Re: [Openstack] Troubleshooting Swift 1.7.4 on mini servers

[John Dickinson]

A 507 is returned by the object servers in 2 situations: 1) the drives are full 
or 2) the drives have been unmounted because of disk error.

It's highly likely that you simply have full drives. Remember that the usable 
space in your cluster is 1/N where N = replica count. As an example, with 3 
replicas and 5 nodes with a single 1TB drive each, you only have about 1.6TB 
available for data.

As Pete suggested in his response, how big are your drives, and what does `df` 
tell you?

--John


On Oct 26, 2012, at 5:26 PM, Nathan Trueblood  wrote:

> Hey folks-
> 
> I'm trying to figure out what's going wrong with my Swift deployment on a 
> small cluster of "mini" servers.   I have a small test cluster (5 storage 
> nodes, 1 proxy) of mini-servers that are ARM-based.   The proxy is a regular, 
> Intel-based server with plenty of RAM.   The object/account/container servers 
> are relatively small, with 2GB of RAM per node.
> 
> Everything starts up fine, but now I'm trying to troubleshoot a strange 
> problem.   After I successfully upload a few test files, it seems like the 
> storage system stops responding and the proxy gives me a 503 error.
> 
> Here's the test sequence I run on my proxy:
> 
> lab@proxy01:~/bin$ ./swiftcl.sh stat
> swift -A http://proxy01:8080/auth/v1.0 -U system:root -K testpass stat
>Account: AUTH_system
> Containers: 5
>Objects: 4
>  Bytes: 47804968
> Accept-Ranges: bytes
> X-Timestamp: 1351294912.72119
> lab@proxy01:~/bin$ ./swiftcl.sh upload myfiles1 /home/lab/bigfile1 
> swift -A http://proxy01:8080/auth/v1.0 -U system:root -K testpass upload 
> myfiles1 /home/lab/bigfile1
> home/lab/bigfile1
> lab@proxy01:~/bin$ ./swiftcl.sh upload myfiles2 /home/lab/bigfile1 
> swift -A http://proxy01:8080/auth/v1.0 -U system:root -K testpass upload 
> myfiles2 /home/lab/bigfile1
> home/lab/bigfile1
> lab@proxy01:~/bin$ ./swiftcl.sh upload myfiles3 /home/lab/bigfile1 
> swift -A http://proxy01:8080/auth/v1.0 -U system:root -K testpass upload 
> myfiles3 /home/lab/bigfile1
> home/lab/bigfile1
> lab@proxy01:~/bin$ ./swiftcl.sh upload myfiles4 /home/lab/bigfile1 
> swift -A http://proxy01:8080/auth/v1.0 -U system:root -K testpass upload 
> myfiles4 /home/lab/bigfile1
> home/lab/bigfile1
> lab@proxy01:~/bin$ ./swiftcl.sh upload myfiles5 /home/lab/bigfile1 
> swift -A http://proxy01:8080/auth/v1.0 -U system:root -K testpass upload 
> myfiles5 /home/lab/bigfile1
> Object PUT failed: 
> http://172.16.1.111:8080/v1/AUTH_system/myfiles5/home/lab/bigfile1 503 
> Service Unavailable  [first 60 chars of response] 503 Service Unavailable
> 
> The server is currently unavailable
> lab@proxy01:~/bin$ ./swiftcl.sh stat
> swift -A http://proxy01:8080/auth/v1.0 -U system:root -K testpass stat
>Account: AUTH_system
> Containers: 6
>Objects: 5
>  Bytes: 59756210
> Accept-Ranges: bytes
> X-Timestamp: 1351294912.72119
> 
> Here's the corresponding log on the Proxy:
> 
> Oct 26 17:06:52 proxy01 proxy-server - 127.0.0.1 27/Oct/2012/00/06/52 GET 
> /auth/v1.0/ HTTP/1.0 200 - - - - - - - - 0.0010
> Oct 26 17:07:13 proxy01 proxy-server - 127.0.0.1 27/Oct/2012/00/07/13 GET 
> /auth/v1.0/ HTTP/1.0 200 - - - - - - - - 0.0017
> Oct 26 17:07:13 proxy01 proxy-server - 127.0.0.1 27/Oct/2012/00/07/13 GET 
> /auth/v1.0/ HTTP/1.0 200 - - - - - - - - 0.0016
> Oct 26 17:07:22 proxy01 proxy-server - 127.0.0.1 27/Oct/2012/00/07/22 GET 
> /auth/v1.0/ HTTP/1.0 200 - - - - - - - - 0.0010
> Oct 26 17:07:22 proxy01 proxy-server - 127.0.0.1 27/Oct/2012/00/07/22 GET 
> /auth/v1.0/ HTTP/1.0 200 - - - - - - - - 0.0016
> Oct 26 17:07:27 proxy01 proxy-server - 127.0.0.1 27/Oct/2012/00/07/27 GET 
> /auth/v1.0/ HTTP/1.0 200 - - - - - - - - 0.0010
> Oct 26 17:07:27 proxy01 proxy-server - 127.0.0.1 27/Oct/2012/00/07/27 GET 
> /auth/v1.0/ HTTP/1.0 200 - - - - - - - - 0.0016
> Oct 26 17:07:27 proxy01 proxy-server Handoff requested (1) (txn: 
> tx6946419daba54efe9c2878f8a2a78f88) (client_ip: 172.16.1.111)
> Oct 26 17:07:27 proxy01 proxy-server Handoff requested (2) (txn: 
> tx6946419daba54efe9c2878f8a2a78f88) (client_ip: 172.16.1.111)
> Oct 26 17:07:33 proxy01 proxy-server - 127.0.0.1 27/Oct/2012/00/07/33 GET 
> /auth/v1.0/ HTTP/1.0 200 - - - - - - - - 0.0010
> Oct 26 17:07:33 proxy01 proxy-server - 127.0.0.1 27/Oct/2012/00/07/33 GET 
> /auth/v1.0/ HTTP/1.0 200 - - - - - - - - 0.0016
> Oct 26 17:07:33 proxy01 proxy-server Handoff requested (1) (txn: 
> tx5f9659f74cb2491f9a63cbb84f680c5c) (client_ip: 172.16.1.111)
> Oct 26 17:07:33 proxy01 proxy-server Handoff requested (2) (txn: 
> tx5f9659f74cb2491f9a63cbb84f680c5c) (client_ip: 172.16.1.111)
> Oct 26 17:07:39 proxy01 proxy-server - 127.0.0.1 27/Oct/2012/00/07/39 GET 
> /auth/v1.0/ HTTP/1.0 200 - - - - - - - - 0.0009
> Oct 26 17:07:39 proxy01 proxy-server - 127.0.0.1 27/Oct/2012/00/07/39 GET 
> /auth/v1.0/ HTTP/1.0 200 - - - - - - - - 0.0009
> Oct 26 17:07:39 proxy01 proxy-server Handoff requested (1) (txn: 
> tx8dc917a4a8c84c40a4429b7bab0323c6) (client_ip: 172.16.1.111)
> Oct 26 1

Re: [Openstack] Troubleshooting Swift 1.7.4 on mini servers

[Pete Zaitcev]

On Fri, 26 Oct 2012 17:26:07 -0700
Nathan Trueblood  wrote:

> I'm trying to figure out what's going wrong with my Swift deployment on a
> small cluster of "mini" servers.   I have a small test cluster (5 storage
> nodes, 1 proxy) of mini-servers that are ARM-based.   The proxy is a
> regular, Intel-based server with plenty of RAM.   The
> object/account/container servers are relatively small, with 2GB of RAM per
> node.

And the disk is how big?

> Oct 26 17:07:46 data05 object-server 192.168.1.111 - -
> [27/Oct/2012:00:07:46 +] "PUT
> /sda6/150861/AUTH_system/myfiles5/home/lab/bigfile1" 507 - "-"
> "tx8dc917a4a8c84c40a4429b7bab0323c6" "-" 0.0031

Well, what does df say?

> The Object-servers do give a 507 error, which might indicate a disk
> problem, but there is nothing wrong with the storage drive.   And also if
> there was a fundamental drive problem then I wouldn't be able to upload
> objects in the first place.

You could upload them to a reduced number of nodes, and then the
replication would inflate the space used by the replication ratio.

Finally, it's possible that tombstones are not properly expired for
some reason.

-- Pete

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Scaling PaaS in OpenStack

[Frans Thamura]

Your url help one glue. DEA need to be configure

Will work on this.

Nb: finding how dea work now... heheh

Frans Thamura
Meruvian
On Oct 27, 2012 3:55 AM, "Diane Mueller"  wrote:

> Stackato (ActiveState's PaaS) auto-scales on OpenStack nicely. I just
> finished deploying it on Folsom
>
> You can find the Stackato docs on auto-scaling are here, and do include an
> OpenStack section for each step:
>
> http://docs.stackato.com/cluster/autoscaling.html?highlight=scaling
>
> Please feel free to go on our #stackato irc channel and ask any further
> questions you have or drop me a note privately if you prefer.
>
> Kind Regards,
>
> Diane Mueller
> ActiveState Stackato
> twitter/irc: pythondj
> http://activestate.com/stackato
>
>
>
>
> On Fri, Oct 26, 2012 at 4:02 AM, Angus Salkeld wrote:
>
>> On 26/10/12 13:07 +0700, Frans Thamura wrote:
>>
>>> Yes, we use it here, but still finding to configure with OpenStack, to
>>> bring scale in this case communicate with openstack nova controller,
>>> we just use it now here..
>>>
>>>
>> You could use the heat project to provide autoscaling.
>> The way this would work is you:
>> 1 create an CloudFormations style template with your application
>> (OpenShift/CloudFoundry)
>> 2 you setup an autoscale group and alarm resource in the template
>> 3 you post the metric of interest in your application to our Cloudwatch
>>   (see the calls to cfn-push-stats)
>> as an example look at:
>> https://github.com/heat-api/**heat/blob/master/templates/**
>> AutoScalingMultiAZSample.**template
>>
>> What happens is you setup a threshold that triggers a scale up and scale
>> down action.
>>
>> also see:
>> https://github.com/heat-api/**heat/blob/master/templates/**
>> OpenShift.template
>> https://github.com/heat-api/**heat/wiki
>>
>>
>> -Angus
>>
>>>
>>>
>>> On Fri, Oct 26, 2012 at 1:00 PM, Ray Sun 
>>> wrote:
>>>
 Have you hearad BOSH, a deployment tool for CloudFoundry on
 cloud(including

 AWS and openstack)?
 https://github.com/**cloudfoundry/bosh

 - Ray
 Yours faithfully, Kind regards.

 CIeNET Technologies (Beijing) Co., Ltd
 Email: qsun01...@cienet.com.cn
 Office Phone: +86-01081470088-7079
 Mobile Phone: +86-13581988291



 On Fri, Oct 26, 2012 at 1:46 PM, Frans Thamura 
 wrote:

>
> Hi All
>
> Anyone can give me reference, related to scaling PaaS system in
> OpenStack?
>
> how (more basic better) scalable is implementing PaaS in OpenStack?
>
> right now, we create virtual machine and install ubuntu inside, and
> run CloudFoundry or OpenShift to make it PaaS enable.
>
> my target for PaaS is to run our Java apps inside cloud environment.
>
> in another world, we have Liquid VM, but it is not opensource yet,
> part of Java VE Virtual Edition. The JVM can boot direct from the
> hypervisor.
>
> I still researching the theory behind scalability of cloud esp in
> openstack + cloudfoundry.
>
> F
>
> __**_
> Mailing list: 
> https://launchpad.net/~**openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : 
> https://launchpad.net/~**openstack
> More help   : 
> https://help.launchpad.net/**ListHelp
>



>>> __**_
>>> Mailing list: 
>>> https://launchpad.net/~**openstack
>>> Post to : openstack@lists.launchpad.net
>>> Unsubscribe : 
>>> https://launchpad.net/~**openstack
>>> More help   : 
>>> https://help.launchpad.net/**ListHelp
>>>
>>
>> __**_
>> Mailing list: 
>> https://launchpad.net/~**openstack
>> Post to : openstack@lists.launchpad.net
>> Unsubscribe : 
>> https://launchpad.net/~**openstack
>> More help   : 
>> https://help.launchpad.net/**ListHelp
>>
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Tracking triage statistics

[Michael Still]

On 10/27/2012 12:08 AM, Dolph Mathews wrote:
> How many cookies for a self-triaged bug that was subsequently closed as
> invalid? This rulebook is going to get really complicated really fast ;)
> 
> Would love to see a report for more projects on a longer timeline!

Well, the tool was aimed at nova's weekly meetings, but it will work for
any project that uses launchpad for its bug tracking. The problem with a
longer report timeline is that tool takes a really long time to run, I
guess if you're super patient then that's ok...

I've given into you crazy hipsters and moved the code to github. Its at:

https://github.com/mikalstill/openstack-triage-tools

Cheers,
Mikal

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Troubleshooting Swift 1.7.4 on mini servers

[Nathan Trueblood]

Hey folks-

I'm trying to figure out what's going wrong with my Swift deployment on a
small cluster of "mini" servers.   I have a small test cluster (5 storage
nodes, 1 proxy) of mini-servers that are ARM-based.   The proxy is a
regular, Intel-based server with plenty of RAM.   The
object/account/container servers are relatively small, with 2GB of RAM per
node.

Everything starts up fine, but now I'm trying to troubleshoot a strange
problem.   After I successfully upload a few test files, it seems like the
storage system stops responding and the proxy gives me a 503 error.

Here's the test sequence I run on my proxy:

lab@proxy01:~/bin$ ./swiftcl.sh stat

swift -A http://proxy01:8080/auth/v1.0 -U system:root -K testpass stat

   Account: AUTH_system

Containers: 5

   Objects: 4

 Bytes: 47804968

Accept-Ranges: bytes

X-Timestamp: 1351294912.72119

lab@proxy01:~/bin$ ./swiftcl.sh upload myfiles1 /home/lab/bigfile1

swift -A http://proxy01:8080/auth/v1.0 -U system:root -K testpass upload
myfiles1 /home/lab/bigfile1

home/lab/bigfile1

lab@proxy01:~/bin$ ./swiftcl.sh upload myfiles2 /home/lab/bigfile1

swift -A http://proxy01:8080/auth/v1.0 -U system:root -K testpass upload
myfiles2 /home/lab/bigfile1

home/lab/bigfile1

lab@proxy01:~/bin$ ./swiftcl.sh upload myfiles3 /home/lab/bigfile1

swift -A http://proxy01:8080/auth/v1.0 -U system:root -K testpass upload
myfiles3 /home/lab/bigfile1

home/lab/bigfile1

lab@proxy01:~/bin$ ./swiftcl.sh upload myfiles4 /home/lab/bigfile1

swift -A http://proxy01:8080/auth/v1.0 -U system:root -K testpass upload
myfiles4 /home/lab/bigfile1

home/lab/bigfile1

lab@proxy01:~/bin$ ./swiftcl.sh upload myfiles5 /home/lab/bigfile1

swift -A http://proxy01:8080/auth/v1.0 -U system:root -K testpass upload
myfiles5 /home/lab/bigfile1

Object PUT failed:
http://172.16.1.111:8080/v1/AUTH_system/myfiles5/home/lab/bigfile1 503
Service Unavailable  [first 60 chars of response] 503 Service Unavailable


The server is currently unavailable

lab@proxy01:~/bin$ ./swiftcl.sh stat

swift -A http://proxy01:8080/auth/v1.0 -U system:root -K testpass stat

   Account: AUTH_system

Containers: 6

   Objects: 5

 Bytes: 59756210

Accept-Ranges: bytes

X-Timestamp: 1351294912.72119

Here's the corresponding log on the Proxy:

Oct 26 17:06:52 proxy01 proxy-server - 127.0.0.1 27/Oct/2012/00/06/52 GET
/auth/v1.0/ HTTP/1.0 200 - - - - - - - - 0.0010

Oct 26 17:07:13 proxy01 proxy-server - 127.0.0.1 27/Oct/2012/00/07/13 GET
/auth/v1.0/ HTTP/1.0 200 - - - - - - - - 0.0017

Oct 26 17:07:13 proxy01 proxy-server - 127.0.0.1 27/Oct/2012/00/07/13 GET
/auth/v1.0/ HTTP/1.0 200 - - - - - - - - 0.0016

Oct 26 17:07:22 proxy01 proxy-server - 127.0.0.1 27/Oct/2012/00/07/22 GET
/auth/v1.0/ HTTP/1.0 200 - - - - - - - - 0.0010

Oct 26 17:07:22 proxy01 proxy-server - 127.0.0.1 27/Oct/2012/00/07/22 GET
/auth/v1.0/ HTTP/1.0 200 - - - - - - - - 0.0016

Oct 26 17:07:27 proxy01 proxy-server - 127.0.0.1 27/Oct/2012/00/07/27 GET
/auth/v1.0/ HTTP/1.0 200 - - - - - - - - 0.0010

Oct 26 17:07:27 proxy01 proxy-server - 127.0.0.1 27/Oct/2012/00/07/27 GET
/auth/v1.0/ HTTP/1.0 200 - - - - - - - - 0.0016

Oct 26 17:07:27 proxy01 proxy-server Handoff requested (1) (txn:
tx6946419daba54efe9c2878f8a2a78f88) (client_ip: 172.16.1.111)

Oct 26 17:07:27 proxy01 proxy-server Handoff requested (2) (txn:
tx6946419daba54efe9c2878f8a2a78f88) (client_ip: 172.16.1.111)

Oct 26 17:07:33 proxy01 proxy-server - 127.0.0.1 27/Oct/2012/00/07/33 GET
/auth/v1.0/ HTTP/1.0 200 - - - - - - - - 0.0010

Oct 26 17:07:33 proxy01 proxy-server - 127.0.0.1 27/Oct/2012/00/07/33 GET
/auth/v1.0/ HTTP/1.0 200 - - - - - - - - 0.0016

Oct 26 17:07:33 proxy01 proxy-server Handoff requested (1) (txn:
tx5f9659f74cb2491f9a63cbb84f680c5c) (client_ip: 172.16.1.111)

Oct 26 17:07:33 proxy01 proxy-server Handoff requested (2) (txn:
tx5f9659f74cb2491f9a63cbb84f680c5c) (client_ip: 172.16.1.111)

Oct 26 17:07:39 proxy01 proxy-server - 127.0.0.1 27/Oct/2012/00/07/39 GET
/auth/v1.0/ HTTP/1.0 200 - - - - - - - - 0.0009

Oct 26 17:07:39 proxy01 proxy-server - 127.0.0.1 27/Oct/2012/00/07/39 GET
/auth/v1.0/ HTTP/1.0 200 - - - - - - - - 0.0009

Oct 26 17:07:39 proxy01 proxy-server Handoff requested (1) (txn:
tx8dc917a4a8c84c40a4429b7bab0323c6) (client_ip: 172.16.1.111)

Oct 26 17:07:39 proxy01 proxy-server Handoff requested (2) (txn:
tx8dc917a4a8c84c40a4429b7bab0323c6) (client_ip: 172.16.1.111)

Oct 26 17:07:40 proxy01 proxy-server Object PUT returning 503, 1/2 required
connections (txn: tx8dc917a4a8c84c40a4429b7bab0323c6) (client_ip:
172.16.1.111)

Oct 26 17:07:41 proxy01 proxy-server Object PUT returning 503, 1/2 required
connections (txn: tx07a1f5dfaa23445a88eaa4a2ade68466) (client_ip:
172.16.1.111)

Oct 26 17:07:43 proxy01 proxy-server Object PUT returning 503, 1/2 required
connections (txn: tx938d08b706844db3886695b798bd9fad) (client_ip:
172.16.1.111)

Oct 26 17:07:47 proxy01 proxy-server Object PUT returning 503, 1/2 required
connections (txn: txa35e9f8a54924f139e13d6f3a5dc457f

Re: [Openstack] [keystone] Domain Name Spaces

[Adam Young]

On 10/26/2012 07:17 PM, Henry Nash wrote:

So to pick up on a couple of the areas of contention:

a) Roles.  I agree that role names must stay globally unique.  One way 
of thinking about this is that it is not actually keystone that is 
creating the "role name space" it is the other services (Nova etc.) by 
specifying roles in their policy files.  Until those services support 
domain specific segmentation, then role names stay global.


b) Will multi-domains make it more complicated in terms of 
authorisation - e.g. will the users have to input a Domain Name into 
Horizon the whole time?  The first thing I would say is that if the 
cloud administrator has create multiple domains, then the keystone API 
should indeed require the domain specification.  However, that should 
not mean it should be laborious for a Horizon user.  In the case where 
a Cloud Provider has created domains to encapsulate each of their 
customers - then if they want to let those customer use horizon as the 
UI, then I would think they want to be able to give each customer a 
unique URL which will point to a Horizon that "knows which domain to 
go to".
Yes, I think that this is the solution.  It will involve HTTPD virtual 
hosts, and horizon can then get an additional config parameter 
"keystone_domain" as part of the wsgi config.



 Maybe the url contains the Domain Name or ID in the path, and Horizon 
pulls this out of its own url (assuming that's possible) and hence the 
user is never given an option to chose a domain.  A Cloud Admin would 
use a "non domain qualified url" to get to Horizon (basically as it is 
now) and hence be able to see the different domains.  Likewise, in the 
case of where the Cloud Provider has not chosen to create any 
individual domains (and is just running the cloud in the default 
domain), then the  "non domain qualified url" would be used to a 
Horizon that only showed one, default domain and hence no choice is 
required.



Henry

On 26 Oct 2012, at 17:31, heckj wrote:

Bringing conversation for domains in Keystone to the broader mailing 
lists.



On Oct 26, 2012, at 5:18 AM, Dolph Mathews > wrote:

I think this discussion would be great for both mailing lists.

-Dolph


On Fri, Oct 26, 2012 at 5:18 AM, Henry Nash > wrote:


Hi



At the Summit we started a discussion on whether things like
user name, tenant name etc. should be globally unique or unique
within a domain.  I'd like to widen that discussion to try and
a) agree a direction, b) agree some changes to our current spec.
Here's my view as an opening gambit:

- When a Keystone instance is first started, there is only one,
default, Domain.  The Cloud Provider does not need to create any
new domains, all projects can exist in this default domain, as
will the users etc.  There is one, global, name space.  Clients
using the v2 API will work just fine.


+1


Very much what we were thinking for the initial implemenation and 
rollout to make it backwards "compatible" with the V2 (non-domain) 
core API



- If the Cloud Provider wants to provide their customers with
regions they can administer themselves and be self-contained,
then they create a Domain for each customer.  It should be
possible for users/roles to be scoped to a Domain so that
(effectively) administrative duties can be delegated to some
users in that Domain.  So far so good - all this can be done
with the v3 API.


Not clear on if you're referring to endpoint regions, or just 
describing domain isolation?


I believe you're describing the key use cases behind the domains 
mechanism to begin with - user and project partitioning to allow for 
administration of those to be clearly "owned" and managed appropriately.




- We still have work to do to make sure items in other OS
projects that reference tenants (e.g. Images) can take a Domain
or Project ID, but we'll get to that soon enough


Everything will continue to work with projects, but once middleware 
starts providing a DOMAIN_ID and DOMAIN_NAME to the underlying 
service, it'll be up to them to take advantage of it. Images per 
domain is an excellent example use case.



- However, Cloud Providers want to start enabling enterprise
customers to run more and more of the workloads in OpenStack
clouds - over and above, the smaller sized companies that are
doing this today.  For this to work, the encapsulation of a
Domain need, I think, to be able to be stricter - and this is
where the name space comes into play.  I think we need to allow
for a Domain to have its own namespace (i.e. users, roles,
projects etc.) as an option.  I see this as a first step to
allowing each Domain to have its own AuthZ/N service (.e.g
external ldap owned and hosted by the customer who will be using
the Domain)

Implementation:

- A simplistic version would just a

Re: [Openstack] [keystone] Domain Name Spaces

[Henry Nash]

So to pick up on a couple of the areas of contention:

a) Roles.  I agree that role names must stay globally unique.  One way of 
thinking about this is that it is not actually keystone that is creating the 
"role name space" it is the other services (Nova etc.) by specifying roles in 
their policy files.  Until those services support domain specific segmentation, 
then role names stay global.

b) Will multi-domains make it more complicated in terms of authorisation - e.g. 
will the users have to input a Domain Name into Horizon the whole time?  The 
first thing I would say is that if the cloud administrator has create multiple 
domains, then the keystone API should indeed require the domain specification.  
However, that should not mean it should be laborious for a Horizon user.  In 
the case where a Cloud Provider has created domains to encapsulate each of 
their customers - then if they want to let those customer use horizon as the 
UI, then I would think they want to be able to give each customer a unique URL 
which will point to a Horizon that "knows which domain to go to".  Maybe the 
url contains the Domain Name or ID in the path, and Horizon pulls this out of 
its own url (assuming that's possible) and hence the user is never given an 
option to chose a domain.  A Cloud Admin would use a "non domain qualified url" 
to get to Horizon (basically as it is now) and hence be able to see the 
different domains.  Likewise, in the case of where the Cloud Provider has not 
chosen to create any individual domains (and is just running the cloud in the 
default domain), then the  "non domain qualified url" would be used to a 
Horizon that only showed one, default domain and hence no choice is required.


Henry

On 26 Oct 2012, at 17:31, heckj wrote:

> Bringing conversation for domains in Keystone to the broader mailing lists.
> 
> 
> On Oct 26, 2012, at 5:18 AM, Dolph Mathews  wrote:
>> I think this discussion would be great for both mailing lists.
>> 
>> -Dolph
>> 
>> 
>> On Fri, Oct 26, 2012 at 5:18 AM, Henry Nash  wrote:
>> Hi
>> 
>> > v3api doc, or elsewhere - appreciate some guidance and will transfer this to 
>> the right place>
>> 
>> At the Summit we started a discussion on whether things like user name, 
>> tenant name etc. should be globally unique or unique within a domain.  I'd 
>> like to widen that discussion to try and a) agree a direction, b) agree some 
>> changes to our current spec. Here's my view as an opening gambit:
>> 
>> - When a Keystone instance is first started, there is only one, default, 
>> Domain.  The Cloud Provider does not need to create any new domains, all 
>> projects can exist in this default domain, as will the users etc.  There is 
>> one, global, name space.  Clients using the v2 API will work just fine.
>> 
>> +1
> 
> Very much what we were thinking for the initial implemenation and rollout to 
> make it backwards "compatible" with the V2 (non-domain) core API
> 
>> - If the Cloud Provider wants to provide their customers with regions they 
>> can administer themselves and be self-contained, then they create a Domain 
>> for each customer.  It should be possible for users/roles to be scoped to a 
>> Domain so that (effectively) administrative duties can be delegated to some 
>> users in that Domain.  So far so good - all this can be done with the v3 API.
>> 
>> Not clear on if you're referring to endpoint regions, or just describing 
>> domain isolation?
> 
> I believe you're describing the key use cases behind the domains mechanism to 
> begin with - user and project partitioning to allow for administration of 
> those to be clearly "owned" and managed appropriately.
> 
> 
>> - We still have work to do to make sure items in other OS projects that 
>> reference tenants (e.g. Images) can take a Domain or Project ID, but we'll 
>> get to that soon enough
>> 
>> Everything will continue to work with projects, but once middleware starts 
>> providing a DOMAIN_ID and DOMAIN_NAME to the underlying service, it'll be up 
>> to them to take advantage of it. Images per domain is an excellent example 
>> use case.
> 
>>  
>> - However, Cloud Providers want to start enabling enterprise customers to 
>> run more and more of the workloads in OpenStack clouds - over and above, the 
>> smaller sized companies that are doing this today.  For this to work, the 
>> encapsulation of a Domain need, I think, to be able to be stricter - and 
>> this is where the name space comes into play.  I think we need to allow for 
>> a Domain to have its own namespace (i.e. users, roles, projects etc.) as an 
>> option.  I see this as a first step to allowing each Domain to have its own 
>> AuthZ/N service (.e.g external ldap owned and hosted by the customer who 
>> will be using the Domain)
>> 
>> Implementation:
>> 
>> - A simplistic version would just allow a flag to specified on Domain 
>> creation that said whether this a "private" or "shared" Domain.  Shared 
>> would use the current global name

Re: [Openstack] quantum: two ips one vif

[Carl Bolterstein]

For the curiosity sake - 

After some trial and error.  It appears we have solved one half of our 
conundrum.  Using the driver below, there is no ip data inserted into 
libvirt.xml which allows any ip to be used.  It works for our uses (HA vip 
services, secondary addresses).

libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtOpenVswitchVirtualPortDriver 

This however does not prevent quantum from assigning a used IP to a new port, 
but working on that.

Carl Bolterstein

-Original Message-
From: openstack-bounces+cbolterstein=blackmesh@lists.launchpad.net 
[mailto:openstack-bounces+cbolterstein=blackmesh@lists.launchpad.net] On 
Behalf Of Jason Kölker
Sent: Tuesday, October 23, 2012 6:38 PM
To: openstack@lists.launchpad.net
Subject: Re: [Openstack] quantum: two ips one vif

On Tue, 2012-10-23 at 15:14 -0700, Dan Wendlandt wrote:
> can you post your libvirt xml for the VM?  It maybe well be libvirt 
> filtering if you are using the OVS Hybrid vif driver:
> 
> for example, a VM would have xml like:
> 
>   
> 
> 
> 
> 
>   
> 
> I'm not sure what the nova code would generate for multiple IPs.

Libvirt's driver only supports 1 ip per interface. It needs to be updated to 
use the newer network models and not depend on the code in 
nova.virt.netutils.get_injected_network_template.

Happy Hacking!

7-11


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] documentation bug in openstack - redhat install guide (wrong admin_user)

[Dolph Mathews]

Thanks for the feedback! I opened a bug report to track this issue:
https://bugs.launchpad.net/openstack-manuals/+bug/1071921

-Dolph


On Fri, Oct 26, 2012 at 4:03 PM, ikke  wrote:

> Hi,
>
> I just went through setting up keystone and glance to fedora 17 with
> f18 folsom preview repos for openstack rpms. It seems the instructions
> have some error:
>
> it creates the users here:
>
> http://docs.openstack.org/trunk/openstack-compute/install/yum/content/setting-up-tenants-users-and-roles-manually.html
>
> and uses them incorrectly here, causing keystone to block access to
> create-image:
>
>
> http://docs.openstack.org/trunk/openstack-compute/install/yum/content/configure-glance-files.html
>
> doc uses admin_user=admin, admin_tenant=service in two of the config
> files (api+registry), even though it never created admin user for the
> tenant service in the first doc link where the users get created.
>
> After changing the admin_user to glance and also admin_password to
> glance's password, it starts working.
>
> There used to be comment box in the docs, but it doesn't seem to be
> the case anymore. So I'll whine here instead ;)
>
> BR,
>
>  ikke
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Finding version of keystone service

[heckj]

That would install both.

"keystone" in this case is the CLI for accessing the service. "keystone-all" is 
the command line for invoking the service (normally used only by init scripts), 
and "keystone-manage" for system initialization, dump, etc. 

None of these guys has a "--version" option, so you're better off working from 
what dpkg says there "dpkg -l | grep keystone"

- joe

On Oct 26, 2012, at 2:29 PM, Ahmed Al-Mehdi  wrote:
> Hi Joe,
> 
> I did a "apt-get install keystone", which I am as assuming installed both, is 
> that right?  If not, what did get installed?   I am trying to to find the 
> version of whatever got installed.
> 
> # keystone --version 
> usage: keystone [--os-username ]
> [--os-password ]
> [--os-tenant-name ]
> [--os-tenant-id ] [--os-auth-url ]
> [--os-region-name ]
> [--os-identity-api-version ]
> [--token ] [--endpoint ]
> [--os-cacert ] [--os-cert ]
> [--os-key ] [--insecure] [--username ]
> [--password ] [--tenant_name ]
> [--auth_url ] [--region_name ]
>  ...
> keystone: error: too few arguments
> root@bodega:~# 
> 
> 
> --Ahmed.
> 
> From: heckj 
> Date: Friday, October 26, 2012 2:23 PM
> To: Ahmed Al-Mehdi 
> Cc: "openstack@lists.launchpad.net" 
> Subject: Re: [Openstack] Finding version of keystone service
> 
>> Ahmed,
>> 
>> Are you trying to find out the version of Keystone installed, or of the CLI 
>> client? (they're different and somewhat unrelated)
>> 
>> -joe
>> 
>> On Oct 26, 2012, at 2:20 PM, Ahmed Al-Mehdi  wrote:
>>> Hello,
>>> 
>>> The option "--version" (or any variation of it) does not seem to work for 
>>> keystone, even though the man page lists "--version" as one of the options. 
>>>  The only way I was able to find the version number is using the dpkg 
>>> command on ubuntu.  Is this the only way?
>>> 
>>> 
>>> # dpkg -s keystone
>>> Package: keystone
>>> Status: install ok installed
>>> Priority: extra
>>> Section: python
>>> Installed-Size: 130
>>> Maintainer: Ubuntu Developers 
>>> Architecture: all
>>> Version: 2012.2-0ubuntu1~cloud0
>>> Depends: python, debconf (>= 0.5) | debconf-2.0, upstart-job, 
>>> python-keystone (= 2012.2-0ubuntu1~cloud0), adduser, ssl-cert (>= 1.0.12), 
>>> dbconfig-common
>>> Conffiles:
>>>  /etc/keystone/default_catalog.templates e20825c5518f8c1482560f232ad78445
>>>  /etc/keystone/logging.conf c85cb75be85f3ec306f3da2730764d6e
>>>  /etc/keystone/keystone.conf a3e9c22fd4bd3a551f919355b777058c
>>>  /etc/keystone/policy.json 1bd2a9705a8361fc51f24211ac6ed260
>>>  /etc/init/keystone.conf e9b3d5b9bd13f9f5ac3601ebeb043f2f
>>>  /etc/logrotate.d/keystone 5a7a4ded566affc47626bffe4a9d3231
>>> Description: OpenStack identity service - Daemons
>>>  Keystone is a proposed independent authentication service for OpenStack.
>>>  .
>>>  This initial proof of concept aims to address the current use cases in 
>>> Swift
>>>  and Nova which are:
>>>  .
>>>   * REST-based, token auth for Swift
>>>   * many-to-many relationship between identity and tenant for Nova. Keystone
>>> does authentication and stuff
>>>  .
>>>  This package contains the daemons.
>>> Homepage: http://launchpad.net/keystone
>>> Original-Maintainer: Monty Taylor 
>>> 
>>> Thank you,
>>> Ahmed.
>>> 
>>> 
>>> ___
>>> Mailing list: https://launchpad.net/~openstack
>>> Post to : openstack@lists.launchpad.net
>>> Unsubscribe : https://launchpad.net/~openstack
>>> More help   : https://help.launchpad.net/ListHelp
>> 

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Finding version of keystone service

[Matt Joyce]

dpkg -p keystone | grep Version

should show you in the version tag

example:

2012.2 is folsom
2012.1 is essex

-Matt




On Fri, Oct 26, 2012 at 2:29 PM, Ahmed Al-Mehdi  wrote:

> Hi Joe,
>
> I did a "apt-get install keystone", which I am as assuming installed both,
> is that right?  If not, what did get installed?   I am trying to to find
> the version of whatever got installed.
>
> # keystone --version
> usage: keystone [--os-username ]
> [--os-password ]
> [--os-tenant-name ]
> [--os-tenant-id ] [--os-auth-url ]
> [--os-region-name ]
> [--os-identity-api-version ]
> [--token ] [--endpoint ]
> [--os-cacert ] [--os-cert ]
> [--os-key ] [--insecure] [--username ]
> [--password ] [--tenant_name ]
> [--auth_url ] [--region_name ]
>  ...
> keystone: error: too few arguments
> root@bodega:~#
>
>
> --Ahmed.
>
> From: heckj 
> Date: Friday, October 26, 2012 2:23 PM
> To: Ahmed Al-Mehdi 
> Cc: "openstack@lists.launchpad.net" 
> Subject: Re: [Openstack] Finding version of keystone service
>
> Ahmed,
>
> Are you trying to find out the version of Keystone installed, or of the
> CLI client? (they're different and somewhat unrelated)
>
> -joe
>
> On Oct 26, 2012, at 2:20 PM, Ahmed Al-Mehdi  wrote:
>
> Hello,
>
> The option "--version" (or any variation of it) does not seem to work for
> keystone, even though the man page lists "--version" as one of the options.
>  The only way I was able to find the version number is using the dpkg
> command on ubuntu.  Is this the only way?
>
>
> # dpkg -s keystone
> Package: keystone
> Status: install ok installed
> Priority: extra
> Section: python
> Installed-Size: 130
> Maintainer: Ubuntu Developers 
> Architecture: all
> *Version: 2012.2-0ubuntu1~cloud0*
> Depends: python, debconf (>= 0.5) | debconf-2.0, upstart-job,
> python-keystone (= 2012.2-0ubuntu1~cloud0), adduser, ssl-cert (>= 1.0.12),
> dbconfig-common
> Conffiles:
>  /etc/keystone/default_catalog.templates e20825c5518f8c1482560f232ad78445
>  /etc/keystone/logging.conf c85cb75be85f3ec306f3da2730764d6e
>  /etc/keystone/keystone.conf a3e9c22fd4bd3a551f919355b777058c
>  /etc/keystone/policy.json 1bd2a9705a8361fc51f24211ac6ed260
>  /etc/init/keystone.conf e9b3d5b9bd13f9f5ac3601ebeb043f2f
>  /etc/logrotate.d/keystone 5a7a4ded566affc47626bffe4a9d3231
> Description: OpenStack identity service - Daemons
>  Keystone is a proposed independent authentication service for OpenStack.
>  .
>  This initial proof of concept aims to address the current use cases in
> Swift
>  and Nova which are:
>  .
>   * REST-based, token auth for Swift
>   * many-to-many relationship between identity and tenant for Nova.
> Keystone
> does authentication and stuff
>  .
>  This package contains the daemons.
> Homepage: http://launchpad.net/keystone
> Original-Maintainer: Monty Taylor 
>
> Thank you,
> Ahmed.
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Finding version of keystone service

[Ahmed Al-Mehdi]

Hi Joe,

I did a "apt-get install keystone", which I am as assuming installed both, is 
that right?  If not, what did get installed?   I am trying to to find the 
version of whatever got installed.

# keystone --version
usage: keystone [--os-username ]
[--os-password ]
[--os-tenant-name ]
[--os-tenant-id ] [--os-auth-url ]
[--os-region-name ]
[--os-identity-api-version ]
[--token ] [--endpoint ]
[--os-cacert ] [--os-cert ]
[--os-key ] [--insecure] [--username ]
[--password ] [--tenant_name ]
[--auth_url ] [--region_name ]
 ...
keystone: error: too few arguments
root@bodega:~#


--Ahmed.

From: heckj mailto:he...@mac.com>>
Date: Friday, October 26, 2012 2:23 PM
To: Ahmed Al-Mehdi mailto:ah...@coraid.com>>
Cc: "openstack@lists.launchpad.net" 
mailto:openstack@lists.launchpad.net>>
Subject: Re: [Openstack] Finding version of keystone service

Ahmed,

Are you trying to find out the version of Keystone installed, or of the CLI 
client? (they're different and somewhat unrelated)

-joe

On Oct 26, 2012, at 2:20 PM, Ahmed Al-Mehdi 
mailto:ah...@coraid.com>> wrote:
Hello,

The option "--version" (or any variation of it) does not seem to work for 
keystone, even though the man page lists "--version" as one of the options.  
The only way I was able to find the version number is using the dpkg command on 
ubuntu.  Is this the only way?


# dpkg -s keystone
Package: keystone
Status: install ok installed
Priority: extra
Section: python
Installed-Size: 130
Maintainer: Ubuntu Developers 
mailto:ubuntu-devel-disc...@lists.ubuntu.com>>
Architecture: all
Version: 2012.2-0ubuntu1~cloud0
Depends: python, debconf (>= 0.5) | debconf-2.0, upstart-job, python-keystone 
(= 2012.2-0ubuntu1~cloud0), adduser, ssl-cert (>= 1.0.12), dbconfig-common
Conffiles:
 /etc/keystone/default_catalog.templates e20825c5518f8c1482560f232ad78445
 /etc/keystone/logging.conf c85cb75be85f3ec306f3da2730764d6e
 /etc/keystone/keystone.conf a3e9c22fd4bd3a551f919355b777058c
 /etc/keystone/policy.json 1bd2a9705a8361fc51f24211ac6ed260
 /etc/init/keystone.conf e9b3d5b9bd13f9f5ac3601ebeb043f2f
 /etc/logrotate.d/keystone 5a7a4ded566affc47626bffe4a9d3231
Description: OpenStack identity service - Daemons
 Keystone is a proposed independent authentication service for OpenStack.
 .
 This initial proof of concept aims to address the current use cases in Swift
 and Nova which are:
 .
  * REST-based, token auth for Swift
  * many-to-many relationship between identity and tenant for Nova. Keystone
does authentication and stuff
 .
 This package contains the daemons.
Homepage: http://launchpad.net/keystone
Original-Maintainer: Monty Taylor 
mailto:mord...@inaugust.com>>

Thank you,
Ahmed.


___
Mailing list: https://launchpad.net/~openstack
Post to : 
openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Finding version of keystone service

[heckj]

Ahmed,

Are you trying to find out the version of Keystone installed, or of the CLI 
client? (they're different and somewhat unrelated)

-joe

On Oct 26, 2012, at 2:20 PM, Ahmed Al-Mehdi  wrote:
> Hello,
> 
> The option "--version" (or any variation of it) does not seem to work for 
> keystone, even though the man page lists "--version" as one of the options.  
> The only way I was able to find the version number is using the dpkg command 
> on ubuntu.  Is this the only way?
> 
> 
> # dpkg -s keystone
> Package: keystone
> Status: install ok installed
> Priority: extra
> Section: python
> Installed-Size: 130
> Maintainer: Ubuntu Developers 
> Architecture: all
> Version: 2012.2-0ubuntu1~cloud0
> Depends: python, debconf (>= 0.5) | debconf-2.0, upstart-job, python-keystone 
> (= 2012.2-0ubuntu1~cloud0), adduser, ssl-cert (>= 1.0.12), dbconfig-common
> Conffiles:
>  /etc/keystone/default_catalog.templates e20825c5518f8c1482560f232ad78445
>  /etc/keystone/logging.conf c85cb75be85f3ec306f3da2730764d6e
>  /etc/keystone/keystone.conf a3e9c22fd4bd3a551f919355b777058c
>  /etc/keystone/policy.json 1bd2a9705a8361fc51f24211ac6ed260
>  /etc/init/keystone.conf e9b3d5b9bd13f9f5ac3601ebeb043f2f
>  /etc/logrotate.d/keystone 5a7a4ded566affc47626bffe4a9d3231
> Description: OpenStack identity service - Daemons
>  Keystone is a proposed independent authentication service for OpenStack.
>  .
>  This initial proof of concept aims to address the current use cases in Swift
>  and Nova which are:
>  .
>   * REST-based, token auth for Swift
>   * many-to-many relationship between identity and tenant for Nova. Keystone
> does authentication and stuff
>  .
>  This package contains the daemons.
> Homepage: http://launchpad.net/keystone
> Original-Maintainer: Monty Taylor 
> 
> Thank you,
> Ahmed.
> 
> 
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Default default security rules?

[Lars Kellogg-Stedman]

So there's a blueprint for this:

  
https://blueprints.launchpad.net/nova/+spec/default-rules-for-default-security-group

This is one of the biggest usability problems we've run into, because
if we create a new tenant we often forget to open up ssh access, and
everyone wonders why they can't access their instances.

Since it looks like there's no way to set up some kind of default
rules that will be applied automatically to new tenants, I'm trying to
automate the process of creating a new tenant and security groups all
in one fell swoop.  I'm not entirely sure how to handle security
groups.

Create users and tenants is easy; I'm authenticating with the
SERVICE_ENDPOINT and SERVICE_TOKEN values for keystone
administrative access.  That is:

  client = keystone.Client(
endpoint=request.environ['SERVICE_ENDPOINT'],
token=request.environ['SERVICE_TOKEN'],
)

Is there a way -- using either these credentials or the OpenStack
"admin" user credentials -- for me to modify the "default" security
group for a particular tenant?  Or do I have to authenticate as a user
that is a member of the target tenant in order to set up the rules?

Thanks,

-- 
Lars Kellogg-Stedman   |
Senior Technologist   | http://ac.seas.harvard.edu/
Academic Computing| http://code.seas.harvard.edu/
Harvard School of Engineering |
  and Applied Sciences|


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Finding version of keystone service

[Ahmed Al-Mehdi]

Hello,

The option "--version" (or any variation of it) does not seem to work for 
keystone, even though the man page lists "--version" as one of the options.  
The only way I was able to find the version number is using the dpkg command on 
ubuntu.  Is this the only way?


# dpkg -s keystone
Package: keystone
Status: install ok installed
Priority: extra
Section: python
Installed-Size: 130
Maintainer: Ubuntu Developers 
Architecture: all
Version: 2012.2-0ubuntu1~cloud0
Depends: python, debconf (>= 0.5) | debconf-2.0, upstart-job, python-keystone 
(= 2012.2-0ubuntu1~cloud0), adduser, ssl-cert (>= 1.0.12), dbconfig-common
Conffiles:
 /etc/keystone/default_catalog.templates e20825c5518f8c1482560f232ad78445
 /etc/keystone/logging.conf c85cb75be85f3ec306f3da2730764d6e
 /etc/keystone/keystone.conf a3e9c22fd4bd3a551f919355b777058c
 /etc/keystone/policy.json 1bd2a9705a8361fc51f24211ac6ed260
 /etc/init/keystone.conf e9b3d5b9bd13f9f5ac3601ebeb043f2f
 /etc/logrotate.d/keystone 5a7a4ded566affc47626bffe4a9d3231
Description: OpenStack identity service - Daemons
 Keystone is a proposed independent authentication service for OpenStack.
 .
 This initial proof of concept aims to address the current use cases in Swift
 and Nova which are:
 .
  * REST-based, token auth for Swift
  * many-to-many relationship between identity and tenant for Nova. Keystone
does authentication and stuff
 .
 This package contains the daemons.
Homepage: http://launchpad.net/keystone
Original-Maintainer: Monty Taylor 

Thank you,
Ahmed.


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] dnsmasq stops talking to instances?

[Lars Kellogg-Stedman]

On Mon, Oct 22, 2012 at 01:54:11PM +0200, Gary Kotton wrote:
> Can you please explain the problems that you had with qpid?

OpenStack components were periodically losing touch with each other.
Requests to boot/delete an instance, for example, would never make it
as far the compute hosts.  They would get stuck scheduling.

Initially we thought this was exclusively a problem with the network
firewall infrastructure (there was a default 1 hour idle connection
timeout), but reconfiguring our OpenStack environment to remove the
firewalls from the picture did not resolve this problem.

Since replacing qpid with rabbitmq, we have not had a single
recurrence of this behavior.

-- 
Lars Kellogg-Stedman   |
Senior Technologist   | http://ac.seas.harvard.edu/
Academic Computing| http://code.seas.harvard.edu/
Harvard School of Engineering |
  and Applied Sciences|


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] dnsmasq stops talking to instances?

[Lars Kellogg-Stedman]

On Fri, Oct 19, 2012 at 10:24:20AM -0400, Lars Kellogg-Stedman wrote:
> It happened again last night -- which means we were without networking
> on our instances for about seven hours -- and restarting nova-network
> doesn't resolve the problem.  It is necessary to first kill dnsmasq
> (and allow nova-network to restart it).

In case folks were curious:

I'm pretty sure this was a bad interaction between "dhclient" on the
host and the interface being used for instance networking.  We've been
running stabling now for a week.

-- 
Lars Kellogg-Stedman   |
Senior Technologist   | http://ac.seas.harvard.edu/
Academic Computing| http://code.seas.harvard.edu/
Harvard School of Engineering |
  and Applied Sciences|


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] documentation bug in openstack - redhat install guide (wrong admin_user)

[ikke]

Hi,

I just went through setting up keystone and glance to fedora 17 with
f18 folsom preview repos for openstack rpms. It seems the instructions
have some error:

it creates the users here:
http://docs.openstack.org/trunk/openstack-compute/install/yum/content/setting-up-tenants-users-and-roles-manually.html

and uses them incorrectly here, causing keystone to block access to
create-image:

http://docs.openstack.org/trunk/openstack-compute/install/yum/content/configure-glance-files.html

doc uses admin_user=admin, admin_tenant=service in two of the config
files (api+registry), even though it never created admin user for the
tenant service in the first doc link where the users get created.

After changing the admin_user to glance and also admin_password to
glance's password, it starts working.

There used to be comment box in the docs, but it doesn't seem to be
the case anymore. So I'll whine here instead ;)

BR,

 ikke

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Scaling PaaS in OpenStack

[Diane Mueller]

Stackato (ActiveState's PaaS) auto-scales on OpenStack nicely. I just
finished deploying it on Folsom

You can find the Stackato docs on auto-scaling are here, and do include an
OpenStack section for each step:

http://docs.stackato.com/cluster/autoscaling.html?highlight=scaling

Please feel free to go on our #stackato irc channel and ask any further
questions you have or drop me a note privately if you prefer.

Kind Regards,

Diane Mueller
ActiveState Stackato
twitter/irc: pythondj
http://activestate.com/stackato




On Fri, Oct 26, 2012 at 4:02 AM, Angus Salkeld  wrote:

> On 26/10/12 13:07 +0700, Frans Thamura wrote:
>
>> Yes, we use it here, but still finding to configure with OpenStack, to
>> bring scale in this case communicate with openstack nova controller,
>> we just use it now here..
>>
>>
> You could use the heat project to provide autoscaling.
> The way this would work is you:
> 1 create an CloudFormations style template with your application
> (OpenShift/CloudFoundry)
> 2 you setup an autoscale group and alarm resource in the template
> 3 you post the metric of interest in your application to our Cloudwatch
>   (see the calls to cfn-push-stats)
> as an example look at:
> https://github.com/heat-api/**heat/blob/master/templates/**
> AutoScalingMultiAZSample.**template
>
> What happens is you setup a threshold that triggers a scale up and scale
> down action.
>
> also see:
> https://github.com/heat-api/**heat/blob/master/templates/**
> OpenShift.template
> https://github.com/heat-api/**heat/wiki
>
>
> -Angus
>
>>
>>
>> On Fri, Oct 26, 2012 at 1:00 PM, Ray Sun  wrote:
>>
>>> Have you hearad BOSH, a deployment tool for CloudFoundry on
>>> cloud(including
>>>
>>> AWS and openstack)?
>>> https://github.com/**cloudfoundry/bosh
>>>
>>> - Ray
>>> Yours faithfully, Kind regards.
>>>
>>> CIeNET Technologies (Beijing) Co., Ltd
>>> Email: qsun01...@cienet.com.cn
>>> Office Phone: +86-01081470088-7079
>>> Mobile Phone: +86-13581988291
>>>
>>>
>>>
>>> On Fri, Oct 26, 2012 at 1:46 PM, Frans Thamura 
>>> wrote:
>>>

 Hi All

 Anyone can give me reference, related to scaling PaaS system in
 OpenStack?

 how (more basic better) scalable is implementing PaaS in OpenStack?

 right now, we create virtual machine and install ubuntu inside, and
 run CloudFoundry or OpenShift to make it PaaS enable.

 my target for PaaS is to run our Java apps inside cloud environment.

 in another world, we have Liquid VM, but it is not opensource yet,
 part of Java VE Virtual Edition. The JVM can boot direct from the
 hypervisor.

 I still researching the theory behind scalability of cloud esp in
 openstack + cloudfoundry.

 F

 __**_
 Mailing list: 
 https://launchpad.net/~**openstack
 Post to : openstack@lists.launchpad.net
 Unsubscribe : 
 https://launchpad.net/~**openstack
 More help   : 
 https://help.launchpad.net/**ListHelp

>>>
>>>
>>>
>> __**_
>> Mailing list: 
>> https://launchpad.net/~**openstack
>> Post to : openstack@lists.launchpad.net
>> Unsubscribe : 
>> https://launchpad.net/~**openstack
>> More help   : 
>> https://help.launchpad.net/**ListHelp
>>
>
> __**_
> Mailing list: 
> https://launchpad.net/~**openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : 
> https://launchpad.net/~**openstack
> More help   : 
> https://help.launchpad.net/**ListHelp
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Questions about novnc with multihost OpenStack Nova Compute(Essex) in multihost

[Olivier Archer]

Hi Gabriel,

2012/10/26 Staicu Gabriel 

> Hi Olivier,
>
> Which version of openstack are you using? Essex or Folsom? On which
> operating system is your cloud installed (Fedora or Ubuntu)?
> In my setup, which is Openstack Essex on Ubuntu12.04 I obtain:
>

same config as you. essex on 12.04, with multihost.


> root@hltopenstack01:~$ nova get-vnc-console
> 1fc2cea1-9aec-4d7d-b80e-eab436ae3246 novnc
>
> +---+---+
> |  Type |
> Url|
>
> +---+---+
> | novnc |
> http://10.205.16.18:6080/vnc_auto.html?token=17210200-4622-4480-9b0f-1ca4ffe6fc75|
>
> The value http://10.205.16.18:6080/vnc_auto.html corresponds in nova.conf
> to the parameter: --novncproxy_base_url=
> http://10.205.16.18:6080/vnc_auto.html
>
>
I think my problem was a service restart problem, as it was a proxy pb. (I
had to reach the compute node directly, instead of the proxy). But after
several restart, it work fine now.



> Beside this I saw that you are from France. It will be an event regarding
> openstack in Paris on 29 November. Are you interested?...:)
>

And i use a french keyboard ;)  But since i use novnc, i'm thinking to get
a qwerty keyboard...  ( https://github.com/kanaka/noVNC/issues/21 )

I'm from Brest, and i probably should try to go to some openstack events

Regards,
Olivier



>
> Regards,
> Gabriel
>
>--
> *From:* Olivier Archer 
> *To:* Staicu Gabriel 
> *Cc:* 张家龙 ; openstack 
>
> *Sent:* Friday, October 26, 2012 11:36 AM
> *Subject:* Re: [Openstack] Questions about novnc with multihost OpenStack
> Nova Compute(Essex) in multihost
>
> Hi,
>   This work also for me exept tha the url is localhost based:
> $nova get-vnc-console landsat01 novnc
> | novnc |
> http://127.0.0.1:6080/vnc_auto.html?token=6137dcb5-41b4-46fb-9c42-76c97e961e69|
>
> So it doesn't work in the dashboard or if i copy/paste into a browser. But
> it works if i change 127.0.0.1 to the public ip of the compute node.
>
> (I am  in a multi host config).
>
> But from where is taken the value of 127.0.0.1 in the config file ? You
> have no references to it in the configuration you posted...
>
> Regards,
>
>
> 2012/10/25 Staicu Gabriel 
>
> Hi,
>
> I have a cloud constructed on ubuntu12.04 with openstack essex.
>
> -controller node: 10.205.16.18
> The configuration regarding vnc:
> --vncserver_host=0.0.0.0
> --vncproxy_url=http://10.205.16.18:6080
> --ajax_console_proxy_url=http://10.205.16.18:8000
> --novnc_enabled=true
> --novncproxy_base_url=http://10.205.16.18:6080/vnc_auto.html
> --vncserver_proxyclient_address=10.205.16.18
> --vncserver_listen=10.205.16.18
>
> -compute node:10.205.16.241
> --vncproxy_url=http://10.205.16.18:6080
> --ajax_console_proxy_url=http://10.205.16.18:8000
> --novnc_enabled=true
> --novncproxy_base_url=http://10.205.16.18:6080/vnc_auto.html
> --vncserver_proxyclient_address=10.205.16.241
> --vncserver_listen=10.205.16.241
>
> And everything works ok.
> Hope this help.
>
> Regards,
> Gabriel
>   --
> *From:* 张家龙 
> *To:* openstack 
> *Sent:* Thursday, October 25, 2012 9:43 AM
> *Subject:* [Openstack] Questions about novnc with multihost OpenStack
> Nova Compute(Essex) in multihost
>
> Dear all,
> I have some questions about OpenStack Nova Compute(Essex) using novnc.
> I build a cluster using 4 computers with OpenStack Nova Compute in
> multihost.
> The follows were informations of my cluster:
>
> nova01:compute server,api server,controller server  192.168.3.3
> nova02:compute server   192.168.3.4
> nova03:compute server   192.168.3.5
> nova04:compute server   192.168.3.6
>
> And the vms`s fixed was 10.0.0.0/8
>
> Here was my nova.conf:
> http://pastebin.com/K6ArR1HA
>
> While,when i executed the command
> "nova get-vnc-console  novnc"
> then,error occured.
>
> Here were the error informations:
>
> 2012-10-25 14:25:27 ERROR nova.rpc.impl_qpid
> [req-1ad62be7-8eeb-43a5-898c-f3552b9f7748 3faf7062208c456c9a9365ee50bf15cd
> 561a547e94c7
> 4ce797d0ef1f4bc91f91] Timed out waiting for RPC response: None
> 2012-10-25 14:25:27 TRACE nova.rpc.impl_qpid Traceback (most recent
> call last):
> 2012-10-25 14:25:27 TRACE nova.rpc.impl_qpid   File
> "/usr/lib/python2.6/site-packages/nova/rpc/impl_qpid.py", line 364, in
> ensure
> 2012-10-25 14:25:27 TRACE nova.rpc.impl_qpid return method(*args,
> **kwargs)
> 2012-10-25 14:25:27 TRACE nova.rpc.impl_qpid   File
> "/usr/lib/python2.6/site-packages/nova/rpc/impl_qpid.py", line 413, in
> _consume
> 2012-10-25 14:25:27 TRACE nova.rpc.impl_qpid nxt_receiver =
> self.session.next_receiver(timeout=timeout)
>  

Re: [Openstack] Autoscalar

[Debo Dutta]

That is a very good idea IMO 

Sent from my iPhone

On Oct 26, 2012, at 1:08 PM, Paras pradhan  wrote:

> Hi,
> 
> Can we use auto scalar like Haizea
> (http://opennebula.org/software:ecosystem:haizea) with openstack
> compute or there is some other projects/tools similar to this.
> 
> Thanks!
> Paras.
> 
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Volume booting and HVM

[John Garbutt]

Just a heads up. There are a few bugs in that area that have been fixed in 
Grizzly, and are not yet backported to Folsom stable. Things like deleting the 
root volume after terminating a boot from volume instance.

> -Original Message-
> From: openstack-bounces+john.garbutt=citrix@lists.launchpad.net
> [mailto:openstack-bounces+john.garbutt=citrix@lists.launchpad.net] On
> Behalf Of Egoitz Aurrekoetxea Aurre
> Sent: Monday, October 22, 2012 10:35 AM
> To: Vishvananda Ishaya
> Cc: openstack@lists.launchpad.net
> Subject: Re: [Openstack] Volume booting and HVM
> 
> Thank you very much Vishvananda
> 
> Best regards,
> 
> El 22/10/2012, a las 18:53, Vishvananda Ishaya 
> escribió:
> 
> > The ability to clone an image to a volume was only recently added to cinder,
> so there is no automatic clone on boot in horizon yet. You will have to 
> manually
> create a volume from an image and then boot from it.
> >
> > For older versions of openstack, the instructions are here:
> >
> > http://docs.openstack.org/trunk/openstack-compute/admin/content/boot-f
> > rom-volume.html
> >
> > In folsom you can skip the mount and copy step and just create a volume
> directly from an image:
> >
> > IMAGE_ID=f4addd24-4e8a-46bb-b15d-fae2591f1a35
> > cinder create --image-id $IMAGE_ID --display-name my-volume 10
> > VOLUME_ID= $ nova boot --image $IMAGE_ID
> > --flavor 2 --key_name mykey --block_device_mapping vda=$VOLUME_ID
> > boot-from-vol-test
> >
> > Vish
> >
> > On Oct 22, 2012, at 4:02 AM, Egoitz Aurrekoetxea Aurre
>  wrote:
> >
> >> Good morning,
> >>
> >> I have noticed I was confused about the volume concept and booting from
> volume. I was thinking, when I clicked in Horizon "boot from volume" AND
> selected an HVM image (located at glance) that image was being dumped to the
> volume, and following times that volume would be able to boot by it's own. But
> have seen when I terminate de instance I'm not getting my purpose and I'm not
> able to later boot from that volume with preserved changes (configs and so)..
> How could I manage for getting my goal??. We're used to use the vms with
> XenCenter and then I was able to stop a vm and later to boot it. I'm looking 
> for a
> similar manner with Openstack. I though I was get my goal by selecting booting
> from volume AND launching and image..
> >>
> >> Any help would be very appreciated,
> >> Best regards
> >> ___
> >> Mailing list: https://launchpad.net/~openstack
> >> Post to : openstack@lists.launchpad.net
> >> Unsubscribe : https://launchpad.net/~openstack
> >> More help   : https://help.launchpad.net/ListHelp
> >
> 
> 
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Autoscalar

[Paras pradhan]

Hi,

Can we use auto scalar like Haizea
(http://opennebula.org/software:ecosystem:haizea) with openstack
compute or there is some other projects/tools similar to this.

Thanks!
Paras.

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [SWIFT] Proxies Sizing for 90.000 / 200.000 RPM

[Chmouel Boudjnah]

On Wed, Oct 24, 2012 at 4:45 PM, heckj  wrote:
> "Specifically, I'm concerned with the way auth_token handles memcache
> connections. I'm not sure how well it will work in swift with eventlet. If
> the memcache module being used caches sockets, then concurrency in eventlet
> (different greenthreads) will cause problems. Eventlet detects and prevents
> concurrent access to the same socket (for good reason--data from the socket
> may be delivered to the wrong listener)."

What about of doing like pre-keystonelight auth_token to use
swift.cache if available for token caching instead of reusing a
connection, a quick patch here :

http://pastie.org/private/ezd5iqf7g6lz0nfpercz8a

can do the cleanup and propose for reviews if nobody has objections about it.

Chmouel.

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] OpenStack + Nova list, nova show location

[Desta Haileselassie Hagos]

Dear Qin Xiaohong,

Thank you very so much indeed. That's EXACTLY what I was looking for.


Cheers,

Desta


On Fri, Oct 26, 2012 at 6:17 PM, Qin, Xiaohong  wrote:

> Hi,
>
> ** **
>
> This is just an entering point to load all client side nova code, the
> “nova list” CLI eventually invokes the following code in your stack
> directory,
>
> ** **
>
> python-novaclient/novaclient/v1_1/shell.py
>
> ** **
>
> Inside this file, you can see the following function,
>
> ** **
>
> def do_list
>
> ** **
>
> That prints out the list of VMs.
>
> ** **
>
> This is the code on client side; the other piece of code is on the server
> side through nova api service.
>
> ** **
>
> Dennis Qin 
>
> ** **
>
> *From:* openstack-bounces+xiaohong.qin=emc@lists.launchpad.net[mailto:
> openstack-bounces+xiaohong.qin=emc@lists.launchpad.net] *On Behalf Of
> *Desta Haileselassie Hagos
> *Sent:* Friday, October 26, 2012 7:01 AM
> *To:* openstack@lists.launchpad.net; Rosa, Andrea (HP Cloud Services)
> *Subject:* [Openstack] OpenStack + Nova list, nova show location
>
> ** **
>
> ** **
>
> Dear All,
>
> I still couldn't find the exact location where this "nova list" and "nova
> show " commands are executed.
>
> Would you please explain me a bit what this load_entry_point stuff is
> doing? and Where exactly it is loading these parameters???
>
> 
>
> if __name__ == '__main__':
> sys.exit(
> load_entry_point('python-novaclient==2012.1', 'console_scripts',
> 'nova')()
>  )
>
>
> 
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Ceilometer, StackTach, Tach / Scrutinize, CloudWatch integration ... Summit followup

[Joshua Harlow]

Sure, that would make sense, lets see where the next meeting takes us.

Nothing is ever in stone when its software :-P

On 10/26/12 3:08 AM, "Doug Hellmann"  wrote:

>
>On Oct 25, 2012, at 9:44 PM, Joshua Harlow  wrote:
>
>> As for statgen, I think that¹s just a temp repo, it'd be nice to have
>>the
>> end result of this be a library that provides somewhat generic metrics
>>and
>> plugins and such so that stacktech could use the outputs of it,
>>ceilometer
>> could the outputs and other systems could use the outputs (where an
>>output
>> goes would be configurable so that each system can configure its outputs
>> as the operator desires, ie I want my MONITOR metrics to go to MQ in
>> ceilomter and stacktech consumable formats, or to files or to...).
>> 
>> I think when this gets going we should have some repo/project name that
>> goes on stackforge so that even while this is being developed it can go
>> through the normal review process and such (and not in someones special
>> github repo). But we have to start somewhere, something we can discuss
>>as
>> to what a good solution is @ the meeting.
>
>At the summit, as part of the discussions around expanding the scope of
>ceilometer to cover measurement for monitoring, we discussed developing
>the library as part of ceilometer for now and either moving it to Oslo
>for release as a library or just releasing the library as a separate
>package from the ceilometer project directly.
>
>Doug
>
>> 
>> -Josh 
>> 
>> On 10/25/12 5:47 PM, "Jeffrey Budzinski"  wrote:
>> 
>>> 
>>> Yes, I think support for metrics objects that can be leveraged both by
>>> monkey patches and decorators was what we'd been thinking along the
>>>lines
>>> of. The metrics would be controlled via config both in what scopes are
>>> active (e.g. on|off for a package, module, etc.) and also the outlet
>>>for
>>> the metrics (file, datagram, rpc). Support for instrumentation levels
>>> would also be nice so that metric flow could be controlled (i.e.
>>> instrumentation point is annotated as METRIC, MONITOR, PROFILE and then
>>> level to actually emit can be set in conjunction with a metric
>>> outlet/sink). With this approach, folks could control both the volume
>>>of
>>> metrics and also the outlet for the metrics. Ceilometer would also be
>>>an
>>> outlet that could be leveraged via RPC flow for metrics -- though I'd
>>> expect some would want to send via datagram to statsd or file for
>>>offline
>>> log aggregation.
>>> 
>>> I'll post a diagram tomorrow for review and comment.
>>> 
>>> Oh btw, I updated the spec with most of what was in the etherpad. We
>>>can
>>> update the spec to reflect whatever we decide is the preferred
>>>approach.
>>> 
>>> -jeff
>>> 
>>> On Oct 25, 2012, at 5:30 PM, Angus Salkeld wrote:
>>> 
 On 25/10/12 11:13 +, Sandy Walsh wrote:
> grizzly-common-instrumentation seems to be the best choice ...
> hopefully the other groups will use this etherpad too.
> 
> We need a proper blueprint to nail down the approach. IRC is great,
> but doesn't retain history for other groups. I think we need to get a
> plan for translating the etherpad into something concise and nailed
> down.
 
 Agree.
 
> 
> statgen should really just be a new notifier in Tach (or Scrutinize)
> ... vs copy-pasting the code into yet-another repo.  Hopefully that's
> the plan? Tach should remain a generic tool and not pegged to
>OpenStack.
 
 Well that was just an "ideas play pen" not serious code.
 
 I might be coming at this from a slightly different angle...
 I was looking at a library that can be used to generate trace,
 monitoring
 and metering data (kind of like log levels for logging). Currently
both
 Tach and Scrutinize don't have enough fields (of course that could be
 changed).
 
 Also I think we should be able to insert instrumentation into the code
 as well
 as have the function level performance metrics monkey patched.
 
 Then we could have a config that directed metric data to different
 notifiers
 like how you do it in Scrutinize perhaps. Also enforcing data rate
 limits
 and possible data aggregation could be neat configurable features.
 
 Anyway more at the meeting...
 
 -Angus
 
> 
> -S
> 
> From: openstack-bounces+sandy.walsh=rackspace@lists.launchpad.net
> [openstack-bounces+sandy.walsh=rackspace@lists.launchpad.net] on
> behalf of Angus Salkeld [asalk...@redhat.com]
> Sent: Thursday, October 25, 2012 1:00 AM
> To: openstack@lists.launchpad.net
> Subject: Re: [Openstack] Ceilometer, StackTach, Tach / Scrutinize,
> CloudWatch integration ... Summit followup
> 
> On 24/10/12 23:35 +, Sandy Walsh wrote:
>> Hey y'all,
>> 
>> Great to chat during the summit last week, but it's been a crazy few
>> days of catch-up sinc

Re: [Openstack] Error while launching instance RHEL (cannot run lease-init script nova-dhcpbridge )

[Daniel Vázquez]

I'm experiencing same problems on Centos 6.3 (it's RHEL based). All
network system seem to stay ok, Openstack produces private IPs and nat
 public iPs to instances.
But instances don't discover DHCP.

Here:
Centos 6.3
Essex version
nova-networking flatDCHP
selinux permisive


2012/10/26 Pádraig Brady :
> On 10/25/2012 06:30 PM, Pavan Kulkarni wrote:
>>
>> Hi all,
>>
>>I am facing errors while launching instances on RHEL.
>> The network.log says *cannot run lease-init script
>> /usr/bin/nova-dhcpbridge*
>> I did a liitle search and found out this link
>> , followed the
>> instructions.
>> I have the flag in nova.conf set i.e *dhcpbridge =
>> /usr/bin/nova-dhcpbridge ( This file does exist)*
>>
>> But I still get the same error while launching instances.
>> Any help is highly appreciated .Thanks
>
>
> What version of RHEL?
> What version of OpenStack?
> What version of selinux-policy?
>
> The error message (which you seem to have truncated) comes from
> dnsmasq itself, and is mentioned here in relation to SELinux:
> https://bugzilla.redhat.com/show_bug.cgi?id=734346
> You might want to update your SELinux policies.
>
> thanks,
> Pádraig.
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] OpenStack Community Weekly Newsletter (Oct 19-26)

[Stefano Maffulli]

   Highlights of the week


 More coverage of OpenStack Summit

We've all been catching some air this week, it seems. Some more reports 
from the community:


 * SDKs and an OpenStack Grizzly Summit Wrap Up
   

 * Back from San Diego OpenStack Summit
   
 * OpenStack Design Summit -- wrap-up and links
   

 * Swift @ OpenStack Summit 2012 
 * Feedback from Design Summit in the first part of the Project meeting
   log
   

 * OpenStack Summit Beach Clean Up
   
   with great pictures


 Inside Synaps, a CloudWatch-like implementation for OpenStack
 

A few days ago, Samsung  released the source 
code of Synaps , an implementation of 
the Amazon Web Service CloudWatch API 
 for OpenStack 
. Julien Danjou 
, a contributor to the Ceilometer 
 project, gives a look at this project 
and how it could overlap with Ceilometer or other projects like Heat 
.



 Why OpenStack doesn't need a Linus Torvalds
 


As comparing OpenStack with Linux becomes an increasingly popular 
exercise 
, it's 
only natural that people and press articles start to ask where the Linus 
of OpenStack is, or who the Linus of OpenStack 
 
should be. This assumes that technical leaders could somehow be 
appointed in OpenStack. This assumes that the single dictator model is 
somehow reproducible or even desirable. And this assumes that the 
current technical leadership in OpenStack is somehow lacking. Thierry 
Carrez thinks all those three assumptions are wrong.



 Preauthorization in Keystone
 

Sometimes you need to authorize a service to perform an action on your 
behalf. Often, that action takes place long after any authentication 
token you can provide would have expired. Currently, the only mechanism 
in Keystone that people can use is to share credentials. Adam Young 
 argues: We can do better.



 New wiki page: Software Development Kits
 

SDKs are a vital part of any ecosystem and we need to start treating 
them as such in OpenStack. To do so we need to raise the profile and 
legitimacy of SDKs that support OpenStack.



 Heat version 7 released 

Heat allows you to launch AWS CloudFormation templates on OpenStack. 
CloudFormation is a programmable interface and templating system for 
orchestrating multiple cloud applications. This version adds an 
OpenStack-native ReST API.



   Tips and tricks

 * By Grid Dynamics OpenStack Team :
   OpenStack Migration from Diablo to Essex
   
 * By Mirantis : Making the most of your
   application performance on OpenStack Cloud
   


   Upcoming Events

 * OpenStack China Tour 
   Oct 27, 2012 -- Chengdu Details
   
 * Swiss OpenStack user group meeting
    Nov 15, 2012 --
   Zürich, CH Details 
 * OpenStack in action!
    Nov 29,
   2012 -- Paris, France Register
   
 * EMEA OpenStack Day  Dec 05, 2012 --
   London Details 


   Other news

 * OpenStack Security Group
   
 * Grizzly Release Schedule
    published
 * OpenStack Project Meeting: summary
   

   and full logs
   
.

/The weekly newsletter is a way for the community to learn about all the 
various act

[Openstack] new mailing list for bare-metal provisioning

[David Kang]

 Hello all,

 An openstack mailing list is created for the discussion of bare-metal 
provisioning.
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-baremetal

 Please join it if you are interested in participating the 
dicussion/collaboration
of bare-metal provisioning.

 Thanks,
 David

--
Dr. Dong-In "David" Kang
Computer Scientist
USC/ISI


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [SWIFT] Proxies Sizing for 90.000 / 200.000 RPM

[Rick Jones]

On 10/25/2012 06:13 PM, Chander Kant wrote:

Sure. We have published a new blog related to the summit, including a
link to our presentation slides:

http://www.zmanda.com/blogs/?p=971
http://www.zmanda.com/pdf/how-swift-is-your-Swift-SD.pdf

We plan to publish more performance results within next few weeks.


Any chance of expanding on this:


disable TIME_WAIT, disable syn cookies ...


from slide 10?  Particularly the disabling of TIME_WAIT.  While the 
traditionalist couple-minutes TIME_WAIT may be a bit, oh, conservative, 
TIME_WAIT is there for a reason as part of TCP's correctness 
alogrithms/heuristics.  And disabling it suggests an opportunity to tune 
an application for better performance.


rick jones



___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] [keystone] Re: Domain Name Spaces

[heckj]

Bringing conversation for domains in Keystone to the broader mailing lists.


On Oct 26, 2012, at 5:18 AM, Dolph Mathews  wrote:
> I think this discussion would be great for both mailing lists.
> 
> -Dolph
> 
> 
> On Fri, Oct 26, 2012 at 5:18 AM, Henry Nash  wrote:
> Hi
> 
>  v3api doc, or elsewhere - appreciate some guidance and will transfer this to 
> the right place>
> 
> At the Summit we started a discussion on whether things like user name, 
> tenant name etc. should be globally unique or unique within a domain.  I'd 
> like to widen that discussion to try and a) agree a direction, b) agree some 
> changes to our current spec. Here's my view as an opening gambit:
> 
> - When a Keystone instance is first started, there is only one, default, 
> Domain.  The Cloud Provider does not need to create any new domains, all 
> projects can exist in this default domain, as will the users etc.  There is 
> one, global, name space.  Clients using the v2 API will work just fine.
> 
> +1

Very much what we were thinking for the initial implemenation and rollout to 
make it backwards "compatible" with the V2 (non-domain) core API

> - If the Cloud Provider wants to provide their customers with regions they 
> can administer themselves and be self-contained, then they create a Domain 
> for each customer.  It should be possible for users/roles to be scoped to a 
> Domain so that (effectively) administrative duties can be delegated to some 
> users in that Domain.  So far so good - all this can be done with the v3 API.
> 
> Not clear on if you're referring to endpoint regions, or just describing 
> domain isolation?

I believe you're describing the key use cases behind the domains mechanism to 
begin with - user and project partitioning to allow for administration of those 
to be clearly "owned" and managed appropriately.


> - We still have work to do to make sure items in other OS projects that 
> reference tenants (e.g. Images) can take a Domain or Project ID, but we'll 
> get to that soon enough
> 
> Everything will continue to work with projects, but once middleware starts 
> providing a DOMAIN_ID and DOMAIN_NAME to the underlying service, it'll be up 
> to them to take advantage of it. Images per domain is an excellent example 
> use case.

>  
> - However, Cloud Providers want to start enabling enterprise customers to run 
> more and more of the workloads in OpenStack clouds - over and above, the 
> smaller sized companies that are doing this today.  For this to work, the 
> encapsulation of a Domain need, I think, to be able to be stricter - and this 
> is where the name space comes into play.  I think we need to allow for a 
> Domain to have its own namespace (i.e. users, roles, projects etc.) as an 
> option.  I see this as a first step to allowing each Domain to have its own 
> AuthZ/N service (.e.g external ldap owned and hosted by the customer who will 
> be using the Domain)
> 
> Implementation:
> 
> - A simplistic version would just allow a flag to specified on Domain 
> creation that said whether this a "private" or "shared" Domain.  Shared would 
> use the current global name space (and probably be the default for 
> compatibility reasons).
> 
> I like the direction of this -- need to digest implications :)

I like the idea conceptually - but let's be clear on the implications to the 
end users:

Where we're starting is preserving a global name space for project names and 
user names. Allowing a mix of segregated and global name spaces imposes a 
burden of additional data being needed to uniquely place authentication and 
authorization.

We've been keeping to 2 key pieces of info (username, password) to get 
authenticated - and then (via CLI or Horizon dashboard) you can choose from a 
list of protential projects and carry on. In most practical circumstances, any 
user working primarily from the CLI is already providing 3-4 pieces of 
information:

* username
* password
* tenant name
* auth_url

to access and use the cloud.

By allowing domains to be their own namespaces, we're adding another element 
that will be absolutely required to identify the person authenticating:
 * domain name

implying a cascade of changes to the user experience all the way down through 
horizon.


> - A more flexible approach would be to allow the specification of where the 
> various sub-services of Keystone (e.g. AuthN/Z, Service Catalogue, Resources 
> (i.e Users, Projects)) are hosted.  The defaults would all point back to the 
> default domain (i.e. are global and shared), but instead could be specified 
> as "self" (I.e. the new Domain), or, in the future, some other external 
> location, e.g. for a remote ldap.
> - As an aside, this multi-name space model could also allow the Cloud 
> Provider their own name space, separate from their customers - i.e. they will 
> have a need to create admins who can just create domains and on-board 
> customers into those domains.  These users & roles could exist in the default 
> 

Re: [Openstack] OpenStack + Nova list, nova show location

[Qin, Xiaohong]

Hi,

This is just an entering point to load all client side nova code, the "nova 
list" CLI eventually invokes the following code in your stack directory,

python-novaclient/novaclient/v1_1/shell.py

Inside this file, you can see the following function,

def do_list

That prints out the list of VMs.

This is the code on client side; the other piece of code is on the server side 
through nova api service.

Dennis Qin

From: openstack-bounces+xiaohong.qin=emc@lists.launchpad.net 
[mailto:openstack-bounces+xiaohong.qin=emc@lists.launchpad.net] On Behalf 
Of Desta Haileselassie Hagos
Sent: Friday, October 26, 2012 7:01 AM
To: openstack@lists.launchpad.net; Rosa, Andrea (HP Cloud Services)
Subject: [Openstack] OpenStack + Nova list, nova show location


Dear All,

I still couldn't find the exact location where this "nova list" and "nova show 
" commands are executed.

Would you please explain me a bit what this load_entry_point stuff is doing? 
and Where exactly it is loading these parameters???

if __name__ == '__main__':
sys.exit(
load_entry_point('python-novaclient==2012.1', 'console_scripts', 
'nova')()
 )


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Issue with availability_zone argument

[McNally, Dave (HP Cloud Services)]

Hi all,

I have a fairly recent installation of nova running in a test environment here 
and I'm having trouble with the availability_zone option on boot.

It seems that just prior to nova.compute.api:create being called 
availability_zone is set to None. It's set to None by default when the function 
is defined but I altered this to default to something else and it's being 
explicitly set to None anyway.

I can't identify where this is happening and I thought maybe someone here could 
shed some light on this behavior.

Thanks,

Dave
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Instrumentation Monitoring Next Step - quick meet up

[Sandy Walsh]

6pm AST ... see you then!

-S


From: openstack-bounces+sandy.walsh=rackspace@lists.launchpad.net 
[openstack-bounces+sandy.walsh=rackspace@lists.launchpad.net] on behalf of 
Annie Cheng [ann...@yahoo-inc.com]
Sent: Thursday, October 25, 2012 6:17 PM
To: openstack@lists.launchpad.net
Subject: [Openstack] Instrumentation Monitoring Next Step - quick meet up

Hi all,

Couple of us chat in the summit design sessions and and after summit on 
#openstack irc regarding topic of Monitoring.  We think it's best to do a quick 
meeting to get everyone on the same page, split works, and get at least a 
prototype going in Grizzly.

Time: Monday (10/29/2012) 2200 UTC – 2300 UTC
Location: IRC #openstack-meeting
I checked http://wiki.openstack.org/Meetings, this tme slot seems to be empty

Top level agenda would be

  1.  Get everyone on the same page on high level direction
  2.  Discuss different design/implementation possibility
  3.  Split up works

Before the meeting, if you want to read up, here are some links I know.  Please 
jump in with others I missed:
Blueprint:
https://blueprints.launchpad.net/nova/+spec/nova-instrumentation-metrics-monitoring
Etherpad:
https://etherpad.openstack.org/grizzly-common-instrumentation
Different code samples:
https://github.com/asalkeld/statgen

Looking forward, some of those conversation probably will fold into the regular 
Metering meeting.  Just like to do a one off for now so we can go deeper on 
monitoring specific topics.

Thanks!

Annie
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] OpenStack + Nova list, nova show location

[Desta Haileselassie Hagos]

Dear All,

I still couldn't find the exact location where this "nova list" and "nova
show " commands are executed.

Would you please explain me a bit what this load_entry_point stuff is
doing? and Where exactly it is loading these parameters???


if __name__ == '__main__':
sys.exit(
load_entry_point('python-novaclient==2012.1', 'console_scripts',
'nova')()
 )
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Tracking triage statistics

[Dolph Mathews]

How many cookies for a self-triaged bug that was subsequently closed as
invalid? This rulebook is going to get really complicated really fast ;)

Would love to see a report for more projects on a longer timeline!

-Dolph


On Fri, Oct 26, 2012 at 7:42 AM, Thierry Carrez wrote:

> Michael Still wrote:
> > Report (a * after the bug id indicates self triage):
> >   Chuck Short: 6 (1065211, 1065848, 1066213, 1066254, 1066845, 1068539)
> >   Dan Prince: 1 (1070509*)
> >   Michael Still: 6 (1062474, 1070349, 1064854, 1065728*, 1065430,
> 1070452)
> >   Mauro Sergio Martins Rodrigues: 16 (1070155*, 1070156*, 1070157*,
> > 1070158*, 1070160*, 1070161*, 1070162*, 1070163*, 1070164*, 1070165*,
> > 1070167*, 1070169*, 1070170*, 1070171*, 1070172*, 1070173*)
> >   Matthew Treinish: 1 (1071338*)
> >   Russell Bryant: 1 (1067858*)
> >   Vish Ishaya: 9 (1071017, 1071547, 1053814, 1066887, 1067638, 1067744,
> > 1068154, 1071069, 1071462)
> >
> > So, you get the cookie, but people know about it too.
>
> How about half a cookie for self-triaging ?
>
> Great stuff!
>
> --
> Thierry Carrez (ttx)
> Release Manager, OpenStack
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] MAC address uniqueness in folsom

[Gurjar, Unmesh]

Hi,

I can think of two alternative  solutions for maintaining uniqueness:

1.   DB look up: After generating a new MAC address, checking uniqueness by 
doing  a DB look up.

2.   Having a 'unique' constraint on the 'mac_address' column and handle 
the DB IntegrityError and retry generating a new MAC address.

I also think, initializing the 'random.seed' in start-up process of Quantum 
server (with a different value - configurable one; on each server) could help 
in reducing conflicts.

I think either of the above solutions could be used for fixing LP bug #1050924.

Thanks & Regards,
Unmesh Gurjar | Lead Engineer | NTT DATA Global Technology Services Private 
Limited | w. +91.20.6604.1500 x 379 | m. +91.982.324.7631 | 
unmesh.gur...@nttdata.com | Learn more at 
nttdata.com/americas

From: openstack-bounces+unmesh.gurjar=nttdata@lists.launchpad.net 
[mailto:openstack-bounces+unmesh.gurjar=nttdata@lists.launchpad.net] On 
Behalf Of Neelakantam Gaddam
Sent: Friday, October 26, 2012 11:37 AM
To: mth...@mthode.org
Cc: openstack@lists.launchpad.net
Subject: Re: [Openstack] MAC address uniqueness in folsom

Hi,

We want unique MAC addresses in our environment only but across multiple 
tenants.

Thanks for quick reply.

---
Neelakantam
On Fri, Oct 26, 2012 at 9:38 AM, Matthew Thode 
mailto:mth...@mthode.org>> wrote:
On 10/25/2012 11:02 PM, Neelakantam Gaddam wrote:
> Hi All,
>
> Does the MAC address generated in quantum is unique across tenants in
> folsom?
> I am developing an application that requires unique MAC address. If not
> unique, is there any way to make MAC address unique?
>
> Please help me. Thanks in advance.
>
>
>
>
> ___
> Mailing list: 
> https://launchpad.net/~openstack
> Post to : 
> openstack@lists.launchpad.net
> Unsubscribe : 
> https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
Do you need it to be globally unique (amongst all macs on earth) or
simply unique in your environment?

--
-- Matthew Thode


___
Mailing list: 
https://launchpad.net/~openstack
Post to : 
openstack@lists.launchpad.net
Unsubscribe : 
https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp



--
Thanks & Regards
Neelakantam Gaddam

__
Disclaimer:This email and any attachments are sent in strictest confidence for 
the sole use of the addressee and may contain legally privileged, confidential, 
and proprietary data.  If you are not the intended recipient, please advise the 
sender by replying promptly to this email and then delete and destroy this 
email and any attachments without any further use, copying or forwarding___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Tracking triage statistics

[Sean Dague]

On 10/25/2012 09:30 PM, Michael Still wrote:

On 10/26/2012 12:24 PM, Russell Bryant wrote:

On 10/25/2012 08:18 PM, Michael Still wrote:

I'd be interested in comments people might have. The code is at
http://bazaar.launchpad.net/~mikalstill/+junk/openstack-lp-scripts/view/head:/triage-stats.py


Awesome, thanks!

One thing I think we should do for these stats is filter out cases where
the reporter == triager.  Developers filing bugs and triaging them for
their own patches shouldn't be counted.


I thought about this... Surely any triage is better than none? If we
don't reward self triage, then someone else will still have to triage
the bug, right?

I'd be interested in other people's thoughts on this.


Very cool.




You should move this to github so I can send you a pull request.  :-)


Heh. The code is on LP mainly because that's where the existing
launchpadlib code for openstack resides. I can move it to github if
people feel strongly about it.


+1 for github please, just simpler in the current openstack culture.

-Sean

--
Sean Dague
IBM Linux Technology Center
email: sda...@linux.vnet.ibm.com
alt-email: slda...@us.ibm.com


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Tracking triage statistics

[Thierry Carrez]

Michael Still wrote:
> Report (a * after the bug id indicates self triage):
>   Chuck Short: 6 (1065211, 1065848, 1066213, 1066254, 1066845, 1068539)
>   Dan Prince: 1 (1070509*)
>   Michael Still: 6 (1062474, 1070349, 1064854, 1065728*, 1065430, 1070452)
>   Mauro Sergio Martins Rodrigues: 16 (1070155*, 1070156*, 1070157*,
> 1070158*, 1070160*, 1070161*, 1070162*, 1070163*, 1070164*, 1070165*,
> 1070167*, 1070169*, 1070170*, 1070171*, 1070172*, 1070173*)
>   Matthew Treinish: 1 (1071338*)
>   Russell Bryant: 1 (1067858*)
>   Vish Ishaya: 9 (1071017, 1071547, 1053814, 1066887, 1067638, 1067744,
> 1068154, 1071069, 1071462)
> 
> So, you get the cookie, but people know about it too.

How about half a cookie for self-triaging ?

Great stuff!

-- 
Thierry Carrez (ttx)
Release Manager, OpenStack

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] [Openstack :: Folsom :: Quantum ] Working of DHCP Agent

[Trinath Somanchi]

Hi-

I was trying to understand how the Quantum DHCP agent Daemon works.  As I
walk through the code, to understand the working on the Daemon,

I found it to be using rpc cast and call. But was lost into the code to
find the correct data flow.

In my study I found this:




quantum/agent/dhcp_agent.py <--- the actual daemon agent, which makes
the rpc.cast/rpc.call to fetch the data.

  * A  | * <-- (Flow
representing arrows)
  *  |  V*
quantum/db/dhcp_rpc_base.py < which implements the QuantumPluginV2
to process the rpc.cast/rpc.call by the above agent.

* A|   *<-- (Flow
representing arrows)
  *|V*
quantum/db/db_base_plugin_v2.py<--- where the actual DB processing
happens for the requests.




I have some doubts here, (though there very preliminary)

[1] The RPC cast and call are sent to the Quantum server ?
[2] Am I in a right path of understanding the dhcp agent daemon working.

Kindly please help me understand the processes flow

Thanks in advance.

-- 
Regards,
--
Trinath Somanchi,
+91 9866 235 130
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Scaling PaaS in OpenStack

[Angus Salkeld]

On 26/10/12 13:07 +0700, Frans Thamura wrote:

Yes, we use it here, but still finding to configure with OpenStack, to
bring scale in this case communicate with openstack nova controller,
we just use it now here..



You could use the heat project to provide autoscaling.
The way this would work is you:
1 create an CloudFormations style template with your application 
(OpenShift/CloudFoundry)
2 you setup an autoscale group and alarm resource in the template
3 you post the metric of interest in your application to our Cloudwatch
  (see the calls to cfn-push-stats)

as an example look at:

https://github.com/heat-api/heat/blob/master/templates/AutoScalingMultiAZSample.template

What happens is you setup a threshold that triggers a scale up and scale down 
action.

also see:
https://github.com/heat-api/heat/blob/master/templates/OpenShift.template
https://github.com/heat-api/heat/wiki


-Angus



On Fri, Oct 26, 2012 at 1:00 PM, Ray Sun  wrote:

Have you hearad BOSH, a deployment tool for CloudFoundry on cloud(including
AWS and openstack)?
https://github.com/cloudfoundry/bosh

- Ray
Yours faithfully, Kind regards.

CIeNET Technologies (Beijing) Co., Ltd
Email: qsun01...@cienet.com.cn
Office Phone: +86-01081470088-7079
Mobile Phone: +86-13581988291



On Fri, Oct 26, 2012 at 1:46 PM, Frans Thamura  wrote:


Hi All

Anyone can give me reference, related to scaling PaaS system in OpenStack?

how (more basic better) scalable is implementing PaaS in OpenStack?

right now, we create virtual machine and install ubuntu inside, and
run CloudFoundry or OpenShift to make it PaaS enable.

my target for PaaS is to run our Java apps inside cloud environment.

in another world, we have Liquid VM, but it is not opensource yet,
part of Java VE Virtual Edition. The JVM can boot direct from the
hypervisor.

I still researching the theory behind scalability of cloud esp in
openstack + cloudfoundry.

F

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp





___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Could I restart devstack with old configuration?

[Hao Wang]

Thanks guys for the instruction. After some modification on the stack.sh
and lib scripts, I can keep old configurations but failed to launch new
instances with old images (new image can do). I almost give it up to figure
out how to achieve that. Anyway if I've got time on it, I'll try it later
and keep you posted.

Regards,
Howard

On Fri, Oct 26, 2012 at 12:43 AM, Davanum Srinivas wrote:

> Here's what i am using
>
> http://davanum.wordpress.com/2012/10/17/scripts-to-startstop-openstack-environment-built-using-devstack/
>
> -- dims
>
> On Thu, Oct 25, 2012 at 10:28 AM, Hao Wang  wrote:
>
>> Hi stackers,
>>
>> I've got a quick question for you. Every time while I start devstack, the
>> script will initialize mysql database. That makes me have to import
>> customized images again. Do you know there is any way to avoid it?
>>
>> Thanks,
>> Howard
>>
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>
>
> --
> Davanum Srinivas :: http://davanum.wordpress.com
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Why OpenStack use openvpn?

[Hao Wang]

Vinay,

Thanks for the clarification. What is making me think like that is
according to the thread mentioning about site-to-site VPN connections to
avoid duplicate private MAC addresses.

Could you please confirm if the current solution for version E and F can
support site-to-site VPN? I am unable to find any material regarding it on
doc.openstack site other than in that thread.

Thanks,
Howard

On Fri, Oct 26, 2012 at 1:58 AM, Vinay Bannai  wrote:

> Hao,
>
> I think Thierry and Nachi captured it well in their email responses to the
> thread. The Openstack foundation would (should) get a MAC OUI allocation
> from IEEE RAC that will be used as default instead of using the current
> default locally administered base_mac of fa:16:3e:00:00:00.
>
> Nothing more complicated than that.
>
> Vinay
>
> On Thu, Oct 25, 2012 at 7:26 AM, Hao Wang  wrote:
>
>> Yep, I agree with you, Vish. My 2 cents, for the thread mentioning MAC
>> OUI, it's about site-to-site connection. It's not implemented yet by
>> cloudpipe. That probably is a feature in next version. Vinay, is what I
>> am guessing correct?
>>
>> Thanks,
>> Howard
>>
>>
>> On Wed, Oct 24, 2012 at 6:31 AM, Vishvananda Ishaya <
>> vishvana...@gmail.com> wrote:
>>
>>>
>>> On Oct 22, 2012, at 5:06 PM, Hao Wang  wrote:
>>>
>>>
>>> First, why we use openvpn? I know it's kind of arch question, like how
>>> to choose a right opensource software. On the other way, please let me know
>>> your point why we don't choose IPSEC or other VPNs.
>>>
>>>
>>> It was somewhat arbitrary based on the fact that it is easy to setup on
>>> linux and there were clients on all platforms that did not require root
>>> access to install.
>>>
>>>
>>> Vish
>>>
>>
>>
>
>
> --
> Vinay Bannai
> Email: vban...@gmail.com
> Google Voice: 415 938 7576
>
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Openstack :: Folsom] Quantum DHCP Agent in Compute HOST

[Trinath Somanchi]

Hi Salvatore-

Thanks a lot for the reply.

In the Setup diagram, I'm planning to make a 2 machine setup in my test
environment.

Where Can I have the Installation guideline for the Quantum L2 agent.

Have few doubts in the Quantum DHCP agent Source Code.

As I have gone through the source code, the DHCP agent runs as an RPC
daemon.

It places messages in the ampq.  I was confused with the following code in
/quantum/db/dhcp_rpc_base.py

in the method: def get_network_info()

plugin = manager.QuantumManager.get_plugin() < To what
plugin its mapping to ? Is the appropriate plugin configured in the
configuration files.
network = plugin.get_network(context, network_id)

How do the mapping to plugin made here?

Can you please help understand these...

Thanking you

-
Trinath


On Fri, Oct 26, 2012 at 3:31 PM, Salvatore Orlando wrote:

> Hi Trinath,
>
> Even if is perfectly reasonable to run the DHCP/L3 agents in the
> controller node, the advice we give in the administration guide is slightly
> different.
> As suggested in [1], the only Quantum component running on the controller
> node should be the API server.
> The DHCP and L3 agents might run in a dedicated "network node". Please
> note you will need also the L2 agent running on that node.
>
> Regards,
> Salvatore
>
> [1]
> http://docs.openstack.org/trunk/openstack-network/admin/content/app_demo.html
>
> On 26 October 2012 10:50, Trinath Somanchi wrote:
>
>> Hi Stackers-
>>
>> I have found many installation and configuration manuals for Openstack
>> Folsom which state the installation and configuration of Quantum-DHCP-Agent
>> in the Controller machine.
>>
>> But I have doubt here,
>>
>> Can't we have the Quantum-DHCP/L3-Agent to be running in the Compute NODE
>> rather than in the controller.
>>
>> How does the Installation and configuration change with this type of
>> Installation?
>>
>> Please guide me on How to achieve the same.
>>
>> Thanking you
>>
>> --
>> Regards,
>> --
>> Trinath Somanchi,
>> +91 9866 235 130
>>
>>
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>


-- 
Regards,
--
Trinath Somanchi,
+91 9866 235 130
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Ceilometer, StackTach, Tach / Scrutinize, CloudWatch integration ... Summit followup

[Doug Hellmann]

On Oct 25, 2012, at 9:44 PM, Joshua Harlow  wrote:

> As for statgen, I think that¹s just a temp repo, it'd be nice to have the
> end result of this be a library that provides somewhat generic metrics and
> plugins and such so that stacktech could use the outputs of it, ceilometer
> could the outputs and other systems could use the outputs (where an output
> goes would be configurable so that each system can configure its outputs
> as the operator desires, ie I want my MONITOR metrics to go to MQ in
> ceilomter and stacktech consumable formats, or to files or to...).
> 
> I think when this gets going we should have some repo/project name that
> goes on stackforge so that even while this is being developed it can go
> through the normal review process and such (and not in someones special
> github repo). But we have to start somewhere, something we can discuss as
> to what a good solution is @ the meeting.

At the summit, as part of the discussions around expanding the scope of 
ceilometer to cover measurement for monitoring, we discussed developing the 
library as part of ceilometer for now and either moving it to Oslo for release 
as a library or just releasing the library as a separate package from the 
ceilometer project directly.

Doug

> 
> -Josh 
> 
> On 10/25/12 5:47 PM, "Jeffrey Budzinski"  wrote:
> 
>> 
>> Yes, I think support for metrics objects that can be leveraged both by
>> monkey patches and decorators was what we'd been thinking along the lines
>> of. The metrics would be controlled via config both in what scopes are
>> active (e.g. on|off for a package, module, etc.) and also the outlet for
>> the metrics (file, datagram, rpc). Support for instrumentation levels
>> would also be nice so that metric flow could be controlled (i.e.
>> instrumentation point is annotated as METRIC, MONITOR, PROFILE and then
>> level to actually emit can be set in conjunction with a metric
>> outlet/sink). With this approach, folks could control both the volume of
>> metrics and also the outlet for the metrics. Ceilometer would also be an
>> outlet that could be leveraged via RPC flow for metrics -- though I'd
>> expect some would want to send via datagram to statsd or file for offline
>> log aggregation.
>> 
>> I'll post a diagram tomorrow for review and comment.
>> 
>> Oh btw, I updated the spec with most of what was in the etherpad. We can
>> update the spec to reflect whatever we decide is the preferred approach.
>> 
>> -jeff
>> 
>> On Oct 25, 2012, at 5:30 PM, Angus Salkeld wrote:
>> 
>>> On 25/10/12 11:13 +, Sandy Walsh wrote:
 grizzly-common-instrumentation seems to be the best choice ...
 hopefully the other groups will use this etherpad too.
 
 We need a proper blueprint to nail down the approach. IRC is great,
 but doesn't retain history for other groups. I think we need to get a
 plan for translating the etherpad into something concise and nailed
 down.
>>> 
>>> Agree.
>>> 
 
 statgen should really just be a new notifier in Tach (or Scrutinize)
 ... vs copy-pasting the code into yet-another repo.  Hopefully that's
 the plan? Tach should remain a generic tool and not pegged to OpenStack.
>>> 
>>> Well that was just an "ideas play pen" not serious code.
>>> 
>>> I might be coming at this from a slightly different angle...
>>> I was looking at a library that can be used to generate trace,
>>> monitoring
>>> and metering data (kind of like log levels for logging). Currently both
>>> Tach and Scrutinize don't have enough fields (of course that could be
>>> changed).
>>> 
>>> Also I think we should be able to insert instrumentation into the code
>>> as well
>>> as have the function level performance metrics monkey patched.
>>> 
>>> Then we could have a config that directed metric data to different
>>> notifiers
>>> like how you do it in Scrutinize perhaps. Also enforcing data rate
>>> limits
>>> and possible data aggregation could be neat configurable features.
>>> 
>>> Anyway more at the meeting...
>>> 
>>> -Angus
>>> 
 
 -S
 
 From: openstack-bounces+sandy.walsh=rackspace@lists.launchpad.net
 [openstack-bounces+sandy.walsh=rackspace@lists.launchpad.net] on
 behalf of Angus Salkeld [asalk...@redhat.com]
 Sent: Thursday, October 25, 2012 1:00 AM
 To: openstack@lists.launchpad.net
 Subject: Re: [Openstack] Ceilometer, StackTach, Tach / Scrutinize,
 CloudWatch integration ... Summit followup
 
 On 24/10/12 23:35 +, Sandy Walsh wrote:
> Hey y'all,
> 
> Great to chat during the summit last week, but it's been a crazy few
> days of catch-up since then.
> 
> The main takeaway for me was the urgent need to get some common
> libraries under these efforts.
 
 Yip.
 
> 
> So, to that end ...
> 
> 1. To those that asked, I'm going to get my slides / video
> presentation made available via the list. Stay tuned.
>>

Re: [Openstack] [ceilometer] Potential New Use Cases

[Doug Hellmann]

On Oct 26, 2012, at 4:29 AM, Julien Danjou  wrote:

> On Thu, Oct 25 2012, Doug Hellmann wrote:
> 
>>> IIUC, what's need here is a GROUP BY operator in the API.
>>> 
>>> Correct me if I'm wrong, but this is still doable via the API if you
>>> request /users//meters/instance and treats the events in the
>>> client, no?
>> 
>> It is possible, but very very inefficient.
> 
> Oh, sure it is. But adding feature and making things more efficient are
> different things. :)
> 
>> Querying against arbitrary metadata fields is easy in the MongoDB driver,
>> but not in the SQLAlchemy driver. Adding explicit handling for dimensions
>> would let us implement it in SQL and improve performance with indexes in
>> Mongo.
> 
> Ah, thanks to remind me how ORM are bad and that we now have to fight
> against it. :)
> 
> I wish we could use JSON native type from PostgreSQL directly and be
> efficient!

You could write a different storage driver. ;)

Doug

> 
> -- 
> Julien Danjou
> # Free Software hacker & freelance
> # http://julien.danjou.info

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [ceilometer] Potential New Use Cases

[Doug Hellmann]

On Oct 25, 2012, at 6:05 PM, Angus Salkeld  wrote:

> On 25/10/12 17:04 -0400, Doug Hellmann wrote:
>> On Thu, Oct 25, 2012 at 10:22 AM, Julien Danjou  wrote:
>> 
>>> On Thu, Oct 25 2012, Doug Hellmann wrote:
>>> 
>>> > That would be one way, but adding "dimensions" to the meters also makes
>>> > sense because it reduces the need to collect the data more than once.
>>> 
>>> In case of group, the other problem is how to emit instance counter with
>>> group metadata (assuming this group implementation is not part of Nova
>>> but Heat).
>>> 
>> 
>> Good point. I was assuming the values would be available as metadata of the
>> underlying resource, but that may not always be the case.
>> 
> 
> Yea, we need a consistent way of doing this. That should work on different
> resource types. We could use the tags or a similar mechanism.

Tags would be available as part of an objects normal metadata, right?

Doug

> 
> -A
>> 
>>> 
>>> > For instance, if "flavor" was a dimension of the "instance" meter I
>>> > wouldn't need the separate meter "instance:". These sorts of
>>> > use cases were part of the original motivation for collecting all of
>>> > the metadata about a resource, but what we have now isn't structured
>>> > enough to let the API user query into it.
>>> 
>>> IIUC, what's need here is a GROUP BY operator in the API.
>>> 
>>> Correct me if I'm wrong, but this is still doable via the API if you
>>> request /users//meters/instance and treats the events in the
>>> client, no?
>>> 
>> 
>> It is possible, but very very inefficient.
>> 
>> 
>>> 
>>> > How, then, do we define the dimensions for a given meter in a more
>>> > structured way? Some built-in values (like flavor) can be pulled
>>> > automatically based on the resource type, but what about settings
>>> > controlled by the deployer and end-user (for purposes other than
>>> billing)?
>>> 
>>> Do we have to define dimensions explicitely, or isn't what's needed just
>>> ways to filter and/or group events by metadata fields?
>>> 
>> 
>> Querying against arbitrary metadata fields is easy in the MongoDB driver,
>> but not in the SQLAlchemy driver. Adding explicit handling for dimensions
>> would let us implement it in SQL and improve performance with indexes in
>> Mongo.
>> 
>> Doug
>> 
>> 
>>> 
>>> --
>>> Julien Danjou
>>> // Free Software hacker & freelance
>>> // http://julien.danjou.info
>>> g
>>> 
> 
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
> 
> 
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Openstack :: Folsom] Quantum DHCP Agent in Compute HOST

[Salvatore Orlando]

Hi Trinath,

Even if is perfectly reasonable to run the DHCP/L3 agents in the controller
node, the advice we give in the administration guide is slightly different.
As suggested in [1], the only Quantum component running on the controller
node should be the API server.
The DHCP and L3 agents might run in a dedicated "network node". Please note
you will need also the L2 agent running on that node.

Regards,
Salvatore

[1]
http://docs.openstack.org/trunk/openstack-network/admin/content/app_demo.html

On 26 October 2012 10:50, Trinath Somanchi wrote:

> Hi Stackers-
>
> I have found many installation and configuration manuals for Openstack
> Folsom which state the installation and configuration of Quantum-DHCP-Agent
> in the Controller machine.
>
> But I have doubt here,
>
> Can't we have the Quantum-DHCP/L3-Agent to be running in the Compute NODE
> rather than in the controller.
>
> How does the Installation and configuration change with this type of
> Installation?
>
> Please guide me on How to achieve the same.
>
> Thanking you
>
> --
> Regards,
> --
> Trinath Somanchi,
> +91 9866 235 130
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] [Openstack :: Folsom] Quantum DHCP Agent in Compute HOST

[Trinath Somanchi]

Hi Stackers-

I have found many installation and configuration manuals for Openstack
Folsom which state the installation and configuration of Quantum-DHCP-Agent
in the Controller machine.

But I have doubt here,

Can't we have the Quantum-DHCP/L3-Agent to be running in the Compute NODE
rather than in the controller.

How does the Installation and configuration change with this type of
Installation?

Please guide me on How to achieve the same.

Thanking you

-- 
Regards,
--
Trinath Somanchi,
+91 9866 235 130
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Quantum with OVS and floating IP

[Razique Mahroua]

Hi guys, I'm trying to setup Quantum on my lab (VM), the setup is quite simple, yet I can't have it workingWAN (admin) <--->  eth0LAN  <> eth1WAN  <> eth2Actually, I'm able to have the local connectivity working, VMs retrieve their private IP from quantum, yet the routing to the external network doesn't seem to work. When I add eth2 to the br-ex bridge, I lose connectivity to the VM (not the instance, but the openstack VM)root@ubuntu-precise:~# ovs-vsctl list-brbr-eth1br-exbr-introot@ubuntu-precise:~# ovs-vsctl list-ports br-eth1eth1phy-br-eth1root@ubuntu-precise:~# ovs-vsctl list-ports br-ex   root@ubuntu-precise:~# ovs-vsctl list-ports br-intgw-82009a93-1aint-br-eth1qvo5c1b075c-58tapee397b47-c9/etc/quantum/plugins/openvswitch/ovs_quantum_plugin.iniroot@ubuntu-precise:~# cat /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini | grep -v -e "#" -e "^$"[DATABASE]sql_connection = mysql://ovs_quantum:openstack@10.211.55.20/ovs_quantumreconnect_interval = 2[OVS]tenant_network_type = vlannetwork_vlan_ranges = physnet1:1:4094tunnel_id_ranges = 1:1000integration_bridge = br-intlocal_ip = 10.211.55.20bridge_mappings = physnet1:br-eth1[AGENT]polling_interval = 2root_helper = sudo /usr/bin/quantum-rootwrap /etc/quantum/rootwrap.confThe quantum-settings-partayhttp://paste.openstack.org/show/22356/Best regards,Razique
Nuage & Co - Razique Mahroua razique.mahr...@gmail.com

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Questions about novnc with multihost OpenStack Nova Compute(Essex) in multihost

[Staicu Gabriel]

Hi Olivier,

Which version of openstack are you using? Essex or Folsom? On which operating 
system is your cloud installed (Fedora or Ubuntu)?
In my setup, which is Openstack Essex on Ubuntu12.04 I obtain:
root@hltopenstack01:~$ nova get-vnc-console 
1fc2cea1-9aec-4d7d-b80e-eab436ae3246 novnc
+---+---+
|  Type |    
Url    |
+---+---+
| novnc | 
http://10.205.16.18:6080/vnc_auto.html?token=17210200-4622-4480-9b0f-1ca4ffe6fc75
 |


The value http://10.205.16.18:6080/vnc_auto.html corresponds in nova.conf to 
the parameter: --novncproxy_base_url=http://10.205.16.18:6080/vnc_auto.html

Beside this I saw that you are from France. It will be an event regarding 
openstack in Paris on 29 November. Are you interested?...:)

Regards,
Gabriel




 From: Olivier Archer 
To: Staicu Gabriel  
Cc: 张家龙 ; openstack  
Sent: Friday, October 26, 2012 11:36 AM
Subject: Re: [Openstack] Questions about novnc with multihost OpenStack Nova 
Compute(Essex) in multihost
 

Hi,
  This work also for me exept tha the url is localhost based:
$nova get-vnc-console landsat01 novnc
| novnc | 
http://127.0.0.1:6080/vnc_auto.html?token=6137dcb5-41b4-46fb-9c42-76c97e961e69 |

So it doesn't work in the dashboard or if i copy/paste into a browser. But it 
works if i change 127.0.0.1 to the public ip of the compute node.

(I am  in a multi host config).

But from where is taken the value of 127.0.0.1 in the config file ? You have no 
references to it in the configuration you posted...

Regards,


2012/10/25 Staicu Gabriel 

Hi,
>
>
>I have a cloud constructed on ubuntu12.04 with openstack essex.
>
>    -controller node: 10.205.16.18
>    The configuration regarding vnc:
>    --vncserver_host=0.0.0.0
>    --vncproxy_url=http://10.205.16.18:6080
>    --ajax_console_proxy_url=http://10.205.16.18:8000
>    --novnc_enabled=true
>    --novncproxy_base_url=http://10.205.16.18:6080/vnc_auto.html
>    --vncserver_proxyclient_address=10.205.16.18
>    --vncserver_listen=10.205.16.18
>
>    -compute node:10.205.16.241
>
>    --vncproxy_url=http://10.205.16.18:6080
>    --ajax_console_proxy_url=http://10.205.16.18:8000    --novnc_enabled=true
>    --novncproxy_base_url=http://10.205.16.18:6080/vnc_auto.html
>    --vncserver_proxyclient_address=10.205.16.241
>    --vncserver_listen=10.205.16.241
>
>And everything works ok.
>Hope this
 help.
>
>Regards,
>Gabriel
>
>
>
> From: 张家龙 
>To: openstack  
>Sent: Thursday, October 25, 2012 9:43 AM
>Subject: [Openstack] Questions about novnc with multihost OpenStack Nova 
>Compute(Essex) in multihost
> 
>
>
>Dear all,
>    I have some questions about OpenStack Nova Compute(Essex) using novnc.
>    I build a cluster using 4 computers with OpenStack Nova Compute in 
>multihost.
>    The follows were informations of my cluster:
>    
>    nova01:compute server,api server,controller server  192.168.3.3
>    nova02:compute server   192.168.3.4
>    nova03:compute server   192.168.3.5
>    nova04:compute
 server   192.168.3.6
>    
>    And the vms`s fixed was 10.0.0.0/8
>    
>    Here was my nova.conf:
>    http://pastebin.com/K6ArR1HA
>    
>    While,when i executed the command 
>    "nova get-vnc-console  novnc"
>    then,error occured.
>    
>    Here were the error informations:
>    
>    2012-10-25 14:25:27 ERROR nova.rpc.impl_qpid 
>[req-1ad62be7-8eeb-43a5-898c-f3552b9f7748 3faf7062208c456c9a9365ee50bf15cd 
>561a547e94c7
>    4ce797d0ef1f4bc91f91] Timed out waiting for RPC response: None
>    2012-10-25 14:25:27 TRACE nova.rpc.impl_qpid Traceback (most recent call
 last):
>    2012-10-25 14:25:27 TRACE nova.rpc.impl_qpid   File 
>"/usr/lib/python2.6/site-packages/nova/rpc/impl_qpid.py", line 364, in ensure
>    2012-10-25 14:25:27 TRACE nova.rpc.impl_qpid     return method(*args, 
>**kwargs)
>    2012-10-25 14:25:27 TRACE nova.rpc.impl_qpid   File 
>"/usr/lib/python2.6/site-packages/nova/rpc/impl_qpid.py", line 413, in _consume
>    2012-10-25 14:25:27 TRACE nova.rpc.impl_qpid     nxt_receiver = 
>self.session.next_receiver(timeout=timeout)
>    2012-10-25 14:25:27 TRACE nova.rpc.impl_qpid   File "", line 6, in 
>next_receiver
>    2012-10-25 14:25:27 TRACE nova.rpc.impl_qpid   File 
>"/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 651, in 
>nex
>    t_receiver
>    2012-10-25 14:25:27 TRACE nova.rpc.impl_qpid     raise Empty
> 
   2012-10-25 14:25:27 TRACE nova.rpc.impl_qpid Empty: None
>    2012-10-25 14:25:27 TRACE nova.rpc.impl_qpid
>    2012-10-25 14:25:27 ERROR nova.api.openstack 
>[req-1ad62be7-8eeb-43a5-898c-f3552b9f7748 3faf7062208c456c9a9365ee50bf15cd 
>561a547e94c7
>    4ce797d0ef1f4bc91f91] Caught err

Re: [Openstack] OpenStack + Nova list, nova show location

[Rosa, Andrea (HP Cloud Services)]

Hi

As reported below "nova" command are processed by the nova client, you have to 
look for it.
Cheers
--
Andrea Rosa

From: openstack-bounces+andrea.rosa=hp@lists.launchpad.net 
[mailto:openstack-bounces+andrea.rosa=hp@lists.launchpad.net] On Behalf Of 
Desta Haileselassie Hagos
Sent: 26 October 2012 09:52
To: openstack@lists.launchpad.net
Subject: [Openstack] OpenStack + Nova list, nova show location


Dear All,

Would you kindly help me where i can find the scripts for "nova list" and "nova 
show"

I just can't find it in /user/bin/


I only have the rapper class

#!/usr/bin/python
# EASY-INSTALL-ENTRY-SCRIPT: 
'python-novaclient==2012.1','console_scripts','nova'
__requires__ = 'python-novaclient==2012.1'
import sys
from pkg_resources import load_entry_point

if __name__ == '__main__':
sys.exit(
load_entry_point('python-novaclient==2012.1', 'console_scripts', 
'nova')()
)


With best regards,



___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] OpenStack + Nova list, nova show location

[Desta Haileselassie Hagos]

Dear All,

Would you kindly help me where i can find the scripts for "nova list" and
"nova show"

I just can't find it in /user/bin/


I only have the rapper class

#!/usr/bin/python
# EASY-INSTALL-ENTRY-SCRIPT:
'python-novaclient==2012.1','console_scripts','nova'
__requires__ = 'python-novaclient==2012.1'
import sys
from pkg_resources import load_entry_point

if __name__ == '__main__':
sys.exit(
load_entry_point('python-novaclient==2012.1', 'console_scripts',
'nova')()
)


With best regards,
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Questions about novnc with multihost OpenStack Nova Compute(Essex) in multihost

[Olivier Archer]

Hi,
  This work also for me exept tha the url is localhost based:
$nova get-vnc-console landsat01 novnc
| novnc |
http://127.0.0.1:6080/vnc_auto.html?token=6137dcb5-41b4-46fb-9c42-76c97e961e69|

So it doesn't work in the dashboard or if i copy/paste into a browser. But
it works if i change 127.0.0.1 to the public ip of the compute node.

(I am  in a multi host config).

But from where is taken the value of 127.0.0.1 in the config file ? You
have no references to it in the configuration you posted...

Regards,


2012/10/25 Staicu Gabriel 

> Hi,
>
> I have a cloud constructed on ubuntu12.04 with openstack essex.
>
> -controller node: 10.205.16.18
> The configuration regarding vnc:
> --vncserver_host=0.0.0.0
> --vncproxy_url=http://10.205.16.18:6080
> --ajax_console_proxy_url=http://10.205.16.18:8000
> --novnc_enabled=true
> --novncproxy_base_url=http://10.205.16.18:6080/vnc_auto.html
> --vncserver_proxyclient_address=10.205.16.18
> --vncserver_listen=10.205.16.18
>
> -compute node:10.205.16.241
> --vncproxy_url=http://10.205.16.18:6080
> --ajax_console_proxy_url=http://10.205.16.18:8000
> --novnc_enabled=true
> --novncproxy_base_url=http://10.205.16.18:6080/vnc_auto.html
> --vncserver_proxyclient_address=10.205.16.241
> --vncserver_listen=10.205.16.241
>
> And everything works ok.
> Hope this help.
>
> Regards,
> Gabriel
>   --
> *From:* 张家龙 
> *To:* openstack 
> *Sent:* Thursday, October 25, 2012 9:43 AM
> *Subject:* [Openstack] Questions about novnc with multihost OpenStack
> Nova Compute(Essex) in multihost
>
> Dear all,
> I have some questions about OpenStack Nova Compute(Essex) using novnc.
> I build a cluster using 4 computers with OpenStack Nova Compute in
> multihost.
> The follows were informations of my cluster:
>
> nova01:compute server,api server,controller server  192.168.3.3
> nova02:compute server   192.168.3.4
> nova03:compute server   192.168.3.5
> nova04:compute server   192.168.3.6
>
> And the vms`s fixed was 10.0.0.0/8
>
> Here was my nova.conf:
> http://pastebin.com/K6ArR1HA
>
> While,when i executed the command
> "nova get-vnc-console  novnc"
> then,error occured.
>
> Here were the error informations:
>
> 2012-10-25 14:25:27 ERROR nova.rpc.impl_qpid
> [req-1ad62be7-8eeb-43a5-898c-f3552b9f7748 3faf7062208c456c9a9365ee50bf15cd
> 561a547e94c7
> 4ce797d0ef1f4bc91f91] Timed out waiting for RPC response: None
> 2012-10-25 14:25:27 TRACE nova.rpc.impl_qpid Traceback (most recent
> call last):
> 2012-10-25 14:25:27 TRACE nova.rpc.impl_qpid   File
> "/usr/lib/python2.6/site-packages/nova/rpc/impl_qpid.py", line 364, in
> ensure
> 2012-10-25 14:25:27 TRACE nova.rpc.impl_qpid return method(*args,
> **kwargs)
> 2012-10-25 14:25:27 TRACE nova.rpc.impl_qpid   File
> "/usr/lib/python2.6/site-packages/nova/rpc/impl_qpid.py", line 413, in
> _consume
> 2012-10-25 14:25:27 TRACE nova.rpc.impl_qpid nxt_receiver =
> self.session.next_receiver(timeout=timeout)
> 2012-10-25 14:25:27 TRACE nova.rpc.impl_qpid   File "", line
> 6, in next_receiver
> 2012-10-25 14:25:27 TRACE nova.rpc.impl_qpid   File
> "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 651,
> in nex
> t_receiver
> 2012-10-25 14:25:27 TRACE nova.rpc.impl_qpid raise Empty
> 2012-10-25 14:25:27 TRACE nova.rpc.impl_qpid Empty: None
> 2012-10-25 14:25:27 TRACE nova.rpc.impl_qpid
> 2012-10-25 14:25:27 ERROR nova.api.openstack
> [req-1ad62be7-8eeb-43a5-898c-f3552b9f7748 3faf7062208c456c9a9365ee50bf15cd
> 561a547e94c7
> 4ce797d0ef1f4bc91f91] Caught error: Timeout while waiting on RPC
> response.
> 2012-10-25 14:25:27 TRACE nova.api.openstack Traceback (most recent
> call last):
> 2012-10-25 14:25:27 TRACE nova.api.openstack   File
> "/usr/lib/python2.6/site-packages/nova/api/openstack/__init__.py", line 82,
> in _
> _call__
> 2012-10-25 14:25:27 TRACE nova.api.openstack return
> req.get_response(self.application)
> 2012-10-25 14:25:27 TRACE nova.api.openstack   File
> "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/request.py",
> line
> 1053, in get_response
> 2012-10-25 14:25:27 TRACE nova.api.openstack application,
> catch_exc_info=False)
> 2012-10-25 14:25:27 TRACE nova.api.openstack   File
> "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/request.py",
> line
> 1022, in call_application
> 2012-10-25 14:25:27 TRACE nova.api.openstack app_iter =
> application(self.environ, start_response)
> 2012-10-25 14:25:27 TRACE nova.api.openstack   File
> "/usr/lib/python2.6/site-packages/keystone/middleware/auth_token.py", line
> 176,
> in __call__
> 2012-10-25 14:25:27 TRACE nova.api.openstack return self.app(env,
> start_response)
> 2012-10-25 14

Re: [Openstack] [ceilometer] Potential New Use Cases

[Julien Danjou]

On Thu, Oct 25 2012, Doug Hellmann wrote:

>> IIUC, what's need here is a GROUP BY operator in the API.
>>
>> Correct me if I'm wrong, but this is still doable via the API if you
>> request /users//meters/instance and treats the events in the
>> client, no?
>>
>
> It is possible, but very very inefficient.

Oh, sure it is. But adding feature and making things more efficient are
different things. :)

> Querying against arbitrary metadata fields is easy in the MongoDB driver,
> but not in the SQLAlchemy driver. Adding explicit handling for dimensions
> would let us implement it in SQL and improve performance with indexes in
> Mongo.

Ah, thanks to remind me how ORM are bad and that we now have to fight
against it. :)

I wish we could use JSON native type from PostgreSQL directly and be
efficient!

-- 
Julien Danjou
# Free Software hacker & freelance
# http://julien.danjou.info


pgplhhIAVMIOb.pgp
Description: PGP signature
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [SWIFT] Proxies Sizing for 90.000 / 200.000 RPM

[Chander Kant]

On Wed, Oct 24, 2012 at 4:19 PM, Sina Sadeghi  wrote:

>  The guys from Zmanda presented some evaluation of swift at the summit,
> might be useful here
>
> http://www.zmanda.com/blogs/?p=947 they've written a blog but it doesn't
> have all the findings which they presented at the summit.
>
> Maybe Chander would be willing to share? I've CC'd him in.
>


Sure. We have published a new blog related to the summit, including a link
to our presentation slides:

http://www.zmanda.com/blogs/?p=971
http://www.zmanda.com/pdf/how-swift-is-your-Swift-SD.pdf

We plan to publish more performance results within next few weeks.

-Chander





>
> --
> *Sina Sadeghi*
> Lead Cloud Engineer
>
> *Aptira Pty Ltd*
> 1800 APTIRA
> aptira.com 
> Follow @aptira 
>
>  On 25/10/12 08:03, Alejandro Comisario wrote:
>
> Wow nice, i think we have a lot to look at guys.
> I'll get back to you as soon as we have more metrics to share regarding
> this matter.
> Basically, we are going to try to add more proxies, since indeed, the
> requests are to small (20K not 20MB)
>
>  Thanks guys !
> ---
> Alejandrito
>
>   On Wed, Oct 24, 2012 at 5:49 PM, John Dickinson  wrote:
>
>> Smaller requests, of course, will have a higher percentage overhead for
>> each request, so you will need more proxies for many small requests than
>> the same number of larger requests (all other factors being equal).
>>
>> If most of the requests are reads, then you probably won't have to worry
>> about keystone keeping up.
>>
>> You may want to look at tuning the object server config variable
>> "keep_cache_size". This variable is the maximum size of an object to keep
>> in the buffer cache for publicly requested objects. So if you tuned it to
>> be 20K (20971520)--by default it is 5424880--you should be able to serve
>> most of your requests without needing to do a disk seek, assuming you have
>> enough RAM on the object servers. Note that background processes on the
>> object servers end up using the cache for storing the filesystem inodes, so
>> lots of RAM will be a very good thing in your use case. Of course, the
>> usefulness of this caching is dependent on how frequently a given object is
>> accessed. You may consider an external caching system (anything from
>> varnish or squid to a CDN provider) if the direct public access becomes too
>> expensive.
>>
>> One other factor to consider is that since swift stores 3 replicas of the
>> data, there are 3 servers that can serve a request for a given object,
>> regardless of how many storage nodes you have. This means that if all 3500
>> req/sec are to the same object, only 3 object servers are handling that.
>> However, if the 3500 req/sec are spread over many objects, the full cluster
>> will be utilized. Some of us have talked about how to improve swift's
>> performance for concurrent access to a single object, but those
>> improvements have not been coded yet.
>>
>> --John
>>
>>
>>
>> On Oct 24, 2012, at 1:20 PM, Alejandro Comisario <
>> alejandro.comisa...@mercadolibre.com> wrote:
>>
>> > Thanks Josh, and Thanks John.
>> > I know it was an exciting Summit! Congrats to everyone !
>> >
>> > John, let me give you extra data and something that i've already said,
>> that might me wrong.
>> >
>> > First, the request size that will compose the 90.000RPM - 200.000 RPM
>> will be from 90% 20K objects, and 10% 150/200K objects.
>> > Second, all the "GET" requests, are going to be "public", configured
>> through ACL, so, if the GET requests are public (so, no X-Auth-Token is
>> passed) why should i be worried about the keystone middleware ?
>> >
>> > Just to clarify, because i really want to understand what my real
>> metrics are so i can know where to tune in case i need to.
>> > Thanks !
>> >
>> > ---
>> > Alejandrito
>> >
>> >
>> > On Wed, Oct 24, 2012 at 3:28 PM, John Dickinson  wrote:
>> > Sorry for the delay. You've got an interesting problem, and we were all
>> quite busy last week with the summit.
>> >
>> > First, the standard caveat: Your performance is going to be highly
>> dependent on your particular workload and your particular hardware
>> deployment. 3500 req/sec in two different deployments may be very different
>> based on the size of the requests, the spread of the data requested, and
>> the type of requests. Your experience may vary, etc, etc.
>> >
>> > However, for an attempt to answer your question...
>> >
>> > 6 proxies for 3500 req/sec doesn't sound unreasonable. It's in line
>> with other numbers I've seen from people and what I've seen from other
>> large scale deployments. You are basically looking at about 600
>> req/sec/proxy.
>> >
>> > My first concern is not the swift workload, but how keystone handles
>> the authentication of the tokens. A quick glance at the keystone source
>> seems to indicate that keystone's auth_token middleware is using a standard
>> memcached module that may not play well with concurrent connections in
>> eventl