Hey Boden,
It's not scheduled to be fixed in the Folsom release, the linkages to
milestones and such indicate that.
The original developer that proposed a patch disappeared in that flow, so it
stagnated. Adam just picked it up and assigned it to himself though to dig
around on it - so perhaps
LDAP entirely for the backend instead of the SQL backed
mechanisms, then you'd need a replicated/failover cluster for LDAP as well.
-joe
On Mon, 27 Aug 2012 09:46:41 -0700, Joseph Heck wrote
Hi Pat,
On Aug 27, 2012, at 8:09 AM, pat p...@xvalheru.org wrote:
I have two questions regarding
Hi Pat,
On Aug 27, 2012, at 8:09 AM, pat p...@xvalheru.org wrote:
I have two questions regarding OpenStack Keystone:
Q1) The Folsom release supports domains. The domain can contain more tenants
and tenant cannot be shared between domains. Is this right? I think so, but
want to be sure.
I'm
Trinath -
it sounds like PyPi was slow and/or hung. That happens upon occasion (and has
caused much grief). I'm guessing by the time I'm responding to this, it's
cleared up for you. Are you able to run through devstack now without issue?
- joe
On Aug 23, 2012, at 1:39 AM, Trinath Somanchi
One of two things -
either the file doesn't exist in that location, or the process running it
doesn't have permissions to see the file.
Does the file exist at /etc/keystone/logging.conf?
Devstack tries to set that up in the right location in stack.sh at line 2038 -
did that fail when you ran
In the V3 Keystone API, we asserted that we wanted filter functions, but didn't
go to the length of defining a sort_key and sort_direction in the API spec.
ref:
https://docs.google.com/document/d/1VP-bTBbwsn6q-rDzuS9CEKb2ubE1VjbWRFd4BkkjoOY/edit?pli=1
-joe
On Aug 20, 2012, at 10:05 AM, Brian
The basic support for SSL has been readded to Keystone earlier this release
cycle, alough theres still a few pieces trickling through the pipeline (recent
updates to keystone client to allow for self-signed certs).
It needs testing, and I dont know that we yet have good deployment option docs
Hey Maru,
I think you're putting too many words in Adam's mouth here. First, Adam didnt
assert is wasnt valuable, useful, or nessecary - simply that it wasnt in the
first cut and not in the list that we agreed was critically essential to an
initial implementation. As you noted, its a complex
Thanks Jay!
On Jul 23, 2012, at 9:49 AM, Jay Pipes wrote:
On 07/21/2012 02:57 AM, Joseph Heck wrote:
Hey Nachi
If by this you mean the idea that a request ID is created at a user request
action, and then propagated through all relevant systems and API calls to
make tracing
Perhaps a poor analogy with email - The domain is an arbitrary string that's
intended for tenant isolation in large openstack environments. It's a place to
hang policy so that you can delegate things like password changing (where the
keystone backend supports it) to someone other than the
...@lists.launchpad.net] On Behalf
Of Ryan Lane
Sent: 17 July 2012 20:43
To: Adam Young
Cc: Joseph Heck; openstack
Subject: Re: [Openstack] [Keystone] Quotas: LDAP Help
I haven't been thinking about quotas, so bear with me here. A few
thoughts:
Certain deployments might not be able to touch the LDAP backend
In the V2 API, there's no update available - it's just create/delete.
-joe
On Jul 13, 2012, at 5:19 AM, Antonio Manuel Muñiz Martín wrote:
There are no method update_service here [1], so I think update is
not possible, am I right?
Thanks,
Antonio.
[1]
During Tuesday's keystone meeting
(http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-07-10-18.01.html
if you're curious), we reviewed the work that we'd originally lined up against
Folsom and did a check against the time remaining in the development cycle
Thanks again to everyone that read, commented, and suggested improvements into
the Keystone V3 API. This process has been immensely valuable, although far
more time consuming than I expected.
I've created a 3rd draft, now available at
Pete-
not quite accurate on the ports. Both ports are used in Keystone in the Essex
release. 35357 is the one registered with IANA, and is the administrative
port in that only administrative accounts can call in REST API's there. Port
5000 is the public port when you've got it configured in
Congrats to Adam Young - now a member of Keystone Core. For those of you who
don't know, Adam drove the initial LDAP backend implementation for the new
keystone architecture, and has been the driving force (technically and code)
behind getting PKI enabled within Keystone for signed tokens as we
I'm for it.
On Jun 26, 2012, at 9:17 AM, Jay Pipes wrote:
++
-jay
On 06/26/2012 10:02 AM, Monty Taylor wrote:
Hey guys!
We have all of the projects properly and consistently building and
uploading sphinx docs from in tree. This is pretty exciting, because it
means one more resource
, XML docs, devstack, and the code) for a
parameter that can be easily tweaked ?
-Mandar
-Original Message-
From: openstack-bounces+mandar.vaze=nttdata@lists.launchpad.net
[mailto:openstack-bounces+mandar.vaze=nttdata@lists.launchpad.net] On
Behalf Of Joseph Heck
Sent
: Thursday, June 21, 2012 10:40 AM
To: Joseph Heck; Vaze, Mandar
Cc: openstack@lists.launchpad.net
Subject: Re: [Openstack] [keystone] Keystone on port 5000 - proposing
change default port to 8770
+1 for an IANA-registered public port. I wonder why we registered the
admin port
Alexey -
where's the library of common that you've put together? Is it committed to
openstack-common? somewhere else?
-joe
On Jun 19, 2012, at 9:43 AM, Alexey Ababilov wrote:
Unfortunately, nova, keystone, and glance clients are very inconsistent. A
lot of code is copied between all these
Draft 2 of the V3 Core Keystone API is now available for comment:
https://docs.google.com/document/d/1_TkawQIa52eSBfS4pv_nx1SJeoBghIlGVZsRJJynKAM/edit
In this revision, I've
* updated the token structure a bit - to match the new resources
* changed how the associations or user-tenant
P.S. the X-Subject-Token stuff is breaking HTTP; you need to either put the
token (or a facsimile for it) in the URL, or put Vary: Subject-Token in EVERY
response those resources generate. The former is preferred; this is over TLS,
right? Sorry I didn't see that earlier.
P.P.S If it's
On Jun 8, 2012, at 8:38 PM, Dolph Mathews wrote:
On Jun 8, 2012, at 6:47 PM, Nguyen, Liem Manh liem_m_ngu...@hp.com wrote:
Hi Joe/Dolph,
I have a few questions on the v3 API’s create_user (sorry the comments
section in the Google docs is getting pretty cluttered now):
(POST) /users
First a thank you to everyone who's swung by to read (and some comment) on the
V3 draft at
https://docs.google.com/document/d/1s9C4EMxIZ55kZr62CKEC9ip7He_Q4_g1KRfSk9hY-Sg/edit?pli=1.
It's been immensely useful.
To clear up a bit of confusion I caused (sorry Jay!) - there were *no* example
Hi Caitlin,
A user is able to be associated with multiple tenants in the current API as
well - this API just attempt to make is significantly more clear what you're
asking for and what you're getting back. It was one of the earliest requests
and requirements of the auth system.
For the
Good morning,
I wanted to announce that we have the first strawman/draft of a V3 API for
Keystone available for comment and feedback. This is an early draft, and I
expect there to be more than one.
https://docs.google.com/document/d/1s9C4EMxIZ55kZr62CKEC9ip7He_Q4_g1KRfSk9hY-Sg/edit
Next OpenStack Seattle meetup is Thursday evening, BTW - at HP's offices:
http://www.meetup.com/OpenStack-Seattle/events/58239262/
On May 21, 2012, at 12:23 PM, Sriram Subramanian wrote:
There is a lot of openstackers around including me. What are you upto with
openstack?
Some of
Coming out of the Keystone meeting from today
(http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-15-18.02.html),
I thought it worth mentioning that adam young has been doing some tremendous
lifting in terms of looking at adding in PKI support to Keystone.
Guang,
I think you need to re-read the code. The association between a user and tenant
is what the role represents, and its inaccurate to assert that a user is
aligned only with a single tenant ever, that is not the case.
A role is no longer global, specifically to avoid the tremendous
users are defined as globally unique in keystone
what's anvil?
-joe
On May 9, 2012, at 1:46 PM, Joshua Harlow wrote:
A question,
I am using anvil to setup the keystone roles/users/tenants.
It seems like the python keystone client has the following command:
client.users.create
The service-list should give you a list of the services in the catalog, driven
by the template. What's in your catalog file at
/etc/keystone/default_catalog.templates? It sounds like it's empty - that's
what it's reading to report on services. You won't be able to use any of the
add/remove
Morning Leander,
The key file is what's in your nova api-paste.ini file - it's what is defining
the WSGI pipeline that loads up the various bits that set context. What version
of Nova and Keystone are you running?
I rather suspect you might have updated your code without also getting the
@lists.launchpad.net] On Behalf
Of Joe Savak
Sent: Tuesday, April 24, 2012 1:04 PM
To: Joseph Heck; openstack@lists.launchpad.net (openstack@lists.launchpad.net)
Cc: Adam Gandelman
Subject: Re: [Openstack] [Keystone] What exactly are we modeling with
endpoints?
Having endpoints under the service construct
While I've been roaming about the summit and conference, I've been trying to
figure out exactly what we're modeling with the current service and
endpoints that are in the API today. After talking with a number of folks,
it's getting clearer that how it's being used is very installation
Poking around through all various mechanisms we have to test and verify
OpenStack - does anyone have a concise writeup on the various tools and
techniques that we're using?
I'm not familiar with the stubs or mock libraries, and a little familiar
with mox.
Is anyone who is familiar with them
- Cloud Services
Nimbis Services, Inc.
www.nimbisservices.com
On Apr 8, 2012, at 4:06 PM, Joseph Heck wrote:
Poking around through all various mechanisms we have to test and verify
OpenStack - does anyone have a concise writeup on the various tools and
techniques that we're using
I think Dean Troyer was going to take an even farther stance at the Summit. A
unified client for all the core projects (and OpenStack client) instead of
the proliferation of separate clients that we have. As we got into really
testing the Essex release these past weeks, it because pretty clear
Hey Tony,
Slightly related - I'm getting a valid link form the dashboard that gets to
VNCProxy and such, but the page that comes active reports a Server timeout.
Any idea how to diagnose this and what's happened/not responded?
, Anthony Young wrote:
Joe - can you pastie your nova.conf from your compute host? The most
relevant flags are vncserver_proxyclient_address and vncserver_listen
On Thu, Mar 29, 2012 at 2:21 PM, Joseph Heck he...@me.com wrote:
Hey Tony,
Slightly related - I'm getting a valid link form
/vnc_auto.html
that should be vncserver_listen
A
On Thu, Mar 29, 2012 at 2:42 PM, Joseph Heck he...@me.com wrote:
http://pastie.org/3694439
The compute host is 172.18.1.1 with my instance (TTY, named zerglet)
The nova vncproxy code is running at 172.17.1.50 - both have direct access
, Joseph Heck wrote:
thank you - morons-r-us is trying that suggestion right now...
-joe
On Mar 29, 2012, at 3:01 PM, Anthony Young wrote:
Joe - looks like it could just be a typo:
1
2
3
--vncserver_list=172.18.1.1
--vncserver_proxyclient_address=172.18.1.1
--novncproxy_base_url=http
Florian -
Would love to have some docs patches!
-joe
On Mar 23, 2012, at 6:04 AM, Florian Daniel Otel wrote:
Thanks Jay for the in-depth explanation, it actually does make sense :)
Sorry for the late reply -- I had to to change my Keystone, Swift and Glance
setup and digest the
Those were great bugs too - sorry you hit them, but thanks to you and Jay for
reporting them in! We're working on them now!
-joe
On Mar 14, 2012, at 1:45 AM, Kevin Jackson wrote:
Shep,
Those steps are great. I'll be running through them, the devstack and any
other info I've collated and
Yeah, one service tenant, and then service accounts for each of nova, glance,
quantum, swift. I've got a review that's updating this detail in the keystone
docs right now (https://review.openstack.org/#change,5348)
The catalog can be either the template (in which case, you don't use commands,
For keystone, we are writing migration docs from Diablo - both with and without
keystone configurations. We've implemented export and import mechanisms to
bring in data to the new keystone instance, so it's mostly a matter of just
explaining how to use it.
-joe
On Mar 1, 2012, at 7:34 AM,
Good morning!
For those that don't know me, I'm Joe Heck - and I'm running (along with Andy
(termie)) for Keystone PTL. Regardless of what you vote there, I want to get
your attention for the state of Keystone today.
In the keystone meeting today
Happy Friday (hopefully it's friday when you get this...)
As keystone is getting into a new baseline, we're actively going through the
bug list and blueprints and re-assessing based on the updated codebase. As
we're getting into the details, we want to try and stay as close to the road as
Of Joseph Heck
Sent: Friday, February 17, 2012 12:59 PM
To: OpenStack Mailing List
Subject: [Openstack] Keystone Use Cases and User Stores
Happy Friday (hopefully it's friday when you get this...)
As keystone is getting into a new baseline, we're actively going through the
bug list
+100 - I know there was a huge amount of effort that went into making this
happen from a lot of people. I'm Looking forward to seeing it come live!
-joe
On Dec 29, 2011, at 2:51 PM, James E. Blair wrote:
Having said that, the Jenkins job has been running in silent mode on
master for several
I totally agree with Anne that the documentation in this split up format is
very hard to both find and parse. It's not inaccurate, so much as it leaves a
gaping hole in understanding what is and isn't available when you have 9+
documents to read and they're not really interlinked.
The effort I
That's almost always a reference to gettext - the module used for
internationalization. In this case, it's a bug where accessing that method
isn't also getting a few lines that import gettext lined up into it.
import gettext
gettext.install(glance, unicode=1)
I've filed it for you as bug
The dashboard (project Horizon) depends on these today to interact with the
REST API's to provide a user interface today.
-joe
On Nov 7, 2011, at 1:25 PM, Caitlin Bestler wrote:
Monty Taylor wrote:
OpenStack projects that need to depend on these will reference the git repo
of the project
The dashboard (project Horizon) depends on these today to interact with the
REST API's to provide a user interface today.
-joe
On Nov 7, 2011, at 1:25 PM, Caitlin Bestler wrote:
Monty Taylor wrote:
OpenStack projects that need to depend on these will reference the git repo
of the project
That's just what it sees today - the only one of the service endpoints that
uses all three (right now anyway) is Keystone itself. Can you share a different
pattern that you're interested in seeing supported?
-joe
On Oct 31, 2011, at 9:46 AM, Marcelo Martins wrote:
What makes keystone assume
an endpointTemplate, then
keystone should be smart enough to identify the type given and only accept
the number of URLs needed for such type of service.
Marcelo Martins
Openstack-swift
btorch...@zeroaccess.org
On Oct 31, 2011, at 1:40 PM, Joseph Heck wrote:
That's just what it sees today
There is an openVswitch driver for quantum right now, and i believe Nicira has
a proprietary driver available as well, based on OpenFlow. there is a netstack
group taht would be a good place to get more involved if you wanted to be
involved with developing a quantum driver:
the ones like netstack are related to specific development teams within
OpenStack, and I don't think there's a consolidated list anywhere (although you
could update that Wiki page). Not all the projects have sub-lists, in fact it's
relatively rare, as there's been a concerted effort to keep
Well said John.
-joe
On Oct 28, 2011, at 8:26 AM, John Dickinson wrote:
On Oct 28, 2011, at 10:04 AM, Ed Leafe wrote:
Swift had the advantage of starting out as a closed source project that
only had to serve a single master, and thus didn't need external
orchestration to keep it on
Liem,
There's some newer documentation that we just created at keystone.openstack.org
related to setting up and configuring Keystone. Look into the page at
http://keystone.openstack.org/configuring.html, which also has detail on how to
configure Nova to work with Keystone.
-joe
On Oct 28,
I'm working on that with the transition right now - we hope to get it back in
place shortly, and are working through some of the issues of getting this
backed with Gerrit now.
-joe
On Oct 28, 2011, at 1:53 PM, Kiall Mac Innes wrote:
Hi Devin,
Should we expect a diablo/stable branch? I'm
I like the idea - but I don't know what it would take to create it. I don't
think openstack.org or docs.openstack.org content sites are managed in a repo.
I believe I heard that Todd Morey was managing those sites, but I might be
wrong.
-joe
On Oct 28, 2011, at 4:38 PM, Stefano Maffulli
) because I'm waiting for feedback from the
Keystone team on some questions based on what I wrote for internal consumption.
-joe
On Oct 28, 2011, at 4:26 PM, Jay Pipes wrote:
On Fri, Oct 28, 2011 at 7:18 PM, Stefano Maffulli stef...@openstack.org
wrote:
On Fri, 2011-10-28 at 13:17 -0700, Joseph
awake at night).
-S
From: Mark Nottingham [m...@mnot.net]
Sent: Thursday, October 27, 2011 10:38 AM
To: Sandy Walsh
Cc: Mellquist, Peter; Joseph Heck; openstack@lists.launchpad.net
Subject: Re: [Openstack] +1, All services should have WADLs
I'm
On Oct 27, 2011, at 9:19 AM, Vishvananda Ishaya wrote:
On Oct 25, 2011, at 12:05 PM, Joseph Heck wrote:
Q: What's the keystone-manage command for credential add do? There's also
no corresponding delete or disable - is this password update for the
passwords that are set on keystone-manage
to keystone
which uses it. We don't really do anything with them in the nova code per se.
Vish
On Oct 27, 2011, at 9:22 AM, Joseph Heck wrote:
On Oct 27, 2011, at 9:19 AM, Vishvananda Ishaya wrote:
On Oct 25, 2011, at 12:05 PM, Joseph Heck wrote:
Q: What's the keystone-manage command
done, and we'll be releasing a WADL normalizer that puts the WADL in an easer
to process form.
Joe, I'd love to hear more about what you're trying to accomplish. Maybe we
can help you leverage the tools we have to accomplish them.
-jOrGe W.
On Oct 27, 2011, at 10:51 AM, Joseph Heck
Have you been testing and/or working with a specific hub from the list on that
wiki page (http://code.google.com/p/pubsubhubbub/wiki/Hubs)?
What I'm wondering is how we could set up a notification system that would be
highly available (i.e. two nodes or a failover mechanism) that wouldn't
I expect this is going to open a nasty can of worms... today we don't have a
consistent way of describing the APIs for the various services. I saw Nati's
bug (https://launchpad.net/bugs/881621), which implies that all the services
should have a WADL somewhere describing the API.
I'm not a huge
On Oct 25, 2011, at 12:54 PM, Jesse Andrews wrote:
I'm not an expert ... adding some comments
On Tue, Oct 25, 2011 at 12:05 PM, Joseph Heck he...@me.com wrote:
I've just dropped in place a bunch of developer documentation (RST) for
Keystone - one in, one pending (https
for tasks to get us to outcomes is all we're lacking. QA Team, let me know
how the Docs Team can work with you here.
Anne
Anne Gentle
a...@openstack.org
my blog | my book | LinkedIn | Delicious | Twitter
On Tue, Oct 25, 2011 at 2:41 PM, Joseph Heck he...@mac.com wrote:
I expect
with you here.
Anne
Anne Gentle
a...@openstack.org
my blog | my book | LinkedIn | Delicious | Twitter
On Tue, Oct 25, 2011 at 2:41 PM, Joseph Heck he...@mac.com wrote:
I expect this is going to open a nasty can of worms... today we don't have a
consistent way of describing the APIs
That's exactly what I'm poking at (and what Nati has started doing as well). I
was trying to see if there was a consistent way to describe all the API
endpoints that could be used to document the combined set.
The raw description is clearly insufficient, so how best to create a final
product
.3 means 3rd quarter
I noticed that the developer docs aren't grabbing the version correctly to
place them in when rendering... is keystone.version() the right place to get
that information?
If so, I'll make that edit to get it into the developer docs generation.
-joe
On Oct 24, 2011, at
What you've described is a great unit testing framework, but with integration
testing you need recognition that some tests are dependent of specific system
state - and therefore can not be run blindly in parallel.
Some can, just not all - and often the most expedient way to get a system in a
On Oct 19, 2011, at 7:26 PM, Joseph Heck wrote:
What you've described is a great unit testing framework, but with
integration testing you need recognition that some tests are dependent of
specific system state - and therefore can not be run blindly in parallel.
Some can, just not all
Hi Sudhakar -
I'm not terribly familiar with xtreemFS, but glancing at their website, it
looks like it's replicated block-volume mechanism not unlink gluster or ceph.
There is no plugin or back-end that takes the Nova block volume components and
uses this - if it supports an iSCSI interface
Swift support is in the dashboard, and is configured entirely by Keystone, upon
which Dashboard depends for the API endpoints from its service catalog. You
will need swift and dashboard both configured in Keystone to get the
operability.
- joe
On Oct 7, 2011, at 11:20 AM, Khaled Ben Bahri
That code update has already landed - its actually in the Diablo release, just
not the default mechanism as yet. Carrot should be fully deprecated by the
Essex release in favor of the Kombu AMQP library
-joe
On Oct 6, 2011, at 4:18 AM, Armaan wrote:
i am asking this question out curiosity,
Can we clone this into the Openstack repo so that it's clear:
a) there is a central set of openstack integration and functional tests
b) that it is THE place to add in common, cross-cutting tests
I don't really care which setup we use as the OpenStack project - Soren's is
fine, just needs to be
It will be tomorrow - I'll be making changes to track the shifting repos this
weekend.
-joe
On Sep 15, 2011, at 10:40 PM, 董志斌 atk...@gmail.com wrote:
Hi,
but quantum project no git ,
2011/9/16 Jae Sang Lee hyan...@gmail.com
Hi.
launchpad glance repo is not running, change
Good morning,
I've installed Diablo from packages (from trunk) yesterday on Ubuntu 11.04 -
and have a single instance setup working just fine for firing up instances,
shutting them down, etc.
I then attempted to add a computing node to that setup, but have been unable to
get instances to fire
It was for the bexar release. In Cactus and in the current trunk, the dashboard
has continued to evolve, most recently (trunk only) adding swift support.
Dashboard is an incubating project within Openstack. The trunk development is
on Github at https://github.com/4P/openstack-dashboard/,
Openstack currently supports back through Python 2.6 and includes Python 2.7 -
as far as I know, we're not aiming to support any Python 3.x versions as yet.
-joe
On Jul 20, 2011, at 1:04 PM, Debo Dutta (dedutta) wrote:
Some of us were discussing about the official stand on what version of
Afternoon!
I ran into an issue with the multi-nic addition that just hit trunk - wanted to
see how best to resolve or if this is a bug.
The signature for the create() method in NetworkCommands (in
nova/bin/nova-manage) changed - which means that the existing docs to create a
network:
, at 12:06 PM, Joseph Heck wrote:
Afternoon!
I ran into an issue with the multi-nic addition that just hit trunk - wanted
to see how best to resolve or if this is a bug.
The signature for the create() method in NetworkCommands (in
nova/bin/nova-manage) changed - which means
I beg to differ on the value of XML to enterprise customers - My perception is
that validation of the data structure and valid values is important, but that
doesn't mean it needs to be XML. The same can be done with JSON (although
there's not the fancy validators set up for that), and JSON is
86 matches
Mail list logo