date:20130816

I'd like to propose Alex Gaynor for core status on the requirements project.

Alex is a core Python and PyPy developer, has strong ties throughout the
wider Python community, and has been watching and reviewing requirements
changes for a little while now. I think it would be extremely helpful to
have him on the team.

Doug
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] proposing Alex Gaynor for core on openstack/requirements

2013-08-16 Thread Mark McClain

+1

mark

On Aug 16, 2013, at 11:04 AM, Doug Hellmann doug.hellm...@dreamhost.com wrote:

 I'd like to propose Alex Gaynor for core status on the requirements project.
 
 Alex is a core Python and PyPy developer, has strong ties throughout the 
 wider Python community, and has been watching and reviewing requirements 
 changes for a little while now. I think it would be extremely helpful to have 
 him on the team.
 
 Doug
 
 ___
 OpenStack-dev mailing list
 OpenStack-dev@lists.openstack.org
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

[openstack-dev] [savanna] Savanna incubation intention

2013-08-16 Thread Sergey Lukjanov

Hi folks,

I’m glad to announce Savanna intention to apply for the incubation during
Icehouse release. In this email I would like to provide an update on our
current status and nearest plans and, as well as start the conversation to
solicit the feedback on Savanna from the community.

Let’s start with the current state of Savanna project. All our code and
bugs/specs are hosted at OpenStack Gerrit and Launchpad correspondingly. Unit
tests and all pep8/hacking checks are run at OpenStack Jenkins and we have
integration tests running at our own Jenkins server for each patch set. We have
great Sphinx-based docs published at readthedocs - http://savanna.rtfd.org, it
consists of dev, admin and user guides and descriptions of REST API, plugins
SPI and etc. Savanna is integrated with Nova, Keystone, Glance, Cinder and
Swift now, and we already using diskimage-builder to create a prebuilt images
for Hadoop clusters.

We have an amazing team working on Savanna - about twenty engineers from
Mirantis, Red Hat and Hortonworks (according to authors git stat). We have been
holding weekly IRC meetings for the last 6 months and discussing architectural
questions there and in openstack mailing lists as well. As for the code
reviews, we’ve established the same approach as other OpenStack projects.
Change requests cannot be merged without the review from the main contributors
for the corresponding component and this ensures high standard for all code
that lands in master.

Currently we are actively working on two main directions - Elastic Data
Processing (https://wiki.openstack.org/wiki/Savanna/EDP) and scalable
architecture. Our next major 0.3 release is planned for October timeframe and
will be based on OpenStack Havana codebase. It will contain basic EDP
functionality, Savanna distributed design, Neutron support and, of course,
updated OpenStack Dashboard plugin with all new features.

Let’s take a look at our future plans. We would like to integrate with other
OpenStack components, such as Heat and Ceilometer and to adjust our release
cycle in Icehouse. Code hardening, useful CLI implementation and enhanced
functionality of EDP are also the things to be done and pay attention for.

So you are welcome to comment and leave your feedback on how to make Savanna
better and become the integrated project.

Thank you!

P.S. Some links:
http://wiki.openstack.org/wiki/Savanna
http://wiki.openstack.org/wiki/Savanna/Roadmap
https://launchpad.net/savanna
https://savanna.readthedocs.org
https://wiki.openstack.org/wiki/Meetings/SavannaAgenda
review stats:
http://jenkins.savanna.mirantis.com/view/Infra/job/savanna-reviewstats/Savanna_Review_Stats/index.html

Sincerely yours,
Sergey Lukjanov
Savanna Technical Lead
Mirantis Inc.

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] proposing Alex Gaynor for core on openstack/requirements

2013-08-16 Thread Russell Bryant

On 08/16/2013 11:04 AM, Doug Hellmann wrote:
 I'd like to propose Alex Gaynor for core status on the requirements project.
 
 Alex is a core Python and PyPy developer, has strong ties throughout the
 wider Python community, and has been watching and reviewing requirements
 changes for a little while now. I think it would be extremely helpful to
 have him on the team.

Sounds like a great addition to me.  +1 from me, fwiw

-- 
Russell Bryant

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] proposing Alex Gaynor for core on openstack/requirements

+1

On 08/16/2013 11:04 AM, Doug Hellmann wrote:
 I'd like to propose Alex Gaynor for core status on the requirements project.
 
 Alex is a core Python and PyPy developer, has strong ties throughout the
 wider Python community, and has been watching and reviewing requirements
 changes for a little while now. I think it would be extremely helpful to
 have him on the team.
 
 Doug
 
 
 
 ___
 OpenStack-dev mailing list
 OpenStack-dev@lists.openstack.org
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
 

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

[openstack-dev] [keystone] Help consuming trusts

2013-08-16 Thread Steven Hardy

Hi,

I'm looking for help, ideally some code or curl examples, figuring out why
I can't consume trusts in the manner specified in the documentation:

https://github.com/openstack/identity-api/blob/master/openstack-identity-api/v3/src/markdown/identity-api-v3-os-trust-ext.md

I've been working on getting Heat integrated with the trusts functionality,
and the first step was to add keystoneclient support:

https://review.openstack.org/#/c/39899/

All works fine in terms of the actual operations on the OS-TRUST path, I
can create, list, get, delete trusts with no issues.

However I'm strugging to actually *use* the trust, i.e obtain a
trust-scoped token using the trust ID, I always seem to get the opaque
Authorization failed. The request you have made requires authentication.
message, despite the requests on authentication looking as per the API docs.

Are there any curl examples or test code I can refer to?

Thanks,

Steve

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Heat] How the autoscale API should control scaling in Heat

2013-08-16 Thread Christopher Armstrong

On Thu, Aug 15, 2013 at 6:39 PM, Randall Burt randall.b...@rackspace.comwrote:


 On Aug 15, 2013, at 6:20 PM, Angus Salkeld asalk...@redhat.com wrote:

  On 15/08/13 17:50 -0500, Christopher Armstrong wrote:

  2. There should be a new custom-built API for doing exactly what the
  autoscaling service needs on an InstanceGroup, named something
 unashamedly
  specific -- like instance-group-adjust.
 
  Pros: It'll do exactly what it needs to do for this use case; very
 little
  state management in autoscale API; it lets Heat do all the orchestration
  and only give very specific delegation to the external autoscale API.
 
  Cons: The API grows an additional method for a specific use case.
 
  I like this one above:
  adjust(new_size, victim_list=['i1','i7'])
 
  So if you are reducing the new_size we look in the victim_list to
  choose those first. This should cover Clint's use case as well.
 
  -Angus

 We could just support victim_list=[1, 7], since these groups are
 collections of identical
 resources. Simple indexing should be sufficient, I would think.

 Perhaps separating the stimulus from the actions to take would let us
 design/build toward different policy implementations. Initially, we could
 have a HeatScalingPolicy that works with the signals that a scaling group
 can handle. When/if AS becomes an API outside of Heat, we can implement a
 fairly simple NovaScalingPolicy that includes the args to pass to nova boot.



I don't agree with using indices. I'd rather use the actual resource IDs.
For one, indices can change out from under you. Also, figuring out the
index of the instance you want to kill is probably an additional step most
of the time you actually care about destroying specific instances.



  3. the autoscaling API should update the Size Property of the
  InstanceGroup resource in the stack that it is placed in. This would
  require the ability to PATCH a specific piece of a template (an
 operation
  isomorphic to update-stack).

 I think a PATCH semantic for updates would be generally useful in terms of
 quality of life for API users. Not having to pass the complete state and
 param values for trivial updates would be quite nice regardless of its
 implications to AS.


Agreed.



-- 
IRC: radix
Christopher Armstrong
Rackspace
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] Proposal oslo.db lib



On 08/16/2013 09:52 AM, Boris Pavlovic wrote:
 Hi all, 
 
 We (OpenStack contributors) done a really huge and great work around DB
 code in Grizzly and Havana to unify it, put all common parts into
 oslo-incubator, fix bugs, improve handling of sqla exceptions, provide
 unique keys, and to use  this code in different projects instead of
 custom implementations. (well done!)
 
 oslo-incubator db code is already used by: Nova, Neutron, Cinder,
 Ironic, Ceilometer. 
 
 In this moment we finished work around Glance: 
 https://review.openstack.org/#/c/36207/
 
 And working around Heat and Keystone.
 
 So almost all projects use this code (or planing to use it)
 
 Probably it is the right time to start work around moving oslo.db code
 to separated lib.
 
 We (Roman, Viktor and me) will be glad to help to make oslo.db lib:
 
 E.g. Here are two drafts:
 1) oslo.db lib code: https://github.com/malor/oslo.db
 2) And here is this lib in action:
 https://review.openstack.org/#/c/42159/
 https://review.openstack..org/#/c/42159/

+1

Great job Boris!

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Glance] Replacing Glance DB code to Oslo DB code.



On 08/16/2013 09:31 AM, Victor Sergeyev wrote:
 Hello All.
 
 Glance cores (Mark Washenberger, Flavio Percoco, Iccha Sethi) have some
 questions about Oslo DB code, and why is it so important to use it
 instead of custom implementation and so on. As there were a lot of
 questions it was really hard to answer on all this questions in IRC. So
 we decided that mailing list is better place for such things.

There is another main point - which is at the last summit, we talked
about various legit database things that need to be done to support CD
and rolling deploys. The list is not small, and it's a task that's
important. Needing to implement it in all of the projects separately is
kind of an issue, whereas if the projects are all using the database the
same way, then the database team can engineer the same mechanisms for
doing rolling schema changes, and then operators can have a consistent
expectation when they're running a cloud.

 List of main questions:
 
 1. What includes oslo DB code?  
 2. Why is it safe to replace custom implementation by Oslo DB code? 
 3. Why oslo DB code is better than custom implementation?
 4. Why oslo DB code won’t slow up project development progress?
 5. What we are going actually to do in Glance?
 6. What is the current status?
 
 Answers:
 
 1. What includes oslo DB code?
 
 Currently Oslo code improves different aspects around DB:
 -- Work with SQLAlchemy models, engine and session
 -- Lot of tools for work with SQLAlchemy 
 -- Work with unique keys
 -- Base test case for work with database
 -- Test migrations against different backends
 -- Sync DB Models with actual schemas in DB (add test that they are
 equivalent)
 
 
 2. Why is it safe to replace custom implementation by Oslo DB code? 
 
 Oslo module, as base openstack module, takes care about code quality.
 Usually, common code more readable (most of flake8 checks enabled in
 Oslo) and have better test coverage.  Also it was tested in different
 use-cases (in production also) in an other projects so bugs in Oslo code
 were already fixed. So we can be sure, that we use high-quality code.
 
 
 3. Why oslo DB code is better than custom implementation?
 
 There are some arguments pro Oslo database code 
 
 -- common code collects useful features from different projects
 Different utils, for work with database, common test class, module for
 database migration, and  other features are already in Oslo db code.
 Patch on automatic retry db.api query if db connection lost on review at
 the moment. If we use Oslo db code we should not care, how to port these
 (and others - in the future) features to Glance - it will came to all
 projects automaticly when it will came to Oslo. 
 
 -- unified project work with database
 As it was already said,  It can help developers work with database in a
 same way in different projects. It’s useful if developer work with db in
 a few projects - he use same base things and got no surprises from them. 
 
 -- it’s will reduce time for running tests.
 Maybe it’s minor feature, but it’s also can be important. We can removed
 some tests for base `DB` classes (such as session, engines, etc)  and
 replaced for work with DB to mock calls.
 
 
 4. Why oslo DB code won’t slow up project development progress?
 
 Oslo code for work with database already in such projects as Nova,
 Neutron, Celiometer and Ironic. AFAIK, these projects development speed
 doesn’t decelerated (please fix me, If I’m wrong). Work with database
 level already improved and tested in Oslo project, so we can concentrate
 on work with project features. All features, that already came to oslo
 code will be available in Glance, but if you want to add some specific
 feature to project *just now* you will be able to do it in project code.
 
 
 5. What we are going actually to do in Glance?
 
 -- Improve test coverage of DB API layer
 We are going to increase test coverage of glance/db/sqlalchemy/api
 module and fix bugs, if found. 
 
 -- Run DB API tests on all backends
 -- Use Oslo migrations base test case for test migrations against
 different backends
 There are lot of different things in SQl backends. For example work with
 casting.
 In current SQLite we are able to store everything in column (with any
 type). Mysql will try to convert value to required type, and postgresql
 will raise IntegrityError. 
 If we will improve this feature, we will be sure, that all Glance DB
 migrations will run correctly on all backends.
 
 -- Use Oslo code for SA models, engine and session
 -- Use Oslo SA utils
 Using common code for work with database was already discussed and
 approved for all projects. So we are going to implement common code for
 work with database instead of Glance implementation.
 
 -- Fix work with session and transactions
 Our work items in Glance:
 - don't pass session instances to public DB methods
 - use explicit transactions only when necessary
 - fix incorrect usage of sessions throughout the DB-related code
 
 --

Re: [openstack-dev] Proposal oslo.db lib

2013-08-16 Thread Julien Danjou

On Fri, Aug 16 2013, Boris Pavlovic wrote:

 Thoughts?

Way to go.

-- 
Julien Danjou
/* Free Software hacker * freelance consultant
   http://julien.danjou.info */


signature.asc
Description: PGP signature
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Glance] Replacing Glance DB code to Oslo DB code.

2013-08-16 Thread Eric Windisch

On Fri, Aug 16, 2013 at 9:31 AM, Victor Sergeyev vserge...@mirantis.com wrote:
 Hello All.

 Glance cores (Mark Washenberger, Flavio Percoco, Iccha Sethi) have some
 questions about Oslo DB code, and why is it so important to use it instead
 of custom implementation and so on. As there were a lot of questions it was
 really hard to answer on all this questions in IRC. So we decided that
 mailing list is better place for such things.

 List of main questions:

 1. What includes oslo DB code?
 2. Why is it safe to replace custom implementation by Oslo DB code?

Just to head off these two really quick. The database code in Oslo as
initially submitted was actually based largely from that in Glance,
merging in some of the improvements made in Nova. There might have
been some divergence since then, but migrating over shouldn't be
terribly difficult. While it isn't necessary for Glance to switch
over, it would be somewhat ironic if it didn't.

The database code in Oslo primarily keeps base models and various
things we can easily share, reuse, and improve across projects. I
suppose a big part of this is the session management which has been
moved out of api.py and into its own module of session.py. This
session management code is probably what you'll most have to decide is
worthwhile bringing in and if Glance really has such unique
requirements that it needs to bother with maintaining this code on its
own.

-- 
Regards,
Eric Windisch

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] Reminder: Oslo project meeting

2013-08-16 Thread Mark McLoughlin

On Tue, 2013-08-13 at 22:09 +0100, Mark McLoughlin wrote:
 Hi
 
 We're having an IRC meeting on Friday to sync up again on the messaging
 work going on:
 
   https://wiki.openstack.org/wiki/Meetings/Oslo
   https://etherpad.openstack.org/HavanaOsloMessaging
 
 Feel free to add other topics to the wiki
 
 See you on #openstack-meeting at 1400 UTC

Logs here:

http://eavesdrop.openstack.org/meetings/oslo/2013/oslo.2013-08-16-14.00.html

Cheers,
Mark.


___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Glance] Replacing Glance DB code to Oslo DB code.

2013-08-16 Thread Flavio Percoco


On 16/08/13 11:42 -0400, Monty Taylor wrote:



On 08/16/2013 09:31 AM, Victor Sergeyev wrote:

Hello All.

Glance cores (Mark Washenberger, Flavio Percoco, Iccha Sethi) have some
questions about Oslo DB code, and why is it so important to use it
instead of custom implementation and so on. As there were a lot of
questions it was really hard to answer on all this questions in IRC. So
we decided that mailing list is better place for such things.


There is another main point - which is at the last summit, we talked
about various legit database things that need to be done to support CD
and rolling deploys. The list is not small, and it's a task that's
important. Needing to implement it in all of the projects separately is
kind of an issue, whereas if the projects are all using the database the
same way, then the database team can engineer the same mechanisms for
doing rolling schema changes, and then operators can have a consistent
expectation when they're running a cloud.




Just to be clear, AFAIK, the concerns were around how / when to migrate
Glance and not about why we should share database code.



List of main questions:

1. What includes oslo DB code?
2. Why is it safe to replace custom implementation by Oslo DB code?
3. Why oslo DB code is better than custom implementation?
4. Why oslo DB code won’t slow up project development progress?
5. What we are going actually to do in Glance?
6. What is the current status?

Answers:

1. What includes oslo DB code?

Currently Oslo code improves different aspects around DB:
-- Work with SQLAlchemy models, engine and session
-- Lot of tools for work with SQLAlchemy
-- Work with unique keys
-- Base test case for work with database
-- Test migrations against different backends
-- Sync DB Models with actual schemas in DB (add test that they are
equivalent)


2. Why is it safe to replace custom implementation by Oslo DB code?

Oslo module, as base openstack module, takes care about code quality.
Usually, common code more readable (most of flake8 checks enabled in
Oslo) and have better test coverage.  Also it was tested in different
use-cases (in production also) in an other projects so bugs in Oslo code
were already fixed. So we can be sure, that we use high-quality code.




This is the point I was most worried about - and I'm still are. The
migration to Oslo's db code started a bit late in Glance and no code
has been merged yet. As for Glance, there still seems to be a lot of
work ahead on this matter.


That being said, thanks a lot for the email and for explaining all
those details.
FF

--
@flaper87
Flavio Percoco

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] Code review study

2013-08-16 Thread Maru Newby


On Aug 16, 2013, at 2:12 AM, Robert Collins robe...@robertcollins.net wrote:

 On 16 August 2013 20:15, Maru Newby ma...@redhat.com wrote:
 
 This pattern has one slight issue, which is:
 
  • Do not assume the reviewer has access to external web services/site.
 In 6 months time when someone is on a train/plane/coach/beach/pub 
 troubleshooting a problem  browsing GIT history, there is no guarantee 
 they will have access to the online bug tracker, or online blueprint 
 documents. The great step forward with distributed SCM is that you no 
 longer need to be online to have access to all information about the code 
 repository. The commit message should be totally self-contained, to 
 maintain that benefit.
 
 I'm not sure I agree with this.  It can't be true in all cases, so it can 
 hardly be considered a rule.  A guideline, maybe - something to strive for.  
 But not all artifacts of the development process are amenable to being 
 stuffed into code or the commits associated with them.  A dvcs is great and 
 all, but unless one is working in a silo, online resources are all but 
 mandatory.
 
 In a very strict sense you're right, but consider that for anyone
 doing fast iterative development the need to go hit a website is a
 huge slowdown : at least in most of the world :).

You're suggesting that it's possible to do _fast_ iterative development on a 
distributed system of immense and largely undocumented complexity (like 
openstack)?  I'd like to be working on the code you're working on!  ;) 


m.

 
 So - while I agree that it's something to strive for, I think we
 should invert it and say 'not having everything in the repo is
 something we should permit occasional exceptions to'.
 
 -Rob
 
 -- 
 Robert Collins rbtcoll...@hp.com
 Distinguished Technologist
 HP Converged Cloud
 
 ___
 OpenStack-dev mailing list
 OpenStack-dev@lists.openstack.org
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] Proposal oslo.db lib


On 08/16/2013 09:52 AM, Boris Pavlovic wrote:

Hi all,

We (OpenStack contributors) done a really huge and great work around DB
code in Grizzly and Havana to unify it, put all common parts into
oslo-incubator, fix bugs, improve handling of sqla exceptions, provide
unique keys, and to use  this code in different projects instead of
custom implementations. (well done!)

oslo-incubator db code is already used by: Nova, Neutron, Cinder,
Ironic, Ceilometer.

In this moment we finished work around Glance:
https://review.openstack.org/#/c/36207/

And working around Heat and Keystone.

So almost all projects use this code (or planing to use it)

Probably it is the right time to start work around moving oslo.db code
to separated lib.

We (Roman, Viktor and me) will be glad to help to make oslo.db lib:

E.g. Here are two drafts:
1) oslo.db lib code: https://github.com/malor/oslo.db
2) And here is this lib in action: https://review.openstack.org/#/c/42159/


Thoughts?


++

Are you going to create a separate Launchpad project for the library and 
track bugs against it separately? Or are you going to use the oslo 
project in Launchpad for that?


Best,
-jay


___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [nova] live-snapshot/cloning of virtual machines

2013-08-16 Thread Vishvananda Ishaya

On Fri, Aug 16, 2013 at 3:05 AM, Daniel P. Berrange berra...@redhat.comwrote:

 On Wed, Aug 14, 2013 at 04:53:01PM -0700, Vishvananda Ishaya wrote:
  Hi Everyone,
 
  I have been trying for some time to get the code for the live-snapshot
 blueprint[1]
  in. Going through the review process for the rpc and interface code[2]
 was easy. I
  suspect the api-extension code[3] will also be relatively trivial to get
 in. The
  main concern is with the libvirt driver implementation[4]. I'd like to
 discuss the
  concerns and see if we can make some progress.
 
  Short Summary (tl;dr)
  =
 
  I propose we merge live-cloning as an experimental feature for havanna
 and have the
  api extension disabled by default.
 
  Overview
  
 
  First of all, let me express the value of live snapshoting. The slowest
 part of the
  vm provisioning process is generally booting of the OS. The advantage of
 live-
  snapshotting is that it allows the possibility of bringing up
 application servers
  while skipping the overhead of vm (and application startup).

 For Linux at least I think bootup time is a problem that is being solved
 by the
 distros. It is possible to boot up many modern Linux distros in a couple
 of seconds
 even in physical hardware - VMs can be even faster since they don't have
 such stupid
 BIOS to worry about  have a restricted set of possible hardware. This is
 on a par
 with, or better than, the overheads imposed by Nova itself in the boot up
 process.

 Windows may be a different story, but I've not used it in years so don't
 know what
 its boot performance is like.

  I recognize that this capability comes with some security concerns, so I
 don't expect
  this feature to go in and be ready to for use in production right away.
 Similarly,
  containers have a lot of the same benefit, but have had their own
 security issues
  which are gradually being resolved. My hope is that getting this feature
 in would
  allow people to start experimenting with live-booting so that we could
 uncover some
  of these security issues.
 
  There are two specific concerns that have been raised regarding my
 patch. The first
  concern is related to my use of libvirt. The second concern is related
 to the security
  issues above. Let me address them separately.
 
  1. Libvirt Issues
  =
 
  The only feature I require from the hypervisor is to load
 memory/processor state for
  a vm from a file. Qemu supports this directly. The only way that libvirt
 exposes this
  functionality is via its restore command which is specifically for
 restoring the
  previous state of an existing vm. Cloning, or restoring the memory
 state of a
  cloned vm is considered unsafe (which I will address in the second
 point, below).
 
  The result of the limited api is that I must include some hacks to make
 the restore
  command actually allow me to restore the state of the new vm. I
 recognize that this
  is using an undocumented libvirt api and isn't the ideal solution, but
 it seemed
  better then avoiding libvirt and talking directly to qemu.
 
  This is obviously not ideal. It is my hope that this 0.1 version of the
 feature will
  allow us to iteratively improve the live-snapshot/clone proccess and get
 the security
  to a point where the libvirt maintainers would be willing to accept a
 patch to directly
  expose an api to load memory from a file.

 To characterize this as a libvirt issue is somewhat misleading. The reason
 why libvirt
 does not explicitly allow this, is that from discussions with the upstream
 QEMU/KVM
 developers, the recommendation/advise that this is not a safe operation
 and should not
 be exposed to application developers.

 The expectation is that the functionality in QEMU is only targetted for
 taking point in
 time snapshots  allowing rollback of a VM to those snapshots, not
 creating clones of
 active VMs.


Thanks for the clarification here. I wasn't aware that this requirement
came from qemu
upstream.



  2. Security Concerns
  
 
  There are a number of security issues with loading state from another
 vm. Here is a
  short list of things that need to be done just to make a cloned vm
 usable:
 
  a) mac address needs to be recreated
  b) entropy pool needs to be reset
  c) host name must be reset
  d) host keys bust be regenerated
 
  There are others, and trying to clone a running application as well may
 expose other
  sensitive data, especially if users are snaphsoting vms and making them
 public.
 
  The only issue that I address on the driver side is the mac addresses.
 This is the
  minimum that needs to be done just to be able to access the vm over the
 network. This
  is implemented by unplugging all network devices before the snapshot and
 plugging new
  network devices in on clone. This isn't the most friendly thing to guest
 applications,
  but it seems like the safest option for the first version of this
 feature.

 This is not really as safe

Re: [openstack-dev] Migrating to testr parallel in tempest

2013-08-16 Thread Ben Nemec


On 2013-08-14 16:10, Matthew Treinish wrote:

On Wed, Aug 14, 2013 at 11:05:35AM -0500, Ben Nemec wrote:

On 2013-08-13 16:39, Clark Boylan wrote:
On Tue, Aug 13, 2013 at 1:25 PM, Matthew Treinish
mtrein...@kortar.org wrote:

Hi everyone,

So for the past month or so I've been working on getting tempest
to work stably
with testr in parallel. As part of this you may have noticed the
testr-full
jobs that get run on the zuul check queue. I was using that job
to debug some
of the more obvious race conditions and stability issues with
running tempest
in parallel. After a bunch of fixes to tempest and finding some
real bugs in
some of the projects things seem to have smoothed out.

So I pushed the testr-full run to the gate queue earlier today.
I'll be keeping
track of the success rate of this job vs the serial job and use
this as the
determining factor before we push this live to be the default
for all tempest
runs. So assuming that the success rate matches up well enough
with serial job
on the gate queue then I will push out the change that will
migrate all the
voting jobs to run in parallel hopefully either Friday afternoon
or early next
week. Also, if anyone has any input on what threshold they feel
is good enough
for this I'd welcome any input on that. For example, do we want
to ensure
a = 1:1 match for job success? Or would something like 90% as
stable as the
serial job be good enough considering the speed advantage. (The
parallel runs
take about half as much time as a full serial run, the parallel
job normally
finishes in ~25-30min) Since this affects almost every project I
don't want to
define this threshold without input from everyone.

After there is some more data for the gate queue's parallel job
I'll have some
pretty graphite graphs that I can share comparing the success
trends between
the parallel and serial jobs.

So at this point we're in the home stretch and I'm asking for
everyone's help
in getting this merged. So, if everyone who is reviewing and
pushing commits
could watch the results from these non-voting jobs and if things
fail on the
parallel job but not the serial job please investigate the
failure and open a
bug if necessary. If it turns out to be a bug in tempest please
link it against
this blueprint:

https://blueprints.launchpad.net/tempest/+spec/speed-up-tempest

so that I'll give it the attention it deserves. I'd hate to get
this close to
getting this merged and have a bit of racy code get merged at
the last second
and block us for another week or two.

I feel that we need to get this in before the H3 rush starts up
as it will help
everyone get through the extra review load faster.

Getting this in before the H3 rush would be very helpful. When we made
the switch with Nova's unittests we fixed as many of the test bugs
that we could find, merged the change to switch the test runner, then
treated all failures as very high priority bugs that received
immediate attention. Getting this in before H3 will give everyone a
little more time to debug any potential new issues exposed by Jenkins
or people running the tests locally.

I think we should be bold here and merge this as soon as we have good
numbers that indicate the trend is for these tests to pass. Graphite
can give us the pass to fail ratios over time, as long as these trends
are similar for both the old nosetest jobs and the new testr job I say
we go for it. (Disclaimer: most of the projecst I work on are not
affected by the tempest jobs; however, I am often called upon to help
sort out issues in the gate).

I'm inclined to agree.  It's not as if we don't have transient
failures now, and if we're looking at a 50% speedup in
recheck/verify times then as long as the new version isn't
significantly less stable it should be a net improvement.

Of course, without hard numbers we're kind of discussing in a vacuum
here.



I also would like to get this in sooner rather than later and fix the 
bugs as
they come in. But, I'm wary of doing this because there isn't a proven 
success
history yet. No one likes gate resets, and I've only been running it on 
the

gate queue for a day now.

So here is the graphite graph that I'm using to watch parallel vs 
serial in the

gate queue:
https://tinyurl.com/pdfz93l


Okay, so what are the y-axis units on this?  Because just guessing I 
would say that it's percentage of failing runs, in which case it looks 
like we're already within the 95% as accurate range (it never dips below 
-.05).  Am I reading it right?




On that graph the blue and yellow shows the number of jobs that 
succeeded
grouped together in per hour buckets. (yellow being parallel and blue 
serial)


Then the red line is showing failures, a horizontal bar means that 
there is no
difference in the number of failures between serial and parallel. When 
it dips
negative it is showing a failure in parallel that wasn't on serial a 
serial run
at the same time. When it goes positive it showing a failure on serial 
that
doesn't occur on

Re: [openstack-dev] Proposal oslo.db lib

2013-08-16 Thread Ben Nemec


On 2013-08-16 11:58, Jay Pipes wrote:

On 08/16/2013 09:52 AM, Boris Pavlovic wrote:

Hi all,

We (OpenStack contributors) done a really huge and great work around 
DB

code in Grizzly and Havana to unify it, put all common parts into
oslo-incubator, fix bugs, improve handling of sqla exceptions, provide
unique keys, and to use  this code in different projects instead of
custom implementations. (well done!)

oslo-incubator db code is already used by: Nova, Neutron, Cinder,
Ironic, Ceilometer.

In this moment we finished work around Glance:
https://review.openstack.org/#/c/36207/

And working around Heat and Keystone.

So almost all projects use this code (or planing to use it)

Probably it is the right time to start work around moving oslo.db code
to separated lib.

We (Roman, Viktor and me) will be glad to help to make oslo.db lib:

E.g. Here are two drafts:
1) oslo.db lib code: https://github.com/malor/oslo.db
2) And here is this lib in action: 
https://review.openstack.org/#/c/42159/



Thoughts?


++

Are you going to create a separate Launchpad project for the library
and track bugs against it separately? Or are you going to use the oslo
project in Launchpad for that?


At the moment all of the oslo.* projects are just grouped under the 
overall Oslo project in LP.  Unless there's a reason to do otherwise I 
would expect that to be true of oslo.db too.


-Ben

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Heat] as-update-policy implementation details

2013-08-16 Thread Zane Bitter


On 15/08/13 19:14, Chan, Winson C wrote:

I updated the implementation section of 
https://wiki.openstack.org/wiki/Heat/Blueprints/as-update-policy on instance 
naming to support UpdatePolicy where in the case of the LaunchConfiguration 
change, all the instances need to be replaced and to support 
MinInstancesInService, the handle_update should create new instances first 
before deleting old ones in a batch per MaxBatchSize (i.e., group capacity of 2 
with MaxBatchSize=2 and MinInstancesInService=2).  Please review as I may not 
understand the original motivation for the existing scheme in instance naming.  
Thanks.


Yeah, I don't think the naming is that important any more. Note that 
physical_resource_name() (i.e. the name used in Nova) now includes a 
randomised component on the end (stackname-resourcename-uniqueid).


So they'll probably look a bit like:

MyStack-MyASGroup--MyASGroup-1-

because the instances are now resources inside a nested stack (whose 
name is of the same form).


If we still were subclassing Instance in the autoscaling code to 
override other stuff, I'd suggest overriding physical-resource-name to 
return something like:


MyStack-MyASGroup-

(i.e. forget about numbering instances at all), but we're not 
subclassing any more, so I'm not sure if it's worth it.


cheers,
Zane.

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

[openstack-dev] Gate breakage process - Let's fix! (related but not specific to neutron)

2013-08-16 Thread Maru Newby

Neutron has been in and out of the gate for the better part of the past month, 
and it didn't slow the pace of development one bit.  Most Neutron developers 
kept on working as if nothing was wrong, blithely merging changes with no 
guarantees that they weren't introducing new breakage.  New bugs were indeed 
merged, greatly increasing the time and effort required to get Neutron back in 
the gate.  I don't think this is sustainable, and I'd like to make a suggestion 
for how to minimize the impact of gate breakage.

For the record, I don't think consistent gate breakage in one project should be 
allowed to hold up the development of other projects.  The current approach of 
skipping tests or otherwise making a given job non-voting for innocent projects 
should continue.  It is arguably worth taking the risk of relaxing gating for 
those innocent projects rather than halting development unnecessarily.

However, I don't think it is a good idea to relax a broken gate for the 
offending project.  So if a broken job/test is clearly Neutron related, it 
should continue to gate Neutron, effectively preventing merges until the 
problem is fixed.  This would both raise the visibility of breakage beyond the 
person responsible for fixing it, and prevent additional breakage from slipping 
past were the gating to be relaxed.

Thoughts?


m.





___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] Gate breakage process - Let's fix! (related but not specific to neutron)

2013-08-16 Thread Alex Gaynor

I'd strongly agree with that, a project must always be gated by any tests
for it, even if they don't gate for other projects. I'd also argue that any
time there's a non-gating test (for any project) it needs a formal
explanation of why it's not gating yet, what the plan to get it to gating
is, and on what timeframe it's expected to be.

Alex


On Fri, Aug 16, 2013 at 11:25 AM, Maru Newby ma...@redhat.com wrote:

 Neutron has been in and out of the gate for the better part of the past
 month, and it didn't slow the pace of development one bit.  Most Neutron
 developers kept on working as if nothing was wrong, blithely merging
 changes with no guarantees that they weren't introducing new breakage.  New
 bugs were indeed merged, greatly increasing the time and effort required to
 get Neutron back in the gate.  I don't think this is sustainable, and I'd
 like to make a suggestion for how to minimize the impact of gate breakage.

 For the record, I don't think consistent gate breakage in one project
 should be allowed to hold up the development of other projects.  The
 current approach of skipping tests or otherwise making a given job
 non-voting for innocent projects should continue.  It is arguably worth
 taking the risk of relaxing gating for those innocent projects rather than
 halting development unnecessarily.

 However, I don't think it is a good idea to relax a broken gate for the
 offending project.  So if a broken job/test is clearly Neutron related, it
 should continue to gate Neutron, effectively preventing merges until the
 problem is fixed.  This would both raise the visibility of breakage beyond
 the person responsible for fixing it, and prevent additional breakage from
 slipping past were the gating to be relaxed.

 Thoughts?


 m.





 ___
 OpenStack-dev mailing list
 OpenStack-dev@lists.openstack.org
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




-- 
I disapprove of what you say, but I will defend to the death your right to
say it. -- Evelyn Beatrice Hall (summarizing Voltaire)
The people's good is the highest law. -- Cicero
GPG Key fingerprint: 125F 5C67 DFE9 4084
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

[openstack-dev] Scheduler sub-group meeting on 8/20

2013-08-16 Thread Dugger, Donald D

Turns out I'll be traveling that day so won't be able to run the meeting.  If 
there's anyone who wants to volunteer to lead the meeting speak now, otherwise 
we can just cancel next week.

--
Don Dugger
Censeo Toto nos in Kansa esse decisse. - D. Gale
Ph: 303/443-3786



___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Glance] Replacing Glance DB code to Oslo DB code.

2013-08-16 Thread Mark Washenberger

I would prefer to pick and choose which parts of oslo common db code to
reuse in glance. Most parts there look great and very useful. However, some
parts seem like they would conflict with several goals we have.

1) To improve code sanity, we need to break away from the idea of having
one giant db api interface
2) We need to improve our position with respect to new, non SQL drivers
- mostly, we need to focus first on removing business logic (especially
authz) from database driver code
- we also need to break away from the strict functional interface,
because it limits our ability to express query filters and tends to lump
all filter handling for a given function into a single code block (which
ends up being defect-rich and confusing as hell to reimplement)
3) It is unfortunate, but I must admit that Glance's code in general is
pretty heavily coupled to the database code and in particular the schema.
Basically the only tool we have to manage that problem until we can fix it
is to try to be as careful as possible about how we change the db code and
schema. By importing another project, we lose some of that control. Also,
even with the copy-paste model for oslo incubator, code in oslo does have
some of its own reasons to change, so we could potentially end up in a
conflict where glance db migrations (which are operationally costly) have
to happen for reasons that don't really matter to glance.

So rather than framing this as glance needs to use oslo common db code, I
would appreciate framing it as glance database code should have features
X, Y, and Z, some of which it can get by using oslo code. Indeed, I
believe in IRC we discussed the idea of writing up a wiki listing these
feature improvements, which would allow a finer granularity for evaluation.
I really prefer that format because it feels more like planning and less
like debate :-)

 I have a few responses inline below.

On Fri, Aug 16, 2013 at 6:31 AM, Victor Sergeyev vserge...@mirantis.comwrote:

 Hello All.

 Glance cores (Mark Washenberger, Flavio Percoco, Iccha Sethi) have some
 questions about Oslo DB code, and why is it so important to use it instead
 of custom implementation and so on. As there were a lot of questions it was
 really hard to answer on all this questions in IRC. So we decided that
 mailing list is better place for such things.

 List of main questions:

 1. What includes oslo DB code?
 2. Why is it safe to replace custom implementation by Oslo DB code?
 3. Why oslo DB code is better than custom implementation?
 4. Why oslo DB code won’t slow up project development progress?
 5. What we are going actually to do in Glance?
 6. What is the current status?

 Answers:

 1. What includes oslo DB code?

 Currently Oslo code improves different aspects around DB:
 -- Work with SQLAlchemy models, engine and session
 -- Lot of tools for work with SQLAlchemy

-- Work with unique keys
 -- Base test case for work with database
 -- Test migrations against different backends
 -- Sync DB Models with actual schemas in DB (add test that they are
 equivalent)


 2. Why is it safe to replace custom implementation by Oslo DB code?

 Oslo module, as base openstack module, takes care about code quality.
 Usually, common code more readable (most of flake8 checks enabled in Oslo)
 and have better test coverage.  Also it was tested in different use-cases
 (in production also) in an other projects so bugs in Oslo code were already
 fixed. So we can be sure, that we use high-quality code.


Alas, while testing and static style analysis are important, they are not
the only relevant aspects of code quality. Architectural choices are also
relevant. The best reusable code places few requirements on the code that
reuses it architecturally--in some cases it may make sense to refactor oslo
db code so that glance can reuse the correct parts.




 3. Why oslo DB code is better than custom implementation?

 There are some arguments pro Oslo database code

 -- common code collects useful features from different projects
 Different utils, for work with database, common test class, module for
 database migration, and  other features are already in Oslo db code. Patch
 on automatic retry db.api query if db connection lost on review at the
 moment. If we use Oslo db code we should not care, how to port these (and
 others - in the future) features to Glance - it will came to all projects
 automaticly when it will came to Oslo.

 -- unified project work with database
 As it was already said,  It can help developers work with database in a
 same way in different projects. It’s useful if developer work with db in a
 few projects - he use same base things and got no surprises from them.


I'm not very motivated by this argument. I rarely find novelty that
challenging to understand when working with a project, personally. Usually
I'm much more stumped when code is heavily coupled to other modules or too
many responsibilities are lumped together in one module. In general,

Re: [openstack-dev] Gate breakage process - Let's fix! (related but not specific to neutron)



On 08/16/2013 02:25 PM, Maru Newby wrote:
 Neutron has been in and out of the gate for the better part of the
 past month, and it didn't slow the pace of development one bit.  Most
 Neutron developers kept on working as if nothing was wrong, blithely
 merging changes with no guarantees that they weren't introducing new
 breakage.  New bugs were indeed merged, greatly increasing the time
 and effort required to get Neutron back in the gate.  I don't think
 this is sustainable, and I'd like to make a suggestion for how to
 minimize the impact of gate breakage.
 
 For the record, I don't think consistent gate breakage in one project
 should be allowed to hold up the development of other projects.  The
 current approach of skipping tests or otherwise making a given job
 non-voting for innocent projects should continue.  It is arguably
 worth taking the risk of relaxing gating for those innocent projects
 rather than halting development unnecessarily.
 
 However, I don't think it is a good idea to relax a broken gate for
 the offending project.  So if a broken job/test is clearly Neutron
 related, it should continue to gate Neutron, effectively preventing
 merges until the problem is fixed.  This would both raise the
 visibility of breakage beyond the person responsible for fixing it,
 and prevent additional breakage from slipping past were the gating to
 be relaxed.

I do not know the exact implementation that would work here, but I do
think it's worth discussing further. Essentially, a neutron bug killing
the gate for a nova dev isn't necessarily going to help - because the
nova dev doesn't necessarily have the background to fix it.

I want to be very careful that we don't wind up with an assymetrical
gate though...

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] Gate breakage process - Let's fix! (related but not specific to neutron)

2013-08-16 Thread Clint Byrum

Excerpts from Maru Newby's message of 2013-08-16 11:25:07 -0700:
 Neutron has been in and out of the gate for the better part of the past 
 month, and it didn't slow the pace of development one bit.  Most Neutron 
 developers kept on working as if nothing was wrong, blithely merging changes 
 with no guarantees that they weren't introducing new breakage.  New bugs were 
 indeed merged, greatly increasing the time and effort required to get Neutron 
 back in the gate.  I don't think this is sustainable, and I'd like to make a 
 suggestion for how to minimize the impact of gate breakage.
 
 For the record, I don't think consistent gate breakage in one project should 
 be allowed to hold up the development of other projects.  The current 
 approach of skipping tests or otherwise making a given job non-voting for 
 innocent projects should continue.  It is arguably worth taking the risk of 
 relaxing gating for those innocent projects rather than halting development 
 unnecessarily.
 
 However, I don't think it is a good idea to relax a broken gate for the 
 offending project.  So if a broken job/test is clearly Neutron related, it 
 should continue to gate Neutron, effectively preventing merges until the 
 problem is fixed.  This would both raise the visibility of breakage beyond 
 the person responsible for fixing it, and prevent additional breakage from 
 slipping past were the gating to be relaxed.
 
 Thoughts?
 

I think this is a cultural problem related to the code review discussing
from earlier in the week.

We are not looking at finding a defect and reverting as a good thing where
high fives should be shared all around. Instead, you broke the gate
seems to mean you are a bad developer. I have been a bad actor here too,
getting frustrated with the gate-breaker and saying the wrong thing.

The problem really is you _broke_ the gate. It should be the gate has
found a defect, hooray!. It doesn't matter what causes the gate to stop,
it is _always_ a defect. Now, it is possible the defect is in tempest,
or jenkins, or HP/Rackspace's clouds where the tests run. But it is
always a defect that what worked before, does not work now.

Defects are to be expected. None of us can write perfect code. We should
be happy to revert commits and go forward with an enabled gate while
the team responsible for the commit gathers information and works to
correct the issue.

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [nova] live-snapshot/cloning of virtual machines

2013-08-16 Thread Russell Bryant

On 08/16/2013 01:17 PM, Vishvananda Ishaya wrote:
 
 
 
 On Fri, Aug 16, 2013 at 3:05 AM, Daniel P. Berrange berra...@redhat.com
 mailto:berra...@redhat.com wrote:

 I don't think it is a good idea to add a feature which is considered to
 be unsupportable by the developers of the virt platform.
 
 
 You make excellent points. I'm not totally convinced that this feature
 is the right
 long-term direction, but I still think it is interesting. To be fair,
 I'm not convinced that
 virtual machines as a whole are the right long-term direction. I'm still
 looking for a way
 for people experiment with this and see what use-cases that come out of it.
 
 Over the past three years OpenStack has been a place where we can
 iterate quickly and
 try new things. Multihost nova-network was an experiment of mine that
 turned into the
 most common deployment strategy for a long time.
 
 Maybe we've grown up to the point where we have to be more careful and
 not introduce
 these kind of features and the maintenance cost of introducing
 experimental features is
 too great. If that is the community consensus, then I'm happy keep the
 live snapshot stuff
 in a branch on github for people to experiment with.

My feeling after following this discussion is that it's probably best to
keep baking in another branch (github or whatever).  The biggest reason
is because of the last comment quoted from Daniel Berrange above.  I
feel that like that is a pretty big deal.

-- 
Russell Bryant

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Glance] Replacing Glance DB code to Oslo DB code.


On 08/16/2013 02:41 PM, Mark Washenberger wrote:

I think the issue here for glance is whether or not oslo common code
makes it easier or harder to make other planned improvements. In
particular, using openstack.common.db.api will make it harder to
refactor away from a giant procedural interface for the database driver.


And towards what? A giant object-oriented interface for the database driver?

-jay

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] Migrating to testr parallel in tempest

2013-08-16 Thread Matthew Treinish

On Fri, Aug 16, 2013 at 01:03:57PM -0500, Ben Nemec wrote:
 Getting this in before the H3 rush would be very helpful. When we made
 the switch with Nova's unittests we fixed as many of the test bugs
 that we could find, merged the change to switch the test runner, then
 treated all failures as very high priority bugs that received
 immediate attention. Getting this in before H3 will give everyone a
 little more time to debug any potential new issues exposed by Jenkins
 or people running the tests locally.
 
 I think we should be bold here and merge this as soon as we have good
 numbers that indicate the trend is for these tests to pass. Graphite
 can give us the pass to fail ratios over time, as long as these trends
 are similar for both the old nosetest jobs and the new testr job I say
 we go for it. (Disclaimer: most of the projecst I work on are not
 affected by the tempest jobs; however, I am often called upon to help
 sort out issues in the gate).
 
 I'm inclined to agree.  It's not as if we don't have transient
 failures now, and if we're looking at a 50% speedup in
 recheck/verify times then as long as the new version isn't
 significantly less stable it should be a net improvement.
 
 Of course, without hard numbers we're kind of discussing in a vacuum
 here.
 
 
 I also would like to get this in sooner rather than later and fix
 the bugs as
 they come in. But, I'm wary of doing this because there isn't a
 proven success
 history yet. No one likes gate resets, and I've only been running
 it on the
 gate queue for a day now.
 
 So here is the graphite graph that I'm using to watch parallel vs
 serial in the
 gate queue:
 https://tinyurl.com/pdfz93l
 
 Okay, so what are the y-axis units on this?  Because just guessing I
 would say that it's percentage of failing runs, in which case it
 looks like we're already within the 95% as accurate range (it never
 dips below -.05).  Am I reading it right?

Yeah I'm not sure what scale it is using either. I'm not sure it's percent,
or if it is then it's not grouping things over a long period of time to
calculate the percentage. I just know by manually correlating with what
I saw by watching zuul is that -0.02 was one failure, -0.03 should be 2
failures.

This graph might be easier to read:

http://tinyurl.com/n27lytl 

For this one I told graphite to do a total of events grouped at 1 hour
intervals. This time the y-axis is the number of runs. This plots the
differences between serial and parallel results. So as before, above 0 on the
y-axis means that many more jobs passed in that hour. I split out a line for 
success, failure, and aborted.

The aborted number is actually pretty important. I noticed that if there is a
gate reset (or a bunch of them) when the queue is pretty deep the testr runs are
often finished before the job at the head of the queue fails. So they get marked
as failures but the full jobs never finish and get marked as aborted. The good 
example of this is between late Aug 14 and early Aug 15 on the plot. That is 
when
when there was an intermittent test failure with horizon. Which was fixed by a
revert the next morning.

All this exercise has really shown me though is that graphing the results isn't
exactly straightforward or helpful unless everything we're measuring is gating.

So as things sit now we've found about ~5 more races and/or flaky tests while
running tempest in parallel. 2 have fixes in progress:
https://review.openstack.org/#/c/42169/
https://review.openstack.org/#/c/42351/

Then I have open bugs for the remaining 3 here:
https://bugs.launchpad.net/tempest/+bug/1213212
https://bugs.launchpad.net/tempest/+bug/1213209
https://bugs.launchpad.net/tempest/+bug/1213215

I haven't seen any other repeating failures besides these 3, and no one else has
opened a bug regarding a parallel failure. (although I doubt anyone is paying
attention to the fails, I know I wouldn't :) ) So there may be more that are
happening more infrequently that are being hidden by these 3.

At this point I'm not sure it is ready yet with the frequency I've seen the
testr run fail. But, at the same time the longer we wait the more bugs that can
be introduced. Maybe there is some middle ground like marking the parallel job
as voting on the check queue.

-Matt Treinish



 
 
 On that graph the blue and yellow shows the number of jobs that
 succeeded
 grouped together in per hour buckets. (yellow being parallel and
 blue serial)
 
 Then the red line is showing failures, a horizontal bar means that
 there is no
 difference in the number of failures between serial and parallel.
 When it dips
 negative it is showing a failure in parallel that wasn't on serial
 a serial run
 at the same time. When it goes positive it showing a failure on
 serial that
 doesn't occur on parallel at the same time. But, because the
 serial runs take
 longer the failures happen at an offset. So if the plot shows
 parallel fails
 followed closely by a serial failure than that is probably on

Re: [openstack-dev] [Ceilometer] Concerning get_resources/get_meters and the Ceilometer API

On Tue, Aug 13, 2013 at 2:36 PM, Thomas Maddox
thomas.mad...@rackspace.comwrote:

  Hello!

  I was having some chats yesterday with both Julien and Doug regarding
 some thoughts that occurred to me while digging through CM and Doug
 suggested that I bring them up on the dev list for everyones benefit and
 discussion.

  My bringing this up is intended to help myself and others get a better
 understanding of why it's this way, whether we're on the correct course,
 and, if not, how we get to it. I'm not expecting anything to change quickly
 or necessarily at all from this. Ultimately the question I'm asking is: are
 we addressing the correct use cases with the correct API calls; being able
 to expect certain behavior without having to know the internals? For
 context, this is mostly using the SQLAlchemy implementation for these
 questions, but the API questions apply overall.

  My concerns:

- Driving get_resources() with the Meter table instead of the Resource
table. This is mainly because of the additional filtering available in the
Meter table, which allows us to satisfy a use case like *getting a
list of resources a user had during a period of time to get meters to
compute billing with*. The semantics are tripping me up a bit; the
question this boiled down to for me was: *why use a resource query to
get meters to show usage by a tenant*? I was curious about why we
needed the timestamp filtering when looking at Resources, and why we would
use Resource as a way to get at metering data, rather than a Meter request
itself? This was answered by resources being the current vector to get at
metering data for a tenant in terms of resources, if I understood 
 correctly.



- With this implementation, we have to do aggregation to get at the
discrete Resources (via the Meter table) rather than just filtering the
already distinct ones in the Resource table.

 Querying first for resources and then getting the statistics is an
artifact of the design of the V1 API, where both the resource id and meter
name were part of the statistics API URL. After the groupby feature lands
in the V2 statistics API, we won't have to make the separate query any more
to satisfy the billing requirement.

However, that's just one example use case. Sometimes people do want to know
something about the resources that have existed besides the aggregated
samples for billing. The challenge with querying for resources is that the
metadata for a given resource has the potential to change over time. The
resource table holds the most current metadata, but the meter table has all
of the samples and all of the versions of the metadata, so we have to look
there to filter on metadata that might change (especially if we're trying
to answer questions about what resources had specific characteristics
during a time range).


- This brought up some confusion with the API for me with the major
use cases I can think of:
   - As a new consumer of this API, I would think that *
   /resource/resource_id* would get me details for a resource, e.g.
   current state, when it was created, last updated/used timestamp, who 
 owns
   it; not the attributes from the first sample to come through about it

 It should be returning the attributes for the *last* sample to be seen, so
that the metadata and other settings are the most recent values.


-
   - I would think that *
   /meter/?q.field=resource_idq.value=resource_id* ought to get me
   a list of meter(s) details for a specific resource, e.g. name, unit, and
   origin; but not a huge mixture of samples.

 The meters associated with a resource are provided as part of the response
to the resources query, so no separate call is needed.


-
   -
  - Additionally */meter/?q.field=user_idq.value=user_id* would
  get me a list of all meters that are currently related to the user

 Yes, we're in the process of replacing the term meter with sample. Bad
choice of name that will require a deprecation period.


-
   -
   - The ultimate use case, for billing queries, I would think that 
 */meter/meter_id/statistics?time
   filtersuser(resource_id)* would get me the measurements for
   that meter to bill for.


-

 If I understand correctly, one main intent driving this is wanting to
 avoid end users having to write a bunch of API requests themselves from the
 billing side and instead just drill down from payloads for each resource to
 get the billing information for their customers. It also looks like there's
 a BP to add grouping functionality to statistics queries to allow us this
 functionality easily (this one, I think:
 https://blueprints.launchpad.net/ceilometer/+spec/api-group-by).

  I'm new to this project, so I'm trying to get a handle on how we got
 here and maybe offer some outside perspective, if it's needed or wanted. =]

  Thank you all in advance for your time with

Re: [openstack-dev] Proposal oslo.db lib

2013-08-16 Thread Clint Byrum

Excerpts from Ben Nemec's message of 2013-08-16 11:10:09 -0700:
 On 2013-08-16 11:58, Jay Pipes wrote:
  On 08/16/2013 09:52 AM, Boris Pavlovic wrote:
  Hi all,
  
  We (OpenStack contributors) done a really huge and great work around 
  DB
  code in Grizzly and Havana to unify it, put all common parts into
  oslo-incubator, fix bugs, improve handling of sqla exceptions, provide
  unique keys, and to use  this code in different projects instead of
  custom implementations. (well done!)
  
  oslo-incubator db code is already used by: Nova, Neutron, Cinder,
  Ironic, Ceilometer.
  
  In this moment we finished work around Glance:
  https://review.openstack.org/#/c/36207/
  
  And working around Heat and Keystone.
  
  So almost all projects use this code (or planing to use it)
  
  Probably it is the right time to start work around moving oslo.db code
  to separated lib.
  
  We (Roman, Viktor and me) will be glad to help to make oslo.db lib:
  
  E.g. Here are two drafts:
  1) oslo.db lib code: https://github.com/malor/oslo.db
  2) And here is this lib in action: 
  https://review.openstack.org/#/c/42159/
  
  
  Thoughts?
  
  ++
  
  Are you going to create a separate Launchpad project for the library
  and track bugs against it separately? Or are you going to use the oslo
  project in Launchpad for that?
 
 At the moment all of the oslo.* projects are just grouped under the 
 overall Oslo project in LP.  Unless there's a reason to do otherwise I 
 would expect that to be true of oslo.db too.

Has that decision been re-evaluated recently?

I feel like bug trackers are more useful when they are more focused. But
perhaps there are other reasons behind using a shared bug tracker.

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] Proposal oslo.db lib


On 08/16/2013 04:00 PM, Clint Byrum wrote:

Excerpts from Ben Nemec's message of 2013-08-16 11:10:09 -0700:

On 2013-08-16 11:58, Jay Pipes wrote:

On 08/16/2013 09:52 AM, Boris Pavlovic wrote:

Hi all,

We (OpenStack contributors) done a really huge and great work around
DB
code in Grizzly and Havana to unify it, put all common parts into
oslo-incubator, fix bugs, improve handling of sqla exceptions, provide
unique keys, and to use  this code in different projects instead of
custom implementations. (well done!)

oslo-incubator db code is already used by: Nova, Neutron, Cinder,
Ironic, Ceilometer.

In this moment we finished work around Glance:
https://review.openstack.org/#/c/36207/

And working around Heat and Keystone.

So almost all projects use this code (or planing to use it)

Probably it is the right time to start work around moving oslo.db code
to separated lib.

We (Roman, Viktor and me) will be glad to help to make oslo.db lib:

E.g. Here are two drafts:
1) oslo.db lib code: https://github.com/malor/oslo.db
2) And here is this lib in action:
https://review.openstack.org/#/c/42159/


Thoughts?


++

Are you going to create a separate Launchpad project for the library
and track bugs against it separately? Or are you going to use the oslo
project in Launchpad for that?


At the moment all of the oslo.* projects are just grouped under the
overall Oslo project in LP.  Unless there's a reason to do otherwise I
would expect that to be true of oslo.db too.


Has that decision been re-evaluated recently?

I feel like bug trackers are more useful when they are more focused. But
perhaps there are other reasons behind using a shared bug tracker.


+1

The alternative (relying on users to tag bugs consistently) is error-prone.

-jay


___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Ceilometer] Pipeline Retry Semantics ...

I added a couple of comments in the wiki page. We should have at least one
summit session about this, I think, unless we work it out before then.


On Thu, Aug 15, 2013 at 12:20 PM, Sandy Walsh sandy.wa...@rackspace.comwrote:

 Recently I've been focused on ensuring we don't drop notifications in
 CM. But problems still exist downstream, after we've captured the raw
 event.

 From the efforts going on with the Ceilometer sample pipeline, the new
 dispatcher model and the upcoming trigger pipeline, the discussion
 around retry semantics has being coming up a lot.

 In other words What happens when step 4 of a 10 step pipeline fails?

 As we get more into processing billing events, we really need to have a
 solid understanding of how we prevent double-counting or dropping events.

 I've started writing down some thoughts here:
 https://wiki.openstack.org/wiki/DuplicateWorkCeilometer

 It's a little scattered and I'd like some help tuning it.

 Hopefully it'll help grease the skids for the Icehouse Summit talks.

 Thanks!
 -S

 cc/ Josh, I think the State Management team can really help out here.

 ___
 OpenStack-dev mailing list
 OpenStack-dev@lists.openstack.org
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] endpoint registration

If you're saying that you want to register URLs without version info
embedded in them, and let the client work that part out by talking to the
service in question (or getting a version number from the caller), then
yes, please.


On Fri, Aug 16, 2013 at 1:47 AM, Robert Collins
robe...@robertcollins.netwrote:

 We're just reworking our endpoint registration on cloud bring up to be
 driven by APIs, per the principled separation of concerns I outlined
 previously.

 One thing I note is that the keystone intialisation is basically full
 of magic constants like
 http://$CONTROLLER_PUBLIC_ADDRESS:8004/v1/%(tenant_id)s

 Now, I realise that when you have a frontend haproxy etc, the endpoint
 changes - but the suffix - v1/%(tenant_id)s in this case - is, AFAICT,
 internal neutron/cinder/ etc knowledge, as is the service type
 ('network' etc).

 Rather than copying those into everyones deploy scripts, I'm wondering
 if we could put that into neutronclient etc - either as a query
 function (neutron --endpoint-suffix - 'v1/%(tenant_id)s) or perhaps
 something that will register with keystone when told to?

 -Rob

 --
 Robert Collins rbtcoll...@hp.com
 Distinguished Technologist
 HP Converged Cloud

 ___
 OpenStack-dev mailing list
 OpenStack-dev@lists.openstack.org
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] endpoint registration

2013-08-16 Thread Robert Collins

On 17 August 2013 08:27, Doug Hellmann doug.hellm...@dreamhost.com wrote:
 If you're saying that you want to register URLs without version info
 embedded in them, and let the client work that part out by talking to the
 service in question (or getting a version number from the caller), then
 yes, please.


That too. But primarily I don't want to be chasing devstack updates
forever because of copied code around this.

-Rob

-- 
Robert Collins rbtcoll...@hp.com
Distinguished Technologist
HP Converged Cloud

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Ceilometer] Concerning get_resources/get_meters and the Ceilometer API


On 08/16/2013 04:37 PM, Doug Hellmann wrote:

On Fri, Aug 16, 2013 at 4:15 PM, Jay Pipes jaypi...@gmail.com
mailto:jaypi...@gmail.com wrote:

On 08/16/2013 03:52 PM, Doug Hellmann wrote:

However, that's just one example use case. Sometimes people do
want to
know something about the resources that have existed besides the
aggregated samples for billing. The challenge with querying for
resources is that the metadata for a given resource has the
potential to
change over time. The resource table holds the most current
metadata,
but the meter table has all of the samples and all of the
versions of
the metadata, so we have to look there to filter on metadata
that might
change (especially if we're trying to answer questions about what
resources had specific characteristics during a time range).


This is wasteful, IMO. We could change the strategy to say that a
resource is immutable once it is received by Ceilometer. And if the
metadata about that resource changes somehow (an example of this
would be useful) in the future, then a new resource record with a
unique ID would be generated and its ID shoved into the meter table
instead of storing a redundant denormalized data in the
meter.resource_metadata field, which AFAICT, is a VARCHAR(1000) field.


To be clear, when I said resource I meant something like an instance,
not owned by ceilometer (rather than a row in the resource table).

As Julien pointed out, the existing SQL driver is based on the schema of
the Mongo driver where rather than doing a mapreduce operation every
time we want to find the most current resource data, it is stored
separately. It's quite likely that someone could improve the SQL driver
to not require the resource table at all, as you suggest.\\


Actually, that's the opposite of what I'm suggesting :) I'm suggesting 
getting rid of the resource_metadata column in the meter table and using 
the resource table in joins...


-jay


Anything that can reduce storage space in the base fact table
(meter) per row will lead to increased performance...

Best,
-jay



_
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.__org
mailto:OpenStack-dev@lists.openstack.org
http://lists.openstack.org/__cgi-bin/mailman/listinfo/__openstack-dev 
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Ceilometer] Concerning get_resources/get_meters and the Ceilometer API