date:20121213

Re: [Openstack] instance cannot access external network (folsom quantum)

2012-12-13 Thread ZhiQiang Fan

control node (also act as network node): eth0 192.168.32.18 eth0:0
10.0.0.3 eth0:1(br-ex bridge) 192.168.32.129
compute node: eth0 192.168.32.19 eth0:0 10.0.0.4
fixed ip for instance: 10.0.18.0/24
floating ip for instance: 192.168.32.130-192.168.32.135 range
192.168.32.128/24 gateway 192.168.32.1
quamtum plugin: openvswitch

when instance ping a host in 192.168.32.x, host reply with
destination=10.0.18.x, so i think snat does not act well.
i can ping from 192.168.32.x to instance's floating ip (192.168.32.13x)

more details listed below:

**
information generated by command line

control node:
shell>ip addr show
1: lo:  mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
   valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc pfifo_fast
state UP qlen 1000
link/ether 6c:f0:49:0b:e1:a6 brd ff:ff:ff:ff:ff:ff
inet 192.168.32.18/24 brd 192.168.32.255 scope global eth0
inet 10.0.0.3/24 brd 10.0.0.255 scope global eth0:0
inet6 fe80::6ef0:49ff:fe0b:e1a6/64 scope link
   valid_lft forever preferred_lft forever
4: br-int:  mtu 1500 qdisc noqueue state DOWN
link/ether be:22:4e:37:1f:4e brd ff:ff:ff:ff:ff:ff
5: br-ex:  mtu 1500 qdisc noqueue
state UNKNOWN
link/ether 22:5f:e0:e0:97:45 brd ff:ff:ff:ff:ff:ff
inet 192.168.32.129/24 scope global br-ex
9: br-tun:  mtu 1500 qdisc noqueue state DOWN
link/ether ee:9e:44:8e:59:47 brd ff:ff:ff:ff:ff:ff
34: tapafa410e4-d2:  mtu 1500 qdisc
noqueue state UNKNOWN
link/ether fa:16:3e:9a:10:c4 brd ff:ff:ff:ff:ff:ff
inet 10.0.18.2/24 brd 10.0.18.255 scope global tapafa410e4-d2
inet6 fe80::f816:3eff:fe9a:10c4/64 scope link
   valid_lft forever preferred_lft forever
35: qr-b17d537e-27:  mtu 1500 qdisc
noqueue state UNKNOWN
link/ether fa:16:3e:cf:28:9f brd ff:ff:ff:ff:ff:ff
inet 10.0.18.1/24 brd 10.0.18.255 scope global qr-b17d537e-27
inet6 fe80::f816:3eff:fecf:289f/64 scope link
   valid_lft forever preferred_lft forever
36: qg-1a968e33-e7:  mtu 1500 qdisc
noqueue state UNKNOWN
link/ether fa:16:3e:a8:f3:a0 brd ff:ff:ff:ff:ff:ff
inet 192.168.32.130/24 brd 192.168.32.255 scope global qg-1a968e33-e7
inet6 fe80::f816:3eff:fea8:f3a0/64 scope link
   valid_lft forever preferred_lft forever
**
shell>route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric RefUse Iface
0.0.0.0 192.168.32.10.0.0.0 UG0  00 eth0
0.0.0.0 192.168.32.10.0.0.0 UG10000 eth0
10.0.0.00.0.0.0 255.255.255.0   U 0  00 eth0
10.0.18.0   0.0.0.0 255.255.255.0   U 0  0
0 tapafa410e4-d2
10.0.18.0   0.0.0.0 255.255.255.0   U 0  0
0 qr-b17d537e-27
192.168.32.00.0.0.0 255.255.255.0   U 0  00 eth0
192.168.32.00.0.0.0 255.255.255.0   U 0  00 br-ex
192.168.32.00.0.0.0 255.255.255.0   U 0  0
0 qg-1a968e33-e7
**
shell>ovs-vsctl show
7705db6e-9363-41fb-8d6a-f47ffdfa90a6
Bridge br-int
Port "tapafa410e4-d2"
tag: 13
Interface "tapafa410e4-d2"
type: internal
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
Port br-int
Interface br-int
type: internal
Port "qr-b17d537e-27"
tag: 13
Interface "qr-b17d537e-27"
type: internal
Bridge br-tun
Port "gre-2"
Interface "gre-2"
type: gre
options: {in_key=flow, out_key=flow, remote_ip="192.168.32.19"}
Port "gre-4"
Interface "gre-4"
type: gre
options: {in_key=flow, out_key=flow, remote_ip="10.0.0.4"}
Port br-tun
Interface br-tun
type: internal
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
Port "gre-1"
Interface "gre-1"
type: gre
options: {in_key=flow, out_key=flow, remote_ip="192.168.32.18"}
Bridge br-ex
Port "qg-1a968e33-e7"
Interface "qg-1a968e33-e7"
type: internal
Port br-ex
Interface br-ex
type: internal
Port "eth0:1"
Interface "eth0:1"
ovs_version: "1.4.0+build0"
***
shell>iptables-save
# Generated by iptables-save v1.4.12 on Fri Dec 14 13:55:36 2012
*nat
:PREROUTING ACCEPT [159:16180]

[Openstack] is it possible to connect to real public network in quantum in tunnel mode?

2012-12-13 Thread Liu Wenmao

I follow the OpenStack Network (Quantum) Administration Guide and build  an
internal network and I want VMs in the private network to access Internet.

So I follow the instructions and create a "external network", and the
internal VM has a floating ip, but it can not connect to the physical
Internet. I guess the external network is still a logical concept, which
can not be physical one.

root@controller:~# quantum floatingip-list
+--+--+-+--+
| id   | fixed_ip_address |
floating_ip_address | port_id  |
+--+--+-+--+
| f2148ab7-02f8-465a-a23c-fbdb77c8e2bd | 10.0.50.4| 192.168.3.164
| 1f0dce9f-1ada-4b39-96b9-4285c111afba |
+--+--+-+--+

root@controller:~# quantum net-list -- --router:external=True
+--++--+
| id   | name   | subnets
   |
+--++--+
| bbe28ed0-fff2-4944-84ba-c410a5bdd164 | public |
1695bffe-460a-4cf7-8c47-4c7fa39d4041 |
+--++--+


So is it possible to connect to the Internet in the tunnel mode, should I
use the vlan mode? What configurations should I change in the vlan mode?

thanks all
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] 2 Questions: Port 5000 and 35357, glance index

2012-12-13 Thread Hao Wang

Hi Gui,

Thanks for the reply. I think I have to reconfigure another refresh
environment. It's a little difficult for both of us to make it with a
system full of problem.

Both of the ports are opened by the process of /usr/bin/keystone-all. No
idea why it is like this. Going through source codes would give more points.

Thanks,
Howard

On Thu, Dec 13, 2012 at 10:56 PM, Gui Maluf  wrote:

> I think 5000 is kind of public port, for external use, and 35357 a private
> port for internal use. But probably I'm wrong! :)
> Is your OS_AUTH_URL and SERVICE_ENDPOINT defined?
> unset one of them and try again.
>
>
> On Thu, Dec 13, 2012 at 12:54 AM, Hao Wang  wrote:
>
>> Hi Stackers,
>>
>> What is the difference between the ports 5000 and 35357?
>>
>> When I run glance command, the error message is as below. I googled the
>> message, but no results can address this issue.
>> root@Controller:~# glance index
>> ID   Name   Disk
>> Format  Container Format Size
>>  --
>>   --
>> Error communicating with /v1/images/detail?limit=10: [Errno 111]
>> Connection refused
>>
>> Thanks,
>> Howard
>>
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>
>
> --
> *guilherme* \n
> \t *maluf*
>
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] [ANNOUNCE] OpenStack Nova 2012.2.2 released

2012-12-13 Thread Mark McLoughlin

Hey,

In the time since the Folsom release, we have been busy selectively
back-porting bugfixes to the stable/folsom branch according to our "safe
source of high-impact fixes" criteria documented here:

  http://wiki.openstack.org/StableBranch

We're now announcing the 2012.2.2 release of Nova, a snap release
containing a security fix and a fix for a serious regression in
2012.2.1.

This release is a bugfix update to Folsom and is intended to be
relatively risk free with no intentional regressions or API changes.

The list of bugs fixed can be seen here:

  https://launchpad.net/nova/folsom/2012.2.2

Please read (and add to!) the release notes at:

  http://wiki.openstack.org/ReleaseNotes/2012.2.2

Enjoy!

Mark.


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Upcoming wiki migration to Mediawiki

2012-12-13 Thread Lloyd Dewolf

On Thu, Dec 13, 2012 at 11:31 AM, Ryan Lane  wrote:

>
> There aren't any code examples in the wiki that I know of. If you have
>> examples we can certainly find a way to indicate Apache 2.0 for code, I
>> don't find this problematic.
>>
>>
> Yeah, we can wrap a  block in a template
> that also adds in license text for any code. Should be easy enough.
>

Excellent, best to address this now as this will come up later.


--
@lloyddewolf
http://www.pistoncloud.com/
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Upcoming wiki migration to Mediawiki

2012-12-13 Thread Ryan Lane

> There aren't any code examples in the wiki that I know of. If you have
> examples we can certainly find a way to indicate Apache 2.0 for code, I
> don't find this problematic.
>
>
Yeah, we can wrap a  block in a template
that also adds in license text for any code. Should be easy enough.

- Ryan
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Horizon - OfflineGenerationError

2012-12-13 Thread Gabriel Hurley

Have you tried doing what it said and running "manage.py compress"? (make sure 
you're in the proper Python environment/venv when running that command)

That error indicates one of two things:


1.   You have your settings set with COMPRESS_ENABLED = True and 
COMPRESS_OFFLINE = True but you haven't run "manage.py compress", or...

2.   There was an error while trying to compress the files such as not 
being able to find a particular file or a permissions problem on an input file 
or output directory.


-  Gabriel

From: openstack-bounces+gabriel.hurley=nebula@lists.launchpad.net 
[mailto:openstack-bounces+gabriel.hurley=nebula@lists.launchpad.net] On 
Behalf Of JuanFra Rodriguez Cardoso
Sent: Thursday, December 13, 2012 4:37 AM
To: Matthias Runge
Cc: openstack@lists.launchpad.net
Subject: Re: [Openstack] Horizon - OfflineGenerationError

Hi Matthias:

Thanks for replying. Rest of openstack services are working ok.

Theses are versions installed of Horizon and Django (from EPEL 6.7)
  - openstack-dashboard-2012.2-4.el6.noarch.
  - Django14-1.4.2-2.el6.noarch

Do you recommend I install Horizon from github repository?

Thanks!
2012/12/13 Matthias Runge mailto:mru...@redhat.com>>
On 12/13/2012 12:24 PM, JuanFra Rodriguez Cardoso wrote:
> Hi all:
>
> I'm installing OpenStack Dashboard 2012.2 on CentOS 6.3 and I got next
> error related to css/js compression:
>
Yes, I bet, it's not related with Dashboard, although the error message
tells you so.

Which version are you installing from where? Do you see other issues
with your openstack-installation? Please note, the minimum required set
of OpenStack services running includes the following:

 +   Nova (compute, api, scheduler, network, and volume services)
 +   Glance
 +   Keystone

Instead of nova volume, you could also use cinder volume.

Did you install there and are they working ok?


Matthias


> File "/usr/lib/python2.6/site-packages/django/template/base.py", line
> 837, in render_node
> [Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36] return
> node.render(context)
> [Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36]   File
> "/usr/lib/python2.6/site-packages/compressor/templatetags/compress.py",
> line 147, in render
> [Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36] return
> self.render_compressed(context, self.kind, self.mode, forced=forced)
> [Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36]   File
> "/usr/lib/python2.6/site-packages/compressor/templatetags/compress.py",
> line 88, in render_compressed
> [Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36]
> cached_offline = self.render_offline(context, forced=forced)
> [Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36]   File
> "/usr/lib/python2.6/site-packages/compressor/templatetags/compress.py",
> line 72, in render_offline
> [Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36] 'You may
> need to run "python manage.py compress".' % key)
> [Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36]
> OfflineGenerationError: You have offline compression enabled but key
> "1056718f92f8d4204721bac759b3871a" is missing from offline manifest. You
> may need to run "python manage.py compress".
> [Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36] File does not
> exist: /var/www/html/favicon.ico
>
> any idea for solving it?
>
> Thanks,
> JuanFra.
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : 
> openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>


___
Mailing list: https://launchpad.net/~openstack
Post to : 
openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] OpenStack Dashboard + WebServer

2012-12-13 Thread Gabriel Hurley

The DevStack and Ubuntu configurations run with the Ubuntu distro's default 
version of Apache and modWSGI. Personally I'm also a big fan of NginX. Horizon, 
being a Django/WSGI-compliant application can run behind any webserver that 
supports the Python WSGI standard.

- Gabriel

> -Original Message-
> From: openstack-bounces+gabriel.hurley=nebula@lists.launchpad.net
> [mailto:openstack-
> bounces+gabriel.hurley=nebula@lists.launchpad.net] On Behalf Of
> Andrew Holway
> Sent: Thursday, December 13, 2012 6:39 AM
> To: Desta Haileselassie Hagos
> Cc: openstack@lists.launchpad.net
> Subject: Re: [Openstack] OpenStack Dashboard + WebServer
> 
> Its vanilla apache httpd afaik.
> 
> 
> On Dec 13, 2012, at 3:31 PM, Desta Haileselassie Hagos wrote:
> 
> > Hey guys,
> >
> > What sort of Web Server is behind OpenStack dashboard (horizon)? Is it
> some sort of Apache???
> >
> >
> > Cheers,
> >
> > Desta
> >
> >
> >
> > ___
> > Mailing list: https://launchpad.net/~openstack
> > Post to : openstack@lists.launchpad.net
> > Unsubscribe : https://launchpad.net/~openstack
> > More help   : https://help.launchpad.net/ListHelp
> 
> 
> 
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp



___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] New build dependency on keyring

2012-12-13 Thread Joshua Harlow

+ The right openstack-dev, haha

On 12/13/12 10:06 AM, "Joshua Harlow"  wrote:

>+ Openstack-dev
>
>On 12/13/12 10:05 AM, "Joshua Harlow"  wrote:
>
>>At some point a clear-text password will show up, but that doesn't
>>require
>>said password to always be in clear-text.
>>
>>Think of a remote system that provides said passwords and authenticates
>>the system asking for said password using some private/public key
>>authentication that can be easily revoked (on machine comprise and such).
>>Then u will get a closer view to why it'd be nice to have keys go through
>>a API so that they can be gotten from other sources (to enable such a
>>system to work). The plain-text case is an API, but it restricts it to
>>the
>>simplest one (only plain-text files), other companies (cough cough,
>>yahoo)
>>have different systems.
>>
>>On 12/12/12 9:26 PM, "Sam Morrison"  wrote:
>>
>>>Hi Ken,
>>>
>>>Yeah OK I agree it doesn't make it that much more complex as long as the
>>>dependancy is packaged in the distos which it is.
>>>
>>>I'm still a little confused though.
>>>
>>>If nova needs a clear text password to be able to talk to the DB for
>>>example then it's going to be needing to access this keyring somehow
>>>without human interaction to obtain the password.
>>>How does it do this? Sorry if I'm missing something obvious here.
>>>
>>>Cheers,
>>>Sam
>>>
>>>
>>>
>>>
>>>
>>> 
>>>On 13/12/2012, at 10:16 AM, Ken Thomas  wrote:
>>>
 The short answer is that it gives you extra security... if you wish to
use it.
 
 If you're fine with relying on the file permission of nova.conf,
glance.conf, etc. to keep any baddies from seeing the clear text
passwords in there, then you're right, it doesn't give you anything.
 
 If, on the other hand, you have a large security group that nearly
faints when they see clear text passwords, no matter what the file
permission are, this allows you to move your password into an encrypted
store of your choosing.  Just specify a secure_source that implements
KeyringBackend and you can be as secure as you wish.
 
 The main point is that you don't have to use it and the default
behavior (don't specify a 'secure_source') will be that things behave
exactly as before.  The only real extra complexity is that we'd add an
additional package (keyring) to the dependency list.
 
 As I mentioned originally, there's already some optional keyring usage
in keystone client. It seems like we could have *less* complexity if it
were a hard dependency instead of having the code check if the import
worked or not.
 
 Ken
 
 On 12/12/2012 2:46 PM, Sam Morrison wrote:
> My question is what does this extra dependancy give us apart from
>extra complexity?
> 
> I can't see any enhancement in security with this method?
> 
> Cheers,
> Sam
> 
> 
> 
> On 13/12/2012, at 4:44 AM, Ken Thomas  wrote:
> 
>> Greetings all!
>> 
>> I'm look into using keyring as a way to (optionally) remove clear
>>text passwords from the various config files. (See
>>https://blueprints.launchpad.net/oslo/+spec/pw-keyrings for details.)
>> 
>> One of the comments I got back is that I should have the oslo build
>>dependency on keyring be optional until a consensus is reached that
>>it's okay to add it.  I see that keystoneclient is already doing an
>>"import keyring" and catching the exception if it's not there. I can
>>certainly do something similar, but it seems like it would simplify
>>things if we did just have keyring as a regular hard dependency. You
>>don't have to use it, but it's there if you want it.
>> 
>> So, is this the proper forum to bring this up?
>> 
>> And if so, can we start the ball rolling to get a decision on
>>getting
>>that dependency approved?
>> 
>> Thanks,
>> 
>> Ken
>> 
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
 
>>>
>>>
>>>___
>>>Mailing list: https://launchpad.net/~openstack
>>>Post to : openstack@lists.launchpad.net
>>>Unsubscribe : https://launchpad.net/~openstack
>>>More help   : https://help.launchpad.net/ListHelp
>>
>
>


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] New build dependency on keyring

2012-12-13 Thread Joshua Harlow

+ Openstack-dev

On 12/13/12 10:05 AM, "Joshua Harlow"  wrote:

>At some point a clear-text password will show up, but that doesn't require
>said password to always be in clear-text.
>
>Think of a remote system that provides said passwords and authenticates
>the system asking for said password using some private/public key
>authentication that can be easily revoked (on machine comprise and such).
>Then u will get a closer view to why it'd be nice to have keys go through
>a API so that they can be gotten from other sources (to enable such a
>system to work). The plain-text case is an API, but it restricts it to the
>simplest one (only plain-text files), other companies (cough cough, yahoo)
>have different systems.
>
>On 12/12/12 9:26 PM, "Sam Morrison"  wrote:
>
>>Hi Ken,
>>
>>Yeah OK I agree it doesn't make it that much more complex as long as the
>>dependancy is packaged in the distos which it is.
>>
>>I'm still a little confused though.
>>
>>If nova needs a clear text password to be able to talk to the DB for
>>example then it's going to be needing to access this keyring somehow
>>without human interaction to obtain the password.
>>How does it do this? Sorry if I'm missing something obvious here.
>>
>>Cheers,
>>Sam
>>
>>
>>
>>
>>
>> 
>>On 13/12/2012, at 10:16 AM, Ken Thomas  wrote:
>>
>>> The short answer is that it gives you extra security... if you wish to
>>>use it.
>>> 
>>> If you're fine with relying on the file permission of nova.conf,
>>>glance.conf, etc. to keep any baddies from seeing the clear text
>>>passwords in there, then you're right, it doesn't give you anything.
>>> 
>>> If, on the other hand, you have a large security group that nearly
>>>faints when they see clear text passwords, no matter what the file
>>>permission are, this allows you to move your password into an encrypted
>>>store of your choosing.  Just specify a secure_source that implements
>>>KeyringBackend and you can be as secure as you wish.
>>> 
>>> The main point is that you don't have to use it and the default
>>>behavior (don't specify a 'secure_source') will be that things behave
>>>exactly as before.  The only real extra complexity is that we'd add an
>>>additional package (keyring) to the dependency list.
>>> 
>>> As I mentioned originally, there's already some optional keyring usage
>>>in keystone client. It seems like we could have *less* complexity if it
>>>were a hard dependency instead of having the code check if the import
>>>worked or not.
>>> 
>>> Ken
>>> 
>>> On 12/12/2012 2:46 PM, Sam Morrison wrote:
 My question is what does this extra dependancy give us apart from
extra complexity?
 
 I can't see any enhancement in security with this method?
 
 Cheers,
 Sam
 
 
 
 On 13/12/2012, at 4:44 AM, Ken Thomas  wrote:
 
> Greetings all!
> 
> I'm look into using keyring as a way to (optionally) remove clear
>text passwords from the various config files. (See
>https://blueprints.launchpad.net/oslo/+spec/pw-keyrings for details.)
> 
> One of the comments I got back is that I should have the oslo build
>dependency on keyring be optional until a consensus is reached that
>it's okay to add it.  I see that keystoneclient is already doing an
>"import keyring" and catching the exception if it's not there. I can
>certainly do something similar, but it seems like it would simplify
>things if we did just have keyring as a regular hard dependency. You
>don't have to use it, but it's there if you want it.
> 
> So, is this the proper forum to bring this up?
> 
> And if so, can we start the ball rolling to get a decision on getting
>that dependency approved?
> 
> Thanks,
> 
> Ken
> 
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>>> 
>>
>>
>>___
>>Mailing list: https://launchpad.net/~openstack
>>Post to : openstack@lists.launchpad.net
>>Unsubscribe : https://launchpad.net/~openstack
>>More help   : https://help.launchpad.net/ListHelp
>


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] New build dependency on keyring

2012-12-13 Thread Joshua Harlow

At some point a clear-text password will show up, but that doesn't require
said password to always be in clear-text.

Think of a remote system that provides said passwords and authenticates
the system asking for said password using some private/public key
authentication that can be easily revoked (on machine comprise and such).
Then u will get a closer view to why it'd be nice to have keys go through
a API so that they can be gotten from other sources (to enable such a
system to work). The plain-text case is an API, but it restricts it to the
simplest one (only plain-text files), other companies (cough cough, yahoo)
have different systems.

On 12/12/12 9:26 PM, "Sam Morrison"  wrote:

>Hi Ken,
>
>Yeah OK I agree it doesn't make it that much more complex as long as the
>dependancy is packaged in the distos which it is.
>
>I'm still a little confused though.
>
>If nova needs a clear text password to be able to talk to the DB for
>example then it's going to be needing to access this keyring somehow
>without human interaction to obtain the password.
>How does it do this? Sorry if I'm missing something obvious here.
>
>Cheers,
>Sam
>
>
>
>
>
> 
>On 13/12/2012, at 10:16 AM, Ken Thomas  wrote:
>
>> The short answer is that it gives you extra security... if you wish to
>>use it.
>> 
>> If you're fine with relying on the file permission of nova.conf,
>>glance.conf, etc. to keep any baddies from seeing the clear text
>>passwords in there, then you're right, it doesn't give you anything.
>> 
>> If, on the other hand, you have a large security group that nearly
>>faints when they see clear text passwords, no matter what the file
>>permission are, this allows you to move your password into an encrypted
>>store of your choosing.  Just specify a secure_source that implements
>>KeyringBackend and you can be as secure as you wish.
>> 
>> The main point is that you don't have to use it and the default
>>behavior (don't specify a 'secure_source') will be that things behave
>>exactly as before.  The only real extra complexity is that we'd add an
>>additional package (keyring) to the dependency list.
>> 
>> As I mentioned originally, there's already some optional keyring usage
>>in keystone client. It seems like we could have *less* complexity if it
>>were a hard dependency instead of having the code check if the import
>>worked or not.
>> 
>> Ken
>> 
>> On 12/12/2012 2:46 PM, Sam Morrison wrote:
>>> My question is what does this extra dependancy give us apart from
>>>extra complexity?
>>> 
>>> I can't see any enhancement in security with this method?
>>> 
>>> Cheers,
>>> Sam
>>> 
>>> 
>>> 
>>> On 13/12/2012, at 4:44 AM, Ken Thomas  wrote:
>>> 
 Greetings all!

 I'm look into using keyring as a way to (optionally) remove clear
text passwords from the various config files. (See
https://blueprints.launchpad.net/oslo/+spec/pw-keyrings for details.)

 One of the comments I got back is that I should have the oslo build
dependency on keyring be optional until a consensus is reached that
it's okay to add it.  I see that keystoneclient is already doing an
"import keyring" and catching the exception if it's not there. I can
certainly do something similar, but it seems like it would simplify
things if we did just have keyring as a regular hard dependency. You
don't have to use it, but it's there if you want it.

 So, is this the proper forum to bring this up?

 And if so, can we start the ball rolling to get a decision on getting
that dependency approved?

 Thanks,

 Ken

 ___
 Mailing list: https://launchpad.net/~openstack
 Post to : openstack@lists.launchpad.net
 Unsubscribe : https://launchpad.net/~openstack
 More help   : https://help.launchpad.net/ListHelp
>> 
>
>
>___
>Mailing list: https://launchpad.net/~openstack
>Post to : openstack@lists.launchpad.net
>Unsubscribe : https://launchpad.net/~openstack
>More help   : https://help.launchpad.net/ListHelp

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] devstack + xcp + ubuntu 12.04 does not work any more

2012-12-13 Thread Afef MDHAFFAR

Hi,

It is now impossible to install openstack via devstack on an ubuntu server
12.04 with XCP.
nova-network is not working  - it does not start dnsmasq - Then, bridge
interface (xapi0) is never created.
An RPC timeout is returned when I try to launch a VM, due to the fact that
nova-network never answers queries!
I am trying to install it sine one week - and it does not work.
I used the folsom release as before, that was working fine for me!
Have you updated the folsom release??
Please try to fix this bug as soon as possible!

Thank you,
Afef
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Nova Compute Showing XXX on Compute Node

2012-12-13 Thread Daniel Parker


Hey guys,

I have two servers, one controller and one compute node. Everything is 
working on the compute node itself except for nova-compute. I have 
verified ntp is installed on both servers. Nova.conf is the same on both 
servers, except I added --network_host= on the compute node. Here is the 
output of nova-manage service list:


Binary   Host Zone Status State Updated_At
nova-consoleauth host3 nova enabled:-)   
2012-12-13 16:34:23
nova-certhost3 nova enabled:-)   
2012-12-13 16:34:23
nova-scheduler   host3 nova enabled:-)   
2012-12-13 16:34:23
nova-compute host3 nova enabled:-)   
2012-12-13 16:34:26
nova-volume  host3 nova enabled:-)   
2012-12-13 16:34:23
nova-network host3 nova enabled:-)   
2012-12-13 16:34:24
nova-certhost1 nova enabled:-)   
2012-12-13 16:34:31
nova-scheduler   host1 nova enabled:-)   
2012-12-13 16:34:31
nova-consoleauth host1 nova enabled:-)   
2012-12-13 16:34:31
nova-compute host1 nova enabledXXX   
2012-12-12 19:53:18
nova-volume  host1 nova enabled:-)   
2012-12-13 16:34:31
nova-network host1 nova enabled:-)   
2012-12-13 16:34:31


I have a suspicion that it got corrupted in the service table somehow - 
it was working originally and I was able to spawn an instance on it. 
However, that instance is now 'terminated' but still appears in my 
dashboard. Any ideas? I can post the logs if needed.


Let me know if you need anything else and thanks for any help you can 
provide.


-Danny

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Upcoming wiki migration to Mediawiki

2012-12-13 Thread Anne Gentle

Hi Lloyd,


On Tue, Dec 11, 2012 at 9:03 PM, Lloyd Dewolf  wrote:

> On Fri, Dec 7, 2012 at 12:15 PM, Anne Gentle  wrote:
>
>>
>> tl;dr: Migration of wiki.openstack.org from MoinMoin to Mediawiki
>> commences 12/17.
>>
>
> Yeah for the standard of wikis and wiki markup ... I think :p
>
>
>
>> ... gives us licensed CC-By wiki content.
>>
>
> What's this last part mean?
>
>
>

We want to license wiki content, it is currently indicating an Apache 2.0
blanket license but that's not really accurate. We are narrowing the focus
to make the declaration more understandable and accurate.


> To this end, we have talked with the OpenStack Foundation board about
>> licensing all content CC-By, including the wiki, and they are amenable.]
>>
>
> We may want to go with people agreeing to make any code samples available
> under Apache 2.0 license. The equivalent project code license was my
> experience working on Mozilla projects, and still looks to be the case
> today, http://www.mozilla.org/en-US/about/legal.html
>
>
There aren't any code examples in the wiki that I know of. If you have
examples we can certainly find a way to indicate Apache 2.0 for code, I
don't find this problematic.

Anne


>
> Cheers,
> --
> @lloyddewolf
> http://www.pistoncloud.com/
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Metadata in listing

2012-12-13 Thread Morten Møller Riis

Thanks Chuck.

What I am playing at here is I want to create an rsync like script where I can 
save permissions, owner uid/gid and mode (maybe even xattrs), so that a restore 
will work with these.

Swift makes this very easy with the object metadata - however, running a sync 
would require i HEAD request for each file. I was looking to optimize this.


Med venlig hilsen / Best regards
Morten Møller Riis
m...@gigahost.dk

Gigahost
Gammeltorv 8, 2.
1457 København K




On Dec 13, 2012, at 4:40 PM, Chuck Thier  wrote:

> The metadata for objects is stored at the object level, not in the
> container dbs.  Reporting metadata information for container listings
> would require the server to HEAD every object in the container, which
> would cause too much work on the backend.
> 
> --
> Chuck
> 
> On Wed, Dec 12, 2012 at 7:01 AM, Morten Møller Riis  wrote:
>> Hi Guys
>> 
>> I was wondering if there is any possibility of getting metadata output in
>> the listing when you issue a GET on a container.
>> 
>> At the moment it returns eg.:
>> 
>> 
>> 10620_1b8b2553c6eb9987ff647d69e3181f9eeb3a43ef.jpg
>> e453fcd7ff03e9e0e460555e875b1da1
>> 9272
>> image/jpeg
>> 2012-09-20T23:27:34.473230
>> 
>> 
>> If I have X-Object-Meta-Something on an object it would be nice to see it
>> here as well. I know I can get it by doing a HEAD request. But this gets
>> heavy for many objects.
>> 
>> Any suggestions?
>> 
>> Best regards
>> Morten Møller Riis
>> 
>> 
>> 
>> 
>> 
>> 
>> Med venlig hilsen / Best regards
>> Morten Møller Riis
>> m...@gigahost.dk
>> 
>> Gigahost
>> Gammeltorv 8, 2.
>> 1457 København K
>> 
>> 
>> 
>> 
>> 
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>> 

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Metadata in listing

2012-12-13 Thread Chuck Thier

The metadata for objects is stored at the object level, not in the
container dbs.  Reporting metadata information for container listings
would require the server to HEAD every object in the container, which
would cause too much work on the backend.

--
Chuck

On Wed, Dec 12, 2012 at 7:01 AM, Morten Møller Riis  wrote:
> Hi Guys
>
> I was wondering if there is any possibility of getting metadata output in
> the listing when you issue a GET on a container.
>
> At the moment it returns eg.:
>
> 
> 10620_1b8b2553c6eb9987ff647d69e3181f9eeb3a43ef.jpg
> e453fcd7ff03e9e0e460555e875b1da1
> 9272
> image/jpeg
> 2012-09-20T23:27:34.473230
> 
>
> If I have X-Object-Meta-Something on an object it would be nice to see it
> here as well. I know I can get it by doing a HEAD request. But this gets
> heavy for many objects.
>
> Any suggestions?
>
> Best regards
> Morten Møller Riis
>
>
>
>
>
>
> Med venlig hilsen / Best regards
> Morten Møller Riis
> m...@gigahost.dk
>
> Gigahost
> Gammeltorv 8, 2.
> 1457 København K
>
>
>
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Metadata in listing

2012-12-13 Thread Morten Møller Riis

I looked into the source and the XML/JSON output is hardcoded - so I guess 
there is no chance for getting metadata in listing other than hacking the 
source ;)


Med venlig hilsen / Best regards
Morten Møller Riis
m...@gigahost.dk

Gigahost
Gammeltorv 8, 2.
1457 København K




On Dec 12, 2012, at 2:01 PM, Morten Møller Riis  wrote:

> Hi Guys
> 
> I was wondering if there is any possibility of getting metadata output in the 
> listing when you issue a GET on a container.
> 
> At the moment it returns eg.:
> 
> 
> 10620_1b8b2553c6eb9987ff647d69e3181f9eeb3a43ef.jpg
> e453fcd7ff03e9e0e460555e875b1da1
> 9272
> image/jpeg
> 2012-09-20T23:27:34.473230
> 
> 
> If I have X-Object-Meta-Something on an object it would be nice to see it 
> here as well. I know I can get it by doing a HEAD request. But this gets 
> heavy for many objects.
> 
> Any suggestions?
> 
> Best regards
> Morten Møller Riis
> 
> 
> 
> 
> 
> 
> Med venlig hilsen / Best regards
> Morten Møller Riis
> m...@gigahost.dk
> 
> Gigahost
> Gammeltorv 8, 2.
> 1457 København K
> 
> 
> 
> 
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] 2 Questions: Port 5000 and 35357, glance index

2012-12-13 Thread Gui Maluf

I think 5000 is kind of public port, for external use, and 35357 a private
port for internal use. But probably I'm wrong! :)
Is your OS_AUTH_URL and SERVICE_ENDPOINT defined?
unset one of them and try again.


On Thu, Dec 13, 2012 at 12:54 AM, Hao Wang  wrote:

> Hi Stackers,
>
> What is the difference between the ports 5000 and 35357?
>
> When I run glance command, the error message is as below. I googled the
> message, but no results can address this issue.
> root@Controller:~# glance index
> ID   Name   Disk
> Format  Container Format Size
>  --
>   --
> Error communicating with /v1/images/detail?limit=10: [Errno 111]
> Connection refused
>
> Thanks,
> Howard
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>


-- 
*guilherme* \n
\t *maluf*
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] nova-compute not starting

2012-12-13 Thread Razique Mahroua

Why not hehe, though I must admit it's easier, yes you can have a simpler template :)just copy a libvirt.xml and update the instance name.You could even come up with a small bash script./recover.sh $instance-name that would perform the following steps :• Retrieve the instance name and put it into the  brackets• Run "virsh define "• Restart nova-computevoila :)
Razique Mahroua - Nuage & Corazique.mahr...@gmail.comTel : +33 9 72 37 94 15

Le 13 déc. 2012 à 15:32, Gui Maluf  a écrit :anytime this happend with me I do the following.create a lost_instance.xml with the content below(I think it's possible to create a simpler file, with less content) just to register a VM with libvirt. Make sure to change the  tag. In your case

  instance-002a  4194304  4194304

  4      hvm        

                  destroy  restart

  restart      /usr/bin/kvm      

          

                    

                  

            

      save and exitand then# virsh define lost_instance.xml# service nova-compute restartit's easier then mess with the database.

On Thu, Dec 13, 2012 at 8:56 AM, Razique Mahroua  wrote:

I think the instance ID is the database ID (base 8) encoded in base 16.  0x2A = ID 52 into the database.

Did you updated the ID 52 ?I may be wrong ^^
Razique Mahroua - Nuage & Co

razique.mahr...@gmail.comTel : +33 9 72 37 94 15



Le 13 déc. 2012 à 11:51, Joe Warren-Meeks  a écrit :

It turned out to be that last one. What I don't understand is where openstack found the instance id from. That doesn't exist in the database, or anywhere on the file system I could find.Kind regards


 -- joe.On 13 December 2012 10:27, Razique Mahroua  wrote:


Hey Joe, yes, several solutions thereFirst, check if the domain exists by running


$ virsh list --all (supposing you use libvirt)check /var/lib/nova/instances/instance-002aif the dir. exists $cd into it and run "virsh define libvirt.xml"


then restart nova-computeIf the dir. doesn't exist, you may want to update the nova database,  figure out your instance entry within the "instances" table and update the field "deleted" to 1


Regards,
Razique Mahroua - Nuage & Co




razique.mahr...@gmail.comTel : +33 9 72 37 94 15




Le 12 déc. 2012 à 17:07, Joe Warren-Meeks  a écrit :Hi guys,


You think you have Openstack working, then you cough and it all breaks.I'm getting the following error when trying to start nova-compute after a reboot of the compute node (to install non-related patches)



libvirtError: Domain not found: no domain with matching name 'instance-002a'Now, I've dumped all the DBs to disk and grepped through it for '2a' and grep -R'ed /etc/ and /var/



I can't find any reference to that anywhere, but it is causing nova-compute to fail to start.Anyone know how to fix that? If not, anyone know a cloud platform that isn't made from very thin glass, pre-shattered for your pleasure?



 -- joe.
___Mailing list: https://launchpad.net/~openstackPost to : openstack@lists.launchpad.net


Unsubscribe : https://launchpad.net/~openstackMore help   : https://help.launchpad.net/ListHelp



___
Mailing list: https://launchpad.net/~openstack
Post to     : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp
-- guilherme \n\t maluf

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] New build dependency on keyring

2012-12-13 Thread Ken Thomas


Hey Sam,

Keyring is already in the distros? So I can go ahead and add it as a 
hard dependency to the build when I get this in?


About your question,,, The basic idea is that you can define config keys 
a 'secure', and *if* you provide a 'secure_source', then cfg.py will use 
*your* code to get the value for that key. (See the blueprint mentioned 
in my original message for details.) That means that your nova.conf can 
have something like this:


sql_connection = mysql://nova:$nova_db_password@dbhost:3306/nova

You would then have a plugin that defines nova_db_password as 'secure' 
and your 'secure_source' code can do whatever you wish to return the 
password.  It could pull it from some other clear text source (which 
would be kind of silly; we're trying to get away form that sort of 
thing) or it could extract and decrypt it from someplace else. Yes, 
using keyring's CryptedFileKeyring as your secure_source wouldn't be a 
good idea since it does need human interaction to get a password.  The 
good news is that there are other ways to get and decrypt passwords...


For example, we've got a proprietary secure password package that we use 
throughout our company and we're planning on having a thin layer that 
implements KeyringBackend and talks to that code. It makes our security 
folks happy because it moves the clear text passwords out of nova.conf, 
etc., but will still allow nova to access to passwords to set up things 
like db connections.   I'm afraid I can't go into any details about how 
it does this without human intervention, because (1) I personally don't 
know the details, and (2) if I did, our security team would have to 
shoot me. ;-)


The whole point of this is to provide the flexibility to choose to move 
your passwords elsewhere if you wish. If you do nothing, then it behaves 
exactly as to does today.


Hope that helps!

Ken


On 12/12/2012 9:26 PM, Sam Morrison wrote:

Hi Ken,

Yeah OK I agree it doesn't make it that much more complex as long as the 
dependancy is packaged in the distos which it is.

I'm still a little confused though.

If nova needs a clear text password to be able to talk to the DB for example 
then it's going to be needing to access this keyring somehow without human 
interaction to obtain the password.
How does it do this? Sorry if I'm missing something obvious here.

Cheers,
Sam





  
On 13/12/2012, at 10:16 AM, Ken Thomas  wrote:



The short answer is that it gives you extra security... if you wish to use it.

If you're fine with relying on the file permission of nova.conf, glance.conf, 
etc. to keep any baddies from seeing the clear text passwords in there, then 
you're right, it doesn't give you anything.

If, on the other hand, you have a large security group that nearly faints when 
they see clear text passwords, no matter what the file permission are, this 
allows you to move your password into an encrypted store of your choosing.  
Just specify a secure_source that implements KeyringBackend and you can be as 
secure as you wish.

The main point is that you don't have to use it and the default behavior (don't 
specify a 'secure_source') will be that things behave exactly as before.  The 
only real extra complexity is that we'd add an additional package (keyring) to 
the dependency list.

As I mentioned originally, there's already some optional keyring usage in 
keystone client. It seems like we could have *less* complexity if it were a 
hard dependency instead of having the code check if the import worked or not.

Ken

On 12/12/2012 2:46 PM, Sam Morrison wrote:

My question is what does this extra dependancy give us apart from extra 
complexity?

I can't see any enhancement in security with this method?

Cheers,
Sam



On 13/12/2012, at 4:44 AM, Ken Thomas  wrote:


Greetings all!

I'm look into using keyring as a way to (optionally) remove clear text 
passwords from the various config files. (See 
https://blueprints.launchpad.net/oslo/+spec/pw-keyrings for details.)

One of the comments I got back is that I should have the oslo build dependency on keyring 
be optional until a consensus is reached that it's okay to add it.  I see that 
keystoneclient is already doing an "import keyring" and catching the exception 
if it's not there. I can certainly do something similar, but it seems like it would 
simplify things if we did just have keyring as a regular hard dependency. You don't have 
to use it, but it's there if you want it.

So, is this the proper forum to bring this up?

And if so, can we start the ball rolling to get a decision on getting that 
dependency approved?

Thanks,

Ken

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp



___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.ne

Re: [Openstack] OpenStack Dashboard + WebServer

2012-12-13 Thread Andrew Holway

Its vanilla apache httpd afaik.


On Dec 13, 2012, at 3:31 PM, Desta Haileselassie Hagos wrote:

> Hey guys,
> 
> What sort of Web Server is behind OpenStack dashboard (horizon)? Is it some 
> sort of Apache??? 
> 
> 
> Cheers,
> 
> Desta
> 
> 
> 
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp



___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] OpenStack Dashboard + WebServer

2012-12-13 Thread Syed Armani

Dashboard runs from an apache installation using python's WSGI stack and
Django framework.

--Syed

On Thu, Dec 13, 2012 at 8:01 PM, Desta Haileselassie Hagos <
desta161...@gmail.com> wrote:

> Hey guys,
>
> What sort of Web Server is behind OpenStack dashboard (horizon)? Is it
> some sort of Apache???
>
>
> Cheers,
>
> Desta
>
>
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] nova-compute not starting

2012-12-13 Thread Gui Maluf

anytime this happend with me I do the following.

create a lost_instance.xml with the content below(I think it's possible to
create a simpler file, with less content) just to register a VM with
libvirt. Make sure to change the  tag. In your case



  instance-002a
  4194304
  4194304
  4
  
hvm

  
  



  
  
  destroy
  restart
  restart
  
/usr/bin/kvm

  


  


  


  




  
  


  

  



save and exit

and then
# virsh define lost_instance.xml
# service nova-compute restart

it's easier then mess with the database.



On Thu, Dec 13, 2012 at 8:56 AM, Razique Mahroua
wrote:

> I think the instance ID is the database ID (base 8) encoded in base 16.
>  0x2A = ID 52 into the database.
> Did you updated the ID 52 ?
>
> I may be wrong ^^
>
> *Razique Mahroua** - **Nuage & Co*
> razique.mahr...@gmail.com
> Tel : +33 9 72 37 94 15
>
>
> Le 13 déc. 2012 à 11:51, Joe Warren-Meeks  a
> écrit :
>
> It turned out to be that last one. What I don't understand is where
> openstack found the instance id from. That doesn't exist in the database,
> or anywhere on the file system I could find.
>
> Kind regards
>
>  -- joe.
>
>
> On 13 December 2012 10:27, Razique Mahroua wrote:
>
>> Hey Joe,
>> yes, several solutions there
>> First, check if the domain exists by running
>> $ virsh list --all (supposing you use libvirt)
>>
>> check /var/lib/nova/instances/instance-002a
>> if the dir. exists $cd into it and run "virsh define libvirt.xml"
>> then restart nova-compute
>>
>> If the dir. doesn't exist, you may want to update the nova database,
>>  figure out your instance entry within the "instances" table and update the
>> field "deleted" to 1
>>
>> Regards,
>> *Razique Mahroua** - **Nuage & Co*
>>  razique.mahr...@gmail.com
>> Tel : +33 9 72 37 94 15
>>
>> 
>>
>> Le 12 déc. 2012 à 17:07, Joe Warren-Meeks  a
>> écrit :
>>
>> Hi guys,
>>
>> You think you have Openstack working, then you cough and it all breaks.
>>
>> I'm getting the following error when trying to start nova-compute after a
>> reboot of the compute node (to install non-related patches)
>>
>> libvirtError: Domain not found: no domain with matching name
>> 'instance-002a'
>>
>> Now, I've dumped all the DBs to disk and grepped through it for '2a'
>> and grep -R'ed /etc/ and /var/
>>
>> I can't find any reference to that anywhere, but it is causing
>> nova-compute to fail to start.
>>
>> Anyone know how to fix that? If not, anyone know a cloud platform that
>> isn't made from very thin glass, pre-shattered for your pleasure?
>>
>>  -- joe.
>>
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>>
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>


-- 
*guilherme* \n
\t *maluf*
<>___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] OpenStack Dashboard + WebServer

2012-12-13 Thread Desta Haileselassie Hagos

Hey guys,

What sort of Web Server is behind OpenStack dashboard (horizon)? Is it some
sort of Apache???


Cheers,

Desta
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Removing Orphaned instanced

2012-12-13 Thread Andrew Holway

I set up multi_host and this seems to have fixed the problem.

I suppose is it resource contention on nova-network




On Dec 13, 2012, at 12:01 PM, Andrew Holway wrote:

> Hey
> 
> I grepped out the last hour where I have been doing lots of creating and 
> terminating of instances. OMG there is so much logs. Its like treacle!
> 
> http://gauntlet.sys11.net/logs/compute.log
> 2012-12-13 11:14:23 TRACE nova.openstack.common.rpc.amqp Timeout: Timeout 
> while waiting on RPC response.
> 2012-12-13 11:14:23 TRACE nova.openstack.common.rpc.amqp 
> 2012-12-13 11:14:23 ERROR nova.compute.manager 
> [req-715fd35c-793b-430f-a837-29ed171aa44f 58c4fd56b6924264b914659e7c0ef2f2 
> 88fe447d408d418baad31f681330a648] [instance: 
> 739eed94-e990-4eef-8bef-4c99e49bbc12] Instance failed network setup
> 
> http://gauntlet.sys11.net/logs/scheduler.log
> http://gauntlet.sys11.net/logs/api.log
> http://gauntlet.sys11.net/logs/compute.log
> 
> Ta,
> 
> Andrew
> 
> 
> 
> 
> On Dec 13, 2012, at 11:08 AM, JuanFra Rodriguez Cardoso wrote:
> 
>> Hi Andrew:
>> 
>> Could you include extracts of logs from nova-scheduler, nova-compute or 
>> nova-network where those errors appear?
>> 
>> Thanks.
>> JuanFra.
>> 
>> 2012/12/13 Andrew Holway 
>> Hello,
>> 
>> I have been playing with creating and destroying instances in the GUI.
>> 
>> Sometimes, if I create more than 10 or so, some will get stuck in an error 
>> state. Is this some kind of timeout or something waiting for the image file 
>> perhaps?
>> 
>> Thanks,
>> 
>> Andrew
>> 
>> 
>> 
>> 
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>> 
> 
> 
> 
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp



___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] instance is stopped automatically

2012-12-13 Thread 韦远科

hi all,

I installed openstack(Folsom) on ubuntu 12.04. Everythiong seems to be ok.
instance can be started, but after sometime the instance will automatically
stopped.

in the log:
*DEBUG:nova.openstack.common.rpc.amqp:received* {u'_context_roles':
[u'admin'], u'_context_request_id':
u'req-035e4954-94fd-4050-bccf-4b87de89366a', ... ... u'_context_timestamp':
u'2012-12-13T12:37:29.488625', u'_context_read_deleted': u'no',
u'_context_user_id': None, *u'method': u'stop_instance'*,
u'_context_remote_address': None}


what might be the problem?
3ks

wei
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] instance cannot access external network (folsom quantum)

2012-12-13 Thread Gary Kotton


On 12/13/2012 12:07 PM, ZhiQiang Fan wrote:

i can ping and ssh into instance with private ip and floating ip
instance can ping the control node ip, but cannot ping the compute 
node and any external network


In order to be able to help would it be possible that you provide IP 
addresses and maybe a bit of understanding about your topology.


Basically is there a route from the VM ip address to the IP address of 
the compute node?


In addition to this can you please let us know which plugin you are using?

Thanks
Gary


i have installed quantum in the control node host, and it only got 1 
nic (same as compute node), and use eth0:0 and eth0:1 to vitualize 2 
other nic (eth0:0 on compute node)


i use tcpdump on control node and compute node to monitor package from 
instance, actually compute node will reply the icmp package but with 
destination of instance private ip, since compute node has no route to 
that network, it failed and no package receive on control node nic. 
but when i add route via control node, it can reply to insance as expected
then i use tcpdump on control node and instance to monitor package to 
the floating ip, instance got nothing but control node captured the 
package and reply it instead of instance


so i think the problem may be that the control node will not modify 
the source ip when forwad the icmp package, more exactly, the nat 
functionality is not enabled?


and i try some other command such as "iptables -t nat -A POSTROUTING 
-o eth0 -j MASQUERADE" but it is not working


i'll paste some output if anyone needs
thanks



___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Horizon - OfflineGenerationError

2012-12-13 Thread JuanFra Rodriguez Cardoso

Hi Matthias:

Thanks for replying. Rest of openstack services are working ok.

Theses are versions installed of Horizon and Django (from EPEL 6.7)
  - openstack-dashboard-2012.2-4.el6.noarch.
  - Django14-1.4.2-2.el6.noarch

Do you recommend I install Horizon from github repository?

Thanks!

2012/12/13 Matthias Runge 

> On 12/13/2012 12:24 PM, JuanFra Rodriguez Cardoso wrote:
> > Hi all:
> >
> > I'm installing OpenStack Dashboard 2012.2 on CentOS 6.3 and I got next
> > error related to css/js compression:
> >
>
> Yes, I bet, it's not related with Dashboard, although the error message
> tells you so.
>
> Which version are you installing from where? Do you see other issues
> with your openstack-installation? Please note, the minimum required set
> of OpenStack services running includes the following:
>
>  +   Nova (compute, api, scheduler, network, and volume services)
>  +   Glance
>  +   Keystone
>
> Instead of nova volume, you could also use cinder volume.
>
> Did you install there and are they working ok?
>
>
> Matthias
>
>
> > File "/usr/lib/python2.6/site-packages/django/template/base.py", line
> > 837, in render_node
> > [Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36] return
> > node.render(context)
> > [Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36]   File
> > "/usr/lib/python2.6/site-packages/compressor/templatetags/compress.py",
> > line 147, in render
> > [Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36] return
> > self.render_compressed(context, self.kind, self.mode, forced=forced)
> > [Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36]   File
> > "/usr/lib/python2.6/site-packages/compressor/templatetags/compress.py",
> > line 88, in render_compressed
> > [Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36]
> > cached_offline = self.render_offline(context, forced=forced)
> > [Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36]   File
> > "/usr/lib/python2.6/site-packages/compressor/templatetags/compress.py",
> > line 72, in render_offline
> > [Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36] 'You may
> > need to run "python manage.py compress".' % key)
> > [Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36]
> > OfflineGenerationError: You have offline compression enabled but key
> > "1056718f92f8d4204721bac759b3871a" is missing from offline manifest. You
> > may need to run "python manage.py compress".
> > [Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36] File does not
> > exist: /var/www/html/favicon.ico
> >
> > any idea for solving it?
> >
> > Thanks,
> > JuanFra.
> >
> >
> > ___
> > Mailing list: https://launchpad.net/~openstack
> > Post to : openstack@lists.launchpad.net
> > Unsubscribe : https://launchpad.net/~openstack
> > More help   : https://help.launchpad.net/ListHelp
> >
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Horizon - OfflineGenerationError

2012-12-13 Thread Matthias Runge

On 12/13/2012 12:24 PM, JuanFra Rodriguez Cardoso wrote:
> Hi all:
> 
> I'm installing OpenStack Dashboard 2012.2 on CentOS 6.3 and I got next
> error related to css/js compression:
> 

Yes, I bet, it's not related with Dashboard, although the error message
tells you so.

Which version are you installing from where? Do you see other issues
with your openstack-installation? Please note, the minimum required set
of OpenStack services running includes the following:

 +   Nova (compute, api, scheduler, network, and volume services)
 +   Glance
 +   Keystone

Instead of nova volume, you could also use cinder volume.

Did you install there and are they working ok?


Matthias


> File "/usr/lib/python2.6/site-packages/django/template/base.py", line
> 837, in render_node
> [Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36] return
> node.render(context)
> [Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36]   File
> "/usr/lib/python2.6/site-packages/compressor/templatetags/compress.py",
> line 147, in render
> [Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36] return
> self.render_compressed(context, self.kind, self.mode, forced=forced)
> [Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36]   File
> "/usr/lib/python2.6/site-packages/compressor/templatetags/compress.py",
> line 88, in render_compressed
> [Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36]
> cached_offline = self.render_offline(context, forced=forced)
> [Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36]   File
> "/usr/lib/python2.6/site-packages/compressor/templatetags/compress.py",
> line 72, in render_offline
> [Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36] 'You may
> need to run "python manage.py compress".' % key)
> [Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36]
> OfflineGenerationError: You have offline compression enabled but key
> "1056718f92f8d4204721bac759b3871a" is missing from offline manifest. You
> may need to run "python manage.py compress".
> [Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36] File does not
> exist: /var/www/html/favicon.ico
> 
> any idea for solving it?
> 
> Thanks,
> JuanFra.
> 
> 
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
> 


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Horizon - OfflineGenerationError

2012-12-13 Thread JuanFra Rodriguez Cardoso

Hi all:

I'm installing OpenStack Dashboard 2012.2 on CentOS 6.3 and I got next
error related to css/js compression:

File "/usr/lib/python2.6/site-packages/django/template/base.py", line 837,
in render_node
[Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36] return
node.render(context)
[Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36]   File
"/usr/lib/python2.6/site-packages/compressor/templatetags/compress.py",
line 147, in render
[Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36] return
self.render_compressed(context, self.kind, self.mode, forced=forced)
[Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36]   File
"/usr/lib/python2.6/site-packages/compressor/templatetags/compress.py",
line 88, in render_compressed
[Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36] cached_offline
= self.render_offline(context, forced=forced)
[Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36]   File
"/usr/lib/python2.6/site-packages/compressor/templatetags/compress.py",
line 72, in render_offline
[Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36] 'You may need
to run "python manage.py compress".' % key)
[Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36]
OfflineGenerationError: You have offline compression enabled but key
"1056718f92f8d4204721bac759b3871a" is missing from offline manifest. You
may need to run "python manage.py compress".
[Thu Dec 13 11:58:37 2012] [error] [client 192.10.1.36] File does not
exist: /var/www/html/favicon.ico

any idea for solving it?

Thanks,
JuanFra.
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] "multi-host" mode in quantum

2012-12-13 Thread Heiko Krämer

Hey Guys,

it's a good point. I hope this option will include in Grizzly. We get
now (since the switch to Quantum) network I/O bottlenecks without using
all NIC's of our nodes.
So I'm looking forward to Grizzly 

Greetings
Heiko

Am 12.12.2012 17:11, schrieb Gary Kotton:
> On 12/12/2012 05:58 PM, Xin Zhao wrote:
>> Hello,
>>
>> If I understand it correctly, multi-host network mode is not
>> supported (yet) in quantum in Folsom.
>> I wonder what's the recommended way of running multiple network nodes
>> (for load balancing and
>> bandwidth concerns) in quantum?  Any documentation links will be
>> appreciated.
>
> At the moment this is in discussion upstream. It is currently not
> supported but we are hoping to have support for this in grizzly.
>>
>> Thanks,
>> Xin
>>
>>
>>
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>
>
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Removing Orphaned instanced

2012-12-13 Thread Andrew Holway

Hey

I grepped out the last hour where I have been doing lots of creating and 
terminating of instances. OMG there is so much logs. Its like treacle!

http://gauntlet.sys11.net/logs/compute.log
2012-12-13 11:14:23 TRACE nova.openstack.common.rpc.amqp Timeout: Timeout while 
waiting on RPC response.
2012-12-13 11:14:23 TRACE nova.openstack.common.rpc.amqp 
2012-12-13 11:14:23 ERROR nova.compute.manager 
[req-715fd35c-793b-430f-a837-29ed171aa44f 58c4fd56b6924264b914659e7c0ef2f2 
88fe447d408d418baad31f681330a648] [instance: 
739eed94-e990-4eef-8bef-4c99e49bbc12] Instance failed network setup

http://gauntlet.sys11.net/logs/scheduler.log
http://gauntlet.sys11.net/logs/api.log
http://gauntlet.sys11.net/logs/compute.log

Ta,

Andrew




On Dec 13, 2012, at 11:08 AM, JuanFra Rodriguez Cardoso wrote:

> Hi Andrew:
> 
> Could you include extracts of logs from nova-scheduler, nova-compute or 
> nova-network where those errors appear?
> 
> Thanks.
> JuanFra.
> 
> 2012/12/13 Andrew Holway 
> Hello,
> 
> I have been playing with creating and destroying instances in the GUI.
> 
> Sometimes, if I create more than 10 or so, some will get stuck in an error 
> state. Is this some kind of timeout or something waiting for the image file 
> perhaps?
> 
> Thanks,
> 
> Andrew
> 
> 
> 
> 
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
> 



___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] nova-compute not starting

2012-12-13 Thread Razique Mahroua

I think the instance ID is the database ID (base 8) encoded in base 16.  0x2A = ID 52 into the database.Did you updated the ID 52 ?I may be wrong ^^
Razique Mahroua - Nuage & Corazique.mahr...@gmail.comTel : +33 9 72 37 94 15

Le 13 déc. 2012 à 11:51, Joe Warren-Meeks  a écrit :It turned out to be that last one. What I don't understand is where openstack found the instance id from. That doesn't exist in the database, or anywhere on the file system I could find.Kind regards
 -- joe.On 13 December 2012 10:27, Razique Mahroua  wrote:
Hey Joe, yes, several solutions thereFirst, check if the domain exists by running
$ virsh list --all (supposing you use libvirt)check /var/lib/nova/instances/instance-002aif the dir. exists $cd into it and run "virsh define libvirt.xml"
then restart nova-computeIf the dir. doesn't exist, you may want to update the nova database,  figure out your instance entry within the "instances" table and update the field "deleted" to 1
Regards,
Razique Mahroua - Nuage & Co
razique.mahr...@gmail.comTel : +33 9 72 37 94 15


Le 12 déc. 2012 à 17:07, Joe Warren-Meeks  a écrit :Hi guys,
You think you have Openstack working, then you cough and it all breaks.I'm getting the following error when trying to start nova-compute after a reboot of the compute node (to install non-related patches)

libvirtError: Domain not found: no domain with matching name 'instance-002a'Now, I've dumped all the DBs to disk and grepped through it for '2a' and grep -R'ed /etc/ and /var/

I can't find any reference to that anywhere, but it is causing nova-compute to fail to start.Anyone know how to fix that? If not, anyone know a cloud platform that isn't made from very thin glass, pre-shattered for your pleasure?

 -- joe.
___Mailing list: https://launchpad.net/~openstackPost to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstackMore help   : https://help.launchpad.net/ListHelp

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] nova-compute not starting

2012-12-13 Thread Joe Warren-Meeks

It turned out to be that last one. What I don't understand is where
openstack found the instance id from. That doesn't exist in the database,
or anywhere on the file system I could find.

Kind regards

 -- joe.


On 13 December 2012 10:27, Razique Mahroua wrote:

> Hey Joe,
> yes, several solutions there
> First, check if the domain exists by running
> $ virsh list --all (supposing you use libvirt)
>
> check /var/lib/nova/instances/instance-002a
> if the dir. exists $cd into it and run "virsh define libvirt.xml"
> then restart nova-compute
>
> If the dir. doesn't exist, you may want to update the nova database,
>  figure out your instance entry within the "instances" table and update the
> field "deleted" to 1
>
> Regards,
> *Razique Mahroua** - **Nuage & Co*
> razique.mahr...@gmail.com
> Tel : +33 9 72 37 94 15
>
>
> Le 12 déc. 2012 à 17:07, Joe Warren-Meeks  a
> écrit :
>
> Hi guys,
>
> You think you have Openstack working, then you cough and it all breaks.
>
> I'm getting the following error when trying to start nova-compute after a
> reboot of the compute node (to install non-related patches)
>
> libvirtError: Domain not found: no domain with matching name
> 'instance-002a'
>
> Now, I've dumped all the DBs to disk and grepped through it for '2a'
> and grep -R'ed /etc/ and /var/
>
> I can't find any reference to that anywhere, but it is causing
> nova-compute to fail to start.
>
> Anyone know how to fix that? If not, anyone know a cloud platform that
> isn't made from very thin glass, pre-shattered for your pleasure?
>
>  -- joe.
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
>
<>___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [SWIFT] Upgrade from 1.4.8 to 1.7.4 question

2012-12-13 Thread YuXingchao


I think you'd better build a test environment and try it out. We have a 
experience in upgrading the 1.4.9 to 1.7.4 and encounter some problems.

在 2012-12-12，上午6:25，Alejandro Comisario  
写道：

> Hi guys, we are planning to upgrade our production cluster from 1.4.8 to 
> 1.7.4 to have the several features of the new version.
> One of the main doubts before dive into this task is as follow :
> 
> Is it possible to use SWIFT 1.7.4 with Keystone/ESSEX ? Or is MUST to have 
> Keystone from Folsom release ?
> 
> Thanks in advance !
> 
> 
> Alejandrito
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp



___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] nova-compute not starting

2012-12-13 Thread Razique Mahroua

Hey Joe, yes, several solutions thereFirst, check if the domain exists by running$ virsh list --all (supposing you use libvirt)check /var/lib/nova/instances/instance-002aif the dir. exists $cd into it and run "virsh define libvirt.xml"then restart nova-computeIf the dir. doesn't exist, you may want to update the nova database,  figure out your instance entry within the "instances" table and update the field "deleted" to 1Regards,
Razique Mahroua - Nuage & Corazique.mahr...@gmail.comTel : +33 9 72 37 94 15

Le 12 déc. 2012 à 17:07, Joe Warren-Meeks  a écrit :Hi guys,You think you have Openstack working, then you cough and it all breaks.I'm getting the following error when trying to start nova-compute after a reboot of the compute node (to install non-related patches)
libvirtError: Domain not found: no domain with matching name 'instance-002a'Now, I've dumped all the DBs to disk and grepped through it for '2a' and grep -R'ed /etc/ and /var/
I can't find any reference to that anywhere, but it is causing nova-compute to fail to start.Anyone know how to fix that? If not, anyone know a cloud platform that isn't made from very thin glass, pre-shattered for your pleasure?
 -- joe.
___Mailing list: https://launchpad.net/~openstackPost to : openstack@lists.launchpad.netUnsubscribe : https://launchpad.net/~openstackMore help   : https://help.launchpad.net/ListHelp___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] New build dependency on keyring

2012-12-13 Thread Thierry Carrez

Ken Thomas wrote:
> Greetings all!
> 
> I'm look into using keyring as a way to (optionally) remove clear text
> passwords from the various config files. (See
> https://blueprints.launchpad.net/oslo/+spec/pw-keyrings for details.)
> [...]

This is a development topic, a better fit for the openstack-dev
mailing-list.

-- 
Thierry Carrez (ttx)
Committee for the Usage of the Right Mailing-lists

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Metadata in listing

2012-12-13 Thread Morten Møller Riis

Hi Guys

I was wondering if there is any possibility of getting metadata output in the 
listing when you issue a GET on a container.

At the moment it returns eg.:


10620_1b8b2553c6eb9987ff647d69e3181f9eeb3a43ef.jpg
e453fcd7ff03e9e0e460555e875b1da1
9272
image/jpeg
2012-09-20T23:27:34.473230


If I have X-Object-Meta-Something on an object it would be nice to see it here 
as well. I know I can get it by doing a HEAD request. But this gets heavy for 
many objects.

Any suggestions?

Best regards
Morten Møller Riis






Med venlig hilsen / Best regards
Morten Møller Riis
m...@gigahost.dk

Gigahost
Gammeltorv 8, 2.
1457 København K




___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] nova-compute not starting

2012-12-13 Thread Joe Warren-Meeks

Hi guys,

You think you have Openstack working, then you cough and it all breaks.

I'm getting the following error when trying to start nova-compute after a
reboot of the compute node (to install non-related patches)

libvirtError: Domain not found: no domain with matching name
'instance-002a'

Now, I've dumped all the DBs to disk and grepped through it for '2a'
and grep -R'ed /etc/ and /var/

I can't find any reference to that anywhere, but it is causing nova-compute
to fail to start.

Anyone know how to fix that? If not, anyone know a cloud platform that
isn't made from very thin glass, pre-shattered for your pleasure?

 -- joe.
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Packagers] Adding psutils as a dependency for nova

2012-12-13 Thread Thierry Carrez

Michael Still wrote:
> Stand down. Padraig has suggested a better way.

Also note that new dependency discussions are a better fit for
openstack-dev.

-- 
Thierry Carrez (ttx)
Committee for the Usage of the Right Mailing-lists

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] instance cannot access external network (folsom quantum)

2012-12-13 Thread ZhiQiang Fan

i can ping and ssh into instance with private ip and floating ip
instance can ping the control node ip, but cannot ping the compute node and
any external network

i have installed quantum in the control node host, and it only got 1 nic
(same as compute node), and use eth0:0 and eth0:1 to vitualize 2 other nic
(eth0:0 on compute node)

i use tcpdump on control node and compute node to monitor package from
instance, actually compute node will reply the icmp package but with
destination of instance private ip, since compute node has no route to that
network, it failed and no package receive on control node nic. but when i
add route via control node, it can reply to insance as expected
then i use tcpdump on control node and instance to monitor package to the
floating ip, instance got nothing but control node captured the package and
reply it instead of instance

so i think the problem may be that the control node will not modify the
source ip when forwad the icmp package, more exactly, the nat functionality
is not enabled?

and i try some other command such as "iptables -t nat -A POSTROUTING -o
eth0 -j MASQUERADE" but it is not working

i'll paste some output if anyone needs
thanks
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Removing Orphaned instanced

2012-12-13 Thread JuanFra Rodriguez Cardoso

Hi Andrew:

Could you include extracts of logs from nova-scheduler, nova-compute or
nova-network where those errors appear?

Thanks.
JuanFra.

2012/12/13 Andrew Holway 

> Hello,
>
> I have been playing with creating and destroying instances in the GUI.
>
> Sometimes, if I create more than 10 or so, some will get stuck in an error
> state. Is this some kind of timeout or something waiting for the image file
> perhaps?
>
> Thanks,
>
> Andrew
>
>
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Removing Orphaned instanced

2012-12-13 Thread Andrew Holway

Hello,

I have been playing with creating and destroying instances in the GUI.

Sometimes, if I create more than 10 or so, some will get stuck in an error 
state. Is this some kind of timeout or something waiting for the image file 
perhaps?

Thanks,

Andrew




___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [OpenStack] Remove unsed network on host with nova-network

2012-12-13 Thread Édouard Thuleau

Hi Vish,

The code was merge to the master
(https://github.com/openstack/nova/commit/d5b91dd39bd89eed98742cd02ea604a842a45447)
yesterday.

But the bug with rule removal wasn't fix. I'll open a bug. But I try
to investigate it and I don't find the problem.
Could you help me ?

Regards,
Édouard.

On Fri, Dec 7, 2012 at 6:45 PM, Édouard Thuleau  wrote:
> The code doesn't make lot of change to the nova network manager code. It
> modifies principally the linux_net driver code.
>
> And I don't think we can consider it like a new feature. I think it's more a
> bug fix.
>
> In VLAN manger mode, if we plan to carry 4000 tenants in our cloud, we need
> to use 4000 networks and, consequently, 4000 VLANs on all the datacenter
> network. But the actual switch equipment cannot carry a trunk of 4000 VLAN
> to all compute host (for example, Cisco Nexus 5500 can not enabled more than
> 32000 logical interfaces[1] (= TRUNKS x VLANS + ACCESS_PORTS [2])).
> If nova network tear down unused networks, it would be possible to plug a
> mechanism on it to delete unused VLAN on the switch port. And we can
> provisioning dynamically VLANs on switch ports and don't exceed the logical
> interface limitation of networks equipments.
>
> [1]http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/configuration_limits/limits_513/nexus_5000_config_limits_513.html#wp344401
> [2]
> http://jpmcauley.com/2011/06/23/vlan-port-instance-limitation-on-cisco-ucs/
>
>
>
> On Mon, Dec 3, 2012 at 11:50 PM, Vishvananda Ishaya 
> wrote:
>>
>> FYI, this patch is probably something bigger than we can merge.
>> Nova-network is supposed to just be in maintenance mode and
>> not getting big new features. Small features are ok, but this one changes
>> a lot of lines.
>>
>> Not sure what is up with your rule removal. Perhaps there are multiple
>> copies of the added rules so they aren't being deleted properly? In fact,
>> that may be a bug. It looks like plug is called for each vm so we might end
>> up with multiple copies of the isolation rules.
>>
>> Vish
>>
>> On Dec 3, 2012, at 6:34 AM, Édouard Thuleau  wrote:
>>
>> Hi Vish,
>>
>> I made a patch to implement that with the VLAN manager:
>> https://review.openstack.org/#/c/17352/
>>
>> I put a lock on methods '_setup_network_on_host' and
>> '_teardown_network_on_host' of class 'VlanManager' and I reused (and
>> renamed) the locks already defined in class 'LinuxBridgeInterfaceDriver'
>> when a bridge or VLAN is created ('ensure_vlan' => 'lock_vlan' and
>> 'unsure_bridge' => 'lock_bridge'). Do you think is enough to prevent any
>> race condition ?
>>
>> I've got a bug. I create method '_remove_dnsmasq_accept_rules' to remove
>> filter rules for DHCP server but when I call it, nothing is deleted. Could
>> you help me to resolve that ? And I've got the same problem sometimes with
>> method 'remove_isolate_dhcp_address'. The ebtables rules are correctly
>> deleted but not  for iptables rules.
>>
>> I didn't delete a network bridge if it handles VPN forward rules of the
>> private network even if no VM use this gateway on the host. But if a network
>> is deleted, nothing will tear down this gateway.
>> I think I found another bug. If network host must handle the VPN forward
>> rules for a private network and if we restart it, it should instantiate a
>> gateway on this private network and add VPN forward rules even if no VM use
>> this gateway on the host. But actually  it doesn't do that. Perhaps, the
>> method 'db.network_get_all_by_host' use in 'init-host' must return the
>> network in this case ?
>>
>> I only implement this for the multi hosted networks with the VLAN manger.
>> I think isn't useful to add this on the multi hosted network with the Flat
>> DHCP manager because, in this mode, only one multi hosted network is created
>> for all instances of all tenants.
>>
>> Regards,
>> Édouard.
>>
>> On Wed, Nov 21, 2012 at 12:49 AM, Vishvananda Ishaya
>>  wrote:
>> > The only reason this is not done is that it makes the setup simpler. We
>> > don't have to worry about potential races between setting up and tearing
>> > down interfaces. It probably wouldn't be incredibly difficult to make a
>> > patch that would remove them, but you will likely have to do some
>> > creative
>> > locking to make sure that you don't run into issues.
>> >
>> > Vish
>> >
>> > On Nov 20, 2012, at 9:25 AM, Édouard Thuleau  wrote:
>> >
>> >> Hi all,
>> >>
>> >> I use nova-network with VLAN manager.
>> >>
>> >> Why nova-network doesn't remove unused network interfaces on a host ?
>> >>
>> >> ie, if none VM on a host have a fixed IP attach to network X, the VLAN
>> >> and bridge of this network still up and unused. And 'dnsmasq' process
>> >> still listen and running.
>> >>
>> >> The number of unused network interfaces will grow over time.
>> >> In the VLAN mode, this number could be 4000 x 2 unused interfaces and
>> >> 4000 unused 'dnsmasq' processes (in worth case).
>> >>
>> >> Can it lead to decrease the kernel performance ?
>>

44 matches

Mail list logo