[Yahoo-eng-team] [Bug 1545960] [NEW] authenticating with ldap user fails due to notification

2016-02-15 Thread Steve Martinelli 
Public bug reported:

I setup a non-default domain with an LDAP backend, with emails as
usernames. This caused ldap user authentication to fail:

2016-02-16 02:49:48.311 18101 DEBUG keystone.common.ldap.core 
[req-d086b3ca-bddc-4927-b4d5-205913f4187e - - - - -] LDAP init: 
url=ldap://bluepages.ibm.com 2016-02-16 02:49:48.311 
_common_ldap_initialization /opt/stack/keystone/keystone/common/ldap/core.py:579
2016-02-16 02:49:48.311 18101 DEBUG keystone.common.ldap.core 
[req-d086b3ca-bddc-4927-b4d5-205913f4187e - - - - -] LDAP init: use_tls=False 
tls_cacertfile=None tls_cacertdir=None tls_req_cert=2 tls_avail=1 2016-02-16 
02:49:48.311 _common_ldap_initialization 
/opt/stack/keystone/keystone/common/ldap/core.py:583
2016-02-16 02:49:48.311 18101 DEBUG keystone.common.ldap.core 
[req-d086b3ca-bddc-4927-b4d5-205913f4187e - - - - -] LDAP search: 
base=ou=bluepages,o=ibm.com scope=2 
filterstr=(&(mail=steve...@ca.ibm.com)(objectClass=ibmPerson)(uid=*)) 
attrs=['mail', 'userPassword', 'enabled', 'uid'] attrsonly=0 2016-02-16 
02:49:48.311 search_s /opt/stack/keystone/keystone/common/ldap/core.py:938
2016-02-16 02:49:48.418 18101 DEBUG keystone.common.ldap.core 
[req-d086b3ca-bddc-4927-b4d5-205913f4187e - - - - -] LDAP unbind 2016-02-16 
02:49:48.418 unbind_s /opt/stack/keystone/keystone/common/ldap/core.py:911
2016-02-16 02:49:48.420 18101 DEBUG keystone.identity.core 
[req-d086b3ca-bddc-4927-b4d5-205913f4187e - - - - -] ID Mapping - Domain ID: 
f661d8c0c14848f5909cf5229a473377, Default Driver: False, Domains: False, UUIDs: 
False, Compatible IDs: True 2016-02-16 02:49:48.420 _set_domain_id_and_mapping 
/opt/stack/keystone/keystone/identity/core.py:577
2016-02-16 02:49:48.420 18101 DEBUG keystone.identity.core 
[req-d086b3ca-bddc-4927-b4d5-205913f4187e - - - - -] Local ID: 011918649 
2016-02-16 02:49:48.420 _set_domain_id_and_mapping_for_single_ref 
/opt/stack/keystone/keystone/identity/core.py:595
2016-02-16 02:49:48.425 18101 DEBUG keystone.identity.core 
[req-d086b3ca-bddc-4927-b4d5-205913f4187e - - - - -] Found existing mapping to 
public ID: 2165702f085e15ff59308d8723df016d75fdd07e9af527a881b87812278e5068 
2016-02-16 02:49:48.425 _set_domain_id_and_mapping_for_single_ref 
/opt/stack/keystone/keystone/identity/core.py:608

2016-02-16 02:32:22.650 17136 ERROR keystone.common.wsgi 
[req-0fb5bb7b-2ba1-4ced-a814-71bd53939d46 - - - - -] 'ascii' codec can't decode 
byte 0xec in position 2: ordinal not in range(128)
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi Traceback (most recent 
call last):
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi   File 
"/opt/stack/keystone/keystone/common/wsgi.py", line 247, in __call__
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi result = 
method(context, **params)
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi   File 
"/opt/stack/keystone/keystone/auth/controllers.py", line 396, in 
authenticate_for_token
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi 
self.authenticate(context, auth_info, auth_context)
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi   File 
"/opt/stack/keystone/keystone/auth/controllers.py", line 520, in authenticate
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi auth_context)
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi   File 
"/opt/stack/keystone/keystone/auth/plugins/password.py", line 36, in 
authenticate
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi 
password=user_info.password)
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi   File 
"/opt/stack/keystone/keystone/common/manager.py", line 124, in wrapped
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi __ret_val = 
__f(*args, **kwargs)
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi   File 
"/opt/stack/keystone/keystone/notifications.py", line 555, in wrapper
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi initiator = 
_get_request_audit_info(context, user_id)
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi   File 
"/opt/stack/keystone/keystone/notifications.py", line 521, in 
_get_request_audit_info
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi initiator.id = 
utils.resource_uuid(user_id)
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi   File 
"/opt/stack/keystone/keystone/common/utils.py", line 60, in resource_uuid
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi return 
uuid.uuid5(RESOURCE_ID_NAMESPACE, value).hex
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi   File 
"/usr/lib/python2.7/uuid.py", line 567, in uuid5
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi hash = 
sha1(namespace.bytes + name).digest()
2016-02-16 02:32:22.650 17136 TRACE keystone.common.wsgi UnicodeDecodeError: 
'ascii' codec can't decode byte 0xec in position 2: ordinal not in range(128)

** Affects: keystone
 Importance: High
 Assignee: Steve Martinelli (stevemar)
 Status: New

** Changed in:

[Yahoo-eng-team] [Bug 1429566] Re: misused region / region_id in EP

2016-02-15 Thread Dave Chen 
per the comments in that patch, no bother to fix this.

** Changed in: keystone
   Status: In Progress => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1429566

Title:
  misused region / region_id in EP

Status in OpenStack Identity (keystone):
  Won't Fix

Bug description:
  Checked from the current IMPL in EP, 'region_id' has the same meaning with 
'region', and region with the context actaully means 'region_id'.
  
https://github.com/openstack/keystone/blob/master/keystone/catalog/backends/sql.py#L333
  endpoint['region'] = endpoint['region_id']

  But, region and region_id is not used in a consistent way, for example,
  Table definition,  region_id is used,
  
https://github.com/openstack/keystone/blob/master/keystone/catalog/backends/sql.py#L76

  Upgrade or downgrade scripts, region is used,
  
https://github.com/openstack/keystone/blob/master/keystone/common/sql/migrate_repo/versions/042_endpoint_enabled.py#L126

  EP in the catalog when using SQL as the backend, both region and region_id 
are presented in the catalog, this seems is not necessary.
  
https://github.com/openstack/keystone/blob/master/keystone/catalog/backends/sql.py#L333

  while using the template as the backend, only region is presented in the 
catalog,
  
https://github.com/openstack/keystone/blob/master/keystone/catalog/core.py#L487

  some code cleanup will help to give a consistent way to use region or
  region_id.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1429566/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1542962] Re: DHCP agent RuntimeError when dnsmasq_config_file is not given

2016-02-15 Thread Sean M. Collins 
** Changed in: neutron
   Status: In Progress => Opinion

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1542962

Title:
  DHCP agent RuntimeError when dnsmasq_config_file is not given

Status in neutron:
  Opinion

Bug description:
  DHCP agent RuntimeError when is not given

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1542962/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1525780] Re: neutron-openvswitch-agent fails to terminate on SIGTERM when of_interface=native

2016-02-15 Thread OpenStack Infra 
Reviewed:  https://review.openstack.org/257204
Committed: 
https://git.openstack.org/cgit/openstack/neutron/commit/?id=f01affa0935026f001916f41514b9ff12fa73bb1
Submitter: Jenkins
Branch:master

commit f01affa0935026f001916f41514b9ff12fa73bb1
Author: IWAMOTO Toshihiro 
Date:   Mon Dec 14 17:02:00 2015 +0900

Call Ryu's clean up function when ovs_neutron_agent.main terminates

When the of_interface=native configuration is active, Ryu's event loop
must be explicitly terminated.

Change-Id: I28779cf0da6a9b369922566998ec388679593819
Closes-bug: 1525780


** Changed in: neutron
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1525780

Title:
  neutron-openvswitch-agent fails to terminate on SIGTERM when
  of_interface=native

Status in neutron:
  Fix Released

Bug description:
  The summary says everything.
  It is due to Ryu's event loop handling.
  The following patch revealed this bug: 
  https://review.openstack.org/#/c/231351/4/

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1525780/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1544821] Re: keyston: redundent ldap url do not got to failover one when firewall silently drops packets

2016-02-15 Thread Steve Martinelli 
changing this to keystone instead of keystoneauth.

not entirely sure what we can do about this, we simply pass the options
down to openldap

** Also affects: keystone
   Importance: Undecided
   Status: New

** Changed in: keystoneauth
   Status: New => Invalid

** Tags removed: keystone

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1544821

Title:
  keyston: redundent ldap url do not got to failover one when firewall
  silently drops packets

Status in OpenStack Identity (keystone):
  New
Status in keystoneauth:
  Invalid

Bug description:
  Actual Problem
  
  while a list of LDAP servers is possible there isn't a built-in timeout 
mechanism in Keystone to failover to the next LDAP server in the list if there 
is no response.  Try setting your first LDAP server in the list to a server 
which will not respond on 636 i.e. behind a firewall that silently drops 
packets.  What you will find is Keystone will hang waiting for a connection 
timeout and keystone authentication will timeout.
  

  
  Replicated the issue and here is the result
  ++

  My keystone auth config for the domain
  /etc/keystone/domains/keystone.LAB.conf

  ~~~
  [ldap]
  url =  ldaps://ipb.test.com,ldaps://ipa.test.com
  user = uid=svc-ldap,cn=users,cn=accounts,dc=test,dc=com
  user_filter = (memberOf=cn=grp-openstack,cn=groups,cn=accounts,dc=test,dc=com)
  password = redhat
  user_tree_dn = cn=users,cn=accounts,dc=test,dc=com
  ~~~

  Both of the ldap server are IPA

  When it works and goes to ldaps://ipa.test.com

  - When we stop IPA service on ipb.test.com
  - When we shutdown the ldap/ldaps port on ipb.test.com

  When it do not work

  - Drop the packet like # ipatables -I INPUT -s OSP-Controller -j DROP

  - Network stop responding

  ** But its work well when it " Destination Host Unreachable" (Manually
  delete the arp from the table)

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1544821/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1545455] Re: devstack issue: OSError: [Errno 2] No such file or directory: '/opt/stack/horizon/openstack_dashboard/themes/webroot'

2016-02-15 Thread kaishen 
i got it fixed by myself by re-do everything. remove existing folders:
devstack , stack. then as following steps to re-do:

1. Download DevStack (i am using root user)
 cd /opt
 git clone https://git.openstack.org/openstack-dev/devstack
 note: if error occurs, its better to remove the existing files and 
re-download.

2.  Add stack user, even you already created stack user, you can run the 
command.
 cd /opt/devstack/tools
 ./create-stack-user.sh

3.  Change the ownership to stack.
  cd /opt/
  chown -R stack:stack /opt/devstack

4.  switch to stack user (password is stack)
  su stack

5.  Additional changes, which block me for several days.
 i have to edit /opt/devstack/stackrc file, change the line   
GIT_BASE=${GIT_BASE:-git://git.openstack.org} to  
GIT_BASE=${GIT_BASE:-https://git.openstack.org}, as the git:// is not available 
to me. (i am in China)

6. run stack.sh (remember now i am using stack user)
cd /opt/devstack
./stack.sh
Note: this will take a few hours to complete download. if error occurs, you 
can re-run ./stack.sh, as it will continue downloading the incomplete files, 
instead start from scratch.

7. once step 6 completed successfully, you will be able see log, saying
how long stack.sh completed

8. now you can goto browser to login the dashboard.
http://127.0.0.1:9080/dashboard






** Changed in: horizon
   Status: New => Invalid

** Changed in: horizon
 Assignee: (unassigned) => kaishen (kaishen-yang)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1545455

Title:
  devstack issue:  OSError: [Errno 2] No such file or directory:
  '/opt/stack/horizon/openstack_dashboard/themes/webroot'

Status in OpenStack Dashboard (Horizon):
  Invalid

Bug description:
  hi Team,

  i am new to Openstack, i am trying with Devstack. I am following the guide 
lines to setup devstack in one Virtual box machine (Ubuntu 
14.04.3-server-amd64). when i run ./stack.sh, I always get error from console 
like following:
  --
  2016-02-14 13:41:15.957 | Starting Horizon
  + /opt/devstack/lib/horizon:init_horizon:L141:   sudo rm -f 
'/var/log/apache2/horizon_*'
  + /opt/devstack/lib/horizon:init_horizon:L144:   local django_admin
  + /opt/devstack/lib/horizon:init_horizon:L145:   type -p django-admin
  + /opt/devstack/lib/horizon:init_horizon:L146:   django_admin=django-admin
  + /opt/devstack/lib/horizon:init_horizon:L152:   
DJANGO_SETTINGS_MODULE=openstack_dashboard.settings
  + /opt/devstack/lib/horizon:init_horizon:L152:   django-admin collectstatic 
--noinput
  Traceback (most recent call last):
File "/usr/local/bin/django-admin", line 11, in 
  sys.exit(execute_from_command_line())
File 
"/usr/local/lib/python2.7/dist-packages/django/core/management/__init__.py", 
line 354, in execute_from_command_line
  utility.execute()
File 
"/usr/local/lib/python2.7/dist-packages/django/core/management/__init__.py", 
line 346, in execute
  self.fetch_command(subcommand).run_from_argv(self.argv)
File 
"/usr/local/lib/python2.7/dist-packages/django/core/management/base.py", line 
394, in run_from_argv
  self.execute(*args, **cmd_options)
File 
"/usr/local/lib/python2.7/dist-packages/django/core/management/base.py", line 
445, in execute
  output = self.handle(*args, **options)
File 
"/usr/local/lib/python2.7/dist-packages/django/contrib/staticfiles/management/commands/collectstatic.py",
 line 168, in handle
  collected = self.collect()
File 
"/usr/local/lib/python2.7/dist-packages/django/contrib/staticfiles/management/commands/collectstatic.py",
 line 98, in collect
  for path, storage in finder.list(self.ignore_patterns):
File 
"/usr/local/lib/python2.7/dist-packages/django/contrib/staticfiles/finders.py", 
line 112, in list
  for path in utils.get_files(storage, ignore_patterns):
File 
"/usr/local/lib/python2.7/dist-packages/django/contrib/staticfiles/utils.py", 
line 28, in get_files
  directories, files = storage.listdir(location)
File "/usr/local/lib/python2.7/dist-packages/django/core/files/storage.py", 
line 299, in listdir
  for entry in os.listdir(path):
  OSError: [Errno 2] No such file or directory: 
'/opt/stack/horizon/openstack_dashboard/themes/webroot'
  + /opt/devstack/lib/horizon:init_horizon:L1:   exit_trap
  + ./stack.sh:exit_trap:L474:   local r=1
  ++ ./stack.sh:exit_trap:L475:   jobs -p
  + ./stack.sh:exit_trap:L475:   jobs=
  + ./stack.sh:exit_trap:L478:   [[ -n '' ]]
  + ./stack.sh:exit_trap:L484:   kill_spinner
  + ./stack.sh:kill_spinner:L370:   '[' '!' -z '' ']'
  + ./stack.sh:exit_trap:L486:   [[ 1 -ne 0 ]]
  + ./stack.sh:exit_trap:L487:   echo 'Error on exit'
  Error on exit
  + ./stack.sh:exit_trap:L488:   generate-subunit 1455456924 353 fail
  + ./stack.sh:exit_trap:L489:

[Yahoo-eng-team] [Bug 1545892] [NEW] Missing backdrop on "Add Group Assignment" modal

2016-02-15 Thread Alan Fung 
Public bug reported:

All if not most modal have semi-opaque backdrops. The Add-Group-
Assignment modal does not have one.

Reproduce:
1. Go to Identity > Groups.
2. Click click "Manage Members" for any particular group from the table.
3. Click on "Add Users".

Expected:
Has a semi-opaque backdrop behind the modal.

Actual:
Has no semi-opaque backdrop behind the modal.

** Affects: horizon
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1545892

Title:
  Missing backdrop on "Add Group Assignment" modal

Status in OpenStack Dashboard (Horizon):
  New

Bug description:
  All if not most modal have semi-opaque backdrops. The Add-Group-
  Assignment modal does not have one.

  Reproduce:
  1. Go to Identity > Groups.
  2. Click click "Manage Members" for any particular group from the table.
  3. Click on "Add Users".

  Expected:
  Has a semi-opaque backdrop behind the modal.

  Actual:
  Has no semi-opaque backdrop behind the modal.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1545892/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1531011] Re: When firewall rule is inserted/deleted from a policy, notifications are not generated

2016-02-15 Thread OpenStack Infra 
Reviewed:  https://review.openstack.org/271552
Committed: 
https://git.openstack.org/cgit/openstack/neutron-fwaas/commit/?id=79237e5080e579272101fb198ff0d48ae72c3a98
Submitter: Jenkins
Branch:master

commit 79237e5080e579272101fb198ff0d48ae72c3a98
Author: Paddu Krishnan 
Date:   Thu Jan 21 18:37:46 2016 -0800

Send Notifications for Firewall policy updates

Currently notifications are generated for the following:
a. When a Firewall is created/deleted
b. when a rule is created/deleted/modified
c. When a policy is created/deleted.

But, after a policy is created, when rules are inserted or
removed from a policy, no notifications are generated.
These notifications refer to the audit logs for
fwaas operations performed by a user.

The proposed fix is similar to how notifications are generated
for interfaces added or deleted to router and DHCP agent notifications.

Change-Id: I7242867e41abc625eb1085983118c09a28249b85
Closes-Bug: #1531011


** Changed in: neutron
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1531011

Title:
  When firewall rule is inserted/deleted from a policy, notifications
  are not generated

Status in neutron:
  Fix Released

Bug description:
  For Firewall, Rabbitmq Notifications are generated for the following:
  When a Firewall is created/deleted
  when a rule is created/deleted/modified
  When a policy is created/deleted.

  But, after a policy is created, when rules are inserted or removed
  from a policy, no notifications are generated. The following is the
  screen shot when a firewall is deleted, captured using rabbitmqadmin
  (an example to indicate what notifications is referred here). This
  issue is found in both Kilo and Juno.

  |  routing_key  | exchange | message_count |  





payload 





  
   | payload_bytes | payload_encoding | 
redelivered |
  
+---+--+---+
 
+---+--+-+
  | Test_neutron_notify.info | neutron  | 1 | {"_context_roles": 
["_member_", "admin"], "_context_request_id": 
"req-4170bbcc-b467-4686-a97f-38324fc54bc5", "event_type": 
"firewall.delete.start", "timestamp": "2016-01-04 22:28:27.885535", 
"_context_tenant_id": "2028fe85b5ef4cffa1a9a88a39a37787", "_context_user": 
"22fab1c0e5534e1099a42fb85286c922", "_unique_id": 
"93de171182df4b00a77be4e1b9ea02da", "_context_tenant_name": "KLPROJ", 
"_context_user_id": "22fab1c0e5534e1099a42fb85286c922", "payload": 
{"firewall_id": "ddce3c3c-5a5c-48e1-8d44-612b21c96033"}, 
"_context_project_name": "KLPROJ", "_context_read_deleted": "no", 
"_context_auth_token": "b1166ae3cbb4419ca9983c3cf8895ed0", "_context_tenant": 
"2028fe85b5ef4cffa1a9a88a39a37787", "priority": "INFO", "_context_is_admin": 
true, "_context_project_id":

[Yahoo-eng-team] [Bug 1545370] Re: pycryptodome breaks nova/barbican/glance/kite

2016-02-15 Thread OpenStack Infra 
Reviewed:  https://review.openstack.org/279909
Committed: 
https://git.openstack.org/cgit/openstack/nova/commit/?id=1fd0f4f69b21cbd20c0eb0e2f8f4506061f4a211
Submitter: Jenkins
Branch:master

commit 1fd0f4f69b21cbd20c0eb0e2f8f4506061f4a211
Author: Davanum Srinivas 
Date:   Sat Feb 13 21:22:54 2016 -0500

Tolerate installation of pycryptodome

Newer versions of pysaml2 uses pycryptodome, so if by
accident if this library gets installed, Nova breaks.

paramiko folks are working on this:
https://github.com/paramiko/paramiko/issues/637

In the meanwhile, we should tolerate if either pycrypto
or pycryptodome is installed.

Closes-Bug: #1545370
Change-Id: If88beeb3983705621fe736995939ac20b2daf1f3


** Changed in: nova
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1545370

Title:
  pycryptodome breaks nova/barbican/glance/kite

Status in Barbican:
  New
Status in Glance:
  New
Status in OpenStack Compute (nova):
  Fix Released

Bug description:
  pysaml2===4.0.3 drags in pycryptodome===3.4 which breaks Nova in the
  both unit tests and grenade.

  nova.tests.unit.test_crypto.KeyPairTest.test_generate_key_pair_1024_bits
  

  Captured traceback:
  ~~~
  Traceback (most recent call last):
File "nova/tests/unit/test_crypto.py", line 352, in 
test_generate_key_pair_1024_bits
  (private_key, public_key, fingerprint) = 
crypto.generate_key_pair(bits)
File "nova/crypto.py", line 165, in generate_key_pair
  key = paramiko.RSAKey.generate(bits)
File 
"/Users/dims/openstack/openstack/nova/.tox/py27/lib/python2.7/site-packages/paramiko/rsakey.py",
 line 146, in generate
  rsa = RSA.generate(bits, os.urandom, progress_func)
File 
"/Users/dims/openstack/openstack/nova/.tox/py27/lib/python2.7/site-packages/Crypto/PublicKey/RSA.py",
 line 436, in generate
  if e % 2 == 0 or e < 3:
  TypeError: unsupported operand type(s) for %: 'NoneType' and 'int'

To manage notifications about this bug go to:
https://bugs.launchpad.net/barbican/+bug/1545370/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1545861] [NEW] Hz-table-controller should return only selected items

2016-02-15 Thread Thai Tran 
Public bug reported:

Hz-table-controller currently returns a map of items that were
checked/unchecked. We then have to manually filter through this list to
get the selected items. To make matters more confusing, this map is
wrongly called selected.

Misleading 'selected' property: 
https://github.com/openstack/horizon/blob/master/horizon/static/framework/widgets/table/table.controller.js#L34
Manually filtering example: 
https://github.com/openstack/horizon/blob/master/openstack_dashboard/static/app/core/images/actions/batch-delete.service.js#L77

** Affects: horizon
 Importance: Medium
 Assignee: Thai Tran (tqtran)
 Status: New

** Description changed:

  Hz-table-controller currently returns a map of items that were
  checked/unchecked. We then have to manually filter through this list to
- get the selected items. To make matters worse, this map is wrongly
- called selected.
+ get the selected items. To make matters more confusing, this map is
+ wrongly called selected.
+ 
+ Misleading 'selected' property: 
https://github.com/openstack/horizon/blob/master/horizon/static/framework/widgets/table/table.controller.js#L34
+ Manually filtering example: 
https://github.com/openstack/horizon/blob/master/openstack_dashboard/static/app/core/images/actions/batch-delete.service.js#L77

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1545861

Title:
  Hz-table-controller should return only selected items

Status in OpenStack Dashboard (Horizon):
  New

Bug description:
  Hz-table-controller currently returns a map of items that were
  checked/unchecked. We then have to manually filter through this list
  to get the selected items. To make matters more confusing, this map is
  wrongly called selected.

  Misleading 'selected' property: 
https://github.com/openstack/horizon/blob/master/horizon/static/framework/widgets/table/table.controller.js#L34
  Manually filtering example: 
https://github.com/openstack/horizon/blob/master/openstack_dashboard/static/app/core/images/actions/batch-delete.service.js#L77

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1545861/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1545312] Re: keystone install : unmet dependencies

2016-02-15 Thread Steve Martinelli 
** Changed in: keystone
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1545312

Title:
  keystone install : unmet dependencies

Status in OpenStack Identity (keystone):
  Invalid
Status in keystone package in Ubuntu:
  New

Bug description:
  Working with ubuntu 14.04 image

  When installing keystone with the following command:

  apt-get install -y keystone apache2 libapache2-mod-wsgi memcached
  python-memcache python-openstackclient

  It tells me the following packages have unmet dependences:
  keystone : Depends: python-keystone (= 2:8.0.1-0ubuntu1~cloud0) but 
1:2014.1.5-0ubuntu1 is to be installed

  python-openstackclient: Depends: python-cinderclient (>= 1:1.3.1) but 
1:1.0.8-0ubuntu2 is to be installed
   Depends: python-glanceclient 
(>= 1:0.18.0) but 1:0.12.0-0ubuntu1 is to be installed
   Depends: 
python-keystoneclient(>= 1:1.6.0) but 1:0.7.1-ubuntu1.3 is to be installed
   Depends: 
python-neutronclient(>= 1:2.6.0) but it is not going to be installed 
   Depends: 
python-novaclient(>= 2:2.28.1) but 1:2.17.0-0ubuntu1.2 is to be installed
   Depends: 
python-oslo-serialization (>= 1.2.0) but it is not going to be installed
   Depends: python-oslo.utils 
(>= 2.0.0) but it is not going to be installed

  aptitude tells me that python-keystone has the following dependences that are 
unavailable or unsatisfied:
  python-cryptography (>= 1.0) (unavailable)
  python-keystoneclient (>= 1:1.6.0) (unsatisfied)
  python-keystonemiddleware (>= 2.0.0) (unsatisfied)
  python-migrate (>= 0.9.6) (unsatisfied)
  python-msgpack(>=0.4.0) (unavailable)
  python-oslo.concurrency (>= 2.3.0) (unsatisfied)
  python-oslo.config(>= 1:2.3.0) (unsatisfied)
  python-oslo.context(>= 0.2.0) (unsatisfied)
  python-oslo.db (>=2.4.1) (unsatisfied)
  python-oslo.i18n (>= 1.5.0) (unsatisfied)
  python-oslo.log (>= 1.8.0) (unsatisfied)
  python-oslo.messaging (>= 1.16.0) (unsatisfied)
  python-oslo.middalware (>= 2.8.0) (unsatisfied)
  python-oslo.policy(>= 0.5.0) (unsatisfied)
  python-oslo.serialization (>= 1.4.0) (unsatisfied)
  python-oslo.service (>= 0.7.0) (unsatisfied)
  python-oslo.utils (= 2.0.0) (unsatisfied)
  python-pycadf (>= 1.1.0) (unsatisfied)
  python-pysaml2 (>= 2.4.0) (unsatisfied)
  python-sqlalchemy (>= 1.0~) (unsatisfied)

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1545312/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1544313] Re: LBaaSv2 agent schedules LB's to agents that are offline

2016-02-15 Thread Major Hayden 
If I wait longer than 75 seconds, the LB gets scheduled to an agent
that's alive every time.  We can close this bug.

** Changed in: neutron
   Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1544313

Title:
  LBaaSv2 agent schedules LB's to agents that are offline

Status in neutron:
  Invalid

Bug description:
  When I create load balancers via the LBaaSv2 agent, the load balancer
  will be scheduled to an agent that is offline.  I'm not sure if this
  occurs in Mitaka, but it is happening with the latest commits from
  Liberty.

  To reproduce:
  * Ensure you have two neutron lbaasv2 agents running, one on each server
  * Stop one of the agents
  * Use neutron lbaas-loadbalancer-create to create two new load balancers
  * One will be PENDING_CREATE since it was scheduled to the agent that is down

  I would expect that the load balancer would be scheduled to an agent
  that is online.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1544313/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1545153] Re: BadRequest: Invalid input for dns_name. Name must not start or end with a hyphen.

2016-02-15 Thread OpenStack Infra 
Reviewed:  https://review.openstack.org/279799
Committed: 
https://git.openstack.org/cgit/openstack/nova/commit/?id=7e79d83641545e8134a2a142ade8a2fc0b96eade
Submitter: Jenkins
Branch:master

commit 7e79d83641545e8134a2a142ade8a2fc0b96eade
Author: Matthew Treinish 
Date:   Fri Feb 12 16:21:37 2016 -0500

Reorder name normalization for DNS

Having the truncation step as the last one meant we could truncate to
a trailing hyphen. This could potential cause a failure for an invalid
name. This commit reorders the normalization to put the truncation as
the first step which should avoid that problem.

Change-Id: I2219f6c73d882efc787127f02fda937f3e3b44eb
Closes-Bug: #1545153


** Changed in: nova
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1545153

Title:
  BadRequest: Invalid input for dns_name. Name must not start or end
  with a hyphen.

Status in OpenStack Compute (nova):
  Fix Released

Bug description:
  I'm seeing this in a tempest job run:

  http://logs.openstack.org/21/279721/3/check/gate-tempest-dsvm-neutron-
  full/8292a4a/logs/screen-n-cpu.txt.gz?level=TRACE#_2016-02-12_19_46_26_529

  2016-02-12 19:46:26.529 19015 ERROR nova.network.neutronv2.api 
[req-bb911afc-2a34-4812-8c83-0bb6eabc527f 
tempest-TestSecurityGroupsBasicOps-630833589 
tempest-TestSecurityGroupsBasicOps-22256548] [instance: 
25bf790e-cc4b-42fa-99f2-38f9bb7a004b] Neutron error creating port on network 
6796595c-c739-4080-b8a9-997f6936208c
  2016-02-12 19:46:26.529 19015 ERROR nova.network.neutronv2.api [instance: 
25bf790e-cc4b-42fa-99f2-38f9bb7a004b] Traceback (most recent call last):
  2016-02-12 19:46:26.529 19015 ERROR nova.network.neutronv2.api [instance: 
25bf790e-cc4b-42fa-99f2-38f9bb7a004b]   File 
"/opt/stack/new/nova/nova/network/neutronv2/api.py", line 255, in _create_port
  2016-02-12 19:46:26.529 19015 ERROR nova.network.neutronv2.api [instance: 
25bf790e-cc4b-42fa-99f2-38f9bb7a004b] port = 
port_client.create_port(port_req_body)
  2016-02-12 19:46:26.529 19015 ERROR nova.network.neutronv2.api [instance: 
25bf790e-cc4b-42fa-99f2-38f9bb7a004b]   File 
"/usr/local/lib/python2.7/dist-packages/neutronclient/v2_0/client.py", line 
100, in with_params
  2016-02-12 19:46:26.529 19015 ERROR nova.network.neutronv2.api [instance: 
25bf790e-cc4b-42fa-99f2-38f9bb7a004b] ret = self.function(instance, *args, 
**kwargs)
  2016-02-12 19:46:26.529 19015 ERROR nova.network.neutronv2.api [instance: 
25bf790e-cc4b-42fa-99f2-38f9bb7a004b]   File 
"/usr/local/lib/python2.7/dist-packages/neutronclient/v2_0/client.py", line 
525, in create_port
  2016-02-12 19:46:26.529 19015 ERROR nova.network.neutronv2.api [instance: 
25bf790e-cc4b-42fa-99f2-38f9bb7a004b] return self.post(self.ports_path, 
body=body)
  2016-02-12 19:46:26.529 19015 ERROR nova.network.neutronv2.api [instance: 
25bf790e-cc4b-42fa-99f2-38f9bb7a004b]   File 
"/usr/local/lib/python2.7/dist-packages/neutronclient/v2_0/client.py", line 
271, in post
  2016-02-12 19:46:26.529 19015 ERROR nova.network.neutronv2.api [instance: 
25bf790e-cc4b-42fa-99f2-38f9bb7a004b] headers=headers, params=params)
  2016-02-12 19:46:26.529 19015 ERROR nova.network.neutronv2.api [instance: 
25bf790e-cc4b-42fa-99f2-38f9bb7a004b]   File 
"/usr/local/lib/python2.7/dist-packages/neutronclient/v2_0/client.py", line 
206, in do_request
  2016-02-12 19:46:26.529 19015 ERROR nova.network.neutronv2.api [instance: 
25bf790e-cc4b-42fa-99f2-38f9bb7a004b] 
self._handle_fault_response(status_code, replybody)
  2016-02-12 19:46:26.529 19015 ERROR nova.network.neutronv2.api [instance: 
25bf790e-cc4b-42fa-99f2-38f9bb7a004b]   File 
"/usr/local/lib/python2.7/dist-packages/neutronclient/v2_0/client.py", line 
182, in _handle_fault_response
  2016-02-12 19:46:26.529 19015 ERROR nova.network.neutronv2.api [instance: 
25bf790e-cc4b-42fa-99f2-38f9bb7a004b] exception_handler_v20(status_code, 
des_error_body)
  2016-02-12 19:46:26.529 19015 ERROR nova.network.neutronv2.api [instance: 
25bf790e-cc4b-42fa-99f2-38f9bb7a004b]   File 
"/usr/local/lib/python2.7/dist-packages/neutronclient/v2_0/client.py", line 69, 
in exception_handler_v20
  2016-02-12 19:46:26.529 19015 ERROR nova.network.neutronv2.api [instance: 
25bf790e-cc4b-42fa-99f2-38f9bb7a004b] status_code=status_code)
  2016-02-12 19:46:26.529 19015 ERROR nova.network.neutronv2.api [instance: 
25bf790e-cc4b-42fa-99f2-38f9bb7a004b] BadRequest: Invalid input for dns_name. 
Reason: 'tempest-server-tempest-testsecuritygroupsbasicops-22256548-gen-' not a 
valid PQDN or FQDN. Reason: Name 
'tempest-server-tempest-testsecuritygroupsbasicops-22256548-gen-' must not 
start or end with a hyphen..
  2016-02-12 19:46:26.529 19015 ERROR nova.network.neutronv2.api [instance: 
25bf790e-cc4b-42fa-99f2-38f9bb7a004b] 
  2016-02-12

[Yahoo-eng-team] [Bug 1522172] Re: add the new precommit event for security groups

2016-02-15 Thread OpenStack Infra 
Reviewed:  https://review.openstack.org/252755
Committed: 
https://git.openstack.org/cgit/openstack/neutron/commit/?id=c24e9da2f82676d9b9d8c28018bf49c8a294121b
Submitter: Jenkins
Branch:master

commit c24e9da2f82676d9b9d8c28018bf49c8a294121b
Author: Yalei Wang 
Date:   Thu Dec 3 21:38:16 2015 +0800

Add precommit_XXX event for security group and rules

Current BEFORE_CREATE/DELETE/UPDATE event is outside of the DB
transaction. Unlike the precommit primitive in ML2 mech drivers, they
don't work in the same DB transaction of resource, so if we want to
operate the DB in mech driver related to security group, there would be
more unsync issues if we use BEFORE_XXX event directly. Moving the
BEFORE_XXX event inside may also break some current codes, as maybe RPC
call included.

This patch adds new PRECOMMIT_CREATE/DELETE/UPDATE event type for
callback function, and use it in the securitygroup/rules DB transaction.
PRECOMMIT_XXX is in the DB transaction and only purpose is to do DB
operations in its callback. A CallbackFailure will be triggered when
exception comes from the callback of the new event.

Change-Id: Icd2849bd84dab6733a572e8c85f242afcefc6c78
Closes-Bug: #1522172


** Changed in: neutron
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1522172

Title:
  add the new precommit event for security groups

Status in neutron:
  Fix Released

Bug description:
  Neutron has already been able to make the agentless driver receive the 
security
  group BEFORE/AFTER event by neutron callback logic. But this logic still
  lacks the precommit function, like in Ml2 mechanism driver, which guarantees 
that the
  mechanism driver DB and neutron DB operation are in the same transaction.
  Because the MD may want to have the event callback function and hope its own 
DB
  operation in the same transaction with neutron securitygroup db.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1522172/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1545695] Re: L3 agent: traceback is suppressed on floating ip setup failure

2016-02-15 Thread OpenStack Infra 
Reviewed:  https://review.openstack.org/280194
Committed: 
https://git.openstack.org/cgit/openstack/neutron/commit/?id=3188b458fd29bbd7711277bc337c0dacbaab4b9e
Submitter: Jenkins
Branch:master

commit 3188b458fd29bbd7711277bc337c0dacbaab4b9e
Author: Oleg Bondarev 
Date:   Mon Feb 15 15:39:59 2016 +0300

L3 agent: log traceback on floating ip setup failure

Currently l3 agent suppresses exception traceback and just
raises new FloatingIpSetupException so it's impossible to see
actual issue from logs.
The patch adds LOG.exception() to the exception handler before
reraising.

Closes-Bug: #1545695
Change-Id: Ia4557473c7e362f98a564475527b97ee6d0178f9


** Changed in: neutron
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1545695

Title:
  L3 agent: traceback is suppressed on floating ip setup failure

Status in neutron:
  Fix Released

Bug description:
  Following traceback says nothing about actual exception and makes it
  hard to debug issues:

  2016-02-10 05:26:54.025 682 ERROR neutron.agent.l3.router_info [-] L3 agent 
failure to setup floating IPs
  2016-02-10 05:26:54.025 682 TRACE neutron.agent.l3.router_info Traceback 
(most recent call last):
  2016-02-10 05:26:54.025 682 TRACE neutron.agent.l3.router_info File 
"/usr/lib/python2.7/dist-packages/neutron/agent/l3/router_info.py", line 604, 
in process_external
  2016-02-10 05:26:54.025 682 TRACE neutron.agent.l3.router_info fip_statuses = 
self.configure_fip_addresses(interface_name)
  2016-02-10 05:26:54.025 682 TRACE neutron.agent.l3.router_info File 
"/usr/lib/python2.7/dist-packages/neutron/agent/l3/router_info.py", line 268, 
in configure_fip_addresses
  2016-02-10 05:26:54.025 682 TRACE neutron.agent.l3.router_info raise 
n_exc.FloatingIpSetupException('L3 agent failure to setup '
  2016-02-10 05:26:54.025 682 TRACE neutron.agent.l3.router_info 
FloatingIpSetupException: L3 agent failure to setup floating IPs

  Need to log actual exception with traceback before reraising.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1545695/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1545042] Re: New i9n tests exceptions_captured context manager introduce a bug in failure reports

2016-02-15 Thread OpenStack Infra 
Reviewed:  https://review.openstack.org/279614
Committed: 
https://git.openstack.org/cgit/openstack/horizon/commit/?id=d1f08df329da7561142757ac292fd426782f0608
Submitter: Jenkins
Branch:master

commit d1f08df329da7561142757ac292fd426782f0608
Author: Timur Sufiev 
Date:   Fri Feb 12 18:43:50 2016 +0300

Fix exceptions_captured manager in i9n tests

Recently introduced manager handled only 'bad' failure scenarios when
Selenium became non responsive and caused again cryptic failures for
failures that were perfectly reported before exceptions_captured
introduction. Now both kind of (responsive and non responsive
Selenium) failures are addressed inside it.

Change-Id: I564b5e8b35fb2e84c27374bcac8a49cb6262b058
Closes-Bug: #1545042


** Changed in: horizon
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1545042

Title:
  New i9n tests exceptions_captured context manager introduce a bug in
  failure reports

Status in OpenStack Dashboard (Horizon):
  Fix Released

Bug description:
  If test fails in a non-fatal for Selenium way and it's still able to
  fetch page source/ browser log/ screenshot that data is not added to
  TestCase reports because of lines like
  
https://github.com/openstack/horizon/blob/master/openstack_dashboard/test/integration_tests/helpers.py#L127
  where `content` gets thrown away once we return from block
  
https://github.com/openstack/horizon/blob/master/openstack_dashboard/test/integration_tests/helpers.py#L106

  To mitigate that we need to use a container instead of single
  reference.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1545042/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1545789] Re: keystone ADMIN_TOKEN set by default can lead to default insecure deployment

2016-02-15 Thread Tristan Cacqueray 
Agreed on the B1 (insecure default value), and I added an OSSN task for an 
eventual Security Note.
Thank!

** Also affects: ossn
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1545789

Title:
  keystone ADMIN_TOKEN set by default can lead to default insecure
  deployment

Status in OpenStack Identity (keystone):
  Triaged
Status in OpenStack Security Notes:
  New

Bug description:
  The Keystone configuration sets the ADMIN_TOKEN option to "ADMIN" by
  default, which means that unless the deployment specifically changes
  this value to a secure value, the filter "admin_auth_token" will
  accept the value of "ADMIN" as an all-access administrative token for
  the openstack deployment (when interacting with keystone).

  
https://github.com/openstack/keystone/blob/406fbfaa2689255fb54cf1eb07403f392c735c53/keystone/common/config.py#L49-L56

  The fix will be to make this value "None" by default, and if the
  option is unset, the "admin_token_auth" filter will simply pass,
  continuing to allow normal credentials to work.

  This is a CLASS B1 (my assessment) https://security.openstack.org/vmt-
  process.html#incident-report-taxonomy

  This bug was opened so we can issue an OSSA/OSSN with the fix.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1545789/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1545814] [NEW] Tablecontroller should use ctrl instead of scope

2016-02-15 Thread Thai Tran 
Public bug reported:

horizon.framework.widgets.table.controller:TableController currently
uses $scope for selected and numSelected. It should use ctrl as
suggested by JP's guide.

** Affects: horizon
 Importance: Medium
 Assignee: Thai Tran (tqtran)
 Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1545814

Title:
  Tablecontroller should use ctrl instead of scope

Status in OpenStack Dashboard (Horizon):
  New

Bug description:
  horizon.framework.widgets.table.controller:TableController currently
  uses $scope for selected and numSelected. It should use ctrl as
  suggested by JP's guide.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1545814/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1542815] Re: rbac-list response will report wrong object_type

2016-02-15 Thread OpenStack Infra 
Reviewed:  https://review.openstack.org/279030
Committed: 
https://git.openstack.org/cgit/openstack/neutron/commit/?id=957c21113fc5848925c13a3128a23243ee99fa30
Submitter: Jenkins
Branch:master

commit 957c21113fc5848925c13a3128a23243ee99fa30
Author: Kevin Benton 
Date:   Thu Feb 11 01:47:07 2016 -0800

Get rid of UnionModel for RBAC

The union model approach was completely broken because it
didn't keep track of which model each result actually was.

This patch just strips it out and replaces get_rbac_policies
with queries to each model. This will mean pagination is broken
once multiple rbac types are in place, but everything else should
work fine.

Co-Authored-By: Haim Daniel 

Closes-Bug: #1542815
Change-Id: I1e91aa22d093d50e5a9d318f24d09bb65e072246


** Changed in: neutron
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1542815

Title:
  rbac-list response will report  wrong object_type

Status in neutron:
  Fix Released

Bug description:
  This will happen when a new rbac table shall be introduced. The cause is the 
usage of the CommonDbMixin._union_model_query(). The current code flow joins  
SQL SELECT results from several rbac tables (per rbac object type). However, 
the resulting sqlalchemy union list from several  tables contains the db_model 
type of the first table plus the output rows from all the other tables, causing 
the REST response of 'rbac-list' to contain the wrong object type. 
  E.g: rbac-list on the following db_schema:

  networkrbacs table: {id=ID1, target_tenant=ID2, object_id=ID3, ...}
  qospolicyrbacs table: empty

  will result in REST response:
  {"target_tenant": ID2, "object_type": "qos_policy", "object_id": ID3}

  The issue hasn't appeared yeat, since there's only a single rbac type
  (network) at the moment.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1542815/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1399249] Re: Neutron openvswitch-agent doesn't recover ports from binding_failed status

2016-02-15 Thread OpenStack Infra 
Reviewed:  https://review.openstack.org/162260
Committed: 
https://git.openstack.org/cgit/openstack/neutron/commit/?id=63fe3a418c685ca90077f1dd4c35fd9ccf586fca
Submitter: Jenkins
Branch:master

commit 63fe3a418c685ca90077f1dd4c35fd9ccf586fca
Author: Ihar Hrachyshka 
Date:   Mon Mar 9 18:05:18 2015 +0100

Add the rebinding chance in _bind_port_if_needed

Make function _bind_port_if_needed to bind at least one time when the port's
binding status passed in is already in binding_failed.

This is the second attempt to introduce the patch (the first one was
reverted due to regression that broke Ironic), now with proper
notification sent even when binding attempt failed.

The patch also fixes several cases when we attempted to notify with a
binding context that was not committed into database.

The patch changes _attempt_binding to call _commit_port_binding only
with the binding final state:
1. Successful binding: will just call _commit_port_binding.
2. Unsuccessful binding: will call _commit_port_binding at the final
attempt to bind the port.
This is in order to refrain from reverts, with will really complicate
things even  more.

Co-Authored-By: Yalei Wang 
Co-Authored-By: Nir Magnezi 
Co-Authored-By: John Schwarz 
Change-Id: I437290affd8eb87177d0626bf7935a165859cbdd
Closes-Bug: #1399249


** Changed in: neutron
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1399249

Title:
  Neutron openvswitch-agent doesn't recover ports from binding_failed
  status

Status in neutron:
  Fix Released

Bug description:
  Ports created when neutron-openvswitch-agent is down are in status
  down and "binding:vif_type=binding_failed" which is as it should be.
  When the agent is rebooted it should be able to recreate the ports
  according to the DB, but instead it logs a WARNING and creates the
  port with status DOWN. only solution is to delete the port and create
  it again

  From agent log:
  2014-12-04 16:53:00.559 16319 WARNING 
neutron.plugins.openvswitch.agent.ovs_neutron_agent 
[req-2dcc9141-7439-450a-bb2a-fe31ab577f47 None] Device 
3dc73917-93b1-4f6d-a2e1-90c74cea6de7 not defined on plugin

  Recreation steps:

  shut down ovs-agent and wait for neutron to notice:

  [root@RHEL7Server ~]# systemctl stop neutron-openvswitch-agent.service
  [root@RHEL7Server ~(keystone_admin)]# neutron agent-list | grep open
  | 2d97bbd1-b937-4b19-8205-4167bbcb659d | Open vSwitch agent | node_29  | xxx  
 | True   | neutron-openvswitch-agent |

  create router and attach it to network
  [root@RHEL7Server ~(keystone_admin)]# neutron router-create myrouter --ha 
False
  Created a new router:
  +---+--+
  | Field | Value|
  +---+--+
  | admin_state_up| True |
  | distributed   | False|
  | external_gateway_info |  |
  | ha| False|
  | id| 8210f453-2a17-400e-ae32-74aa1503d0a5 |
  | name  | myrouter |
  | routes|  |
  | status| ACTIVE   |
  | tenant_id | 183611eb84204b839e43d97c081973c0 |
  +---+--+
  [root@RHEL7Server ~(keystone_admin)]# neutron router-interface-add myrouter 
private
  Added interface 3dc73917-93b1-4f6d-a2e1-90c74cea6de7 to router myrouter.
  [root@RHEL7Server ~(keystone_admin)]# neutron l3-agent-list-hosting-router 
myrouter
  +--+-++---+
  | id   | host| admin_state_up | alive |
  +--+-++---+
  | 0110d49c-59dd-496c-a2a3-549a2ad4ba4d | node_29 | True   | :-)   |
  +--+-++---+

  Port will show status DOWN, and "binding_failed"
  [root@RHEL7Server ~(keystone_admin)]# neutron port-show 
3dc73917-93b1-4f6d-a2e1-90c74cea6de7
  
+---+-+
  | Field | Value   
|
  
+---+-+
  | admin_state_up| True

[Yahoo-eng-team] [Bug 1545789] [NEW] keystone ADMIN_TOKEN set by default can lead to default insecure deployment

2016-02-15 Thread Morgan Fainberg 
*** This bug is a security vulnerability ***

Public security bug reported:

The Keystone configuration sets the ADMIN_TOKEN option to "ADMIN" by
default, which means that unless the deployment specifically changes
this value to a secure value, the filter "admin_auth_token" will accept
the value of "ADMIN" as an all-access administrative token for the
openstack deployment (when interacting with keystone).

https://github.com/openstack/keystone/blob/406fbfaa2689255fb54cf1eb07403f392c735c53/keystone/common/config.py#L49-L56

The fix will be to make this value "None" by default, and if the option
is unset, the "admin_token_auth" filter will simply pass, continuing to
allow normal credentials to work.

This is a CLASS B1 (my assessment) https://security.openstack.org/vmt-
process.html#incident-report-taxonomy

This bug was opened so we can issue an OSSA/OSSN with the fix.

** Affects: keystone
 Importance: Medium
 Assignee: Adam Young (ayoung)
 Status: Triaged

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1545789

Title:
  keystone ADMIN_TOKEN set by default can lead to default insecure
  deployment

Status in OpenStack Identity (keystone):
  Triaged

Bug description:
  The Keystone configuration sets the ADMIN_TOKEN option to "ADMIN" by
  default, which means that unless the deployment specifically changes
  this value to a secure value, the filter "admin_auth_token" will
  accept the value of "ADMIN" as an all-access administrative token for
  the openstack deployment (when interacting with keystone).

  
https://github.com/openstack/keystone/blob/406fbfaa2689255fb54cf1eb07403f392c735c53/keystone/common/config.py#L49-L56

  The fix will be to make this value "None" by default, and if the
  option is unset, the "admin_token_auth" filter will simply pass,
  continuing to allow normal credentials to work.

  This is a CLASS B1 (my assessment) https://security.openstack.org/vmt-
  process.html#incident-report-taxonomy

  This bug was opened so we can issue an OSSA/OSSN with the fix.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1545789/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1537267] Re: release request for networking-sfc in Mitaka time frame

2016-02-15 Thread Kyle Mestery 
It looks like this was already done, though I have no idea who did it
[1].

[1] https://pypi.python.org/pypi/networking-sfc/1.0.0

** Changed in: neutron
   Status: New => Confirmed

** Changed in: neutron
   Status: Confirmed => Fix Released

** Changed in: neutron
Milestone: None => mitaka-3

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1537267

Title:
  release request for networking-sfc in Mitaka time frame

Status in networking-sfc:
  New
Status in neutron:
  Fix Released

Bug description:
  Branch: stable/mitaka
  We also has stable/liberty branch for release against liberty branch code 
base and would like to release it too.

  The release of networking-sfc contains feature support for service function 
chaining.
  release version: 1.0.0

  All code patches have been reviewed (open for review and collecting
  comments for a very long time) and merged. Test scripts have also been
  merged. In addition, comprehensive end-to-end integration testing
  within the same subnet and across different subnets with many
  different CLI combinations have been tested. The community project
  team has agreed that the codes are ready for release so that more
  people can give it a try and give input on future enhancement.

To manage notifications about this bug go to:
https://bugs.launchpad.net/networking-sfc/+bug/1537267/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1515672] Re: XenServer attach second Cinder volume failed

2016-02-15 Thread Matt Riedemann 
** Also affects: nova/liberty
   Importance: Undecided
   Status: New

** Changed in: nova/liberty
   Status: New => In Progress

** Changed in: nova/liberty
 Assignee: (unassigned) => Kevin Bringard (kbringard)

** Changed in: nova/liberty
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1515672

Title:
  XenServer attach second Cinder volume failed

Status in OpenStack Compute (nova):
  Fix Released
Status in OpenStack Compute (nova) liberty series:
  In Progress

Bug description:
  With some Cinder backends (specifically those that provide multiple
  LUNs over the same IQN), XenServer cannot attach multiple disks to a
  VM.

  Openstack  kilo version nova-compute 2015.1.1-1.el7

  Logs from nova-compute after attaching second volume to xenserver
  host:

  2015-11-12 18:36:50.250 996 ERROR nova.virt.block_device 
[req-42ee1d90-2e83-41d3-aaec-3f928170b60d cb348d90ade04049b30e2d41a985e2d4 
596095f4da8b4eddbfbbe1774e762bf4 - - -] [instance: 
901b2692-e337-4358-80df-8408ce626352] Driver failed to attach volume 
a7ce4570-e35b-4db8-9502-8c33e790280a at /dev/xvdc
  ...
  2015-11-12 18:36:50.250 996 TRACE nova.virt.block_device [instance: 
901b2692-e337-4358-80df-8408ce626352] session.call_xenapi("SR.scan", sr_ref)
  ...
  2015-11-12 18:36:50.250 996 TRACE nova.virt.block_device [instance: 
901b2692-e337-4358-80df-8408ce626352] Failure: ['SR_BACKEND_FAILURE_40', '', 
'The SR scan failed  [opterr=[\'INTERNAL_ERROR\', 
\'Db_exn.Uniqueness_constraint_violation("VDI", "uuid", 
"70b87c59-e01a-be46-6f43-d927e3871669")\']]', '']

  Reproduction steps

  1. create first cinder volume on storage array - seen with a storwize 7000. 
(cinder create)
  2. attach that volume to instance VM reside on xenserver host (first volume 
attached ok). (nova volume-attach)
  3. create second cinder volume on storage array.
  4. attach second cinder volume to instance VM on the same xenserver host as 
in step 2.
  5. attach second volume failed

  Expected result:

  Second volume attached ok and gets available to VM instance

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1515672/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1545761] [NEW] admin_token_auth 'deprecation' actually removes it from the pipelines

2016-02-15 Thread John Trowbridge 
Public bug reported:

The admin_token_auth filter was meant to be deprecated in this
commit.[1] However, instead it was removed from the pipelines in  etc
/keystone-paste.ini. This makes it a breaking change for consumers of
the puppet modules (and probably others) that rely on the
admin_token_auth filter for initial endpoint setup.

We need to leave the admin_token_auth filter in those pipelines until
the deprecation period is over in the O release.

[1]
https://github.com/openstack/keystone/commit/5286b4a297b5a94895a311a9e564aa87cb54dbfd

** Affects: keystone
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1545761

Title:
  admin_token_auth 'deprecation' actually removes it from the pipelines

Status in OpenStack Identity (keystone):
  New

Bug description:
  The admin_token_auth filter was meant to be deprecated in this
  commit.[1] However, instead it was removed from the pipelines in  etc
  /keystone-paste.ini. This makes it a breaking change for consumers of
  the puppet modules (and probably others) that rely on the
  admin_token_auth filter for initial endpoint setup.

  We need to leave the admin_token_auth filter in those pipelines until
  the deprecation period is over in the O release.

  [1]
  
https://github.com/openstack/keystone/commit/5286b4a297b5a94895a311a9e564aa87cb54dbfd

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1545761/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1479214] Re: nova can't attach volume to specific device name

2016-02-15 Thread Matt Riedemann 
I'm marking the nova bug as won't fix since this is working as designed
for the libvirt driver since liberty, the libvirt driver ignores the
requested device name now. It was never really working with the
requested device name, you'd just get lucky if it worked. Things are
more explicit now.

I've added the openstack-api-site project to this bug since we should
update the volume attach API docs to note this wrinkle.

** Also affects: openstack-manuals
   Importance: Undecided
   Status: New

** Also affects: openstack-api-site
   Importance: Undecided
   Status: New

** No longer affects: openstack-manuals

** Changed in: nova
   Status: Confirmed => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1479214

Title:
  nova can't attach volume to specific device name

Status in OpenStack Compute (nova):
  Won't Fix
Status in openstack-api-site:
  New

Bug description:
  Nova attach volume cli support one option named device, it can specify this 
volume  where to mount.
  But it doesn't work. Volume will be attached to device which is determined by 
nova compute.

  Maybe this bug was caused at following code:
  
https://github.com/openstack/nova/blob/c5db407bb22e453a4bca22de1860bb6ce6090782/nova/virt/libvirt/driver.py#L6823
  It will ignore device name which user assign, then auto select disk from 
blockinfo.

  My nova git environment is 
  nova: 14d00296b179fcf115cf13d37b2f0b5b734d298d

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1479214/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1488208] Re: Revoking a role assignment revokes unscoped tokens too

2016-02-15 Thread Brant Knudson 
** Changed in: keystone/kilo
   Status: Fix Released => In Progress

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1488208

Title:
  Revoking a role assignment revokes unscoped tokens too

Status in OpenStack Identity (keystone):
  Fix Released
Status in OpenStack Identity (keystone) kilo series:
  In Progress

Bug description:
  When you delete a role assignment using a user+role+project pairing,
  unscoped tokens between the user+project are unnecessarily revoked as
  well. In fact, two events are created for each role assignment
  deletion (one that is scoped correctly and one that is scoped too
  broadly).

  The test failure in https://review.openstack.org/#/c/216236/
  illustrates this issue:

http://logs.openstack.org/36/216236/1/check/gate-keystone-
  python27/3f44af1/

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1488208/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1545748] [NEW] API Guide source grammar and typo fixes

2016-02-15 Thread Waldemar Znoinski 
Public bug reported:

There is a number of grammar issues and typos in the API Guide source in Nova.
This bug report attempts to highlight the ones found on and around 2016-02-15 
by me.

commit reviewed:
278b16e Jenkins on 1/21/16 at 4:09 AM (committed by Gerrit Code Review on 
1/21/16 at 4:09 AM)
Merge "Make sure that we always have a parent_addr set"

Review link with proposed fix to follow shortly.

** Affects: nova
 Importance: Undecided
 Assignee: Waldemar Znoinski (wznoinsk)
 Status: New

** Changed in: nova
 Assignee: (unassigned) => Waldemar Znoinski (wznoinsk)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1545748

Title:
  API Guide source grammar and typo fixes

Status in OpenStack Compute (nova):
  New

Bug description:
  There is a number of grammar issues and typos in the API Guide source in Nova.
  This bug report attempts to highlight the ones found on and around 2016-02-15 
by me.

  commit reviewed:
  278b16e Jenkins on 1/21/16 at 4:09 AM (committed by Gerrit Code Review on 
1/21/16 at 4:09 AM)
  Merge "Make sure that we always have a parent_addr set"

  Review link with proposed fix to follow shortly.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1545748/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1542491] Re: Scheduler update_aggregates race causes incorrect aggregate information

2016-02-15 Thread Sylvain Bauza 
** Tags removed: race-condition

** Changed in: ubuntu
   Status: New => Invalid

** Changed in: nova
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1542491

Title:
  Scheduler update_aggregates race causes incorrect aggregate
  information

Status in OpenStack Compute (nova):
  Incomplete
Status in Ubuntu:
  Invalid

Bug description:
  It appears that if nova-api receives simultaneous requests to add a
  server to a host aggregate, then a race occurs that can lead to nova-
  scheduler having incorrect aggregate information in memory.

  One observed effect of this is that sometimes nova-scheduler will
  think a smaller number of hosts are a member of the aggregate than is
  in the nova database and will filter out a host that should not be
  filtered.

  Restarting nova-scheduler fixes the issue, as it reloads the aggregate
  information on startup.

  Nova package versions: 1:2015.1.2-0ubuntu2~cloud0

  Reproduce steps:

  Create a new os-aggregate and then populate an os-aggregate with
  simultaneous API POSTs, note timestamps:

  2016-02-04 20:17:08.538 13648 INFO nova.osapi_compute.wsgi.server 
[req-d07a006e-134a-46d8-9815-6becec5b185c 41812fc01c6549ac8ed15c6dab05c670 
326d453c2bd440b4a7160489b632d0a8 - - -] 10.120.13.3 "POST 
/v2.1/326d453c2bd440b4a7160489b632d0a8/os-aggregates HTTP/1.1" status: 200 len: 
439 time: 0.1865470
  2016-02-04 20:17:09.204 13648 INFO nova.osapi_compute.wsgi.server 
[req-a0402297-9337-46d6-96d2-066e230e45e1 41812fc01c6549ac8ed15c6dab05c670 
326d453c2bd440b4a7160489b632d0a8 - - -] 10.120.13.2 "POST 
/v2.1/326d453c2bd440b4a7160489b632d0a8/os-aggregates/1/action HTTP/1.1" status: 
200 len: 506 time: 0.2995598
  2016-02-04 20:17:09.243 13648 INFO nova.osapi_compute.wsgi.server 
[req-0f543525-c34e-418a-91a9-894d714ee95b 41812fc01c6549ac8ed15c6dab05c670 
326d453c2bd440b4a7160489b632d0a8 - - -] 10.120.13.2 "POST 
/v2.1/326d453c2bd440b4a7160489b632d0a8/os-aggregates/1/action HTTP/1.1" status: 
200 len: 519 time: 0.3140590
  2016-02-04 20:17:09.273 13649 INFO nova.osapi_compute.wsgi.server 
[req-2f8d80b0-726f-4126-a8ab-a2eae3f1a385 41812fc01c6549ac8ed15c6dab05c670 
326d453c2bd440b4a7160489b632d0a8 - - -] 10.120.13.2 "POST 
/v2.1/326d453c2bd440b4a7160489b632d0a8/os-aggregates/1/action HTTP/1.1" status: 
200 len: 506 time: 0.3759601
  2016-02-04 20:17:09.275 13649 INFO nova.osapi_compute.wsgi.server 
[req-80ab6c86-e521-4bf0-ab67-4de9d0eccdd3 41812fc01c6549ac8ed15c6dab05c670 
326d453c2bd440b4a7160489b632d0a8 - - -] 10.120.13.1 "POST 
/v2.1/326d453c2bd440b4a7160489b632d0a8/os-aggregates/1/action HTTP/1.1" status: 
200 len: 506 time: 0.3433032

  Schedule a VM

  Expected Result:
  nova-scheduler Availability Zone filter returns all members of the aggregate

  Actual Result:
  nova-scheduler believes there is only one hypervisor in the aggregate. The 
number will vary as it is a race:

  2016-02-05 07:48:04.411 13600 DEBUG nova.filters 
[req-c24338b5-a3b8-4864-8140-04ea6fbcf68f 41812fc01c6549ac8ed15c6dab05c670 
326d453c2bd440b4a7160489b632d0a8 - - -] Starting with 4 host(s) 
get_filtered_objects /usr/lib/python2.7/dist-packages/nova/filters.py:70
  2016-02-05 07:48:04.411 13600 DEBUG nova.filters 
[req-c24338b5-a3b8-4864-8140-04ea6fbcf68f 41812fc01c6549ac8ed15c6dab05c670 
326d453c2bd440b4a7160489b632d0a8 - - -] Filter RetryFilter returned 4 host(s) 
get_filtered_objects /usr/lib/python2.7/dist-packages/nova/filters.py:84
  2016-02-05 07:48:04.412 13600 DEBUG 
nova.scheduler.filters.availability_zone_filter 
[req-c24338b5-a3b8-4864-8140-04ea6fbcf68f 41812fc01c6549ac8ed15c6dab05c670 
326d453c2bd440b4a7160489b632d0a8 - - -] Availability Zone 'temp' requested. 
(oshv0, oshv0) ram:122691 disk:13404160 io_ops:0 instances:0 has AZs: nova 
host_passes 
/usr/lib/python2.7/dist-packages/nova/scheduler/filters/availability_zone_filter.py:62
  2016-02-05 07:48:04.412 13600 DEBUG 
nova.scheduler.filters.availability_zone_filter 
[req-c24338b5-a3b8-4864-8140-04ea6fbcf68f 41812fc01c6549ac8ed15c6dab05c670 
326d453c2bd440b4a7160489b632d0a8 - - -] Availability Zone 'temp' requested. 
(oshv2, oshv2) ram:122691 disk:13403136 io_ops:0 instances:0 has AZs: nova 
host_passes 
/usr/lib/python2.7/dist-packages/nova/scheduler/filters/availability_zone_filter.py:62
  2016-02-05 07:48:04.413 13600 DEBUG 
nova.scheduler.filters.availability_zone_filter 
[req-c24338b5-a3b8-4864-8140-04ea6fbcf68f 41812fc01c6549ac8ed15c6dab05c670 
326d453c2bd440b4a7160489b632d0a8 - - -] Availability Zone 'temp' requested. 
(oshv1, oshv1) ram:122691 disk:13404160 io_ops:0 instances:0 has AZs: nova 
host_passes 
/usr/lib/python2.7/dist-packages/nova/scheduler/filters/availability_zone_filter.py:62
  2016-02-05 07:48:04.413 13600 DEBUG nova.filters 
[req-c24338b5-a3b8-4864-8140-04ea6fbcf68f 41812fc01c6549ac8ed15c6dab05c670 
326d453c2bd440b4a7160489b632d0a8 - - -] Filter

[Yahoo-eng-team] [Bug 1545732] [NEW] glance v2 api: standard user can update other user's public metadefs

2016-02-15 Thread Stuart McLaren 
*** This bug is a security vulnerability ***

Private security bug reported:

If project 'd12bddf60e4649b2a2cf6a2cc7520d79' owns a global namespace:

 $ openstack token issue
 ++--+
 | Field  | Value|
 ++--+
 | expires| 2016-02-15T14:23:21Z |
 | id | 7b8b9c6347f54d4ca5f543704068a0bb |
 | project_id | d12bddf60e4649b2a2cf6a2cc7520d79 |
 | user_id| e543889c522c46018c6a8f3ff71c1859 |
 ++--+

 $ glance md-namespace-show NS1001
 ++--+
 | Property   | Value|
 ++--+
 | created_at | 2016-02-15T12:56:09Z |
 | namespace  | NS1001   |
 | objects| ["ob1"]  |
 | owner  | d12bddf60e4649b2a2cf6a2cc7520d79 |
 | protected  | False|
 | schema | /v2/schemas/metadefs/namespace   |
 | updated_at | 2016-02-15T12:56:09Z |
 | visibility | public   |
 ++--+

Another project can update that namespace (eg with a new object):
 
 $ openstack token issue 
 ++--+
 | Field  | Value|
 ++--+
 | expires| 2016-02-15T14:25:09.152643Z  |
 | id | 0df5acec2b884f3c8cff744b4c4f66d0 |
 | project_id | c4f1b829b3af4775abdc9d70059eac10 | <<<
 | user_id| 10f27b7f965a47f98a828e4b342c03fd |
 ++--+


 $ glance md-object-create --name objectx --schema {} NS1001
 ++-+
 | Property   | Value   |
 ++-+
 | created_at | 2016-02-15T13:25:33Z|
 | name   | objectx |
 | schema | /v2/schemas/metadefs/object |
 | updated_at | 2016-02-15T13:25:33Z|
 ++-+


This seems to also be possible if the namespace is owned by 'admin':

  

 $ glance md-object-create --name objectx --schema {} 
OS::Compute::GuestMemoryBacking
 ++-+
 | Property   | Value   |
 ++-+
 | created_at | 2016-02-15T13:28:11Z|
 | name   | objectx |
 | schema | /v2/schemas/metadefs/object |
 | updated_at | 2016-02-15T13:28:11Z| 
 ++-+


 $ glance md-namespace-show OS::Compute::GuestMemoryBacking
 
++--+
 | Property   | Value   
 |
 
++--+
 | created_at | 2016-02-08T13:37:48Z
 |
 | description| This provides the preferred backing option for 
guest RAM. Guest's memory can be  |
 || backed by hugepages to limit TLB lookups. See 
also:  |
 || 
https://wiki.openstack.org/wiki/VirtDriverGuestCPUMemoryPlacement   
 |
 | display_name   | Guest Memory Backing
 |
 | namespace  | OS::Compute::GuestMemoryBacking 
 |
 | objects| ["objectx"] 
 |
 | owner  | admin   
 |
 | properties | ["mem_page_size"]   
 |
 | protected  | True
 |
 | resource_type_associations | ["OS::Glance::Image", "OS::Cinder::Volume", 
"OS::Nova::Flavor"]  |
 | schema | /v2/schemas/metadefs/namespace  
 |
 | visibility | public  
 | 
 
++--+

 

 $ glance md-property-create --name propx --title title1 --schema 
'{"description": "x", "type":"string"}'  OS::Compute::GuestMemoryBacking
 +-++
 | Property| Value  |
 +-++
 | description | x  |
 | name

[Yahoo-eng-team] [Bug 1545731] [NEW] Improper handling/validation for fields passed in "flavor create" command.

2016-02-15 Thread Sheel Rana 
Public bug reported:

nova flavor-create sheel_flavor  09 1 1 1
ERROR (BadRequest): Invalid input for field/attribute name. Value: 
sheel_flavor. u'sheel_flavor\U0001f30b' does not match u'^(?![\\ 
\\\xa0\\\u1680\\\u180e\\\u2000\\\u2001\\\u2002\\\u2003\\\u2004\\\u2005\\\u2006\\\u2007\\\u2008\\\u2009\\\u200a\\\u202f\\\u205f\\\u3000])[\\
 
\\!\\"\\#\\$\\%\\&\\\'\\(\\)\\*\\+\\,\\-\\.\\/0123456789\\:\\;\\<\\=\\>\\?\\@ABCDEFGHIJKLMNOPQRSTUVWXYZ\\[\\]\\^\\_\\`abcdefghijklmnopqrstuvwxyz\\{\\|\\}\\~\\\xa0\\\xa1\\\xa2\\\xa3\\\xa4\\\xa5\\\xa6\\\xa7\\\xa8\\\xa9\\\xaa\\\xab\\\xac\\\xae\\\xaf\\\xb0\\\xb1\\\xb2\\\xb3\\\xb4\\\xb5\\\xb6\\\xb7\\\xb8\\\xb9\\\xba\\\xbb\\\xbc\\\xbd\\\xbe\\\xbf\\\xc0\\\xc1\\\xc2\\\xc3\\\xc4\\\xc5\\\xc6\\\xc7\\\xc8\\\xc9\\\xca\\\xcb\\\xcc\\\xcd\\\xce\\\xcf\\\xd0\\\xd1\\\xd2\\\xd3\\\xd4\\\xd5\\\xd6\\\xd7\\\xd8\\\xd9\\\xda\\\xdb\\\xdc\\\xdd\\\xde\\\xdf\\\xe0\\\xe1\\\xe2\\\xe3\\\xe4\\\xe5\\\xe6\\\xe7\\\xe8\\\xe9\\\xea\\\xeb\\\xec\\\xed\\\xee\\\xef\\\xf0\\\xf1\\\xf2\\\xf3\\\xf4\\\xf5\\\xf6\\\xf7\\\xf8\\\xf9\\\xfa\\\xfb\\\xfc\\\xfd\\\xfe\\\xfff\\\



large string of same kind of characters for almost 1000 lines 
"eb\\\xec\\\xed\\\xee\\\xef\\"


\\\uffa7\\\uffa8\\\uffa9\\\uffaa\\\uffab\\\uffac\\\uffad\\\uffae\\\uffaf\\\uffb0\\\uffb1\\\uffb2\\\uffb3\\\uffb4\\\uffb5\\\uffb6\\\uffb7\\\uffb8\\\uffb9\\\uffba\\\uffbb\\\uffbc\\\uffbd\\\uffbe\\\uffc2\\\uffc3\\\uffc4\\\uffc5\\\uffc6\\\uffc7\\\uffca\\\uffcb\\\uffcc\\\uffcd\\\uffce\\\uffcf\\\uffd2\\\uffd3\\\uffd4\\\uffd5\\\uffd6\\\uffd7\\\uffda\\\uffdb\\\uffdc\\\uffe0\\\uffe1\\\uffe2\\\uffe3\\\uffe4\\\uffe5\\\uffe6\\\uffe8\\\uffe9\\\uffea\\\uffeb\\\uffec\\\uffed\\\uffee\\\ufffc\\\ufffd]*(? Sheel Rana (ranasheel2000)

** Summary changed:

- Improper handling of error check in flavor create operation
+ Improper handling/validation for fields passed in "flavor create" command.

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1545731

Title:
  Improper handling/validation for fields passed in "flavor create"
  command.

Status in OpenStack Compute (nova):
  New

Bug description:
  nova flavor-create sheel_flavor  09 1 1 1
  ERROR (BadRequest): Invalid input for field/attribute name. Value: 
sheel_flavor. u'sheel_flavor\U0001f30b' does not match u'^(?![\\ 
\\\xa0\\\u1680\\\u180e\\\u2000\\\u2001\\\u2002\\\u2003\\\u2004\\\u2005\\\u2006\\\u2007\\\u2008\\\u2009\\\u200a\\\u202f\\\u205f\\\u3000])[\\
 
\\!\\"\\#\\$\\%\\&\\\'\\(\\)\\*\\+\\,\\-\\.\\/0123456789\\:\\;\\<\\=\\>\\?\\@ABCDEFGHIJKLMNOPQRSTUVWXYZ\\[\\]\\^\\_\\`abcdefghijklmnopqrstuvwxyz\\{\\|\\}\\~\\\xa0\\\xa1\\\xa2\\\xa3\\\xa4\\\xa5\\\xa6\\\xa7\\\xa8\\\xa9\\\xaa\\\xab\\\xac\\\xae\\\xaf\\\xb0\\\xb1\\\xb2\\\xb3\\\xb4\\\xb5\\\xb6\\\xb7\\\xb8\\\xb9\\\xba\\\xbb\\\xbc\\\xbd\\\xbe\\\xbf\\\xc0\\\xc1\\\xc2\\\xc3\\\xc4\\\xc5\\\xc6\\\xc7\\\xc8\\\xc9\\\xca\\\xcb\\\xcc\\\xcd\\\xce\\\xcf\\\xd0\\\xd1\\\xd2\\\xd3\\\xd4\\\xd5\\\xd6\\\xd7\\\xd8\\\xd9\\\xda\\\xdb\\\xdc\\\xdd\\\xde\\\xdf\\\xe0\\\xe1\\\xe2\\\xe3\\\xe4\\\xe5\\\xe6\\\xe7\\\xe8\\\xe9\\\xea\\\xeb\\\xec\\\xed\\\xee\\\xef\\\xf0\\\xf1\\\xf2\\\xf3\\\xf4\\\xf5\\\xf6\\\xf7\\\xf8\\\xf9\\\xfa\\\xfb\\\xfc\\\xfd\\\xfe\\\xfff\\\

  
  
  large string of same kind of characters for almost 1000 lines 
"eb\\\xec\\\xed\\\xee\\\xef\\"
  

  
\\\uffa7\\\uffa8\\\uffa9\\\uffaa\\\uffab\\\uffac\\\uffad\\\uffae\\\uffaf\\\uffb0\\\uffb1\\\uffb2\\\uffb3\\\uffb4\\\uffb5\\\uffb6\\\uffb7\\\uffb8\\\uffb9\\\uffba\\\uffbb\\\uffbc\\\uffbd\\\uffbe\\\uffc2\\\uffc3\\\uffc4\\\uffc5\\\uffc6\\\uffc7\\\uffca\\\uffcb\\\uffcc\\\uffcd\\\uffce\\\uffcf\\\uffd2\\\uffd3\\\uffd4\\\uffd5\\\uffd6\\\uffd7\\\uffda\\\uffdb\\\uffdc\\\uffe0\\\uffe1\\\uffe2\\\uffe3\\\uffe4\\\uffe5\\\uffe6\\\uffe8\\\uffe9\\\uffea\\\uffeb\\\uffec\\\uffed\\\uffee\\\ufffc\\\ufffd]*(?https://bugs.launchpad.net/nova/+bug/1545731/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe :

[Yahoo-eng-team] [Bug 1545729] [NEW] 4 byte unicode handling for entity names

2016-02-15 Thread Sheel Rana 
Public bug reported:

mysql database does not support 4 byte unicode due to its utf8 character
set.

If any operation is executed with 4byte unicode name, it reports 500 error 
without any proper error message to user.
This will be confusing for user as no information is present about why this 
issue occurred.

Please refer below for details:

nova secgroup-create sheel 
ERROR (ClientException): Unexpected API Error. Please report this at 
http://bugs.launchpad.net/nova/ and attach the Nova API log if possible.
 (HTTP 500) (Request-ID: 
req-a4eef1d6-11fa-4188-b116-ffdf728e04f4)


Bug can be reproduced by simply using 4byte unicode characters in name of 
security group.

This is 100% reproducible.

** Affects: nova
 Importance: Undecided
 Assignee: Sheel Rana (ranasheel2000)
 Status: New

** Changed in: nova
 Assignee: (unassigned) => Sheel Rana (ranasheel2000)

** Description changed:

  mysql database does not support 4 byte unicode due to its utf8 character
  set.
  
- If any operation is executed with 4byte unicode name, it reports 500 error 
without any proper error message to user. 
+ If any operation is executed with 4byte unicode name, it reports 500 error 
without any proper error message to user.
  This will be confusing for user as no information is present about why this 
issue occurred.
  
  Please refer below for details:
  
- nova secgroup-create sheel  
+ nova secgroup-create sheel 
  ERROR (ClientException): Unexpected API Error. Please report this at 
http://bugs.launchpad.net/nova/ and attach the Nova API log if possible.
   (HTTP 500) (Request-ID: 
req-a4eef1d6-11fa-4188-b116-ffdf728e04f4)
+ 
+ 
+ Bug can be reproduced by simply using 4byte unicode characters in name of 
security group.
+ 
+ This is 100% reproducible.

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1545729

Title:
  4 byte unicode handling for entity names

Status in OpenStack Compute (nova):
  New

Bug description:
  mysql database does not support 4 byte unicode due to its utf8
  character set.

  If any operation is executed with 4byte unicode name, it reports 500 error 
without any proper error message to user.
  This will be confusing for user as no information is present about why this 
issue occurred.

  Please refer below for details:

  nova secgroup-create sheel 
  ERROR (ClientException): Unexpected API Error. Please report this at 
http://bugs.launchpad.net/nova/ and attach the Nova API log if possible.
   (HTTP 500) (Request-ID: 
req-a4eef1d6-11fa-4188-b116-ffdf728e04f4)

  
  Bug can be reproduced by simply using 4byte unicode characters in name of 
security group.

  This is 100% reproducible.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1545729/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1545724] [NEW] Pages are not refilled when the first page becomes empty

2016-02-15 Thread Timur Sufiev 
Public bug reported:

Steps to reproduce:

1. Set Items per Page to 1
2. Create 2 instances at Project->Compute
3. Delete the instance of Page 1.
4. Notice that the page 1 is empty now, while Next link is still active and 
redirects us to Page 2 with another Instance.

Expected behavior:

Pages are refilled once the first page becomes empty.

** Affects: horizon
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1545724

Title:
  Pages are not refilled when the first page becomes empty

Status in OpenStack Dashboard (Horizon):
  New

Bug description:
  Steps to reproduce:

  1. Set Items per Page to 1
  2. Create 2 instances at Project->Compute
  3. Delete the instance of Page 1.
  4. Notice that the page 1 is empty now, while Next link is still active and 
redirects us to Page 2 with another Instance.

  Expected behavior:

  Pages are refilled once the first page becomes empty.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1545724/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1523742] Re: illegal video driver for PPC64 little endian system

2016-02-15 Thread OpenStack Infra 
Reviewed:  https://review.openstack.org/279227
Committed: 
https://git.openstack.org/cgit/openstack/nova/commit/?id=87069e7bf788ec4e80bd340bcb97d57117cbc4d2
Submitter: Jenkins
Branch:master

commit 87069e7bf788ec4e80bd340bcb97d57117cbc4d2
Author: Sean Dague 
Date:   Thu Feb 11 13:19:57 2016 -0500

Fix reported ppc64le bug on video selection

ppc64le apparently is the same as other ppc plaforms in it's video
selection. This one line fix was put into a reported bug and addresses
this for people.

Co-Authored-By: xiaojinwei...@163.com

Change-Id: I44283f19823bf39159633fa93f575e306bcf1970
Closes-Bug: #1523742


** Changed in: nova
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1523742

Title:
  illegal video driver for PPC64 little endian system

Status in OpenStack Compute (nova):
  Fix Released
Status in OpenStack Compute (nova) liberty series:
  Confirmed

Bug description:
  for openstack kilo version, when creating a instance,   libvirt creates 
cirrus video type in template xml file  while is not supported for  PPC64 
little endian system.  I debug the code and finally find mistake in function 
_add_video_driver of file nova/virt/libvirt/driver.py
  In function,  there is a logic that video driver is determinded by guest 
arch.   If arch is in (PPC, PPC64) then return vga, otherwise video driver is 
determined by other options.  For PPC64 little endian system,  guest arch is 
PPC64LE so that video driver is determined by other option (In our environment, 
with kvm virt type and spice disabled , video driver is determined by 
hw_video_model)  which makes video driver is cirrus .  Exception happens when 
creating vm instance because cirrus video driver is not supported on power 
hardware.
  I  add PPC64LE arch in the guestarch option and it does works.   The patch 
will be attached.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1523742/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1543105] Re: Artifacts code conceals what/where errors happened during plugin loading

2016-02-15 Thread OpenStack Infra 
Reviewed:  https://review.openstack.org/277378
Committed: 
https://git.openstack.org/cgit/openstack/glance/commit/?id=a3e19a0abe1e68daaf90cfcd6db9e6056cf10db2
Submitter: Jenkins
Branch:master

commit a3e19a0abe1e68daaf90cfcd6db9e6056cf10db2
Author: Kirill Zaitsev 
Date:   Mon Feb 8 15:58:58 2016 +0300

Promote log message to exception level on artifact load failure

Before this patch exact place of where the error happened during
artifact load was hard to pinpoint, because it was not shown in the
stacktrace. With this change exception is no longer just converted to
string and printed, but also a stacktrace of exact location of the error
is printed

Change-Id: I1442b6743e77e2aa47a708ae1c38d7c4a54b8cd1
Closes-Bug: #1543105


** Changed in: glance
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1543105

Title:
  Artifacts code conceals what/where errors happened during plugin
  loading

Status in Glance:
  Fix Released

Bug description:
  Currently exception is converted to string and we get smth like 
  "2016-02-08 15:47:53.218 12604 ERROR glance.common.artifacts.loader [-] Could 
not load plugin from assets.glance_image.v1.package: __init__() got multiple 
values for keyword argument 'mutable'
  "
  and the stacktrace shown later conceals the place where the actual error has 
happened.

  this doesn't help much with debugging plugin code. It would be great
  to have relevant stacktrace printed on errors in artifact definitions.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1543105/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1542612] Re: Add Network Port selection to instance launch

2016-02-15 Thread Itxaka Serrano 
** Changed in: horizon
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1542612

Title:
  Add Network Port selection to instance launch

Status in OpenStack Dashboard (Horizon):
  Invalid
Status in openstack-manuals:
  In Progress

Bug description:
  https://review.openstack.org/271248
  Dear bug triager. This bug was created since a commit was marked with 
DOCIMPACT.
  Your project "openstack/horizon" is set up so that we directly report the 
documentation bugs against it. If this needs changing, the docimpact-group 
option needs to be added for the project. You can ask the OpenStack infra team 
(#openstack-infra on freenode) for help if you need to.

  commit c0aab9adf38004df53973a6f35905f3d708a4791
  Author: Itxaka 
  Date:   Fri Jan 22 00:33:13 2016 +0100

  Add Network Port selection to instance launch
  
  Adds a new step to the launch instance wizard
  to select any available ports to attach on launch.
  Modifies the existing tests to take the new step
  and calls insto consideration.
  
  DocImpact: Add port info to user-guide/dashboard_launch_instances.html
  Change-Id: I97b24be0d75b69638aeb52bda7d0d0541a80663a
  Implements: blueprint allow-launching-ports

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1542612/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1545695] [NEW] L3 agent: traceback is suppressed on floating ip setup failure

2016-02-15 Thread Oleg Bondarev 
Public bug reported:

Following traceback says nothing about actual exception and makes it
hard to debug issues:

2016-02-10 05:26:54.025 682 ERROR neutron.agent.l3.router_info [-] L3 agent 
failure to setup floating IPs
2016-02-10 05:26:54.025 682 TRACE neutron.agent.l3.router_info Traceback (most 
recent call last):
2016-02-10 05:26:54.025 682 TRACE neutron.agent.l3.router_info File 
"/usr/lib/python2.7/dist-packages/neutron/agent/l3/router_info.py", line 604, 
in process_external
2016-02-10 05:26:54.025 682 TRACE neutron.agent.l3.router_info fip_statuses = 
self.configure_fip_addresses(interface_name)
2016-02-10 05:26:54.025 682 TRACE neutron.agent.l3.router_info File 
"/usr/lib/python2.7/dist-packages/neutron/agent/l3/router_info.py", line 268, 
in configure_fip_addresses
2016-02-10 05:26:54.025 682 TRACE neutron.agent.l3.router_info raise 
n_exc.FloatingIpSetupException('L3 agent failure to setup '
2016-02-10 05:26:54.025 682 TRACE neutron.agent.l3.router_info 
FloatingIpSetupException: L3 agent failure to setup floating IPs

Need to log actual exception with traceback before reraising.

** Affects: neutron
 Importance: Low
 Assignee: Oleg Bondarev (obondarev)
 Status: New


** Tags: l3-ipam-dhcp

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1545695

Title:
  L3 agent: traceback is suppressed on floating ip setup failure

Status in neutron:
  New

Bug description:
  Following traceback says nothing about actual exception and makes it
  hard to debug issues:

  2016-02-10 05:26:54.025 682 ERROR neutron.agent.l3.router_info [-] L3 agent 
failure to setup floating IPs
  2016-02-10 05:26:54.025 682 TRACE neutron.agent.l3.router_info Traceback 
(most recent call last):
  2016-02-10 05:26:54.025 682 TRACE neutron.agent.l3.router_info File 
"/usr/lib/python2.7/dist-packages/neutron/agent/l3/router_info.py", line 604, 
in process_external
  2016-02-10 05:26:54.025 682 TRACE neutron.agent.l3.router_info fip_statuses = 
self.configure_fip_addresses(interface_name)
  2016-02-10 05:26:54.025 682 TRACE neutron.agent.l3.router_info File 
"/usr/lib/python2.7/dist-packages/neutron/agent/l3/router_info.py", line 268, 
in configure_fip_addresses
  2016-02-10 05:26:54.025 682 TRACE neutron.agent.l3.router_info raise 
n_exc.FloatingIpSetupException('L3 agent failure to setup '
  2016-02-10 05:26:54.025 682 TRACE neutron.agent.l3.router_info 
FloatingIpSetupException: L3 agent failure to setup floating IPs

  Need to log actual exception with traceback before reraising.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1545695/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1538896] Re: nova flavor-show raises 500 error if flavor is deleted

2016-02-15 Thread OpenStack Infra 
Reviewed:  https://review.openstack.org/279413
Committed: 
https://git.openstack.org/cgit/openstack/nova/commit/?id=4184f985011ddcca08ae695bb9793794037a0b04
Submitter: Jenkins
Branch:master

commit 4184f985011ddcca08ae695bb9793794037a0b04
Author: bhagyashris 
Date:   Thu Feb 4 01:21:49 2016 -0800

Fix 500 error for showing deleted flavor details

Displaying deleted flavor details throws 500 internal server error.
Added 404 HttpNotFound status code in "@extension.expected_errors".

APIImpact: Return 404 status code for list extra specs
for a deleted flavor.

Closes-Bug: #1538896

Change-Id: Iba33296c28c3c3d6ba60052fe434107ac9c00c61


** Changed in: nova
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1538896

Title:
  nova flavor-show  raises 500 error if flavor is deleted

Status in OpenStack Compute (nova):
  Fix Released

Bug description:
  Reproducible on latest master.

  Tried to show deleted flavor then it raises 500 error.

  Steps to reproduce:

  1. Create flavor
  $ nova flavor-create m2.test 10 1200 12 8

  2. Delete flavor
  $ nova flavor-delete 10

  3. Show deleted flavor
  $ nova flavor-show 10

  ERROR (ClientException): Unexpected API Error. Please report this at
  http://bugs.launchpad.net/nova/ and attach the Nova API log if
  possible.  (HTTP 500) (Request-ID:
  req-4f77f74c-2234-4beb-9875-157364bdd964)

  Nova api logs:
  -

   from (pid=31454) _http_log_response 
/usr/local/lib/python2.7/dist-packages/keystoneauth1/session.py:254
  2016-01-27 15:28:14.067 DEBUG nova.api.openstack.wsgi 
[req-15b4f90e-332b-4e96-b839-8cd931605e42 admin demo] Calling method '>' from (pid=31454) _process_stack 
/opt/stack/nova/nova/api/openstack/wsgi.py:699
  2016-01-27 15:28:14.082 ERROR nova.api.openstack.extensions 
[req-15b4f90e-332b-4e96-b839-8cd931605e42 admin demo] Unexpected exception in 
API method
  2016-01-27 15:28:14.082 TRACE nova.api.openstack.extensions Traceback (most 
recent call last):
  2016-01-27 15:28:14.082 TRACE nova.api.openstack.extensions   File 
"/opt/stack/nova/nova/api/openstack/extensions.py", line 478, in wrapped
  2016-01-27 15:28:14.082 TRACE nova.api.openstack.extensions return 
f(*args, **kwargs)
  2016-01-27 15:28:14.082 TRACE nova.api.openstack.extensions   File 
"/opt/stack/nova/nova/api/openstack/compute/flavors_extraspecs.py", line 60, in 
index
  2016-01-27 15:28:14.082 TRACE nova.api.openstack.extensions return 
self._get_extra_specs(context, flavor_id)
  2016-01-27 15:28:14.082 TRACE nova.api.openstack.extensions   File 
"/opt/stack/nova/nova/api/openstack/compute/flavors_extraspecs.py", line 39, in 
_get_extra_specs
  2016-01-27 15:28:14.082 TRACE nova.api.openstack.extensions flavor = 
common.get_flavor(context, flavor_id)
  2016-01-27 15:28:14.082 TRACE nova.api.openstack.extensions   File 
"/opt/stack/nova/nova/api/openstack/common.py", line 543, in get_flavor
  2016-01-27 15:28:14.082 TRACE nova.api.openstack.extensions raise 
exc.HTTPNotFound(explanation=error.format_message())
  2016-01-27 15:28:14.082 TRACE nova.api.openstack.extensions HTTPNotFound: 
Flavor 122 could not be found.
  2016-01-27 15:28:14.082 TRACE nova.api.openstack.extensions
  2016-01-27 15:28:14.085 INFO nova.api.openstack.wsgi 
[req-15b4f90e-332b-4e96-b839-8cd931605e42 admin demo] HTTP exception thrown: 
Unexpected API Error. Please report this at http://bugs.launchpad.net/nova/ and 
attach the Nova API log if possible.
  
  2016-01-27 15:28:14.086 DEBUG nova.api.openstack.wsgi 
[req-15b4f90e-332b-4e96-b839-8cd931605e42 admin demo] Returning 500 to user: 
Unexpected API Error. Please report this at http://bugs.launchpad.net/nova/ and 
attach the Nova API log if possible.
   from (pid=31454) __call__ 
/opt/stack/nova/nova/api/openstack/wsgi.py:1070
  2016-01-27 15:28:14.097 INFO nova.osapi_compute.wsgi.server 
[req-15b4f90e-332b-4e96-b839-8cd931605e42 admin demo] 10.69.4.177 "GET 
/v2.1/982e2fc081364cf889d959b27d4bd510/flavors/122/os-extra_specs HTTP/1.1" 
status: 500 len: 499 time: 0.1559708

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1538896/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1543318] Re: Token for trust does not expand implied roles

2016-02-15 Thread OpenStack Infra 
Reviewed:  https://review.openstack.org/279835
Committed: 
https://git.openstack.org/cgit/openstack/keystone/commit/?id=790b8c22bea9336abe2ce301fda5962021974ded
Submitter: Jenkins
Branch:master

commit 790b8c22bea9336abe2ce301fda5962021974ded
Author: Adam Young 
Date:   Fri Feb 12 18:16:05 2016 -0500

Expand implied roles in trust tokens

Closes-Bug: 1543318

Change-Id: Iadcedaec184c7ca14ecd6ad5035265a310e2d5d2


** Changed in: keystone
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1543318

Title:
  Token for trust does not expand implied roles

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  def test_trusts_from_implied_role(self):
  self._create_three_roles()
  self._create_implied_role(self.role_list[0], self.role_list[1])
  self._create_implied_role(self.role_list[1], self.role_list[2])
  self._assign_top_role_to_user_on_project(self.user, self.project)

  # Create a trustee and assign the prior role to her
  trustee = unit.create_user(self.identity_api, 
domain_id=self.domain_id)
  ref = unit.new_trust_ref(
  trustor_user_id=self.user['id'],
  trustee_user_id=trustee['id'],
  project_id=self.project['id'],
  role_ids=[self.role_list[0]['id']])
  r = self.post('/OS-TRUST/trusts', body={'trust': ref})
  trust = r.result['trust']

  # Only the role that was specified is in the trust, NOT implies roles
  self.assertEqual(self.role_list[0]['id'], trust['roles'][0]['id'])
  self.assertThat(trust['roles'], matchers.HasLength(1))

  # Authenticate as the trustee
  auth_data = self.build_authentication_request(
  user_id=trustee['id'],
  password=trustee['password'],
  trust_id=trust['id'])
  r = self.v3_create_token(auth_data)
  token = r.result['token']

  # This fails
  self.assertThat(token['roles'], matchers.HasLength(3))

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1543318/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1545655] [NEW] A close icon in the upper right don't show in Update Metadata

2016-02-15 Thread Kenji Ishii 
Public bug reported:

A close icon in the upper right can close modal dialog.
Other modal dialog have this icon but Update Metadata dialog don't have it.
When we use a browser with not maximize window, it often needs a scroll 
operation.
Therefore it is better to add icon in the upper right to cancel the modal, same 
as other modals.

** Affects: horizon
 Importance: Undecided
 Assignee: Kenji Ishii (ken-ishii)
 Status: New

** Changed in: horizon
 Assignee: (unassigned) => Kenji Ishii (ken-ishii)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1545655

Title:
  A close icon in the upper right don't show in Update Metadata

Status in OpenStack Dashboard (Horizon):
  New

Bug description:
  A close icon in the upper right can close modal dialog.
  Other modal dialog have this icon but Update Metadata dialog don't have it.
  When we use a browser with not maximize window, it often needs a scroll 
operation.
  Therefore it is better to add icon in the upper right to cancel the modal, 
same as other modals.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1545655/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp