Re: [Openstack] quantum l2 networks

2013-06-07 Thread Aaron Rosen 
Hi Joe,

I thought setting firewall_driver =
quantum.agent.firewall.NoopFirewallDriver would do the trick? Also, the ovs
plugin does not do any mac spoof filtering at the OVS level. Those are all
done in iptables.

Aaron

On Fri, Jun 7, 2013 at 8:22 PM, Joe Breu  wrote:

> Hello,
>
> Is there a way to create a quantum l2 network using OVS that does not have
> MAC and IP spoofing enabled either in iptables or OVS?  One workaround that
> we found was to set the OVS plugin firewall_driver =
> quantum.agent.firewall.NoopFirewallDriver to security_group_api=nova
> however this is far from ideal and doesn't solve the problem of MAC spoof
> filtering at the OVS level.
>
> Thanks for any help
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] quantum l2 networks

2013-06-07 Thread Joe Breu 
Hello,

Is there a way to create a quantum l2 network using OVS that does not have MAC 
and IP spoofing enabled either in iptables or OVS?  One workaround that we 
found was to set the OVS plugin firewall_driver = 
quantum.agent.firewall.NoopFirewallDriver to security_group_api=nova however 
this is far from ideal and doesn't solve the problem of MAC spoof filtering at 
the OVS level.

Thanks for any help


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] OpenStack Community Weekly Newsletter (May 31 – June 7)

2013-06-07 Thread Stefano Maffulli 


 OpenStack 2013.1.2 released
 


The OpenStack Stable Maintenance team is happy to announce the release 
of the 2013.1.2 stable Grizzly release. We have been busy reviewing and 
accepting backported bugfixes to the stable/grizzly branches. A total of 
80 bugs have been fixed across all core projects.



 *OpenStack “I” ***release**naming**
 

The next release cycle for OpenStack, starting in November 2013 after we 
conclude the current *release* cycle (“Havana”) will be called Icehouse. 




 Open Source Sysadmin: Reorganization of the OpenStack
 Infrastructure Docs 

The OpenStack Infrastructure team is constantly evolving its 
documentation to make it easier for new contributors to join the team. 
Last week documentation for the OpenStack Project Infrastructure 
 was reorganised “to re-orient the 
documentation as an introduction for new contributors and a reference 
for all contributors.” All of the CI tools are open source, the puppet 
and other configurations are all hosted in public revision control 
 and any changes submitted 
are made by the same process all other changes in OpenStack are made 
. They go through 
automated tests in Jenkins to test applicable syntax and other 
formatting and the code changes submitted are reviewed by peers and 
approved by members of the infrastructure team. This has made it super 
easy it is for the team to collaborate on changes and offer suggestions 
(much better than endless pastebins or sharing a screen session with a 
fellow sysadmin!), plus with all changes in revision control it’s easy 
to track down where things went wrong and revert as necessary.



 Enter OpenStack’s T-shirt Design Contest!
 


*Show us your creative talent & submit an original design for our 2013 
OpenStack T-shirt Design Contest! Winning design will be announced the 
last week in August 2013. **Details on **OpenStack blog 
.*



 Async I/O and Python
 

When you’re working on OpenStack, you’ll probably hear a lot of 
references to ‘async I/O’ and how eventlet is the library we use for 
this in OpenStack. But, well … what exactly is this mysterious 
‘asynchronous I/O’ thing? Read it from Mark McLoughlin 
.



 Ceph integration in OpenStack: Grizzly update and roadmap for
 Havana
 


Sébastien Han  wrote a summary of the sessions 
about Ceph integration with OpenStack. His post contains details about 
upcoming features and a roadmap.



 OpenStack-Docker: How to manage your Linux Containers with Nova
 


A new approach to manage Linux Containers (LXC) within OpenStack 
Compute. The Docker project released a driver to deploy LXC with Docker, 
with multiple advantages over the “normal” virtual machines usually 
deployed by Nova. Those advantages are speed, efficiency, and 
portability. Details and links to the code on How to manage your Linux 
Containers with Nova 
.



   Tips ‘n Tricks

 * By Adam Young : Keystone test coverage
   
 * By Everett Toews : Swift/Cloud Files Cross
   Origin Resource Sharing Container with jclouds
   

 * By Aaron Rosen : OpenStack Interface
   Hot Plugging
   


   OpenStack In The Wild

 * Live Person OpenStack Usage Case Study
   


   Upcoming Events

 * OpenStack Meetup Chennai
    Jun
   08, 2013 – Chennai, India Details
   
 * OpenStack meeting in Munich
    Jun 10, 2013
   – Munich, Germany Details
   
 * Cloud Expo East 2013  Jun 10 –
   13, 20

[Openstack] Quantum VLAN / GRE-node

2013-06-07 Thread Kannan, Hari 
Slightly off topic question - as I'm fairly new to O~S

What is the use case scenario for preference towards GRE vs VLAN? I would have 
thought GRE is "more" preferable as it doesn't require external h/w 
configuration as well as doesn't come with the VLAN scalability limitations 
etc..

What is a "preferred" deployment model? Why would I choose one over the other??

Hari

From: Openstack 
[mailto:openstack-bounces+hari.kannan=hp@lists.launchpad.net] On Behalf Of 
Aaron Rosen
Sent: Wednesday, June 05, 2013 3:26 AM
To: Chu Duc Minh
Cc: openstack@lists.launchpad.net
Subject: Re: [Openstack] Quantum VLAN tag mismatch between Network-node and 
Compute-node

Hi,

Those vlan tags you are showing are not the actual tags that will be seen on 
the wire. Those tags are auto incremented and used for each new port that lands 
on a server that is in a different network. If you run ovs-ofctl dump-flows 
br-int you'll see those vlan tags are stripped off and the correct one is added.


Look here 
https://github.com/openstack/quantum/blob/master/quantum/plugins/openvswitch/agent/ovs_quantum_agent.py#L326
 if your curious about what's going on.

Aaron

On Wed, Jun 5, 2013 at 2:25 AM, Chu Duc Minh 
mailto:chu.ducm...@gmail.com>> wrote:
Hi, i'm converting from GRE tunnel to VLAN tagging, and deleted all old 
project/user/net/subnet.

in file /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini @ all nodes, I 
already set:
network_vlan_ranges = physnet1:2:4094
When I create a new net:
+---+--+
| Field | Value|
+---+--+
| admin_state_up| True |
| id| 6d7b116e-be0b-4019-8769-a50a9ca13406 |
| name  | net_proj_one |
| provider:network_type | vlan |
| provider:physical_network | physnet1 |
| provider:segmentation_id  | 2|
| router:external   | False|
| shared| False|
| status| ACTIVE   |
| subnets   | 959fe9e0-a79d-4d0f-8040-ebfab26d8182 |
| tenant_id | 29ba82e97f374492a4ca02c62eb0a953 |
+---+--+

But when i show in network-node:
# ovs-vsctl show
...
Bridge br-int
Port "tapdddef664-ee"
tag: 1
Interface "tapdddef664-ee"
type: internal
Port "qr-f9ba0308-2c"
tag: 1
Interface "qr-f9ba0308-2c"
type: internal
Port "int-br-eth0"
Interface "int-br-eth0"
Port br-int
Interface br-int
type: internal
Bridge "br-eth0"
Port "br-eth0"
Interface "br-eth0"
type: internal
Port "phy-br-eth0"
Interface "phy-br-eth0"
Port "eth0"
Interface "eth0"

interface for router & dhcp created are created in VLAN 1 (wrong! it should be 
created with VLAN 2)
I try to find in config and database, but i can't found which setting that 
start with VLAN 1.

Because of VLAN tag mismatch, I can't access to VM instance.
Another weird thing is on compute node, tag is not constant when i 
create/terminate new instance:
# ovs-vsctl show
a9900940-f882-42f8-9b7c-9b42393ed8a4
Bridge "qbred613362-fe"
Port "qvbed613362-fe"
Interface "qvbed613362-fe"
Port "qbred613362-fe"
Interface "qbred613362-fe"
type: internal
Port "taped613362-fe"
Interface "taped613362-fe"
Bridge "br-eth1"
Port "eth1"
Interface "eth1"
Port "br-eth1"
Interface "br-eth1"
type: internal
Port "phy-br-eth1"
Interface "phy-br-eth1"
Bridge br-int
Port br-int
Interface br-int
type: internal
Port "qvo9816466e-22"
tag: 5
Interface "qvo9816466e-22"
Port "int-br-eth1"
Interface "int-br-eth1"
Port "qvoed613362-fe"
tag: 5
Interface "qvoed613362-fe"
Bridge "qbr9816466e-22"
Port "qbr9816466e-22"
Interface "qbr9816466e-22"
type: internal
Port "tap9816466e-22"
Interface "tap9816466e-22"
Port "qvb9816466e-22"
Interface "qvb9816466e-22"
Bridge "virbr0"
Port "virbr0"
Interface "virbr0"
type: internal

Do you know why it happen?

When everything is ok, tag on both Network-node & Compute-node should equal 2 
(for first VM network) when I configured "network_vlan_ranges = 
physnet1:2:4094" ??

Re: [Openstack] [HyperV][Quantum] Quantum dhcp agent not working for Hyper-V

2013-06-07 Thread Bruno Oliveira ~lychinus 
"(...)Do you have your vSwitch properly configured on your hyper-v host?(...)"

>> I can't say for sure, Peter, but I think so...

In troubleshooting we did (and are still doing) I can tell that
regardless of the network model that we're using (FLAT or VLAN
Network),
the instance that is provisioned on Hyper-V (for some reason) can't
reach the quantum-l3-agent "by default"
(I said "default" because, we just managed to do it after a hard, long
and boring troubleshoting,
 yet, we're not sure if that's how it should be done, indeed)

Since it's not something quick to explain, I'll present the scenario:
(I'm not sure if it might be a candidate for a fix in quantum-l3-agent,
 so quantum-devs might be interested too)


Here's how our network interfaces turns out, in our network controller:

==
External bridge network
==

Bridge "br-eth1"
Port "br-eth1"
Interface "br-eth1"
type: internal
Port "eth1.11"
Interface "eth1.11"
Port "phy-br-eth1"
Interface "phy-br-eth1"

==
Internal network
==

   Bridge br-int
Port "int-br-eth1"
Interface "int-br-eth1"
Port br-int
Interface br-int
type: internal
Port "tapb610a695-46"
tag: 1
Interface "tapb610a695-46"
type: internal
Port "qr-ef10bef4-fa"
tag: 1
Interface "qr-ef10bef4-fa"
type: internal

==

There's another iface named "br-ex" that we're using for floating_ips,
but it has nothing to do with what we're doing right now, so I'm skipping it...


 So, for the hands-on 

I know it may be a little bit hard to understand, but I'll do my best
trying to explain:

1) the running instance in Hyper-V, which is linked to Hyper-V vSwitch
is actually
communicating to bridge: "br-eth1" (that is in the network controller).

NOTE: That's where the DHCP REQUEST (from the instance) lands


2) The interface MAC Address, of that running instance on Hyper-V, is:
fa:16:3e:95:95:e4. (we're gonna use it on later steps)
Since DHCP is not fully working yet, we had to manually set an IP for
that instance: "10.5.5.3"


3) From that instance interface, the dhcp_broadcast should be forward ->
   FROM interface "eth1.12" TO  "phy-br-eth1"
   And FROM interface "phy-br-eth1" TO the bridge "br-int"   *** THIS
IS WHERE THE PACKETS ARE DROPPED  ***.

Check it out for the "actions:drop"
-
root@osnetwork:~# ovs-dpctl dump-flows br-int  |grep 10.5.5.3

in_port(4),eth(src=fa:16:3e:f0:ac:8e,dst=ff:ff:ff:ff:ff:ff),eth_type(0x0806),arp(sip=10.5.5.3,tip=10.5.5.1,op=1,sha=fa:16:3e:f0:ac:8e,tha=00:00:00:00:00:00),
packets:20, bytes:1120, used:0.412s, actions:drop
-

4) Finally, when the packet reaches the bridge "br-int", the
DHCP_REQUEST should be forward to the
   dhcp_interface, that is: tapb610a695-46*** WHICH IS NOT
HAPPENING EITHER ***


5) How to fix :: bridge br-eth1

---
5.1. Getting to know the ifaces of 'br-eth1'
---
root@osnetwork:~# ovs-ofctl show br-eth1

OFPT_FEATURES_REPLY (xid=0x1): ver:0x1, dpid:e0db554e164b
n_tables:255, n_buffers:256 features: capabilities:0xc7, actions:0xfff

1(eth1.11): addr:e0:db:55:4e:16:4b
 config: 0
 state:  0
 current:10GB-FD AUTO_NEG
 advertised: 1GB-FD 10GB-FD FIBER AUTO_NEG
 supported:  1GB-FD 10GB-FD FIBER AUTO_NEG

3(phy-br-eth1): addr:26:9b:97:93:b9:70
 config: 0
 state:  0
 current:10GB-FD COPPER

LOCAL(br-eth1): addr:e0:db:55:4e:16:4b
 config: 0
 state:  0

OFPT_GET_CONFIG_REPLY (xid=0x3): frags=normal miss_send_len=0


---
5.2. Adding flow rules to enable passing (instead of dropping)
---

# the source mac_address (dl_src) is the from the interface of the
# running instance on Hyper-V. This fix the DROP (only)

root@osnetwork:~# ovs-ofctl add-flow br-eth1
priority=10,in_port=3,dl_src=fa:16:3e:95:95:e4,actions=normal



6) How to fix :: bridge br-int

---
6.1. Getting to know the ifaces of 'br-int'
---

root@osnetwork:~# ovs-ofctl show br-int

OFPT_FEATURES_REPLY (xid=0x1): ver:0x1, dpid:92976d64274d

n_tables:255, n_buffers:256  features: capabilities:0xc7, actions:0xfff

1(tapb610a695-46): addr:19:01:00:00:00:00
 config: PORT_DOWN
 state:  LINK_DOWN

4(int-br-eth1): addr:5a:56:e1:53:e9:90
 config: 0
 state:  0
 current:10GB-FD COPPER

5(q

Re: [Openstack] Problems with rabbitmq + haproxy + cinder

2013-06-07 Thread Samuel Winchenbach 
It doesn't appear that glance supports RabbitMQ HA cluster host:port pairs
or am I missing something?   It seems odd that it would be only the service
not to support it.

Thanks,
Sam


On Fri, Jun 7, 2013 at 3:36 PM, Samuel Winchenbach wrote:

> Hi Ray, thanks for the response.
>
> I am using RabbitMQ in mirrored queues mode.  I am setting up a Grizzly
> test cluster and didn't realize that support for multiple servers were
> added!  That is great news.   I will give that a shot, thanks.
>
> Sam
>
>
> On Fri, Jun 7, 2013 at 3:16 PM, Ray Pekowski  wrote:
>
>>
>> Seems like it might have something to do with IPv6.  It looks like
>> RabbitMQ is only listening on IPv6.  Note the :::5673.  Maybe you could
>> look into how to configure RabbitMQ to listen on IPv4.
>>
>> But I am curious why you don't just use the HA capabilities of RabbitMQ?
>> Are you on Folsom?  I think OpenStack RPC added support for multiple
>> RabbitMQ servers and HA in Grizzly.  I suppose you could backport that
>> feature, but might be a pain.
>>
>> Ray
>>
>> On Fri, Jun 7, 2013 at 12:48 PM, Samuel Winchenbach 
>> wrote:
>>
>>> Hi all, I am having a few troubles getting haproxy and cinder-api to
>>> work together correctly.  If I set the rabbit_host & port to the actual
>>> service (not through haproxy) it seems to work fine.  The following is a
>>> bunch of debugging information:
>>>
>>> Here are the errors in my cinder log:
>>> http://pastie.org/pastes/8020123/text
>>>
>>> Here are the non-default cinder configuration options:
>>> http://pastie.org/pastes/8020082/text
>>>
>>> Note: I have cinder running on a non-standard port because ultimately it
>>> too will be load balanced with haproxy.
>>>
>>> Here is a section my haproxy-int.cfg:
>>> http://pastie.org/pastes/8020077/text
>>>
>>> Status, permissions, and policies of the rabbitmq cluster:
>>> http://pastie.org/pastes/8020114/text
>>>
>>> Does anyone see anything wrong, or have suggestions?
>>>
>>> Thanks so much!
>>>
>>> P.S. If anyone can explain the difference between logdir and log_dir
>>> that would be awesome!
>>>
>>> Thanks,
>>> Sam
>>>
>>> ___
>>> Mailing list: https://launchpad.net/~openstack
>>> Post to : openstack@lists.launchpad.net
>>> Unsubscribe : https://launchpad.net/~openstack
>>> More help   : https://help.launchpad.net/ListHelp
>>>
>>>
>>
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] cc_ssh.py warning (cloud-init issue resolved)

2013-06-07 Thread Justin Chiu 




 Original Message 
Subject:Re: [Openstack] cc_ssh.py warning (cloud-init issue resolved)
Date:   Fri, 07 Jun 2013 12:31:45 -0700
From:   Justin Chiu 
To: Steven Hardy 



Thanks Steve.

cloud-init-0.6.3-0.12.bzr532.el6.noarch
python-boto-2.5.2-3.el6.noarch
(grabbed from EPEL)

Some good and bad news. The issue of cloud-init not being able to obtain 
metadata seems to have resolved itself. Launched a dozen instances and 
they all grabbed the metadata just fine.

I will post if I run into the metadata issue again...
--
I've run into a (not so critical) issue with one of the scripts:

cc_ssh.py[WARNING]: applying credentials failed!

Further down in the log:

ec2: #

ec2: -BEGIN SSH HOST KEY FINGERPRINTS-

ec2: 1024 XX:XX:... /etc/ssh/ssh_host_dsa_key.pub (DSA)

ec2: 2048 XX:XX:... /etc/ssh/ssh_host_key.pub (RSA1)

ec2: 2048 XX:XX:... /etc/ssh/ssh_host_rsa_key.pub (RSA)

ec2: -END SSH HOST KEY FINGERPRINTS-

ec2: #

-BEGIN SSH HOST KEY KEYS-
*my keys*
-END SSH HOST KEY KEYS-

So it seems like the keys are applied. Furthermore, I can log-in with 
the corresponding private key just fine.
Is there some non-critical incompatibility between the cloud-init 
scripts and SSH paths, etc...that I have overlooked?


Thanks for your help,
Justin

On 2013-06-06 2:27 AM, Steven Hardy wrote:

On Wed, Jun 05, 2013 at 09:25:17AM -0700, Justin Chiu wrote:

Hi all,
I sent this message out a few days ago. I am still trying to figure
out what is going on. Any advice would be much appreciated.
--
I am having some issues with cloud-init being unable to contact the
metadata server. cloud-init built into a base Scientific Linux 6.4
image with Oz. Any ideas on what might be the cause?

Can you confirm the version of cloud-init and python-boto in your image?

I found on Fedora that cloud-init 0.7.x only works with newer (> 2.6.0)
boto versions.  Getting the wrong combination can lead to the sort of problems
you're seeing IME.

Steve




___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Cinder Callbacks from nova-compute

2013-06-07 Thread Wolfgang Richter 
Fixed the issue.

Turns out Keystone was providing a URL (from the database driver) that I
didn't want it to use for callbacks (nova-compute on a compute server):

I manually updated the table 'endpoint' in the 'keystone' database to
change the URL for the 'public' interface associated with 'cinder' (URL
using port 8776) to point to an internal IP.

Is this desired behavior?  nova-compute is contacting the 'public'
interface of a service ('cinder')?  Why aren't the OpenStack components
using the 'internal' URL?  What is the distinction here?

--
Wolf


On Fri, Jun 7, 2013 at 12:42 PM, Wolfgang Richter  wrote:

> My nova-compute nodes appear to be using a hostname for my Cinder host
> that is incorrect.
>
> How do I set the hostname for the cinder-volume host on each nova-compute
> node?
>
> Some setting in /etc/nova/nova.conf?
>
> --
> Wolf
>



-- 
Wolf
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Problems with rabbitmq + haproxy + cinder

2013-06-07 Thread Samuel Winchenbach 
Hi Ray, thanks for the response.

I am using RabbitMQ in mirrored queues mode.  I am setting up a Grizzly
test cluster and didn't realize that support for multiple servers were
added!  That is great news.   I will give that a shot, thanks.

Sam


On Fri, Jun 7, 2013 at 3:16 PM, Ray Pekowski  wrote:

>
> Seems like it might have something to do with IPv6.  It looks like
> RabbitMQ is only listening on IPv6.  Note the :::5673.  Maybe you could
> look into how to configure RabbitMQ to listen on IPv4.
>
> But I am curious why you don't just use the HA capabilities of RabbitMQ?
> Are you on Folsom?  I think OpenStack RPC added support for multiple
> RabbitMQ servers and HA in Grizzly.  I suppose you could backport that
> feature, but might be a pain.
>
> Ray
>
> On Fri, Jun 7, 2013 at 12:48 PM, Samuel Winchenbach wrote:
>
>> Hi all, I am having a few troubles getting haproxy and cinder-api to work
>> together correctly.  If I set the rabbit_host & port to the actual service
>> (not through haproxy) it seems to work fine.  The following is a bunch of
>> debugging information:
>>
>> Here are the errors in my cinder log:
>> http://pastie.org/pastes/8020123/text
>>
>> Here are the non-default cinder configuration options:
>> http://pastie.org/pastes/8020082/text
>>
>> Note: I have cinder running on a non-standard port because ultimately it
>> too will be load balanced with haproxy.
>>
>> Here is a section my haproxy-int.cfg:
>> http://pastie.org/pastes/8020077/text
>>
>> Status, permissions, and policies of the rabbitmq cluster:
>> http://pastie.org/pastes/8020114/text
>>
>> Does anyone see anything wrong, or have suggestions?
>>
>> Thanks so much!
>>
>> P.S. If anyone can explain the difference between logdir and log_dir that
>> would be awesome!
>>
>> Thanks,
>> Sam
>>
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Problems with rabbitmq + haproxy + cinder

2013-06-07 Thread Ray Pekowski 
Seems like it might have something to do with IPv6.  It looks like RabbitMQ
is only listening on IPv6.  Note the :::5673.  Maybe you could look into
how to configure RabbitMQ to listen on IPv4.

But I am curious why you don't just use the HA capabilities of RabbitMQ?
Are you on Folsom?  I think OpenStack RPC added support for multiple
RabbitMQ servers and HA in Grizzly.  I suppose you could backport that
feature, but might be a pain.

Ray

On Fri, Jun 7, 2013 at 12:48 PM, Samuel Winchenbach wrote:

> Hi all, I am having a few troubles getting haproxy and cinder-api to work
> together correctly.  If I set the rabbit_host & port to the actual service
> (not through haproxy) it seems to work fine.  The following is a bunch of
> debugging information:
>
> Here are the errors in my cinder log:
> http://pastie.org/pastes/8020123/text
>
> Here are the non-default cinder configuration options:
> http://pastie.org/pastes/8020082/text
>
> Note: I have cinder running on a non-standard port because ultimately it
> too will be load balanced with haproxy.
>
> Here is a section my haproxy-int.cfg:
> http://pastie.org/pastes/8020077/text
>
> Status, permissions, and policies of the rabbitmq cluster:
> http://pastie.org/pastes/8020114/text
>
> Does anyone see anything wrong, or have suggestions?
>
> Thanks so much!
>
> P.S. If anyone can explain the difference between logdir and log_dir that
> would be awesome!
>
> Thanks,
> Sam
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Problems with rabbitmq + haproxy + cinder

2013-06-07 Thread Samuel Winchenbach 
Hi all, I am having a few troubles getting haproxy and cinder-api to work
together correctly.  If I set the rabbit_host & port to the actual service
(not through haproxy) it seems to work fine.  The following is a bunch of
debugging information:

Here are the errors in my cinder log:
http://pastie.org/pastes/8020123/text

Here are the non-default cinder configuration options:
http://pastie.org/pastes/8020082/text

Note: I have cinder running on a non-standard port because ultimately it
too will be load balanced with haproxy.

Here is a section my haproxy-int.cfg:
http://pastie.org/pastes/8020077/text

Status, permissions, and policies of the rabbitmq cluster:
http://pastie.org/pastes/8020114/text

Does anyone see anything wrong, or have suggestions?

Thanks so much!

P.S. If anyone can explain the difference between logdir and log_dir that
would be awesome!

Thanks,
Sam
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Unable to connect to MYSQL DB using inbuilt session provided by openstack

2013-06-07 Thread Craig E. Ward 
What is the setting of the sql_connection variable in nova.conf? Can you use 
the regular mysql client to connect using the data in the connection string?


A connection string

   mysql://user:password@server.domain/database

would become

   mysql -h server.domain -u user -ppassword database

on the command line. If that fails, the reported error will indicate what you 
should do next.


On 06/07/2013 02:04 AM, swapnil khanapurkar wrote:

Hi All,

I want to use the existing engine created by Openstack to connect to
the MYSQL Database, however somehow I am not able to connect. .

The existing engine gets connected to SQLite database(which is the
default db) and not MYSQL.

I got the Openstack session and engine from :
from nova.openstack.common.db.sqlalchemy import session as db_session

get_session = db_session.get_session
session = get_session()

get_engine = db_session.get_engine
engine=get_engine()



This is inbuilt session info of Openstack :

{'autocommit': True, 'autoflush': True, 'transaction': None,
'hash_key': 1L, 'expire_on_commit': False, '_new': {}, 'bind':
Engine(sqlite:opt/stack/nova/nova/openstack/common/db/nova.sqlite),
'_deleted': {}, '_flushing': False, 'identity_map': {},
'_enable_transaction_accounting': True, '_identity_cls': , 'twophase': False,
'_Session__binds': {}, '_query_cls': }



Then Manully created session and engine and able to connect to db and query it
The Manualy created session info is:

{'autocommit': False, 'autoflush': True, 'transaction':
,
'hash_key': 1L, 'expire_on_commit': True, '_new': {}, 'bind':
Engine(mysql://username:passworsd@hostip/nova), '_deleted': {},
'_flushing': False, 'identity_map': {},
'_enable_transaction_accounting': True, '_identity_cls': , 'twophase': False,
'_Session__binds': {}, '_query_cls': }


Please let me know how to proceed further.Any help is appreciated.

Thanks,
Swapnil



--
Craig E. Ward
USC Information Sciences Institute
cw...@isi.edu



___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Cinder Callbacks from nova-compute

2013-06-07 Thread Wolfgang Richter 
My nova-compute nodes appear to be using a hostname for my Cinder host that
is incorrect.

How do I set the hostname for the cinder-volume host on each nova-compute
node?

Some setting in /etc/nova/nova.conf?

-- 
Wolf
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Swift] Swift load balancing

2013-06-07 Thread John Dickinson 
The given options (DNS, SW load balancer, and HW load balancer) are all things 
I've seen people use in production Swift clusters.

As mentioned in another reply, DNSRR isn't really load balancing, but it can be 
used if nothing else is available.

One thing to consider when choosing a load balancer is if you want it to also 
terminate your SSL connections. You shouldn't ever terminate SSL within the 
Swift proxy itself, so you either need something local (like stunnel or stud) 
or you can combine the functionality with something like Pound or HAProxy. Both 
Pound and HAProxy can do load balancing and SSL termination, but for SSL they 
both use OpenSSL, so you won't see a big difference in SSL performance. Another 
free option (for smaller clusters) is using LVS.

You could also use commercial load balancers with varying degrees of success.

Swift supports being able to tell the healthcheck middleware to send an error 
or not 
(https://github.com/openstack/swift/blob/master/etc/proxy-server.conf-sample#L185),
 so when configuring your load balancer, you can more simply manage the 
interaction with the proxy servers by taking advantage of this feature.

I would strongly recommend against using nginx as a front-end to a Swift 
cluster. nginx spools request bodies locally, so it is not a good option in 
front of a storage system when the request bodies could be rather large.

--John





On Jun 7, 2013, at 1:24 AM, Heiko Krämer  wrote:

> Hey Kotwani,
> 
> we are using an SW loadbalancer but L3 (keepalived).
> DNS round robin are not a load balancer :) if one node is done, some 
> connections will arrive the down host that's not the right way i think.
> 
> HTTP Proxy are an option but you make a bottleneck of your connection to WAN 
> because all usage will pass your proxy server.
> 
> You can use Keepalived as a Layer3 Loadbalancer, so all your incoming 
> responses will distributed to the swift proxy servers and delivered of them. 
> You don't have a bottleneck because you are using the WAN connection of each 
> swift proxy servers and you have automate failover of keepalived with an 
> other hot standby lb ( keepalived are using out of the box pacemaker + 
> corosync for lb failover).
> 
> 
> Greetings
> Heiko
> 
> On 07.06.2013 06:40, Chu Duc Minh wrote:
>> If you choose to use DNS round robin, you can set TTL small and use a 
>> script/tool to continous check proxy nodes to reconfigure DNS record if one 
>> proxy node goes down, and vice-versa.
>> 
>> If you choose to use SW load-balancer, I suggest HAProxy for performance 
>> (many high-traffic websites use it) and NGinx for features (if you really 
>> need features provided by Nginx). 
>> IMHO, I like Nginx more than Haproxy. It's stable, modern, high performance, 
>> and full-featured.
>> 
>> 
>> On Fri, Jun 7, 2013 at 6:28 AM, Kotwani, Mukul  
>> wrote:
>> Hello folks,
>> 
>> I wanted to check and see what others are using in the case of a Swift 
>> installation with multiple proxy servers for load balancing/distribution. 
>> Based on my reading, the approaches used are DNS round robin, or SW load 
>> balancers such as Pound, or HW load balancers. I am really interested in 
>> finding out what others have been using in their installations. Also, if 
>> there are issues that you have seen related to the approach you are using, 
>> and any other information you think would help would be greatly appreciated.
>> 
>>  
>> As I understand it, DNS round robin does not check the state of the service 
>> behind it, so if a service goes down, DNS will still send the record and the 
>> record requires manual removal(?). Also, I am not sure how well it scales or 
>> if there are any other issues. About Pound, I am not sure what kind of 
>> resources it expects and what kind of scalability it has, and yet again, 
>> what other issues have been seen.
>> 
>>  
>> Real world examples and problems seen by you guys would definitely help in 
>> understanding the options better.
>> 
>>  
>> Thanks!
>> 
>> Mukul
>> 
>>  
>> 
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>> 
>> 
>> 
>> 
>> ___
>> Mailing list: 
>> https://launchpad.net/~openstack
>> 
>> Post to : 
>> openstack@lists.launchpad.net
>> 
>> Unsubscribe : 
>> https://launchpad.net/~openstack
>> 
>> More help   : 
>> https://help.launchpad.net/ListHelp
> 
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launch

[Openstack] CloudFoundry on Openstack Grizzly Part 1

2013-06-07 Thread Heiko Krämer 
Heyho guys,

I've written the first part how to deploy cloudfoundry on OpenStack
The second will coming soon.


http://honeybutcher.de/2013/06/cloudfoundry-micro-bosh-openstack-grizzly/


Greetings
Heiko

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Ceilometer-api Auth Error

2013-06-07 Thread Bruno Oliveira 
The auth-token you got in out.txt seems fine to me...

Judging by the first output, and the 401 Unauthorized, sounds more
like a misconfig of the ceilometer
user in keystone...

The same way you got an admin tenant, you should probably have an admin user
in keystone. Could you possibly try to curl the auth token using it ?

And then, use that token to list the ceilometer /meters  or /resources.

Let us know. Thanks
--

Bruno Oliveira
Developer, Software Engineer




On Fri, Jun 7, 2013 at 10:35 AM, Claudio Marques  wrote:
> Hi guys
> (Sorry about the previous e-mail - I have sent it by mistake)
>
> I've changed all the configuration from localhost to the correct ip_addr -
> as Bruno guided me, and started all over again.
>
> Here's the output of all the tenants I have in OpenStack:
>
> keystone tenant-list
> +--+-+-+
> |id| name| enabled |
> +--+-+-+
> | 68c5e7308a234d889d9591b51891a30a |admin|   True  |
> | 0b0318f87f384247ae8b658f844ed9a4 | project_one |   True  |
> | 0300e74768a8445aa268f20a9846a7c1 |   service   |   True  |
> +--+-+-+
>
> I have created the ceilometer user in the keystone with the following
> command:
>
> keystone user-create --name=ceilometer --pass=ceilometer_pass --tenant-id
> 68c5e7308a234d889d9591b51891a30a --email=ceilome...@domain.com
>
> Just to check if everything was ok:
>
> keystone user-get ceilometer
> +--+--+
> | Property |  Value   |
> +--+--+
> |  email   |  ceilome...@domain.com   |
> | enabled  |   True   |
> |id| a47c062e52f4407baf19db1a8613f5bf |
> |   name   |ceilometer|
> | tenantId | 68c5e7308a234d889d9591b51891a30a |
> +--+--+
>
> Then I created a service for ceilometer:
>
> keystone service-create --name=ceilometer -–type=metering
> -–description=”Ceilometer Service”
>
> And then i createted an Endpoint in Keystone for ceilometer by using the
> following command:
>
> keystone endpoint-create --region RegionOne --service_id
> 22881e9089b342a58bde91712f090c6b --publicurl "http://10.0.1.167:8777/";
> --adminurl "http://10.10.10.53:8777/"; --internalurl
> "http://10.10.10.53:8777/";
>
> Cheking the endpoint list I get:
>
> keystone endpoint-list
> +--+---+-+--+--+--+
> |id|   region  |publicurl
> |   internalurl| adminurl
> |service_id|
> +--+---+-+--+--+--+
> | 4375fcf13fb843f497ae01a186e95098 | RegionOne |
> http://10.0.1.167:8776/v1/$(tenant_id)s |
> http://10.10.10.51:8776/v1/$(tenant_id)s |
> http://10.10.10.51:8776/v1/$(tenant_id)s | a2a9c0733d124d2389c58cec06e24eae
> |
> | 5a37d2960f094677b3068f7b112addef | RegionOne |
> http://10.0.1.167:9696/ | http://10.10.10.51:9696/ |
> http://10.10.10.51:9696/ | 9fe761c9d83647f2953b5fbe037aa548 |
> | 5cf12f7972de48e2bf342a3c961334d3 | RegionOne |
> http://10.0.1.167:5000/v2.0   |   http://10.10.10.51:5000/v2.0
> |  http://10.10.10.51:35357/v2.0   |
> e50dff43e6184d15a3764fc220a7272a |
> | 9a8b00e0065643d4b100de944d7a30b0 | RegionOne |
> http://10.0.1.167:8773/services/Cloud  |
> http://10.10.10.51:8773/services/Cloud  |
> http://10.10.10.51:8773/services/Admin  | 0908f8a92c2e406b9f99839d9d8076c2 |
> | c85f6c95b5804d88a728f69cb1e125c5 | RegionOne |
> http://10.0.1.167:9292/v2|http://10.10.10.51:9292/v2
> |http://10.10.10.51:9292/v2|
> fc70a5946d2c4fadb36ce14461c2a7a0 |
> | ea7d0c2d4d8d4f37b6f505994a30a7ea | RegionOne |
> http://10.0.1.167:8777/ | http://10.10.10.51:8777/ |
> http://10.10.10.51:8777/ | 22881e9089b342a58bde91712f090c6b |
> | f4543edef18d4a42a22a2d566bca72d2 | RegionOne |
> http://10.0.1.167:8774/v2/$(tenant_id)s |
> http://10.10.10.51:8774/v2/$(tenant_id)s |
> http://10.10.10.51:8774/v2/$(tenant_id)s | 0d780e90409e45ceaa870f5c0b16d6a6
> |
> +--+---+-+--+--+--+
>
>
>
> My credentials in OpenStack are
>
> user: ceilometer
> password: ceilometer_pass
> tenantid: 68c5e7308a234d889d9591b51891a30a
> tenantName: admin
>

[Openstack] [OPENSTACK] Grizzly (three node setup) Error "Agent with agent_type=DHCP agent and host=network could not be found"

2013-06-07 Thread Nikhil Mittal 
Hello

I setup a three-node Grizzly setup using Ubuntu 12.04. In the
/var/log/quantum/server.log (on controller node) i get the below error
whenever i run command "quantum agent-list". Actually this command returns
nothing (just a blank line) on either controller or network node that I run
this command on.

NOTE: the network node's host name is "network".




2013-06-08 00:56:19DEBUG [quantum.openstack.common.rpc.amqp] received
{u'_context_roles': [u'admin'], u'_msg_id':
u'9987f73b2db44097ae472bd281210f2a', u'_context_read_deleted': u'no',
u'_context_tenant_id': None, u'args': {u'host': u'network'}, u'_unique_id':
u'a89b6f2b2dd04c97a2fb0ce694cac1b3', u'_context_is_admin': True,
u'version': u'1.0', u'_context_project_id': None, u'_context_timestamp':
u'2013-06-07 06:24:13.416063', u'_context_user_id': None, u'method':
u'get_active_networks'}

2013-06-08 00:56:19DEBUG [quantum.openstack.common.rpc.amqp] unpacked
context: {'user_id': None, 'roles': [u'admin'], 'tenant_id': None,
'is_admin': True, 'timestamp': u'2013-06-07 06:24:13.416063', 'project_id':
None, 'read_deleted': u'no'}

2013-06-08 00:56:19DEBUG [quantum.db.dhcp_rpc_base] Network list
requested from network

2013-06-08 00:56:19  WARNING [quantum.scheduler.dhcp_agent_scheduler] No
enabled DHCP agent on host network

2013-06-08 00:56:19ERROR [quantum.openstack.common.rpc.amqp] Exception
during message handling

Traceback (most recent call last):

  File
"/usr/lib/python2.7/dist-packages/quantum/openstack/common/rpc/amqp.py",
line 430, in _process_data

rval = self.proxy.dispatch(ctxt, version, method, **args)

  File "/usr/lib/python2.7/dist-packages/quantum/common/rpc.py", line 43,
in dispatch

quantum_ctxt, version, method, **kwargs)

  File
"/usr/lib/python2.7/dist-packages/quantum/openstack/common/rpc/dispatcher.py",
line 133, in dispatch

return getattr(proxyobj, method)(ctxt, **kwargs)

  File "/usr/lib/python2.7/dist-packages/quantum/db/dhcp_rpc_base.py", line
42, in get_active_networks

context, host)

  File "/usr/lib/python2.7/dist-packages/quantum/db/agentschedulers_db.py",
line 137, in list_active_networks_on_active_dhcp_agent

context, constants.AGENT_TYPE_DHCP, host)

  File "/usr/lib/python2.7/dist-packages/quantum/db/agents_db.py", line
125, in _get_agent_by_type_and_host

host=host)

AgentNotFoundByTypeHost: Agent with agent_type=DHCP agent and host=network
could not be found

2013-06-08 00:56:19ERROR [quantum.openstack.common.rpc.common]
Returning exception Agent with agent_type=DHCP agent and host=network could
not be found to caller

2013-06-08 00:56:19ERROR [quantum.openstack.common.rpc.common]
['Traceback (most recent call last):\n', '  File
"/usr/lib/python2.7/dist-packages/quantum/openstack/common/rpc/amqp.py",
line 430, in _process_data\nrval = self.proxy.dispatch(ctxt, version,
method, **args)\n', '  File
"/usr/lib/python2.7/dist-packages/quantum/common/rpc.py", line 43, in
dispatch\nquantum_ctxt, version, method, **kwargs)\n', '  File
"/usr/lib/python2.7/dist-packages/quantum/openstack/common/rpc/dispatcher.py",
line 133, in dispatch\nreturn getattr(proxyobj, method)(ctxt,
**kwargs)\n', '  File
"/usr/lib/python2.7/dist-packages/quantum/db/dhcp_rpc_base.py", line 42, in
get_active_networks\ncontext, host)\n', '  File
"/usr/lib/python2.7/dist-packages/quantum/db/agentschedulers_db.py", line
137, in list_active_networks_on_active_dhcp_agent\ncontext,
constants.AGENT_TYPE_DHCP, host)\n', '  File
"/usr/lib/python2.7/dist-packages/quantum/db/agents_db.py", line 125, in
_get_agent_by_type_and_host\nhost=host)\n', 'AgentNotFoundByTypeHost:
Agent with agent_type=DHCP agent and host=network could not be found\n']



Thanks,

-Nikhil
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Keystone] Policy settings not working correctly

2013-06-07 Thread Brant Knudson 
Heiko --

Guang's response provides the hint that could get you where you want to go
-- try using the V3 Identity API rather than the V2 admin API. The V2 admin
API essentially ignores policy and only allows admin role. Here's docs on
the V3 API:
https://github.com/openstack/identity-api/blob/master/openstack-identity-api/src/markdown/identity-api-v3.md.
The openstack client may provide a CLI for the commands you want to
run.

-- Brant



On Fri, Jun 7, 2013 at 3:07 AM, Heiko Krämer  wrote:

>  Hi Guang,
>
> thx for your hint but that's not the reason because in your example all
> users with the KeystoneAdmin role have the same rights as the admin and
> thats useless.
>
> @Adam so i've no chance to get the policy management working ? I can't say
> the KeystoneAdmin role is only allowed to create and delete users and
> nothing more ?
> I saw instead of the file a mysql base policy management but thers no cli
> commands available right ?
>
>
> Thx and Greetings
> Heiko
>
>
> On 07.06.2013 07:59, Yee, Guang wrote:
>
>  I think keystone client is still V2 by default, which is enforcing
> admin_required. 
>
> ** **
>
> Try this
>
> ** **
>
> "admin_required": [["role:KeystoneAdmin"], ["role:admin"], ["is_admin:1"]],
> 
>
> ** **
>
> ** **
>
> Guang
>
> ** **
>
> ** **
>
> *From:* Openstack [
> mailto:openstack-bounces+guang.yee=hp@lists.launchpad.net]
> *On Behalf Of *Adam Young
> *Sent:* Thursday, June 06, 2013 7:28 PM
> *To:* Heiko Krämer; openstack
> *Subject:* Re: [Openstack] [Keystone] Policy settings not working
> correctly
>
> ** **
>
> What is the actualy question here?  Is it "why is this failing" or "why
> was it done that way?"
>
>
> On 06/04/2013 07:47 AM, Heiko Krämer wrote:
>
> Heyho guys :)
>
> I've a little problem with policy settings in keystone. I've create a new
> rule in my policy-file and restarts keystone but keystone i don't have
> privileges. 
>
>
> What is the rule?
>
> 
>
>
> Example:
>
>
> keystone user-create --name kadmin --pw lala
> keystone user-role-add --
>
> keystone role-list --user kadmin --role KeystoneAdmin --tenant admin
>
> +--+--+
> |id| name |
> +--+--+
> | 3f5c0af585db46aeaec49da28900de28 |KeystoneAdmin |
> | dccfed0bd790420bbf1982686cbf7e31 | KeystoneServiceAdmin |
>
>
> cat /etc/keystone/policy.json
>
> {
> "admin_required": [["role:admin"], ["is_admin:1"]],
> "owner" : [["user_id:%(user_id)s"]],
> "admin_or_owner": [["rule:admin_required"], ["rule:owner"]],
> "admin_or_kadmin": [["rule:admin_required"], ["role:KeystoneAdmin"]],
>
> "default": [["rule:admin_required"]],
> [.]
> "identity:list_users": [["rule:admin_or_kadmin"]],
> []
>
> 
>
> keystone user-list
> Unable to communicate with identity service: {"error": {"message": "You
> are not authorized to perform the requested action: admin_required",
> "code": 403, "title": "Not Authorized"}}. (HTTP 403)
>
>
> In log file i see:
> DEBUG [keystone.policy.backends.rules] enforce admin_required:
> {'tenant_id': u'b33bf3927d4e449a98cec4a883148110', 'user_id':
> u'46a6a9e429db483f8346f0259e99d6a5', u'roles': [u'KeystoneAdmin']}
>
>
>
>
> Why does keystone enforce *admin_required* rule instead of the defined
> rule (*admin_or_kadmin*).
>
>
> Historical reasons.  We are trying to clean this up.
>
>
> 
>
>
>
>
> Keystone conf:
> [...]
>
> # Path to your policy definition containing identity actions
> policy_file = policy.json
> [..]
> [policy]
> driver = keystone.policy.backends.rules.Policy
>
>
>
>
> Any have an idea ?
>
> Thx and greetings
> Heiko
>
>
>
>
> 
>
> ___
>
> Mailing list: https://launchpad.net/~openstack
>
> Post to : openstack@lists.launchpad.net
>
> Unsubscribe : https://launchpad.net/~openstack
>
> More help   : https://help.launchpad.net/ListHelp
>
> ** **
>
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] NetApp + Openstack folsom

2013-06-07 Thread Diego Parrilla Santamaría 
We have several deployments of customers with StackOps running on NetApp
like a breeze.

Check this document: https://communities.netapp.com/docs/DOC-24892

Cheers
Diego

 --
Diego Parrilla
*CEO*
*www.stackops.com | * diego.parri...@stackops.com** | +34 649 94 43 29 |
skype:diegoparrilla*
* 
*

*



On Fri, Jun 7, 2013 at 3:18 PM, Alexandre De Carvalho <
alexandre7.decarva...@gmail.com> wrote:

> Hi !
>
>
> I have : 1 controller, 1 compute, 1 block storage and all that this works
> well.  (Ubuntu 12.04 LTS + OpenStack Folsom)
>
> And i would like to add a NetApp iSCSI FAS2020 for this structure. But i
> don't know how and I don't find any document to do it.
>
>
> If you can help me, i'm interested !
>
>
> Thanks for your help !
>
> --
> regards,
> Alexandre
>
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] NetApp + Openstack folsom

2013-06-07 Thread Alexandre De Carvalho 
Hi !


I have : 1 controller, 1 compute, 1 block storage and all that this works
well.  (Ubuntu 12.04 LTS + OpenStack Folsom)

And i would like to add a NetApp iSCSI FAS2020 for this structure. But i
don't know how and I don't find any document to do it.


If you can help me, i'm interested !


Thanks for your help !

-- 
regards,
Alexandre
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [HyperV][Ceilometer] Performance statistics from Hyper-V with Ceilometer and libvirt

2013-06-07 Thread Peter Pouliot 


https://blueprints.launchpad.net/ceilometer/+spec/hyper-v-agent

Sent from my Verizon Wireless 4G LTE Smartphone



 Original message 
From: Julien Danjou 
Date: 06/07/2013 4:37 AM (GMT-05:00)
To: Peter Pouliot 
Cc: Bruno Oliveira ,OpenStack 

Subject: Re: [Openstack] [HyperV][Ceilometer] Performance statistics from 
Hyper-V with Ceilometer and libvirt


On Thu, Jun 06 2013, Peter Pouliot wrote:

> The hyper-v driver uses WMI.
> Libvirt is not used. There is currently no support for celometer, however we
> should have havana blueprints meaning it is one of the things we are trying
> to deliver.

We'd be glad to have this support indeed. I don't think I saw any
blueprint about this on Ceilometer, did you already create them
somewhere?

--
Julien Danjou
;; Free Software hacker ; freelance consultant
;; http://julien.danjou.info
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] novncproxy and keymaps

2013-06-07 Thread Dennis Jacobfeuerborn 

Hi,
I am now at a point in my deployment where I can now start instances and 
access the console through horizon. The problem is that I get a weird 
keyboard layout and when I add "vnc_keymap=de" in nova.conf it changes 
but to a en-us layout rather than the de (german) I requested.


The 'de' is properly reflected in the instances xml config:
...
keymap='de'>

...

Any ideas how to get the proper layout working in the horizon console?

Regards,
  Dennis

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Unable to connect to MYSQL DB using inbuilt session provided by openstack

2013-06-07 Thread swapnil khanapurkar 
Hi All,

I want to use the existing engine created by Openstack to connect to
the MYSQL Database, however somehow I am not able to connect. .

The existing engine gets connected to SQLite database(which is the
default db) and not MYSQL.

I got the Openstack session and engine from :
from nova.openstack.common.db.sqlalchemy import session as db_session

get_session = db_session.get_session
session = get_session()

get_engine = db_session.get_engine
engine=get_engine()



This is inbuilt session info of Openstack :

{'autocommit': True, 'autoflush': True, 'transaction': None,
'hash_key': 1L, 'expire_on_commit': False, '_new': {}, 'bind':
Engine(sqlite:opt/stack/nova/nova/openstack/common/db/nova.sqlite),
'_deleted': {}, '_flushing': False, 'identity_map': {},
'_enable_transaction_accounting': True, '_identity_cls': , 'twophase': False,
'_Session__binds': {}, '_query_cls': }



Then Manully created session and engine and able to connect to db and query it
The Manualy created session info is:

{'autocommit': False, 'autoflush': True, 'transaction':
,
'hash_key': 1L, 'expire_on_commit': True, '_new': {}, 'bind':
Engine(mysql://username:passworsd@hostip/nova), '_deleted': {},
'_flushing': False, 'identity_map': {},
'_enable_transaction_accounting': True, '_identity_cls': , 'twophase': False,
'_Session__binds': {}, '_query_cls': }


Please let me know how to proceed further.Any help is appreciated.

Thanks,
Swapnil

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [HyperV][Ceilometer] Performance statistics from Hyper-V with Ceilometer and libvirt

2013-06-07 Thread Julien Danjou 
On Thu, Jun 06 2013, Peter Pouliot wrote:

> The hyper-v driver uses WMI.
> Libvirt is not used. There is currently no support for celometer, however we
> should have havana blueprints meaning it is one of the things we are trying
> to deliver.

We'd be glad to have this support indeed. I don't think I saw any
blueprint about this on Ceilometer, did you already create them
somewhere?

-- 
Julien Danjou
;; Free Software hacker ; freelance consultant
;; http://julien.danjou.info


signature.asc
Description: PGP signature
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Swift] Swift load balancing

2013-06-07 Thread Heiko Krämer 
Hey Kotwani,

we are using an SW loadbalancer but L3 (keepalived).
DNS round robin are not a load balancer :) if one node is done, some
connections will arrive the down host that's not the right way i think.

HTTP Proxy are an option but you make a bottleneck of your connection to
WAN because all usage will pass your proxy server.

You can use Keepalived as a Layer3 Loadbalancer, so all your incoming
responses will distributed to the swift proxy servers and delivered of
them. You don't have a bottleneck because you are using the WAN
connection of each swift proxy servers and you have automate failover of
keepalived with an other hot standby lb ( keepalived are using out of
the box pacemaker + corosync for lb failover).


Greetings
Heiko

On 07.06.2013 06:40, Chu Duc Minh wrote:
> If you choose to use DNS round robin, you can set TTL small and use a
> script/tool to continous check proxy nodes to reconfigure DNS record
> if one proxy node goes down, and vice-versa.
>
> If you choose to use SW load-balancer, I suggest HAProxy for
> performance (many high-traffic websites use it) and NGinx for features
> (if you really need features provided by Nginx).
> IMHO, I like Nginx more than Haproxy. It's stable, modern, high
> performance, and full-featured.
>
>
> On Fri, Jun 7, 2013 at 6:28 AM, Kotwani, Mukul  > wrote:
>
> Hello folks,
>
> I wanted to check and see what others are using in the case of a
> Swift installation with multiple proxy servers for load
> balancing/distribution. Based on my reading, the approaches used
> are DNS round robin, or SW load balancers such as Pound, or HW
> load balancers. I am really interested in finding out what others
> have been using in their installations. Also, if there are issues
> that you have seen related to the approach you are using, and any
> other information you think would help would be greatly appreciated.
>
>  
>
> As I understand it, DNS round robin does not check the state of
> the service behind it, so if a service goes down, DNS will still
> send the record and the record requires manual removal(?). Also, I
> am not sure how well it scales or if there are any other issues.
> About Pound, I am not sure what kind of resources it expects and
> what kind of scalability it has, and yet again, what other issues
> have been seen.
>
>  
>
> Real world examples and problems seen by you guys would definitely
> help in understanding the options better.
>
>  
>
> Thanks!
>
> Mukul
>
>  
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> 
> Post to : openstack@lists.launchpad.net
> 
> Unsubscribe : https://launchpad.net/~openstack
> 
> More help   : https://help.launchpad.net/ListHelp
>
>
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Keystone] Policy settings not working correctly

2013-06-07 Thread Heiko Krämer 
Hi Guang,

thx for your hint but that's not the reason because in your example all
users with the KeystoneAdmin role have the same rights as the admin and
thats useless.

@Adam so i've no chance to get the policy management working ? I can't
say the KeystoneAdmin role is only allowed to create and delete users
and nothing more ?
I saw instead of the file a mysql base policy management but thers no
cli commands available right ?


Thx and Greetings
Heiko

On 07.06.2013 07:59, Yee, Guang wrote:
>
> I think keystone client is still V2 by default, which is enforcing
> admin_required.
>
>  
>
> Try this
>
>  
>
> "admin_required": [["role:KeystoneAdmin"], ["role:admin"],
> ["is_admin:1"]],
>
>  
>
>  
>
> Guang
>
>  
>
>  
>
> *From:*Openstack
> [mailto:openstack-bounces+guang.yee=hp@lists.launchpad.net] *On
> Behalf Of *Adam Young
> *Sent:* Thursday, June 06, 2013 7:28 PM
> *To:* Heiko Krämer; openstack
> *Subject:* Re: [Openstack] [Keystone] Policy settings not working
> correctly
>
>  
>
> What is the actualy question here?  Is it "why is this failing" or
> "why was it done that way?"
>
>
> On 06/04/2013 07:47 AM, Heiko Krämer wrote:
>
> Heyho guys :)
>
> I've a little problem with policy settings in keystone. I've
> create a new rule in my policy-file and restarts keystone but
> keystone i don't have privileges.
>
>
> What is the rule?
>
>
> Example:
>
>
> keystone user-create --name kadmin --pw lala
> keystone user-role-add --
>
> keystone role-list --user kadmin --role KeystoneAdmin --tenant admin
>
> +--+--+
> |id| name |
> +--+--+
> | 3f5c0af585db46aeaec49da28900de28 |KeystoneAdmin |
> | dccfed0bd790420bbf1982686cbf7e31 | KeystoneServiceAdmin |
>
>
> cat /etc/keystone/policy.json
>
> {
> "admin_required": [["role:admin"], ["is_admin:1"]],
> "owner" : [["user_id:%(user_id)s"]],
> "admin_or_owner": [["rule:admin_required"], ["rule:owner"]],
> "admin_or_kadmin": [["rule:admin_required"], ["role:KeystoneAdmin"]],
>
> "default": [["rule:admin_required"]],
> [.]
> "identity:list_users": [["rule:admin_or_kadmin"]],
> []
>
> 
>
> keystone user-list
> Unable to communicate with identity service: {"error": {"message":
> "You are not authorized to perform the requested action:
> admin_required", "code": 403, "title": "Not Authorized"}}. (HTTP 403)
>
>
> In log file i see:
> DEBUG [keystone.policy.backends.rules] enforce admin_required:
> {'tenant_id': u'b33bf3927d4e449a98cec4a883148110', 'user_id':
> u'46a6a9e429db483f8346f0259e99d6a5', u'roles': [u'KeystoneAdmin']}
>
>
>
>
> Why does keystone enforce /admin_required/ rule instead of the defined
> rule (/admin_or_kadmin/).
>
>
> Historical reasons.  We are trying to clean this up. 
>
>
>
>
>
> Keystone conf:
> [...]
>
> # Path to your policy definition containing identity actions
> policy_file = policy.json
> [..]
> [policy]
> driver = keystone.policy.backends.rules.Policy
>
>
>
>
> Any have an idea ?
>
> Thx and greetings
> Heiko
>
>
>
>
> ___
> Mailing list: https://launchpad.net/~openstack 
> 
> Post to : openstack@lists.launchpad.net 
> 
> Unsubscribe : https://launchpad.net/~openstack 
> 
> More help   : https://help.launchpad.net/ListHelp
>
>  
>

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp