an upstream task [2] Reverse flow is where dependencies are expressed by requires keyword on a downstream, dependent task [3] https://etherpad.openstack.org/p/mistral-post-POC-questions ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [Cinder] request to review bug 1307491
HI All, Could someone please, review the bug https://bugs.launchpad.net/cinder/+bug/1307491 Fixes cinder quota-update with wrong tenant-id quota-update returns 200 (OK) even though specified tenant-id does not exist. cinder quota-update wrong-tenant --gigabytes 2 The fix has been applied so that quota-update with wrong tenant-id will display an error with TenantID not found Here is the link for review: https://review.openstack.org/#/c/95464/ -- *Regards,* *Harshada Kakad* ** *Sr. Software Engineer* *C3/101, Saudamini Complex, Right Bhusari Colony, Paud Road, Pune – 411013, India* *Mobile-9689187388* *Email-Id : harshada.ka...@izeltech.com harshada.ka...@izeltech.com* *website : www.izeltech.com http://www.izeltech.com* -- *Disclaimer* The information contained in this e-mail and any attachment(s) to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information of Izel Technologies Pvt. Ltd. If you are not the intended recipient, you are notified that any review, use, any form of reproduction, dissemination, copying, disclosure, modification, distribution and/or publication of this e-mail message, contents or its attachment(s) is strictly prohibited and you are requested to notify us the same immediately by e-mail and delete this mail immediately. Izel Technologies Pvt. Ltd accepts no liability for virus infected e-mail or errors or omissions or consequences which may arise as a result of this e-mail transmission. *End of Disclaimer* ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Octavia] PTL and core team members
On Thu, 2014-06-19 at 20:36 -0700, Dustin Lundquist wrote: Dolph, I appreciate the suggestion. In the mean time how does the review process work without core developers to approve gerrit submissions? If you're just getting started, have a small number (possibly just 1 to begin with) of developers collaborate closely, with the minimum possible process and then use that list of developers as your core review team when you gradually start adopting some process. Aim to get from zero to bootstrapped with that core team in a small number of weeks at most. Minimum possible process could mean a git repo anywhere that those initial developers have direct push access to. You could use stackforge from the beginning and the developers just approve their own changes, but that's a bit annoying. Mark. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [all] Juno setup
Hi All I want to create a juno setup. Please guide me through any links or processes that needs to be followed to have this setup. *Thanks Regards*, Yogesh Prasad. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Fuel] [OSTF] OSTF stops working after password is changed
+1 for #2. ~Sergii On Fri, Jun 20, 2014 at 1:21 AM, Andrey Danin ada...@mirantis.com wrote: +1 to Mike. Let the user provide actual credentials and use them in place. On Fri, Jun 20, 2014 at 2:01 AM, Mike Scherbakov mscherba...@mirantis.com wrote: I'm in favor of #2. I think users might not want to have their password stored in Fuel Master node. And if so, then it actually means we should not save it when user provides it on HealthCheck tab. On Thu, Jun 19, 2014 at 8:05 PM, Vitaly Kramskikh vkramsk...@mirantis.com wrote: Hi folks, We have a bug https://bugs.launchpad.net/fuel/+bug/1281838 which prevents OSTF from working if user changes a password which was using for the initial installation. I skimmed through the comments and it seems there are 2 viable options: 1. Create a separate user just for OSTF during OpenStack installation 2. Provide a field for a password in UI so user could provide actual password in case it was changed What do you guys think? Which options is better? -- Vitaly Kramskikh, Software Engineer, Mirantis, Inc. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Mike Scherbakov #mihgen ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Andrey Danin ada...@mirantis.com skype: gcon.monolake ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron][group-based-policy] GP mapping driver
GP should support applying policy on exist openstack deployment, so neither implicit mapping nor intercepting works well. maybe the explicit associating model is best: associate EPG with exist neutron network object (policy automatically applied to all ports on it), or with single port object (policy applied only on this port). By this way GP will be more loosely coupled with Neutron core than the spec sample: boot vm from a grand-new EP object, which need rewrite nova vif-plug, and only support new deployment. It is suitable to put GP in orchestration layer, etc, Heat, without bothering nova code. Boot vm from EPG can be interpreted by ochestration with: 1) create port from network associated with EGP; 2) boot nova from port. In the future we may also need a unified abstract policy template across compute/stroage/network. And, it's not a good idea to intercept neutron port create api for implicitly EP binding(I don't know if this has been removed now), for it severely break the hierarchy relationship between GP and neutron core. the link from GP wiki to an ODL page clearly shows that GP should be layered on top of both neutron and ODL(1st graph). http://webcache.googleusercontent.com/search?q=cache:https://wiki.opendaylight.org/view/Project_Proposals:Application_Policy_Plugin#Relationship_with_OpenStack.2FNeutron_Policy_Model (this link has hidden all picture from this week so I have to give the google cache) ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [neutron] [Qos] Question about rate limit for VM use OVS
Hi folks, Anyone try that rate limit configuration for OVS(port)? Now i am trying to implement it on my ovs_lib.py, actually it just call OVS command[1]. There is a way to do that for me: sudo ovs-vsctl set port tap42d7bb69-68 qos=@newqos \ -- --id=@newqos create qos type=linux-htb \ other-config:max-rate=2 queues=0=@q0\ \ -- --id=@q0 create queue \ other-config:min-rate=2 \ other-config:max-rate=2 Then i test it use iperf, the vm ingress rate limit just work fine about 25MB/s. but the vm egress rate is as well as None QoS, close to the eth nic on host speed. Can anybody explain me why my getting fail? thanks! [1]. http://dannykim.me/danny/openflow/57771 Kind regards, Mr. Joe Jiang___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova][Oslo.cfg] Configuration string substitution
Hi, On Wed, Jun 18, 2014 at 4:47 AM, Gary Kotton gkot...@vmware.com wrote: Hi, I have encountered a problem with string substitution with the nova configuration file. The motivation was to move all of the glance settings to their own section (https://review.openstack.org/#/c/100567/). The glance_api_servers had default setting that uses the current glance_host and the glance port. This is a problem when we move to the ‘glance’ section. First and foremost I think that we need to decide on how we should denote the string substitutions for group variables and then we can dive into implementation details. Does anyone have any thoughts on this? My thinking is that when we use we should use a format of $group.key. An example is below. Do we need to set the variable off somehow to allow substitutions that need the literal '.' after a variable? How often is that likely to come up? I would suggest to introduce a different form of placeholder for this like: default=['${glance.host}:${glance.port}'] similar to how variable substitutions are handled in Bash. IMO, this is more readable and easier to parse. -Rado ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [all] Juno setup
Hi Yogesh, Juno is not released yet. The closest you can get is master. So clone devstack and run ./stack.sh. Thanks, Ajaya Cheers, Ajaya On Fri, Jun 20, 2014 at 12:38 PM, Yogesh Prasad yogesh.pra...@cloudbyte.com wrote: Hi All I want to create a juno setup. Please guide me through any links or processes that needs to be followed to have this setup. *Thanks Regards*, Yogesh Prasad. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [Fuel] RIP linux as a boot option for PXE nodes
Vladimir has a proposal to add rescue livecd image as a boot option for PXE nodes. I think it is a great idea. If anyone has other opinions, please reply. Miroslav, could you be a reviewer for this blueprint? Anastasia, could you propose someone for QA? https://blueprints.launchpad.net/fuel/+spec/rip-linux-pxe-options ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [nova][vmware] Future of Vim and PBM in Nova: summary of IRC discussion
For anybody who missed it, we discussed the following 2 outstanding reviews yesterday: vmwareapi oslo.vmware library integration https://review.openstack.org/#/c/70175/ VMware: initial support for SPBM https://review.openstack.org/#/c/6/ The issue is that oslo.vmware already contains nascent support for SPBM, so these are really 2 patches trying to achieve the same thing by different, incompatible means. After some discussion, we agreed that we would abandon the Nova SPBM patch to concentrate on the oslo.vmware patch. This patch has languished, but Vui is going to bring it up to date. It also has an approved BP. We also agreed that we only want 1 refactor review queue. As the oslo.vmware patch touches so much code, it inevitably conflicts with the spawn refactor. Therefore we will either rebase oslo.vmware on to the spawn refactor, or vice versa. As both patch sets are primarily on Vui, he will make the call about which is least disruptive. Radoslav has identified some non-disruptive cleanup work which he originally put into the Nova SPBM patch. He will now move this into oslo.vmware. This cleanup will be 100% backwards compatible, requiring no client updates whatsoever to continue working. We also need to add some additional features to SPBM support in oslo.vmware. These will be added, ensuring they don't impact any existing Vim users, and the oslo.vmware version bumped. I am continuing to advocate a significant rewrite of the Vim API. However, as we aren't proposing any backwards incompatible changes at the moment there is no current incentive to bring this forward. Matt -- Matthew Booth Red Hat Engineering, Virtualisation Team Phone: +442070094448 (UK) GPG ID: D33C3490 GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490 ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [nova][vmware] Future of Vim and PBM in Nova: summary of IRC discussion
+1 to concentrate on oslo.vmware and thanks for the update! On Fri, Jun 20, 2014 at 6:47 AM, Matthew Booth mbo...@redhat.com wrote: For anybody who missed it, we discussed the following 2 outstanding reviews yesterday: vmwareapi oslo.vmware library integration https://review.openstack.org/#/c/70175/ VMware: initial support for SPBM https://review.openstack.org/#/c/6/ The issue is that oslo.vmware already contains nascent support for SPBM, so these are really 2 patches trying to achieve the same thing by different, incompatible means. After some discussion, we agreed that we would abandon the Nova SPBM patch to concentrate on the oslo.vmware patch. This patch has languished, but Vui is going to bring it up to date. It also has an approved BP. We also agreed that we only want 1 refactor review queue. As the oslo.vmware patch touches so much code, it inevitably conflicts with the spawn refactor. Therefore we will either rebase oslo.vmware on to the spawn refactor, or vice versa. As both patch sets are primarily on Vui, he will make the call about which is least disruptive. Radoslav has identified some non-disruptive cleanup work which he originally put into the Nova SPBM patch. He will now move this into oslo.vmware. This cleanup will be 100% backwards compatible, requiring no client updates whatsoever to continue working. We also need to add some additional features to SPBM support in oslo.vmware. These will be added, ensuring they don't impact any existing Vim users, and the oslo.vmware version bumped. I am continuing to advocate a significant rewrite of the Vim API. However, as we aren't proposing any backwards incompatible changes at the moment there is no current incentive to bring this forward. Matt -- Matthew Booth Red Hat Engineering, Virtualisation Team Phone: +442070094448 (UK) GPG ID: D33C3490 GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490 ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Davanum Srinivas :: http://davanum.wordpress.com ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [nova][vmware] Future of Vim and PBM in Nova: summary of IRC discussion
Hi, Thanks for the updated mail. I have a number of comments: 1. I agree with the proposed changes regarding the SPBM. I think that the proposal and changes put forward by Radoslav are great. 2. It would be nice to see the integration of the oslo.vmware code. This is pending the spawn rewrite, and a number of other patches in review. So hopefully with a little help and eyes on those reviews we will be able to move forwards with this. 3. Regarding the VIM rewrite proposal. I am not 100% sure what you want to achieve here. I think that it would actually rock the boat and cause a lot of instability. Over the course of the last 3 cycles we have worked very hard to stabilize the Vmware driver. The initial idea was to do a forklift to oslo and then address issues there (supporting the existing API¹s - currently used by Glance and Ceilometer, and a WIP Nova patch). If the new proposal can be be implemented under the existing API¹s then great. If not I think that it will be a wrong direction at the moment. Sadly we are in a mode where we are all stalled on the spawn rewrites. I think that once we have upgraded to oslo then we can open the discussion again. In addition to this there is also the idea of upgrading to pyvmomi in the future, which may also require a rewrite of the code in oslo. My two cents here, lets wait. Regarding the proposed spec it would be great if you could actually add in the proposed API¹s and their comparison to the existing ones. That would give the community a clear picture on what is required. Yeah, things can be improved, but lets at least have a concrete plan on how to do that and not go on a wild journey and have to revert everything a few months down the line. Thanks Gary On 6/20/14, 1:47 PM, Matthew Booth mbo...@redhat.com wrote: For anybody who missed it, we discussed the following 2 outstanding reviews yesterday: vmwareapi oslo.vmware library integration https://review.openstack.org/#/c/70175/ VMware: initial support for SPBM https://review.openstack.org/#/c/6/ The issue is that oslo.vmware already contains nascent support for SPBM, so these are really 2 patches trying to achieve the same thing by different, incompatible means. After some discussion, we agreed that we would abandon the Nova SPBM patch to concentrate on the oslo.vmware patch. This patch has languished, but Vui is going to bring it up to date. It also has an approved BP. We also agreed that we only want 1 refactor review queue. As the oslo.vmware patch touches so much code, it inevitably conflicts with the spawn refactor. Therefore we will either rebase oslo.vmware on to the spawn refactor, or vice versa. As both patch sets are primarily on Vui, he will make the call about which is least disruptive. Radoslav has identified some non-disruptive cleanup work which he originally put into the Nova SPBM patch. He will now move this into oslo.vmware. This cleanup will be 100% backwards compatible, requiring no client updates whatsoever to continue working. We also need to add some additional features to SPBM support in oslo.vmware. These will be added, ensuring they don't impact any existing Vim users, and the oslo.vmware version bumped. I am continuing to advocate a significant rewrite of the Vim API. However, as we aren't proposing any backwards incompatible changes at the moment there is no current incentive to bring this forward. Matt -- Matthew Booth Red Hat Engineering, Virtualisation Team Phone: +442070094448 (UK) GPG ID: D33C3490 GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490 ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [cinder] Minimum Driver Features for juno
Hi All, Please tell me what are the minimum Driver Features for juno release. -- *Thanks Regards*, Yogesh Prasad. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Horizon] Quick Survey: Horizon Mid-Cycle Meetup
On 2014/19/06 09:58, Matthias Runge wrote: On Wed, Jun 18, 2014 at 10:55:59AM +0200, Jaromir Coufal wrote: My quick questions are: * Who would be interested (and able) to get to the meeting? * What topics do we want to discuss? https://etherpad.openstack.org/p/horizon-juno-meetup Thanks for bringing this up! Do we really have items to discuss, where it needs a meeting in person? Matthias I am not sure TBH, that's why I added also the Topic section to figure out if there is something what needs to be discussed. Though I don't see much interest yet. -- Jarda ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [cinder] Minimum Driver Features for juno
I'm pretty sure they haven't changed from Icehouse, see https://github.com/openstack/cinder/blob/master/doc/source/devref/drivers.rst On 20 June 2014 12:49, Yogesh Prasad yogesh.pra...@cloudbyte.com wrote: Hi All, Please tell me what are the minimum Driver Features for juno release. -- Thanks Regards, Yogesh Prasad. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Duncan Thomas ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] 答复: [Heat] fine grained quotas
There's a maintenance and testing cost to the added complexity, and as far as I can tell, no solid use-case. Under what circumstance would a cloud provider want different limits for different tenants? What concrete problem does it solve? On 20 June 2014 04:35, Huangtianhua huangtian...@huawei.com wrote: Hi, Clint, Thank you for your comments on my BP and code! The BP I proposed is all about putting dynamic, admin-configurable limitations on stack number per tenant and stack complexity. Therefore, you can consider my BP as an extension to your config file-based limitation mechanism. If the admin does not want to configure fined-grained, tenant-specific limits, the values in config become the defalut values of those limits. And just like only an Admin can config the limit items in the config file, the limit update and delete APIs I proposed are also Admin-only. Therefore, users can not set those values by themselves to break the anti-DoS capability you mentioned. The reason I want to introduce the APIs and the dynamic configurable capability to those limits mainly lies in that, since various tenants have various underlying resource quota, and even various template/stack complexity requirements, I think a global, static-configured limitation mechanism could be refined to echo user requirements better. Your idea? By the way, I do think that, the DoS problem is interesting in Heat. Can we have more discussion on that? Thanks again! -邮件原件- 发件人: Clint Byrum [mailto:cl...@fewbar.com] 发送时间: 2014年6月20日 6:33 收件人: openstack-dev 主题: Re: [openstack-dev] [Heat] fine grained quotas Excerpts from Randall Burt's message of 2014-06-19 15:21:14 -0700: On Jun 19, 2014, at 4:17 PM, Clint Byrum cl...@fewbar.com wrote: I was made aware of the following blueprint today: http://blueprints.launchpad.net/heat/+spec/add-quota-api-for-heat http://review.openstack.org/#/c/96696/14 Before this goes much further.. I want to suggest that this work be cancelled, even though the code looks excellent. The reason those limits are in the config file is that these are not billable items and they have a _tiny_ footprint in comparison to the physical resources they will allocate in Nova/Cinder/Neutron/etc. IMO we don't need fine grained quotas in Heat because everything the user will create with these templates will cost them and have its own quota system. The limits (which I added) are entirely to prevent a DoS of the engine. What's more, I don't think this is something we should expose via API other than to perhaps query what those quota values are. It is possible that some provider would want to bill on number of stacks, etc (I personally agree with Clint here), it seems that is something that could/should be handled external to Heat itself. Far be it from any of us to dictate a single business model. However, Heat is a tool which encourages consumption of billable resources by making it easier to tie them together. This is why FedEx gives away envelopes and will come pick up your packages for free. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Duncan Thomas ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Neutron][dhcp] Agent manager customization
Hi everyone, Draft neutron spec has been defined to cover such case: https://review.openstack.org/99356 Thanks for your feedbacks, Cedric (zzelle at irc http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev) On Thu, Jun 5, 2014 at 7:27 PM, ZZelle zze...@gmail.com wrote: Hi everyone, I would like to propose a change to allow/simplify dhcp agent manager customization (like the l3-agent-consolidation spec) and i would like the community feedback. Just to precise my context, I deploy OpenStack for small specific business use cases and i often customize it because of specific use case needs. In particular sometimes i must customize dhcp agent behavior in order to: - add custom iptables rules in the dhcp namespace (on dhcp post-deployment), - remove custom iptables rules in the dhcp namespace (on dhcp pre-undeployment), - start an application like the metadata-proxy in the dhcp namespace for isolated networks (on dhcp post-deployment/update), - stop an application in the dhcp namespace for isolated networks (on dhcp pre-undeployment/update), - etc ... Currently (Havana,Icehouse), i create my own DHCP agent manager which extends neutron one and allows to define pre/post dhcp (un)deployment And I replace neutron-dhcp-agent binary, indeed it's not possible to change/hook dhcp agent manager implementation by configuration. What would be the correct way to allow dhcp agent manager customization ? For my need, allowing to: - specify dhcp agent manager implementation through configuration and - add 4 methods (pre/post dhcp (un)deployment)in dhcp manager workflow with empty implementation that can replaced using subclass would be enough. Based on other needs, a mechanism principle could be better or a monkey_patch approach (as in nova) could be more generic. I have the feeling that the correct way mustly depends on how such feature could interest the community. Thanks for your feedbacks, Cedric (zzelle at irc http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev) ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Horizon] Quick Survey: Horizon Mid-Cycle Meetup
On 20/06/14 13:56, Jaromir Coufal wrote: On 2014/19/06 09:58, Matthias Runge wrote: On Wed, Jun 18, 2014 at 10:55:59AM +0200, Jaromir Coufal wrote: My quick questions are: * Who would be interested (and able) to get to the meeting? * What topics do we want to discuss? https://etherpad.openstack.org/p/horizon-juno-meetup Thanks for bringing this up! Do we really have items to discuss, where it needs a meeting in person? Matthias I am not sure TBH, that's why I added also the Topic section to figure out if there is something what needs to be discussed. Though I don't see much interest yet. Apart from the split, I also work on configuration files rework, which could benefit from discussion, but i think it's better done here or on the wiki/etherpad, as that leaves tangible traces. I will post a detailed e-mail in a few days. Other than that, I don't see a compelling reason to organize it. -- Radomir Dopieralski ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Neutron][LBaaS] Great Mid-cycle Sprint
+1 to what Brandon just said. :) Seriously, though-- this week was nothing short of amazing! It's great to have such a wonderful team to work with, eh! And yes-- special thanks to Mark McClain and Kyle Mestery for being willing to come out and work so hard with us to make so much progress in such little time. LBaaS in Juno is going to kick ass! Stephen On Thu, Jun 19, 2014 at 9:17 PM, Brandon Logan brandon.lo...@rackspace.com wrote: Greetings all, I'd like to thank everyone who attended the LBaaS mid-cyle sprint for taking the time and effort to make the trip to San Antonio. This was a very productive sprint in all forms: direction, consensus, blueprints, documentation, and of course code. It was just great to be able to get so much done and have a clearer idea on the direction this project is headed. I'd like to especially thank Kyle Mestery and Mark Mcclain for taking the time out of their busy schedules to direct, teach, and giving us help where and when we needed. The fact that they managed to have the patience for three full days of this is just amazing. Actually, them having the patience over the last few months and still willing to help is just short of miraculous. Thanks again guys, you are great! I look forward to continuing to work with everyone on this and other projects. We've got a lot to do but we'll be able to accomplish everything we want if we continue to work together. Thanks again to all involved! Brandon ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Stephen Balukoff Blue Box Group, LLC (800)613-4305 x807 ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [Oslo] Translating log and exception messages in Oslo libraries
Hi I'm not sure we've ever discussed this before, but I had previously figured that we shouldn't translate log and exception messages in oslo.messaging. My thinking is: - it seems like an odd thing for a library to do, I don't know of examples of other libraries doing this .. but I haven't gone looking - it involves a dependency on oslo.i18n - more than just marking strings for translation and using gettextutils, you also need to set up the infrastructure for pushing the .pot files to transifex, pulling the .po files from .transifex and installing the .mo files at install time I don't feel terribly strongly about this except that unless someone is willing to see this through and do the transifex and install-time work, we shouldn't be doing the use-oslo.i18n and mark-strings-for-translation work. Mark. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [Neutron][LBaaS] and [Octavia] haproxy-1.5.0 is out
The wait is over on this one! -- Forwarded message -- From: Willy Tarreau w...@1wt.eu Date: Thu, Jun 19, 2014 at 12:54 PM Subject: [ANNOUNCE] haproxy-1.5.0 To: hapr...@formilux.org Hi everyone, The list has been unusually silent today, just as if everyone was waiting for something to happen :-) Today is a great day, the reward of 4 years of hard work. I'm announcing the release of HAProxy 1.5.0. For people who don't follow the development versions, here are the most noticeable features that 1.5 brings over 1.4 : - native SSL support on both sides with SNI/NPN/ALPN and OCSP stapling. - IPv6 and UNIX sockets are supported everywhere - end-to-end HTTP keep-alive for better support of NTLM and improved efficiency in static farms - HTTP/1.1 response compression (deflate, gzip) to save bandwidth - PROXY protocol versions 1 and 2 on both sides - data sampling on everything in request or response, including payload - ACLs can use any matching method with any input sample - maps and dynamic ACLs updatable from the CLI - stick-tables support counters to track activity on any input sample - custom format for logs, unique-id, header rewriting, and redirects - improved health checks (SSL, scripted TCP, check agent, ...) - much more scalable configuration supports hundreds of thousands of backends and certificates without sweating Since dev26, a few bugs were fixed, and some low-importance things were integrated. Basic OCSP stapling support from Dirkjan and Emeric was finally merged. Sasha's header replace actions were merged as well. I've added a few more info in the stats page (avg response times) and CSV output (health check status), added support for PROXY v2 on the accept side, and added the capture action on tcp-request in order to log contents such as SNI or payload. Rémi's dh-param was finally integrated. People love numbers, so here are a few : From 1.4.0 to 1.5.0, we had : - 1574 calendar days (4 yr 3 mon) - 26 development versions (one every 2 months on average) - 540 bugs fixed (387 added during 1.5, 153 affecting 1.4 as well) - 2549 commits - 683 unique commit dates (at least this many days worked) - up to 24 commits per day - 69712 lines removed, 122279 lines added - many extremely useful bug reports (too many to list) - 73 code/doc contributors : Adrian Bridgett, Alex Davies, Aman Gupta, Andreas Kohn, Apollon Oikonomopoulos, Arnaud Cornet, Baptiste Assmann, Bertrand Jacquin, Bhaskar Maddala, Conrad Hoffmann, Cyril Bonté, Daniel Schultze, David BERARD, David Cournapeau, David S, David du Colombier, Delta Yeh, Dirkjan Bussink, Dmitry Sivachenko, Emeric Brun, Emmanuel Hocdet, Evan Broder, Finn Arne Gangstad, Gabor Lekeny, Geoff Bucar, Wei Zhao, Guillaume Castagnino, Guillaume de Lafond, Hervé COMMOWICK, Hiroaki Nakamura, James Voth, Jamie Gloudon, Jarno Huuskonen, Joe Williams, Joshua M. Clulow, Julien Vehent, Justin Karneges, Kevin Hester, Kevin Musker, Kristoffer Grönlund, Krzysztof Piotr Oledzki, Lukas Tribus, Marc-Antoine Perennou, Mark Lamourine, Mathieu Trudel, Michael Scherer, Neil Prockter, Nenad Merdanovic, Nick Chalk, Olivier Burgard, Oskar Stolc, Patrick Mézard, Pieter Baauw, Prach Pongpanich, Rauf Kuliyev, Remi Gacogne, Sagi Bashari, Sasha Pachev, Sean Carey, Sergiy Prykhodko, Simon Horman, Simone Gotti, Stathis Voukelatos, Tait Clarridge, Thierry Fournier, Todd Lyons, Vincent Bernat, William Lallemand, William Turner, Willy Tarreau, Yuxans Yao, Yves Lafon. Additionally, we are very thankful to a few organisations who have sponsored the development of certain advanced features which required to dedicate a person or a team for a significant amount of time (I hope I have not missed any) : - HAProxy Technologies (formerly Exceliance) - Loadbalancer.org - StackOverflow - SmartFile - SmugMug - ImageShack Don't forget to offer a beer to your distro packagers who make your life easier. It's hard to list them all, but if you don't build from sources, you're likely running a package made and maintained by one of these people : - debian: Vincent Bernat, Apollon Oikonomopoulos, Prach Pongpanich - Fedora: Ryan O'hara - OpenSuSE: Marcus Rückert - other? just report yourself! And last, I'd like to assign a special mention to our most active mailing list supporters during that period who make the project a reality by off- loading the support task from developers, and kindly help our 800 permanent subscribers on a daily basis, BIG THANKS to you guys : - Baptiste Assmann - Lukas Tribus - Cyril Bonté - Jonathan Matthews - Thomas Heil For the HAProxy development team here in France, it will be time to do some errands and buy some Champagne to celebrate the event :-) Now the practical things. 1.5 now enters in maintenance status and the development continues with 1.6-dev0 which is the exact equivalent of 1.5.0. The links have been updated below. Note the removal of
Re: [openstack-dev] [TripleO] pacemaker management tools
Hello, guy! I've just saw your thread and I have something to say about your topic. What management tools are there? The old time pacemaker users of course will name crm shell first (crmsh package). It allows interacive configuration by enetering commands like this: crm configure primitive test1 ocf:pacemaker:Dummy crm configure primitive test2 ocf:pacemaker:Dummy crm configure primitive test3 ocf:pacemaker:Dummy crm configure colocatin test2_with_test1 100: test2 test1 crm configure order test3_after_test2 200: test2 test3 crm status Or by using editor: crm configure edit There is also crm status and other usefull stuff. This days crm is not developed anymore and considered unsupported and depricated. Most distributions will not have it packaged at all. The newer configuration tools is pcs (pcs package). It allows intercative configuration and status monitoring too. pcs resource create test1 ocf:pacemaker:Dummy pcs resource create test2 ocf:pacemaker:Dummy pcs resource create test3 ocf:pacemaker:Dummy pcs constraint colocation add test2 test1 100 pcs status But it lacks crm's interctive shell and very convinient editor featutres. Pcs should be included in all moders distributions. There are also basic tools written in C that come together with pacemaker itself and any sane distribution should include them. https://github.com/ClusterLabs/pacemaker/tree/master/tools Some of them can be very convinient even for intercative use. Both pcs and crm are just python wrappers that call basic C tools as a backend or parse XML cib. What options do we have to generate and/or manage pacemaker configuration? In most cases it boils down to either adding and removing configuration elements during the installation or the runtime or to importing of the precreated configuration. YOur scripts can use crm/pcs to create primitives and constraints one by one as would human do. Or you can describe the entire configuration and then just import it. Of couse you can always write pcs/crm calls to a shell script and just run it. crm can even run batch chages in one transaction like this: config.crm: configure property stonith-enabled=false property no-quorum-policy=ignore primitive test1 ocf:pacemaker:Dummy primitive test2 ocf:pacemaker:Dummy primitive test3 ocf:pacemaker:Dummy colocation test2_with_test1 100: test2 test1 order test3_after_test2 200: test2 test3 commit then crm -f config.crm use --force if needed pcs has no single transaction update capabilities but you can use shell script and shadow/commit if you really want transaction The other solution would be to import precreated XML file as a patch: diff diff-added cib configuration resources primitive class=ocf id=test1 provider=pacemaker type=Dummy/ primitive class=ocf id=test2 provider=pacemaker type=Dummy/ primitive class=ocf id=test3 provider=pacemaker type=Dummy/ /resources constraints rsc_colocation id=test2_with_test1 rsc=test2 score=100 with-rsc=test1/ rsc_order first=test2 id=test3_after_test2 score=200 then=test3/ /constraints /configuration /cib /diff-added /diff If we can somehow generate such a file it can be easily applied like this: cibadmin --patch --xml-file=patch.xml You can also use crm_diff to apply xml patches manually. I think, that for TripleO if you want import precreated configuration XML is a way to go. You will not depend on any python wrappers like pcs and crm and will be able to create any possible configuration. XML allows use of XSLT transformations if you are creative enough of can be just generated by template or written manually. 2014-06-20 0:03 GMT+04:00 Mike Scherbakov mscherba...@mirantis.com: Anything we can take out of here for our HA fixes? May be we want to participate in the thread? -- Forwarded message -- From: Howley, Tom tom.how...@hp.com Date: Wed, Jun 18, 2014 at 1:31 PM Subject: Re: [openstack-dev] [TripleO] pacemaker management tools To: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.org Jan/Adam, Is cibadmin available in the different distros? This can be used to update the CIB based on XML description of full pacemaker config. I have used this on ubuntu in the past and found it more reliable than using crm commands for automated deployment/configuration of pacemaker clusters. It also has patch facility, which I haven't used. I wouldn't have assumed that the pacemaker config needed to be a static file baked into an image. If cibadmin is an option, the different elements requiring pacemaker control could supply their relevant XML snippets (based off config values supplied via heat) and a pacemaker/pacemaker-config element could apply those XML configs to the running cluster (with checks for resource naming clashes, etc.) Does that sound like a possible approach? Tom -Original
Re: [openstack-dev] [Oslo] Translating log and exception messages in Oslo libraries
Mark McLoughlin mar...@redhat.com writes: Hi I'm not sure we've ever discussed this before, but I had previously figured that we shouldn't translate log and exception messages in oslo.messaging. My thinking is: - it seems like an odd thing for a library to do, I don't know of examples of other libraries doing this .. but I haven't gone looking - it involves a dependency on oslo.i18n - more than just marking strings for translation and using gettextutils, you also need to set up the infrastructure for pushing the .pot files to transifex, pulling the .po files from .transifex and installing the .mo files at install time In addition, you will have a fun time when people submit their logs to you in a language you cannot understand :) You can of course map the log back to the English string via the .po file, but it's an extra step to go through when someone asks for help. -- Martin Geisler http://google.com/+MartinGeisler pgpxn5XA_IOxa.pgp Description: PGP signature ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Oslo] Translating log and exception messages in Oslo libraries
On Fri, Jun 20, 2014 at 9:09 AM, Martin Geisler mar...@geisler.net wrote: Mark McLoughlin mar...@redhat.com writes: Hi I'm not sure we've ever discussed this before, but I had previously figured that we shouldn't translate log and exception messages in oslo.messaging. My thinking is: - it seems like an odd thing for a library to do, I don't know of examples of other libraries doing this .. but I haven't gone looking - it involves a dependency on oslo.i18n - more than just marking strings for translation and using gettextutils, you also need to set up the infrastructure for pushing the .pot files to transifex, pulling the .po files from .transifex and installing the .mo files at install time In addition, you will have a fun time when people submit their logs to you in a language you cannot understand :) You can of course map the log back to the English string via the .po file, but it's an extra step to go through when someone asks for help. When combined with the lazy translation flag, it's possible to log in as many languages as you like. That means you can have separate logs in English and $your_language to cover the cases of non-native log reader, searching online, and asking for help on the mailing lists. Doug -- Martin Geisler http://google.com/+MartinGeisler ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Oslo] Translating log and exception messages in Oslo libraries
On Fri, Jun 20, 2014 at 8:40 AM, Mark McLoughlin mar...@redhat.com wrote: Hi I'm not sure we've ever discussed this before, but I had previously figured that we shouldn't translate log and exception messages in oslo.messaging. My thinking is: - it seems like an odd thing for a library to do, I don't know of examples of other libraries doing this .. but I haven't gone looking - it involves a dependency on oslo.i18n - more than just marking strings for translation and using gettextutils, you also need to set up the infrastructure for pushing the .pot files to transifex, pulling the .po files from .transifex and installing the .mo files at install time I don't feel terribly strongly about this except that unless someone is willing to see this through and do the transifex and install-time work, we shouldn't be doing the use-oslo.i18n and mark-strings-for-translation work. I had thought we would do all of the oslo libraries, since so many of the log messages actually come from library code. I think Andreas has already set up most of the infrastructure needed to make the translation jobs work. We haven't done a great job of communicating the plan on log translations, and I'm currently looking for someone from the i18n team to step forward to be the point of contact on that work. Doug Mark. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Neutron][LBaaS] Great Mid-cycle Sprint
+1 Thanks everyone for great coloboration and special thanks for Mark McClain and Kyle Mestery. Here are some pics of folks in action :) https://drive.google.com/?usp=chrome_app#folders/0B8EPhPStLpV4ZGJnbkdMZmFBR2s Thanks, Vivek From: Stephen Balukoff sbaluk...@bluebox.netmailto:sbaluk...@bluebox.net Reply-To: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.orgmailto:openstack-dev@lists.openstack.org Date: Friday, June 20, 2014 at 5:36 AM To: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.orgmailto:openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] [Neutron][LBaaS] Great Mid-cycle Sprint +1 to what Brandon just said. :) Seriously, though-- this week was nothing short of amazing! It's great to have such a wonderful team to work with, eh! And yes-- special thanks to Mark McClain and Kyle Mestery for being willing to come out and work so hard with us to make so much progress in such little time. LBaaS in Juno is going to kick ass! Stephen On Thu, Jun 19, 2014 at 9:17 PM, Brandon Logan brandon.lo...@rackspace.commailto:brandon.lo...@rackspace.com wrote: Greetings all, I'd like to thank everyone who attended the LBaaS mid-cyle sprint for taking the time and effort to make the trip to San Antonio. This was a very productive sprint in all forms: direction, consensus, blueprints, documentation, and of course code. It was just great to be able to get so much done and have a clearer idea on the direction this project is headed. I'd like to especially thank Kyle Mestery and Mark Mcclain for taking the time out of their busy schedules to direct, teach, and giving us help where and when we needed. The fact that they managed to have the patience for three full days of this is just amazing. Actually, them having the patience over the last few months and still willing to help is just short of miraculous. Thanks again guys, you are great! I look forward to continuing to work with everyone on this and other projects. We've got a lot to do but we'll be able to accomplish everything we want if we continue to work together. Thanks again to all involved! Brandon ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.orgmailto:OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Stephen Balukoff Blue Box Group, LLC (800)613-4305 x807 ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [Fuel] Bug squashing day on Tu, 24th of June
Fuelers, we need to group and enforce bug squashing activities on Tuesday, as discussed on IRC meeting this Thursday [1]. Feel free to do bug triaging first on Monday if needed. We have lots of bugs, and to meet quality criteria for the release we really need this. Every dedicated Fuel developer should stop all other activities and dedicate this day to bugs only. Follow instructions from last bug squashing day [2]. Among other bugs, please give the higher priority to those with customer-found tag. Please, use #fuel-dev for synchronization. I'll be on vacation, but I'll let Dmitry Borodaenko to lead all bugs related activities, he is Bug Master for this release :) [1] http://eavesdrop.openstack.org/meetings/fuel/2014/fuel.2014-06-19-16.00.log.html [2] http://lists.openstack.org/pipermail/openstack-dev/2014-June/037746.html Thanks, -- Mike Scherbakov #mihgen ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Neutron][LBaaS] and [Octavia] haproxy-1.5.0 is out
Alright!!! I'll get to reworking the TLS support bp that didn't get too much attention. This is fantastic news, thanks for sharing! From: Stephen Balukoff [sbaluk...@bluebox.net] Sent: Friday, June 20, 2014 8:01 AM To: OpenStack Development Mailing List (not for usage questions) Subject: [openstack-dev] [Neutron][LBaaS] and [Octavia] haproxy-1.5.0 is out The wait is over on this one! -- Forwarded message -- From: Willy Tarreau w...@1wt.eumailto:w...@1wt.eu Date: Thu, Jun 19, 2014 at 12:54 PM Subject: [ANNOUNCE] haproxy-1.5.0 To: hapr...@formilux.orgmailto:hapr...@formilux.org Hi everyone, The list has been unusually silent today, just as if everyone was waiting for something to happen :-) Today is a great day, the reward of 4 years of hard work. I'm announcing the release of HAProxy 1.5.0. For people who don't follow the development versions, here are the most noticeable features that 1.5 brings over 1.4 : - native SSL support on both sides with SNI/NPN/ALPN and OCSP stapling. - IPv6 and UNIX sockets are supported everywhere - end-to-end HTTP keep-alive for better support of NTLM and improved efficiency in static farms - HTTP/1.1 response compression (deflate, gzip) to save bandwidth - PROXY protocol versions 1 and 2 on both sides - data sampling on everything in request or response, including payload - ACLs can use any matching method with any input sample - maps and dynamic ACLs updatable from the CLI - stick-tables support counters to track activity on any input sample - custom format for logs, unique-id, header rewriting, and redirects - improved health checks (SSL, scripted TCP, check agent, ...) - much more scalable configuration supports hundreds of thousands of backends and certificates without sweating Since dev26, a few bugs were fixed, and some low-importance things were integrated. Basic OCSP stapling support from Dirkjan and Emeric was finally merged. Sasha's header replace actions were merged as well. I've added a few more info in the stats page (avg response times) and CSV output (health check status), added support for PROXY v2 on the accept side, and added the capture action on tcp-request in order to log contents such as SNI or payload. Rémi's dh-param was finally integrated. People love numbers, so here are a few : From 1.4.0 to 1.5.0, we had : - 1574 calendar days (4 yr 3 mon) - 26 development versions (one every 2 months on average) - 540 bugs fixed (387 added during 1.5, 153 affecting 1.4 as well) - 2549 commits - 683 unique commit dates (at least this many days worked) - up to 24 commits per day - 69712 lines removed, 122279 lines added - many extremely useful bug reports (too many to list) - 73 code/doc contributors : Adrian Bridgett, Alex Davies, Aman Gupta, Andreas Kohn, Apollon Oikonomopoulos, Arnaud Cornet, Baptiste Assmann, Bertrand Jacquin, Bhaskar Maddala, Conrad Hoffmann, Cyril Bonté, Daniel Schultze, David BERARD, David Cournapeau, David S, David du Colombier, Delta Yeh, Dirkjan Bussink, Dmitry Sivachenko, Emeric Brun, Emmanuel Hocdet, Evan Broder, Finn Arne Gangstad, Gabor Lekeny, Geoff Bucar, Wei Zhao, Guillaume Castagnino, Guillaume de Lafond, Hervé COMMOWICK, Hiroaki Nakamura, James Voth, Jamie Gloudon, Jarno Huuskonen, Joe Williams, Joshua M. Clulow, Julien Vehent, Justin Karneges, Kevin Hester, Kevin Musker, Kristoffer Grönlund, Krzysztof Piotr Oledzki, Lukas Tribus, Marc-Antoine Perennou, Mark Lamourine, Mathieu Trudel, Michael Scherer, Neil Prockter, Nenad Merdanovic, Nick Chalk, Olivier Burgard, Oskar Stolc, Patrick Mézard, Pieter Baauw, Prach Pongpanich, Rauf Kuliyev, Remi Gacogne, Sagi Bashari, Sasha Pachev, Sean Carey, Sergiy Prykhodko, Simon Horman, Simone Gotti, Stathis Voukelatos, Tait Clarridge, Thierry Fournier, Todd Lyons, Vincent Bernat, William Lallemand, William Turner, Willy Tarreau, Yuxans Yao, Yves Lafon. Additionally, we are very thankful to a few organisations who have sponsored the development of certain advanced features which required to dedicate a person or a team for a significant amount of time (I hope I have not missed any) : - HAProxy Technologies (formerly Exceliance) - Loadbalancer.org - StackOverflow - SmartFile - SmugMug - ImageShack Don't forget to offer a beer to your distro packagers who make your life easier. It's hard to list them all, but if you don't build from sources, you're likely running a package made and maintained by one of these people : - debian: Vincent Bernat, Apollon Oikonomopoulos, Prach Pongpanich - Fedora: Ryan O'hara - OpenSuSE: Marcus Rückert - other? just report yourself! And last, I'd like to assign a special mention to our most active mailing list supporters during that period who make the project a reality by off- loading the support task from developers, and kindly help our 800 permanent subscribers on a daily basis, BIG THANKS to
[openstack-dev] [nova] Usage of _L?() translation functions
I read a doc on this the other day, but for the life of me I can't remember where. It's relevant to this review: https://review.openstack.org/#/c/97612/18/nova/virt/vmwareapi/volumeops.py If anybody knowledgeable could give this a glance I'd be grateful. I'd like to know I'm not giving duff advice. Thanks, Matt -- Matthew Booth Red Hat Engineering, Virtualisation Team Phone: +442070094448 (UK) GPG ID: D33C3490 GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490 ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [nova] Usage of _L?() translation functions
Hi Matt, Is it perhaps this one you're looking for: https://wiki.openstack.org/wiki/LoggingStandards#Guidelines -Erno -Original Message- From: Matthew Booth [mailto:mbo...@redhat.com] Sent: 20 June 2014 14:46 To: OpenStack Development Mailing List (not for usage questions) Subject: [openstack-dev] [nova] Usage of _L?() translation functions I read a doc on this the other day, but for the life of me I can't remember where. It's relevant to this review: https://review.openstack.org/#/c/97612/18/nova/virt/vmwareapi/volumeo ps.py If anybody knowledgeable could give this a glance I'd be grateful. I'd like to know I'm not giving duff advice. Thanks, Matt -- Matthew Booth Red Hat Engineering, Virtualisation Team Phone: +442070094448 (UK) GPG ID: D33C3490 GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490 ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [Horizon][RBAC] Approach to eliminate hard-coded checks based on roles
Hello everyone, Today, Horizon protect its resources (views, Dashboards or Panels) using a hard-coded approach, restricting on code the access to users having determined roles (like Admin). This problem was already addressed in this bug: https://bugs.launchpad.net/horizon/+bug/1226627 In an attempt to flexibilize the RBAC control over Horizon resources, I designed an approach that involves the creation of a (temporary) Horizon's policy file. This file receives rules to protect every resource, controlling the access on Horizon and has the flexibility for cloud-providers to edit these rules and add the checks over the roles that best meet their needs. A POC of this approach was sent to Gerrit as WIP, so you may evaluate the viability of the approach. It's avaliable on the review link below. I'd like you to take a look and send some feedback. If it seems viable to you guys, I'll write a blueprint (or spec) to address this change. https://review.openstack.org/#/c/99446/ Thanks, -- Thiago Paiva Brito Software Engineer Advanced OpenStack Brazil Team ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] 答复: [Heat] fine grained quotas
I started to type the same response as Duncan last night, and I do have the same concern. The fine grained quotas in nova, for instance, can be used to measure potential use of the whole system _exactly_. You can give a bit more to one tenant while you're building out your infrastructure for more tenants to come on board at the lower quotas and know that the one more demanding tenant will still be happy. But how much RAM does it cost to have 1000 stacks creating all at once? How much CPU does it cost? Those are not really 1:1 correlated, and so I also question whether one can really use these quotas to do such fine grained planning. Excerpts from Duncan Thomas's message of 2014-06-20 05:12:44 -0700: There's a maintenance and testing cost to the added complexity, and as far as I can tell, no solid use-case. Under what circumstance would a cloud provider want different limits for different tenants? What concrete problem does it solve? On 20 June 2014 04:35, Huangtianhua huangtian...@huawei.com wrote: Hi, Clint, Thank you for your comments on my BP and code! The BP I proposed is all about putting dynamic, admin-configurable limitations on stack number per tenant and stack complexity. Therefore, you can consider my BP as an extension to your config file-based limitation mechanism. If the admin does not want to configure fined-grained, tenant-specific limits, the values in config become the defalut values of those limits. And just like only an Admin can config the limit items in the config file, the limit update and delete APIs I proposed are also Admin-only. Therefore, users can not set those values by themselves to break the anti-DoS capability you mentioned. The reason I want to introduce the APIs and the dynamic configurable capability to those limits mainly lies in that, since various tenants have various underlying resource quota, and even various template/stack complexity requirements, I think a global, static-configured limitation mechanism could be refined to echo user requirements better. Your idea? By the way, I do think that, the DoS problem is interesting in Heat. Can we have more discussion on that? Thanks again! -邮件原件- 发件人: Clint Byrum [mailto:cl...@fewbar.com] 发送时间: 2014年6月20日 6:33 收件人: openstack-dev 主题: Re: [openstack-dev] [Heat] fine grained quotas Excerpts from Randall Burt's message of 2014-06-19 15:21:14 -0700: On Jun 19, 2014, at 4:17 PM, Clint Byrum cl...@fewbar.com wrote: I was made aware of the following blueprint today: http://blueprints.launchpad.net/heat/+spec/add-quota-api-for-heat http://review.openstack.org/#/c/96696/14 Before this goes much further.. I want to suggest that this work be cancelled, even though the code looks excellent. The reason those limits are in the config file is that these are not billable items and they have a _tiny_ footprint in comparison to the physical resources they will allocate in Nova/Cinder/Neutron/etc. IMO we don't need fine grained quotas in Heat because everything the user will create with these templates will cost them and have its own quota system. The limits (which I added) are entirely to prevent a DoS of the engine. What's more, I don't think this is something we should expose via API other than to perhaps query what those quota values are. It is possible that some provider would want to bill on number of stacks, etc (I personally agree with Clint here), it seems that is something that could/should be handled external to Heat itself. Far be it from any of us to dictate a single business model. However, Heat is a tool which encourages consumption of billable resources by making it easier to tie them together. This is why FedEx gives away envelopes and will come pick up your packages for free. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [nova] Usage of _L?() translation functions
We have additional details in this review for the oslo.i18n documentation: https://review.openstack.org/#/c/96961/ On Fri, Jun 20, 2014 at 9:50 AM, Kuvaja, Erno kuv...@hp.com wrote: Hi Matt, Is it perhaps this one you're looking for: https://wiki.openstack.org/wiki/LoggingStandards#Guidelines -Erno -Original Message- From: Matthew Booth [mailto:mbo...@redhat.com] Sent: 20 June 2014 14:46 To: OpenStack Development Mailing List (not for usage questions) Subject: [openstack-dev] [nova] Usage of _L?() translation functions I read a doc on this the other day, but for the life of me I can't remember where. It's relevant to this review: https://review.openstack.org/#/c/97612/18/nova/virt/vmwareapi/volumeo ps.py If anybody knowledgeable could give this a glance I'd be grateful. I'd like to know I'm not giving duff advice. Thanks, Matt -- Matthew Booth Red Hat Engineering, Virtualisation Team Phone: +442070094448 (UK) GPG ID: D33C3490 GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490 ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Openstack] [Nova] How to confirm I have the right database schema when checkout to another branch?
You need to remove the old .pyc files in the migrate_repo/versions directory. I have an alias in my .gitconfig to allow me to checkout a branch and delete pycs in one command: [alias] cc = !TOP=$(git rev-parse --show-toplevel); find $TOP -name '*.pyc' -delete; git-checkout” so i can do: git cc some-branch Vish On Jun 11, 2014, at 7:54 PM, 严超 yanchao...@gmail.com wrote: Hi, All: When I checkout nova to another branch. how to confirm I have the right database schema ? When I run nova-manage db sync, I've got below error: 2014-06-11 22:53:27.977 CRITICAL nova [-] KeyError: VerNum(242) 2014-06-11 22:53:27.977 TRACE nova Traceback (most recent call last): 2014-06-11 22:53:27.977 TRACE nova File /usr/local/bin/nova-manage, line 10, in module 2014-06-11 22:53:27.977 TRACE nova sys.exit(main()) 2014-06-11 22:53:27.977 TRACE nova File /opt/stack/nova/nova/cmd/manage.py, line 1376, in main 2014-06-11 22:53:27.977 TRACE nova ret = fn(*fn_args, **fn_kwargs) 2014-06-11 22:53:27.977 TRACE nova File /opt/stack/nova/nova/cmd/manage.py, line 885, in sync 2014-06-11 22:53:27.977 TRACE nova return migration.db_sync(version) 2014-06-11 22:53:27.977 TRACE nova File /opt/stack/nova/nova/db/migration.py, line 32, in db_sync 2014-06-11 22:53:27.977 TRACE nova return IMPL.db_sync(version=version) 2014-06-11 22:53:27.977 TRACE nova File /opt/stack/nova/nova/db/sqlalchemy/migration.py, line 44, in db_sync 2014-06-11 22:53:27.977 TRACE nova return versioning_api.upgrade(get_engine(), repository, version) 2014-06-11 22:53:27.977 TRACE nova File /usr/local/lib/python2.7/dist-packages/migrate/versioning/api.py, line 186, in upgrade 2014-06-11 22:53:27.977 TRACE nova return _migrate(url, repository, version, upgrade=True, err=err, **opts) 2014-06-11 22:53:27.977 TRACE nova File string, line 2, in _migrate 2014-06-11 22:53:27.977 TRACE nova File /usr/local/lib/python2.7/dist-packages/migrate/versioning/util/__init__.py, line 160, in with_engine 2014-06-11 22:53:27.977 TRACE nova return f(*a, **kw) 2014-06-11 22:53:27.977 TRACE nova File /usr/local/lib/python2.7/dist-packages/migrate/versioning/api.py, line 345, in _migrate 2014-06-11 22:53:27.977 TRACE nova changeset = schema.changeset(version) 2014-06-11 22:53:27.977 TRACE nova File /usr/local/lib/python2.7/dist-packages/migrate/versioning/schema.py, line 82, in changeset 2014-06-11 22:53:27.977 TRACE nova changeset = self.repository.changeset(database, start_ver, version) 2014-06-11 22:53:27.977 TRACE nova File /usr/local/lib/python2.7/dist-packages/migrate/versioning/repository.py, line 225, in changeset 2014-06-11 22:53:27.977 TRACE nova changes = [self.version(v).script(database, op) for v in versions] 2014-06-11 22:53:27.977 TRACE nova File /usr/local/lib/python2.7/dist-packages/migrate/versioning/repository.py, line 189, in version 2014-06-11 22:53:27.977 TRACE nova return self.versions.version(*p, **k) 2014-06-11 22:53:27.977 TRACE nova File /usr/local/lib/python2.7/dist-packages/migrate/versioning/version.py, line 173, in version 2014-06-11 22:53:27.977 TRACE nova return self.versions[VerNum(vernum)] 2014-06-11 22:53:27.977 TRACE nova KeyError: VerNum(242) 2014-06-11 22:53:27.977 TRACE nova Best Regards! Chao Yan -- My twitter:Andy Yan @yanchao727 My Weibo:http://weibo.com/herewearenow -- ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openst...@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack signature.asc Description: Message signed with OpenPGP using GPGMail ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [nova] fastest way to run individual tests ?
This isn’t an officially supported method, but i tend to use: python -m nova.openstack.common.lockutils nosetests test for example: python -m nova.openstack.common.lockutils nosetests nova.tests.integrated.test_api_samples:CloudPipeSampleJsonTest.test_cloud_pipe_create I think this is a little bit less flexible than testtools run but old habits. Vish On Jun 12, 2014, at 3:59 AM, Daniel P. Berrange berra...@redhat.com wrote: When in the middle of developing code for nova I'll typically not wish to the run the entire Nova test suite every time I have a bit of code to verify. I'll just want to run the single test case that deals with the code I'm hacking on. I'm currently writing a 'test_hardware.py' test case for the NUMA work I'm dealing with. I can run that using 'run_tests.sh' or 'tox' by just passing the name of the test case. The test case in question takes a tiny fraction of a second to run, but the tox command above wastes 32 seconds faffing about before it runs the test itself, while run_tests.sh is not much better wasting 22 seconds. # tox -e py27 tests.virt.test_hardware ...snip... real0m32.923s user0m22.083s sys 0m4.377s # time ./run_tests.sh tests.virt.test_hardware ...snip... real0m22.075s user0m14.282s sys 0m1.407s This is a really severe time penalty to incurr each time I want to run this tiny test (which is very frequently during dev). Does anyone have any tip on how to actually run individual tests in an efficient manner. ie something that adds no more than 1 second penalty over above the time to run the test itself. NB, assume that i've primed the virtual env with all prerequisite deps already. Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev signature.asc Description: Message signed with OpenPGP using GPGMail ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [OSSG][OSSN] Session-fixation vulnerability in Horizon when using the default signed cookie sessions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Session-fixation vulnerability in Horizon when using the default signed cookie sessions - --- ### Summary ### The default setting in Horizon is to use signed cookies to store session state on the client side. This creates the possibility that if an attacker is able to capture a user's cookie, they may perform all actions as that user, even if the user has logged out. ### Affected Services / Software ### Horizon, Folsom, Grizzly, Havana, Icehouse ### Discussion ### When configured to use client side sessions, the server isn't aware of the user's login state. The OpenStack authorization tokens are stored in the session ID in the cookie. If an attacker can steal the cookie, they can perform all actions as the target user, even after the user has logged out. There are several ways attackers can steal the cookie. One example is by intercepting it over the wire if Horizon is not configured to use SSL. The attacker may also access the cookie from the filesystem if they have access to the machine. There are also other ways to steal cookies that are beyond the scope of this note. By enabling a server side session tracking solution such as memcache, the session is terminated when the user logs out. This prevents an attacker from using cookies from terminated sessions. It should be noted that Horizon does request that Keystone invalidate the token upon user logout, but this has not been implemented for the Identity API v3. Token invalidation may also fail if the Keystone service is unavailable. Therefore, to ensure that sessions are not usable after the user logs out, it is recommended to use server side session tracking. ### Recommended Actions ### It is recommended that you configure Horizon to use a different session backend rather than signed cookies. One possible alternative is to use memcache sessions. To check if you are using signed cookies, look for this line in Horizon's local_settings.py - --- begin example local_settings.py snippet --- SESSION_ENGINE = 'django.contrib.sessions.backends.signed_cookies' - --- end example local_settings.py snippet --- If the SESSION_ENGINE is set to value other than 'django.contrib.sessions.backends.signed_cookies' this vulnerability is not present. If SESSION_ENGINE is not set in local_settings.py, check for it in settings.py. Here are the steps to configure memcache sessions: 1. Ensure the memcached service is running on your system 2. Ensure that python-memcached is installed 3. Configure memcached cache backend in local_settings.py - --- begin example local_settings.py snippet --- CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': '127.0.0.1:11211', } } - --- end example local_settings.py snippet --- Make sure to use the actual IP and port of the memcached service. 4. Add a line in local_settings.py to use the cache backend: - --- begin example local_settings.py snippet --- SESSION_ENGINE = 'django.contrib.sessions.backends.cache' - --- end example local_settings.py snippet --- 5. Restart Horizon's webserver service (typically 'apache2' or httpd') Furthermore, you should always enable SSL for Horizon to help mitigate such attack scenarios. Please note that regardless of which session backend is used, if the cookie is compromised, an attacker may assume all privileges of the user for as long as their session is valid. ### Contacts / References ### This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0017 Original LaunchPad Bug : https://bugs.launchpad.net/horizon/+bug/1327425 OpenStack Security ML : openstack-secur...@lists.openstack.org OpenStack Security Group : https://launchpad.net/~openstack-ossg Further discussion of the issue: http://www.pabloendres.com/horizon-and-cookies/#comment-115 Django docs: https://docs.djangoproject.com/en/1.6/ref/settings/ https://docs.djangoproject.com/en/1.6/topics/http/sessions/#configuring-sessions -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTpFQ7AAoJEJa+6E7Ri+EVuO8IAJvfqVZOHaC0zWwpQiaHBnLg RCtlUdSQgPR/wLhWsKjOK9swMC0ajue8hwDKuo4bzpzTEHkC0hswCTkcENaxO0f5 7uZisx/FYtdvD+IqoRjOaS23klyNOe8xTwbitsDCqgEZUyLJPAzgN+KiAwcXaoQC UyAOMuRZgywKjGQDLGPiUrR2ug604FBmfxzywvE3iiCaNi/+4vdcHSr9wyNtzKDH g9zM861eCbDfDP9rUzpPytNVt5H5QXLGrUl9/+M6BN2a13RpC5dRxQfP5OlgYlSy 3LiqSogFn5naC/eF7rR/kFVKfgf7FN0e9zS9ZSqFfXevZSAIY9cEP7E0V5XtyfY= =FDu2 -END PGP SIGNATURE- ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [nova] locked instances and snaphot
On 06/18/2014 07:43 PM, Duncan Thomas wrote: Duncan Thomas On Jun 18, 2014 9:51 PM, Jay Pipes jaypi...@gmail.com mailto:jaypi...@gmail.com wrote: VMs should be cattle, not pets, but yes, a locked instance should be able to be snapshotted, for sure, IMO. Shooting all your cattle by accident is bad y'know, and you're a cattle farmer will probably put you out of business... You are missing the point on this Duncan :) The point of treating VMs as cattle and not pets is that you don't care about any particular VM... they can be killed and respun and the architecture of the application -- i.e. the way you handle state, load balancing, replication of block data, etc -- is designed to handle such failures. We should not be catering our roadmap to features designed to treat customers like little children that constantly need to be watched over, IMO. The effort you've put into raising them has a none-zero cost, and if you keep using them for target practice then some other farmer is going to be selling cheaper beef than you... Actually, raising them has a close-to-zero cost in a utility cloud model, which is the point of it all... Best, -jay ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Horizon] Quick Survey: Horizon Mid-Cycle Meetup
On 6/20/14, 6:24 AM, Radomir Dopieralski openst...@sheep.art.pl wrote: On 20/06/14 13:56, Jaromir Coufal wrote: On 2014/19/06 09:58, Matthias Runge wrote: On Wed, Jun 18, 2014 at 10:55:59AM +0200, Jaromir Coufal wrote: My quick questions are: * Who would be interested (and able) to get to the meeting? * What topics do we want to discuss? https://etherpad.openstack.org/p/horizon-juno-meetup Thanks for bringing this up! Do we really have items to discuss, where it needs a meeting in person? Matthias I am not sure TBH, that's why I added also the Topic section to figure out if there is something what needs to be discussed. Though I don't see much interest yet. Apart from the split, I also work on configuration files rework, which could benefit from discussion, but i think it's better done here or on the wiki/etherpad, as that leaves tangible traces. I will post a detailed e-mail in a few days. Other than that, I don't see a compelling reason to organize it. -- Radomir Dopieralski I don¹t think the split warrants a mid-cycle meetup. A topic that would benefit from several people being in the room is client side architecture, but I¹m not entirely sure we¹re ready to work through that yet, and the dates are a little aggressive. If we have interest in that, we could look to a slightly later date. David ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Congress] Error running scripts/run_api_server
Hi Madhu, That script is a legacy holdover from a proof-of-concept done some time back. Since that time, we have refined the policy and API designs, and should have the new code ready for testing in the next couple of days. - Peter From: Madhu Mohan Nelemane snmoha...@gmail.commailto:snmoha...@gmail.com Reply-To: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.orgmailto:openstack-dev@lists.openstack.org Date: Thursday, June 19, 2014 at 11:03 PM To: openstack-dev@lists.openstack.orgmailto:openstack-dev@lists.openstack.org openstack-dev@lists.openstack.orgmailto:openstack-dev@lists.openstack.org Subject: [openstack-dev] [Congress] Error running scripts/run_api_server Hi, I recently cloned the latest Congress source code and tried to run unit-tests on my Ubuntu PC. Using scripts/run_api_server, I found this following error: Jun 20 11:28:11|0|__main__|INFO|Starting congress server Traceback (most recent call last): File /usr/lib/python2.7/dist-packages/eventlet/greenpool.py, line 80, in _spawn_n_impl func(*args, **kwargs) File server.py, line 82, in ad_update_thread ad_model.update_from_ad() # XXX: blocks eventlet File /home/madhu/Project/policyFW/congress/congress/server/ad_sync.py, line 72, in update_from_ad l.simple_bind_s(BIND_USER, BIND_PW) File /usr/lib/python2.7/dist-packages/ldap/ldapobject.py, line 206, in simple_bind_s msgid = self.simple_bind(who,cred,serverctrls,clientctrls) File /usr/lib/python2.7/dist-packages/ldap/ldapobject.py, line 200, in simple_bind return self._ldap_call(self._l.simple_bind,who,cred,EncodeControlTuples(serverctrls),EncodeControlTuples(clientctrls)) File /usr/lib/python2.7/dist-packages/ldap/ldapobject.py, line 96, in _ldap_call result = func(*args,**kwargs) SERVER_DOWN: {'desc': Can't contact LDAP server} (5065) wsgi starting up on http://0.0.0.0:8080/https://urldefense.proofpoint.com/v1/url?u=http://0.0.0.0:8080/k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0Ar=mYent%2BmR7V0sa7RY7M%2BpYzKVM7VyHMp6E0xzex5gq%2Fk%3D%0Am=8TV%2BidBe1PGhPV6HDsWP1kAFjFUfm6tiNH45mjDGKTM%3D%0As=60b96fe30d991c8587c532155fad983594a5d43f2654e9e8d5e82cb74edff9dd Does other guys face this error too ? Am i missing any prerequisite to run the congress unit-test ? make was successful and had no issues. Please suggest a way to proceed further. Thanks and Regards, Madhu Mohan ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Fuel] [OSTF] OSTF stops working after password is changed
The openrc file has to be up to date for some of the HA scripts to work, we could just source that. On Fri, Jun 20, 2014 at 12:12 AM, Sergii Golovatiuk sgolovat...@mirantis.com wrote: +1 for #2. ~Sergii On Fri, Jun 20, 2014 at 1:21 AM, Andrey Danin ada...@mirantis.com wrote: +1 to Mike. Let the user provide actual credentials and use them in place. On Fri, Jun 20, 2014 at 2:01 AM, Mike Scherbakov mscherba...@mirantis.com wrote: I'm in favor of #2. I think users might not want to have their password stored in Fuel Master node. And if so, then it actually means we should not save it when user provides it on HealthCheck tab. On Thu, Jun 19, 2014 at 8:05 PM, Vitaly Kramskikh vkramsk...@mirantis.com wrote: Hi folks, We have a bug which prevents OSTF from working if user changes a password which was using for the initial installation. I skimmed through the comments and it seems there are 2 viable options: Create a separate user just for OSTF during OpenStack installation Provide a field for a password in UI so user could provide actual password in case it was changed What do you guys think? Which options is better? -- Vitaly Kramskikh, Software Engineer, Mirantis, Inc. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Mike Scherbakov #mihgen ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Andrey Danin ada...@mirantis.com skype: gcon.monolake ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Andrew Mirantis Ceph community ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Neutron][LBaaS] Great Mid-cycle Sprint
+ 1 I was also very happy that Doug came – he was adding a much needed lb manufacturer perspective. Thanks to Rackspace and especially Brandon for hosting. This was a great event. And many thanks to Kyle and Mark for coming out and the great guidance they provided. Great to see you all – German From: Stephen Balukoff [mailto:sbaluk...@bluebox.net] Sent: Friday, June 20, 2014 5:37 AM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [Neutron][LBaaS] Great Mid-cycle Sprint +1 to what Brandon just said. :) Seriously, though-- this week was nothing short of amazing! It's great to have such a wonderful team to work with, eh! And yes-- special thanks to Mark McClain and Kyle Mestery for being willing to come out and work so hard with us to make so much progress in such little time. LBaaS in Juno is going to kick ass! Stephen On Thu, Jun 19, 2014 at 9:17 PM, Brandon Logan brandon.lo...@rackspace.commailto:brandon.lo...@rackspace.com wrote: Greetings all, I'd like to thank everyone who attended the LBaaS mid-cyle sprint for taking the time and effort to make the trip to San Antonio. This was a very productive sprint in all forms: direction, consensus, blueprints, documentation, and of course code. It was just great to be able to get so much done and have a clearer idea on the direction this project is headed. I'd like to especially thank Kyle Mestery and Mark Mcclain for taking the time out of their busy schedules to direct, teach, and giving us help where and when we needed. The fact that they managed to have the patience for three full days of this is just amazing. Actually, them having the patience over the last few months and still willing to help is just short of miraculous. Thanks again guys, you are great! I look forward to continuing to work with everyone on this and other projects. We've got a lot to do but we'll be able to accomplish everything we want if we continue to work together. Thanks again to all involved! Brandon ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.orgmailto:OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Stephen Balukoff Blue Box Group, LLC (800)613-4305 x807 ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [hacking] rules for removal
After seeing a bunch of code changes to enforce new hacking rules, I'd like to propose dropping some of the rules we have. The overall patch series is here - https://review.openstack.org/#/q/status:open+project:openstack-dev/hacking+branch:master+topic:be_less_silly,n,z H402 - 1 line doc strings should end in punctuation. The real statement is this should be a summary sentence. A sentence is not just a set of words that end in a period. Squirel fast bob. It's something deeper. This rule thus isn't really semantically useful, especially when you are talking about at 69 character maximum (79 - 4 space indent - 6 quote characters). H803 - First line of a commit message must *not* end in a period. This was mostly a response to an unreasonable core reviewer that was -1ing people for not having periods. I think any core reviewer that -1s for this either way should be thrown off the island, or at least made fun of, a lot. Again, the clarity of a commit message is not made or lost by the lack or existence of a period at the end of the first line. H305 - Enforcement of libraries fitting correctly into stdlib, 3rdparty, our tree. This biggest issue here is it's built in a world where there was only 1 viable python version, 2.7. Python's stdlib is actually pretty dynamic and grows over time. As we embrace more python 3, and as distros start to make python3 be front and center, what does this even mean? The current enforcement can't pass on both python2 and python3 at the same time in many cases because of that. We have to remember we're all humans, and it's ok to have grey space. Like in 305, you *should* group the libraries if you can, but stuff like that should be labeled as 'nit' in the review, and only ask the author to respin it if there are other more serious issues to be handled. Let's optimize a little more for fun, and stop throwing -1s for silly things. :) -Sean -- Sean Dague http://dague.net signature.asc Description: OpenPGP digital signature ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Fuel] Bug squashing day on Tu, 24th of June
Should we also have the 25th as review day so we can squish those down too? On Fri, Jun 20, 2014 at 6:30 AM, Mike Scherbakov mscherba...@mirantis.com wrote: Fuelers, we need to group and enforce bug squashing activities on Tuesday, as discussed on IRC meeting this Thursday [1]. Feel free to do bug triaging first on Monday if needed. We have lots of bugs, and to meet quality criteria for the release we really need this. Every dedicated Fuel developer should stop all other activities and dedicate this day to bugs only. Follow instructions from last bug squashing day [2]. Among other bugs, please give the higher priority to those with customer-found tag. Please, use #fuel-dev for synchronization. I'll be on vacation, but I'll let Dmitry Borodaenko to lead all bugs related activities, he is Bug Master for this release :) [1] http://eavesdrop.openstack.org/meetings/fuel/2014/fuel.2014-06-19-16.00.log.html [2] http://lists.openstack.org/pipermail/openstack-dev/2014-June/037746.html Thanks, -- Mike Scherbakov #mihgen ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Andrew Mirantis Ceph community ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [hacking] rules for removal
+1 across the board for this change. H803 is ignored by a large number of projects after a rather extensive conversation on the ML last year (as I recall). The other two changes seem quite reasonable. Cheers, Morgan — Morgan Fainberg From: Sean Dague s...@dague.net Reply: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.org Date: June 20, 2014 at 11:09:41 To: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.org Subject: [openstack-dev] [hacking] rules for removal After seeing a bunch of code changes to enforce new hacking rules, I'd like to propose dropping some of the rules we have. The overall patch series is here - https://review.openstack.org/#/q/status:open+project:openstack-dev/hacking+branch:master+topic:be_less_silly,n,z H402 - 1 line doc strings should end in punctuation. The real statement is this should be a summary sentence. A sentence is not just a set of words that end in a period. Squirel fast bob. It's something deeper. This rule thus isn't really semantically useful, especially when you are talking about at 69 character maximum (79 - 4 space indent - 6 quote characters). H803 - First line of a commit message must *not* end in a period. This was mostly a response to an unreasonable core reviewer that was -1ing people for not having periods. I think any core reviewer that -1s for this either way should be thrown off the island, or at least made fun of, a lot. Again, the clarity of a commit message is not made or lost by the lack or existence of a period at the end of the first line. H305 - Enforcement of libraries fitting correctly into stdlib, 3rdparty, our tree. This biggest issue here is it's built in a world where there was only 1 viable python version, 2.7. Python's stdlib is actually pretty dynamic and grows over time. As we embrace more python 3, and as distros start to make python3 be front and center, what does this even mean? The current enforcement can't pass on both python2 and python3 at the same time in many cases because of that. We have to remember we're all humans, and it's ok to have grey space. Like in 305, you *should* group the libraries if you can, but stuff like that should be labeled as 'nit' in the review, and only ask the author to respin it if there are other more serious issues to be handled. Let's optimize a little more for fun, and stop throwing -1s for silly things. :) -Sean -- Sean Dague http://dague.net ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [hacking] rules for removal
On Fri, Jun 20, 2014 at 11:07 AM, Sean Dague s...@dague.net wrote: After seeing a bunch of code changes to enforce new hacking rules, I'd like to propose dropping some of the rules we have. The overall patch series is here - https://review.openstack.org/#/q/status:open+project:openstack-dev/hacking+branch:master+topic:be_less_silly,n,z H402 - 1 line doc strings should end in punctuation. The real statement is this should be a summary sentence. A sentence is not just a set of words that end in a period. Squirel fast bob. It's something deeper. This rule thus isn't really semantically useful, especially when you are talking about at 69 character maximum (79 - 4 space indent - 6 quote characters). Thoughts on removing all pep257 (http://legacy.python.org/dev/peps/pep-0257/) things from hacking? If projects would still like to enforce it there is a flake8 extension for pep257 itself. H803 - First line of a commit message must *not* end in a period. This was mostly a response to an unreasonable core reviewer that was -1ing people for not having periods. I think any core reviewer that -1s for this either way should be thrown off the island, or at least made fun of, a lot. Again, the clarity of a commit message is not made or lost by the lack or existence of a period at the end of the first line. ++ for removing this, in general the git based rules are funny to enforce. As you can run 'tox -epep8' before a commit and everything will pass, then you write your commit message and now it will fail. H305 - Enforcement of libraries fitting correctly into stdlib, 3rdparty, our tree. This biggest issue here is it's built in a world where there was only 1 viable python version, 2.7. Python's stdlib is actually pretty dynamic and grows over time. As we embrace more python 3, and as distros start to make python3 be front and center, what does this even mean? The current enforcement can't pass on both python2 and python3 at the same time in many cases because of that. ++ Oh Python 2 vs. 3 For this one I think we should leave the rule in HACKING.rst but explicitly document it as a recommendation, and that python2 vs python3 makes this unenforceable. We have to remember we're all humans, and it's ok to have grey space. Like in 305, you *should* group the libraries if you can, but stuff like that should be labeled as 'nit' in the review, and only ask the author to respin it if there are other more serious issues to be handled. Let's optimize a little more for fun, and stop throwing -1s for silly things. :) -Sean -- Sean Dague http://dague.net ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] FIXED_RANGE and FLOATING_RANGE for simple localrc for DevStack
Suppose I want a simple localrc (e.g., it defaults to using flat DHCP nova networking) to use with DevStack on a machine that has a single NIC and is using IPv4 address 10.10.0.42 and netmask 255.255.0.0, and I know addresses 10.10.1.0--10.10.255.254 are unused. What would be reasonable working choices for FIXED_RANGE and FLOATING_RANGE? Thanks, Mike ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [TripleO] CI status update for this week
Not a great week for TripleO CI. We had 3 different failures related to: Nova [1]: we were using a deprecated config option Heat [2]: missing heat data obtained from the Heat CFN API Neutron [3]: a broken GRE overlay network setup The TripleO check jobs look to be running stable again today so if your patch had failures from earlier this week then recheck away (perhaps referencing one of these bugs if appropriate). The queue is fairly empty right now... Thanks for all the help in tracking these down and getting things fixed. [1] https://bugs.launchpad.net/tripleo/+bug/1292105 [2] https://bugs.launchpad.net/heat/+bug/1331720 [3] https://bugs.launchpad.net/tripleo/+bug/1292105 ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [hacking] rules for removal
On Fri, Jun 20, 2014 at 11:07 AM, Sean Dague s...@dague.net wrote: [snip] We have to remember we're all humans, and it's ok to have grey space. Like in 305, you *should* group the libraries if you can, but stuff like that should be labeled as 'nit' in the review, and only ask the author to respin it if there are other more serious issues to be handled. Let's optimize a little more for fun, and stop throwing -1s for silly things. :) +100 to this! Cheers, Devananda ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Fwd: Have you guys considered...
Speaking about the idea of running everything inside containers... First, this idea is no the new one and have been around for a very long time. People were running their services inside a simple chroot, then OpenVZ and now LXC containers with variable success. Usually the ideas behind this are following: - Isolation. Misbehaving or hacked service will not impact other services. - Granular maintenance. Services can be updated without accidentally messing other ones. - Personal environments. Each service can have it's own libraries, dependencies and environment if it's required. - Modular architecture. Each service can be thinked of as an application this application can be installed, upgraded, stopped, started and shared separately. Sometimes, such approach is used even without any form of containers: - Mac OS's Applications when programs are packed in special folders with everything they needs to run except basic system libraries and latest versions try to add sandbox as well. - Windows' Program Files has very close functions if used correctly. - Such linuces as http://nixos.org/ and http://crux.nu/ implement various ways to use filesystem as a package manger and make updates easy, reliable and able to be rolled back - something we desire too. - PC-BSD, pbi packages are also an example of containers without actual containerization. - Popular Python's and Ruby's virtualenv and rvm can be added to the end of this list too. There are some OSes that make running every application in it's own container the core of their design: - The CoreOS https://coreos.com/ is well-known to be a very good host for docker containers. It has minimal footprint and very convenient REST interface. We should really consider using it as a host system for a Fuel master node. - OSv http://osv.io/ goes much farther down the road of minimalisation of the containers by developing thei rown specialized kernel. Each instance can be thinked of as a wrapper around the application and the application should work without ability to fork and extensive file system. This containers can be deployed in a cloud in masse very fast. - There are also projects to use this approach on desktop with full-scale virtualization insead of containers as well http://qubes-os.org/ On the contrary traditional BSD and Linux approach is based upon having a single “tree” of software. All programs should use the same libraries as others, have no conflicts and work in a single filesystem namespace and can depend on each other. This approach have been around for a lot of years and has some advantages like saving disk space and ram by using same libraries or making a distribution to be consistent. Linux community have been mercilessly smiting everyone who ever said that this approach has it downsides like problems with adding and maintaining custom software and maintaining different library versions as well as dependency on upstream repository. Using containers can actually solve a lot of problems we have been having for a long time if done right especially for a complex system like OpenStack. We can have every service packaged as a pre-built container that can be just downloaded, extracted and started on a target node. Updates can just replace this container with newer version keeping the old one stored. We have already moved Fuel Master node to this architecture, but we have not done it the right way. Master system should be very thin and contain as little services and things to configure as possible to the point of only entering the IP address. And containers should be also very thin focused only on their job with small amount of configuration up to being stateless if possible. Such configuration would require very little configuration making configuration management tools like Puppet redundant. Everything should be already configured inside the container. By all means, we should go for a container based architecture for every OpenStack node, but we should not make it look like having many operating systems to administer on a single node instead of the only one. Containers are not like cheap VPS hosting where you can order you instance of CentOS inside an OpenVZ container and they should be thinked of as the applications not as the operating systems like instances that are started in the OpenStack cloud. Yes, it's a large paradigm shift but it's definitly worth it. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [Trove] BP meeting for Monday June 23 - configurable db plugins
Hey guys, Just a friendly reminder that we'll (re)review the configurable db plugins BP on Monday June 23rd. The spec is here: https://wiki.openstack.org/wiki/Trove/ConfigurableDBPlugins Please take a moment to review prior to our BP meeting if you have an interest in this topic. I've updated the BP agenda for the 23rd here: https://wiki.openstack.org/wiki/Meetings/TroveBPMeeting (Denis - I left your BP on the list as well). Thanks ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [TripleO] [Heat] Reminder: Mid-cycle Meetup - Attendance Confirmation
Any more takers for the tripleo mid-cycle meetup in Raleigh? If so, please sign up on the etherpad below. The hotel group room rate will be finalized on Monday Jul 23rd (US time), after that time you will be on your own for finding accommodation. Thanks Charles - Original Message - Hi all, I would like to remind you to sign up for mid-cycle meetup which is happening July 21-25 in Raleigh: * https://etherpad.openstack.org/p/juno-midcycle-meetup We need number of participants as soon as possible so that we can ask for group discount at the hotel. Also if we don't get rooms in one of these two hotels (see etherpad) the experience of accommodation is rapidly decreasing. Therefor I would like to ask everybody, if you can confirm your attendance as soon as possible. If you have any related question just let me know, I will be happy to help. Looking forward to seeing you all in Raleigh -- Jarda ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Neutron][ML2] Modular L2 agent architecture
Zang, thanks for your comments. I think what you are suggesting is perhaps orthogonal to having Resource and Agent drivers. By that I mean we can have what you are suggesting and keep the Resource and Agent drivers. The reason for having Resource drivers is to provide the means for possibly extending what an agent does in response to say changes to a port in a modular way. We can restrict the access to Resource drivers from the events loop only. That restriction is not there in the current model but would adding that address your concerns? What are your thoughts? As Salvatore has mentioned in his email in this thread, that is what the current OVS agent does wrt port updates. That is, the update to ports get processed from the events loop. As a separate but relevant issue, we can and should discuss whether having the Resource and Agent drivers is useful in making the agent more modular. The idea behind using these drivers is to have the agent use a collection of drivers rather than mixin classes so we can more easily select what (and how) functionalities an agent support and reuse as much as we can across L2 agents. Are there better ways of achieving this? Any thoughts? Best, Mohammad From: Zang MingJie zealot0...@gmail.com To: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.org, Date: 06/19/2014 06:27 AM Subject:Re: [openstack-dev] [Neutron][ML2] Modular L2 agent architecture Hi: I don't like the idea of ResourceDriver and AgentDriver. I suggested use a singleton worker thread to manager all underlying setup, so the driver should do nothing other than fire a update event to the worker. The worker thread may looks like this one: # the only variable store all local state which survives between different events, including lvm, fdb or whatever state = {} # loop forever while True: event = ev_queue.pop() if not event: sleep() # may be interrupted when new event comes continue origin_state = state new_state = event.merge_state(state) if event.is_ovsdb_changed(): if event.is_tunnel_changed(): setup_tunnel(new_state, old_state, event) if event.is_port_tags_changed(): setup_port_tags(new_state, old_state, event) if event.is_flow_changed(): if event.is_flow_table_1_changed(): setup_flow_table_1(new_state, old_state, event) if event.is_flow_table_2_changed(): setup_flow_table_2(new_state, old_state, event) if event.is_flow_table_3_changed(): setup_flow_table_3(new_state, old_state, event) if event.is_flow_table_4_changed(): setup_flow_table_4(new_state, old_state, event) if event.is_iptable_changed(): if event.is_iptable_nat_changed(): setup_iptable_nat(new_state, old_state, event) if event.is_iptable_filter_changed(): setup_iptable_filter(new_state, old_state, event) state = new_state when any part has been changed by a event, the corresponding setup_xxx function rebuild the whole part, then use the restore like `iptables-restore` or `ovs-ofctl replace-flows` to reset the whole part. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [Heat] Mid-cycle Heat meetup - confirmed dates
I am pleased to announce that I have booked the facilities required for the Heat mid-cycle meetup for Juno, as discussed at the Heat IRC meeting this week.[1] Therefore I can confirm that the meetup will be held: Monday 18th - Wednesday 20th August @ Red Hat Tower in Raleigh, North Carolina If you plan to attend, please sign up on the Etherpad here: https://etherpad.openstack.org/p/heat-juno-midcycle-meetup We may be able to get a block booking on a downtown Hotel; I will look into that next week when we have a firm idea of numbers. It goes without saying that we welcome all Heat developers. The focus will be on getting work done, not just planning, but of course we welcome developers from other projects who are interested in working with the Heat team too. cheers, Zane. [1] http://eavesdrop.openstack.org/meetings/heat/2014/heat.2014-06-18-20.00.html (Note that the dates were accidentally recorded incorrectly in the minutes.) ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [TripleO] CI status update for this week
- Original Message - Not a great week for TripleO CI. We had 3 different failures related to: Nova [1]: we were using a deprecated config option Heat [2]: missing heat data obtained from the Heat CFN API Neutron [3]: a broken GRE overlay network setup The last two are bugs, but is there anything tripleo can do about avoiding the first one in the future?: e.g. reviewing a list of deprecated options and seeing when they will be removed. do the integrated projects have a protocol for when an option is deprecated and at what point it can be removed? e.g. if I make something deprecated in icehouse I can remove it in juno, but if I make something deprecated at the start of juno I can't remove it at the end of juno? The TripleO check jobs look to be running stable again today so if your patch had failures from earlier this week then recheck away (perhaps referencing one of these bugs if appropriate). The queue is fairly empty right now... Thanks for all the help in tracking these down and getting things fixed. [1] https://bugs.launchpad.net/tripleo/+bug/1292105 I think [1] was meant to be https://bugs.launchpad.net/tripleo/+bug/1330735 [2] https://bugs.launchpad.net/heat/+bug/1331720 [3] https://bugs.launchpad.net/tripleo/+bug/1292105 ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [infra] Nominations for jenkins-job-builder core
Hi, The Jenkins Job Builder project (part of the Infrastructure program) is quite popular even outside of OpenStack and has a group of specialist core reviewers supplemental to the rest of the Infrastructure program. To that group I would like to add Darragh Bailey: https://review.openstack.org/#/q/reviewer:%22Darragh+Bailey%22+project:openstack-infra/jenkins-job-builder,n,z and Marc Abramowitz: https://review.openstack.org/#/q/reviewer:%22Marc+Abramowitz%22+project:openstack-infra/jenkins-job-builder,n,z Both have contributed significantly to the project and have a sustained record of reviews that show understanding of the project and development environment. Please feel free to respond with messages of support or concern, and if the consensus is in favor, we will add them to the core team next week. -Jim ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [TripleO] CI status update for this week
On Jun 20, 2014 1:52 PM, Charles Crouch ccro...@redhat.com wrote: - Original Message - Not a great week for TripleO CI. We had 3 different failures related to: Nova [1]: we were using a deprecated config option Heat [2]: missing heat data obtained from the Heat CFN API Neutron [3]: a broken GRE overlay network setup The last two are bugs, but is there anything tripleo can do about avoiding the first one in the future?: e.g. reviewing a list of deprecated options and seeing when they will be removed. ++ do the integrated projects have a protocol for when an option is deprecated and at what point it can be removed? e.g. if I make something deprecated in icehouse I can remove it in juno, but if I make something deprecated at the start of juno I can't remove it at the end of juno? That is exactly what we do, deprecate for one release. This was the removal of deprecated icehouse options patch. The TripleO check jobs look to be running stable again today so if your patch had failures from earlier this week then recheck away (perhaps referencing one of these bugs if appropriate). The queue is fairly empty right now... Thanks for all the help in tracking these down and getting things fixed. [1] https://bugs.launchpad.net/tripleo/+bug/1292105 I think [1] was meant to be https://bugs.launchpad.net/tripleo/+bug/1330735 [2] https://bugs.launchpad.net/heat/+bug/1331720 [3] https://bugs.launchpad.net/tripleo/+bug/1292105 ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [TripleO] CI status update for this week
- Original Message - On Jun 20, 2014 1:52 PM, Charles Crouch ccro...@redhat.com wrote: - Original Message - Not a great week for TripleO CI. We had 3 different failures related to: Nova [1]: we were using a deprecated config option Heat [2]: missing heat data obtained from the Heat CFN API Neutron [3]: a broken GRE overlay network setup The last two are bugs, but is there anything tripleo can do about avoiding the first one in the future?: e.g. reviewing a list of deprecated options and seeing when they will be removed. ++ do the integrated projects have a protocol for when an option is deprecated and at what point it can be removed? e.g. if I make something deprecated in icehouse I can remove it in juno, but if I make something deprecated at the start of juno I can't remove it at the end of juno? That is exactly what we do, deprecate for one release. This was the removal of deprecated icehouse options patch. Ok great, and just to be clear I didn't mean to imply Nova did anything wrong here. I'm looking for what tripleo can do to make sure it keeps up. Is there any easy way to see what options have been deprecated in a release for the integrated projects? I guess a list would only need to be pulled together once at the end of each release. The TripleO check jobs look to be running stable again today so if your patch had failures from earlier this week then recheck away (perhaps referencing one of these bugs if appropriate). The queue is fairly empty right now... Thanks for all the help in tracking these down and getting things fixed. [1] https://bugs.launchpad.net/tripleo/+bug/1292105 I think [1] was meant to be https://bugs.launchpad.net/tripleo/+bug/1330735 [2] https://bugs.launchpad.net/heat/+bug/1331720 [3] https://bugs.launchpad.net/tripleo/+bug/1292105 ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [Horizon] Nominations to Horizon Core
I would like to nominate Zhenguo Niu and Ana Krivokapic to Horizon core. Zhenguo has been a prolific reviewer for the past two releases providing high quality reviews. And providing a significant number of patches over the past three releases. Ana has been a significant reviewer in the Icehouse and Juno release cycles. She has also contributed several patches in this timeframe to both Horizon and tuskar-ui. Please feel free to respond in public or private your support or any concerns. Thanks, David ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [TripleO] CI status update for this week
On Fri, Jun 20, 2014 at 2:15 PM, Charles Crouch ccro...@redhat.com wrote: - Original Message - On Jun 20, 2014 1:52 PM, Charles Crouch ccro...@redhat.com wrote: - Original Message - Not a great week for TripleO CI. We had 3 different failures related to: Nova [1]: we were using a deprecated config option Heat [2]: missing heat data obtained from the Heat CFN API Neutron [3]: a broken GRE overlay network setup The last two are bugs, but is there anything tripleo can do about avoiding the first one in the future?: e.g. reviewing a list of deprecated options and seeing when they will be removed. ++ do the integrated projects have a protocol for when an option is deprecated and at what point it can be removed? e.g. if I make something deprecated in icehouse I can remove it in juno, but if I make something deprecated at the start of juno I can't remove it at the end of juno? That is exactly what we do, deprecate for one release. This was the removal of deprecated icehouse options patch. Ok great, and just to be clear I didn't mean to imply Nova did anything wrong here. I'm looking for what tripleo can do to make sure it keeps up. Is there any easy way to see what options have been deprecated in a release for the integrated projects? I guess a list would only need to be pulled together once at the end of each release. Yup, if you look at the config file you can generate it will tell you what has been deprecated. The TripleO check jobs look to be running stable again today so if your patch had failures from earlier this week then recheck away (perhaps referencing one of these bugs if appropriate). The queue is fairly empty right now... Thanks for all the help in tracking these down and getting things fixed. [1] https://bugs.launchpad.net/tripleo/+bug/1292105 I think [1] was meant to be https://bugs.launchpad.net/tripleo/+bug/1330735 [2] https://bugs.launchpad.net/heat/+bug/1331720 [3] https://bugs.launchpad.net/tripleo/+bug/1292105 ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [TripleO] CI status update for this week
Excerpts from Charles Crouch's message of 2014-06-20 13:51:49 -0700: - Original Message - Not a great week for TripleO CI. We had 3 different failures related to: Nova [1]: we were using a deprecated config option Heat [2]: missing heat data obtained from the Heat CFN API Neutron [3]: a broken GRE overlay network setup The last two are bugs, but is there anything tripleo can do about avoiding the first one in the future?: e.g. reviewing a list of deprecated options and seeing when they will be removed. do the integrated projects have a protocol for when an option is deprecated and at what point it can be removed? e.g. if I make something deprecated in icehouse I can remove it in juno, but if I make something deprecated at the start of juno I can't remove it at the end of juno? Was this being logged as deprecated for a while? I think we probably should aspire to fail CI if something starts printing out deprecation warnings. We have a few more sprinkled here and there that I see in logs; those are just ticking time bombs. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Fuel] Bug squashing day on Tu, 24th of June
No, we should have every day as review day. If there's code waiting to be reviewed that addresses a bug or a feature, there's simply no good reason to write new code for a different bug or feature with the same priority until the code that's already out there is reviewed. On Fri, Jun 20, 2014 at 11:16 AM, Andrew Woodward xar...@gmail.com wrote: Should we also have the 25th as review day so we can squish those down too? On Fri, Jun 20, 2014 at 6:30 AM, Mike Scherbakov mscherba...@mirantis.com wrote: Fuelers, we need to group and enforce bug squashing activities on Tuesday, as discussed on IRC meeting this Thursday [1]. Feel free to do bug triaging first on Monday if needed. We have lots of bugs, and to meet quality criteria for the release we really need this. Every dedicated Fuel developer should stop all other activities and dedicate this day to bugs only. Follow instructions from last bug squashing day [2]. Among other bugs, please give the higher priority to those with customer-found tag. Please, use #fuel-dev for synchronization. I'll be on vacation, but I'll let Dmitry Borodaenko to lead all bugs related activities, he is Bug Master for this release :) [1] http://eavesdrop.openstack.org/meetings/fuel/2014/fuel.2014-06-19-16.00.log.html [2] http://lists.openstack.org/pipermail/openstack-dev/2014-June/037746.html Thanks, -- Mike Scherbakov #mihgen ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Andrew Mirantis Ceph community ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Dmitry Borodaenko ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [TripleO] CI status update for this week
On Fri, 2014-06-20 at 16:51 -0400, Charles Crouch wrote: - Original Message - Not a great week for TripleO CI. We had 3 different failures related to: Nova [1]: we were using a deprecated config option Heat [2]: missing heat data obtained from the Heat CFN API Neutron [3]: a broken GRE overlay network setup The last two are bugs, but is there anything tripleo can do about avoiding the first one in the future?: Yes. Reviewing and monitoring our log files would have been helpful here. Nova did nothing wrong... we were just plain using an old option which was deprecated in Icehouse. With TripleO's upstream focus we need to maintain a balancing act and try to avoid using new option names until a release has been made. I think once the release is made however (Icehouse in this case) we should immediately move to drop all deprecated options and use the new versions. If we follow a process like this we should be safe guarded from this sort of failure in the future. Dan e.g. reviewing a list of deprecated options and seeing when they will be removed. do the integrated projects have a protocol for when an option is deprecated and at what point it can be removed? e.g. if I make something deprecated in icehouse I can remove it in juno, but if I make something deprecated at the start of juno I can't remove it at the end of juno? The TripleO check jobs look to be running stable again today so if your patch had failures from earlier this week then recheck away (perhaps referencing one of these bugs if appropriate). The queue is fairly empty right now... Thanks for all the help in tracking these down and getting things fixed. [1] https://bugs.launchpad.net/tripleo/+bug/1292105 I think [1] was meant to be https://bugs.launchpad.net/tripleo/+bug/1330735 [2] https://bugs.launchpad.net/heat/+bug/1331720 [3] https://bugs.launchpad.net/tripleo/+bug/1292105 ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [TripleO] CI status update for this week
Well we probably need some backwards compat glue to keep deploying supported versions. More on that in the spec I'm drafting. On 21 Jun 2014 12:26, Dan Prince dpri...@redhat.com wrote: On Fri, 2014-06-20 at 16:51 -0400, Charles Crouch wrote: - Original Message - Not a great week for TripleO CI. We had 3 different failures related to: Nova [1]: we were using a deprecated config option Heat [2]: missing heat data obtained from the Heat CFN API Neutron [3]: a broken GRE overlay network setup The last two are bugs, but is there anything tripleo can do about avoiding the first one in the future?: Yes. Reviewing and monitoring our log files would have been helpful here. Nova did nothing wrong... we were just plain using an old option which was deprecated in Icehouse. With TripleO's upstream focus we need to maintain a balancing act and try to avoid using new option names until a release has been made. I think once the release is made however (Icehouse in this case) we should immediately move to drop all deprecated options and use the new versions. If we follow a process like this we should be safe guarded from this sort of failure in the future. Dan e.g. reviewing a list of deprecated options and seeing when they will be removed. do the integrated projects have a protocol for when an option is deprecated and at what point it can be removed? e.g. if I make something deprecated in icehouse I can remove it in juno, but if I make something deprecated at the start of juno I can't remove it at the end of juno? The TripleO check jobs look to be running stable again today so if your patch had failures from earlier this week then recheck away (perhaps referencing one of these bugs if appropriate). The queue is fairly empty right now... Thanks for all the help in tracking these down and getting things fixed. [1] https://bugs.launchpad.net/tripleo/+bug/1292105 I think [1] was meant to be https://bugs.launchpad.net/tripleo/+bug/1330735 [2] https://bugs.launchpad.net/heat/+bug/1331720 [3] https://bugs.launchpad.net/tripleo/+bug/1292105 ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [hacking] rules for removal
Excerpts from Sean Dague's message of 2014-06-20 11:07:39 -0700: After seeing a bunch of code changes to enforce new hacking rules, I'd like to propose dropping some of the rules we have. The overall patch series is here - https://review.openstack.org/#/q/status:open+project:openstack-dev/hacking+branch:master+topic:be_less_silly,n,z H402 - 1 line doc strings should end in punctuation. The real statement is this should be a summary sentence. A sentence is not just a set of words that end in a period. Squirel fast bob. It's something deeper. This rule thus isn't really semantically useful, especially when you are talking about at 69 character maximum (79 - 4 space indent - 6 quote characters). Yes. I despise this one. H803 - First line of a commit message must *not* end in a period. This was mostly a response to an unreasonable core reviewer that was -1ing people for not having periods. I think any core reviewer that -1s for this either way should be thrown off the island, or at least made fun of, a lot. Again, the clarity of a commit message is not made or lost by the lack or existence of a period at the end of the first line. Perhaps we can make a bot that writes disparaging remarks on any -1's that mention period in the line after the short commit message. :) H305 - Enforcement of libraries fitting correctly into stdlib, 3rdparty, our tree. This biggest issue here is it's built in a world where there was only 1 viable python version, 2.7. Python's stdlib is actually pretty dynamic and grows over time. As we embrace more python 3, and as distros start to make python3 be front and center, what does this even mean? The current enforcement can't pass on both python2 and python3 at the same time in many cases because of that. I think we should find a way to make this work. Like it or not, this will garner -1's by people for stylistic reasons and I'd rather it be the bots than the humans do it. The algorithm is something like this pseudo python: for block in import_blocks: if is_this_set_in_a_known_lib_collection(block): continue if is_this_set_entirely_local(block): continue if is_this_set_entirely_installed_libs(block): continue raise AnError(block) And just make the python2 and python3 stdlibs both be a match. Basically I'm saying, let's just be more forgiving but keep the check so we can avoid most of the -1 please group libs and stdlibs separately patches. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[OpenStack-Infra] Spam bugs filed in tempest
I don't know if other projects are seeing this, but tempest has started getting bug reports like this: https://bugs.launchpad.net/tempest/+bug/1332497 Has this happened before? Is there an established way of dealing with it? -David ___ OpenStack-Infra mailing list OpenStack-Infra@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
Re: [OpenStack-Infra] Spam bugs filed in tempest
On 20/06/14 13:37, David Kranz wrote: I don't know if other projects are seeing this, but tempest has started getting bug reports like this: https://bugs.launchpad.net/tempest/+bug/1332497 Has this happened before? Is there an established way of dealing with it? We've seen a few in Horizon, if you report them to Launchpad itself in a Question [1], the Launchpad team usually deals with them pretty quickly. Julie [1] https://answers.launchpad.net/launchpad -David ___ OpenStack-Infra mailing list OpenStack-Infra@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra ___ OpenStack-Infra mailing list OpenStack-Infra@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
[OpenStack-Infra] power kvm ci posting invalid urls in test results
Hello: I have had a report about the current status of power kvm ci. sdague | anteaya / krtaylor: the powerkvm ci seems to be posting invalid urls in test results. That should either be fixed, or it should be turned off. http://eavesdrop.openstack.org/irclogs/%23openstack-infra/%23openstack-infra.2014-06-20.log timestamp 2014-06-20T12:55:59 Please respond to this email as soon as you receive it. Thank you, Anita. ___ OpenStack-Infra mailing list OpenStack-Infra@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
Re: [OpenStack-Infra] power kvm ci posting invalid urls in test results
Hello, The problem seems to be fixed now. Sorry for the inconvenience. Kind regards, Arx Cruz On Fri, Jun 20, 2014 at 10:55 AM, Anita Kuno ante...@anteaya.info wrote: Hello: I have had a report about the current status of power kvm ci. sdague | anteaya / krtaylor: the powerkvm ci seems to be posting invalid urls in test results. That should either be fixed, or it should be turned off. http://eavesdrop.openstack.org/irclogs/%23openstack-infra/%23openstack-infra.2014-06-20.log timestamp 2014-06-20T12:55:59 Please respond to this email as soon as you receive it. Thank you, Anita. ___ OpenStack-Infra mailing list OpenStack-Infra@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra ___ OpenStack-Infra mailing list OpenStack-Infra@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
[OpenStack-Infra] Infra Bug Day: Tuesday July 8th
Hi everyone, I've been busy with travel and events lately (and next week), so we missed our typical bug day, but it's been a while and I'd really like to have on prior to our mid-cycle meetup in July. In order to avoid Canada Day+US Independence week I'm proposing Tuesday July 8th from 1700 onward for our next one. -- Elizabeth Krumbach Joseph || Lyz || pleia2 http://www.princessleia.com ___ OpenStack-Infra mailing list OpenStack-Infra@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
[OpenStack-Infra] Add Datera service account
Hello, I would like to have a service account added please. Pub key: ssh-rsa B3NzaC1yc2EDAQABgQCwIZcZ7jwJA3Fo071bvL7rPfKX4zv2t04mf4Xw9jhfgijQjd7WfWxYguLCuEf2ymB8yrn0XKfBV1XqbEhe9V33kPVzcGk0+omDb5BeY7lIgXVAloWHshx7D8UwwFLWUa/RREqaVow+zx5U3Rlg6OK5MyQRBAxeCtTczgPxOB8m3Q== username: datera-storage-ci Fullname: Datera Storage CI email: datera-openstack...@datera.io -- Mike Perez ___ OpenStack-Infra mailing list OpenStack-Infra@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
Re: [Openstack] ML2 Plugin and vif_type=binding_failed
He did this: $ cat /etc/neutron/neutron.conf ... [database] # set in plugin #connection = $ cat /etc/neutron/plugins/ml2/ml2_conf.ini ... [database] connection = mysql://neutron:password@127.0.0.1/neutron Then (re)initialize the various db structures and restart all neutron daemons: $ neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head On 20/06/14 15:49, Raphael Ribeiro wrote: Hi Heiko, what was wrong with the ml2 config? Can you post here? I'm having the same problem,. Thanks! 2014-06-17 9:51 GMT-03:00 Heiko Krämer hkrae...@anynines.com: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Akesh, you're right on the controller host was the ml2 config not correct -.- my false. In addition in the ml2_conf need to be the database connection informations like in ovs. It's running now :) Thanks again. Cheers Heiko On 17.06.2014 12:31, Akash Gunjal wrote: Hi, This error occurs when the config is wrong wither on controller or the compute. Check the ml2_conf.ini on controller and ovs_plugin.ini on the compute. Regards, Akash From: Heiko Krämer hkrae...@anynines.com To:Akilesh K akilesh1...@gmail.com, Cc: openstack@lists.openstack.org openstack@lists.openstack.org Date: 06/17/2014 03:56 PM Subject: Re: [Openstack] ML2 Plugin and vif_type=binding_failed Hi Akilesh, i see this warn on neutron-server 2014-06-17 10:14:20.283 24642 WARNING neutron.plugins.ml2.managers [req-d23b58ce-3389-4af5-bdd2-a78bd7cec507 None] Failed to bind port f71d7e0e-8955-4784-83aa-c23bf1b16f4f on host nettesting.hydranodes.de if i restart ovs-agent on network node i see this one: 2014-06-17 09:28:26.029 31369 ERROR neutron.agent.linux.ovsdb_monitor [-] Error received from ovsdb monitor: 2014-06-17T09:28:26Z|1|fatal_signal|WARN|terminating with signal 15 (Terminated) 2014-06-17 09:28:29.275 31870 WARNING neutron.plugins.openvswitch.agent.ovs_neutron_agent [-] Device f71d7e0e-8955-4784-83aa-c23bf1b16f4f not defined on plugin 2014-06-17 09:28:29.504 31870 WARNING neutron.plugins.openvswitch.agent.ovs_neutron_agent [-] Device 39bb4ba0-3d37-4ffe-9c81-073807f8971a not defined on plugin same on comp host if i restart ovs agent: 2014-06-17 09:28:44.446 25476 ERROR neutron.agent.linux.ovsdb_monitor [-] Error received from ovsdb monitor: 2014-06-17T09:28:44Z|1|fatal_signal|WARN|terminating with signal 15 (Terminated) but ovs seems to be correct: ##Compute## 7bbe81f3-79fa-4efa-b0eb-76addb57675c Bridge br-tun Port gre-64141401 Interface gre-64141401 type: gre options: {in_key=flow, local_ip=100.20.20.2, out_key=flow, remote_ip=100.20.20.1} Port patch-int Interface patch-int type: patch options: {peer=patch-tun} Port br-tun Interface br-tun type: internal Bridge br-int Port br-int Interface br-int type: internal Port patch-tun Interface patch-tun type: patch options: {peer=patch-int} ovs_version: 2.0.1 ### Network node### a40d7fc6-b0f0-4d55-98fc-c02cc7227d6c Bridge br-ex Port br-ex Interface br-ex type: internal Bridge br-tun Port gre-64141402 Interface gre-64141402 type: gre options: {in_key=flow, local_ip=100.20.20.1, out_key=flow, remote_ip=100.20.20.2} Port patch-int Interface patch-int type: patch options: {peer=patch-tun} Port br-tun Interface br-tun type: internal Bridge br-int Port int-br-int Interface int-br-int Port tapf71d7e0e-89 tag: 4095 Interface tapf71d7e0e-89 type: internal Port br-int Interface br-int type: internal Port patch-tun Interface patch-tun type: patch options: {peer=patch-int} Port qr-39bb4ba0-3d tag: 4095 Interface qr-39bb4ba0-3d type: internal Port phy-br-int Interface phy-br-int ovs_version: 2.0.1 I see this one in my neutron DB: neutron=# select * from ml2_port_bindings ; port_id | host | vif_type| driver | segment | vnic_type | vif_details | profile - --+--+++-+---+-+- 39bb4ba0-3d37-4ffe-9c81-073807f8971a | nettesting.hydranodes.de | binding_failed || | normal| | {} f71d7e0e-8955-4784-83aa-c23bf1b16f4f | nettesting.hydranodes.de | binding_failed || | normal| | {} is that maybe the problem ? Cheers Heiko On 17.06.2014 12:08, Akilesh K wrote: File looks good except that [agent] section is not needed. Can you reply with some log from '/var/log/neutron/server.log' during instance launch exactly. The vif_type=binding_failed occurs when neutron is unable to create a port for some reason. Either neutron server log or the plugin's log file should have some information why it failed in first place. On Tue, Jun 17, 2014 at 3:07 PM, Heiko Krämer hkrae...@anynines.com wrote: Hi Kaya, https://gist.github.com/foexle/e1f02066d6a9cff306f4 Cheers Heiko On 17.06.2014 11:17, Yankai Liu wrote: Heiko, Would you please share your ml2_conf.ini? Best Regards, Kaya Liu 刘艳凯
Re: [Openstack] want to contribute studied architecture of swift
Hi Trinath, As mentioned in the link suggested by you, I create launchpad account and join Openstack Foundation. Now what should I do to contribute the findings? Regards Pragya jain On Tuesday, 17 June 2014 11:10 AM, trinath.soman...@freescale.com trinath.soman...@freescale.com wrote: The answer is YES. Look to the openstack guidelines for code contribution at https://wiki.openstack.org/wiki/How_To_Contribute -- Trinath Somanchi - B39208 trinath.soman...@freescale.com| extn: 4048 From:pragya jain [mailto:prag_2...@yahoo.co.in] Sent: Tuesday, June 17, 2014 11:00 AM To: openstack@lists.openstack.org Subject: [Openstack] want to contribute studied architecture of swift Hello all! I had studied the architecture of swift from its source code available at Github. And, I want to contribute that with swift community. Can I contribute it? Regards Pragya jain ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Tenant List
I think --tenant is not a supported option for nova I don't see it under nova -h What i see is this... --os-tenant-name auth-tenant-name So maybe --tenant is just being ignored and hence the cmd reduces to `nova list` hence it shows only admin instance as u r logged in as admin On Fri, Jun 13, 2014 at 6:40 PM, Georgios Dimitrakakis gior...@acmac.uoc.gr wrote: I am in IceHouse and as an ADMIN I am trying to list the instances on a specific tenant. I have the following tenants: # keystone tenant-list +--+-+-+ |id| name | enabled | +--+-+-+ | 4746936e9e4b49e382ad41d0b98f3644 | admin | True | | 965bd35fbef24133951a6bee429cd5be | demo | True | | ad1473de92c1496fa4dea3fb93101b8b | service | True | +--+-+-+ Both the commands # nova list --tenant demo # nova list --tenant 965bd35fbef24133951a6bee429cd5be produce the wrong output since they list the instances for the admin tenant. Using # nova list --all-tenants shows everything but why the specific tenants cannot be shown? Does anyone else have seen this?? Best, G. -- ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/ openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/ openstack ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Tenant List
Look command as nova help list, there is such option --tenant and I can confirm, it didn't work for me either. On 2014.06.20. 12:16, Deepak Shetty wrote: I think --tenant is not a supported option for nova I don't see it under nova -h What i see is this... --os-tenant-name auth-tenant-name So maybe --tenant is just being ignored and hence the cmd reduces to `nova list` hence it shows only admin instance as u r logged in as admin On Fri, Jun 13, 2014 at 6:40 PM, Georgios Dimitrakakis gior...@acmac.uoc.gr wrote: I am in IceHouse and as an ADMIN I am trying to list the instances on a specific tenant. I have the following tenants: # keystone tenant-list +--+-+-+ |id| name | enabled | +--+-+-+ | 4746936e9e4b49e382ad41d0b98f3644 | admin | True | | 965bd35fbef24133951a6bee429cd5be | demo | True | | ad1473de92c1496fa4dea3fb93101b8b | service | True | +--+-+-+ Both the commands # nova list --tenant demo # nova list --tenant 965bd35fbef24133951a6bee429cd5be produce the wrong output since they list the instances for the admin tenant. Using # nova list --all-tenants shows everything but why the specific tenants cannot be shown? Does anyone else have seen this?? Best, G. -- ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/ openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/ openstack ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] SPICE console for OpenStack Havana
Hi Martinx, Thanks for your help. It works fine with the below configuration for OpenStack Havana. This thread will help for others if they need to integrate SPICE. On Fri, Jun 20, 2014 at 12:56 AM, Martinx - ジェームズ thiagocmarti...@gmail.com wrote: Hey Foss, Here is how I'm using SPICE Consoles but, with IceHouse: Controller Node (nova.conf): --- [DEFAULT] vnc_enabled = False novnc_enabled = False # SPICE configuration - Proxy Dual-Stacked [spice] enabled = True spicehtml5proxy_host = :: html5proxy_base_url = http://controller-1.mydomain.com.br:6082/spice_auto.html keymap = en-us --- Comoute Node (nova.conf): --- [DEFAULT] vnc_enabled = False novnc_enabled = False # SPICE configuration - Server Dual-Stacked [spice] enabled = True agent_enabled = True html5proxy_base_url = http://controller-1.mydomain.com.br:6082/spice_auto.html keymap = en-us server_listen = :: server_proxyclient_address = compute-1.mng.mydomain.com.br --- Where controller-1.mydomain.com.br is the public address, so people can access the SPICE Proxy and, compute-1.mng.mydomain.com.br is where the proxy communicates, via management network, with SPICE server itself (KVM Instance running at the hypervisor). My IceHouse instal guide covers SPICE Console: https://gist.github.com/tmartinx/9177697 Hope it helps! Cheers! Thiago On 19 June 2014 15:04, foss geek thefossg...@gmail.com wrote: I am refering ( http://joshrestivo.com/?p=32 ) to setup the Spice protocol to use in place of VNC, but for some reason I can not get it to work. I have configured my nova.conf like so: I am using OpenStack Havana. *I). Configuration in Controller Node :* # cat /etc/redhat-release CentOS release 6.4 (Final) # rpm -qa | grep spice* spice-html5-0.1.4-1.el6.noarch spice-server-0.12.0-12.el6_4.5.x86_64 # vim /etc/nova/nova.conf *Commented VNC related stuff in nova.conf and configured Spice* #novncproxy_host=controller_public_ip #novncproxy_port=6080 vnc_enabled=false spicehtml5proxy_port=6082 [spice] html5proxy_base_url=http://controller_public_ip:6082/spice_auto.html enabled=true keymap=en-us *Restated relevant service in controller node:* # service httpd restart # service openstack-nova-spicehtml5proxy restart # ps aux | grep -E '*spicehtml5proxy*' | grep -v 'grep' nova 6154 4.2 0.0 302772 30736 ?S17:35 0:00 /usr/bin/python /usr/bin/nova-spicehtml5proxy --logfile /var/log/nova/spicehtml5proxy.log # cat /var/log/nova/spicehtml5proxy.log cat: /var/log/nova/spicehtml5proxy.log: No such file or directory I am trying to telnet controller_public_ip port 6082 from controller node itself. # telnet controller_public_ip 6082 Trying controller_public_ip... Connected to controller_public_ip. Escape character is '^]'. Connection closed by foreign host. # It seems it connects to port 6082 but immediately returns Connection closed by foreign host and close telnet session. *II). Configuration in Compute Node :* # cat /etc/redhat-release CentOS release 6.4 (Final) # vim /etc/nova/nova.conf *Commented VNC related stuff in nova.conf and configured Spice* #novncproxy_base_url=http://controller_public_ip:6080/vnc_auto.html #vncserver_listen=0.0.0.0 #vncserver_proxyclient_address=192.168.0.3 vnc_enabled=false #vnc_keymap=en-us #xvpvncproxy_port=6081 #xvpvncproxy_host=0.0.0.0 [spice] html5proxy_base_url=http://controller_public_ip:6082/spice_auto.html server_listen=0.0.0.0 server_proxyclient_address=192.168.0.3 enabled=True agent_enabled=True keymap=en-us *Restated relevant service in compute node: * # service openstack-nova-compute restart Trying to telnet controller_public_ip from Compute Node # telnet controller_public_ip 6082 Trying controller_public_ip... telnet: connect to address controller_public_ip: Connection timed out Basics question: Does compute node and client machine require access to controller node 6082 port? I getting the blow error in VM Instance Console Network Error (tcp_error) A communication error occurred: The Web Server may be down, too busy, or experiencing other problems preventing it from responding to requests. You may wish to try again at a later time. Thanks for your time. ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Tenant List
I 've just send the output of nova help list I will submit a bug report! Thx, G. On Fri, 20 Jun 2014 16:47:13 +0530, Deepak Shetty wrote: Sorry! My bad.. i was wrong :) nova help list does show the option Maybe you can raise a bug in LP if its not working. My 2 cents On Fri, Jun 20, 2014 at 4:44 PM, Deepak Shetty wrote: GEORGIOS, Why do you think its present ? Can you justify your claim pls ? This is what I see... [stack@devstack-large-vm ~]$ [admin] nova -h| grep tenant [--os-tenant-name ] [--os-tenant-id ] [--os-auth-url ] flavor-access-add Add flavor access for the given tenant. Remove flavor access for the given tenant. floating-ip-create Allocate a floating IP for the current tenant. quota-defaults List the default quotas for a tenant. quota-delete Delete quota for a tenant/user so their quota will quota-show List the quotas for a tenant/user. quota-update Update the quotas for a tenant/user. secgroup-list List security groups for the current tenant. usage Show usage data for a single tenant. usage-list List usage data for all tenants. x509-create-cert Create x509 cert for a user in tenant. --os-tenant-name --os-tenant-id As you can see ^^ there is no --tenant available. On Fri, Jun 20, 2014 at 3:23 PM, Georgios Dimitrakakis wrote: Indeed there is available and in principle it should work as an admin...but it doesnt. Best, G. On Fri, 20 Jun 2014 12:30:31 +0300, Mārtiņš Jakubovičs wrote: Look command as nova help list, there is such option --tenant and I can confirm, it didnt work for me either. On 2014.06.20. 12:16, Deepak Shetty wrote: I think --tenant is not a supported option for nova I dont see it under nova -h What i see is this... --os-tenant-name So maybe --tenant is just being ignored and hence the cmd reduces to `nova list` hence it shows only admin instance as u r logged in as admin On Fri, Jun 13, 2014 at 6:40 PM, Georgios Dimitrakakis wrote: I am in IceHouse and as an ADMIN I am trying to list the instances on a specific tenant. I have the following tenants: # keystone tenant-list +--+-+-+ | id | name | enabled | +--+-+-+ | 4746936e9e4b49e382ad41d0b98f3644 | admin | True | | 965bd35fbef24133951a6bee429cd5be | demo | True | | ad1473de92c1496fa4dea3fb93101b8b | service | True | +--+-+-+ Both the commands # nova list --tenant demo # nova list --tenant 965bd35fbef24133951a6bee429cd5be produce the wrong output since they list the instances for the admin tenant. Using # nova list --all-tenants shows everything but why the specific tenants cannot be shown? Does anyone else have seen this?? Best, G. -- ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/ [1] openstack Post to : openstack@lists.openstack.org [2] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/ [3] openstack ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [5] Post to : openstack@lists.openstack.org [6] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [7] ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [8] Post to : openstack@lists.openstack.org [9] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [10] -- ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [11] Post to : openstack@lists.openstack.org [12] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [13] Links: -- [1] http://lists.openstack.org/cgi-bin/mailman/listinfo/ [2] mailto:openstack@lists.openstack.org [3] http://lists.openstack.org/cgi-bin/mailman/listinfo/ [4] mailto:gior...@acmac.uoc.gr [5] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [6] mailto:openstack@lists.openstack.org [7] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [8] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [9] mailto:openstack@lists.openstack.org [10] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [11] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [12] mailto:openstack@lists.openstack.org [13] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [14] mailto:gior...@acmac.uoc.gr [15] mailto:dpkshe...@gmail.com -- ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe :
Re: [Openstack] Tenant List
Sorry! My bad.. i was wrong :) nova help list does show the option Maybe you can raise a bug in LP if its not working. My 2 cents On Fri, Jun 20, 2014 at 4:44 PM, Deepak Shetty dpkshe...@gmail.com wrote: Georgios, Why do you think its present ? Can you justify your claim pls ? This is what I see... [stack@devstack-large-vm ~]$ [admin] nova -h| grep tenant [--os-tenant-name auth-tenant-name] [--os-tenant-id auth-tenant-id] [--os-auth-url auth-url] flavor-access-add Add flavor access for the given tenant. Remove flavor access for the given tenant. floating-ip-create Allocate a floating IP for the current tenant. quota-defaults List the default quotas for a tenant. quota-deleteDelete quota for a tenant/user so their quota will quota-show List the quotas for a tenant/user. quota-updateUpdate the quotas for a tenant/user. secgroup-list List security groups for the current tenant. usage Show usage data for a single tenant. usage-list List usage data for all tenants. x509-create-certCreate x509 cert for a user in tenant. --os-tenant-name auth-tenant-name --os-tenant-id auth-tenant-id As you can see ^^ there is no --tenant available. On Fri, Jun 20, 2014 at 3:23 PM, Georgios Dimitrakakis gior...@acmac.uoc.gr wrote: Indeed there is available and in principle it should work as an admin...but it doesn't. Best, G. On Fri, 20 Jun 2014 12:30:31 +0300, Mārtiņš Jakubovičs wrote: Look command as nova help list, there is such option --tenant and I can confirm, it didn't work for me either. On 2014.06.20. 12:16, Deepak Shetty wrote: I think --tenant is not a supported option for nova I don't see it under nova -h What i see is this... --os-tenant-name auth-tenant-name So maybe --tenant is just being ignored and hence the cmd reduces to `nova list` hence it shows only admin instance as u r logged in as admin On Fri, Jun 13, 2014 at 6:40 PM, Georgios Dimitrakakis gior...@acmac.uoc.gr wrote: I am in IceHouse and as an ADMIN I am trying to list the instances on a specific tenant. I have the following tenants: # keystone tenant-list +--+-+-+ |id| name | enabled | +--+-+-+ | 4746936e9e4b49e382ad41d0b98f3644 | admin | True | | 965bd35fbef24133951a6bee429cd5be | demo | True | | ad1473de92c1496fa4dea3fb93101b8b | service | True | +--+-+-+ Both the commands # nova list --tenant demo # nova list --tenant 965bd35fbef24133951a6bee429cd5be produce the wrong output since they list the instances for the admin tenant. Using # nova list --all-tenants shows everything but why the specific tenants cannot be shown? Does anyone else have seen this?? Best, G. -- ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/ openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/ openstack ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/ openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/ openstack ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/ openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/ openstack -- ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/ openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/ openstack ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Tenant List
These are my findings: $ nova help list usage: nova list [--reservation-id reservation-id] [--ip ip-regexp] [--ip6 ip6-regexp] [--name name-regexp] [--instance-name name-regexp] [--status status] [--flavor flavor] [--image image] [--host hostname] [--all-tenants [0|1]] [--tenant [tenant]] [--deleted] [--fields fields] [--minimal] List active servers. Optional arguments: --reservation-id reservation-id Only return servers that match reservation-id. --ip ip-regexp Search with regular expression match by IP address (Admin only). --ip6 ip6-regexpSearch with regular expression match by IPv6 address (Admin only). --name name-regexp Search with regular expression match by name --instance-name name-regexp Search with regular expression match by server name (Admin only). --status status Search by server status --flavor flavor Search by flavor name or ID --image image Search by image name or ID --host hostname Search servers by hostname to which they are assigned (Admin only). --all-tenants [0|1] Display information from all tenants (Admin only). --tenant [tenant] Display information from single tenant (Admin only). --deleted Only display deleted servers (Admin only). --fields fields Comma-separated list of fields to display. Use the show command to see which fields are available. --minimal Get only uuid and name. Best, G. On Fri, 20 Jun 2014 16:44:30 +0530, Deepak Shetty wrote: GEORGIOS, Why do you think its present ? Can you justify your claim pls ? This is what I see... [stack@devstack-large-vm ~]$ [admin] nova -h| grep tenant [--os-tenant-name ] [--os-tenant-id ] [--os-auth-url ] flavor-access-add Add flavor access for the given tenant. Remove flavor access for the given tenant. floating-ip-create Allocate a floating IP for the current tenant. quota-defaults List the default quotas for a tenant. quota-delete Delete quota for a tenant/user so their quota will quota-show List the quotas for a tenant/user. quota-update Update the quotas for a tenant/user. secgroup-list List security groups for the current tenant. usage Show usage data for a single tenant. usage-list List usage data for all tenants. x509-create-cert Create x509 cert for a user in tenant. --os-tenant-name --os-tenant-id As you can see ^^ there is no --tenant available. On Fri, Jun 20, 2014 at 3:23 PM, Georgios Dimitrakakis wrote: Indeed there is available and in principle it should work as an admin...but it doesnt. Best, G. On Fri, 20 Jun 2014 12:30:31 +0300, Mārtiņš Jakubovičs wrote: Look command as nova help list, there is such option --tenant and I can confirm, it didnt work for me either. On 2014.06.20. 12:16, Deepak Shetty wrote: I think --tenant is not a supported option for nova I dont see it under nova -h What i see is this... --os-tenant-name So maybe --tenant is just being ignored and hence the cmd reduces to `nova list` hence it shows only admin instance as u r logged in as admin On Fri, Jun 13, 2014 at 6:40 PM, Georgios Dimitrakakis wrote: I am in IceHouse and as an ADMIN I am trying to list the instances on a specific tenant. I have the following tenants: # keystone tenant-list +--+-+-+ | id | name | enabled | +--+-+-+ | 4746936e9e4b49e382ad41d0b98f3644 | admin | True | | 965bd35fbef24133951a6bee429cd5be | demo | True | | ad1473de92c1496fa4dea3fb93101b8b | service | True | +--+-+-+ Both the commands # nova list --tenant demo # nova list --tenant 965bd35fbef24133951a6bee429cd5be produce the wrong output since they list the instances for the admin tenant. Using # nova list --all-tenants shows everything but why the specific tenants cannot be shown? Does anyone else have seen this?? Best, G. -- ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/ [1] openstack Post to : openstack@lists.openstack.org [2] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/ [3] openstack ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [5] Post to : openstack@lists.openstack.org [6] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [7] ___ Mailing list:
Re: [Openstack] Tenant List
Georgios, Why do you think its present ? Can you justify your claim pls ? This is what I see... [stack@devstack-large-vm ~]$ [admin] nova -h| grep tenant [--os-tenant-name auth-tenant-name] [--os-tenant-id auth-tenant-id] [--os-auth-url auth-url] flavor-access-add Add flavor access for the given tenant. Remove flavor access for the given tenant. floating-ip-create Allocate a floating IP for the current tenant. quota-defaults List the default quotas for a tenant. quota-deleteDelete quota for a tenant/user so their quota will quota-show List the quotas for a tenant/user. quota-updateUpdate the quotas for a tenant/user. secgroup-list List security groups for the current tenant. usage Show usage data for a single tenant. usage-list List usage data for all tenants. x509-create-certCreate x509 cert for a user in tenant. --os-tenant-name auth-tenant-name --os-tenant-id auth-tenant-id As you can see ^^ there is no --tenant available. On Fri, Jun 20, 2014 at 3:23 PM, Georgios Dimitrakakis gior...@acmac.uoc.gr wrote: Indeed there is available and in principle it should work as an admin...but it doesn't. Best, G. On Fri, 20 Jun 2014 12:30:31 +0300, Mārtiņš Jakubovičs wrote: Look command as nova help list, there is such option --tenant and I can confirm, it didn't work for me either. On 2014.06.20. 12:16, Deepak Shetty wrote: I think --tenant is not a supported option for nova I don't see it under nova -h What i see is this... --os-tenant-name auth-tenant-name So maybe --tenant is just being ignored and hence the cmd reduces to `nova list` hence it shows only admin instance as u r logged in as admin On Fri, Jun 13, 2014 at 6:40 PM, Georgios Dimitrakakis gior...@acmac.uoc.gr wrote: I am in IceHouse and as an ADMIN I am trying to list the instances on a specific tenant. I have the following tenants: # keystone tenant-list +--+-+-+ |id| name | enabled | +--+-+-+ | 4746936e9e4b49e382ad41d0b98f3644 | admin | True | | 965bd35fbef24133951a6bee429cd5be | demo | True | | ad1473de92c1496fa4dea3fb93101b8b | service | True | +--+-+-+ Both the commands # nova list --tenant demo # nova list --tenant 965bd35fbef24133951a6bee429cd5be produce the wrong output since they list the instances for the admin tenant. Using # nova list --all-tenants shows everything but why the specific tenants cannot be shown? Does anyone else have seen this?? Best, G. -- ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/ openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/ openstack ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/ openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/ openstack ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/ openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/ openstack -- ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/ openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/ openstack ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] br-tun in icehouse ..?
Hello team, I have observers few differences in Ice House and Havana. In Havana br-tun is mentioned in the ovs_neutron_plugin.ini . In Ice House I couldn't see br-tun in any configuration. Its function is replaced by something else ? Or I missed it ..please correct me .. Havana: Neutron Node cat /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini: #Under the OVS section [OVS] tenant_network_type = gre enable_tunneling = True tunnel_id_ranges = 1:1000 integration_bridge = br-int tunnel_bridge = br-tun local_ip = 10.10.10.52 In compute Node: cat /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini: #Under the OVS section [OVS] tenant_network_type = gre tunnel_id_ranges = 1:1000 integration_bridge = br-int tunnel_bridge = br-tun local_ip = 10.10.10.53 enable_tunneling = True Regards, Malleshi CN This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. __ www.accenture.com ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] br-tun in icehouse ..?
On Fri, Jun 20, 2014 at 12:49:56PM +, m.channappa.nega...@accenture.com wrote: I have observers few differences in Ice House and Havana. In Havana br-tun is mentioned in the ovs_neutron_plugin.ini . In Ice House I couldn't see br-tun in any configuration. Its function is replaced by something else ? The default value for tunnel_bridge in Icehouse is br-tun, so you may not see this explicitly in a configuration file. The parameter is still used, and if you create a tunneling configuration you will see the br-tun device created and populated in a fashion very similar to in Havana. -- Lars Kellogg-Stedman l...@redhat.com | larsks @ irc Cloud Engineering / OpenStack | @ twitter pgpMM2krR5orY.pgp Description: PGP signature ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] br-tun in icehouse ..?
Thank you for the answer !! Regards, Malleshi CN -Original Message- From: Lars Kellogg-Stedman [mailto:l...@redhat.com] Sent: Friday, June 20, 2014 6:48 PM To: Channappa Negalur, M. Cc: openstack@lists.openstack.org Subject: Re: [Openstack] br-tun in icehouse ..? On Fri, Jun 20, 2014 at 12:49:56PM +, m.channappa.nega...@accenture.com wrote: I have observers few differences in Ice House and Havana. In Havana br-tun is mentioned in the ovs_neutron_plugin.ini . In Ice House I couldn't see br-tun in any configuration. Its function is replaced by something else ? The default value for tunnel_bridge in Icehouse is br-tun, so you may not see this explicitly in a configuration file. The parameter is still used, and if you create a tunneling configuration you will see the br-tun device created and populated in a fashion very similar to in Havana. -- Lars Kellogg-Stedman l...@redhat.com | larsks @ irc Cloud Engineering / OpenStack | @ twitter This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. __ www.accenture.com ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] Unable to run VNC due to consoleauth failing
Hi everyone, I did a new installation of icehouse using the community puppet modules. I can spawn all the instaces perfectly but I can't get the VNC to work. The auth token that I get from nova get-vnc-console command is invalid. In the /var/log/nova/consoleauth.log logs, I see, 2014-06-20 14:57:32.191 16413 AUDIT nova.consoleauth.manager [req-74cc0ef5-a351-42aa-91d0-20e43406bdfe 75163482f69e4f08b6b6b979dd119d38 36a2a12555fd43a393b2be77411a87c7] Received Token: 75f20d26 -c900-47a2-9a05-6f8c7e9f581a, {'instance_uuid': u'd5294870-eb75-4233-8118-1c376d03a10b', 'internal_access_path': None, 'last_activity_at': 1403276252.18894, 'console_type': u'novnc', 'host': u'compute-node-ip', 'token': u'75f20d26-c900-47a2-9a05-6f8c7e9f581a', 'port': u'5900'} 2014-06-20 14:57:32.197 16413 INFO oslo.messaging._drivers.impl_qpid [-] Connected to AMQP server on controller-1:5672 2014-06-20 14:57:37.879 16413 AUDIT nova.consoleauth.manager [req-ba54c44b-c536-4155-b4e7-c06a4a46e5e3 None None] Checking Token: 75f20d26-c900-47a2-9a05-6f8c7e9f581a, False And in the novncproxy logs, I see: WebSocket server settings: - Listen on controller-1:6080 - Flash security policy server - Web server. Web root: /usr/share/novnc - No SSL/TLS support (no cert file) - proxying from controller-1:6080 to ignore:ignore 3: 172.16.26.59: Plain non-SSL (ws://) WebSocket connection 3: 172.16.26.59: Version hybi-13, base64: 'True' 3: 172.16.26.59: Path: '/websockify' 3: handler exception: Invalid Token 4: 172.16.26.59: ignoring socket not ready 2: 172.16.26.59: ignoring empty handshake So, it clearly means that novncproxy refuses to serve the connection due to getting a wrong token as verified by consoleauth daemon. Can anyone help me with tracking down the issue? What can be wrong? Thanks a lot in advance. -- Cheers, Abhijeet Rastogi (shadyabhi) ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] [Nova] How to confirm I have the right database schema when checkout to another branch?
You need to remove the old .pyc files in the migrate_repo/versions directory. I have an alias in my .gitconfig to allow me to checkout a branch and delete pycs in one command: [alias] cc = !TOP=$(git rev-parse --show-toplevel); find $TOP -name '*.pyc' -delete; git-checkout” so i can do: git cc some-branch Vish On Jun 11, 2014, at 7:54 PM, 严超 yanchao...@gmail.com wrote: Hi, All: When I checkout nova to another branch. how to confirm I have the right database schema ? When I run nova-manage db sync, I've got below error: 2014-06-11 22:53:27.977 CRITICAL nova [-] KeyError: VerNum(242) 2014-06-11 22:53:27.977 TRACE nova Traceback (most recent call last): 2014-06-11 22:53:27.977 TRACE nova File /usr/local/bin/nova-manage, line 10, in module 2014-06-11 22:53:27.977 TRACE nova sys.exit(main()) 2014-06-11 22:53:27.977 TRACE nova File /opt/stack/nova/nova/cmd/manage.py, line 1376, in main 2014-06-11 22:53:27.977 TRACE nova ret = fn(*fn_args, **fn_kwargs) 2014-06-11 22:53:27.977 TRACE nova File /opt/stack/nova/nova/cmd/manage.py, line 885, in sync 2014-06-11 22:53:27.977 TRACE nova return migration.db_sync(version) 2014-06-11 22:53:27.977 TRACE nova File /opt/stack/nova/nova/db/migration.py, line 32, in db_sync 2014-06-11 22:53:27.977 TRACE nova return IMPL.db_sync(version=version) 2014-06-11 22:53:27.977 TRACE nova File /opt/stack/nova/nova/db/sqlalchemy/migration.py, line 44, in db_sync 2014-06-11 22:53:27.977 TRACE nova return versioning_api.upgrade(get_engine(), repository, version) 2014-06-11 22:53:27.977 TRACE nova File /usr/local/lib/python2.7/dist-packages/migrate/versioning/api.py, line 186, in upgrade 2014-06-11 22:53:27.977 TRACE nova return _migrate(url, repository, version, upgrade=True, err=err, **opts) 2014-06-11 22:53:27.977 TRACE nova File string, line 2, in _migrate 2014-06-11 22:53:27.977 TRACE nova File /usr/local/lib/python2.7/dist-packages/migrate/versioning/util/__init__.py, line 160, in with_engine 2014-06-11 22:53:27.977 TRACE nova return f(*a, **kw) 2014-06-11 22:53:27.977 TRACE nova File /usr/local/lib/python2.7/dist-packages/migrate/versioning/api.py, line 345, in _migrate 2014-06-11 22:53:27.977 TRACE nova changeset = schema.changeset(version) 2014-06-11 22:53:27.977 TRACE nova File /usr/local/lib/python2.7/dist-packages/migrate/versioning/schema.py, line 82, in changeset 2014-06-11 22:53:27.977 TRACE nova changeset = self.repository.changeset(database, start_ver, version) 2014-06-11 22:53:27.977 TRACE nova File /usr/local/lib/python2.7/dist-packages/migrate/versioning/repository.py, line 225, in changeset 2014-06-11 22:53:27.977 TRACE nova changes = [self.version(v).script(database, op) for v in versions] 2014-06-11 22:53:27.977 TRACE nova File /usr/local/lib/python2.7/dist-packages/migrate/versioning/repository.py, line 189, in version 2014-06-11 22:53:27.977 TRACE nova return self.versions.version(*p, **k) 2014-06-11 22:53:27.977 TRACE nova File /usr/local/lib/python2.7/dist-packages/migrate/versioning/version.py, line 173, in version 2014-06-11 22:53:27.977 TRACE nova return self.versions[VerNum(vernum)] 2014-06-11 22:53:27.977 TRACE nova KeyError: VerNum(242) 2014-06-11 22:53:27.977 TRACE nova Best Regards! Chao Yan -- My twitter:Andy Yan @yanchao727 My Weibo:http://weibo.com/herewearenow -- ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack signature.asc Description: Message signed with OpenPGP using GPGMail ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Tenant List
Might this be an example of different people seeing different things because they are looking at different versions of the nova CLI? rick jones (In the version of nova I happen to use - 2.17.0.65 - I see a --tenant_id option rather than a --tenant option in the output of nova help ...) ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] Unable to attach a new interface to vm
Hi all, I am running IceHouse (RDO) and currently unable to attach a new interface to a vm. [root@localhost ~(keystone_admin)]# nova interface-attach myvm1 ERROR: PortLimitExceeded_Remote: Maximum number of ports exceeded Traceback (most recent call last): File /usr/lib/python2.6/site-packages/oslo/messaging/rpc/dispatcher.py, line 133, in _dispatch_and_reply incoming.message)) File /usr/lib/python2.6/site-packages/oslo/messaging/rpc/dispatcher.py, line 176, in _dispatch return self._do_dispatch(endpoint, method, ctxt, args) File /usr/lib/python2.6/site-packages/oslo/messaging/rpc/dispatcher.py, line 122, in _do_dispatch result = getattr(endpoint, method)(ctxt, **new_args) File /usr/lib/python2.6/site-packages/nova/compute/manager.py, line 399, in decorated_function return function(self, context, *args, **kwargs) File /usr/lib/python2.6/site-packages/nova/compute/manager.py, line 4345, in attach_interface context, instance, port_id, network_id, requested_ip) File /usr/lib/python2.6/site-packages/nova/network/neutronv2/api.py, line 440, in allocate_port_for_instance requested_networks=[(network_id, requested_ip, port_id)]) File /usr/lib/python2.6/site-packages/nova/network/neutronv2/api.py, line 361, in allocate_for_instance LOG.exception(msg, port_id) File /usr/lib/python2.6/site-packages/nova/openstack/common/excutils.py, line 68, in __exit__ six.reraise(self.type_, self.value, self.tb) File /usr/lib/python2.6/site-packages/nova/network/neutronv2/api.py, line 336, in allocate_for_instance security_group_ids, available_macs, dhcp_opts) File /usr/lib/python2.6/site-packages/nova/network/neutronv2/api.py, line 192, in _create_port raise exception.PortLimitExceeded() PortLimitExceeded: Maximum number of ports exceeded (HTTP 413) (Request-ID: req-296d6c3a-fc7d-44c6-8a42-e139c969cf40) The error does indicate I have run out of ports, but I have set ports limit for the current tenant (which is admin) to 100, and currently there are only 12 ports in use. Can someone point outor help me in identifying which limit I am hitting here. [root@localhost ~(keystone_admin)]# neutron port-list +--+--+---++ | id | name | mac_address | fixed_ips | +--+--+---++ | 0056d43b-5f9d-4562-b34a-8db655be5ddd | | fa:16:3e:74:fb:33 | {subnet_id: 14d4b197-1121-4a4b-80b3-b8d80115f734, ip_address: xxx.xxx.xxx.148} | | 057fabd8-1856-454d-a183-5fe64845fdd7 | | fa:16:3e:87:85:d7 | {subnet_id: 14d4b197-1121-4a4b-80b3-b8d80115f734, ip_address: xxx.xxx.xxx.149} | | 1199a31c-2437-406c-a1fa-807403a2e2f1 | | fa:16:3e:49:ad:e0 | {subnet_id: b7eeae38-682a-4397-8b3c-e3dee88527ab, ip_address: 10.0.0.46} | | 2bb0e6f2-d41b-474c-8386-bcaa254f253f | | fa:16:3e:81:5a:e8 | {subnet_id: b7eeae38-682a-4397-8b3c-e3dee88527ab, ip_address: 10.0.0.45} | | 6289f221-fe11-4674-b0f9-4ad47a4603f8 | | fa:16:3e:57:72:13 | {subnet_id: b7eeae38-682a-4397-8b3c-e3dee88527ab, ip_address: 10.0.0.44} | | 6425fa7a-6c34-44a3-a4ec-1425e7bd338e | | fa:16:3e:fe:8a:a5 | {subnet_id: b7eeae38-682a-4397-8b3c-e3dee88527ab, ip_address: 10.0.0.1}| | 808afd72-3d82-41ae-bed2-acc3d3398af9 | | fa:16:3e:6f:92:12 | {subnet_id: b7eeae38-682a-4397-8b3c-e3dee88527ab, ip_address: 10.0.0.3}| | af83d9c6-f8ef-485f-b2d5-6568d14c6146 | | fa:16:3e:6b:16:54 | {subnet_id: b7eeae38-682a-4397-8b3c-e3dee88527ab, ip_address: 10.0.0.42} | | b1b2d34f-0b90-4a8e-b13d-5e1005f176f4 | | fa:16:3e:03:cc:c9 | {subnet_id: b7eeae38-682a-4397-8b3c-e3dee88527ab, ip_address: 10.0.0.47} | | bd688b2e-a990-44e6-96e1-4c547936b403 | | fa:16:3e:c0:51:67 | {subnet_id: 14d4b197-1121-4a4b-80b3-b8d80115f734, ip_address: xxx.xxx.xxx.147} | | c9dc3d20-8767-4197-b424-e8ebed58d890 | | fa:16:3e:25:74:b1 | {subnet_id: 14d4b197-1121-4a4b-80b3-b8d80115f734, ip_address: xxx.xxx.xxx.150} | | db40d356-efce-4b1f-9ada-987496497220 | | fa:16:3e:3d:04:47 | {subnet_id: b7eeae38-682a-4397-8b3c-e3dee88527ab, ip_address: 10.0.0.7}| +--+--+---++ Regards, Vimal ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] [OSSG][OSSN] Session-fixation vulnerability in Horizon when using the default signed cookie sessions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Session-fixation vulnerability in Horizon when using the default signed cookie sessions - --- ### Summary ### The default setting in Horizon is to use signed cookies to store session state on the client side. This creates the possibility that if an attacker is able to capture a user's cookie, they may perform all actions as that user, even if the user has logged out. ### Affected Services / Software ### Horizon, Folsom, Grizzly, Havana, Icehouse ### Discussion ### When configured to use client side sessions, the server isn't aware of the user's login state. The OpenStack authorization tokens are stored in the session ID in the cookie. If an attacker can steal the cookie, they can perform all actions as the target user, even after the user has logged out. There are several ways attackers can steal the cookie. One example is by intercepting it over the wire if Horizon is not configured to use SSL. The attacker may also access the cookie from the filesystem if they have access to the machine. There are also other ways to steal cookies that are beyond the scope of this note. By enabling a server side session tracking solution such as memcache, the session is terminated when the user logs out. This prevents an attacker from using cookies from terminated sessions. It should be noted that Horizon does request that Keystone invalidate the token upon user logout, but this has not been implemented for the Identity API v3. Token invalidation may also fail if the Keystone service is unavailable. Therefore, to ensure that sessions are not usable after the user logs out, it is recommended to use server side session tracking. ### Recommended Actions ### It is recommended that you configure Horizon to use a different session backend rather than signed cookies. One possible alternative is to use memcache sessions. To check if you are using signed cookies, look for this line in Horizon's local_settings.py - --- begin example local_settings.py snippet --- SESSION_ENGINE = 'django.contrib.sessions.backends.signed_cookies' - --- end example local_settings.py snippet --- If the SESSION_ENGINE is set to value other than 'django.contrib.sessions.backends.signed_cookies' this vulnerability is not present. If SESSION_ENGINE is not set in local_settings.py, check for it in settings.py. Here are the steps to configure memcache sessions: 1. Ensure the memcached service is running on your system 2. Ensure that python-memcached is installed 3. Configure memcached cache backend in local_settings.py - --- begin example local_settings.py snippet --- CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': '127.0.0.1:11211', } } - --- end example local_settings.py snippet --- Make sure to use the actual IP and port of the memcached service. 4. Add a line in local_settings.py to use the cache backend: - --- begin example local_settings.py snippet --- SESSION_ENGINE = 'django.contrib.sessions.backends.cache' - --- end example local_settings.py snippet --- 5. Restart Horizon's webserver service (typically 'apache2' or httpd') Furthermore, you should always enable SSL for Horizon to help mitigate such attack scenarios. Please note that regardless of which session backend is used, if the cookie is compromised, an attacker may assume all privileges of the user for as long as their session is valid. ### Contacts / References ### This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0017 Original LaunchPad Bug : https://bugs.launchpad.net/horizon/+bug/1327425 OpenStack Security ML : openstack-secur...@lists.openstack.org OpenStack Security Group : https://launchpad.net/~openstack-ossg Further discussion of the issue: http://www.pabloendres.com/horizon-and-cookies/#comment-115 Django docs: https://docs.djangoproject.com/en/1.6/ref/settings/ https://docs.djangoproject.com/en/1.6/topics/http/sessions/#configuring-sessions -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTpFQ4AAoJEJa+6E7Ri+EVTVkH/2MAqbkgcp6q/GeNZF7lM/nP DmfplVTWMVZE3cB42mr8Murbec567qzLc+yK7Ayoch8cDG02dbIRBxDzfzLPqTqX GVnubuom39f6SC2vW5JIexFfIZusw2hbZPDhcoRdg7l0uOj7FIg4Q5LhTegseHcm DPGHV1U1aHKGioFVc1c8qZMz0C7uSR0Zj877U9iVlEmeenOklQ1mQ+RXLhNXPJyh Tmwubb8RTBzsUcXUzQX0toWjPBc0BfY7Q/5PYEvOGZr7Y44iu8Sd0qYkeWmXXMDv iDIG5wtPWw91l2W8Q/vfEPJQL2d+HEn26JsVM/kZG3Oa1N/jDyRVmOR0/5qPSKA= =VQjW -END PGP SIGNATURE- ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Unable to run VNC due to consoleauth failing
Also, I get this error in Console of Google Chrome if that helps. New state 'failed', was 'ProtocolVersion'. Msg: Failed to connect to server (code: 1006) util.js:111 Util.Errorutil.js:111 RFB.updateStaterfb.js:430 RFB.failrfb.js:520 (anonymous function)rfb.js:250 websocket.onclose And, I don't have any iptables configured. On Fri, Jun 20, 2014 at 8:45 PM, Abhijeet Rastogi abhijeet.1...@gmail.com wrote: Hi everyone, I did a new installation of icehouse using the community puppet modules. I can spawn all the instaces perfectly but I can't get the VNC to work. The auth token that I get from nova get-vnc-console command is invalid. In the /var/log/nova/consoleauth.log logs, I see, 2014-06-20 14:57:32.191 16413 AUDIT nova.consoleauth.manager [req-74cc0ef5-a351-42aa-91d0-20e43406bdfe 75163482f69e4f08b6b6b979dd119d38 36a2a12555fd43a393b2be77411a87c7] Received Token: 75f20d26 -c900-47a2-9a05-6f8c7e9f581a, {'instance_uuid': u'd5294870-eb75-4233-8118-1c376d03a10b', 'internal_access_path': None, 'last_activity_at': 1403276252.18894, 'console_type': u'novnc', 'host': u'compute-node-ip', 'token': u'75f20d26-c900-47a2-9a05-6f8c7e9f581a', 'port': u'5900'} 2014-06-20 14:57:32.197 16413 INFO oslo.messaging._drivers.impl_qpid [-] Connected to AMQP server on controller-1:5672 2014-06-20 14:57:37.879 16413 AUDIT nova.consoleauth.manager [req-ba54c44b-c536-4155-b4e7-c06a4a46e5e3 None None] Checking Token: 75f20d26-c900-47a2-9a05-6f8c7e9f581a, False And in the novncproxy logs, I see: WebSocket server settings: - Listen on controller-1:6080 - Flash security policy server - Web server. Web root: /usr/share/novnc - No SSL/TLS support (no cert file) - proxying from controller-1:6080 to ignore:ignore 3: 172.16.26.59: Plain non-SSL (ws://) WebSocket connection 3: 172.16.26.59: Version hybi-13, base64: 'True' 3: 172.16.26.59: Path: '/websockify' 3: handler exception: Invalid Token 4: 172.16.26.59: ignoring socket not ready 2: 172.16.26.59: ignoring empty handshake So, it clearly means that novncproxy refuses to serve the connection due to getting a wrong token as verified by consoleauth daemon. Can anyone help me with tracking down the issue? What can be wrong? Thanks a lot in advance. -- Cheers, Abhijeet Rastogi (shadyabhi) -- Cheers, Abhijeet Rastogi (shadyabhi) ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] [OpenStack] Unable to attach a new interface to vm
Debugging further, I see the below entries in /var/log/neutron/openvswitch-agent.log: 2014-06-20 11:08:02.954 5410 INFO neutron.api.v2.resource [-] create failed (client error): No more IP addresses available on network 31956556-c540-4676-9cd4-e618a4f93fc8. 2014-06-20 11:08:02.955 5410 INFO neutron.wsgi [-] xxx.xxx.xxx.xxx - - [20/Jun/2014 11:08:02] POST /v2.0/ports.json HTTP/1.1 409 360 0.117780 The network mentioned in the error log is a public network, and all ips from that range has been assigned to vms already. [root@localhost ~(keystone_admin)]# neutron net-list +--+-+-+ | id | name| subnets | +--+-+-+ | 09c8da8e-79d7-49e1-9af8-c2a13a032040 | private | b7eeae38-682a-4397-8b3c-e3dee88527ab 10.0.0.0/24| | 31956556-c540-4676-9cd4-e618a4f93fc8 | public | 14d4b197-1121-4a4b-80b3-b8d80115f734 173.xxx.xxx.144/29 | +--+-+-+ However, shouldn't Openstack only care about the private network, and assign a private ip and bring up the interface? Also, how do I go about adding another public range which is already routed to this Openstack server's public eth device? I tried to add the second public ip range as another subnet inside net public (which in turn should make Openstack realize that free ips are available) but it still fails with the same error, and eth1 is not yet being created on the vm. Please assist. On Fri, Jun 20, 2014 at 8:38 PM, Vimal Kumar vimal7...@gmail.com wrote: Hi all, I am running IceHouse (RDO) and currently unable to attach a new interface to a vm. [root@localhost ~(keystone_admin)]# nova interface-attach myvm1 ERROR: PortLimitExceeded_Remote: Maximum number of ports exceeded Traceback (most recent call last): File /usr/lib/python2.6/site-packages/oslo/messaging/rpc/dispatcher.py, line 133, in _dispatch_and_reply incoming.message)) File /usr/lib/python2.6/site-packages/oslo/messaging/rpc/dispatcher.py, line 176, in _dispatch return self._do_dispatch(endpoint, method, ctxt, args) File /usr/lib/python2.6/site-packages/oslo/messaging/rpc/dispatcher.py, line 122, in _do_dispatch result = getattr(endpoint, method)(ctxt, **new_args) File /usr/lib/python2.6/site-packages/nova/compute/manager.py, line 399, in decorated_function return function(self, context, *args, **kwargs) File /usr/lib/python2.6/site-packages/nova/compute/manager.py, line 4345, in attach_interface context, instance, port_id, network_id, requested_ip) File /usr/lib/python2.6/site-packages/nova/network/neutronv2/api.py, line 440, in allocate_port_for_instance requested_networks=[(network_id, requested_ip, port_id)]) File /usr/lib/python2.6/site-packages/nova/network/neutronv2/api.py, line 361, in allocate_for_instance LOG.exception(msg, port_id) File /usr/lib/python2.6/site-packages/nova/openstack/common/excutils.py, line 68, in __exit__ six.reraise(self.type_, self.value, self.tb) File /usr/lib/python2.6/site-packages/nova/network/neutronv2/api.py, line 336, in allocate_for_instance security_group_ids, available_macs, dhcp_opts) File /usr/lib/python2.6/site-packages/nova/network/neutronv2/api.py, line 192, in _create_port raise exception.PortLimitExceeded() PortLimitExceeded: Maximum number of ports exceeded (HTTP 413) (Request-ID: req-296d6c3a-fc7d-44c6-8a42-e139c969cf40) The error does indicate I have run out of ports, but I have set ports limit for the current tenant (which is admin) to 100, and currently there are only 12 ports in use. Can someone point outor help me in identifying which limit I am hitting here. [root@localhost ~(keystone_admin)]# neutron port-list +--+--+---++ | id | name | mac_address | fixed_ips | +--+--+---++ | 0056d43b-5f9d-4562-b34a-8db655be5ddd | | fa:16:3e:74:fb:33 | {subnet_id: 14d4b197-1121-4a4b-80b3-b8d80115f734, ip_address: xxx.xxx.xxx.148} | | 057fabd8-1856-454d-a183-5fe64845fdd7 | | fa:16:3e:87:85:d7 | {subnet_id: 14d4b197-1121-4a4b-80b3-b8d80115f734, ip_address: xxx.xxx.xxx.149} | | 1199a31c-2437-406c-a1fa-807403a2e2f1 | | fa:16:3e:49:ad:e0 | {subnet_id: b7eeae38-682a-4397-8b3c-e3dee88527ab, ip_address: 10.0.0.46} | | 2bb0e6f2-d41b-474c-8386-bcaa254f253f | | fa:16:3e:81:5a:e8 | {subnet_id:
[Openstack] FIXED_RANGE and FLOATING_RANGE for simple localrc for DevStack
Suppose I want a simple localrc to use with DevStack on a machine that has a single NIC and is using IPv4 address 10.10.0.42 and netmask 255.255.0.0, and I know addresses 10.10.1.0--10.10.255.254 are unused. What would be reasonable working choices for FIXED_RANGE and FLOATING_RANGE? Thanks, Mike ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] ML2 Plugin and vif_type=binding_failed
Hi Mark, thanks for answering. I already have done this, same error logs. I cannot imagine what is wrong with my files: compute node config https://gist.github.com/raphapr/8e7896a738c6f6e6d27d neutron node config https://gist.github.com/raphapr/a9e804f40d3336d7db7f controller node config https://gist.github.com/raphapr/c46382554f733d0c1de1 can you help me? 2014-06-20 2:50 GMT-03:00 Mark Kirkwood mark.kirkw...@catalyst.net.nz: He did this: $ cat /etc/neutron/neutron.conf ... [database] # set in plugin #connection = $ cat /etc/neutron/plugins/ml2/ml2_conf.ini ... [database] connection = mysql://neutron:password@127.0.0.1/neutron Then (re)initialize the various db structures and restart all neutron daemons: $ neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head On 20/06/14 15:49, Raphael Ribeiro wrote: Hi Heiko, what was wrong with the ml2 config? Can you post here? I'm having the same problem,. Thanks! 2014-06-17 9:51 GMT-03:00 Heiko Krämer hkrae...@anynines.com: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Akesh, you're right on the controller host was the ml2 config not correct -.- my false. In addition in the ml2_conf need to be the database connection informations like in ovs. It's running now :) Thanks again. Cheers Heiko On 17.06.2014 12:31, Akash Gunjal wrote: Hi, This error occurs when the config is wrong wither on controller or the compute. Check the ml2_conf.ini on controller and ovs_plugin.ini on the compute. Regards, Akash From: Heiko Krämer hkrae...@anynines.com To:Akilesh K akilesh1...@gmail.com, Cc: openstack@lists.openstack.org openstack@lists.openstack.org Date: 06/17/2014 03:56 PM Subject: Re: [Openstack] ML2 Plugin and vif_type=binding_failed Hi Akilesh, i see this warn on neutron-server 2014-06-17 10:14:20.283 24642 WARNING neutron.plugins.ml2.managers [req-d23b58ce-3389-4af5-bdd2-a78bd7cec507 None] Failed to bind port f71d7e0e-8955-4784-83aa-c23bf1b16f4f on host nettesting.hydranodes.de if i restart ovs-agent on network node i see this one: 2014-06-17 09:28:26.029 31369 ERROR neutron.agent.linux.ovsdb_monitor [-] Error received from ovsdb monitor: 2014-06-17T09:28:26Z|1|fatal_signal|WARN|terminating with signal 15 (Terminated) 2014-06-17 09:28:29.275 31870 WARNING neutron.plugins.openvswitch.agent.ovs_neutron_agent [-] Device f71d7e0e-8955-4784-83aa-c23bf1b16f4f not defined on plugin 2014-06-17 09:28:29.504 31870 WARNING neutron.plugins.openvswitch.agent.ovs_neutron_agent [-] Device 39bb4ba0-3d37-4ffe-9c81-073807f8971a not defined on plugin same on comp host if i restart ovs agent: 2014-06-17 09:28:44.446 25476 ERROR neutron.agent.linux.ovsdb_monitor [-] Error received from ovsdb monitor: 2014-06-17T09:28:44Z|1|fatal_signal|WARN|terminating with signal 15 (Terminated) but ovs seems to be correct: ##Compute## 7bbe81f3-79fa-4efa-b0eb-76addb57675c Bridge br-tun Port gre-64141401 Interface gre-64141401 type: gre options: {in_key=flow, local_ip=100.20.20.2, out_key=flow, remote_ip=100.20.20.1} Port patch-int Interface patch-int type: patch options: {peer=patch-tun} Port br-tun Interface br-tun type: internal Bridge br-int Port br-int Interface br-int type: internal Port patch-tun Interface patch-tun type: patch options: {peer=patch-int} ovs_version: 2.0.1 ### Network node### a40d7fc6-b0f0-4d55-98fc-c02cc7227d6c Bridge br-ex Port br-ex Interface br-ex type: internal Bridge br-tun Port gre-64141402 Interface gre-64141402 type: gre options: {in_key=flow, local_ip=100.20.20.1, out_key=flow, remote_ip=100.20.20.2} Port patch-int Interface patch-int type: patch options: {peer=patch-tun} Port br-tun Interface br-tun type: internal Bridge br-int Port int-br-int Interface int-br-int Port tapf71d7e0e-89 tag: 4095 Interface tapf71d7e0e-89 type: internal Port br-int Interface br-int type: internal Port patch-tun Interface patch-tun type: patch options: {peer=patch-int} Port qr-39bb4ba0-3d tag: 4095 Interface qr-39bb4ba0-3d type: internal Port phy-br-int Interface phy-br-int ovs_version: 2.0.1 I see this one in my neutron DB: neutron=# select * from ml2_port_bindings ; port_id | host | vif_type| driver | segment | vnic_type | vif_details | profile - --+- -+++-+---+-- ---+- 39bb4ba0-3d37-4ffe-9c81-073807f8971a | nettesting.hydranodes.de | binding_failed || | normal| | {} f71d7e0e-8955-4784-83aa-c23bf1b16f4f | nettesting.hydranodes.de | binding_failed || | normal| | {} is that maybe the problem ? Cheers Heiko On 17.06.2014 12:08, Akilesh K wrote: File looks good except that [agent] section is not needed. Can you reply with some log from
[Openstack] struggling with neutron inside VM
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi everybody, I'm having a heck of a time trying to get my own setup going. I've got as far as having all the components installed and 'openstack-status' reporting things as expected. The setup in using CentOS 6 VM with RDO IceHouse repo (I'm test-driving here, so doing everything within VM). Ansible playbook used to setup environment is here: https://github.com/droopy4096/openstack-ng/tree/multinode (it is heavily based on online docs for Fedora/RHEL/CentOS manuals, so using ml2 for neutron etc.) When trying to spawn VM I get the error: http://pastebin.com/n0pvzy3Q Setup is vanilla from above playbook with several additions: $ PRIVATE_NET_ID=`neutron net-create private | awk '/ id / { print $4 }'` $ PRIVATE_SUBNET1_ID=`neutron subnet-create --name private-subnet1 $PRIVATE_NET_ID 10.0.0.0/24 | awk '/ id / { print $4 }'` $ glance image-create --name cirros --container-format bare - --disk-format qcow2 --file /tmp/images/cirros-0.3.2-x86_64-disk.img - --is-public True Was I supposed to tune something specific to VM? (already added cpu_mode=none and virt_type=qemu. Am I having trouble because my bridge br-int is not set up completely (I didn't add any interfaces to it)? I found https://bugs.launchpad.net/neutron/+bug/1244255 but am unsure whether it is relevant in my case). Also I have had to change core_plugin and service_plugin to fully qualified names as my DB init was failing (see https://github.com/droopy4096/openstack-ng/blob/multinode/roles/neutron-controller/templates/neutron.conf.j2 ) I am also seeing Timeouts in agent logs (dhcp, l3, metadata): 2014-06-20 06:32:52.305 1673 TRACE neutron.agent.dhcp_agent File /usr/lib/python2.6/site-packages/neutron/agent/dhcp_agent.py, line 564, in _report_state 2014-06-20 06:32:52.305 1673 TRACE neutron.agent.dhcp_agent self.state_rpc.report_state(ctx, self.agent_state, self.use_call) 2014-06-20 06:32:52.305 1673 TRACE neutron.agent.dhcp_agent File /usr/lib/python2.6/site-packages/neutron/agent/rpc.py, line 72, in report_state 2014-06-20 06:32:52.305 1673 TRACE neutron.agent.dhcp_agent return self.call(context, msg, topic=self.topic) 2014-06-20 06:32:52.305 1673 TRACE neutron.agent.dhcp_agent File /usr/lib/python2.6/site-packages/neutron/openstack/common/rpc/proxy.py, line 129, in call 2014-06-20 06:32:52.305 1673 TRACE neutron.agent.dhcp_agent exc.info, real_topic, msg.get('method')) 2014-06-20 06:32:52.305 1673 TRACE neutron.agent.dhcp_agent Timeout: Timeout while waiting on RPC response - topic: q-plugin, RPC method: report_state info: unknown 2014-06-20 06:32:52.305 1673 TRACE neutron.agent.dhcp_agent -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iD8DBQFTpIQZyDrVuGfS98QRAo9dAKDG8s5in072VRcvQwOz6V9yVGA7tgCgxqj7 T0mMvG9kKGRfg9VPo2MOBJk= =1mWA -END PGP SIGNATURE- -- This communication is intended for the use of the recipient to whom it is addressed, and may contain confidential, personal, and or privileged information. Please contact us immediately if you are not the intended recipient of this communication, and do not copy, distribute, or take action relying on it. Any communications received in error, or subsequent reply, should be deleted or destroyed. --- ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] ML2 Plugin and vif_type=binding_failed
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/20/2014 12:23 PM, Raphael Ribeiro wrote: Hi Mark, thanks for answering. I already have done this, same error logs. I cannot imagine what is wrong with my files: compute node config https://gist.github.com/raphapr/8e7896a738c6f6e6d27d neutron node config https://gist.github.com/raphapr/a9e804f40d3336d7db7f controller node config https://gist.github.com/raphapr/c46382554f733d0c1de1 can you help me? your gists seem to have stock keystone entries, unless you do have a host named 'controller' - there's your first thing to tackle. Otherwise it seems like I'm facing exact same issue, after (what I think) I followed manual for RedHat distros almost to the letter. -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iD8DBQFTpIaSyDrVuGfS98QRAmWjAKCG6h2cpbeN0Q5kO9gWQIkduXfrdwCgujC3 DNiUtgTEDkssWaoNRz22XjE= =ilAK -END PGP SIGNATURE- -- This communication is intended for the use of the recipient to whom it is addressed, and may contain confidential, personal, and or privileged information. Please contact us immediately if you are not the intended recipient of this communication, and do not copy, distribute, or take action relying on it. Any communications received in error, or subsequent reply, should be deleted or destroyed. --- ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] OpenStackclient 0.4.0 release
OpenStackClient 0.4.0 has been released to PyPI. This release consists of a number of new commands and bug fixes. As of this release we feel it is ready for general consumption for the Compute, Identity, Image and Volume APIs. The commands for these APIs should be considered to be in their final form, although until the 1.0 release there is still the possibility of fixes/adjustments, particularly to command options. We will begin to observe a deprecation cycle to allow some time for adjustment. python-openstackclient can be installed from the following locations: PyPI: https://pypi.python.org/pypi/python-openstackclient OpenStack tarball: http://tarballs.openstack.org/python-openstackclient/python-openstackclient-0.4.0.tar.gz Release Highlights * Identity v2: rename 'token create' to 'token issue' and add 'token revoke' * Identity v3: rework the group/user/role list commands so each only lists its own data type; to get a list of the groups that user Xyzzy belongs to you would use 'group list –user Xyzzy'. * Identity v3: add new 'role assignment list' command add new 'extension list' command to list the available API extensions, currently supports the Identity API * Compute v2: rename 'agent' object to 'compute agent': 'compute agent list' * Identity v3: add 'identity provider create/delete/list/set/show' commands * Image v1: add –volume and –force to 'image create' * Volume v1: change –volume-type options for 'volume create' to –type fix quiet/verbose/debug output levels to be more consistent with other programs dt -- Dean Troyer dtro...@gmail.com ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack