Re: [Openstack] How to re-create a stack with devstack

[nandakumar raghavan]

Hi Vish,

Thanks. I just have a weird thought. Based on the stack.sh logs I
understand that when I run stack.sh second time it simply spawns all the
services.
Ex: I saw the below in stack.sh log

' screen -S stack -p n-net -X stuff 'cd /opt/stack/nova &&
/opt/stack/nova/bin/nova-network
+ screen_it n-sch 'cd /opt/stack/nova && /opt/stack/nova/bin/nova-scheduler'

Can I write my own upstart script that will start all the services when the
system is booting instead of running stack.sh manually, might be a script
which init can execute while booting? Will that be ok for connecting to the
dashboard again?

Thanks,
NandaKumar Raghavan

On Fri, Jan 27, 2012 at 12:15 PM, Vishvananda Ishaya
wrote:

> That is correct.  Devstack is primarily for development.  It isn't really
> designed to be a production ready system.
>
> Vish
>
> On Jan 26, 2012, at 10:18 PM, nandakumar raghavan wrote:
>
> Hi,
>
> I have similar query. I had installed open stack using devstack on a
> freshly installed stand-alone machine(not vm). For the first time once the
> stack.sh is completed I was able to connect to the dashboard and all the
> services are up and running. Once I rebooted the box, all my settings are
> gone and I am not able to connect the dashboard as none of the services
> were running. I had to run stack.sh again and I was able to connect to the
> dashboard. Whether installing open stack using devstack is not persistent
> across reboots? Running stack.sh again is the only solution or is there any
> other way I can do ?
>
> Thanks in advance.
>
> Regards,
> NandaKumar Raghavan
>
> On Fri, Jan 27, 2012 at 5:13 AM, Naveed Massjouni wrote:
>
>> Awesome authors indeed! Thanks.
>> -Naveed
>>
>> On Thu, Jan 26, 2012 at 6:31 PM, Vishvananda Ishaya
>>  wrote:
>> > looks like the awesome authors of devstack are now handling this for
>> you:
>> >
>> > https://github.com/openstack-dev/devstack/blob/master/stack.sh#L931
>> >
>> > So the instances are destroyed on the second run.
>> >
>> > Vish
>> >
>> > On Jan 26, 2012, at 3:14 PM, Naveed Massjouni wrote:
>> >
>> > That's easy enough, thanks. Sometimes I forget to delete all my
>> > instances before blowing away screen and running ./stack.sh. Just
>> > curious, what happens to all those vm's? Am I building up an army of
>> > zombie vm's that are taking up resources? Or do they disappear into
>> > the ether?
>> > -Naveed
>> >
>> > On Thu, Jan 26, 2012 at 5:53 PM, Vishvananda Ishaya
>> >  wrote:
>> >
>> > There is another thread on this, but the quick answer is;
>> >
>> > killall screen
>> >
>> > ./stack.sh
>> >
>> >
>> > You should generally make sure that you have terminated all instances
>> and
>> > deleted all volumes in advance or you could run into issues.  It is
>> always
>> > safer to start from a clean vm, but the above should work in most cases
>> >
>> >
>> > If you would also like to grab new code:
>> >
>> > killall screen
>> >
>> > cd devstack
>> >
>> > git pull
>> >
>> > RECLONE=yes ./stack.sh
>> >
>> >
>> > Vish
>> >
>> >
>> > On Jan 26, 2012, at 12:58 PM, Naveed Massjouni wrote:
>> >
>> >
>> > I would like to know the proper way to blow away a stack and create a
>> >
>> > fresh stack with devstack. Currently, I hit ctrl-c and ctrl-d a bunch
>> >
>> > of times to close all the windows in the screen session. Then I run
>> >
>> > ./stack.sh again. Is this the best way? Is this documented somewhere?
>> >
>> > Thanks,
>> >
>> > Naveed
>> >
>> >
>> > ___
>> >
>> > Mailing list: https://launchpad.net/~openstack
>> >
>> > Post to : openstack@lists.launchpad.net
>> >
>> > Unsubscribe : https://launchpad.net/~openstack
>> >
>> > More help   : https://help.launchpad.net/ListHelp
>> >
>> >
>> >
>>
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>
>
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Happy Friday!

[Joshua Harlow]

In the spirit of essex-3 devstack v2 should be pretty functional (+- bugs, and 
some missing pieces, haha).

It seems to run horizon, keystone, nova, glance (and clients), db, rabbitmq, 
all correctly.

We are only missing the swift component (TBD - working on it) and minus the 
networking config (TBD - working on it).

Also updates to json pkgs to not have absolute versions (but using apt-gets 
regex support for versions) should be useful to all!

For those that wish to try it out please see if you can follow:

https://github.com/yahoo/Openstack-Devstack2/wiki/Simple-Setup

This was made in the spirit of http://devstack.org/guides/single-machine.html

But uninstalling, installing, stopping, starting should be working (and if you 
ctrl-c while its running this should be recoverable, ie if halfway through a 
install u stop it, uninstall should be able to still uninstall what happened 
before you killed it).

Hopefully in the near future we can make v2 official :-)

Comments/bugs/idears welcome!

-Josh
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] nova/puppet blueprint, and some questions

[Ryan Lane]

>> http://bogott.net/misc/osmpuppet.png
>>
>> That's what it looks like when you configure an instance using Open Stack
>> Manager, which is WikiMedia's VM management interface.  My main priority for
>> adding puppet support to Nova is to facilitate the creation and control of a
>> GUI much like that one.
>
>
>
> Can you explain how your solution works now? You want to inject data into
> the VMs in the proposal, but outside of designating the puppet master, all
> the data for variables and classes should be changes to the puppet master,
> not the instances. That's kind of the whole point of the puppet master.
>
> One thing you really seem to want is RBAC for the nova users.
>
> How are you getting the names for the recipes into your system? Is that sync
> with what is on the puppet master somehow or you are going to do data entry
> and it's all string matching?
>

Right now we are adding puppetvar and puppetclass attributes into LDAP
nodes. An instance uses cloud-init, installs puppet, points puppet at
the right puppet master, and does a puppet run. A puppet master waits
for certificate requests, verifies the instance is in LDAP, then signs
the certificate. The instance's catalogue is generated by the puppet
master, based on the LDAP entry.

>> On 1/26/12 5:03 PM, Andrew Clay Shafer wrote:
>>
>>
>> I'd also like to see more of a service oriented approach and avoid adding
>> tables to nova if possible.
>>
>> I'm not sure the best solution is to come up with a generic service for
>> $configuration_manager for nova core. I'd rather see these implemented as
>> optional first class extensions.
>>
>> This sounds intriguing, but I'll plead ignorance here; can you tell me
>> more about what this would look like, or direct me to an existing analogous
>> service?
>
>
> I don't think there is a good existing example, but I know if the defacto
> way to add functionality in nova is to add tables to the db, that's the path
> to operational and maintenance hell.
>
> That's not just for this integration, but in general.
>
> For openstack to become what it should be, Nova shouldn't be a monolithic
> app on a database.
>
> Even if you wanted to run this on the same node, it probably shouldn't be
> tables in the same database. It should be a separate services with it's own
> db user and scheme then be integrated by apis or maybe adding to wsgi.
>

Well, I think part of the problem is there doesn't seem to be any way
to extend nova core right now. The API is extendable, but actions
generated by existing API can't be modified without hacking at the
core code. This includes database code/schema as well.

Having the tables in the same database isn't problematic as long as we
ensure there aren't naming conflicts. Often the way to handle this is
to have a standardized naming prefix.

> I'm confused how you want to run puppet exactly. The site.pp would typically
> live on the puppet master.
>
> Can you explain more about what you are thinking or how your current
> solution works?
>

We are currently using the LDAP approach with a puppet master, but
it's problematic with what we're actually doing.

In our implementation everything is controlled via puppet, and our
puppet repo is kept in a gerrit repo. We have a branch for production
and one for our pre-production cloned environment. One project
contains our pre-production clone (testlabs). Every other project is
meant as a space to build things, and then puppetize them. The
services tested in other projects are moved into testlabs via a
cherry-pick, then tested there, then cherry-picked across to
production.

Currently all projects use the testlabs puppet branch, because the
centralized puppet master must run on a single branch. What we want is
for each project to have their own branch of the repo, so that they
can test all of their changes in their own branch without needing
code-review and without needing to possibly clobber other projects.

The problem we are running into is that each project needs its own
puppet master (and no, puppet environments don't work), as puppet
isn't multi-tenant. The good thing is, we don't really *need* a puppet
master. Since we have all of the manifests in a single repo, we can
just checkout the entire repo, and have the instance run the puppet
configuration directly. We can create a gerrit branch on project
creation, and have all instances configured to pull/push using that
branch.

So, what we really want is a way to stick the repo and the node
configuration into something that can be accessed on instance
creation.

> I think it would be sweet if nova and the dashboard (and probably keystone
> too) had a standardized way to add integrated functionality. I don't believe
> nova core should be reimplementing/duplicating functionality and logic in
> other systems.
>
> The goal of interacting with the instances through a shared interface is a
> good one, I'm not against that, I just want to see less deep coupling to
> accomplish it.
>

Yes, a shared int

Re: [Openstack] Swift Consistency Guarantees?

[Mark Nottingham]

Why not just use
  Cache-Control: no-cache
?

That way, intervening caches will do the right thing too...

Cheers,


On 21/01/2012, at 4:33 AM, Stephen Broeker wrote:

> The X-Newest header can be used by a GET Operation to ensure that all of the
> Storage Nodes (3 by default) are queried for the latest copy of the Object.
> The COPY Object operation already has this functionality.
> 
> On Fri, Jan 20, 2012 at 9:12 AM, Nikolaus Rath  wrote:
> Hi,
> 
> No one able to further clarify this?
> 
> Does swift offer there read-after-create consistence like
> non-us-standard S3? What are the precise syntax and semantics of
> X-Newest header?
> 
> Best,
> Nikolaus
> 
> 
> On 01/18/2012 10:15 AM, Nikolaus Rath wrote:
> > Michael Barton  writes:
> >> On Tue, Jan 17, 2012 at 4:55 PM, Nikolaus Rath  wrote:
> >>> Amazon S3 and Google Storage make very explicit (non-) consistency
> >>> guarantees for stored objects. I'm looking for a similar documentation
> >>> about OpenStack's Swift, but haven't had much success.
> >>
> >> I don't think there's any documentation on this, but it would probably
> >> be good to write up.  Consistency in Swift is very similar to S3.
> >> That is, there aren't many non-eventual consistency guarantees.
> >>
> >> Listing updates can happen asynchronously (especially under load), and
> >> older versions of files can show up in requests (deletes are just a
> >> new "deleted" version of the file).
> >
> > Ah, ok. Thanks a lot for stating this so explicitly. There seems to be a
> > lot of confusion about this, now I can at least point people to
> > something.
> >
> >> Swift can generally be relied on for read-after-write consistency,
> >> like S3's regions other than the the US Standard region.  The reason
> >> S3 in US Standard doesn't have this guarantee is because it's more
> >> geographically widespread - something Swift isn't good at yet.  I can
> >> imagine we'll have the same limitation when we get there.
> >
> > Do you mean read-after-create consistency? Because below you say about
> > read-after-write:
> >
> >>> - If I receive a (non-error) response to a PUT request, am I guaranteed
> >>> that the object will be immediately included in all object listings in
> >>> every possible situation?
> >>
> >> Nope.
> >
> > ..so is there such a guarantee for PUTs of *new* objects (like S3 non
> > us-classic), or does "can generally be relied on" just mean that the
> > chances for new puts are better?
> >
> >> Also like S3, Swift can't make any strong guarantees about
> >> read-after-update or read-after-delete consistency.  We do have an
> >> "X-Newest" header that can be added to GETs and HEADs to make the
> >> proxy do a quorum of backend servers and return the newest available
> >> version, which greatly improves these, at the cost of latency.
> >
> > That sounds very interesting. Could you give some more details on what
> > exactly is guaranteed when using this header? What happens if the server
> > having the newest copy is down?
> >
> >>> - If the swift server looses an object, will the object name still be
> >>> returned in object listings? Will attempts to retrieve it result in 404
> >>> errors (as if it never existed) or a different error?
> >>
> >> It will show up in listings, but give a 404 when you attempt to
> >> retrieve it.  I'm not sure how we can improve that with Swift's
> >> general model, but feel free to make suggestions.
> >
> > From an application programmers point of view, it would be very helpful
> > if lost objects could be distinguished from non-existing object by a
> > different HTTP error. Trying to access a non-existing object may
> > indicate a bug in the application, so it would be nice to know when it
> > happens.
> >
> > Also, it would be very helpful if there was a way to list all lost
> > objects without having to issue HEAD requests for every stored object.
> > Could this information be added to the XML and JSON output of container
> > listings? Then an application would have the chance to periodically
> > check for lost data, rather than having to handle all lost objects at
> > the instant they're required.
> >
> >
> > I am working on a swift backend for S3QL
> > (http://code.google.com/p/s3ql/), a program that exposes online cloud
> > storage as a local UNIX file system. To prevent data corruption, there
> > are two requirements that I'm currently struggling to provide with the
> > swift backend:
> >
> > - There needs to be a way to reliably check if one object (holding the
> >   file system metadata) is the newest version.
> >
> >   The S3 backend does this by requiring storage in the non us-classic
> >   regions and using list-after-create consistency with a marker object
> >   that has has a "generation number" of the metadata embedded in its
> >   name.
> >
> >   I'm not yet sure if this would work with swift as well (the google
> >   storage backend just relies on the strong read-after-write
> >   consistency).
> >
> > - The file system checker needs a wa

Re: [Openstack] nova/puppet blueprint, and some questions

[Andrew Clay Shafer]

On Thu, Jan 26, 2012 at 8:56 PM, Andrew Bogott wrote:

>  Andrew --
>
> Thanks for your comments.  I'm going to start with a screenshot for
> context:
>
> http://bogott.net/misc/osmpuppet.png
>
> That's what it looks like when you configure an instance using Open Stack
> Manager, which is WikiMedia's VM management interface.  My main priority
> for adding puppet support to Nova is to facilitate the creation and control
> of a GUI much like that one.
>


Can you explain how your solution works now? You want to inject data into
the VMs in the proposal, but outside of designating the puppet master, all
the data for variables and classes should be changes to the puppet master,
not the instances. That's kind of the whole point of the puppet master.

One thing you really seem to want is RBAC for the nova users.

How are you getting the names for the recipes into your system? Is that
sync with what is on the puppet master somehow or you are going to do data
entry and it's all string matching?

On 1/26/12 5:03 PM, Andrew Clay Shafer wrote:
>
>
>  I'd also like to see more of a service oriented approach and avoid adding
> tables to nova if possible.
>
>  I'm not sure the best solution is to come up with a generic service for
> $configuration_manager for nova core. I'd rather see these implemented as
> optional first class extensions.
>
> This sounds intriguing, but I'll plead ignorance here; can you tell me
> more about what this would look like, or direct me to an existing analogous
> service?
>

I don't think there is a good existing example, but I know if the defacto
way to add functionality in nova is to add tables to the db, that's the
path to operational and maintenance hell.

That's not just for this integration, but in general.

For openstack to become what it should be, Nova shouldn't be a monolithic
app on a database.

Even if you wanted to run this on the same node, it probably shouldn't be
tables in the same database. It should be a separate services with it's own
db user and scheme then be integrated by apis or maybe adding to wsgi.

 What are you going to inject into the instances exactly? Where does the
> site.pp live?
>
> This is the question I'm hoping to get feedback on.  Either nova can
> generate a fully-formed site.pp and inject that, or it can pass config
> information as metadata, in which case an agent would need to be running on
> the guest which would do the work of generating the site.pp.  I certainly
> prefer the former but I'm not yet clear on whether or not file injection is
> widely supported.
>

I'm confused how you want to run puppet exactly. The site.pp would
typically live on the puppet master.

Can you explain more about what you are thinking or how your current
solution works?

 I haven't thought about this that much yet, but off the top of my head,
> but if the instances already have puppet clients and are configured for the
> puppet master, then the only thing you should need to interact with is the
> puppet master.
>
>
> It's definitely the case that all of this could be done via LDAP or the
> puppet master and involve no Nova action at all; that's how WikiMedia's
> system works now.  My aim is to consolidate the many ways we currently
> interact with instances so that we delegate as much authority to Nova as
> possible.  That strikes me as generally worthwhile, but you're welcome to
> disagree :)
>

I think it would be sweet if nova and the dashboard (and probably keystone
too) had a standardized way to add integrated functionality. I don't
believe nova core should be reimplementing/duplicating functionality and
logic in other systems.

The goal of interacting with the instances through a shared interface is a
good one, I'm not against that, I just want to see less deep coupling to
accomplish it.



>  I'm not a fan of the Available, Unavailable, Default, particularly
> because you are managing state of something that may not be true on the
> puppet master.
>
> I may be misunderstanding you, or my blueprint may be unclear.  Available,
> Unavailable, and Default don't refer to the availability of classes on the
> puppet master; rather, they refer to whether or not a class is made
> available to a nova user for a given instance.  An 'available' class would
> appear in the checklist in my screenshot.  An Unavailable class would not.
> A 'default' class would appear, and be pre-checked.  In all three cases the
> class is presumed to be present on the puppet master.
>

I already asked this, but what keeps that in sync with the puppet master?

Personally, I'd rather see an integration that has a per user configuration
to a puppet master that stays in sync than the RBAC per module.

>  I also think managing a site.pp is going to be inferior to providing an
> endpoint that can act as an eternal node tool for the puppet master.
> http://docs.puppetlabs.com/guides/external_nodes.html
>
> In which case nova would interact directly with the puppet master for
> configuration purposes?  (

Re: [Openstack] ZeroMQ RPC Driver - FF-Exception request

[Yun Mao]

Sorry to bring back a rather quiet thread from 3 days ago.

How fast do we need to queueing component to be? My observation from
Amazon EC2 us-east-1 is about 2 VMs provisioned per second on average.
Let's say there are 100 messages exchanged for the workload per second
per VM (which I believe is over estimated), and the peak time workload
is 100x higher. Then we need a queue that can do 20,000 messages per
second at the peak rate. Either Rabbit or 0MQ should handle this very
easily. So I'm assuming performance is not a concern.

Now if we go brokerless completely for all messages, that's an obvious
gain as we get rid of one type source of failure. Can that be
achieved? My impression after quickly skimming through the 0MQ
document is that those direct connection can be brokerless but things
more like broadcast can't be. I might very much be wrong at this, and
I would appreciate a lot if someone could help to explain.

Thanks,

Yun

On Wed, Jan 25, 2012 at 11:56 AM, Alexis Richardson  wrote:
> Eric
>
> Understood ;-)
>
> I am all in favour of community experimentation.
>
> 1:1 messaging is a core use case for RabbitMQ.  Unlike regular
> queueing systems which use queues for shared topics, Rabbit is
> designed to support very large numbers of short lived queues as well
> as long lived queues.  These can be private or shared.  In other
> words: queues are buffers.  ZeroMQ goes one step further and
> co-locates the consumer with the buffer, and the routing logic with
> the producer.  The cases for which this is useful are discussed on the
> web site.
>
> alexis
>
>
>
> On Wed, Jan 25, 2012 at 4:49 PM, Eric Windisch  wrote:
>> Alexis,
>>
>> It is also obvious that the link I provided is a particularly biased source,
>> so it should be taken with a grain of salt. I only mentioned Qpid because
>> Nova just received a driver for it, I didn't know the differences in such
>> detail.
>>
>> One of the problems Nova has is that it registers N queues for N hosts, with
>> one host pulling from each queue (1:1). This is why ZeroMQ is a good fit,
>> whereby messages can be sent directly to those hosts. There are also a small
>> (but active) number of N to N queues which remain centralized and for which
>> running Rabbit or Qpid is a good fit.
>>
>> It would be interesting exercise to allow the ZeroMQ driver to defer back to
>> the Kombu or Qpid driver for those messages which must remain centralized.
>>
>> --
>> Eric Windisch
>>
>> On Wednesday, January 25, 2012 at 1:18 AM, Alexis Richardson wrote:
>>
>> On Wed, Jan 25, 2012 at 4:46 AM, Eric Windisch 
>> wrote:
>>
>> Sorry, I had originally sent only to Yun Mao. Sending to list.
>>
>> ---
>>
>> Rather than attempt to answer this, I defer to the ZeroMQ guide. It should
>> be noted that the designers of AMPQ, iMatix, designed and build ZeroMQ.
>> (RabbitMQ and QUID implement AMQP)
>>
>>
>> Hold on a second there...
>>
>> There has been a LOT of muddle and fud ("fuddle"?) around AMQP. Let
>> me try to clear that up.
>>
>> Qpid's default option is AMQP 0-10. While feature-rich, 0-10 is not
>> widely used and was described by the AMQP chairman as too long and
>> complicated not long after it was published. See also commentary on
>> the web, on the subject of its length. Rabbit does not and will not
>> support this version, and other folks have not implemented it either.
>>
>> WHEREAS --
>>
>> RabbitMQ implements AMQP 0-91, a 40 page spec. It's the one most people use.
>>
>> 0-9-1 is the version of AMQP that is used across a very large number
>> of use cases, that is quite easy to implement. It was created by all
>> the implementers of AMQP that existed at time of writing including
>> Rabbit, Redhat, JPMorgan, and of course iMatix. Pieter @iMatix was
>> the spec editor, and did a fantastic job. 0-9-1 provides
>> interoperable messaging as witnessed by the large number (100s) of
>> clients and add-ons that have been created by the community. There
>> have also been several servers implemented, that all just work with
>> those clients. For example Kaazing, StormMQ, and OpenAMQ. I believe
>> that Qpid also supports it, which might be important for this
>> community (Redhat guys please note).
>>
>> This is what Pieter said: "Read AMQP/0.9.1, it is a beautiful, clean,
>> minimalist work essentially created by cooperation in the working
>> group to improve AMQP/0.8. I edited AMQP/0.9.1, based on a hundred or
>> more fixes made by the best individual brains in that group. Alexis is
>> right - this is not disappearing." (Ref - comments here:
>> http://it.toolbox.com/blogs/open-source-smb/whats-the-future-of-amqp-44450)
>>
>> I agree with Pieter. We also like the way that 0-9-1 can play nicely
>> with 0mq and other protocols. Note that Rabbit supports these via
>> plugins.
>>
>> alexis
>>
>>
>>
>>
>>
>>
>> http://zguide.zeromq.org/page:all#Why-We-Needed-MQ
>>
>>
>> --
>> Eric Windisch
>>
>> On Tuesday, January 24, 2012 at 5:20 PM, Yun Mao wrote:
>>
>> Hi I'm curious and unfamiliar with t

Re: [Openstack] nova/puppet blueprint, and some questions

[Vishvananda Ishaya]

Hey Andrew,

Sorry for the slow response on this.  There has been a lot to do for e-3. In 
any case, here are my thoughts on the subject. I am really not convinced that 
configuration management needs to be part of nova at all.  This is stuff that 
should be built on top of nova.  We have a bit of work to do cleaning up and 
improving metadata to make this type of thing easier, but I don't see any big 
needs for this to be in nova. A horizon plugin that handles this seems like it 
would be much more interesting.

Vish

On Jan 26, 2012, at 10:25 AM, Andrew Bogott wrote:

> Happy tag day, everyone!
> 
>The next thing I'm going to work on (for Nova/Folsom) is adding an API to 
> assist with Puppet configuration on nova instances.  The blueprint for that 
> is here:
> 
> http://wiki.openstack.org/PuppetConfigForNova
> 
>I welcome comments on that proposal.
> 
>There's a fair bit of hand-waving in the Implementation section when it 
> comes to the question of how exactly Nova will communicate puppet config to 
> an instance.  Ideally I would like to use file injection to drop a site.pp 
> file directly onto the instance.  My fear, though, is that file injection is 
> not supported widely enough for me to rely on it.  Is that right?  Are there 
> plans to support file injection on non-Xen hypervisors (most importantly, on 
> KVM?)
>If I can't rely on file injection, then I probably need to use metadata 
> instead.  Is metadata injection more widely supported than file injection?  
> And, is there any kind of 'standard' pattern for instance daemons that notice 
> and respond to metadata changes (e.g. the guest agents module), or would I 
> just adlib that part?
> 
> Thanks!
> 
> -Andrew
> 
> 
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] OpenStack Community Newsletter –January 27, 2012

[Stefano Maffulli]

OpenStack Community Newsletter –January 27, 2012


HIGHLIGHTS


  * OpenStack Bug Squashing Day Is Coming On Feb 2nd

http://www.openstack.org/blog/2012/01/the-first-openstack-bug-squashing-day-is-coming-on-feb-2nd/
 and you can follow its evolution on http://wiki.openstack.org/bugstats/
  * Meet OpenStack developers at FOSDEM

http://fnords.wordpress.com/2012/01/27/openstack-developers-meeting-at-fosdem/
  * OpenStack Jenkins dashboard available for testing Ubuntu
snapshots

http://www.openstack.org/blog/2012/01/openstack-jenkins-dashboard-available-for-testing-ubuntu-snapshots/
  * GrydDynamics team contributed a billing plugin for Horizon
https://openstackgd.wordpress.com/2012/01/24/billing-plugin-for-horizon
  * OpenStack Australian community had another successful meetup

http://www.openstack.org/blog/2012/01/openstack-melbourne-australia-meetup-jan-17/
  * Opened the Call for speaker for OpenStack Conference
http://www.openstack.org/conference/san-francisco-2012/speakers/
  * Book your room for the week
https://resweb.passkey.com/go/DRAC2012


EVENTS

FOSDEM 2012 Feb 04 – 05, 2012 – Bruxelles, BE
http://fosdem.org/2012/schedule/track/virtualization_and_cloud_devroom
OpenStack Bug Squash Day San Francisco Feb 02, 2012 – Rackspace
San Francisco, 620 Folsom, San Francisco, CA
http://www.meetup.com/openstack/events/48362422/
OpenStack Bug Squash Day Austin Feb 02, 2012 – Rackspace Austin
2420 Ridgepoint Dr, Austin, TX
http://www.meetup.com/OpenStack-Austin/events/48406252/

  * “Ceph Lords” San Francisco Stackers Free Event! Feb 02, 2012 –
DreamHost San Francisco, 221 Pine St [2nd Floor]
http://www.meetup.com/openstack/events/48829962/

Inaugural OpenStack DC Meetup Feb 16, 2012 – Washington, DC
http://www.meetup.com/OpenStackDC/events/47106902/
FLOSSTalk Kosovo Feb 22, 2012 – UNICEF Innovations Lab Kosovo in
Prishtina, Kosovo
http://www.flossk.org/en/blog/flosstalk-arturo-suarez-openstack
OpenStack Spring 2012 Design Summit Apr 16 – 18 and Conference
Apr 19-20 – San Francisco, California
http://openstack.org/conference/

OTHER NEWS


  * Three  (and more) things about documentation
https://lists.launchpad.net/openstack/msg07082.html
  * Cleaning up code after Essex feature-freeze
https://lists.launchpad.net/openstack/msg07065.html
  * Announcing a new and improved Keystone
https://lists.launchpad.net/openstack/msg07063.html
  * Ubuntu package / ppa for the git-review tool
https://lists.launchpad.net/openstack/msg07061.html
  * Essex-3 milestone available for Keystone, Glance, Nova and
Horizon https://lists.launchpad.net/openstack/msg06989.html
  * Nexenta SAN volume driver for Nova
https://lists.launchpad.net/openstack/msg06961.html
  * OpenStack Wiki Recent Changes –
http://wiki.openstack.org/RecentChanges
  * MultiRealm Keystone
http://wiki.openstack.org/MultiRealmKeystone
  * Smokestack http://wiki.openstack.org/smokestack
  * OpenStack Design Summit http://wiki.openstack.org/Summit
  * Project meeting
summary 
http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-01-24-21.01.html


COMMUNITY STATISTICS


  * We’re working to improve the community stats. We hope to be back
next week.


This weekly newsletter is a way for the community to learn about all the
various activities occurring on a weekly basis. If you would like to add
content to a weekly update or have an idea about this newsletter, please
leave a comment.

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Ubuntu package / ppa for the git-review tool.

[Kiall Mac Innes]

Great,

I was going to ask for a way to disable that! I've got the update check
patched out in my packaging already ;)

I'll let you know how I get on with Ubuntu..

Thanks,
Kiall


On Fri, Jan 27, 2012 at 9:07 PM, Monty Taylor  wrote:

>
>
> On 01/27/2012 03:49 PM, Kiall Mac Innes wrote:
> > Hey Monty,
> >
> > Packaging sources are
> > at http://review.managedit.ie/p/openstack/packaging/git-review.git if
> > they are of any interest.
> >
> > Otherwise I'll just keep my eye out for updates and keep the PPA
> > updated.. I might even use this simple repo as a learning experience for
> > getting packages into Ubuntu if you don't mind?
>
> Sounds great to me! The more people we have who do things with getting
> things in to Ubuntu the better!
>
> I just wrote a patch, btw, that adds a check for a global config file,
> /etc/git-review/git-review.conf. Currently, the file is only used for
> disabling the "is there a new version" check.:
>
> [updates]
> check = false
>
> SO - if you drop in that file as part of the debian packaging, then
> git-review will not check pypi for new versions (since you'd probably
> want to do that via apt anyway)
>
> Thanks!
> Monty
>
> > On Fri, Jan 27, 2012 at 8:13 PM, Monty Taylor  > > wrote:
> >
> >
> >
> > On 01/27/2012 08:48 AM, Kiall Mac Innes wrote:
> > > Hiya,
> > >
> > > For those of you who prefer to avoid "pip" installing as much as
> > > possible in favor of native packages, I've packaged up the
> git-review
> > > tool for Ubuntu (Just oneiric for now, if there is interest I'll
> > package
> > > for lucid too).
> > >
> > > PPA @ https://launchpad.net/~managedit/+archive/git-review
> > >
> > > $ apt-add-repository ppa:managedit/git-review
> > > $ apt-get update
> > > $ apt-get install git-review
> > >
> > > The latest version is building on launchpad right now and should be
> > > published in the next 30 mins.
> >
> > Awesome! Thanks - that's been on my todo list for a while and I just
> > hadn't gotten around to it.
> >
> > Monty
> >
> > ___
> > Mailing list: https://launchpad.net/~openstack
> > Post to : openstack@lists.launchpad.net
> > 
> > Unsubscribe : https://launchpad.net/~openstack
> > More help   : https://help.launchpad.net/ListHelp
> >
> >
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Ubuntu package / ppa for the git-review tool.

[Monty Taylor]

On 01/27/2012 03:49 PM, Kiall Mac Innes wrote:
> Hey Monty,
> 
> Packaging sources are
> at http://review.managedit.ie/p/openstack/packaging/git-review.git if
> they are of any interest.
> 
> Otherwise I'll just keep my eye out for updates and keep the PPA
> updated.. I might even use this simple repo as a learning experience for
> getting packages into Ubuntu if you don't mind?

Sounds great to me! The more people we have who do things with getting
things in to Ubuntu the better!

I just wrote a patch, btw, that adds a check for a global config file,
/etc/git-review/git-review.conf. Currently, the file is only used for
disabling the "is there a new version" check.:

[updates]
check = false

SO - if you drop in that file as part of the debian packaging, then
git-review will not check pypi for new versions (since you'd probably
want to do that via apt anyway)

Thanks!
Monty

> On Fri, Jan 27, 2012 at 8:13 PM, Monty Taylor  > wrote:
> 
> 
> 
> On 01/27/2012 08:48 AM, Kiall Mac Innes wrote:
> > Hiya,
> >
> > For those of you who prefer to avoid "pip" installing as much as
> > possible in favor of native packages, I've packaged up the git-review
> > tool for Ubuntu (Just oneiric for now, if there is interest I'll
> package
> > for lucid too).
> >
> > PPA @ https://launchpad.net/~managedit/+archive/git-review
> >
> > $ apt-add-repository ppa:managedit/git-review
> > $ apt-get update
> > $ apt-get install git-review
> >
> > The latest version is building on launchpad right now and should be
> > published in the next 30 mins.
> 
> Awesome! Thanks - that's been on my todo list for a while and I just
> hadn't gotten around to it.
> 
> Monty
> 
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> 
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
> 
> 

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Ubuntu package / ppa for the git-review tool.

[Kiall Mac Innes]

Hey Monty,

Packaging sources are at
http://review.managedit.ie/p/openstack/packaging/git-review.git if they are
of any interest.

Otherwise I'll just keep my eye out for updates and keep the PPA updated..
I might even use this simple repo as a learning experience for getting
packages into Ubuntu if you don't mind?

Thanks,
Kiall


On Fri, Jan 27, 2012 at 8:13 PM, Monty Taylor  wrote:

>
>
> On 01/27/2012 08:48 AM, Kiall Mac Innes wrote:
> > Hiya,
> >
> > For those of you who prefer to avoid "pip" installing as much as
> > possible in favor of native packages, I've packaged up the git-review
> > tool for Ubuntu (Just oneiric for now, if there is interest I'll package
> > for lucid too).
> >
> > PPA @ https://launchpad.net/~managedit/+archive/git-review
> >
> > $ apt-add-repository ppa:managedit/git-review
> > $ apt-get update
> > $ apt-get install git-review
> >
> > The latest version is building on launchpad right now and should be
> > published in the next 30 mins.
>
> Awesome! Thanks - that's been on my todo list for a while and I just
> hadn't gotten around to it.
>
> Monty
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Ubuntu package / ppa for the git-review tool.

[Monty Taylor]

On 01/27/2012 08:48 AM, Kiall Mac Innes wrote:
> Hiya,
> 
> For those of you who prefer to avoid "pip" installing as much as
> possible in favor of native packages, I've packaged up the git-review
> tool for Ubuntu (Just oneiric for now, if there is interest I'll package
> for lucid too).
> 
> PPA @ https://launchpad.net/~managedit/+archive/git-review
> 
> $ apt-add-repository ppa:managedit/git-review
> $ apt-get update
> $ apt-get install git-review
> 
> The latest version is building on launchpad right now and should be
> published in the next 30 mins.

Awesome! Thanks - that's been on my todo list for a while and I just
hadn't gotten around to it.

Monty

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Ubuntu OpenStack QA Lab up and running

[Monty Taylor]

On 01/27/2012 04:59 AM, Thierry Carrez wrote:
> Robbie Williamson wrote:
>> http://jenkins.qa.ubuntu.com/view/Precise%20OpenStack%20Testing/
> 
> Great work!
> 
> Would be cool to syndicate those Jenkins instances into a general health
> dashboard that we could use to get at a glance the health of openstack
> downstreams...
> 
> Would there be a feature in Jenkins that could allow us to have a frame
> in our Jenkins dashboard that shows the status of selected jobs in yours
> ? Or do we have to code up something specific ?

There is some stuff - but I've been chatting with Adam and James about
ways in which we can incorporate this stuff really tightly. Hopefully
we'll have some answers soon.

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] How to re-create a stack with devstack

[Yun Mao]

There is a hack on top of devstack for you to restart those services
easily across reboot.

https://blueprints.launchpad.net/devstack/+spec/upstart

Yun

On Fri, Jan 27, 2012 at 1:18 AM, nandakumar raghavan
 wrote:
> Hi,
>
> I have similar query. I had installed open stack using devstack on a freshly
> installed stand-alone machine(not vm). For the first time once the stack.sh
> is completed I was able to connect to the dashboard and all the services are
> up and running. Once I rebooted the box, all my settings are gone and I am
> not able to connect the dashboard as none of the services were running. I
> had to run stack.sh again and I was able to connect to the dashboard.
> Whether installing open stack using devstack is not persistent across
> reboots? Running stack.sh again is the only solution or is there any other
> way I can do ?
>
> Thanks in advance.
>
> Regards,
> NandaKumar Raghavan
>
>
> On Fri, Jan 27, 2012 at 5:13 AM, Naveed Massjouni 
> wrote:
>>
>> Awesome authors indeed! Thanks.
>> -Naveed
>>
>> On Thu, Jan 26, 2012 at 6:31 PM, Vishvananda Ishaya
>>  wrote:
>> > looks like the awesome authors of devstack are now handling this for
>> > you:
>> >
>> > https://github.com/openstack-dev/devstack/blob/master/stack.sh#L931
>> >
>> > So the instances are destroyed on the second run.
>> >
>> > Vish
>> >
>> > On Jan 26, 2012, at 3:14 PM, Naveed Massjouni wrote:
>> >
>> > That's easy enough, thanks. Sometimes I forget to delete all my
>> > instances before blowing away screen and running ./stack.sh. Just
>> > curious, what happens to all those vm's? Am I building up an army of
>> > zombie vm's that are taking up resources? Or do they disappear into
>> > the ether?
>> > -Naveed
>> >
>> > On Thu, Jan 26, 2012 at 5:53 PM, Vishvananda Ishaya
>> >  wrote:
>> >
>> > There is another thread on this, but the quick answer is;
>> >
>> > killall screen
>> >
>> > ./stack.sh
>> >
>> >
>> > You should generally make sure that you have terminated all instances
>> > and
>> > deleted all volumes in advance or you could run into issues.  It is
>> > always
>> > safer to start from a clean vm, but the above should work in most cases
>> >
>> >
>> > If you would also like to grab new code:
>> >
>> > killall screen
>> >
>> > cd devstack
>> >
>> > git pull
>> >
>> > RECLONE=yes ./stack.sh
>> >
>> >
>> > Vish
>> >
>> >
>> > On Jan 26, 2012, at 12:58 PM, Naveed Massjouni wrote:
>> >
>> >
>> > I would like to know the proper way to blow away a stack and create a
>> >
>> > fresh stack with devstack. Currently, I hit ctrl-c and ctrl-d a bunch
>> >
>> > of times to close all the windows in the screen session. Then I run
>> >
>> > ./stack.sh again. Is this the best way? Is this documented somewhere?
>> >
>> > Thanks,
>> >
>> > Naveed
>> >
>> >
>> > ___
>> >
>> > Mailing list: https://launchpad.net/~openstack
>> >
>> > Post to     : openstack@lists.launchpad.net
>> >
>> > Unsubscribe : https://launchpad.net/~openstack
>> >
>> > More help   : https://help.launchpad.net/ListHelp
>> >
>> >
>> >
>>
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] nova/puppet blueprint, and some questions

[Andrew Bogott]

On 1/27/12 4:49 AM, Belmiro Moreira wrote:

The idea of integrating nova with "configuration management tools"
(puppet, chef, ...) is very interesting. But in my opinion we
shouldn't have a specific implementation to a single tool or a small
set of tools.
Yep, I'm increasingly convinced of this.  I'm planning to rewrite the 
proposal as an abstract package configuration tool with a driver model 
(so that the choice of puppet/chef/whatever can be handled depending on 
the driver.)



https://blueprints.launchpad.net/nova/+spec/configuration-drive

Right on!  That feature is exactly what I need.  Is it available via KVM?


What you have in your screenshot is really interesting but it seems
very similar to other tools already implemented to manage puppet
modules, ex: "Foreman".


Sure.  But, again, I think having this information available to (and 
configurable by) nova will be much more useful than grafting a separate 
tool onto the side of openstack.


-Andrew

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Creating account and user in swift

[Stephen Broeker]

The documentation seems to say that the user "system_tester" does not have
auto permissions on its account.
The headers X-Container-Read and/or X-Container-Write have to be set.
The question is, how can a reseller_admin user see other accounts?
A .reseller_admin account can touch all accounts.
A .admin account can touch its own account.
If you add .admin to your new user, then it should work.


On Fri, Jan 27, 2012 at 10:01 AM, Khaled Ben Bahri
wrote:

>  Hi Chmouel
>
> Yes of course,
> I have it there
> this is th file proxy-server.conf
>
> __
>
> [DEFAULT]
> cert_file = /etc/swift/cert.crt
> key_file = /etc/swift/cert.key
> bind_ip = 157.159.103.228
> bind_port = 8080
> workers = 8
> user = swift
>
> [pipeline:main]
> pipeline = healthcheck cache tempauth proxy-server
>
> [app:proxy-server]
> use = egg:swift#proxy
> allow_account_management = true
> account_autocreate = true
>
> [filter:tempauth]
> use = egg:swift#tempauth
> user_system_root = testpass .admin
> user_system_tester = testing
>
> [filter:healthcheck]
> use = egg:swift#healthcheck
>
> [filter:cache]
> use = egg:swift#memcache
> _
>
> > From: chmo...@openstack.org
> > To: openstack@lists.launchpad.net
> > Date: Fri, 27 Jan 2012 09:04:34 -0800
>
> > Subject: Re: [Openstack] Creating account and user in swift
> >
> >
> > did you have account_autocreate in there ? for example that's my config
> > with tempauth :
> >
> > [app:proxy-server]
> > use = egg:swift#proxy
> > allow_account_management = true
> > account_autocreate = true
> >
> >
> > Khaled Ben Bahri  writes:
> >
> > > Hi Adrian,
> > >
> > > When i add user in the same account of the admin,
> > > I got this error when i tried to test the second user:
> > > Account HEAD failed: https://127.0.0.1:8080/v1/AUTH_system 403
> > > Forbidden
> > >
> > > Khaled
> >
> > ___
> > Mailing list: https://launchpad.net/~openstack
> > Post to : openstack@lists.launchpad.net
> > Unsubscribe : https://launchpad.net/~openstack
> > More help : https://help.launchpad.net/ListHelp
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Devstack: euca-describe-availability-zones Warning: failed to parse error message from AWS: :1:0: syntax error None: None

[Vishvananda Ishaya]

devstack provides a file to source called openrc with all the necessary 
variables.  You don't need to create your own novarc file, just source openrc 
instead.

Vish

On Jan 27, 2012, at 9:51 AM, Joe Smithian wrote:

> Hi Christian,
> 
> Thanks for your suggestion. I logged in as stack and tried it again;
> it failed with the same error:
> 
> stack@k:/home/localadmin/creds$ source novarc
> stack@k:/home/localadmin/creds$ euca-describe-availability-zones
> Warning: failed to parse error message from AWS: :1:0: syntax error
> None: None
> stack@k:/home/localadmin/creds$
> 
> The problem might be in my nova.conf or novarc files.
> 
> Joe
> 
> On Fri, Jan 27, 2012 at 11:27 AM, Christian Berendt
>  wrote:
>> Hi joe.
>> 
>>> euca-describe-availability-zones but it failed as you can see below.
>> 
>> Try using the "stack" user. This is working fine for me one a fresh
>> devstack installation:
>> 
>> cstack@devstack001:~$ cd devstack/
>> stack@devstack001:~/devstack$ source openrc
>> stack@devstack001:~/devstack$ euca-describe-availability-zones
>> AVAILABILITYZONEnovaavailable
>> 
>> HTH, Christian.
>> 
>> --
>> Christian Berendt
>> Linux / Unix Consultant & Developer
>> Mail: bere...@b1-systems.de
>> 
>> B1 Systems GmbH
>> Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
>> GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
> 
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] three things about OpenStack docs

[Anne Gentle]

Hi all -
I thought you'd want to know these three things about docs going on lately.

1. The new installation guide for Diablo that includes Compute,
Identity, Image, and the Dashboard is now published. Find it
here:http://docs.openstack.org/diablo/openstack-compute/install/content/.

2. The PDF links on the home page are being replaced with PDF links in
the top bar of the HTML manual itself. PDFs aren't going missing, but
the button is moving. Tell your friends and neighbors.

3. Now that we have feature freeze for many features, I'm going to
start a list of documentation needs for the Essex release. This list
will assist with doc priorities.

4. I lied when I said three things.

5. We'd like to hold a Doc Day in March to prep for the Essex release,
similar to the Bug Squash day coming up next week. I'd like to visit
sunny California for Doc Day but want other locations to feel free to
hold their own as well.

6. The stable/diablo branch of openstack-manuals has been blocked from
publishing for a little while but I'm aware of the problem and so are
the members of the CI team. We'll get it fixed and will free the
floodgates for the backported fixes.

7. We've got a great new manual titled "Programming OpenStack Compute
API with Shell and Python" authored by Jacek Artymiak of DevGuide.net.
I'm working on the backend to automate publishing from Markdown to get
it on docs.openstack.org, but you can review the Markdown submission
here: https://review.openstack.org/3515.

8. I'd like to go to a weekly docs team meeting for the remainder of
the Essex release. I'd also like to change the time of day, but likely
keep it on Monday prior to the team meeting. Suggestions welcome!

As always, feel free to ask questions and rock the docs.

Warmly,
Anne

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Creating account and user in swift

[Khaled Ben Bahri]

But on storage servers, what's kind of error it can be??

I followed the link below to configure them

http://swift.openstack.org/howto_installmultinode.html

Best regards
Khaled
From: chmo...@openstack.org
Date: Fri, 27 Jan 2012 10:05:01 -0800
Subject: Re: [Openstack] Creating account and user in swift
To: khaled-...@hotmail.com
CC: openstack@lists.launchpad.net

Well your proxy configuration looks correct, the probably may lie somewhere 
else on the storage servers.
Chmouel.

On Fri, Jan 27, 2012 at 10:01 AM, Khaled Ben Bahri  
wrote:






Hi Chmouel

Yes of course, 
I have it there
this is th file proxy-server.conf

__
[DEFAULT]
cert_file = /etc/swift/cert.crt
key_file = /etc/swift/cert.key


bind_ip = 157.159.103.228
bind_port = 8080
workers = 8
user = swift

[pipeline:main]
pipeline = healthcheck cache tempauth proxy-server

[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true


account_autocreate = true

[filter:tempauth]
use = egg:swift#tempauth
user_system_root = testpass .admin
user_system_tester = testing

[filter:healthcheck]
use = egg:swift#healthcheck

[filter:cache]


use = egg:swift#memcache
_

> From: chmo...@openstack.org
> To: openstack@lists.launchpad.net


> Date: Fri, 27 Jan 2012 09:04:34 -0800
> Subject: Re: [Openstack] Creating account and user in swift
> 
> 
> did you have account_autocreate in there ? for example that's my config
> with tempauth :


> 
> [app:proxy-server]
> use = egg:swift#proxy
> allow_account_management = true
> account_autocreate = true
> 
> 
> Khaled Ben Bahri  writes:


> 
> > Hi Adrian,
> >
> > When i add user in the same account of the admin,
> > I got this error when i tried to test the second user:
> > Account HEAD failed: https://127.0.0.1:8080/v1/AUTH_system 403


> > Forbidden
> >
> > Khaled
> 
> ___
> Mailing list: https://launchpad.net/~openstack


> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack


> More help   : https://help.launchpad.net/ListHelp
  

  ___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Creating account and user in swift

[Chmouel Boudjnah]

Well your proxy configuration looks correct, the probably may lie somewhere
else on the storage servers.

Chmouel.

On Fri, Jan 27, 2012 at 10:01 AM, Khaled Ben Bahri
wrote:

>  Hi Chmouel
>
> Yes of course,
> I have it there
> this is th file proxy-server.conf
>
> __
> [DEFAULT]
> cert_file = /etc/swift/cert.crt
> key_file = /etc/swift/cert.key
> bind_ip = 157.159.103.228
> bind_port = 8080
> workers = 8
> user = swift
>
> [pipeline:main]
> pipeline = healthcheck cache tempauth proxy-server
>
> [app:proxy-server]
> use = egg:swift#proxy
> allow_account_management = true
> account_autocreate = true
>
> [filter:tempauth]
> use = egg:swift#tempauth
> user_system_root = testpass .admin
> user_system_tester = testing
>
> [filter:healthcheck]
> use = egg:swift#healthcheck
>
> [filter:cache]
> use = egg:swift#memcache
> _
>
> > From: chmo...@openstack.org
> > To: openstack@lists.launchpad.net
> > Date: Fri, 27 Jan 2012 09:04:34 -0800
> > Subject: Re: [Openstack] Creating account and user in swift
> >
> >
> > did you have account_autocreate in there ? for example that's my config
> > with tempauth :
> >
> > [app:proxy-server]
> > use = egg:swift#proxy
> > allow_account_management = true
> > account_autocreate = true
> >
> >
> > Khaled Ben Bahri  writes:
> >
> > > Hi Adrian,
> > >
> > > When i add user in the same account of the admin,
> > > I got this error when i tried to test the second user:
> > > Account HEAD failed: https://127.0.0.1:8080/v1/AUTH_system 403
> > > Forbidden
> > >
> > > Khaled
> >
> > ___
> > Mailing list: https://launchpad.net/~openstack
> > Post to : openstack@lists.launchpad.net
> > Unsubscribe : https://launchpad.net/~openstack
> > More help : https://help.launchpad.net/ListHelp
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Creating account and user in swift

[Khaled Ben Bahri]

Hi Chmouel

Yes of course, 
I have it there
this is th file proxy-server.conf

__
[DEFAULT]
cert_file = /etc/swift/cert.crt
key_file = /etc/swift/cert.key
bind_ip = 157.159.103.228
bind_port = 8080
workers = 8
user = swift

[pipeline:main]
pipeline = healthcheck cache tempauth proxy-server

[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
account_autocreate = true

[filter:tempauth]
use = egg:swift#tempauth
user_system_root = testpass .admin
user_system_tester = testing

[filter:healthcheck]
use = egg:swift#healthcheck

[filter:cache]
use = egg:swift#memcache
_

> From: chmo...@openstack.org
> To: openstack@lists.launchpad.net
> Date: Fri, 27 Jan 2012 09:04:34 -0800
> Subject: Re: [Openstack] Creating account and user in swift
> 
> 
> did you have account_autocreate in there ? for example that's my config
> with tempauth :
> 
> [app:proxy-server]
> use = egg:swift#proxy
> allow_account_management = true
> account_autocreate = true
> 
> 
> Khaled Ben Bahri  writes:
> 
> > Hi Adrian,
> >
> > When i add user in the same account of the admin,
> > I got this error when i tried to test the second user:
> > Account HEAD failed: https://127.0.0.1:8080/v1/AUTH_system 403
> > Forbidden
> >
> > Khaled
> 
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
  ___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Odd glance settings

[Jay Pipes]

It's not really a Glance thing, but a Swift thing, though. You'd have
to talk to the Swift guys about removing Rackspace-specific stuff from
the Swift client class, which is what Glance needs the configuration
option for...

-jay

On Wed, Jan 25, 2012 at 6:39 PM, Joshua Harlow  wrote:
> Thx Jay,
>
> Interesting.
>
> Should that eventually be removed from the config?
>
> Seems odd to have those type of settings in there.
>
> Maybe rackspace can append to that file with there rackspace specific
> settings? Or something along that line.
>
> I would just feel the same if yahoo put stuff in there, that said don’t turn
> on unless you are yahoo.
>
> -Josh
>
>
> On 1/25/12 3:18 PM, "Jay Pipes"  wrote:
>
> Heyo. The ServiceNET feature is Rackspace specific because Swift
> originated as Cloud Files of course.
>
> That setting does absolutely nothing unless you are Rackspace, of
> course, but there wasn't any other way of passing the configuration
> setting to the swift client from the glance swift driver without
> putting it in the main config file.
>
> Hope that helps. You can effectively ignore it.
>
> Cheers!
> -jay
>
> On Wed, Jan 25, 2012 at 6:07 PM, Joshua Harlow 
> wrote:
>> When working on the newer devstack.
>>
>> I am seeing the following in glance configuration.
>>
>>
>> https://github.com/cloudbuilders/devstack/blob/master/files/glance-api.conf#L85
>>
>> # Whether to use ServiceNET to communicate with the Swift storage servers.
>> # (If you aren't RACKSPACE, leave this False!)
>> #
>> # To use ServiceNET for authentication, prefix hostname of
>> # `swift_store_auth_address` with 'snet-'.
>> # Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/
>> swift_enable_snet = False
>>
>> What is up with that?
>>
>> Should rackspace specifics be there at all? I’m confused as to how that
>> got
>> there in the first place.
>>
>> ?
>>
>> -Josh
>>
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Devstack: euca-describe-availability-zones Warning: failed to parse error message from AWS: :1:0: syntax error None: None

[Joe Smithian]

Hi Christian,

Thanks for your suggestion. I logged in as stack and tried it again;
it failed with the same error:

stack@k:/home/localadmin/creds$ source novarc
stack@k:/home/localadmin/creds$ euca-describe-availability-zones
Warning: failed to parse error message from AWS: :1:0: syntax error
None: None
stack@k:/home/localadmin/creds$

The problem might be in my nova.conf or novarc files.

Joe

On Fri, Jan 27, 2012 at 11:27 AM, Christian Berendt
 wrote:
> Hi joe.
>
>> euca-describe-availability-zones but it failed as you can see below.
>
> Try using the "stack" user. This is working fine for me one a fresh
> devstack installation:
>
> cstack@devstack001:~$ cd devstack/
> stack@devstack001:~/devstack$ source openrc
> stack@devstack001:~/devstack$ euca-describe-availability-zones
> AVAILABILITYZONE        nova    available
>
> HTH, Christian.
>
> --
> Christian Berendt
> Linux / Unix Consultant & Developer
> Mail: bere...@b1-systems.de
>
> B1 Systems GmbH
> Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
> GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Creating account and user in swift

[Khaled Ben Bahri]

I'm using the swift utility
swift -A https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0 -U system:root -K testpass

with tis first user it works perfectly
but with the second user
I got that error

Date: Fri, 27 Jan 2012 09:04:26 -0800
Subject: Re: [Openstack] Creating account and user in swift
From: sbroe...@internap.com
To: khaled-...@hotmail.com
CC: openstack@lists.launchpad.net

Are you using the "swift" utility or are you using REST?How are you performing 
the GET Authorization?

On Fri, Jan 27, 2012 at 9:00 AM, Khaled Ben Bahri  
wrote:





Hi,

I added an entry like this one but it doesn't work
I got this error
Account HEAD failed: https://x.x.x.x:8080/v1/AUTH_system 403 Forbidden


Date: Fri, 27 Jan 2012 08:56:59 -0800
Subject: Re: [Openstack] Creating account and user in swift
From: sbroe...@internap.com
To: khaled-...@hotmail.com

CC: openstack@lists.launchpad.net

Try adding an entry like the following:
user_test_tester3 = testing3


On Fri, Jan 27, 2012 at 2:44 AM, Khaled Ben Bahri  
wrote:





Hi folks,

I installed swift with "tempauth" authentication subsystem 
To create a user I have to write a new line in the proxy-server.conf on the 
section  [filter:temauth] like this :
user_system_root = testpass .admin https://PROXY_IP:8080/v1/AUTH_system



as i inderstood, the format is actually :
user__ =   [group] [other options] [storage_url]

I added a new user in new account 
user_newaccount_user1 = passuser1 .swift https://PROXY_IP:8080/v1/AUTH_system



After that, to get an x url for this user by executing this command
curl -k -v -H 'X-Storage-User: newaccount:user1' -H 'X-Storage-Pass: passuser1' 
https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0



When i want to check that I can HEAD the new account, I got the error 403 




root@ubuntu-KVM:/etc/swift# curl -k -v -H 'X-Auth-Token: 
AUTH_tk76c7fbcfa4864cea8d6bc09bf5731658' https://x.x.x.x:8080/v1/AUTH_system


* About to connect() to x.x.x.x port 8080 (#0)
*   Trying x.x.x.x... connected
* Connected to x.x.x.x (x.x.x.x) port 8080 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs


* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):


* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:


*subject: C=FR; ST=Some-State; O=Internet Widgits Pty Ltd
*start date: 2012-01-26 18:17:34 GMT
*expire date: 2012-02-25 18:17:34 GMT

* SSL: unable to obtain common name from peer certificate
> GET /v1/AUTH_system HTTP/1.1
> User-Agent: curl/7.21.3 (x86_64-pc-linux-gnu) libcurl/7.21.3 OpenSSL/0.9.8o 
> zlib/1.2.3.4 libidn/1.18


> Host: x.x.x.x:8080
> Accept: */*
> X-Auth-Token: AUTH_tk76c7fbcfa4864cea8d6bc09bf5731658
> 
< HTTP/1.1 403 Forbidden
< Content-Length: 157
< Content-Type: text/html; charset=UTF-8


< Date: Fri, 27 Jan 2012 10:00:57 GMT
< 

 
  403 Forbidden
 
 
  403 Forbidden
  Access was denied to this resource.





 
* Connection #0 to host x.x.x.x left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):



Can any one please know any thing about this

Best regards


Khaled

  

___

Mailing list: https://launchpad.net/~openstack

Post to : openstack@lists.launchpad.net

Unsubscribe : https://launchpad.net/~openstack

More help   : https://help.launchpad.net/ListHelp



  

  ___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Creating account and user in swift

[Chmouel Boudjnah]

did you have account_autocreate in there ? for example that's my config
with tempauth :

[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
account_autocreate = true


Khaled Ben Bahri  writes:

> Hi Adrian,
>
> When i add user in the same account of the admin,
> I got this error when i tried to test the second user:
> Account HEAD failed: https://127.0.0.1:8080/v1/AUTH_system 403
> Forbidden
>
> Khaled

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Creating account and user in swift

[Stephen Broeker]

Are you using the "swift" utility or are you using REST?
How are you performing the GET Authorization?

On Fri, Jan 27, 2012 at 9:00 AM, Khaled Ben Bahri wrote:

>  Hi,
>
> I added an entry like this one but it doesn't work
> I got this error
> Account HEAD failed: https://x.x.x.x:8080/v1/AUTH_system 403 Forbidden
>
> --
> Date: Fri, 27 Jan 2012 08:56:59 -0800
> Subject: Re: [Openstack] Creating account and user in swift
> From: sbroe...@internap.com
> To: khaled-...@hotmail.com
> CC: openstack@lists.launchpad.net
>
> Try adding an entry like the following:
>
> user_test_tester3 = testing3
>
>
> On Fri, Jan 27, 2012 at 2:44 AM, Khaled Ben Bahri 
> wrote:
>
>  Hi folks,
>
> I installed swift with "tempauth" authentication subsystem
> To create a user I have to write a new line in the proxy-server.conf on
> the section  [filter:temauth] like this :
> user_system_root = testpass .admin https://PROXY_IP:8080/v1/AUTH_system
>
> as i inderstood, the format is actually :
> user_**_ =   [group] [other options] [storage_url]**
>
> I added a new user in new account
> user_newaccount_user1 = passuser1 .swift
> https://PROXY_IP:8080/v1/AUTH_system
>
> After that, to get an x url for this user by executing this command
>
> curl -k -v -H 'X-Storage-User: newaccount:user1' -H 'X-Storage-Pass: 
> passuser1' https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0
>
> When i want to check that I can HEAD the new account, I got the error 403
>
>
>
>
> root@ubuntu-KVM:/etc/swift# curl -k -v -H 'X-Auth-Token: 
> AUTH_tk76c7fbcfa4864cea8d6bc09bf5731658' https://x.x.x.x:8080/v1/AUTH_system
>
> * About to connect() to x.x.x.x port 8080 (#0)
> *   Trying x.x.x.x... connected
> * Connected to x.x.x.x (x.x.x.x) port 8080 (#0)
> * successfully set certificate verify locations:
> *   CAfile: none
>   CApath: /etc/ssl/certs
>
> * SSLv3, TLS handshake, Client hello (1):
> * SSLv3, TLS handshake, Server hello (2):
> * SSLv3, TLS handshake, CERT (11):
> * SSLv3, TLS handshake, Server finished (14):
> * SSLv3, TLS handshake, Client key exchange (16):
>
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv3, TLS handshake, Finished (20):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv3, TLS handshake, Finished (20):
> * SSL connection using AES256-SHA
> * Server certificate:
>
> *  subject: C=FR; ST=Some-State; O=Internet Widgits Pty Ltd
> *  start date: 2012-01-26 18:17:34 GMT
> *  expire date: 2012-02-25 18:17:34 GMT
>
> * SSL: unable to obtain common name from peer certificate
> > GET /v1/AUTH_system HTTP/1.1
> > User-Agent: curl/7.21.3 (x86_64-pc-linux-gnu) libcurl/7.21.3 OpenSSL/0.9.8o 
> > zlib/1.2.3.4 libidn/1.18
>
> > Host: x.x.x.x:8080
> > Accept: */*
> > X-Auth-Token: AUTH_tk76c7fbcfa4864cea8d6bc09bf5731658
> >
> < HTTP/1.1 403 Forbidden
> < Content-Length: 157
> < Content-Type: text/html; charset=UTF-8
>
> < Date: Fri, 27 Jan 2012 10:00:57 GMT
> <
> 
>  
>   403 Forbidden
>  
>  
>   403 Forbidden
>   Access was denied to this resource.
>
>
>
>  
> * Connection #0 to host x.x.x.x left intact
> * Closing connection #0
> * SSLv3, TLS alert, Client hello (1):
>
>
>
> Can any one please know any thing about this
>
> Best regards
>
> Khaled
>
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Creating account and user in swift

[Khaled Ben Bahri]

Hi,

I added an entry like this one but it doesn't work
I got this error
Account HEAD failed: https://x.x.x.x:8080/v1/AUTH_system 403 Forbidden

Date: Fri, 27 Jan 2012 08:56:59 -0800
Subject: Re: [Openstack] Creating account and user in swift
From: sbroe...@internap.com
To: khaled-...@hotmail.com
CC: openstack@lists.launchpad.net

Try adding an entry like the following:
user_test_tester3 = testing3

On Fri, Jan 27, 2012 at 2:44 AM, Khaled Ben Bahri  
wrote:





Hi folks,

I installed swift with "tempauth" authentication subsystem 
To create a user I have to write a new line in the proxy-server.conf on the 
section  [filter:temauth] like this :
user_system_root = testpass .admin https://PROXY_IP:8080/v1/AUTH_system


as i inderstood, the format is actually :
user__ =   [group] [other options] [storage_url]

I added a new user in new account 
user_newaccount_user1 = passuser1 .swift https://PROXY_IP:8080/v1/AUTH_system


After that, to get an x url for this user by executing this command
curl -k -v -H 'X-Storage-User: newaccount:user1' -H 'X-Storage-Pass: passuser1' 
https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0


When i want to check that I can HEAD the new account, I got the error 403 




root@ubuntu-KVM:/etc/swift# curl -k -v -H 'X-Auth-Token: 
AUTH_tk76c7fbcfa4864cea8d6bc09bf5731658' https://x.x.x.x:8080/v1/AUTH_system

* About to connect() to x.x.x.x port 8080 (#0)
*   Trying x.x.x.x... connected
* Connected to x.x.x.x (x.x.x.x) port 8080 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs

* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):

* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:

*subject: C=FR; ST=Some-State; O=Internet Widgits Pty Ltd
*start date: 2012-01-26 18:17:34 GMT
*expire date: 2012-02-25 18:17:34 GMT

* SSL: unable to obtain common name from peer certificate
> GET /v1/AUTH_system HTTP/1.1
> User-Agent: curl/7.21.3 (x86_64-pc-linux-gnu) libcurl/7.21.3 OpenSSL/0.9.8o 
> zlib/1.2.3.4 libidn/1.18

> Host: x.x.x.x:8080
> Accept: */*
> X-Auth-Token: AUTH_tk76c7fbcfa4864cea8d6bc09bf5731658
> 
< HTTP/1.1 403 Forbidden
< Content-Length: 157
< Content-Type: text/html; charset=UTF-8

< Date: Fri, 27 Jan 2012 10:00:57 GMT
< 

 
  403 Forbidden
 
 
  403 Forbidden
  Access was denied to this resource.




 
* Connection #0 to host x.x.x.x left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):



Can any one please know any thing about this

Best regards

Khaled

  

___

Mailing list: https://launchpad.net/~openstack

Post to : openstack@lists.launchpad.net

Unsubscribe : https://launchpad.net/~openstack

More help   : https://help.launchpad.net/ListHelp



  ___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Creating account and user in swift

[Stephen Broeker]

Try adding an entry like the following:

user_test_tester3 = testing3


On Fri, Jan 27, 2012 at 2:44 AM, Khaled Ben Bahri wrote:

>  Hi folks,
>
> I installed swift with "tempauth" authentication subsystem
> To create a user I have to write a new line in the proxy-server.conf on
> the section  [filter:temauth] like this :
> user_system_root = testpass .admin https://PROXY_IP:8080/v1/AUTH_system
>
> as i inderstood, the format is actually :
> user_**_ =   [group] [other options] [storage_url]**
>
> I added a new user in new account
> user_newaccount_user1 = passuser1 .swift
> https://PROXY_IP:8080/v1/AUTH_system
>
> After that, to get an x url for this user by executing this command
>
> curl -k -v -H 'X-Storage-User: newaccount:user1' -H 'X-Storage-Pass: 
> passuser1' https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0
>
> When i want to check that I can HEAD the new account, I got the error 403
>
>
>
>
> root@ubuntu-KVM:/etc/swift# curl -k -v -H 'X-Auth-Token: 
> AUTH_tk76c7fbcfa4864cea8d6bc09bf5731658' https://x.x.x.x:8080/v1/AUTH_system
> * About to connect() to x.x.x.x port 8080 (#0)
> *   Trying x.x.x.x... connected
> * Connected to x.x.x.x (x.x.x.x) port 8080 (#0)
> * successfully set certificate verify locations:
> *   CAfile: none
>   CApath: /etc/ssl/certs
> * SSLv3, TLS handshake, Client hello (1):
> * SSLv3, TLS handshake, Server hello (2):
> * SSLv3, TLS handshake, CERT (11):
> * SSLv3, TLS handshake, Server finished (14):
> * SSLv3, TLS handshake, Client key exchange (16):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv3, TLS handshake, Finished (20):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv3, TLS handshake, Finished (20):
> * SSL connection using AES256-SHA
> * Server certificate:
> *  subject: C=FR; ST=Some-State; O=Internet Widgits Pty Ltd
> *  start date: 2012-01-26 18:17:34 GMT
> *  expire date: 2012-02-25 18:17:34 GMT
> * SSL: unable to obtain common name from peer certificate
> > GET /v1/AUTH_system HTTP/1.1
> > User-Agent: curl/7.21.3 (x86_64-pc-linux-gnu) libcurl/7.21.3 OpenSSL/0.9.8o 
> > zlib/1.2.3.4 libidn/1.18
> > Host: x.x.x.x:8080
> > Accept: */*
> > X-Auth-Token: AUTH_tk76c7fbcfa4864cea8d6bc09bf5731658
> >
> < HTTP/1.1 403 Forbidden
> < Content-Length: 157
> < Content-Type: text/html; charset=UTF-8
> < Date: Fri, 27 Jan 2012 10:00:57 GMT
> <
> 
>  
>   403 Forbidden
>  
>  
>   403 Forbidden
>   Access was denied to this resource.
>
>
>
>  
> * Connection #0 to host x.x.x.x left intact
> * Closing connection #0
> * SSLv3, TLS alert, Client hello (1):
>
>
>
> Can any one please know any thing about this
>
> Best regards
> Khaled
>
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Dashboard Error: Unable to get vnc console for instance : The server could not comply with the request since it is either malformed or otherwise incorrect.

[Joe Smithian]

Hi,

I've lunched an instance using OpenStack dashboard but cann't start a
VNC session. It displays this error message:

Error: Unable to get vnc console for instance
40c098b8-1c92-4b16-9c33-964ef6c5b950: The server could not comply with
the request since it is either malformed or otherwise incorrect.

Any idea what's wrong and how can be fixed?


Thanks

Joe

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Devstack: euca-describe-availability-zones Warning: failed to parse error message from AWS: :1:0: syntax error None: None

[Christian Berendt]

Hi joe.

> euca-describe-availability-zones but it failed as you can see below.

Try using the "stack" user. This is working fine for me one a fresh
devstack installation:

cstack@devstack001:~$ cd devstack/
stack@devstack001:~/devstack$ source openrc 
stack@devstack001:~/devstack$ euca-describe-availability-zones
AVAILABILITYZONEnovaavailable

HTH, Christian.

-- 
Christian Berendt
Linux / Unix Consultant & Developer
Mail: bere...@b1-systems.de

B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Devstack: euca-describe-availability-zones Warning: failed to parse error message from AWS: :1:0: syntax error None: None

[Joe Smithian]

I've modified novarc file as suggested in the OpenStack Compute
Starter Guide. You can see I've added ":proj" to EC2_ACCESS_KEY and
EC2_SECRET_KEY

NOVARC=$(readlink -f "${BASH_SOURCE:-${0}}" 2>/dev/null) ||
NOVARC=$(python -c 'import os,sys; print
os.path.abspath(os.path.realpath(sys.argv[1]))'
"${BASH_SOURCE:-${0}}")
NOVA_KEY_DIR=${NOVARC%/*}
export EC2_ACCESS_KEY="c5e80767-1691-4f9c-ad24-3e3639a0adc1:proj"
export EC2_SECRET_KEY="ad92bba4-3b14-4a10-9bd2-f3225fd458dc:proj"
export EC2_URL="http://192.168.0.147:8773/services/Cloud";
export S3_URL="http://192.168.0.147:";
export EC2_USER_ID=42 # nova does not use user id, but bundling requires it
export EC2_PRIVATE_KEY=${NOVA_KEY_DIR}/pk.pem
export EC2_CERT=${NOVA_KEY_DIR}/cert.pem
export NOVA_CERT=${NOVA_KEY_DIR}/cacert.pem
export EUCALYPTUS_CERT=${NOVA_CERT} # euca-bundle-image seems to
require this set
alias ec2-bundle-image="ec2-bundle-image --cert ${EC2_CERT}
--privatekey ${EC2_PRIVATE_KEY} --user 42 --ec2cert ${NOVA_CERT}"
alias ec2-upload-bundle="ec2-upload-bundle -a ${EC2_ACCESS_KEY} -s
${EC2_SECRET_KEY} --url ${S3_URL} --ec2cert ${NOVA_CERT}"
export NOVA_API_KEY="novaadmin"
export NOVA_USERNAME="novaadmin"
export NOVA_PROJECT_ID="proj"
export NOVA_URL="http://192.168.0.147:8774/v1.1/";
export NOVA_VERSION="1.1"

Is that right?


I'm wondering which configuration document we should use if using
devstack not the regular in installation.

Thanks

Joe


On Fri, Jan 27, 2012 at 11:08 AM, Joe Smithian  wrote:
> Hi All,
>
> I've installed devstack using the stack.sh script on Ubuntu 11.10 - 64 bit.
>
> I've started all the service and tried
> euca-describe-availability-zones but it failed as you can see below.
>
>
> localadmin@k:/opt/stack/devstack$ source /home/localadmin/creds/novarc
> localadmin@k:/opt/stack/devstack$ euca-describe-availability-zones
> Warning: failed to parse error message from AWS: :1:0: syntax error
> None: None
> localadmin@sk:/opt/stack/devstack$
>
>
> Any idea what's wrong?
>
> Thanks
>
> Joe

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Devstack: euca-describe-availability-zones Warning: failed to parse error message from AWS: :1:0: syntax error None: None

[Joe Smithian]

Hi All,

I've installed devstack using the stack.sh script on Ubuntu 11.10 - 64 bit.

I've started all the service and tried
euca-describe-availability-zones but it failed as you can see below.


localadmin@k:/opt/stack/devstack$ source /home/localadmin/creds/novarc
localadmin@k:/opt/stack/devstack$ euca-describe-availability-zones
Warning: failed to parse error message from AWS: :1:0: syntax error
None: None
localadmin@sk:/opt/stack/devstack$


Any idea what's wrong?

Thanks

Joe

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Nova] Essex dead wood cutting

[Sandy Walsh]

I'll be taking the existing Zones code out of API and Distributed Scheduler. 
The new Zones infrastructure is an optional component.

-S

From: openstack-bounces+sandy.walsh=rackspace@lists.launchpad.net 
[openstack-bounces+sandy.walsh=rackspace@lists.launchpad.net] on behalf of 
Thierry Carrez [thie...@openstack.org]
Sent: Friday, January 27, 2012 11:23 AM
To: openstack@lists.launchpad.net
Subject: [Openstack] [Nova] Essex dead wood cutting

Just as Nova enters feature freeze, it sounds like a good moment to
consider removing deprecated, known-buggy-and-unmaintained or useless
feature code from the Essex tree.

Here are my suggestions for removal:

- Ajaxterm (unmaintained, security issues, replaced by VNC console)
- Hyper-V support (known broken and unmaintained)

I'm sure that everyone has suggestions on other dead wood that we should
cut now rather than ship in Essex... please comment.

--
Thierry Carrez (ttx)
Release Manager, OpenStack

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Creating account and user in swift

[Khaled Ben Bahri]

Hi Adrian,

When i add user in the same account of the admin,
I got this error when i tried to test the second user:
Account HEAD failed: https://127.0.0.1:8080/v1/AUTH_system 403 Forbidden

Khaled
From: adrian_f_sm...@dell.com
To: khaled-...@hotmail.com
CC: openstack@lists.launchpad.net
Date: Fri, 27 Jan 2012 15:14:50 +
Subject: RE: [Openstack] Creating account and user in swift



Here’s the documentation I was referring 
to,https://github.com/openstack/swift/blob/master/etc/proxy-server.conf-sample#L79
 It states, # There are special groups of:#   .reseller_admin = can do anything 
to any account for this auth#   .admin = can do anything within the account# If 
neither of these groups are specified, the user can only access containers# 
that have been explicitly allowed for them by a .admin or .reseller_admin. 
Adrian  From: Khaled Ben Bahri [mailto:khaled-...@hotmail.com] 
Sent: Friday, January 27, 2012 2:14 PM
To: Smith, Adrian F
Cc: openstack@lists.launchpad.net
Subject: RE: [Openstack] Creating account and user in swift Hi,

.admin is not indicated to mention that the user is an admin for swift??
I think that we can create users who are not from the admin group

I changed that line to mention the name of account at the end of line but it 
still the same error
user_newaccount_user1 = passuser1 https://PROXY_IP:8080/v1/AUTH_newaccount

It still give the same error

can any one help me

KhaledFrom: adrian_f_sm...@dell.com
To: khaled-...@hotmail.com
CC: openstack@lists.launchpad.net
Date: Fri, 27 Jan 2012 11:19:57 +
Subject: RE: [Openstack] Creating account and user in swiftI’m guessing the 
problem is that the user isn’t a member of the “.admin” group. This is a 
requirement to perform operations on the root URL. To include the user in this 
group add .admin like this, user_newaccount_user1 = passuser1 .swift .admin 
https://PROXY_IP:8080/v1/AUTH_system Adrian From: 
openstack-bounces+adrian_f_smith=dell@lists.launchpad.net 
[mailto:openstack-bounces+adrian_f_smith=dell@lists.launchpad.net] On 
Behalf Of Khaled Ben Bahri
Sent: Friday, January 27, 2012 10:45 AM
To: openstack@lists.launchpad.net
Subject: [Openstack] Creating account and user in swift Hi folks,

I installed swift with "tempauth" authentication subsystem 
To create a user I have to write a new line in the proxy-server.conf on the 
section  [filter:temauth] like this :
user_system_root = testpass .admin https://PROXY_IP:8080/v1/AUTH_system

as i inderstood, the format is actually :
user__ =   [group] [other options] [storage_url]

I added a new user in new account 
user_newaccount_user1 = passuser1 .swift https://PROXY_IP:8080/v1/AUTH_system

After that, to get an x url for this user by executing this commandcurl -k -v 
-H 'X-Storage-User: newaccount:user1' -H 'X-Storage-Pass: passuser1' 
https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0

When i want to check that I can HEAD the new account, I got the error 403 




root@ubuntu-KVM:/etc/swift# curl -k -v -H 'X-Auth-Token: 
AUTH_tk76c7fbcfa4864cea8d6bc09bf5731658' https://x.x.x.x:8080/v1/AUTH_system
* About to connect() to x.x.x.x port 8080 (#0)
*   Trying x.x.x.x... connected
* Connected to x.x.x.x (x.x.x.x) port 8080 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
*subject: C=FR; ST=Some-State; O=Internet Widgits Pty Ltd
*start date: 2012-01-26 18:17:34 GMT
*expire date: 2012-02-25 18:17:34 GMT
* SSL: unable to obtain common name from peer certificate
> GET /v1/AUTH_system HTTP/1.1
> User-Agent: curl/7.21.3 (x86_64-pc-linux-gnu) libcurl/7.21.3 OpenSSL/0.9.8o 
> zlib/1.2.3.4 libidn/1.18
> Host: x.x.x.x:8080
> Accept: */*
> X-Auth-Token: AUTH_tk76c7fbcfa4864cea8d6bc09bf5731658
> 
< HTTP/1.1 403 Forbidden
< Content-Length: 157
< Content-Type: text/html; charset=UTF-8
< Date: Fri, 27 Jan 2012 10:00:57 GMT
< 

 
  403 Forbidden
 
 
  403 Forbidden
  Access was denied to this resource.



 
* Connection #0 to host x.x.x.x left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):



Can any one please know any thing about this

Best regards
Khaled___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] [Nova] Essex dead wood cutting

[Thierry Carrez]

Just as Nova enters feature freeze, it sounds like a good moment to
consider removing deprecated, known-buggy-and-unmaintained or useless
feature code from the Essex tree.

Here are my suggestions for removal:

- Ajaxterm (unmaintained, security issues, replaced by VNC console)
- Hyper-V support (known broken and unmaintained)

I'm sure that everyone has suggestions on other dead wood that we should
cut now rather than ship in Essex... please comment.

-- 
Thierry Carrez (ttx)
Release Manager, OpenStack

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Creating account and user in swift

[Adrian_F_Smith]

Here's the documentation I was referring to,
https://github.com/openstack/swift/blob/master/etc/proxy-server.conf-sample#L79

It states,
# There are special groups of:
#   .reseller_admin = can do anything to any account for this auth
#   .admin = can do anything within the account
# If neither of these groups are specified, the user can only access containers
# that have been explicitly allowed for them by a .admin or .reseller_admin.

Adrian


From: Khaled Ben Bahri [mailto:khaled-...@hotmail.com]
Sent: Friday, January 27, 2012 2:14 PM
To: Smith, Adrian F
Cc: openstack@lists.launchpad.net
Subject: RE: [Openstack] Creating account and user in swift

Hi,

.admin is not indicated to mention that the user is an admin for swift??
I think that we can create users who are not from the admin group

I changed that line to mention the name of account at the end of line but it 
still the same error
user_newaccount_user1 = passuser1 
https://PROXY_IP:8080/v1/AUTH_newaccount

It still give the same error

can any one help me

Khaled

From: adrian_f_sm...@dell.com
To: khaled-...@hotmail.com
CC: openstack@lists.launchpad.net
Date: Fri, 27 Jan 2012 11:19:57 +
Subject: RE: [Openstack] Creating account and user in swift
I'm guessing the problem is that the user isn't a member of the ".admin" group. 
This is a requirement to perform operations on the root URL.

To include the user in this group add .admin like this,

user_newaccount_user1 = passuser1 .swift .admin 
https://PROXY_IP:8080/v1/AUTH_system

Adrian

From: openstack-bounces+adrian_f_smith=dell@lists.launchpad.net 
[mailto:openstack-bounces+adrian_f_smith=dell@lists.launchpad.net] On 
Behalf Of Khaled Ben Bahri
Sent: Friday, January 27, 2012 10:45 AM
To: openstack@lists.launchpad.net
Subject: [Openstack] Creating account and user in swift

Hi folks,

I installed swift with "tempauth" authentication subsystem
To create a user I have to write a new line in the proxy-server.conf on the 
section  [filter:temauth] like this :
user_system_root = testpass .admin https://PROXY_IP:8080/v1/AUTH_system

as i inderstood, the format is actually :
user__ =   [group] [other options] [storage_url]

I added a new user in new account
user_newaccount_user1 = passuser1 .swift https://PROXY_IP:8080/v1/AUTH_system

After that, to get an x url for this user by executing this command

curl -k -v -H 'X-Storage-User: newaccount:user1' -H 'X-Storage-Pass: passuser1' 
https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0

When i want to check that I can HEAD the new account, I got the error 403




root@ubuntu-KVM:/etc/swift# curl -k -v -H 'X-Auth-Token: 
AUTH_tk76c7fbcfa4864cea8d6bc09bf5731658' https://x.x.x.x:8080/v1/AUTH_system
* About to connect() to x.x.x.x port 8080 (#0)
*   Trying x.x.x.x... connected
* Connected to x.x.x.x (x.x.x.x) port 8080 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
*subject: C=FR; ST=Some-State; O=Internet Widgits Pty Ltd
*start date: 2012-01-26 18:17:34 GMT
*expire date: 2012-02-25 18:17:34 GMT
* SSL: unable to obtain common name from peer certificate
> GET /v1/AUTH_system HTTP/1.1
> User-Agent: curl/7.21.3 (x86_64-pc-linux-gnu) libcurl/7.21.3 OpenSSL/0.9.8o 
> zlib/1.2.3.4 libidn/1.18
> Host: x.x.x.x:8080
> Accept: */*
> X-Auth-Token: AUTH_tk76c7fbcfa4864cea8d6bc09bf5731658
>
< HTTP/1.1 403 Forbidden
< Content-Length: 157
< Content-Type: text/html; charset=UTF-8
< Date: Fri, 27 Jan 2012 10:00:57 GMT
<

 
  403 Forbidden
 
 
  403 Forbidden
  Access was denied to this resource.



 
* Connection #0 to host x.x.x.x left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):



Can any one please know any thing about this

Best regards
Khaled

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Keystone Announcement

[Ziad Sawalha]

Hey Everyone,

As you may be well aware, the existing Keystone implementation has been a 
source of some consternation for deployers and various members of our 
community.  In response to this, over the last few months, there has been an 
effort between our team and members of the community to re-architect the 
Keystone service implementation as "Keystone Light" (aka ksl) to improve 
stability, configurability, pluggability, usability, code simplicity, and 
overall code quality.  I'm pleased to announce and we are just about ready to 
propose these changes to the community for review.

It is important to note that ksl is a proposal to change the -implementation- 
of Keystone.  Thus it provides full API, middleware, and CLI compatibility with 
the existing Keystone implementation.  It does not aim to add or significantly 
modify features beyond what exists in Keystone today.  Instead, the main goal 
of ksl is to provide a drastically improved quality of implementation, while 
also providing as smooth a migration path as possible for developers and 
deployers already using or familiar with Keystone.

What does ksl mean for deployers?
 * There will be a simple migration path to ksl for existing deployments
 * ksl's improved pluggability will give you more options to integrate identity 
backends and data stores
 * Improved ec2 support

What does ksl mean for developers?
 * Better extensibility and overall hackability
 * Improved testing framework
 * Improved flexibility in how roles/tenants/users/tokens map to backends

Given the nature of this change, I am asking that each PTL, as well as all 
interested community members, take the time to review this proposal and offer 
feedback.  Gaps and weakness will be listed in the review, and other issues 
identified, and we will need help sorting through these to determine which 
issues are blocking, and which can wait till later milestones.  Of course, if 
we move forward with ksl, we will need to coordinate with projects like 
devstack, gating tests, and packaging, so it is important to hear the 
perspective of people involved with those efforts during the review process.

One of the main benefits of the ksl project is that it was developed as a 
collaboration of many different and very talented community members.  Going 
forward, this gives us the opportunity to have much broader inputs into the 
project and an opportunity to grow the community around keystone.  Thanks 
especially to Andy Smith, Joe Heck, Christopher McGown, Devin Carlen, Joshua 
McKenty, Dolph Matthews, Jesse Andrews, Vishvananda Ishaya, and other community 
members for all the hard work you have put into this - it is very much 
appreciated.

Ziad (PTL) & Keystone Core Team
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Creating account and user in swift

[Khaled Ben Bahri]

Hi,

.admin is not indicated to mention that the user is an admin for swift??
I think that we can create users who are not from the admin group

I changed that line to mention the name of account at the end of line but it 
still the same error
user_newaccount_user1 = passuser1 https://PROXY_IP:8080/v1/AUTH_newaccount

It still give the same error

can any one help me

Khaled
From: adrian_f_sm...@dell.com
To: khaled-...@hotmail.com
CC: openstack@lists.launchpad.net
Date: Fri, 27 Jan 2012 11:19:57 +
Subject: RE: [Openstack] Creating account and user in swift



I’m guessing the problem is that the user isn’t a member of the “.admin” group. 
This is a requirement to perform operations on the root URL. To include the 
user in this group add .admin like this, user_newaccount_user1 = passuser1 
.swift .admin https://PROXY_IP:8080/v1/AUTH_system Adrian From: 
openstack-bounces+adrian_f_smith=dell@lists.launchpad.net 
[mailto:openstack-bounces+adrian_f_smith=dell@lists.launchpad.net] On 
Behalf Of Khaled Ben Bahri
Sent: Friday, January 27, 2012 10:45 AM
To: openstack@lists.launchpad.net
Subject: [Openstack] Creating account and user in swift Hi folks,

I installed swift with "tempauth" authentication subsystem 
To create a user I have to write a new line in the proxy-server.conf on the 
section  [filter:temauth] like this :
user_system_root = testpass .admin https://PROXY_IP:8080/v1/AUTH_system

as i inderstood, the format is actually :
user__ =   [group] [other options] [storage_url]

I added a new user in new account 
user_newaccount_user1 = passuser1 .swift https://PROXY_IP:8080/v1/AUTH_system

After that, to get an x url for this user by executing this commandcurl -k -v 
-H 'X-Storage-User: newaccount:user1' -H 'X-Storage-Pass: passuser1' 
https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0

When i want to check that I can HEAD the new account, I got the error 403 




root@ubuntu-KVM:/etc/swift# curl -k -v -H 'X-Auth-Token: 
AUTH_tk76c7fbcfa4864cea8d6bc09bf5731658' https://x.x.x.x:8080/v1/AUTH_system
* About to connect() to x.x.x.x port 8080 (#0)
*   Trying x.x.x.x... connected
* Connected to x.x.x.x (x.x.x.x) port 8080 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
*subject: C=FR; ST=Some-State; O=Internet Widgits Pty Ltd
*start date: 2012-01-26 18:17:34 GMT
*expire date: 2012-02-25 18:17:34 GMT
* SSL: unable to obtain common name from peer certificate
> GET /v1/AUTH_system HTTP/1.1
> User-Agent: curl/7.21.3 (x86_64-pc-linux-gnu) libcurl/7.21.3 OpenSSL/0.9.8o 
> zlib/1.2.3.4 libidn/1.18
> Host: x.x.x.x:8080
> Accept: */*
> X-Auth-Token: AUTH_tk76c7fbcfa4864cea8d6bc09bf5731658
> 
< HTTP/1.1 403 Forbidden
< Content-Length: 157
< Content-Type: text/html; charset=UTF-8
< Date: Fri, 27 Jan 2012 10:00:57 GMT
< 

 
  403 Forbidden
 
 
  403 Forbidden
  Access was denied to this resource.



 
* Connection #0 to host x.x.x.x left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):



Can any one please know any thing about this

Best regards
Khaled___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Ubuntu package / ppa for the git-review tool.

[Kiall Mac Innes]

Hiya,

For those of you who prefer to avoid "pip" installing as much as possible
in favor of native packages, I've packaged up the git-review tool for
Ubuntu (Just oneiric for now, if there is interest I'll package for lucid
too).

PPA @ https://launchpad.net/~managedit/+archive/git-review

$ apt-add-repository ppa:managedit/git-review
$ apt-get update
$ apt-get install git-review

The latest version is building on launchpad right now and should be
published in the next 30 mins.

Thanks,
Kiall
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Essex-3 Milestone of Quantum Available

[Shake Chen]

Hi

Now the Qautum E3 whether work with Horizon E3?

whether I can manage the Qauntum in Horizon Dashboard?



On Fri, Jan 27, 2012 at 7:57 PM, Leandro Reox wrote:

> Excellent job guys ! Well definitely try it next week, the last release
> worked out pretty good so far for us.
>
> Keep up the good work!
>
>
> Cheers
> Lean
>
> On Thu, Jan 26, 2012 at 8:36 PM, Dan Wendlandt  wrote:
>
>> Congrats to the Quantum team!
>>
>> The latest + greatest version of Quantum was release this morning, see:
>> https://launchpad.net/quantum/essex/essex-3
>>
>> I delayed the announce in order to complete updating the documentation,
>> due to the fact that install procedures changed significantly with this
>> release.  See PDF on downloads page.
>>
>> Changes since Essex-2 include:
>> - client code in separate repo to simplify development dependencies on
>> other projects.
>> - integration with Nova Floating IPs.
>> - API filters for efficient queries and improved API error codes (API
>> v1.1 only)
>> - fixes to python setup tools scripts to make life easier for distros
>> packagers.
>> - port packet statistics extension
>>
>> If you have an OpenStack distro and are looking to package Quantum for
>> Essex, the packaging should now be in its final form.  Let us know how we
>> can help.
>>
>> E-3 was also the first release for which Quantum was part of the standard
>> OpenStack build process, thanks to the CI team for all the help!
>>
>> Since Quantum is still in incubation, E-4 is not a feature frozen
>> milestone, though we will shutting the door to major merges at least a week
>> before the official milestone branch point to avoid last-minute churn.
>>
>> Thanks to all who contributed to E-3.  Looking forward to a great E-4
>> milestone with lots of early merge proposals :)
>>
>> Dan
>>
>>
>> --
>> ~~~
>> Dan Wendlandt
>> Nicira Networks: www.nicira.com
>> twitter: danwendlandt
>> ~~~
>>
>>
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>


-- 
陈沙克
手机：13661187180
msn：shake.c...@hotmail.com
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] nova/puppet blueprint, and some questions

[Belmiro Moreira]

Hi Andrew and others,
first of all sorry for my previous email. (seems I sent a unfinished email)

The idea of integrating nova with "configuration management tools"
(puppet, chef, ...) is very interesting. But in my opinion we
shouldn't have a specific implementation to a single tool or a small
set of tools.

In general Nova should facilitate the interaction with external tools
(not only "configuration management tools"). In my view this could be
achieved using:

-> consistent contextualization method:
The contextualization of new instances per project is crucial. We
should have a "easy" way to transfer files into new instances early at
boot time. I think documenting the blueprint could be a good start:
https://blueprints.launchpad.net/nova/+spec/configuration-drive

Because "injecting" files and metadata will always be image dependent.

-> API extension:
If nova API allowed the execution of "external scripts" when some
operations (create, delete, ...) are performed the integration with
external tools would be easier.

---

What you have in your screenshot is really interesting but it seems
very similar to other tools already implemented to manage puppet
modules, ex: "Foreman".

Belmiro Moreira
CERN

On Fri, Jan 27, 2012 at 2:56 AM, Andrew Bogott  wrote:
> Andrew --
>
> Thanks for your comments.  I'm going to start with a screenshot for context:
>
> http://bogott.net/misc/osmpuppet.png
>
> That's what it looks like when you configure an instance using Open Stack
> Manager, which is WikiMedia's VM management interface.  My main priority for
> adding puppet support to Nova is to facilitate the creation and control of a
> GUI much like that one.
>
>
> On 1/26/12 5:03 PM, Andrew Clay Shafer wrote:
>
>
> I'd also like to see more of a service oriented approach and avoid adding
> tables to nova if possible.
>
> I'm not sure the best solution is to come up with a generic service for
> $configuration_manager for nova core. I'd rather see these implemented as
> optional first class extensions.
>
> This sounds intriguing, but I'll plead ignorance here; can you tell me more
> about what this would look like, or direct me to an existing analogous
> service?
>
>
> What are you going to inject into the instances exactly? Where does the
> site.pp live?
>
> This is the question I'm hoping to get feedback on.  Either nova can
> generate a fully-formed site.pp and inject that, or it can pass config
> information as metadata, in which case an agent would need to be running on
> the guest which would do the work of generating the site.pp.  I certainly
> prefer the former but I'm not yet clear on whether or not file injection is
> widely supported.
>
>
> I haven't thought about this that much yet, but off the top of my head, but
> if the instances already have puppet clients and are configured for the
> puppet master, then the only thing you should need to interact with is the
> puppet master.
>
>
> It's definitely the case that all of this could be done via LDAP or the
> puppet master and involve no Nova action at all; that's how WikiMedia's
> system works now.  My aim is to consolidate the many ways we currently
> interact with instances so that we delegate as much authority to Nova as
> possible.  That strikes me as generally worthwhile, but you're welcome to
> disagree :)
>
>
> I'm not a fan of the Available, Unavailable, Default, particularly because
> you are managing state of something that may not be true on the puppet
> master.
>
> I may be misunderstanding you, or my blueprint may be unclear.  Available,
> Unavailable, and Default don't refer to the availability of classes on the
> puppet master; rather, they refer to whether or not a class is made
> available to a nova user for a given instance.  An 'available' class would
> appear in the checklist in my screenshot.  An Unavailable class would not.
> A 'default' class would appear, and be pre-checked.  In all three cases the
> class is presumed to be present on the puppet master.
>
>
> I also think managing a site.pp is going to be inferior to providing an
> endpoint that can act as an eternal node tool for the puppet master.
> http://docs.puppetlabs.com/guides/external_nodes.html
>
> In which case nova would interact directly with the puppet master for
> configuration purposes?  (I don't hate that idea, just asking for
> clarification.)
>
>
>
> One other point, that you might have thought of, but I don't see anywhere on
> the wiki is how to handle the ca/certs for the instances.
>
> I believe this (and your subsequent question) falls under the heading of "
> Instances are presumed to know any puppet config info they need at creation
> time (e.g. how to contact the puppet master). "  Important, but outside the
> scope of this design :)
>
>
> Just to reiterate, I'd love to see deeper configuration management
> integrations (because I think managing instances without them is it's own
> hell), but I'm not convinced it should be part of core nova per se.
>
> So that I 

Re: [Openstack] Essex-3 Milestone of Quantum Available

[Leandro Reox]

Excellent job guys ! Well definitely try it next week, the last release
worked out pretty good so far for us.

Keep up the good work!


Cheers
Lean

On Thu, Jan 26, 2012 at 8:36 PM, Dan Wendlandt  wrote:

> Congrats to the Quantum team!
>
> The latest + greatest version of Quantum was release this morning, see:
> https://launchpad.net/quantum/essex/essex-3
>
> I delayed the announce in order to complete updating the documentation,
> due to the fact that install procedures changed significantly with this
> release.  See PDF on downloads page.
>
> Changes since Essex-2 include:
> - client code in separate repo to simplify development dependencies on
> other projects.
> - integration with Nova Floating IPs.
> - API filters for efficient queries and improved API error codes (API v1.1
> only)
> - fixes to python setup tools scripts to make life easier for distros
> packagers.
> - port packet statistics extension
>
> If you have an OpenStack distro and are looking to package Quantum for
> Essex, the packaging should now be in its final form.  Let us know how we
> can help.
>
> E-3 was also the first release for which Quantum was part of the standard
> OpenStack build process, thanks to the CI team for all the help!
>
> Since Quantum is still in incubation, E-4 is not a feature frozen
> milestone, though we will shutting the door to major merges at least a week
> before the official milestone branch point to avoid last-minute churn.
>
> Thanks to all who contributed to E-3.  Looking forward to a great E-4
> milestone with lots of early merge proposals :)
>
> Dan
>
>
> --
> ~~~
> Dan Wendlandt
> Nicira Networks: www.nicira.com
> twitter: danwendlandt
> ~~~
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Creating account and user in swift

[Adrian_F_Smith]

I'm guessing the problem is that the user isn't a member of the ".admin" group. 
This is a requirement to perform operations on the root URL.

To include the user in this group add .admin like this,

user_newaccount_user1 = passuser1 .swift .admin 
https://PROXY_IP:8080/v1/AUTH_system

Adrian

From: openstack-bounces+adrian_f_smith=dell@lists.launchpad.net 
[mailto:openstack-bounces+adrian_f_smith=dell@lists.launchpad.net] On 
Behalf Of Khaled Ben Bahri
Sent: Friday, January 27, 2012 10:45 AM
To: openstack@lists.launchpad.net
Subject: [Openstack] Creating account and user in swift

Hi folks,

I installed swift with "tempauth" authentication subsystem
To create a user I have to write a new line in the proxy-server.conf on the 
section  [filter:temauth] like this :
user_system_root = testpass .admin https://PROXY_IP:8080/v1/AUTH_system

as i inderstood, the format is actually :
user__ =   [group] [other options] [storage_url]

I added a new user in new account
user_newaccount_user1 = passuser1 .swift https://PROXY_IP:8080/v1/AUTH_system

After that, to get an x url for this user by executing this command

curl -k -v -H 'X-Storage-User: newaccount:user1' -H 'X-Storage-Pass: passuser1' 
https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0

When i want to check that I can HEAD the new account, I got the error 403




root@ubuntu-KVM:/etc/swift# curl -k -v -H 'X-Auth-Token: 
AUTH_tk76c7fbcfa4864cea8d6bc09bf5731658' https://x.x.x.x:8080/v1/AUTH_system
* About to connect() to x.x.x.x port 8080 (#0)
*   Trying x.x.x.x... connected
* Connected to x.x.x.x (x.x.x.x) port 8080 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
*subject: C=FR; ST=Some-State; O=Internet Widgits Pty Ltd
*start date: 2012-01-26 18:17:34 GMT
*expire date: 2012-02-25 18:17:34 GMT
* SSL: unable to obtain common name from peer certificate
> GET /v1/AUTH_system HTTP/1.1
> User-Agent: curl/7.21.3 (x86_64-pc-linux-gnu) libcurl/7.21.3 OpenSSL/0.9.8o 
> zlib/1.2.3.4 libidn/1.18
> Host: x.x.x.x:8080
> Accept: */*
> X-Auth-Token: AUTH_tk76c7fbcfa4864cea8d6bc09bf5731658
>
< HTTP/1.1 403 Forbidden
< Content-Length: 157
< Content-Type: text/html; charset=UTF-8
< Date: Fri, 27 Jan 2012 10:00:57 GMT
<

 
  403 Forbidden
 
 
  403 Forbidden
  Access was denied to this resource.



 
* Connection #0 to host x.x.x.x left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):



Can any one please know any thing about this

Best regards
Khaled

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Creating account and user in swift

[Khaled Ben Bahri]

Hi folks,

I installed swift with "tempauth" authentication subsystem 
To create a user I have to write a new line in the proxy-server.conf on the 
section  [filter:temauth] like this :
user_system_root = testpass .admin https://PROXY_IP:8080/v1/AUTH_system

as i inderstood, the format is actually :
user__ =   [group] [other options] [storage_url]

I added a new user in new account 
user_newaccount_user1 = passuser1 .swift https://PROXY_IP:8080/v1/AUTH_system

After that, to get an x url for this user by executing this command
curl -k -v -H 'X-Storage-User: newaccount:user1' -H 'X-Storage-Pass: passuser1' 
https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0

When i want to check that I can HEAD the new account, I got the error 403 




root@ubuntu-KVM:/etc/swift# curl -k -v -H 'X-Auth-Token: 
AUTH_tk76c7fbcfa4864cea8d6bc09bf5731658' https://x.x.x.x:8080/v1/AUTH_system
* About to connect() to x.x.x.x port 8080 (#0)
*   Trying x.x.x.x... connected
* Connected to x.x.x.x (x.x.x.x) port 8080 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
*subject: C=FR; ST=Some-State; O=Internet Widgits Pty Ltd
*start date: 2012-01-26 18:17:34 GMT
*expire date: 2012-02-25 18:17:34 GMT
* SSL: unable to obtain common name from peer certificate
> GET /v1/AUTH_system HTTP/1.1
> User-Agent: curl/7.21.3 (x86_64-pc-linux-gnu) libcurl/7.21.3 OpenSSL/0.9.8o 
> zlib/1.2.3.4 libidn/1.18
> Host: x.x.x.x:8080
> Accept: */*
> X-Auth-Token: AUTH_tk76c7fbcfa4864cea8d6bc09bf5731658
> 
< HTTP/1.1 403 Forbidden
< Content-Length: 157
< Content-Type: text/html; charset=UTF-8
< Date: Fri, 27 Jan 2012 10:00:57 GMT
< 

 
  403 Forbidden
 
 
  403 Forbidden
  Access was denied to this resource.



 
* Connection #0 to host x.x.x.x left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):



Can any one please know any thing about this

Best regards
Khaled

  ___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Ubuntu OpenStack QA Lab up and running

[Thierry Carrez]

Robbie Williamson wrote:
> http://jenkins.qa.ubuntu.com/view/Precise%20OpenStack%20Testing/

Great work!

Would be cool to syndicate those Jenkins instances into a general health
dashboard that we could use to get at a glance the health of openstack
downstreams...

Would there be a feature in Jenkins that could allow us to have a frame
in our Jenkins dashboard that shows the status of selected jobs in yours
? Or do we have to code up something specific ?

-- 
Thierry Carrez (ttx)
Release Manager, OpenStack

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Scaling][Orchestration] Zone changes. WAS: [Question #185840]: Multi-Zone finally working on ESSEX but cant "nova list" (KeyError: 'uuid') + doubts

[Thierry Carrez]

Alejandro Comisario wrote:
> PS: Is the plan to commit the new Zones code into Milestone 3 ? that
> would be fantastic news !

Essex-3 being out, that sounds unlikely. And Essex being feature-frozen,
it also sounds unlikely that such a far-reaching change would land in Essex.

New features and architectural improvements are exciting, but we also
need to be careful to produce something usable in production at the end:
constantly adding new code (and therefore new bugs) is not the way to
win that fight.

Note that, in retrospect, 6-month release schedules with monthly
milestones might not be the best way to get fast availability of new
features together with a bugfixing period. We end up getting features
out fast, but with too many bugs for anyone to consider using them
before final release, which happens too rarely.

We will certainly revisit that for the Folsom cycle -- expect a session
at the Design Summit to discuss that.

-- 
Thierry Carrez (ttx)
Release Manager, OpenStack

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Ubuntu OpenStack QA Lab up and running

[James Page]

Hi Nati

On 26/01/12 20:49, Nachi Ueno wrote:

Can I ask some questions?

1. Is there any document or opensource of your juju-based ci-deployment?


There will be :-);  all of the bits and pieces are under 
http://launchpad.net/~openstack-ubuntu-testing code branches but we will 
be pulling together some docs on the complete lab setup.



2. Which kind of test are you running after deploy test?


At the moment we are just using the exercise scripts from devstack but 
the plan is to get tempest up and running.



--
James Page
Ubuntu Core Developer

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp