Re: [Openstack] Can I run qemu-kvm in an OpenStack Instance
Yes, the Ubuntu cloud image is made to run as a guest atop an hypervisor and it makes sense to optimize it by removing the unlikely needed modules that usually require hardware to run (nested virt is not yet common). Scott Moser may confirm/infirm. Maybe you can try installing the 'normal' kernel on your guest that has the vmx flag exported in its vm config and try loading it again. On that Ubuntu guest, you can also install "cpu-checker" that gives you a 'kvm-ok' cli: # kvm-ok INFO: /dev/kvm exists KVM acceleration can be used Hope this helps. On Thu, Jun 13, 2013 at 10:18 PM, Daniel Ellison wrote: > On Jun 13, 2013, at 5:05 PM, laclasse wrote: > > > > What is the guest OS? It seems the error "Module kvm not found" points > to the missing kernel module rather than it not loading. > > Is the guest kernel > 2.6.23? Can you find a kvm.ko and kvm-intel.ko on > the guest file system? > > > I did do a search for the kernel modules on the guest and they were not > found. The guest OS was generated from the > ubuntu-precise-server-cloudimg-amd64 image available from Ubuntu. uname -a > says (in part) "Linux image 3.2.0-45-virtual". > > I've installed libvirt-bin libvirt-dev kvm qemu qemu-kvm, and they brought > in things like bridge-utils, etc. > > Thanks, > Daniel ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Another basic Swift question
Hi Mark, Well, the ring without rebalance will not effect anything. With a update, there're no partitions been assigned to the new devices.Result of partition numbers of a new device will be 0. Which means no any object will be calculated for these new devices. In the case of adding a new server (devices) to the ring, it should still work properly. What you need is to understand the mechanism of replicator and the theory of partions in Swift. I have to point out a key concept of "partition". It's a "logic partition" in swift layer instead of a real partition on disk. When a partition been assigned to a new device. it's much more like that your parking slot changed from first floor to second floor. Your can won't be destroyed but wait for moving to new place. :) Hope it help. Cheers +Hugo Kuo+ h...@swiftstack.com tonyt...@gmail.com +886 935004793 2013/6/14 Mark Brown > > When a new server is added to an existing cluster, and I now update the > ring with the new device, but at the same time, I do NOT rebalance, will > things work correctly? > > I am assuming if I don't rebalance, but I do update the ring, the ring has > the new partition scheme with the new device information, so new data will > go to the new device. But at the same time, an existing object which > previously hashed to a specific partition on a specific server can possibly > hash to a different partition on a different server, so how do old objects > get accessed? I do understand I should do the rebalance, and I will at a > certain point in time, but I wanted to understand the behavior if I update > the ring and don't do the rebalance > > > Cheers, > -- Mark > > > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > > ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Security Group of Quantum ovs plugin (Folsom) is not working
Hello, I'm trying to use security group of Quantum ovs plugin(Folsom) in CentOS 6.3 (2012.2.3-1.el6@epel). Everything looks good, except security group, and there are no error message in /var/log/nova/compute.log file. After I created VM, I can see the bridges and interfaces have been created normally. [root@compute1 ~]# brctl show bridge name bridge id STP enabled interfaces br-int .3eca2e714b4d no qvo756ead5d-32 br-tun .824651aab541 no qbr756ead5d-32 .ca57ea41484c no qvb756ead5d-32 vnet0 The chain rules in filter table of iptables can reflect security group rules correctly too. Chain nova-compute-inst-749 (1 references) num target prot opt source destination 1DROP all -- 0.0.0.0/00.0.0.0/0 state INVALID 2ACCEPT all -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED 3nova-compute-provider all -- 0.0.0.0/00.0.0.0/0 4ACCEPT udp -- 10.0.0.2 0.0.0.0/0 udp spt:67 dpt:68 5ACCEPT all -- 10.0.0.0/24 0.0.0.0/0 6nova-compute-sg-fallback all -- 0.0.0.0/00.0.0.0/0 Obviously, the packets do not follow these rules correctly. Please advise me how to resolve this problem. Thanks a lot, Chandler ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Another basic Swift question
When a new server is added to an existing cluster, and I now update the ring with the new device, but at the same time, I do NOT rebalance, will things work correctly? I am assuming if I don't rebalance, but I do update the ring, the ring has the new partition scheme with the new device information, so new data will go to the new device. But at the same time, an existing object which previously hashed to a specific partition on a specific server can possibly hash to a different partition on a different server, so how do old objects get accessed? I do understand I should do the rebalance, and I will at a certain point in time, but I wanted to understand the behavior if I update the ring and don't do the rebalance Cheers, -- Mark ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Can I run qemu-kvm in an OpenStack Instance
If you really want to go crazy, why not run OpenStack in an OpenStack instance to launch your qemu machines: http://devstack.org/guides/single-vm.html - Joseph From: Openstack [openstack-bounces+joseph.quinn=rackspace@lists.launchpad.net] on behalf of Daniel Ellison [dan...@syrinx.net] Sent: Thursday, June 13, 2013 4:54 PM To: Robert Collins Cc: OpenStack Users Subject: Re: [Openstack] Can I run qemu-kvm in an OpenStack Instance On Jun 13, 2013, at 5:34 PM, Robert Collins wrote: > install linux-image-generic, it will bring in > linux-image-extra-$version-generic which has kvm. That did it! I'm now creating a CentOS KVM image in an Ubuntu OpenStack VM. I'll wait until it finishes before celebrating, but there are no errors so far. Just to clarify, I first installed linux-image-generic but it didn't automatically bring in linux-image-extra-$version-generic. I did an apt-cache search and found linux-image-extra-virtual. I installed that and it brought in KVM. I subsequently had to start qemu-kvm manually, but it did start. I'll update this thread if and when the CentOS image is created successfully. Thanks, Robert! ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Can I run qemu-kvm in an OpenStack Instance
On Jun 13, 2013, at 5:34 PM, Robert Collins wrote: > install linux-image-generic, it will bring in > linux-image-extra-$version-generic which has kvm. That did it! I'm now creating a CentOS KVM image in an Ubuntu OpenStack VM. I'll wait until it finishes before celebrating, but there are no errors so far. Just to clarify, I first installed linux-image-generic but it didn't automatically bring in linux-image-extra-$version-generic. I did an apt-cache search and found linux-image-extra-virtual. I installed that and it brought in KVM. I subsequently had to start qemu-kvm manually, but it did start. I'll update this thread if and when the CentOS image is created successfully. Thanks, Robert! ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Can I run qemu-kvm in an OpenStack Instance
On Thu, Jun 13, 2013 at 4:19 PM, Parrott, Robert wrote: > No. You can't use KVM in a guest since it requires hardware > virtualization. Instead you need to use qemu in emulation mode. Refer to > the devstack code for how to set this up, since devatack will work in > Amazon EC2. > > It *is* possible to do KVM in KVM, actually. I just set it up today (but it was my manually created KVM hosting a devstack launching KVM guests, not the same situation as Daniel). I've heard this "you can't do KVM in KVM" thing from a few different people and I want to make sure that it's clear that you actually can, given the correct hardware support. -- IRC: radix Christopher Armstrong Rackspace ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Can I run qemu-kvm in an OpenStack Instance
On 14 June 2013 09:18, Daniel Ellison wrote: > On Jun 13, 2013, at 5:05 PM, laclasse wrote: >> >> What is the guest OS? It seems the error "Module kvm not found" points to >> the missing kernel module rather than it not loading. >> Is the guest kernel > 2.6.23? Can you find a kvm.ko and kvm-intel.ko on the >> guest file system? > > > I did do a search for the kernel modules on the guest and they were not > found. The guest OS was generated from the > ubuntu-precise-server-cloudimg-amd64 image available from Ubuntu. uname -a > says (in part) "Linux image 3.2.0-45-virtual". install linux-image-generic, it will bring in linux-image-extra-$version-generic which has kvm. Cheers, Rob -- Robert Collins Distinguished Technologist HP Cloud Services ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Can I run qemu-kvm in an OpenStack Instance
On Jun 13, 2013, at 5:24 PM, David Stearns wrote: > > There's no reason using nested KVM shouldn't work so long as the hardware > supports it. Do you know what kind of hardware support is required? Obviously my host already supports CPU virtualization extensions. :) > Looks like http://dachary.org/?p=1318 provides a pretty good walkthrough on > getting it working on openstack. That looks like a great reference! I'll go through it and see if I did anything wrong or left anything out. Thanks, David. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Can I run qemu-kvm in an OpenStack Instance
On Jun 13, 2013, at 5:19 PM, "Parrott, Robert" wrote: > > No. You can't use KVM in a guest since it requires hardware virtualization. > Instead you need to use qemu in emulation mode. Refer to the devstack code > for how to set this up, since devatack will work in Amazon EC2. I will probably take a look at the devstack code, then. But the purpose of nested KVM is to allow direct access to the cpu virtualization extensions of the host machine from a properly-configured guest. That would be ideal. But all I REALLY want to do is create KVM images, not actually run them. If there's another way to do that, I'll be happy. Thanks, Dan ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Can I run qemu-kvm in an OpenStack Instance
No. You can't use KVM in a guest since it requires hardware virtualization. Instead you need to use qemu in emulation mode. Refer to the devstack code for how to set this up, since devatack will work in Amazon EC2. On Thu, Jun 13, 2013 at 4:54 PM, Daniel Ellison wrote: > On Jun 13, 2013, at 4:36 PM, Daniel Ellison wrote: >> libvirtd is already running on the guest. > One more data point: the guest does have the vmx capability enabled: > > Penryn > Intel > > > > > > > Dan > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Can I run qemu-kvm in an OpenStack Instance
On Jun 13, 2013, at 5:05 PM, laclasse wrote: > > What is the guest OS? It seems the error "Module kvm not found" points to the > missing kernel module rather than it not loading. > Is the guest kernel > 2.6.23? Can you find a kvm.ko and kvm-intel.ko on the > guest file system? I did do a search for the kernel modules on the guest and they were not found. The guest OS was generated from the ubuntu-precise-server-cloudimg-amd64 image available from Ubuntu. uname -a says (in part) "Linux image 3.2.0-45-virtual". I've installed libvirt-bin libvirt-dev kvm qemu qemu-kvm, and they brought in things like bridge-utils, etc. Thanks, Daniel ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] nova agent-* subcommands
Hi All agent-createCreates a new agent build. agent-deleteDeletes an existing agent build. agent-list List all builds agent-modifyModify an existing agent build. What is the purpose of these commands? Which documentation should I read to learn more about these "agnets"? Thanks Chris ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Openstack-operators] Horizon troubleshooting
On 13 June 2013 20:54, Igor Laskovy wrote: > So how I can determine what wrong with installation? I found that I can > turn on verbose logging for django Horizon app, but how? > Debug logs are your friend. Start with setting DEBUG = True in horizon's local_settings.py file. That'll give you your first clue. From there you'll need to enable debug in each subsequent service down the path (and restart the services to have it take effect) to find the source of the problem. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Can I run qemu-kvm in an OpenStack Instance
What is the guest OS? It seems the error "Module kvm not found" points to the missing kernel module rather than it not loading. Is the guest kernel > 2.6.23? Can you find a kvm.ko and kvm-intel.ko on the guest file system? I'd recommend looking at this for RHEL/CentOS/Fedora: http://kashyaspc.wordpress.com/2013/02/12/nested-virtualization-with-kvm-and-intel-on-fedora-18/ Hope this helps. On Thu, Jun 13, 2013 at 9:53 PM, Daniel Ellison wrote: > On Jun 13, 2013, at 4:36 PM, Daniel Ellison wrote: > > libvirtd is already running on the guest. > > One more data point: the guest does have the vmx capability enabled: > > > Penryn > Intel > > > > > > > > Dan > > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Can I run qemu-kvm in an OpenStack Instance
On Jun 13, 2013, at 4:36 PM, Daniel Ellison wrote: > libvirtd is already running on the guest. One more data point: the guest does have the vmx capability enabled: Penryn Intel Dan ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Can I run qemu-kvm in an OpenStack Instance
Hi all, I want to use veewee to create custom images for use in OpenStack. The catch here is that I want to run veewee in an OpenStack VM. I almost have everything working. The only catch is that qemu-kvm won't run. I've done lots of research and I believe I need what's called nested KVM. I get "Y" when I do a cat /sys/module/kvm_intel/parameters/nested on the host machine, so it's already enabled. libvirtd is already running on the guest. Is there anything else I need to do to get this going? When I try to manually start qemu-kvm it simple says "start: Job failed to start". A "sudo modprobe kvm" comes back with "FATAL: Module kvm not found." Same for kvm_intel. This is obviously a case of ignorance on my part. But I've spent the whole day trying to get this running. Can someone point me in the right direction? I know this isn't strictly an OpenStack issue, but I'm hoping someone here has come across this issue in the past. Thanks, Daniel ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] OpenStack API versions and release content
On Tue, Jun 11, 2013 at 4:46 PM, Farhan Patwa wrote: > Hi all, > I am just trying to understand the motivation behind creations API > versions and how that ties in to a release content. > As per listed documentation ( > http://docs.openstack.org/api/openstack-compute/2/content/Versions-d1e1193.html > ) > "New Features and functionality that break API-compatibility necessitate > a new version. When new API version are released older versions are marked > as deprecated." > > My questions are: > 1.) Is the assumption here that operators may update the release but opt > to stay with an older API version to get bug fixes etc.? > See #2 below. > 2.) Do new versions have to be deployed with a new release? Keystone has > V3 version, but I don't see it being available for use in devstack or > Grizzly release (based on my assumption that the command 'keystone > discover' will display supported API versions) > Not necessarily. Keystone grizzly/2013.1 ships with a revised paste configuration which deploys the new Identity API v3 via pipeline:api_v3 [1]. You don't need to deploy this new pipeline at all, and a folsom paste configuration will deploy an Identity API v2 implementation just as it did in folsom. The output of "keystone discover" operates based on how the service catalog is populated, which doesn't necessarily reflect the configured pipeline or what's provided by the implementation. [1]: https://github.com/openstack/keystone/blob/64738924b87e6fb31d999e25da23f889a2658940/etc/keystone-paste.ini#L78 > 3.) Do versions have their own release schedule (so Keystone V3 is part of > Grizzly code but the implementation is not yet complete or supported??) > There's no such thing as "Keystone v3," although that's a common misnomer. The Identity API (v2.0 -> v3.0 -> v3.1) is versioned independently from it's implementation, Keystone (... essex/2012.1 -> folsom/2012.2 -> grizzly/2013.1 -> etc). Several releases of keystone could be made without incrementing the API version. A release of keystone may contain an experimental/unstable/partial and unrecommended/undocumented implementation of a newer API. A release of keystone may even skip an API version if there was reason to do so. So, for example: - diablo supports Identity API v2.0 and was extensible to support a non-OpenStack Identity API (v1.1) - essex supports Identity API v2.0 - folsom supports Identity API v2.0 - grizzly supports Identity API v2.0 and Identity API v3.0 - havana will support Identity API v2.0 and Identity API v3.1 - icehouse will support Identity API v2.0 and at least Identity API v3.1 (if not v3.2) - J*release is not guaranteed to support Identity API v2.0 and will support at least Identity API v3.1 (if not v3.3) (where minor version bumps, e.g. v3.0 -> v3.1 are backwards compatible) In reality, if we ship a recommended API implementation, that API version is effectively feature frozen. So, while we could have continued to develop Identity API v3.0 past 2013.1, we documented it in the default configuration (keystone.conf.sample, devstack, etc) and shipped it with grizzly and are now working towards introducing backwards-compatible features under a minor version bump to the API that will ship with havana. > > I would really appreciate if someone can shed light on this. > > Thanks for your time, > > -Farhan Patwa. > > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > > ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Horizon troubleshooting
Hello all! Have installation of Grizzly and during log in to Horizon get "Something went wrong!" page after sent credentials. Apache log helpless. In other logs (system + other nova services) everything alright. So how I can determine what wrong with installation? I found that I can turn on verbose logging for django Horizon app, but how? -- Igor Laskovy facebook.com/igor.laskovy studiogrizzly.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Ceilometer- All meters are not getting updated
Hi Everyone, When I am running ceilometer, only some of the meters are getting updated.(When I see ceilometer meter-list , I could see only cpu_util, image, instance). What can be the reason that the other meters are not getting updated.?. Thanks, Johnu ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] [OSSA 2013-016] Unchecked user input in Swift XML responses (CVE-2013-2161)
OpenStack Security Advisory: 2013-016 CVE: CVE-2013-2161 Date: June 13, 2013 Title: Unchecked user input in Swift XML responses Reporter: Alex Gaynor (Rackspace) Products: Swift Affects: All versions Description: Alex Gaynor from Rackspace reported a vulnerability in XML handling within Swift account servers. Account strings were unescaped in XML listings, and an attacker could potentially generate unparsable or arbitrary XML responses which may be used to leverage other vulnerabilities in the calling software. Havana (development branch) fix: https://review.openstack.org/32905 Grizzly fix: https://review.openstack.org/32909 Folsom fix: https://review.openstack.org/32911 Notes: This fix will be included in the next release. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2161 https://bugs.launchpad.net/swift/+bug/1183884 -- Jeremy Stanley (fungi) OpenStack Vulnerability Management Team signature.asc Description: Digital signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] [OSSA 2013-015] Authentication bypass when using LDAP backend (CVE-2013-2157)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenStack Security Advisory: 2013-015 CVE: CVE-2013-2157 Date: June 13, 2013 Title: Authentication bypass when using LDAP backend Reporter: Jose Castro Leon (CERN) Products: Keystone Affects: Folsom, Grizzly Description: Jose Castro Leon from CERN reported a vulnerability in the way the Keystone LDAP backend authenticates users. When provided with an empty password, the backend would perform an anonymous LDAP bind that would result in successfully authenticating the user. An attacker could therefore easily impersonate and get valid tokens for any user. Only Keystone setups using LDAP authentication backend are affected. Havana (development branch) fix: https://review.openstack.org/#/c/32896/ Grizzly fix: https://review.openstack.org/#/c/32895/ Folsom fix: https://review.openstack.org/#/c/32894/ References: https://bugs.launchpad.net/keystone/+bug/1187305 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2157 - -- Thierry Carrez (ttx) OpenStack Vulnerability Management Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQIcBAEBCAAGBQJRue20AAoJEFB6+JAlsQQjiHQP/1Jd8p9Zezo70Vdm4oZksDzH IPuFfeCRUhLvDC1ygz33/7CbRkFtmJS8C+PG+WxiG/49bsCBfIN5fHlOf3DY2X1U 9zgodo3Tm/LwKCrpdceu4VCABt7CtO/CsHnuQGWBOf06MLDTqDvz3LQKpcPXO50l 1OHiOWEX9nbCkNKRCPfK4QfrzbJM5GufEeoEEfKk8ZctivvI2M56OcSiGMdOhGK8 Xw+0bGzBBZzBMhiMq2iw7y0JqWtRLTND/AAP1eyjbHL/xDG/rTtECGaGuONXjpSk WQRpWMznJY83fBnxnVAvKvf6OxG8IW8YNicvTgfx5v9gvX0U00r59y24ClnmvBxb oRWES8bRLHmjf8vTtfZwcATEfUUFZZK+9VUsaIRsRF6+gF/fbQq39SdVESQACvks Sf9/f/Tu6u+58Je2JaTmx3LLV6u12ellP/GUr31OyihKAxFGK4Y1tdrO3v4+u2ZF lSC361D5r5cczTosmXy5HjXwfjATaGuMb1ycDKCmO+98gsluQ1exDFnIXCw38weN KWJIp5zVCdTF0rqZCr3xDBSe4aukX8niBJNnvgJwELAddIWZ6FHUuEsgl3UPs7ZD E+issrQHaGtOJpNvoj17uxxnTY2VrtJ2AjxiU7y+hmt9tHh78rx+OhAdn7zPdoeT EEJ4OWpjLDKre9HsJVxX =kubz -END PGP SIGNATURE- ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Leftover /tmp/openstack-disk-mount-tmp files and Windows 7 instances
Hi, I'm having an issue in OpenStack Essex on Ubuntu 12.04 using nova-compute version 2012.1.3+stable-20120827-4d2a4afe-0ubuntu1.4 where there are many nbd disk mounts left over from booting Windows 7 virtual machines. Also, (I think) once the instance is deleted the nbd process holds onto the deleted file. Has anyone seen this before? I've done quite a bit of googling but haven't found anyone with similar issues. I thought I'd ask the list before I really dived into the code. $ mount | grep openstack /dev/mapper/nbd15p1 on /tmp/openstack-disk-mount-tmp86qoQE type fuseblk (rw,nosuid,nodev,allow_other,blksize=4096) /dev/mapper/nbd14p1 on /tmp/openstack-disk-mount-tmpUzs31L type fuseblk (rw,nosuid,nodev,allow_other,blksize=4096) /dev/mapper/nbd13p1 on /tmp/openstack-disk-mount-tmpGywuh7 type fuseblk (rw,nosuid,nodev,allow_other,blksize=4096) /dev/mapper/nbd12p1 on /tmp/openstack-disk-mount-tmpCqaql2 type fuseblk (rw,nosuid,nodev,allow_other,blksize=4096) /dev/mapper/nbd10p1 on /tmp/openstack-disk-mount-tmppdq4Mq type fuseblk (rw,nosuid,nodev,allow_other,blksize=4096) /dev/mapper/nbd9p1 on /tmp/openstack-disk-mount-tmp7hIhDU type fuseblk (rw,nosuid,nodev,allow_other,blksize=4096) /dev/mapper/nbd8p1 on /tmp/openstack-disk-mount-tmp0AAVq7 type fuseblk SNIP! Right now on six compute nodes I have 74 of these "lost" mounts. Any thoughts on that? ): Thanks, Curtis. -- Twitter: @serverascode Blog: serverascode.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Connecting to Keystone from a different port using HAproxy
I may have found a solution to my problem, but I am not sure it will help you much. I created an entry in hosts that named my internal ip "local-internal" and then I bound keystone to that ip. Next I configured the pacemaker resource agent to check "local-internal" which will, of course, be different on each node. It seems to work quite well. Sorry that this probably doesn't help you, Sam On Thu, Jun 13, 2013 at 10:19 AM, Aaron Knister wrote: > Hi Sam > > I don't have a fix but I actually had the same problem but for a different > reason. I was trying to run keystone via apache and listen on multiple > ports to support regular auth and external auth. I couldn't figure out how > to map additional ports within keytstone. I'm very much interested in the > solution here. > > Sent from my iPhone > > On Jun 13, 2013, at 9:27 AM, Samuel Winchenbach > wrote: > > Hi All, > > I am attempting to set up a high availability openstack cluster. > Currently, using pacemaker, I create a Virtual IP for all the highly > available service, launch haproxy to proxy all the requests and clone > keystone to all the nodes. The idea being that the requests come into > haproxy and are load balanced across all the nodes. > > > To do this I have keystone listen on 26000 for admin, and 26001 for > public. haproxy listens on 35357 and 5000 respectively (these ports are > bound to the VIP). The problem with setup is that my log is filling > (MB/min) with this warning: > > 2013-06-13 09:20:18 INFO [access] 127.0.0.1 - - [13/Jun/2013:13:20:18 > +] "GET http://10.80.255.1:35357/v2.0/users HTTP/1.0" 200 915 > 2013-06-13 09:20:18 WARNING [keystone.contrib.stats.core] Unable to > resolve API as either public or admin: 10.80.255.1:35357 > ... > ... > > where 10.80.255.1 is my VIP for highly available services. I traced down > that module and added a few lines of code for debugging and it turns out > that if checks to see if the incoming connection matches a port in the > config file. In my case it does not. > > I can not just bind keystone to the internal ip and leave the port as > their defaults because the way pacemaker checks to see if services are > alive is by sending requests to service it is monitoring, and I do not want > to send requests to the VIP because any instance of keystone could respond. > Basically I would I have to write a pacemaker rule for each node and it > would become messy quite quickly. > > Does anyone see something I could do differently, or a fix for my current > situation? > > Thanks, > Sam > > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > > ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Connecting to Keystone from a different port using HAproxy
Hi Sam I don't have a fix but I actually had the same problem but for a different reason. I was trying to run keystone via apache and listen on multiple ports to support regular auth and external auth. I couldn't figure out how to map additional ports within keytstone. I'm very much interested in the solution here. Sent from my iPhone On Jun 13, 2013, at 9:27 AM, Samuel Winchenbach wrote: > Hi All, > > I am attempting to set up a high availability openstack cluster. Currently, > using pacemaker, I create a Virtual IP for all the highly available service, > launch haproxy to proxy all the requests and clone keystone to all the nodes. > The idea being that the requests come into haproxy and are load balanced > across all the nodes. > > > To do this I have keystone listen on 26000 for admin, and 26001 for public. > haproxy listens on 35357 and 5000 respectively (these ports are bound to the > VIP). The problem with setup is that my log is filling (MB/min) with this > warning: > > 2013-06-13 09:20:18 INFO [access] 127.0.0.1 - - [13/Jun/2013:13:20:18 > +] "GET http://10.80.255.1:35357/v2.0/users HTTP/1.0" 200 915 > 2013-06-13 09:20:18 WARNING [keystone.contrib.stats.core] Unable to resolve > API as either public or admin: 10.80.255.1:35357 > ... > ... > > where 10.80.255.1 is my VIP for highly available services. I traced down > that module and added a few lines of code for debugging and it turns out that > if checks to see if the incoming connection matches a port in the config > file. In my case it does not. > > I can not just bind keystone to the internal ip and leave the port as their > defaults because the way pacemaker checks to see if services are alive is by > sending requests to service it is monitoring, and I do not want to send > requests to the VIP because any instance of keystone could respond. > Basically I would I have to write a pacemaker rule for each node and it would > become messy quite quickly. > > Does anyone see something I could do differently, or a fix for my current > situation? > > Thanks, > Sam > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Connecting to Keystone from a different port using HAproxy
Hi All, I am attempting to set up a high availability openstack cluster. Currently, using pacemaker, I create a Virtual IP for all the highly available service, launch haproxy to proxy all the requests and clone keystone to all the nodes. The idea being that the requests come into haproxy and are load balanced across all the nodes. To do this I have keystone listen on 26000 for admin, and 26001 for public. haproxy listens on 35357 and 5000 respectively (these ports are bound to the VIP). The problem with setup is that my log is filling (MB/min) with this warning: 2013-06-13 09:20:18 INFO [access] 127.0.0.1 - - [13/Jun/2013:13:20:18 +] "GET http://10.80.255.1:35357/v2.0/users HTTP/1.0" 200 915 2013-06-13 09:20:18 WARNING [keystone.contrib.stats.core] Unable to resolve API as either public or admin: 10.80.255.1:35357 ... ... where 10.80.255.1 is my VIP for highly available services. I traced down that module and added a few lines of code for debugging and it turns out that if checks to see if the incoming connection matches a port in the config file. In my case it does not. I can not just bind keystone to the internal ip and leave the port as their defaults because the way pacemaker checks to see if services are alive is by sending requests to service it is monitoring, and I do not want to send requests to the VIP because any instance of keystone could respond. Basically I would I have to write a pacemaker rule for each node and it would become messy quite quickly. Does anyone see something I could do differently, or a fix for my current situation? Thanks, Sam ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Cinder problems with usage and caching ?
Thanks for taking the trouble to do that Heiko, as you can see that's been open a while and we're having trouble reproducing the problem, any information you can supply about your situation would be welcome. eg, errors in log files or the contents of your database as Duncan suggested in that bug. Ollie On Thu 13 Jun 2013 09:55:53 IST, Heiko Krämer wrote: Hey Ollie, yeah thx, I've found yesterday an existing bug report. https://bugs.launchpad.net/cinder/+bug/1174193 Thx and greetings Heiko On 12.06.2013 17:05, Ollie Leahy wrote: This looks like a bug, so you could raise a bug on cinder at https://bugs.launchpad.net/cinder/+filebug When you do you could include information about the version of cinder you are using, is it grizzy, folsom or are you testing on head? Also, if you can include any context information for example had that project id had used more quota in the past and deleted it? It would also be useful to search through any cinder logs for other error warnings, in case there was a failure in the past, when quota was either consumed or recovered by this project and where the operation was not completed successfully. Ollie On 12/06/13 10:02, Heiko Krämer wrote: Hi guys, I'm running in a problem raised by cinder api. I'll show you the log output it's more then my explaination :) 2013-06-12 10:50:13AUDIT [cinder.api.v1.volumes] Create volume of 30 GB 2013-06-12 10:50:13 WARNING [cinder.volume.api] Quota exceeded for d4e1c14691d841f6b53a24b6c4c42a0e, tried to create 30G volume (172G of 200G already consumed) 2013-06-12 10:50:13ERROR [cinder.api.middleware.fault] Caught error: Requested volume or snapshot exceeds allowed Gigabytes quota root@api2:~# cinder list +--++-+--+-+--+--+ | ID | Status | Display Name| Size | Volume Type | Bootable | Attached to | +--++-+--+-+--+--+ | 6ce6f626-2d2b-4a17-8933-13e196fa650c | in-use | bosh| 10 | default | false | 567a4c86-08ab-43cd-b9bc-3b220f2bf262 | | 8822b84b-595e-4b6f-9636-472dae7c33a4 | in-use | volume-64e51c64-5da4-4981-9b05-f7abfc6695b1 | 16 | None| false | 65f33296-c2b0-4824-b887-359ee0462b56 | | d56e5a86-f6d1-43ed-b125-2ff977aefa24 | in-use | volume-363573c1-05d6-4484-9aad-0919e47546e0 | 5 | None| false | fbb809d5-71f3-4a78-9cb7-4913c1e0af83 | | f7506174-4ae4-4a3c-928f-47b785bb35f5 | in-use | volume-385997c8-709c-4fa2-9d5b-ca2bba9d4e87 | 7 | None| false | 0f1ab672-043a-4361-afd5-9f2ddd818ed8 | +--++-+--+-+--+--+ root@api2:~# cinder quota-show d4e1c14691d841f6b53a24b6c4c42a0e +---+---+ | Property | Value | +---+---+ | gigabytes | 200 | | snapshots | 20 | | volumes | 30 | +---+---+ you see I consume only 38GB of 200GB and not 172GB (log). It's anything wrong with caching by cinder ? Have anyone the same problem or any hints ? Greetings Heiko ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Cinder problems with usage and caching ?
Hey Ollie, yeah thx, I've found yesterday an existing bug report. https://bugs.launchpad.net/cinder/+bug/1174193 Thx and greetings Heiko On 12.06.2013 17:05, Ollie Leahy wrote: > This looks like a bug, so you could raise a bug on cinder at > https://bugs.launchpad.net/cinder/+filebug > > When you do you could include information about the version of cinder > you are using, is it grizzy, folsom or are you testing on head? > > Also, if you can include any context information for example had that > project id had used more quota in the past and deleted it? > > It would also be useful to search through any cinder logs for other > error warnings, in case there was a failure in the past, when quota > was either consumed or recovered by this project and where the > operation was not completed successfully. > > Ollie > > > > > On 12/06/13 10:02, Heiko Krämer wrote: >> Hi guys, >> >> I'm running in a problem raised by cinder api. >> >> I'll show you the log output it's more then my explaination :) >> >> >> 2013-06-12 10:50:13AUDIT [cinder.api.v1.volumes] Create volume of >> 30 GB >> 2013-06-12 10:50:13 WARNING [cinder.volume.api] Quota exceeded for >> d4e1c14691d841f6b53a24b6c4c42a0e, tried to create 30G volume (172G of >> 200G already consumed) >> 2013-06-12 10:50:13ERROR [cinder.api.middleware.fault] Caught error: >> Requested volume or snapshot exceeds allowed Gigabytes quota >> >> >> root@api2:~# cinder list >> +--++-+--+-+--+--+ >> >> | ID | Status | >> Display Name| Size | Volume Type | Bootable >> | Attached to | >> +--++-+--+-+--+--+ >> >> | 6ce6f626-2d2b-4a17-8933-13e196fa650c | in-use | >> bosh| 10 | default | false | >> 567a4c86-08ab-43cd-b9bc-3b220f2bf262 | >> | 8822b84b-595e-4b6f-9636-472dae7c33a4 | in-use | >> volume-64e51c64-5da4-4981-9b05-f7abfc6695b1 | 16 | None| >> false | 65f33296-c2b0-4824-b887-359ee0462b56 | >> | d56e5a86-f6d1-43ed-b125-2ff977aefa24 | in-use | >> volume-363573c1-05d6-4484-9aad-0919e47546e0 | 5 | None| >> false | fbb809d5-71f3-4a78-9cb7-4913c1e0af83 | >> | f7506174-4ae4-4a3c-928f-47b785bb35f5 | in-use | >> volume-385997c8-709c-4fa2-9d5b-ca2bba9d4e87 | 7 | None| >> false | 0f1ab672-043a-4361-afd5-9f2ddd818ed8 | >> +--++-+--+-+--+--+ >> >> >> >> root@api2:~# cinder quota-show d4e1c14691d841f6b53a24b6c4c42a0e >> +---+---+ >> | Property | Value | >> +---+---+ >> | gigabytes | 200 | >> | snapshots | 20 | >> | volumes | 30 | >> +---+---+ >> >> >> >> you see I consume only 38GB of 200GB and not 172GB (log). >> It's anything wrong with caching by cinder ? Have anyone the same >> problem or any hints ? >> >> >> Greetings >> Heiko >> >> ___ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp > ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp