[Openstack] [Quantum] Floodlight plugin: request for doc assistance
All: I'm trying to figure out how the Floodlight plugin for Quantum works, so we can document it fully. Unfortunately, I haven't been able to get it working. I've started a wiki page on how to set up Floodlight at https://wiki.openstack.org/wiki/Quantum/FloodlightPluginSetup. If somebody has been successful with Floodlight and could help complete this, please let me know. Once this is working, I can transfer it to the DocBook docs. Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Quantum conceptual question (bridges)
Édouard: I didn't realize that there's a Linux software bridge inolved when security groups are enabled. However, this doesn't really answer my original question. I asked about the fact that there seemed to be two openvswitch bridges that packets have to cross to get from the virtual interface (say, vnet0) to the physical interface (say, eth2) on the host, assuming the openvswitch plugin and using vlan for transport. vnet0 <--> br-int <--> br-eth2 <--> eth2. Based on your answer, I see that there are actually three bridges that packets have to traverse when using security groups: vnet0 <--> qbr <--> br-int <--> br-eth2 <--> eth2 Is this view correct? If so, is there a performance penalty (e.g., increased latency, reduced bandwidth) for having to cross two Open vSwitch bridges: br-int and br-eth2? If there is a penalty, I was curious as to whether this splitting into two bridges was done because it isn't possible to implement the desired functionality using a single openvswitch bridge, or if there was some other reason why it was split out into two (e.g., to simplify the implementation). Lorin On Tue, May 7, 2013 at 2:38 AM, Édouard Thuleau wrote: > OVS is not compatible with iptables + ebtables rules that are applied > directly on VIF ports. > So the libvirt_vif_driver 'nova.virt.libvirt.vif.LibvirtHybirdOVSBridgeDriver' > create a Linux software bridge to be able to apply security group rules > with iptables. > > If you don't need the security group functionalities, you can > use libvirt_vif_driver > 'nova.virt.libvirt.vif.LibvirtOpenVswitchVirtualPortDriver' > or 'nova.virt.libvirt.vif.LibvirtOpenVswitchDriver' (depends on your > libvirt version). > http://docs.openstack.org/trunk/openstack-network/admin/content/nova_with_quantum_vifplugging_ovs.html > > I think this point must be listed in the limitations page of the OpenStack > Networking Admin guide > http://docs.openstack.org/grizzly/openstack-network/admin/content/ch_limitations.html > > Édouard. > > On Tue, May 7, 2013 at 2:46 AM, Lorin Hochstein > wrote: > >> I'm trying to wrap my head around how Quantum works. If understanding >> things correctly, when using the openvswitch plugin, a packet traveling >> from a guest out to the physical switch has to cross two software bridges: >> >> 1. br-int >> 2. br-ethN or br-tun (depending on whether using VLANs or GRE tunnels) >> >> So, I think I understand the motivation behind this: the integration >> bridge handles the rules associated with the virtual networks defined by >> OpenStack users, and the (br-ethN | br-tun) bridge handles the rules >> associated with moving the packets across the physical network. >> >> My question is: Does having two software bridges in the path incur a >> larger network performance penalty than if there was only a single software >> bridge between the VIF and the physical network interface? >> >> If so, was Quantum implemented this way because it's simply not possible >> to achieve the desired functionality using a single openvswitch bridge, or >> was it because using the dual-bridge approach simplified the >> implementation, or was there some other reason? >> >> Lorin >> -- >> Lorin Hochstein >> Lead Architect - Cloud Services >> Nimbis Services, Inc. >> www.nimbisservices.com >> >> ___ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp >> >> > -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Quantum conceptual question (bridges)
I'm trying to wrap my head around how Quantum works. If understanding things correctly, when using the openvswitch plugin, a packet traveling from a guest out to the physical switch has to cross two software bridges: 1. br-int 2. br-ethN or br-tun (depending on whether using VLANs or GRE tunnels) So, I think I understand the motivation behind this: the integration bridge handles the rules associated with the virtual networks defined by OpenStack users, and the (br-ethN | br-tun) bridge handles the rules associated with moving the packets across the physical network. My question is: Does having two software bridges in the path incur a larger network performance penalty than if there was only a single software bridge between the VIF and the physical network interface? If so, was Quantum implemented this way because it's simply not possible to achieve the desired functionality using a single openvswitch bridge, or was it because using the dual-bridge approach simplified the implementation, or was there some other reason? Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] How to integrate Cloudsim
Harry: I believe that Cloudsim is a cloud simulator, intended to be run on your local desktop/laptop. You wouldn't actually run it on a cloud such as OpenStack. Take care, Lorin On Tue, Apr 30, 2013 at 8:18 AM, harryxiyou wrote: > Hi all, > > I just wonder how to integrate Cloudsim(https://code.google.com/p/cloudsim > ) > into Openstack, that is to say i wanna use Cloudsim in local clouds with > Openstack. Would anyone please give me some suggestions about this > one? Or give me an example patch that is integrated into Openstack. Thanks > very much in advance ;-) > > -- > Thanks > Harry Wei > > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Should we discourage KVM block-based live migration?
On Wed, Apr 24, 2013 at 11:59 AM, Daniel P. Berrange wrote: > On Wed, Apr 24, 2013 at 11:48:35AM -0400, Lorin Hochstein wrote: > > In the docs, we describe how to configure KVM block-based live migration, > > and it has the advantage of avoiding the need for shared storage of > > instances. > > > > However, there's this email from Daniel Berrangé from back in Aug 2012: > > http://osdir.com/ml/openstack-cloud-computing/2012-08/msg00293.html > > > > "Block migration is a part of the KVM that none of the upstream > developers > > really like, is not entirely reliable, and most distros typically do not > > want to support it due to its poor design (eg not supported in RHEL). > > > > It is quite likely that it will be removed in favour of an alternative > > implementation. What that alternative impl will be, and when I will > > arrive, I can't say right now." > > > > Based on this info, the OpenStack Ops guide currently recommends against > > using block-based live migration, but the Compute Admin guide has no > > warnings about this. > > > > I wanted to sanity-check against the mailing list to verify that this was > > still the case. What's the state of block-based live migration with KVM? > > Should we say be dissuading people from using it, or is it reasonable for > > people to use it? > > What I wrote above about the existing impl is still accurate. The new > block migration code is now merged into libvirt and makes use of an > NBD server built-in to the QMEU process todo block migration. API > wise it should actually work in the same way as the existing deprecated > block migration code. So if you have new enough libvirt and new enough > KVM, it probably ought to 'just work' with openstack without needing > any code changes in nova. I have not actually tested this myself > though. > > So we can probably update the docs - but we'd want to checkout just > what precise versions of libvirt + qemu are needed, and have someone > check that it does in fact work. > > Thanks, Daniel. I can update the docs accordingly. How can I find out what are the minimum versions of libvirt and qemu are needed? Also, I noticed you said "qemu" and not "kvm", and I see that http://wiki.qemu.org/KVM says that qemu-kvm fork for x86 is "deprecated, use upstream QEMU now". Is it the case now that when using KVM as the hypervisor for a host, an admin will just install a "qemu" package instead of a "qemu-kvm" package to get the userspace stuff? Lorin ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Should we discourage KVM block-based live migration?
In the docs, we describe how to configure KVM block-based live migration, and it has the advantage of avoiding the need for shared storage of instances. However, there's this email from Daniel Berrangé from back in Aug 2012: http://osdir.com/ml/openstack-cloud-computing/2012-08/msg00293.html "Block migration is a part of the KVM that none of the upstream developers really like, is not entirely reliable, and most distros typically do not want to support it due to its poor design (eg not supported in RHEL). It is quite likely that it will be removed in favour of an alternative implementation. What that alternative impl will be, and when I will arrive, I can't say right now." Based on this info, the OpenStack Ops guide currently recommends against using block-based live migration, but the Compute Admin guide has no warnings about this. I wanted to sanity-check against the mailing list to verify that this was still the case. What's the state of block-based live migration with KVM? Should we say be dissuading people from using it, or is it reasonable for people to use it? Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Grizzly release notes and the never-ending image-cache-manager issue
On Thu, Apr 4, 2013 at 4:45 PM, Michael Still wrote: > On Fri, Apr 5, 2013 at 7:20 AM, Lorin Hochstein > wrote: > > Michael (et al): > > > > The Grizzly release notes > > <https://wiki.openstack.org/wiki/ReleaseNotes/Grizzly> say: > > > > "The image-cache-manager has been turned on by default. This may have > > potential issues for users who are using a shared filesystem for their > > instances_path. Set remove_unused_base_images=false in your nova.conf > file > > on your compute nodes to revert this behaviour." > > > > My understanding was that in Grizzly, this wasn't an issue since shared > > storage was automatically detected (e.g. > > https://bugs.launchpad.net/nova/+bug/1075018) > > This is my understanding as well -- that we now detect shared storage > and do the right thing. I don't have any data on how much real world > testing that code has experienced though. > > > Is it safe to zap this from the release notes? > > Safe is a relative thing. I'd be more comfortable if I knew that > someone had deployed the code and had a good experience, but when I > ask on the operators list I get puzzled stares... > > Michael > I reworded the release note as follows: Grizzly should now be able to detect when a shared filesystem is being used for instances path, eliminating a bug in previous versions where the image cache manager erroneously deleted images that were in use on shared filesystems. However, this bugfix has not been extensively tested in production environments. If you wish to be conservative, you may set image_cache_manager_interval=0 in your nova.conf file on your compute nodes to prevent the image cache manager from deleting any images. Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Grizzly release notes and the never-ending image-cache-manager issue
Michael (et al): The Grizzly release notes < https://wiki.openstack.org/wiki/ReleaseNotes/Grizzly> say: "The image-cache-manager has been turned on by default. This may have potential issues for users who are using a shared filesystem for their instances_path. Set remove_unused_base_images=false in your nova.conf file on your compute nodes to revert this behaviour." My understanding was that in Grizzly, this wasn't an issue since shared storage was automatically detected (e.g. https://bugs.launchpad.net/nova/+bug/1075018) Is it safe to zap this from the release notes? Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] DHCP lease not accepted when libvirt_use_virtio_for_bridges=true
On Fri, Mar 22, 2013 at 11:55 PM, Lorin Hochstein
wrote:
>
> On Thu, Mar 21, 2013 at 12:00 PM, Vishvananda Ishaya <
> vishvana...@gmail.com> wrote:
>
>> Well phooey:
>>
>> 987 if network_ref['multi_host']:
>> 988 _add_dhcp_mangle_rule(dev)
>>
>> The mangle rule is only added my nova-network in multihost mode.
>>
>> Can you verify whether or not adding the rule on the compute or network
>> node fixes it?
>>
>> That way we can either remove the check on multi_host or add it in
>> plug_vif on the
>> compute host.
>>
>>
>
> I'll check on this and get back to you.
>
> As an aside, note that we're *not* running with the vhost-net kernel
> module loaded, and the mangle rule only gets applied if this module is
> loaded:
>
>
> https://github.com/openstack/nova/blob/master/nova/network/linux_net.py#L885
>
> 884 def _add_dhcp_mangle_rule(dev):
> 885 if not os.path.exists('/dev/vhost-net'):
> 886 return
>
> So, either this situation can occur even without vhost-net, or I'm hitting
> a different issue.
>
>
>
>> BTW:
>>
>> iptables -D POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM
>>>> --checksum-fill
>>>>
>>>
>>
>> that should be -A not -D
>>
>>
> D'oh! I'll make sure that's correct when I do the testing.
>
>
>
OK, I've tested this again, and I'm having the same problem. I'm able to
get DHCP addresses for Ubuntu instances, but not CentOS ones. If I do a
"tcpdump" on the "vnetX" interface, I can see the DHCP request and replies.
listening on vnet1, link-type EN10MB (Ethernet), capture size 65535 bytes
14:20:15.124839 IP 10.40.0.2.68 > 255.255.255.255.67: BOOTP/DHCP, Request
from fa:16:3e:6b:d3:44, length 300
14:20:48.204962 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request
from fa:16:3e:5a:e9:f9, length 300
14:20:48.205023 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request
from fa:16:3e:5a:e9:f9, length 300
14:20:48.205596 IP 10.40.0.1.67 > 10.40.0.6.68: BOOTP/DHCP, Reply, length
320
But if I do the tcpdump on eth0 inside the CentOS instances, I don't see
the DHCP reply packets. They aren't making it from vnet1 to eth0.
This is Folsom with nova-network, running in FlatDHCP, non-multi host, on
Ubuntu12.04.
I tried adding the iptables rule, but alas, it didn't resolve my issue.
iptables -A POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM
--checksum-fill
Here are the various things I've tried
* Adding the checksum rule to iptables nova-network node
* Adding the checksum rule to the nova-compute node
* Setting libvirt_use_virtio_for_bridge to "yes" and "no" (restarting
nova-compute, re-launching instances)
* With and without vhost_net loaded in nova-compute (restarting
nova-compute, re-launching instances)
* Disabling ipv6 inside of the CentOS guest
If I VNC into the instance and put a static IP on it, like this, it still
doesn't have connectivity to the outside:
ip addr add 10.40.0.2/16 broadcast 10.40.255.255 dev eth0
Since it works with Ubuntu but not CentOS guests, on the same compute node,
I assume there's something about the configuration of the CentOS guest that
isn't working properly with my setup. But, at this point, I'm really
stumped.
Lorin
> Lorin
>
>
>
>
>> Vish
>>
>> On Mar 20, 2013, at 1:43 PM, Lorin Hochstein
>> wrote:
>>
>>
>> On Wed, Mar 20, 2013 at 4:15 PM, Nathanael Burton <
>> nathanael.i.bur...@gmail.com> wrote:
>>
>>> On Wed, Mar 20, 2013 at 3:51 PM, Lorin Hochstein <
>>> lo...@nimbisservices.com> wrote:
>>>
>>>> I'm doing a Folsom deployment with FlatDHCP (not multihost).
>>>>
>>>> When I try to boot a quantal image, the instance doesn't pick up the
>>>> DHCP lease. I've confirmed that dnsmasq is sending out the DHCPOFFER, and I
>>>> can see by tcpdump on the compute host that the DHCP packets are making it
>>>> to the vnet0 interface.
>>>>
>>>>
>>>> Note that I tried adding this iptables rule as mentioned here <
>>>> https://github.com/mseknibilel/OpenStack-Folsom-Install-guide/issues/14>,
>>>> but that didn't resolve it.
>>>>
>>>> iptables -D POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM
>>>> --checksum-fill
>>>>
>>>>
>>>>
>>>> However, the problem goes away if I change this setting on the compute
>>>> hosts in /etc/nova/nova.conf
>>>>
>&
Re: [Openstack] Forcing a VM to a specific node in grizzly
Anne: I read that as meaning you can now control who has access to do this via policy.json, but the UI for doing it still uses the --availability-zone flag. I documented my understanding here: < https://review.openstack.org/25804>, but we should wait for Phil Day's response. Lorin On Sun, Mar 31, 2013 at 10:06 PM, Anne Gentle wrote: > Woops, hit send too soon. > > I made the doc change based on this mailing list post by Phil Day. > https://lists.launchpad.net/openstack/msg19784.html > Which was in this doc bug: > https://bugs.launchpad.net/openstack-manuals/+bug/1096168 > > Phil, can you verify on a grizzly install and post the correct commands > and results? > > Thanks, > Anne > > > On Sat, Mar 30, 2013 at 9:56 PM, Vishvananda Ishaya > wrote: > >> I wasn't aware that force_hosts actually works. Someone should probably >> verify. The availability zone method still works in grizzly. >> >> Vish >> >> On Mar 30, 2013, at 6:42 PM, Lorin Hochstein >> wrote: >> >> I see that in grizzly an admin can use a scheduler hint to force a VM to >> launch on a particular host, e.g.: >> >> nova boot --image 1 --flavor 2 --key_name test --hint force_hosts=server2 >> my-first-server >> (from: >> http://docs.openstack.org/trunk/openstack-compute/admin/content/specify-host-to-boot-instances-on.html >> ) >> >> In Folsom, an admin could do this with the availability zone flag: >> >> nova boot --image --flavor m1.tiny --key_name test >> --availability-zone nova:server2 >> >> (from: >> http://docs.openstack.org/trunk/openstack-compute/admin/content/specify-zone-to-boot-instances-on.html >> ) >> >> Does the second method work in grizzly as well? If so, should we >> recommend one approach over the other in the docs? >> >> Lorin >> >> ___ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp >> >> >> >> ___ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp >> >> > -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Forcing a VM to a specific node in grizzly
Vish: I suspect there's a Grizzly doc bug here. The Folsom docs say < http://docs.openstack.org/folsom/openstack-compute/admin/content/specify-host-to-boot-instances-on.html >: "With the Folsom release it is no longer possible to indicate a specific compute host to use to boot an instance with the --force_hosts parameter. See bug 1061665 for further discussion." However, the Grizzly docs say < http://docs.openstack.org/trunk/openstack-compute/admin/content/specify-host-to-boot-instances-on.html >: With the Grizzly release, the provider can change the policy to enable users to choose a specific host to launch a VM instance upon using the create:forced_host setting within policy.json on certain roles, such as an admin role. ... You can now select the host on which the instance would be spawned, using the "--hint" flag: $ nova boot --image 1 --flavor 2 --key_name test --hint force_hosts=server2 my-first-server --- Doc patch which introduced this change here: < https://review.openstack.org/25341> My guess is that the doc editor misunderstood the implication of the create:forced_host setting, and that --force_hosts still no longer works. I'm going to zap that and add the original author as reviewer to ensure things are OK. On Sat, Mar 30, 2013 at 10:56 PM, Vishvananda Ishaya wrote: > I wasn't aware that force_hosts actually works. Someone should probably > verify. The availability zone method still works in grizzly. > > Vish > > On Mar 30, 2013, at 6:42 PM, Lorin Hochstein > wrote: > > I see that in grizzly an admin can use a scheduler hint to force a VM to > launch on a particular host, e.g.: > > nova boot --image 1 --flavor 2 --key_name test --hint force_hosts=server2 > my-first-server > (from: > http://docs.openstack.org/trunk/openstack-compute/admin/content/specify-host-to-boot-instances-on.html > ) > > In Folsom, an admin could do this with the availability zone flag: > > nova boot --image --flavor m1.tiny --key_name test > --availability-zone nova:server2 > > (from: > http://docs.openstack.org/trunk/openstack-compute/admin/content/specify-zone-to-boot-instances-on.html > ) > > Does the second method work in grizzly as well? If so, should we recommend > one approach over the other in the docs? > > Lorin > > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > > > -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Forcing a VM to a specific node in grizzly
I see that in grizzly an admin can use a scheduler hint to force a VM to launch on a particular host, e.g.: nova boot --image 1 --flavor 2 --key_name test --hint force_hosts=server2 my-first-server (from: http://docs.openstack.org/trunk/openstack-compute/admin/content/specify-host-to-boot-instances-on.html ) In Folsom, an admin could do this with the availability zone flag: nova boot --image --flavor m1.tiny --key_name test --availability-zone nova:server2 (from: http://docs.openstack.org/trunk/openstack-compute/admin/content/specify-zone-to-boot-instances-on.html ) Does the second method work in grizzly as well? If so, should we recommend one approach over the other in the docs? Lorin ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] DHCP lease not accepted when libvirt_use_virtio_for_bridges=true
On Thu, Mar 21, 2013 at 12:00 PM, Vishvananda Ishaya
wrote:
> Well phooey:
>
> 987 if network_ref['multi_host']:
> 988 _add_dhcp_mangle_rule(dev)
>
> The mangle rule is only added my nova-network in multihost mode.
>
> Can you verify whether or not adding the rule on the compute or network
> node fixes it?
>
> That way we can either remove the check on multi_host or add it in
> plug_vif on the
> compute host.
>
>
I'll check on this and get back to you.
As an aside, note that we're *not* running with the vhost-net kernel module
loaded, and the mangle rule only gets applied if this module is loaded:
https://github.com/openstack/nova/blob/master/nova/network/linux_net.py#L885
884 def _add_dhcp_mangle_rule(dev):
885 if not os.path.exists('/dev/vhost-net'):
886 return
So, either this situation can occur even without vhost-net, or I'm hitting
a different issue.
> BTW:
>
> iptables -D POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM
>>> --checksum-fill
>>>
>>
>
> that should be -A not -D
>
>
D'oh! I'll make sure that's correct when I do the testing.
Lorin
> Vish
>
> On Mar 20, 2013, at 1:43 PM, Lorin Hochstein
> wrote:
>
>
> On Wed, Mar 20, 2013 at 4:15 PM, Nathanael Burton <
> nathanael.i.bur...@gmail.com> wrote:
>
>> On Wed, Mar 20, 2013 at 3:51 PM, Lorin Hochstein <
>> lo...@nimbisservices.com> wrote:
>>
>>> I'm doing a Folsom deployment with FlatDHCP (not multihost).
>>>
>>> When I try to boot a quantal image, the instance doesn't pick up the
>>> DHCP lease. I've confirmed that dnsmasq is sending out the DHCPOFFER, and I
>>> can see by tcpdump on the compute host that the DHCP packets are making it
>>> to the vnet0 interface.
>>>
>>>
>>> Note that I tried adding this iptables rule as mentioned here <
>>> https://github.com/mseknibilel/OpenStack-Folsom-Install-guide/issues/14>,
>>> but that didn't resolve it.
>>>
>>> iptables -D POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM
>>> --checksum-fill
>>>
>>>
>>>
>>> However, the problem goes away if I change this setting on the compute
>>> hosts in /etc/nova/nova.conf
>>>
>>> libvirt_use_virtio_for_bridges=true
>>>
>>> to:
>>>
>>>libvirt_use_virtio_for_bridges=false
>>>
>>>
>>> Anybody know what would cause this?
>>>
>>>
>>> I'm on Ubuntu 12.04 with the cloud-archive packages, with KVM as the
>>> hypervisor
>>>
>>>
>>> You didn't restart nova-network without killing and restarting dnsmasq,
>> did you?
>>
>> Nate
>>
>>
>>
> Of course not! (Well, maybe...). But just tried again, killing dnsmasq and
> restarting nova-network doesn't seem to help. I'm guessing the issue is
> confined to the compute node, and since I'm not running multihost, I don't
> think I even need to restart nova-network each time I make a virtio-related
> change on the compute node...
>
> Lorin
>
>
> --
> Lorin Hochstein
> Lead Architect - Cloud Services
> Nimbis Services, Inc.
> www.nimbisservices.com
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
>
>
>
--
Lorin Hochstein
Lead Architect - Cloud Services
Nimbis Services, Inc.
www.nimbisservices.com
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
Re: [Openstack] nova-compute and querying keystone for glance endpoint
On Wed, Mar 20, 2013 at 12:12 AM, Nathanael Burton < nathanael.i.bur...@gmail.com> wrote: > On Mar 19, 2013 11:56 PM, "Lorin Hochstein" > wrote: > > OK, so I'm not crazy, that means that I really do need to do something > like: > > > > glance_api_servers=192.168.206.130:9292 > > > > or (since the default port is used) > > > > glance_host=192.168.206.130 > > > > > > Lorin > > Kinda, if using FLAGS.glance_api_servers you still need to specify the > port because the code will default to port 80 if not specified [1]. Also > if your glance server is configured with SSL you would do: > > glance_api_servers=https://192.168.206.130:9292 > > Looking back at the code, your original idea also works. If you just > specify FLAGS.glance_host it will build FLAGS.glance_api_servers based on > your glance_host and the default glance_port [2]. I've always specified the > glance_api_servers flag since it's the only way to specify SSL. > > [1] - > https://github.com/openstack/nova/blob/stable/folsom/nova/image/glance.py#L84 > > [2] - > https://github.com/openstack/nova/blob/stable/folsom/nova/flags.py#L138 > > > I filed an ops bug against nova asking to change the default behavior: https://bugs.launchpad.net/nova/+bug/1159043 -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] DHCP lease not accepted when libvirt_use_virtio_for_bridges=true
On Wed, Mar 20, 2013 at 4:15 PM, Nathanael Burton < nathanael.i.bur...@gmail.com> wrote: > On Wed, Mar 20, 2013 at 3:51 PM, Lorin Hochstein > wrote: > >> I'm doing a Folsom deployment with FlatDHCP (not multihost). >> >> When I try to boot a quantal image, the instance doesn't pick up the DHCP >> lease. I've confirmed that dnsmasq is sending out the DHCPOFFER, and I can >> see by tcpdump on the compute host that the DHCP packets are making it to >> the vnet0 interface. >> >> >> Note that I tried adding this iptables rule as mentioned here < >> https://github.com/mseknibilel/OpenStack-Folsom-Install-guide/issues/14>, >> but that didn't resolve it. >> >> iptables -D POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM >> --checksum-fill >> >> >> >> However, the problem goes away if I change this setting on the compute >> hosts in /etc/nova/nova.conf >> >> libvirt_use_virtio_for_bridges=true >> >> to: >> >>libvirt_use_virtio_for_bridges=false >> >> >> Anybody know what would cause this? >> >> >> I'm on Ubuntu 12.04 with the cloud-archive packages, with KVM as the >> hypervisor >> >> >> You didn't restart nova-network without killing and restarting dnsmasq, > did you? > > Nate > > > Of course not! (Well, maybe...). But just tried again, killing dnsmasq and restarting nova-network doesn't seem to help. I'm guessing the issue is confined to the compute node, and since I'm not running multihost, I don't think I even need to restart nova-network each time I make a virtio-related change on the compute node... Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] DHCP lease not accepted when libvirt_use_virtio_for_bridges=true
I'm doing a Folsom deployment with FlatDHCP (not multihost). When I try to boot a quantal image, the instance doesn't pick up the DHCP lease. I've confirmed that dnsmasq is sending out the DHCPOFFER, and I can see by tcpdump on the compute host that the DHCP packets are making it to the vnet0 interface. Note that I tried adding this iptables rule as mentioned here < https://github.com/mseknibilel/OpenStack-Folsom-Install-guide/issues/14>, but that didn't resolve it. iptables -D POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM --checksum-fill However, the problem goes away if I change this setting on the compute hosts in /etc/nova/nova.conf libvirt_use_virtio_for_bridges=true to: libvirt_use_virtio_for_bridges=false Anybody know what would cause this? I'm on Ubuntu 12.04 with the cloud-archive packages, with KVM as the hypervisor Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] nova-compute and querying keystone for glance endpoint
On Tue, Mar 19, 2013 at 11:51 PM, Nathanael Burton < nathanael.i.bur...@gmail.com> wrote: > On Tue, Mar 19, 2013 at 11:39 PM, Lorin Hochstein < > lo...@nimbisservices.com> wrote: > >> Hi All: >> >> I was doing a Folsom deployment from scratch, and when I tried to launch >> an instance my compute host failed to connect to the glance server to >> download the image, instead it tried to connect to itself. >> >> I can resolve this by putting "glance_host=" into nova.conf. But I'd >> prefer if my compute host fetched this information from keystone rather >> than hard-code (hard-configure?) like this. >> >> I assume that I don't have the right config in nova.conf (a template for >> that file is here: < >> https://github.com/lorin/openstack-ansible/blob/folsom/playbooks/templates/etc/nova/nova.conf>). >> However, tracing through the nova code, I couldn't figure out where it was >> that the compute host was supposed to connect to keystone to get the right >> endpoint for glance. >> >> Where in the nova Folsom code does the nova-compute service query the >> keystone service catalog to get the endpoint for glance? >> >> > Lorin, > > I don't believe nova pulls the glance endpoint from keystone's service > catalog. I believe it's based on FLAGS.glance_api_servers here > https://github.com/openstack/nova/blob/stable/folsom/nova/image/glance.py#L73 > > Nate > > OK, so I'm not crazy, that means that I really do need to do something like: glance_api_servers=192.168.206.130:9292 or (since the default port is used) glance_host=192.168.206.130 Lorin ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] nova-compute and querying keystone for glance endpoint
Hi All: I was doing a Folsom deployment from scratch, and when I tried to launch an instance my compute host failed to connect to the glance server to download the image, instead it tried to connect to itself. I can resolve this by putting "glance_host=" into nova.conf. But I'd prefer if my compute host fetched this information from keystone rather than hard-code (hard-configure?) like this. I assume that I don't have the right config in nova.conf (a template for that file is here: < https://github.com/lorin/openstack-ansible/blob/folsom/playbooks/templates/etc/nova/nova.conf>). However, tracing through the nova code, I couldn't figure out where it was that the compute host was supposed to connect to keystone to get the right endpoint for glance. Where in the nova Folsom code does the nova-compute service query the keystone service catalog to get the endpoint for glance? Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] OpenStack Operations Guide
Hi folks: Anne Gentle somehow managed to corral together a group of operators who have deployed OpenStack into production and were willing to write about it. They were locked together in a room last week and produced a book from scratch about how to design and operate an OpenStack cloud. It is now available at http://docs.openstack.org/ops The license is Creative Commons (cc by), PDF, ePub and mobi formats available for free download from the site above, with a link to purchase option if you want the dead tree version. Any money from sales goes back to The OpenSack Foundation, who paid travel costs for most of the authors' travel. Like all of the content at docs.openstack.org, this is a living document and we'd love to have more people's help and input. Details on contributing are, of course, in the book. We all really enjoyed the process of creating this book, and hope the community finds this a useful resource. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Are the Python APIs public or internal?
Here's an issue that came up in the operators doc sprint this week. Let's say I wanted to write some Python scripts using the APIs exposed by the python-*client packages. As a concrete example, let's say I wrote a script that uses the keystone Python API that's exposed in the python-keystoneclient package: https://github.com/lorin/openstack-ansible/blob/master/playbooks/keystone/files/keystone-init.py Are these APIs "public" or "stable" in some meaningful way? (i.e., can I count on this script still working across minor release upgrades)? Or should they be treated like "internal" APIs that could be changed at any time in the future? Or is this not defined at all? Lorin ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] What is the typical way to deploy OpenStack Compute with ESXi
Sean: Could you say a little more about why it is that running nova-compute inside of a VM makes it easier to integrate with nova-network or quantum (ova)? The OpenStack docs on VMWare < http://docs.openstack.org/folsom/openstack-compute/admin/content/vmware.html> unfortunately don't have any detail about this. Also, is the VM that runs nova-compute supposed to be managed by OpenStack, or is it supposed to be set up manually? Take care, Lorin On Tue, Jan 8, 2013 at 12:38 AM, Sean Chen wrote: > It makes nova-network, quantum (ovs) integration easier. > > Sean > > On Jan 5, 2013, at 8:25 PM, Lorin Hochstein > wrote: > > Sean: > > I'd like to add this to the documentation on that page. Can you describe > in more detail why you recommend installing nova-compute on a VM hosted > on the ESXi that nova compute manages? > > Lorin > > > On Fri, Jan 4, 2013 at 10:18 PM, Sean Chen wrote: > >> Both physical machine and VM work. It's preferred to install nova compute >> on a VM hosted on the ESXi that nova compute manages. >> >> -- >> Sean >> >> ___ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp >> >> > > > -- > Lorin Hochstein > Lead Architect - Cloud Services > Nimbis Services, Inc. > www.nimbisservices.com > > -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] swift -- object layout on storage
This is good info, I submitted a doc patch to capture this in the Swift
admin guide: https://review.openstack.org/19046
Lorin
On Fri, Jan 4, 2013 at 1:27 PM, John Dickinson wrote:
> It's pretty simple. Swift uses the underlying filesystem to store the data
> on disk, and so you can use normal FS tools to find and inspect your data.
>
> For the object server, the "magic" happens here:
> https://github.com/openstack/swift/blob/master/swift/obj/server.py#L117
>
> The end result is that the data is stored here:
>
> /path/to/mount/points/device/objects/partition/hash_suffix/hash/
>
> That directory is the object. Inside the directory, there is normally just
> one file (named .data). The object's data is stored in the file,
> and the object's metadata is stored in the xattrs of the file.
>
> In some cases (mostly around failure handling), there may be more than one
> file in that directory, but for the general case, all the .data files are
> sorted (by filename) and the last is chosen (ie the most recent). As I
> said, there is normally just the one file in there.
>
> If you delete the object, the .data file is deleted and a .ts
> ("ts" for "tombstone") file is created as a zero-byte file. This is a
> delete marker that will be eventually reaped, but it exists to ensure that
> the delete properly propagates to all replicas in the cluster.
>
> --John
>
>
>
> On Jan 4, 2013, at 10:14 AM, "Snider, Tim" wrote:
>
> > I’d like to understand more on how Swift lays out objects on the
> underlaying storage. I can’t seem to find out much about this in the
> openstack / swift documentation itself or in associated web searchs.
> > Thanks for pointers / links.
> > Tim
> > ___
> > Mailing list: https://launchpad.net/~openstack
> > Post to : openstack@lists.launchpad.net
> > Unsubscribe : https://launchpad.net/~openstack
> > More help : https://help.launchpad.net/ListHelp
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
>
>
--
Lorin Hochstein
Lead Architect - Cloud Services
Nimbis Services, Inc.
www.nimbisservices.com
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
Re: [Openstack] What is the typical way to deploy OpenStack Compute with ESXi
Sean: I'd like to add this to the documentation on that page. Can you describe in more detail why you recommend installing nova-compute on a VM hosted on the ESXi that nova compute manages? Lorin On Fri, Jan 4, 2013 at 10:18 PM, Sean Chen wrote: > Both physical machine and VM work. It's preferred to install nova compute > on a VM hosted on the ESXi that nova compute manages. > > -- > Sean > > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > > -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [nova] python-novaclient 2.10.0 released
Vish: On Thu, Nov 29, 2012 at 2:47 PM, Vishvananda Ishaya wrote: > Hello Everyone, > > I just pushed out a new version of python-novaclient[1]. Mostly cleanups > although a few new features were added for people using the trunk release > of nova. > > New commands for grizzly/trunk > nova cloudpipe-update > Are you sure the "cloudpipe-update" command made it to the 2.10.0 version? I just checked after logging a doc bug to get this stuff into the manuals, and while the other commands are in all there, that one doesn't seem to be. $ pip freeze | grep novaclient python-novaclient==2.10.0 $ nova help cloudpipe-update ERROR: 'cloudpipe-update' is not a valid subcommand Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Getting Trusted Compute Pools working in Open Stack Folsom
I noticed that Trusted Compute Pools weren't documented and took a shot at it here, based on the wiki and these emails: https://review.openstack.org/16783 I believe that adding these lines to nova.conf in Folsom will enable the trust filter: scheduler_available_filters=nova.scheduler.filters.standard_filters scheduler_available_filters=nova.scheduler.filters.trusted_filter scheduler_default_filters=AvailabilityZoneFilter,RamFilter,ComputeFilter,TrustedFilter However, if this isn't right, somebody let me know and I'll fix it in the docs. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On Nov 22, 2012, at 3:23 AM, "Jiang, Yunhong" wrote: > I think trusted_filter is not in the scheduler_default_filters, so you have > to make sure it’s used by the filter scheduler. > > Thanks > --jyh > > From: openstack-bounces+yunhong.jiang=intel@lists.launchpad.net > [mailto:openstack-bounces+yunhong.jiang=intel@lists.launchpad.net] On > Behalf Of Dale, StewartX T > Sent: Thursday, November 22, 2012 7:28 AM > To: openstack@lists.launchpad.net > Subject: [Openstack] Getting Trusted Compute Pools working in Open Stack > Folsom > > Hi All, > > I am trying to get trusted compute pools working in my installation of open > stack Folsom but so far am unable to get it to work. Currently when I spawn > a new instance I don't see any interaction with the attestation server and > the instance spawns just fine on a untrusted host. I have followed all the > documentation I could find on TCP > (http://wiki.openstack.org/TrustedComputingPools , > https://github.com/openstack/nova/blob/stable/folsom/nova/scheduler/filters/trusted_filter.py > ) but am still having no luck so I am hoping I missed something while > setting it up. Hopefully someone can point out what I am doing wrong. > > Steps to Setup TCP: > 1. Set the following value in nova.conf > scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler > 2. Add "trusted_computing" section to nova.conf > [trusted_computing] > server=10.x.x.x > port=8181 > server_ca_file=/etc/nova/ssl.10.1.71.206.crt > api_url=/AttestationService/resources/PollHosts > auth_blob=i-am-openstack > 3. Add the "trusted" requirement to an existing flavor by running > nova-manage instance_type set_key m1.tiny trust:trusted_host trusted > 4. Restart nova-compute and nova-scheduler service > > At this point I test it by going to openstack page -> projects -> instances > and launching a new instance of m1.tiny. At this point I should see a > connection attempt on the attestion server (which I don't) and then the > instance fail to launch (which it doesn't) since the host is untrusted. My > version of open stack is Folsom and nova is 2012.2. > Hopefully someone can point out my mistake or what I am missing. > > -Stewart > > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Enabling logging in keystone.
On Oct 3, 2012, at 7:33 PM, Alan Pevec wrote: > On Wed, Oct 3, 2012 at 8:31 AM, Dolph Mathews wrote: >> At the very least, I'd like to move this approach to the end of the page; >> and ideally, the script would be managed by openstack. > > There's a sample script in Keystone > https://github.com/openstack/keystone/blob/master/tools/sample_data.sh > although I must say that yaml is much more readable. > While at the it, there's one more in Devstack > https://github.com/openstack-dev/devstack/blob/master/files/keystone_data.sh > so maybe replacing both with keystone-init.py + yaml, maintained in > Keystone git makes sense? > Alan: The doc fix landed at https://review.openstack.org/#/c/13984/ and the documentation now references https://github.com/openstack/keystone/blob/master/tools/sample_data.sh for a scripted install. However, if somebody finds my keystone-init.py script useful and wants to move it into an official OpenStack repository like the keystone repo, I would be supportive of that. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com > Cheers, > Alan > > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] inter-tenant and VM-to-bare-metal communication policies/restrictions.
On Jul 5, 2012, at 11:47 AM, Christian Parpart wrote: > Hi all, > > I am running multiple compute nodes and a single nova-network node, that is > to act > as a central gateway for the tenant's VMs. > > However, since this nova-network node (of course) knows all routes, every VM > of > any tenant can talk to each other, including to the physical nodes, which > I highly disagree with and would like to restrict that. :-) > If you add this to nova.conf: allow_same_net_traffic=false It should prevent the VMs from communicating with each other. From http://docs.openstack.org/essex/openstack-compute/admin/content/compute-options-reference.html#d6e3133 Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] multi_host sample nova.conf files?
On Jul 6, 2012, at 6:46 AM, Marnus van Niekerk wrote: > Hi, is anybody prepared to share a set of working nova.conf files for a > multi_host installation? > For both the controller node and a compute node. And please tell me what > services you are running on the compute node. > > I have been over this 100s of times now and even recreated the nova database > and no success. Marnus: You need multi_host=True in your nova.conf, and you need to run the following services on the compute node: nova-compute nova-network nova-api-metadata See: http://docs.openstack.org/essex/openstack-compute/admin/content/existing-ha-networking-options.html#d6e6509 Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Does glance-scrubber.conf require sql_connection?
On Aug 13, 2012, at 1:52 PM, Jay Pipes wrote: > On 08/13/2012 01:45 PM, Lorin Hochstein wrote: >> On Aug 13, 2012, at 11:33 AM, Jay Pipes wrote: >> >>> On 08/12/2012 10:12 PM, Lorin Hochstein wrote: >>>> Doc question: >>>> >>>> Does glance-scrubber require sql_connection? The Install and Deploy >>>> Guide specifies the sql_connection parameter >>>> <http://docs.openstack.org/essex/openstack-compute/install/apt/content/glance-scrubber-conf-file.html>, >>>> but it wasn't clear to me that the scrubber actually makes any queries >>>> against the database. >>> >>> It used to make direct queries against the registry database, but now it >>> makes queries via the registry's REST API. So this option can safely be >>> removed now. >> >> Does "now" mean as of essex or as of folsom? > > Sorry, good point, Lorin :) This behaviour (of not requiring the > registry database connection) was implemented in Essex: > > https://bugs.launchpad.net/glance/+bug/836381 > Thanks, Jay. Docfix submitted: https://review.openstack.org/11294 Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Does glance-scrubber.conf require sql_connection?
On Aug 13, 2012, at 11:33 AM, Jay Pipes wrote: > On 08/12/2012 10:12 PM, Lorin Hochstein wrote: >> Doc question: >> >> Does glance-scrubber require sql_connection? The Install and Deploy >> Guide specifies the sql_connection parameter >> <http://docs.openstack.org/essex/openstack-compute/install/apt/content/glance-scrubber-conf-file.html>, >> but it wasn't clear to me that the scrubber actually makes any queries >> against the database. > > It used to make direct queries against the registry database, but now it > makes queries via the registry's REST API. So this option can safely be > removed now. Does "now" mean as of essex or as of folsom? ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Does glance-scrubber.conf require sql_connection?
Doc question: Does glance-scrubber require sql_connection? The Install and Deploy Guide specifies the sql_connection parameter <http://docs.openstack.org/essex/openstack-compute/install/apt/content/glance-scrubber-conf-file.html>, but it wasn't clear to me that the scrubber actually makes any queries against the database. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Documenting libvirt live migration
It recently came up on the mailing list that nova does not use libvirt's live migration functionality when implementing what it calls "live migration". I took a shot at documenting this, as well as documenting how to enable it. However, there was some concern about the possibility of race conditions with libvirt live migration that could prevent it from ever terminating. I'd appreciate some feedback on just what we should put in the docs about this, since I don't have any particular expertise in this area. Proposed doc addition: https://review.openstack.org/11172 Original thread on the mailing list: http://www.mail-archive.com/openstack@lists.launchpad.net/msg15296.html Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Nova ignores nova.conf
On Aug 10, 2012, at 6:07 AM, Mark McLoughlin wrote: > On Fri, 2012-08-10 at 00:23 -0900, Simon Walter wrote: >> Nova does not respect the options set in the /etc/nova/nova.conf file. >> I've seen some examples with "--" prefixing the flags, as if they are >> command line arguments. I've also seen examples without. >> >> I've tried removing the "--", that does nothing. >> >> Specifically, I've set >> --flat_network_bridge=br0 >> --fixed_range=10.0.3.0/24 >> --flat_network_dhcp_start=10.0.3.1 >> >> I always get a br100 created with an IP address of 10.0.2.33 >> >> This is really annoying. If I empty the /etc/nova/nova.conf nothing gets >> created. >> >> I've greped all sorts of places for "defaults", but come up blank. > > If nova is being run with --config-file, then the syntax is > > [DEFAULT] > flat_network_bridge=br0 > > OTOH, if it is being run with --flagfile, the syntax is: > > --flat_network_bridge=br0 > I assumed that the nova-* services were auto-deteting the nova.conf format. When I run on Ubuntu, the default nova.conf file is in the deprecated flag file format, but I just edited the nova.conf file to use the new ini-style format, and everything seemed to just work. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Is it ok to post a job here?
Hi Eugene: On Aug 10, 2012, at 9:25 PM, Eugene Kirpichov wrote: > Hello community, > > I'm wondering whether it's ok to post an OpenStack-related job to this > mailing list. > On one hand, I didn't find anything hinting that it's not ok in the > MailingListEtiquette page; on the other hand, I didn't find any job > postings in the archives either. > So I figured I better ask first :) > The place to post OpenStack-related jobs is the OpenStack Job Board: http://www.openstack.org/community/jobs/ Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] DHCP and kernel > 3.2
On Aug 9, 2012, at 3:22 AM, Alessandro Tagliapietra wrote: > Hello guys, > > i've just installed kernel 3.4 from Ubuntu kernel PPA archive and after this > upgrade VM aren't able to get the DHCP address but with tcpdump i see the > request and offer on the network. > Someone else experienced this? I've tried also with 3.3, same story. Rolling > back to 3.2 and everything works fine. > When I had a similar problem the issue turned out to be that I needed to configure the NIC on the compute host to be in promiscuous mode, otherwise the DHCP response wouldn't make it to the VM. Lorin Sent from my iPad ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Instance stuck in deleting state with error
On Jul 30, 2012, at 3:35 PM, Kevin L. Mitchell
wrote:
> On Mon, 2012-07-30 at 14:25 -0500, Chris Behrens wrote:
>> You may still have to reset the instance's task_state to NULL in the
>> DB (instances table) to delete ones already in this state.
>
> No, I fixed the state problem with soft_delete(); as long as he updates,
> delete should work fine.
>
> That said, be aware that there is a "reset-state" command to novaclient,
> so that you can do Chris's recommended reset without having to muck
> around with the database directly.
> --
> Kevin L. Mitchell
From the python-novaclient tests, it looks like "nova reset-state "
puts an instance into the error state or (with the --active) flag into the
active state:
def test_reset_state(self):
self.run_command('reset-state sample-server')
self.assert_called('POST', '/servers/1234/action',
{'os-resetState': {'state': 'error'}})
self.run_command('reset-state sample-server --active')
self.assert_called('POST', '/servers/1234/action',
{'os-resetState': {'state': 'active'}})
What's the use case for resetting an instance to the error state? Is the idea
to do:
nova reset-state
nova delete
Take care,
Lorin
--
Lorin Hochstein
Lead Architect - Cloud Services
Nimbis Services, Inc.
www.nimbisservices.com
smime.p7s
Description: S/MIME cryptographic signature
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Instance stuck in deleting state with error
On Aug 1, 2012, at 12:19 PM, Jonathan Proulx wrote: > FYI > > the "nova reset-state" command exists on my Debian 6.0 workstations > where python-novaclient is installed via pip (presumably the gets > latest version from trunk?) it is not available on my Ubuntu 12.04 > systems using standard Ubuntu repository versions (essex). > > -Jon I believe pip gets it from PyPI: http://pypi.python.org/pypi/python-novaclient/ I'm not sure how often PyPI gets updated, but I don't think it's on every commit to trunk. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Hiding complexity of paste config files from operators
On Jul 30, 2012, at 9:48 AM, Adam Young wrote: > On 07/30/2012 05:12 AM, Thierry Carrez wrote: >> Lorin Hochstein wrote: >>> I wanted to discuss the usability of the paste config files from an >>> operator's point of view. The paste config files are opaque to >>> administrators who are trying to stand an OpenStack cloud for the first >>> time, since they expose a lot of implementation details about the >>> middleware. I can follow the instructions in the Install and Deploy >>> guide, but I have no idea what the options I don't edit are, and if the >>> documentation has deviated from the implementation, I'm pretty much stuck. >>> [...] >> This was mentioned in the "Making configuration easier" session on the >> DevOps track at the last design summit. You can find the notes at: >> >> http://etherpad.openstack.org/FolsomMakingConfigurationEasier >> >> In particular, it was identified that paste configs were evil, failing >> to properly separate service/code configuration from end-user configuration. >> >>> Assuming that the *-paste.ini files always need to be there, is there some >>> way we could avoid requiring admins to edit these files, and instead make >>> it more like editing the .conf files? For example, could the paste.ini >>> files be generated from the corresponding .conf file as needed? >> I would not assume that *-paste.ini files always need to be there... >> Paste is a pain point if we are to support Python 3 one day, so it's >> also on the black list of the (still inexistant) OpenStack Python3 >> advocacy group. >> >> So I'd rather investigate a solution that solves our two problems, >> rather than adding a layer on top of the current broken solution... That >> said I'm not really a specialist of Paste alternatives. >> > It seems to me that there is nothing that you can do in Paste that you cannot > do in straight python. THe advantage of Paste is hat it is viewed as a > Config file, not as "code" and thus is a file that end system administrators > can use. > > > A paste file is nothing more than an assignment to a variable name from a > string that is done at run time. For example, the Keystone config file > has a paste fragment in it: > > [app:public_version_service] > paste.app_factory = keystone.service:public_version_app_factory > > > > This same code could be performed inside the Python code base with pretty > much the same code interpred as Python. The issue is that we would then want > to allow a value such as this to be overridden: > > For example, specifying the driver for the token api is done: > > [token] > driver = keystone.token.backends.kvs.Token > > Since most of these cases have reasonable defaults, they should be left out > of the paste files. What needs to be available is solid documentation of the > values that can be overridden this way. Any keys that are not defaulted, > but are not really designed to be overloaded should be modified so that they > are defaulted, and then the keys removed from the paste file. > I logged a doc bug: https://answers.launchpad.net/openstack-manuals/+question/204782 but we really need someone who understands these files to help us document this. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [glance] legacy client removal and python-glanceclient
On Jul 31, 2012, at 2:41 PM, Brian Waldon wrote: > This is a reminder that the client in glance is deprecated and will not ship > with Folsom. Horizon and Devstack both use python-glanceclient, and I'm > presently working on updating Nova. > > I also wanted to point out that I just released python-glanceclient v0.2.0 > and would love to gather some feedback. Please file bugs on the > python-glanceclient project in launchpad if you find anything to be missing. > > Brian Waldon Brian: I logged a doc bug to track this <https://bugs.launchpad.net/openstack-manuals/+bug/1031578>. Is there any current documentation on this, or is it just the output of "glance help"? Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Hiding complexity of paste config files from operators
All: I wanted to discuss the usability of the paste config files from an operator's point of view. The paste config files are opaque to administrators who are trying to stand an OpenStack cloud for the first time, since they expose a lot of implementation details about the middleware. I can follow the instructions in the Install and Deploy guide, but I have no idea what the options I don't edit are, and if the documentation has deviated from the implementation, I'm pretty much stuck. As an example, the install and deploy guide says to add authtoken to the pipeline:glance-api section in glance-api-paste.ini <http://docs.openstack.org/essex/openstack-compute/install/content/configure-glance-files.html>, the example in the docs looks like this: [pipeline:glance-api] pipeline = versionnegotiation authtoken auth-context apiv1app If I install from packages on precise, there's also some lines that look like this: [pipeline:glance-api-keystone] pipeline = versionnegotiation authtoken context apiv1app It looks similar, and it has "keystone" in there, so maybe that's intended to be used for keystone? And it looks pretty similar, but there's a "auth-context" instead of "context". Maybe the pipeline:glance-api-keystone is used for something else in glance? In the end, I'm just going to slavishly follow the documentation, and I have no mental model of what these options do. On the other hand, the traditional configuration files (e.g., nova.conf) are (relatively) well-documented, have default values, and everything that's exposed is something that could potentially be changed by an administrator. In particular, there's generally a one-to-one correspondence between changing a configuration setting and changing the behavior of the system in a way that's meaningful for the operator. For example, enabling FlatDHCP in nova.conf is just setting a config option to one value: network_manager=nova.network.manager.FlatDHCPManager Assuming that the *-paste.ini files always need to be there, is there some way we could avoid requiring admins to edit these files, and instead make it more like editing the .conf files? For example, could the paste.ini files be generated from the corresponding .conf file as needed? Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [HPC] BoF at SC12
JP: I suggest you also try asking on the OpenStack Operators mailing list <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators> to gauge interest. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On Jul 23, 2012, at 9:18 AM, John Paul Walters wrote: > Hi Lorin, > > Thanks for the followup. I'm perfectly happy to go the Openstack-specific > route, but I haven't received much feedback from the Openstack community. It > would be helpful if we could get some sense of community interest (and > likelihood of attending) to accompany our submission. What do others think? > Would others be interested in attending? > > JP > > > On Jul 22, 2012, at 9:12 PM, Lorin Hochstein wrote: > >> On Jul 6, 2012, at 1:28 PM, John Paul Walters wrote: >> >>> I'm strongly considering putting together a proposal for a BoF (birds of a >>> feather) session at this year's Supercomputing in Salt Lake City. For >>> those of you who are likely to attend, is anyone else interested? It's not >>> a huge amount of time invested on my end to put together the proposal, but >>> I'd like to gauge the community interest before doing so. I would likely >>> broaden things a bit from being exclusively Openstack and instead turn it >>> into more of an HPC in the Cloud session so that we could, perhaps, take >>> some input from other HPC cloud projects. The submissions are due July >>> 31, so we've got a little bit of time, but not too much. Anyone else >>> interested? >>> >>> best, >>> JP >> >> >> JP: >> >> I think this was a great idea, we were thinking about proposing this if >> nobody else did. I would suggest making it OpenStack-specific, since there >> was an "HPC in the Cloud" BoF last year >> (http://sc11.supercomputing.org/schedule/event_detail.php?evid=bof140), and >> they'll probably re-apply this year as well. I think we can get critical >> mass for an OpenStack BoF. >> >> Along these lines: Chris Hoge from U. Oregon gave a talk last week at OSCON >> about their use of OpenStack on HPC >> http://www.oscon.com/oscon2012/public/schedule/detail/24261 >> >> (There are some good slides attached to that web page) >> >> Take care, >> >> Lorin >> -- >> Lorin Hochstein >> Lead Architect - Cloud Services >> Nimbis Services, Inc. >> www.nimbisservices.com >> >> >> > ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [HPC] BoF at SC12
On Jul 6, 2012, at 1:28 PM, John Paul Walters wrote: > I'm strongly considering putting together a proposal for a BoF (birds of a > feather) session at this year's Supercomputing in Salt Lake City. For those > of you who are likely to attend, is anyone else interested? It's not a huge > amount of time invested on my end to put together the proposal, but I'd like > to gauge the community interest before doing so. I would likely broaden > things a bit from being exclusively Openstack and instead turn it into more > of an HPC in the Cloud session so that we could, perhaps, take some input > from other HPC cloud projects. The submissions are due July 31, so we've > got a little bit of time, but not too much. Anyone else interested? > > best, > JP JP: I think this was a great idea, we were thinking about proposing this if nobody else did. I would suggest making it OpenStack-specific, since there was an "HPC in the Cloud" BoF last year (http://sc11.supercomputing.org/schedule/event_detail.php?evid=bof140), and they'll probably re-apply this year as well. I think we can get critical mass for an OpenStack BoF. Along these lines: Chris Hoge from U. Oregon gave a talk last week at OSCON about their use of OpenStack on HPC http://www.oscon.com/oscon2012/public/schedule/detail/24261 (There are some good slides attached to that web page) Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Weird nova-network bridging problem with precise/essex
On Jul 20, 2012, at 9:57 PM, Narayan Desai wrote: > Just for the record, we found the issue. There was some filtering > being applied in the bridge code which randomly (?) dropped some DNS > requests. Setting: > net.bridge.bridge-nf-call-arptables = 0 > net.bridge.bridge-nf-call-iptables = 0 > net.bridge.bridge-nf-call-ip6tables = 0 > > completely resolved the problem. > > I've written up full details here: > http://buriedlede.blogspot.com/2012/07/debugging-networking-problems-with.html > -nld > Great writeup, I proposed a section to the docs for this: https://review.openstack.org/10106 Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [nova] Specifying Schedule Filters Per Request?
Jon: I don't think this is possible. As far as I know, in a request, all you can do is pass hints to existing filters. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On Jul 21, 2012, at 11:48 PM, Jonathan Proulx wrote: > Hi All, > > http://docs.openstack.org/essex/openstack-compute/admin/content/compute-options-reference.html > states that the scheduler_default_filters option in nova.conf controls > which filter class names to use for filtering hosts when not specified > in the request. How can I specify what filters to use in the request > (or can I)? > > I've been experimenting with DifferentHostFilter and SameHostFilter > both of which seem very expensive if left in the default list (even if > not passing hints to engage either). It would be nice if these we > only enabled for the few cases that want them but I don't see any > options to the python-novaclient to pass in a filter list. > > Thanks, > -Jon > > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] OVF vs. bare container formats for qcow2 images
Paul: I assume you're using XenServer? When I grepped through the code, there appears to be a XenServer plugin for glance for supporting tar balls that could be OVAs, but don't necessarily contain the OVF file (?). Here's the code: https://github.com/openstack/nova/blob/stable/essex/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance#L365 Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On Jul 5, 2012, at 11:22 AM, Paul Voccio wrote: > Lorin, > > We've been using OVA packages since the beginning. I believe there is a flag > in glance for this. > > > Thanks, > ~pvo > > Paul Voccio > paul.voc...@rackspace.com > 770-335-2143 (c) > pvo on #openstack > ಠ_ಠ > > On Jul 3, 2012, at 9:07 PM, Lorin Hochstein wrote: > >> >> On Jun 29, 2012, at 9:53 PM, Adam Young wrote: >> >>> On 04/01/2012 11:15 AM, Lorin Hochstein wrote: >>>> >>>> >>>> On Mar 29, 2012, at 12:40 PM, Daniel P. Berrange wrote: >>>> >>>>> On Wed, Mar 28, 2012 at 04:41:28PM -0400, Lorin Hochstein wrote: >>>>>> All: >>>>>> >>>>>> Given that I have a qcow2 image from somewhere (e.g., downloaded >>>>>> it from a uec-images.ubuntu.com, created one from a raw image using >>>>>> qemu-img) that i want to add to glance: >>>>>> >>>>>> 1. How can I tell whether it's an "ovf" or "bare" container format? >>>>> >>>>> You are mixing up terminology here. Disk image formats are things like >>>>> raw, qcow2, vmdk, etc. >>>>> >>>>> OVF refers to the format of a metadata file provided alongside the >>>>> disk image, which describes various requirements for running the >>>>> image. >>>>> >>>>> The two are not tied together at all, merely complementary to >>>>> each other. >>>>> >>>> >>>> Thanks, that clears things up. I was confused by this language, which >>>> sounded to me like the metadata was embedded in the disk image file: >>>> >>>> http://glance.openstack.org/formats.html >>>> >>>> "The container format refers to whether the virtual machine image is in a >>>> file format that also contains metadata about the actual virtual machine." >>>> >>>> In addition, the docs have examples like this, which clearly aren't >>>> meaningful: >>>> http://glance.openstack.org/glance.html#important-information-about-uploading-images >>> >>> Just to add to the confusion the OVF can contain both the metadata file >>> and the disk image file in a single archived file. >>> >>> "An OVF package consists of several files, placed in one directory. A >>> one-file alternative is the OVA package, which is a TAR file with the OVF >>> directory inside." >>> >>> http://en.wikipedia.org/wiki/Open_Virtualization_Format#Technical_description >> >> >> Does anybody know if OpenStack (nova+glance) currently supports OVA >> packages? >> >> Take care, >> >> Lorin >> -- >> Lorin Hochstein >> Lead Architect - Cloud Services >> Nimbis Services, Inc. >> www.nimbisservices.com >> >> >> >> >> ___ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp > ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] OVF vs. bare container formats for qcow2 images
On Jun 29, 2012, at 9:53 PM, Adam Young wrote: > On 04/01/2012 11:15 AM, Lorin Hochstein wrote: >> >> >> On Mar 29, 2012, at 12:40 PM, Daniel P. Berrange wrote: >> >>> On Wed, Mar 28, 2012 at 04:41:28PM -0400, Lorin Hochstein wrote: >>>> All: >>>> >>>> Given that I have a qcow2 image from somewhere (e.g., downloaded >>>> it from a uec-images.ubuntu.com, created one from a raw image using >>>> qemu-img) that i want to add to glance: >>>> >>>> 1. How can I tell whether it's an "ovf" or "bare" container format? >>> >>> You are mixing up terminology here. Disk image formats are things like >>> raw, qcow2, vmdk, etc. >>> >>> OVF refers to the format of a metadata file provided alongside the >>> disk image, which describes various requirements for running the >>> image. >>> >>> The two are not tied together at all, merely complementary to >>> each other. >>> >> >> Thanks, that clears things up. I was confused by this language, which >> sounded to me like the metadata was embedded in the disk image file: >> >> http://glance.openstack.org/formats.html >> >> "The container format refers to whether the virtual machine image is in a >> file format that also contains metadata about the actual virtual machine." >> >> In addition, the docs have examples like this, which clearly aren't >> meaningful: >> http://glance.openstack.org/glance.html#important-information-about-uploading-images > > Just to add to the confusion the OVF can contain both the metadata file and > the disk image file in a single archived file. > > "An OVF package consists of several files, placed in one directory. A > one-file alternative is the OVA package, which is a TAR file with the OVF > directory inside." > > http://en.wikipedia.org/wiki/Open_Virtualization_Format#Technical_description Does anybody know if OpenStack (nova+glance) currently supports OVA packages? Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Problems accessing metadata service due to nova-network generated iptables rules
On Jun 20, 2012, at 5:44 PM, Lars Kellogg-Stedman wrote: >>> Is the DNAT rule expected to work? Does linux_net.py need a special >>> case for when the metadata address is on the local host? > > I have confirmed that the DNAT rule works *unless* metadata_host is > 127.0.0.1, in which case you need a REDIRECT rule. > Did you ever find out what was causing the issue with your configuration? We run using multi-host (nova-api metadata service and nova-compute on every node) in VLAN mode, and our instances have no problem reaching the metadata service. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Testing NOVA-OVS-Quantum setup
That guide is now linked at docs.openstack.org. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On Jun 20, 2012, at 7:30 AM, Joseph Suh wrote: > Trinath, > > I found the following Quantun admin guide was useful for that purpose: > > http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&ved=0CHsQFjAD&url=http%3A%2F%2Fdocs.openstack.org%2Ftrunk%2Fopenstack-network%2Fadmin%2Fquantum-admin-guide-trunk.pdf&ei=prHhT-SMMMa70QG_uJTwAw&usg=AFQjCNEq2fuo4dQrvFQT0zw8v05zMdIFWw&sig2=6eAgFutMS_VLrhpR4Lhy2w > > Thanks, > > Joseph > > > (w) 703-248-6160 > (f) 703-812-3712 > 3811 N. Fairfax Drive Suite 200 > Arlington, VA, 22203, USA > http://www.east.isi.edu/~jsuh > > - Original Message - > From: "Trinath Somanchi" > To: openstack@lists.launchpad.net > Sent: Wednesday, June 20, 2012 7:04:21 AM > Subject: [Openstack] Testing NOVA-OVS-Quantum setup > > > Hi- > > > I have installed configured NOVA-OVS-Quantum based setup using the guide > provided by openstack and OVS. > > > I have a instance up and running. > > > I'm new to Openstack. > > > Can you any one help me out on the testing/validating on is instance up with > OVS and Quantum. > > > Thanking you.. > > > -- > Regards, > -- > Trinath Somanchi, > +91 9866 235 130 > > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] how to set individual gateway for each VLAN or Tenant network?
Cool, thanks. I'll try to get this into the docs. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On Jun 12, 2012, at 11:10 AM, Nathanael Burton wrote: > Lorin, Diego, > > I wrote up a pastebin of setting up an example dnsmasq.conf file, > setting it within nova.conf, patching linux_net.py (in stable/essex), > and showing the example dhcp leases file which set custom values for > the router, ntp-server, and dns-server using the dnsmasq conf and tags > based on the network label field within the network defined within > nova. The same process should work with both FlatDHCP or VLANManager. > > http://paste.openstack.org/show/18471/ > > Thanks, > > Nate > > On Mon, Jun 11, 2012 at 10:17 PM, Lorin Hochstein > wrote: >> Hey Nate: >> >> On Jun 11, 2012, at 2:17 PM, Nathanael Burton wrote: >> >> dnsmasq supports setting parameters such as the gateway IP and other >> settings based on tag. I have run a patched version of nova-network in the >> Diablo time that used the network DB label field as the network tag in >> dnsmasq. This then allows you to set custom configs by modifying the >> dnsmasq.conf file. This was done with VLANmanager. >> >> >> >> Are you able to share an exampleof a dnsmasq.conf file that uses tags to >> handle different config settings per network/VLAN? >> >> >> Take care, >> >> Lorin >> -- >> Lorin Hochstein >> Lead Architect - Cloud Services >> Nimbis Services, Inc. >> www.nimbisservices.com >> >> >> >> Thanks >> >> Nate >> >> On Jun 11, 2012 2:09 PM, "Lorin Hochstein" wrote: >>> >>> >>> On Jun 4, 2012, at 8:22 PM, romi zhang wrote: >>> >>> Hi, >>> >>> I am using VLAN network mode and will connect eth1 and eth2 of my compute >>> node to the LAN Switch, and LAN switch will create individual VLAN IP >>> interface for each Tenant/VLAN and then route to the NAT equipment,through >>> SNAT/DNAT to touch internet. So, that needs I can set the default gateway of >>> each Tenant VLAN to the different IP address of VLAN interface on the >>> switch. >>> >>> >>> I have the same question, I would love to know if you can set the gateways >>> in VLAN mode. >>> >>> >>> For example, my first tenant(auto0Tenant) is at VLAN200/br200/eth1/fix_ip >>> range is 192.168.2.0/28 and second(aotu1Tenant) is >>> VLAN300/br300/eth2/fix_ip_range 192.168.3.0/28, the VLAN interface ip >>> address for them on switch is 192.168.2.9 and 192.168.3.9, I want to set the >>> default gateway of VMs in auto0Tenant to 192.168.2.9 and 192.168.3.9 for >>> aotu1Tenant’s VMs. >>> >>> I try to use two methods, the first is to use nova-command: >>> >>> nova-manage network create --label=auto0Tenat >>> --fixed_range_v4=192.168.2.0/28 --num_networks=1 --gateway=192.168.2.9 >>> --dns1=61.139.2.69 --vlan=200 --bridge=br200 --bridge_interface=eth1 >>> --network_size=16 --multi_host=T >>> --project_id=5f9281bca6854fe3974a457d81afd78c >>> >>> nova-manage network create --label=aotu1Tenant >>> --fixed_range_v4=192.168.3.0/28 --num_networks=1 --gateway=192.168.3.9 >>> --dns1=61.139.2.69 --vlan=300 --bridge=br300 --bridge_interface=eth2 >>> --network_size=16 --multi_host=T >>> --project_id=5f9281bca6854fe3974a457d81afd78c >>> >>> but the result is the newest created VM default gateway is still the IP >>> address of br200 or br300 by the system, that means the factor of “gateway” >>> and “dns1” in nova-mange network command did not work. >>> >>> The second way is to use dnsmasq.conf that Vish told me, that I set just >>> dhcp_option=3,192.168.2.9. Yes it is useful for auto0Tenat VLAN, it can set >>> auto0Tenant gateway to 192.168.2.9, but how to set others at the same time? >>> >>> Then I tried to use: >>> >>> Interface=vlan200 >>> dhcp_option=3,192.168.2.9 >>> >>> Interface=vlan300 >>> dhcp_option=3,192.168.3.9 >>> >>> >>> >>> Does it actually work to specify multiple interfaces in the dnsmasq conf >>> file like that? I would have thought that the second values would override >>> the first ones. >>> >>> >>> Take care, >>> >>> Lorin >>> -- >>> Lorin Hochstein >>> Lead Architect - Cloud Services >>> Nimbis Services, Inc. >>> www.nimbisservices.com >>> >>> >>> >>> >>> >>> ___ >>> Mailing list: https://launchpad.net/~openstack >>> Post to : openstack@lists.launchpad.net >>> Unsubscribe : https://launchpad.net/~openstack >>> More help : https://help.launchpad.net/ListHelp >>> >> smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] how to set individual gateway for each VLAN or Tenant network?
Hey Nate: On Jun 11, 2012, at 2:17 PM, Nathanael Burton wrote: > dnsmasq supports setting parameters such as the gateway IP and other settings > based on tag. I have run a patched version of nova-network in the Diablo time > that used the network DB label field as the network tag in dnsmasq. This then > allows you to set custom configs by modifying the dnsmasq.conf file. This was > done with VLANmanager. > Are you able to share an exampleof a dnsmasq.conf file that uses tags to handle different config settings per network/VLAN? Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com Thanks > Nate > > On Jun 11, 2012 2:09 PM, "Lorin Hochstein" wrote: > > On Jun 4, 2012, at 8:22 PM, romi zhang wrote: > >> Hi, >> >> I am using VLAN network mode and will connect eth1 and eth2 of my compute >> node to the LAN Switch, and LAN switch will create individual VLAN IP >> interface for each Tenant/VLAN and then route to the NAT equipment,through >> SNAT/DNAT to touch internet. So, that needs I can set the default gateway of >> each Tenant VLAN to the different IP address of VLAN interface on the switch. > > I have the same question, I would love to know if you can set the gateways in > VLAN mode. > >> >> For example, my first tenant(auto0Tenant) is at VLAN200/br200/eth1/fix_ip >> range is 192.168.2.0/28 and second(aotu1Tenant) is >> VLAN300/br300/eth2/fix_ip_range 192.168.3.0/28, the VLAN interface ip >> address for them on switch is 192.168.2.9 and 192.168.3.9, I want to set the >> default gateway of VMs in auto0Tenant to 192.168.2.9 and 192.168.3.9 for >> aotu1Tenant’s VMs. >> >> I try to use two methods, the first is to use nova-command: >> >> nova-manage network create --label=auto0Tenat >> --fixed_range_v4=192.168.2.0/28 --num_networks=1 --gateway=192.168.2.9 >> --dns1=61.139.2.69 --vlan=200 --bridge=br200 --bridge_interface=eth1 >> --network_size=16 --multi_host=T >> --project_id=5f9281bca6854fe3974a457d81afd78c >> >> nova-manage network create --label=aotu1Tenant >> --fixed_range_v4=192.168.3.0/28 --num_networks=1 --gateway=192.168.3.9 >> --dns1=61.139.2.69 --vlan=300 --bridge=br300 --bridge_interface=eth2 >> --network_size=16 --multi_host=T >> --project_id=5f9281bca6854fe3974a457d81afd78c >> >> but the result is the newest created VM default gateway is still the IP >> address of br200 or br300 by the system, that means the factor of “gateway” >> and “dns1” in nova-mange network command did not work. >> >> The second way is to use dnsmasq.conf that Vish told me, that I set just >> dhcp_option=3,192.168.2.9. Yes it is useful for auto0Tenat VLAN, it can set >> auto0Tenant gateway to 192.168.2.9, but how to set others at the same time? >> >> Then I tried to use: >> >> Interface=vlan200 >> dhcp_option=3,192.168.2.9 >> >> Interface=vlan300 >> dhcp_option=3,192.168.3.9 >> > > > Does it actually work to specify multiple interfaces in the dnsmasq conf file > like that? I would have thought that the second values would override the > first ones. > > > Take care, > > Lorin > -- > Lorin Hochstein > Lead Architect - Cloud Services > Nimbis Services, Inc. > www.nimbisservices.com > > > > > > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] memory allocation while creating a linux image
On Jun 11, 2012, at 9:10 PM, Udit Agarwal wrote: > Hi, > I am following the guide –“Openstack Compute Administration Manual”. I have > a doubt on this page > http://docs.openstack.org/trunk/openstack-compute/admin/content/creating-a-linux-image.html > which talks about creating a linux image. The thing that I can’t understand > is that the first line talks about creating a linux image of size 5G, but > this allocation of 5G is done from which partition of our disk. Can anyone > help me with this ?? > > Thanks in advance. > > --Udit Agarwal > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp Udit: I assume you are talking about this command: kvm-img create -f raw server.img 5G That will create a file called "server.img" in the current directory where you issued the command. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Filter Scheduler, a complete example
On Jun 11, 2012, at 11:41 AM, Christian Parpart wrote: > Hi all, > > while I am still "somewhat" new to OpenStack, I was able to successfully > deploy a 6-node OpenStack setup > with 4 compute nodes, one controller node (yet to be HA'd) and one network > node (yet to be HA'd). > > However, now, that I am that far, I am in need to create a custom filter, due > to the companies requirements > on what VMs to put on what hardware. > Unfortunately, I am not yet that experienced in Python (know quite a few > others, so I shouldn't have > it that hard in getting into) and I - of course - don't know the Nova API as > well as you do. > > So I am looking for a complete basic Hello World Filter Scheduler example, > e.g. in form of a github repo, > that I can fork off, and improve it, and learn Nova by doing. > > I could not really find anything that helpful yet, and I think it might be a > wonderful entry-point for > quite a few of us. > > Is there anyone willing to help us here out a bit? > > Many many thanks, > Christian Parpart. > ___ Christian: The admin docs have a chapter on scheduling that discusses the filter scheduler: http://docs.openstack.org/essex/openstack-compute/admin/content/ch_scheduling.html It's from a user's point, not a developer, but it does describe what all of the built-in filters do. You should be able to look at the corresponding code and see what they do pretty easily. Check out the nova/scheduler/filters directory which has the implementation of the existing filters: https://github.com/openstack/nova/tree/master/nova/scheduler/filters The simplest filter is the AllHostsFilter, which doesn't filter anything at all: https://github.com/openstack/nova/blob/master/nova/scheduler/filters/all_hosts_filter.py Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] how to set individual gateway for each VLAN or Tenant network?
On Jun 4, 2012, at 8:22 PM, romi zhang wrote: > Hi, > > I am using VLAN network mode and will connect eth1 and eth2 of my compute > node to the LAN Switch, and LAN switch will create individual VLAN IP > interface for each Tenant/VLAN and then route to the NAT equipment,through > SNAT/DNAT to touch internet. So, that needs I can set the default gateway of > each Tenant VLAN to the different IP address of VLAN interface on the switch. I have the same question, I would love to know if you can set the gateways in VLAN mode. > > For example, my first tenant(auto0Tenant) is at VLAN200/br200/eth1/fix_ip > range is 192.168.2.0/28 and second(aotu1Tenant) is > VLAN300/br300/eth2/fix_ip_range 192.168.3.0/28, the VLAN interface ip address > for them on switch is 192.168.2.9 and 192.168.3.9, I want to set the default > gateway of VMs in auto0Tenant to 192.168.2.9 and 192.168.3.9 for > aotu1Tenant’s VMs. > > I try to use two methods, the first is to use nova-command: > > nova-manage network create --label=auto0Tenat --fixed_range_v4=192.168.2.0/28 > --num_networks=1 --gateway=192.168.2.9 --dns1=61.139.2.69 --vlan=200 > --bridge=br200 --bridge_interface=eth1 --network_size=16 --multi_host=T > --project_id=5f9281bca6854fe3974a457d81afd78c > > nova-manage network create --label=aotu1Tenant > --fixed_range_v4=192.168.3.0/28 --num_networks=1 --gateway=192.168.3.9 > --dns1=61.139.2.69 --vlan=300 --bridge=br300 --bridge_interface=eth2 > --network_size=16 --multi_host=T --project_id=5f9281bca6854fe3974a457d81afd78c > > but the result is the newest created VM default gateway is still the IP > address of br200 or br300 by the system, that means the factor of “gateway” > and “dns1” in nova-mange network command did not work. > > The second way is to use dnsmasq.conf that Vish told me, that I set just > dhcp_option=3,192.168.2.9. Yes it is useful for auto0Tenat VLAN, it can set > auto0Tenant gateway to 192.168.2.9, but how to set others at the same time? > > Then I tried to use: > > Interface=vlan200 > dhcp_option=3,192.168.2.9 > > Interface=vlan300 > dhcp_option=3,192.168.3.9 > Does it actually work to specify multiple interfaces in the dnsmasq conf file like that? I would have thought that the second values would override the first ones. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] EBS-backed AMIs on nova: how?
David: I just submitted a documentation patch on how to do this: https://review.openstack.org/8134/ Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On Apr 24, 2012, at 7:56 AM, David Wragg wrote: > Hi all, > > The feature comparison matrix at > <http://wiki.openstack.org/Nova/APIFeatureComparison> has a row labelled > "AMI's backed by EBS", which suggests to me that there is a way to have > nova-compute start a VM with its root store managed by nova-volume. But > I haven't been able to find anything that shows how to achieve this. > Can anyone provide a pointer? > > Thanks, > David > > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Openstack-operators] ERROR: Malformed request url (HTTP 400)
Hi Igor:
The best place to report problems with the docs is to file a bug in the
openstack-manuals project on launchpad:
https://bugs.launchpad.net/openstack-manuals
(You'll need to create a Launchpad account to report a bug if you don't have
one yet).
Take care,
Lorin
--
Lorin Hochstein
Lead Architect - Cloud Services
Nimbis Services, Inc.
www.nimbisservices.com
On May 30, 2012, at 3:10 PM, Igor Laskovy wrote:
> Hi all again!
> Just need clarification, in which way I can send a messages about
> mistakes in that docs?
>
> On Sun, May 13, 2012 at 6:47 PM, Igor Laskovy wrote:
>> Well, instead of it I did use the real uuid of service tenant))
>> End, actually that clarify about %(tenant_id)s is exist at docs.
>>
>> BTW, for what reason needs to execute TENANT variable in the volume section?
>>
>> On May 13, 2012 5:55 PM, "Dolph Mathews" wrote:
>>>
>>> Igor,
>>>
>>> What did you use instead / how did you interpret that portion of the docs?
>>>
>>> I think we need to clarify in the docs that %(tenant_id)s is very
>>> intentional, and intended to be used exactly as written (and explain how it
>>> behaves) -- you're certainly not the first person to run into this kind of
>>> issue on endpoints.
>>>
>>> -Dolph
>>>
>>> On Sun, May 13, 2012 at 8:42 AM, Igor Laskovy
>>> wrote:
>>>>
>>>> Hello all,
>>>>
>>>> I have solved this problem))
>>>> For me it was incorrect built endpoints in keystone for nova and
>>>> volume services.
>>>> I thought that %(tenant_id)s is mistake as other mistakes in the
>>>> installation guide
>>>>
>>>> (http://docs.openstack.org/trunk/openstack-compute/install/content/keystone-service-endpoint-create.html),
>>>> but it wasn't .
>>>>
>>>> Thanks everybody for attention!
>>>>
>>>> On Sat, May 12, 2012 at 4:53 PM, Igor Laskovy
>>>> wrote:
>>>>> Guys, I am still need help))
>>>>>
>>>>> On May 10, 2012 9:45 PM, "Igor Laskovy" wrote:
>>>>>>
>>>>>> Hi Dolph and Kevin,
>>>>>> thank you for your attention and sorry for delay reply.
>>>>>>
>>>>>> Here are what I have in nova-api.log :
>>>>>>
>>>>>> 2012-05-10 14:40:08 INFO nova.api.openstack.wsgi
>>>>>> [req-c6b9ea76-bbe1-4796-a231-41fc41c7695f
>>>>>> 50be127b9b7f49dcbf5ffea06d23d83a ebf29e67cbd445daa5ad09f76cdf69f9] GET
>>>>>>
>>>>>> http://192.168.1.71:8774/v2/7033300637bc4964a8d0a43649fcf898/images/detail
>>>>>>
>>>>>> 2012-05-10 14:40:08 DEBUG nova.api.openstack.wsgi
>>>>>> [req-c6b9ea76-bbe1-4796-a231-41fc41c7695f
>>>>>> 50be127b9b7f49dcbf5ffea06d23d83a ebf29e67cbd445daa5ad09f76cdf69f9]
>>>>>> Unrecognized Content-Type provided in request from (pid=1005) get_body
>>>>>> /usr/lib/python2.7/dist-packages/nova/api/openstack/wsgi.py:697
>>>>>>
>>>>>> On Thu, May 10, 2012 at 2:27 AM, Dolph Mathews
>>>>>>
>>>>>> wrote:
>>>>>>> Hrm, good catch! I see no problems with that request at all...
>>>>>>>
>>>>>>> -Dolph Mathews
>>>>>>>
>>>>>>> On May 9, 2012, at 5:58 PM, "Kevin L. Mitchell"
>>>>>>> wrote:
>>>>>>>
>>>>>>>> On Wed, 2012-05-09 at 15:32 -0500, Dolph Mathews wrote:
>>>>>>>>> It also just occurred to me that perhaps you're using a *very* old
>>>>>>>>> novaclient against a more recent version of keystone?
>>>>>>>>
>>>>>>>> Actually, if you look a little more closely:
>>>>>>>>
>>>>>>>>>$ nova --debug image-list
>>>>>>>>>connect: (192.168.1.71, 5000)
>>>>>>>>>send: 'POST /v2.0/tokens HTTP/1.1\r\nHost:
>>>>>>>>>192.168.1.71:5000\r\nContent-Length: 117\r
>>>>>>>>>\ncontent-type:
>>>>>>>>>application/json\r\naccept-encoding: gzip,
>>>>>>>>> deflate\r
>>>>>>>>>\naccept:
>>>>>>>>>application/json\r\nuser-agent:
>>>>>>>>> python-novaclient\r\n
>>>>>>>>>\r\n{"auth":
>>>>>>>>
>>>>>>>>>{"tenantName": "labSpaceDemo",
>>>>>>>>> "passwordCredentials":
>>>>>>>>>{"username":
>>>>>>>>>"adminUser", "password": "lfplhfgthvf"}}}'
>>>>>>>>
>>>>>>>> The request body for Keystone is not, in fact, malformed. It would
>>>>>>>> be
>>>>>>>> interesting to look at the nova-api logs for this request…
>>>>>>>> --
>>>>>>>> Kevin L. Mitchell
>>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Igor Laskovy
>>>>
>>>>
>>>>
>>>> --
>>>> Igor Laskovy
>>>
>>>
>>
>
>
>
> --
> Igor Laskovy
> Kiev, Ukraine
> ___
> Openstack-operators mailing list
> openstack-operat...@lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
smime.p7s
Description: S/MIME cryptographic signature
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
[Openstack] Why is an image required when booting from volume
I'm trying to figure out boot from volume, both so I can use it and so I can add it to the docs. It seems that when calling "nova boot" or using Horizon, you need to specify an image. Why is that? I naively tried to create a volume image by creating a volume and then doing on my volume server: dd if=/tmp/precise-server-cloudimg-amd64-disk1.img of=/dev/nova-volumes/volume-000d Then I tried this: $ nova boot --flavor 2 --key_name lorin --block_device_mapping /dev/vda=13:::0 test Which generated an error: Invalid imageRef provided. (HTTP 400) If I try to specify an image, it at least attempts to boot: $ nova boot --flavor 2 --key_name lorin --block_device_mapping /dev/vda=13:::0 --image 7d6923d9-1c13-4405-ba0c-41c7487dd6bc test I noticed that the devstack example specifies an image: https://github.com/openstack-dev/devstack/blob/master/exercises/boot_from_volume.sh: VOL_VM_UUID=`nova boot --flavor $INSTANCE_TYPE --image $IMAGE --block_device_mapping vda=$VOLUME_ID:::0 --security_groups=$SECGROUP --key_name $KEY_NAME $VOL_INSTANCE_NAME | grep ' id ' | get_field 2` Looking at nova/api/openstack/compute/servers.py, it does look like _image_uuid_from_href() is called regardless of whether we are booting from volume or not. What is "--image" used for when booting from volume? Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Nova] Blueprint and core cleanup
On May 18, 2012, at 5:33 AM, Thierry Carrez wrote: > Vishvananda Ishaya wrote: >> *Core Cleanup* >> [...] >> If a former core member has time to start participating in reviews >> again, i think he should be able to review for a couple of weeks or two >> and send an email to the list saying, "Hey, I've got time to review >> again, can I be added back in". If we don't here any -1 votes by other >> core members for three days we will bring them back. In other words, >> its former members can be accelerated back into core. Sound reasonable? > > Yes. > >> *Blueprint Cleanup* >> >> As I mentioned in my previous email, I've now obsoleted all blueprints >> not targetted to folsom. The blueprint system has been used for "feature >> requests", and I don't think it is working because there is no one >> grabbing unassigned blueprints. I think it has to be up to the drafter >> of the blueprint to find a person/team to actually implement the >> blueprint or it will just sit there. Therefore I've removed all of the >> "good idea" blueprints. This was kind of sad, because there were some >> really good ideas there. > > We discussed for quite some time that "wishlist" bugs that don't get > worked on for some time should be closed as "Opinion/Wishlist"... and > use that search to get a nice list of "things that sound like a good > idea but nobody has had time to work on". Maybe we should create > wishlist bugs for stuff on obsoleted blueprints, so that we have a > single place to look for abandoned good ideas ? > > -- > Thierry Carrez (ttx) > Release Manager, OpenStack > > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp +1 I think this is a great idea. There was definitely some good ideas in some of those obsoleted blueprints and I'd hate for us to lose track of them simply because the project doesn't currently have the resources to tackle them. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [nova-compute] vm migration problem
On May 22, 2012, at 6:08 PM, Soren Hansen wrote: > 2012/5/21 Lorin Hochstein : >> Has anybody ever written a script that grabs the host public key from >> the instance's console and updates the .ssh/config/known_hosts file >> accordingly, instead of throwing away host key checking? That would >> be a handy little thing if it was out there. > > Ubuntu's cloud-utils package has a cloud-run-instances utility that does > this. It's not exactly in the do-one-thing-and-do-it-well sort of > category, but perhaps it's just what you need. > Wow, I never knew about that package. Are all of those utils compatible with OpenStack? Are they documented everywhere? Now that we're adding distribution-specific content to the docs, these are probably worth a mention in the Ubuntu OpenStack install guide. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] python-swiftclient in gerrit
On May 21, 2012, at 6:25 AM, Chmouel Boudjnah wrote: > Hi, > > As mentioned a couple of times we are splitting python-swiftclient out > of swift, this is mostly ready to cut in its own gerrit project here : > > https://github.com/chmouel/python-swiftclient Are you planning on making it available through PyPi once it's broken out? Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [nova-compute] vm migration problem
Has anybody ever written a script that grabs the host public key from the instance's console and updates the .ssh/config/known_hosts file accordingly, instead of throwing away host key checking? That would be a handy little thing if it was out there. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On May 21, 2012, at 6:09 AM, Joe Breu wrote: > Hi Eric, > > It would appear that the nova user on one of the compute nodes had at one > time cached the SSH host key of the other node and now the key has changed. > You can bypass this by adding the following to ~nova/.ssh/config on both > compute nodes: > > Host * >StrictHostKeyChecking no >UserKnownHostsFile=/dev/null > > > --- > Joseph Breu > Deployment Engineer > Rackspace Cloud Builders > 210-312-3508 > > On May 21, 2012, at 11:34 AM, Eric Luo wrote: > >> Hello ,all. >> >> I have a two nodes installation . OS1 is the cloud controller ,and OS2 is a >> nova-compute node. >> I have a vm (name as vm1) running on OS1. >> When I use the command nova migrate vm1 >> >> The dashboard is showing the vm1 as : status :error ,task :Resize Prep >> I tail ed the nova-compute.log in OS1, and found the following error >> information while running the nova migrate vm1 command : >> >> >> Can someone please explain to me what does these error mean ,and what's >> wrong with my config ... >> >> >> 2012-05-21 17:20:45 ERROR nova.compute.manager >> [req-d0f494cb-e9d6-41d2-b6df-6faa432a644d 6ffaaedb60c24f5eb888319e1e387d75 >> 0d7a5a12b6f54aa9bff986bf138bc0b7] Unex pected error while running command. >> Command: ssh 192.168.0.205 mkdir -p /var/lib/nova/instances/instance-000a >> Exit code: 255 >> Stdout: '' >> Stderr: 'Host key verification failed.\r\n'. Setting instance vm_state to >> ERROR >> 2012-05-21 17:20:45 ERROR nova.rpc.amqp >> [req-d0f494cb-e9d6-41d2-b6df-6faa432a644d 6ffaaedb60c24f5eb888319e1e387d75 >> 0d7a5a12b6f54aa9bff986bf138bc0b7] Exception during message handling >> 2012-05-21 17:20:45 TRACE nova.rpc.amqp Traceback (most recent call last): >> 2012-05-21 17:20:45 TRACE nova.rpc.amqp File >> "/usr/lib/python2.7/dist-packages/nova/rpc/amqp.py", line 252, in >> _process_data >> 2012-05-21 17:20:45 TRACE nova.rpc.amqp rval = node_func(context=ctxt, >> **node_args) >> 2012-05-21 17:20:45 TRACE nova.rpc.amqp File >> "/usr/lib/python2.7/dist-packages/nova/exception.py", line 114, in wrapped >> 2012-05-21 17:20:45 TRACE nova.rpc.amqp return f(*args, **kw) >> 2012-05-21 17:20:45 TRACE nova.rpc.amqp File >> "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 153, in >> decorated_function >> 2012-05-21 17:20:45 TRACE nova.rpc.amqp function(self, context, >> instance_uuid, *args, **kwargs) >> 2012-05-21 17:20:45 TRACE nova.rpc.amqp File >> "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 177, in >> decorated_function >> 2012-05-21 17:20:45 TRACE nova.rpc.amqp sys.exc_info()) >> 2012-05-21 17:20:45 TRACE nova.rpc.amqp File >> "/usr/lib/python2.7/contextlib.py", line 24, in __exit__ >> 2012-05-21 17:20:45 TRACE nova.rpc.amqp self.gen.next() >> 2012-05-21 17:20:45 TRACE nova.rpc.amqp File >> "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 171, in >> decorated_function >> 2012-05-21 17:20:45 TRACE nova.rpc.amqp return function(self, context, >> instance_uuid, *args, **kwargs) >> 2012-05-21 17:20:45 TRACE nova.rpc.amqp File >> "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 1330, in >> resize_instance >> 2012-05-21 17:20:45 TRACE nova.rpc.amqp >> self._set_instance_error_state(context, instance_uuid) >> 2012-05-21 17:20:45 TRACE nova.rpc.amqp File >> "/usr/lib/python2.7/contextlib.py", line 24, in __exit__ >> 2012-05-21 17:20:45 TRACE nova.rpc.amqp self.gen.next() >> 2012-05-21 17:20:45 TRACE nova.rpc.amqp File >> "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 1325, in >> resize_instance >> 2012-05-21 17:20:45 TRACE nova.rpc.amqp instance_type_ref, >> self._legacy_nw_info(network_info)) >> 2012-05-21 17:20:45 TRACE nova.rpc.amqp File >> "/usr/lib/python2.7/dist-packages/nova/exception.py", line 114, in wrapped >> 2012-05-21 17:20:45 TRACE nova.rpc.amqp return f(*args, **kw) >> 2012-05-21 17:20:45 TRACE nov
Re: [Openstack] Keystone 2012.1 - global and private endpoints
These are now in the docs:
http://docs.openstack.org/trunk/openstack-compute/admin/content/keystone-concepts.html
Take care,
Lorin
--
Lorin Hochstein
Lead Architect - Cloud Services
Nimbis Services, Inc.
www.nimbisservices.com
On May 12, 2012, at 8:43 AM, Leandro Reox wrote:
> Clear as crystal. Thanks a lot Lorin! i didnt see this reflected on the docs.
>
> Best
> Lean
>
> On May 12, 2012 8:45 AM, "Lorin Hochstein" wrote:
> Leandro:
>
> On May 10, 2012, at 10:58 AM, Leandro Reox wrote:
>
>> Hi all,
>>
>> I was wondering if is there any way to create private and global endpoints
>> in Keystone essex final, what for ?
>>
>> I have users defined for specific applications, for example i want that the
>> "images" user, just to have access to the SWIFT endpoint, but no to nova,
>> and etc
>>
>> In previous versions of Keystone, you can define "is_global" attribute for
>> an endpoint, or create a direct relationship between a tenant and an
>> endpoint if your endpoint was previously defined as non global.
>>
>> Is there any way to do this on the new Essex Final Keystone ? If not, how do
>> i avoid the swift users to create instances on nova?
>>
>
> The /etc/$APP/policy.json controls what users are allowed to do for $APP.
> For example, /etc/nova/policy.json controls this for nova,
> /etc/glance/policy.json controls glance. (I think swift uses a different
> scheme).
>
> If you want to restrict users from doing things in nova, you need to create a
> role in keystone and then modify /etc/nova/policy.json so that this role is
> required for nova operations.
>
> For example, you could create a role called "novauser", and then
> /etc/nova/policy.json to require that role for every operation. I think it
> would look like this (haven't tried this myself):
>
> {
> "admin_or_owner": [["role:admin"], ["project_id:%(project_id)s"]],
> "default": [["rule:admin_or_owner"]],
>
>
> "compute:create": ["role":"novauser"],
> "compute:create:attach_network": ["role":"novauser"],
> "compute:create:attach_volume": ["role":"novauser"],
> "compute:get_all": ["role":"novauser"],
>
>
> "admin_api": [["role:admin"]],
> "compute_extension:accounts": [["rule:admin_api"]],
> "compute_extension:admin_actions": [["rule:admin_api"]],
> "compute_extension:admin_actions:pause": [["rule:admin_or_owner"]],
> "compute_extension:admin_actions:unpause": [["rule:admin_or_owner"]],
> "compute_extension:admin_actions:suspend": [["rule:admin_or_owner"]],
> "compute_extension:admin_actions:resume": [["rule:admin_or_owner"]],
> "compute_extension:admin_actions:lock": [["rule:admin_api"]],
> "compute_extension:admin_actions:unlock": [["rule:admin_api"]],
> "compute_extension:admin_actions:resetNetwork": [["rule:admin_api"]],
> "compute_extension:admin_actions:injectNetworkInfo": [["rule:admin_api"]],
> "compute_extension:admin_actions:createBackup": [["rule:admin_or_owner"]],
> "compute_extension:admin_actions:migrateLive": [["rule:admin_api"]],
> "compute_extension:admin_actions:migrate": [["rule:admin_api"]],
> "compute_extension:aggregates": [["rule:admin_api"]],
> "compute_extension:certificates": ["role":"novauser"],
> "compute_extension:cloudpipe": [["rule:admin_api"]],
> "compute_extension:console_output": ["role":"novauser"],
> "compute_extension:consoles": ["role":"novauser"],
> "compute_extension:createserverext": ["role":"novauser"],
> "compute_extension:deferred_delete": ["role":"novauser"],
> "compute_extension:disk_config": ["role":"novauser"],
> "compute_extension:extended_server_attributes": [["rule:admin_api"]],
> "compute_extension:extended_status": ["role":"novauser"],
> "compute_extension:flavorextradata": ["role":"novauser"],
> "compute_extension:flavorextraspecs"
Re: [Openstack] confuse about keystone rule
Hi William: Some new documentation just landed that should clear things up: http://docs.openstack.org/trunk/openstack-compute/admin/content/keystone-concepts.html (Short answer: by default, only the "admin" role has meaning unless you edit the policy.conf files). Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On May 20, 2012, at 9:19 PM, William Herry wrote: > Hi, > I am a little confuse about keystone roles, there are several role like > admin, Member, KeystoneAdmin, KeystoneServiceAdmin, sysadmin, netadmin, I > want to know does those name have special means, or just a name and I can > name my role with any name I like, if they have special means, why should I > create them manually? > > can some one explain to me or give me some links? > > Thanks > > -- > > === > William Herry > > williamherrych...@gmail.com > > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [client] Hacking on the client
I have to admit that I had never heard of "python setup.py develop" until today, when you mentioned it (and Doug Hellmann mentioned it in passing here: https://review.openstack.org/#/c/7506/1/README.rst). That' just what I was looking for. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On May 16, 2012, at 5:00 PM, Vishvananda Ishaya wrote: > can't you use python setup.py develop? > > That is the general way of setting stuff up in dev mode. > > Vish > > On May 16, 2012, at 9:12 AM, Lorin Hochstein wrote: > >> If I want to hack on python-openstackclient, how should I set things up so I >> don't need to install the egg to run it? I know how to install it, but I'd >> like to be able to make changes and run them without going through an >> install cycle. >> >> I tried to do this: >> >> export PYTHONPATH=~/python-openstackclient >> alias openstack="python ~/python-openstackclient/openstackclient/shell.py" >> >> And it sort of works, but I get an unpleasant warning whenever I run things: >> >> /Users/lorin/.virtualenvs/client/lib/python2.7/site-packages/cliff/commandmanager.py:6: >> UserWarning: Module argparse was already imported from >> /System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/argparse.pyc, >> but /Users/lorin/.virtualenvs/client/lib/python2.7/site-packages is being >> added to sys.path >> >> >> So I assume there's a better way than what I'm doing. >> >> >> Take care, >> >> Lorin >> -- >> Lorin Hochstein >> Lead Architect - Cloud Services >> Nimbis Services, Inc. >> www.nimbisservices.com >> >> >> >> >> >> ___ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp > ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] [client] Hacking on the client
If I want to hack on python-openstackclient, how should I set things up so I don't need to install the egg to run it? I know how to install it, but I'd like to be able to make changes and run them without going through an install cycle. I tried to do this: export PYTHONPATH=~/python-openstackclient alias openstack="python ~/python-openstackclient/openstackclient/shell.py" And it sort of works, but I get an unpleasant warning whenever I run things: /Users/lorin/.virtualenvs/client/lib/python2.7/site-packages/cliff/commandmanager.py:6: UserWarning: Module argparse was already imported from /System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/argparse.pyc, but /Users/lorin/.virtualenvs/client/lib/python2.7/site-packages is being added to sys.path So I assume there's a better way than what I'm doing. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [openstack]create network project_id
Eric: > root@node1:~# nova-manage network modify --fixed_range 10.0.6.0/24 --project > f6a1 --host node1 I didn't know you could specify partial strings for uuids, i.e.: --project f6a1 instead of: --project f6a1c12cf10b43e68aa0952470f1bb56 Does that really work? Does that work everywhere or just for nova-manage? Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Problem with attaching disks to an instance
On May 15, 2012, at 1:27 PM, Vishvananda Ishaya wrote: > FYI iscsi_ip_prefix doesn't exist in essex. That flag is referenced in the XenAPI code in essex: https://github.com/openstack/nova/blob/stable/essex/nova/virt/xenapi/volume_utils.py#L408 However, it doesn't appear anywhere else in essex. Is this a bug? Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Error in documentation "openstack install and deploy manual"
Thanks, Alessandro. I've proposed a doc fix for these issues here: https://review.openstack.org/7442 Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On May 15, 2012, at 9:32 AM, Alessandro Tagliapietra wrote: > I tried to install openstack following this guide, i think these things are > wrong. I'm not sure so maybe it's intentional. > > 1) > http://docs.openstack.org/trunk/openstack-compute/install/content/keystone-service-endpoint-create.html > Defining the volume service there is this line: > $ TENANT=eb7e0c10a99446cfa14c244374549e9d > which i think is not needed. > Later in image service defining this line is missing the escape char at > the end of line >--endpoint http://192.168.206.130:35357/v2.0/ > > 2) > http://docs.openstack.org/trunk/openstack-compute/install/content/configure-glance-files.html > The step about db version control and sync on ubuntu 12.04 should be > done before the services restart else glance-registry will die after a few > seconds due no tables found > > Best Regards > > Alessandro > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Dhcp lease errors in vlan mode
On May 14, 2012, at 1:46 PM, Vishvananda Ishaya wrote: > TL;DR > > To fix issues with failed dhcp leases in vlan mode, upgrade to dnsmasq > 2.6.1[1] > I attempted to document this issue in the docs: https://review.openstack.org/7403 (As an aside, we're using VLAN mode at Nimbis). Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [OpenStack][Keystone] Blueprint to store quota data in Keystone
On May 10, 2012, at 12:55 PM, Everett Toews wrote:
> Hi All,
>
> I've started a blueprint and spec to store quota data in Keystone. Please
> have a look if you're interested and any feedback is welcome.
>
> Of course, writing up the spec brought up number of questions for me. You can
> find more detail in the spec but here they are to get some more exposure.
>
> 1. For the keystone CLI I'm proposing using JSON for batch create, update,
> and delete of quotas. I don't believe this is done anywhere else in
> OpenStack. Good idea? Bad idea?
> My plan is to go with the JSON.
>
If you're going to use json in the CLI for complex operations, I would
recommend reading the json from stdin rather than passing it as a command-line
flag.
This means users could do either:
echo "{'key': 'value'}" | keystone …
or:
keystone … < batch.json
Take care,
Lorin
--
Lorin Hochstein
Lead Architect - Cloud Services
Nimbis Services, Inc.
www.nimbisservices.com
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Keystone 2012.1 - global and private endpoints
Unfortunately, It isn't in the docs yet. :(
I'm hoping to find some time to add this to the docs in the next few days.
Take care,
Lorin
--
Lorin Hochstein
Lead Architect - Cloud Services
Nimbis Services, Inc.
www.nimbisservices.com
On May 12, 2012, at 8:43 AM, Leandro Reox wrote:
> Clear as crystal. Thanks a lot Lorin! i didnt see this reflected on the docs.
>
> Best
> Lean
>
> On May 12, 2012 8:45 AM, "Lorin Hochstein" wrote:
> Leandro:
>
> On May 10, 2012, at 10:58 AM, Leandro Reox wrote:
>
>> Hi all,
>>
>> I was wondering if is there any way to create private and global endpoints
>> in Keystone essex final, what for ?
>>
>> I have users defined for specific applications, for example i want that the
>> "images" user, just to have access to the SWIFT endpoint, but no to nova,
>> and etc
>>
>> In previous versions of Keystone, you can define "is_global" attribute for
>> an endpoint, or create a direct relationship between a tenant and an
>> endpoint if your endpoint was previously defined as non global.
>>
>> Is there any way to do this on the new Essex Final Keystone ? If not, how do
>> i avoid the swift users to create instances on nova?
>>
>
> The /etc/$APP/policy.json controls what users are allowed to do for $APP.
> For example, /etc/nova/policy.json controls this for nova,
> /etc/glance/policy.json controls glance. (I think swift uses a different
> scheme).
>
> If you want to restrict users from doing things in nova, you need to create a
> role in keystone and then modify /etc/nova/policy.json so that this role is
> required for nova operations.
>
> For example, you could create a role called "novauser", and then
> /etc/nova/policy.json to require that role for every operation. I think it
> would look like this (haven't tried this myself):
>
> {
> "admin_or_owner": [["role:admin"], ["project_id:%(project_id)s"]],
> "default": [["rule:admin_or_owner"]],
>
>
> "compute:create": ["role":"novauser"],
> "compute:create:attach_network": ["role":"novauser"],
> "compute:create:attach_volume": ["role":"novauser"],
> "compute:get_all": ["role":"novauser"],
>
>
> "admin_api": [["role:admin"]],
> "compute_extension:accounts": [["rule:admin_api"]],
> "compute_extension:admin_actions": [["rule:admin_api"]],
> "compute_extension:admin_actions:pause": [["rule:admin_or_owner"]],
> "compute_extension:admin_actions:unpause": [["rule:admin_or_owner"]],
> "compute_extension:admin_actions:suspend": [["rule:admin_or_owner"]],
> "compute_extension:admin_actions:resume": [["rule:admin_or_owner"]],
> "compute_extension:admin_actions:lock": [["rule:admin_api"]],
> "compute_extension:admin_actions:unlock": [["rule:admin_api"]],
> "compute_extension:admin_actions:resetNetwork": [["rule:admin_api"]],
> "compute_extension:admin_actions:injectNetworkInfo": [["rule:admin_api"]],
> "compute_extension:admin_actions:createBackup": [["rule:admin_or_owner"]],
> "compute_extension:admin_actions:migrateLive": [["rule:admin_api"]],
> "compute_extension:admin_actions:migrate": [["rule:admin_api"]],
> "compute_extension:aggregates": [["rule:admin_api"]],
> "compute_extension:certificates": ["role":"novauser"],
> "compute_extension:cloudpipe": [["rule:admin_api"]],
> "compute_extension:console_output": ["role":"novauser"],
> "compute_extension:consoles": ["role":"novauser"],
> "compute_extension:createserverext": ["role":"novauser"],
> "compute_extension:deferred_delete": ["role":"novauser"],
> "compute_extension:disk_config": ["role":"novauser"],
> "compute_extension:extended_server_attributes": [["rule:admin_api"]],
> "compute_extension:extended_status": ["role":"novauser"],
> "compute_extension:flavorextradata": ["role":"novauser"],
> "compute_extension:flavorextras
Re: [Openstack] Keystone 2012.1 - global and private endpoints
["role":"novauser"], "compute_extension:security_groups": ["role":"novauser"], "compute_extension:server_action_list": [["rule:admin_api"]], "compute_extension:server_diagnostics": [["rule:admin_api"]], "compute_extension:simple_tenant_usage:show": [["rule:admin_or_owner"]], "compute_extension:simple_tenant_usage:list": [["rule:admin_api"]], "compute_extension:users": [["rule:admin_api"]], "compute_extension:virtual_interfaces": ["role":"novauser"], "compute_extension:virtual_storage_arrays": ["role":"novauser"], "compute_extension:volumes": ["role":"novauser"], "compute_extension:volumetypes": ["role":"novauser"], "volume:create": ["role":"novauser"], "volume:get_all": ["role":"novauser"], "volume:get_volume_metadata": ["role":"novauser"], "volume:get_snapshot": ["role":"novauser"], "volume:get_all_snapshots": ["role":"novauser"], "network:get_all_networks": ["role":"novauser"], "network:get_network": ["role":"novauser"], "network:delete_network": ["role":"novauser"], "network:disassociate_network": ["role":"novauser"], "network:get_vifs_by_instance": ["role":"novauser"], "network:allocate_for_instance": ["role":"novauser"], "network:deallocate_for_instance": ["role":"novauser"], "network:validate_networks": ["role":"novauser"], "network:get_instance_uuids_by_ip_filter": ["role":"novauser"], "network:get_floating_ip": ["role":"novauser"], "network:get_floating_ip_pools": ["role":"novauser"], "network:get_floating_ip_by_address": ["role":"novauser"], "network:get_floating_ips_by_project": ["role":"novauser"], "network:get_floating_ips_by_fixed_address": ["role":"novauser"], "network:allocate_floating_ip": ["role":"novauser"], "network:deallocate_floating_ip": ["role":"novauser"], "network:associate_floating_ip": ["role":"novauser"], "network:disassociate_floating_ip": ["role":"novauser"], "network:get_fixed_ip": ["role":"novauser"], "network:add_fixed_ip_to_instance": ["role":"novauser"], "network:remove_fixed_ip_from_instance": ["role":"novauser"], "network:add_network_to_project": ["role":"novauser"], "network:get_instance_nw_info": ["role":"novauser"], "network:get_dns_domains": ["role":"novauser"], "network:add_dns_entry": ["role":"novauser"], "network:modify_dns_entry": ["role":"novauser"], "network:delete_dns_entry": ["role":"novauser"], "network:get_dns_entries_by_address": ["role":"novauser"], "network:get_dns_entries_by_name": ["role":"novauser"], "network:create_private_dns_domain": ["role":"novauser"], "network:create_public_dns_domain": ["role":"novauser"], "network:delete_dns_domain": ["role":"novauser"] } Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Openstack Beginners guide for Ubuntu 12.04/Essex
On May 10, 2012, at 2:51 PM, Rick Jones wrote: > On 05/10/2012 07:33 AM, Atul Jha wrote: >> Suggestion/criticism would be highly appreciated. > > Tried a few times to send this directly to Atul and the > css.ossbo...@csscorp.com address in the paper, but was getting rejected > content for Atul's email destination and no such user for the css.ossbooks > email. Note that since they also host their project on Launchpad <https://code.launchpad.net/openstackbook>, you should be able to provide feedback by submitting bugs against that project: https://bugs.launchpad.net/openstackbook Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Keystone client, user belongs to many tenants?
Dolph: Thanks, this was tremendously helpful in understanding how things work. Putting this information into the docs is on my todo list. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On May 10, 2012, at 10:25 AM, Dolph Mathews wrote: > > > On Thu, May 10, 2012 at 9:00 AM, Lorin Hochstein > wrote: > Are there any documented examples out there of how to use roles? I still have > a hard time building a mental model of how the system works. In particular: > > Do I need to create a new role for every user-tenant pair? Or can I reuse > the same role? > > You can recycle roles. Role names are also unique. A "member" role is > frequently used in the docs, where you can grant membership to a user on a > specific tenant. > > Creating and granting this role to two users on different tenants using > keystoneclient looks something like: > > # create two tenants > $ keystone tenant-create --name="Tenant A" > > $ keystone tenant-create --name="Tenant B" > > > # create two users > $ keystone user-create --name="User A" > > $ keystone user-create --name="User B" > > > # create a membership role > $ keystone role-create --name=member > > > # (Neither user can access either tenant at this point.) > > # grant User A membership on Tenant A > $ keystone user-role-add --role_id= --tenant_id= > --user_id= > # User A is now a "member" of Tenant A. > # (User B still has access to nothing at this point.) > > # grant User B membership on Tenant B > $ keystone user-role-add --role_id= --tenant_id= > --user_id= > # User B is now a "member" of Tenant B, but not Tenant A. > # (and User A is still a "member" of Tenant A, but not Tenant B.) > > > Where are the semantics of roles specified? What I mean is, what determines > what a role allows a user to do with a specific service? > > Right now, that's entirely managed by each service's policy.json -- keystone > does nothing but provide the role names to each OpenStack service. > > This will change a bit during folsom, with the introduction of RBAC (bp > https://blueprints.launchpad.net/keystone/+spec/rbac-keystone). The contents > of each service's policy.json will be centrally managed in keystone, and the > "meaning" of the roles a user has (the user's set of capabilities in the > current authentication context) will be provided to OpenStack services -- so > service's will no longer need to "understand" role names. > > The examples I see always create a magical "admin" role, but how does, say, > nova, know that this role is associated with admin privileges? Is it because > the label is "admin"? > > Today, this is configurable via Nova's policy.json: > https://github.com/openstack/nova/blob/master/etc/nova/policy.json > > What if I want to create a role that allows users in a tenant to have regular > access to nova, but not to swift? How do I do that? Do I need to create a > "novaUser" role? Where do I describe what a "novaUser" role means? In nova? > In keystone? How? > > See above; not sure about swift's status, though. > > > Pointer to an example here would be really helpful, would love to add this to > the docs. > > Let me know if you find the above useful; or feel free to revise and submit :) > > > > Take care, > > Lorin > -- > Lorin Hochstein > Lead Architect - Cloud Services > Nimbis Services, Inc. > www.nimbisservices.com > > > > > > On May 10, 2012, at 3:50 AM, Dolph Mathews wrote: > >> +1 >> >> The second "way to accomplish this" is exactly what keystone currently >> supports (explicit role grants), which didn't change between diablo and >> essex at all. >> >> The first method (using global unscopedness) was dropped because its just as >> confusing as you describe it. >> >> -Dolph Mathews >> >> On May 10, 2012, at 2:35 AM, Joseph Heck wrote: >> >>> Guang, >>> >>> I think you need to re-read the code. The association between a user and >>> tenant is what the role represents, and its inaccurate to assert that a >>> user is aligned only with a single tenant ever, that is not the case. >>> >>> A role is no longer global, specifically to avoid the tremendous confusion >>> and inaccuracy of implementation about how to apply a role that relates a >>> tenant and user along with a potential "glo
Re: [Openstack] Keystone client, user belongs to many tenants?
Are there any documented examples out there of how to use roles? I still have a hard time building a mental model of how the system works. In particular: Do I need to create a new role for every user-tenant pair? Or can I reuse the same role? Where are the semantics of roles specified? What I mean is, what determines what a role allows a user to do with a specific service? The examples I see always create a magical "admin" role, but how does, say, nova, know that this role is associated with admin privileges? Is it because the label is "admin"? What if I want to create a role that allows users in a tenant to have regular access to nova, but not to swift? How do I do that? Do I need to create a "novaUser" role? Where do I describe what a "novaUser" role means? In nova? In keystone? How? Pointer to an example here would be really helpful, would love to add this to the docs. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On May 10, 2012, at 3:50 AM, Dolph Mathews wrote: > +1 > > The second "way to accomplish this" is exactly what keystone currently > supports (explicit role grants), which didn't change between diablo and essex > at all. > > The first method (using global unscopedness) was dropped because its just as > confusing as you describe it. > > -Dolph Mathews > > On May 10, 2012, at 2:35 AM, Joseph Heck wrote: > >> Guang, >> >> I think you need to re-read the code. The association between a user and >> tenant is what the role represents, and its inaccurate to assert that a user >> is aligned only with a single tenant ever, that is not the case. >> >> A role is no longer global, specifically to avoid the tremendous confusion >> and inaccuracy of implementation about how to apply a role that relates a >> tenant and user along with a potential "global" role concept that was in the >> earliest implementations of Keystone. The current implementation is simpler >> and far more specific and clear in it's implementation. >> >> -joe >> >> On May 9, 2012, at 10:22 PM, Yee, Guang wrote: >>> I think this use case underscores one of the key differences between the >>> fat Keystone (Diablo - E3) and KSL (Essex final). In fat Keystone, users >>> and tenants are loosely coupled. They are bind together by role >>> assignments. In KSL, users and tenants are tightly coupled, and IMHO very >>> inflexible. Maybe the following example would further clarify this … >>> >>> Suppose you have tenants Dodgers, Giants, and Brewers, user Bud Selid, >>> roles Commissioner and Minority Owner, and service MLB. And you want Bud >>> Selid to have the Commissioner role for Dodgers, Giants, and Brewers, but >>> Minority Owner role for Brewers only. >>> >>> In fat Keystone, there a couple of ways you can accomplish this. >>> >>> 1) Make Commissioner a “global role” (unscoped) and assign it to user >>> Bud Selid. Assign the Minority Owner role to Bud Selid for tenant Brewers >>> by creating a role reference. When Bud Selid tries to access MLB with his >>> unscoped token, MLB will get his Commissioner role back from Keystone. When >>> Bud Selid tries to access MLB with his token scoped to Brewers, MLB will >>> get both his Commissioner and Minority Owner roles back from Keystone. When >>> Bud Selid tries to acess MLB with his token scoped to Giants or Dodgers, >>> MLB will only get his Commissioner role back from Keystone. >>> 2) Assign the Commissioner role to Bud Selid to tenants Giants, >>> Dodgers, and Brewers individually by creating the respective role >>> references. Assign the Minority Owner role to Bud Selid for tenant Brewers >>> by creating another role reference. In this scenario, Bud Selid will always >>> need a scoped token to access MLB. >>> >>> In KSL, there really aren’t any effective ways to accomplish the same >>> thing. Global roles are no longer supported. A given user must assign to >>> exactly one tenant. I suppose you can have Bud Selid under the “Default >>> Tenant”, and assign both Commissioner and Minority Owner roles to him. But >>> there are two major side effects. >>> >>> 1) Bud Selid must access MLB with the token scoped to the “Default >>> Tenant” in order for MLB to recognize him as Commissioner. Which means he >>> IS ALSO the Minority Owner for Dodgers, Giants, and Brewers. J >>> 2) If Bud Selid tries to access MLB with t
Re: [Openstack] Keystone client, user belongs to many tenants?
On May 9, 2012, at 4:46 PM, Joshua Harlow wrote:
> A question,
>
> I am using anvil to setup the keystone roles/users/tenants.
>
> It seems like the python keystone client has the following command:
>
> client.users.create
>
> Which seems to take in the following:
>
> create(self, name, password, email, tenant_id=None, enabled=True):
>
> I would assume a user name can be used in multiple tenants but when I am
> trying to create a user that spans tenants and it seems like it borks.
>
My guess is that once you have a user created, you would then use the
client.tenants.add_user method to add the user to different tenants:
add_user(tenant, user, role)
I think you would do something like:
user=client.users.create(…)
role=…
for tenant in other_tenants:
client.tenants.add_user(tenant, user, role)
> ClientException: Conflict occurred attempting to store user. (IntegrityError)
> (1062, "Duplicate entry 'admin' for key 'name'") 'INSERT INTO user (id, name,
> extra) VALUES (%s, %s, %s)' ('3e14a9c1fd404c7e81c0dba8bd640575', 'admin',
> '{"password":
> "$6$rounds=4$yX5fL51OyGKjuPjr$8yv.S3GpqsKeaHv4GjNY4YW2vvykWzrEV7RX.qJpyy3CjmyXrZMRRJifEzfa7xv1l.NzoggQBXUAESn3Oqm0x/",
> "enabled": true, "email": "ad...@example.com", "tenantId":
> "d1506184877a449a91fc6adcb553ad97"}') (HTTP 409)
>
> Is this supposed to happen? Is the client supposed to send back this much
> info also (hashed password??) :-P
Not sure about this one.
Take care,
Lorin
--
Lorin Hochstein
Lead Architect - Cloud Services
Nimbis Services, Inc.
www.nimbisservices.com
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
Re: [Openstack] dimenssion of vnc console window
On May 9, 2012, at 6:06 AM, Staicu Gabriel wrote: > Hi, > > I found a way to change the dimenssion of the window image for the vnc > console. > The file to be changed is: > /usr/share/pyshared/horizon/dashboards/nova/templates/nova/instances_and_volumes/instances/_detail_vnc.html. > The parameters are: width="1280" height="900" > > Regards, > Gabriel Thanks, Gabriel. I proposed adding this info to the docs: https://review.openstack.org/7278 Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] (no subject)
On Apr 17, 2012, at 3:09 AM, Tomasz Paszkowski wrote: > On Tue, Apr 17, 2012 at 5:07 AM, wrote: >> >> While I've seen in the nova code some references/drivers to RBD, I couldn't >> find >> any documentation on how to use it concretely. Is there any howto or >> anywhere that I missed? > you missed them. >> Where are these? Based on this email, I added some documentation here: http://docs.openstack.org/trunk/openstack-compute/admin/content/rados.html But if there's more documentation about using RBD with OpenStack, I would love to pull it into the docs. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] OpenStack support: KVM vs. QEMU
Are there any Nova features that work with KVM but don't work with QEMU? Either way, I'd like to capture this in the documentation I know that KVM is faster than QEMU because of hardware support, but I don't know if there's additional functionality that only works with KVM. The Hypervisor support matrix wiki page <http://wiki.openstack.org/HypervisorSupportMatrix> has no specific information on OpenStack features supported by KVM but not QEMU Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Compute State Machine diagram ... (orchestration? docs?)
I added these to the Nova developer docs here: https://review.openstack.org/7177 Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On May 3, 2012, at 8:26 PM, Sandy Walsh wrote: > Even better, here's the Open/LibreOffice Impress original. Have at it! > > http://dl.dropbox.com/u/166877/PowerStates.odp > > (Added a walk-thru of run_instance() as well) > > Cheers, > Sandy > > From: Lorin Hochstein [lo...@nimbisservices.com] > Sent: Thursday, May 03, 2012 1:08 PM > To: Sandy Walsh > Cc: openstack@lists.launchpad.net > Subject: Re: [Openstack] Compute State Machine diagram ... (orchestration? > docs?) > > Hi Sandy: > > > > > On May 2, 2012, at 12:10 PM, Sandy Walsh wrote: > >> Here's a little diagram I did up this morning for the required vm_state / >> task_state transitions for compute api operations. >> >> http://dl.dropbox.com/u/166877/PowerStates.pdf >> >> Might be useful to the orchestration effort (or debugging in general) >> > > Nice! > > I'd like to add those diagrams to the Nova developer documentation that lives > at nova.openstack.org. Can you export them as two png files? > > > Take care, > > Lorin > -- > Lorin Hochstein > Lead Architect - Cloud Services > Nimbis Services, Inc. > www.nimbisservices.com > > > smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] heads up regarding keystone dev venv on an Ubuntu VM (VirtualBox)
Duncan: Are you using Vagrant? I saw a recent Vagrant update (1.0.3) that dealt with a networking issue with Ubuntu 12.04, but it was DNS-related: https://github.com/mitchellh/vagrant/commit/6f5a9d13f3afb64c3efacb7a0873226d68bba10a https://github.com/mitchellh/vagrant/commit/93d0821220dbe483bd1d129969ac18d914901bb4 Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On May 4, 2012, at 12:59 PM, Duncan McGreggor wrote: > Updates: > > * Doug Hellmann narrowed this down to the network access that was > happening with pip > * Mark McClain further narrowed it down to VirtualBox's networking: > with a NATed interface, big probs -- with a bridged interface, things > go well. > > I haven't taken the time to check this on my own system, since I've > got a working solution right now, but when I need to rebuild, I will > check. > > Mark also mentioned that VBox networking sometimes does some weird > stuff (rewriting headers or something) and that might be contributing > to the problem. > > Hope this helps, > > d > > On Fri, May 4, 2012 at 12:40 PM, Duncan McGreggor > wrote: >> Hey folks, >> >> We're really pressed for time right now, so there are certain rabbit >> holes we can't dive down, but I wanted to bring this up in case it >> hasn't been seen yet. >> >> On Mac OS X 10.6 and 10.7, when running a 12.04 Ubuntu VM and setting >> up the dev env for Keystone, we get some madness. >> 10.6: VirtualBox instance aborts, leaving no traces of issue in >> system logs (that I could see) >> 10.7: VB dies, OS X kernel panics >> >> The second time, I watched carefully, and it happened as >> python-memcached was getting installed via pip in the .venv. >> >> "So I built a third. That burned down, fell over, then sank into the swamp." >> >> But the fourth one stayed up after I removed .venv and changed >> tools/install_venv.py to enable system site-package use. >> >> d > > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Compute State Machine diagram ... (orchestration? docs?)
Hi Sandy: On May 2, 2012, at 12:10 PM, Sandy Walsh wrote: > Here's a little diagram I did up this morning for the required vm_state / > task_state transitions for compute api operations. > > http://dl.dropbox.com/u/166877/PowerStates.pdf > > Might be useful to the orchestration effort (or debugging in general) > Nice! I'd like to add those diagrams to the Nova developer documentation that lives at nova.openstack.org. Can you export them as two png files? Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Energy efficiency
Yuriy:
On May 3, 2012, at 4:46 AM, Yuriy Taraday wrote:
> Just note that since Essex release Nova by default use fill-first cost
> function, meaning that nodes with less free RAM will be preferred for
> new instances.
>
> Kind regards, Yuriy.
>
I thought the default behavior in essex was spread-first:
From:
https://github.com/openstack/nova/blob/stable/essex/nova/scheduler/least_cost.py#L41
cfg.FloatOpt('compute_fill_first_cost_fn_weight',
default=-1.0,
help='How much weight to give the fill-first cost function. '
'A negative value will reverse behavior: '
'e.g. spread-first'),
]
Take care,
Lorin
--
Lorin Hochstein
Lead Architect - Cloud Services
Nimbis Services, Inc.
www.nimbisservices.com
smime.p7s
Description: S/MIME cryptographic signature
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [client] Where will client API libraries live?
On May 2, 2012, at 11:30 AM, Doug Hellmann wrote: > > > On Wed, May 2, 2012 at 10:13 AM, Lorin Hochstein > wrote: > (Apologies if this has been already answered in the mailing list, dealing > with a large backlog of mailing list emails). > > With the current "nova" client (python-novaclient), there are Python bindings > so you can write Python scripts that use the API without having to deal with > the REST interface directly. > > Will the new unified CLI also provide Python bindings, so people can write > Python scripts against the libraries that ship with the CLI (like > python-novaclient)? Or is that out of scope? > > The original Etherpad says this <http://etherpad.openstack.org/FolsumCLI> > > does it include client API libraries? > * not directly, abstract out common ancestor classes > > If that's the case, where are the client API libraries going to live? > > I think the plan right now is to have the new CLI use the existing client > libraries. Putting on my doc hat, writing the CLI should be a good opportunity to generate some documentation agains the existing client API libraries, since they are basically undocumented right now. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] [client] Where will client API libraries live?
(Apologies if this has been already answered in the mailing list, dealing with a large backlog of mailing list emails). With the current "nova" client (python-novaclient), there are Python bindings so you can write Python scripts that use the API without having to deal with the REST interface directly. Will the new unified CLI also provide Python bindings, so people can write Python scripts against the libraries that ship with the CLI (like python-novaclient)? Or is that out of scope? The original Etherpad says this <http://etherpad.openstack.org/FolsumCLI> does it include client API libraries? * not directly, abstract out common ancestor classes If that's the case, where are the client API libraries going to live? Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [OpenStack][Nova] Minimum required code coverage per file
On Apr 26, 2012, at 9:19 PM, Kevin L. Mitchell wrote: > >> Kevin, should we start copying openstack-common tests to client >> projects? Or just make sure to not count openstack-common code in the >> code coverage numbers for client projects? > > That's a tough one. If we copy in the tests, they end up being somewhat > redundant, but slow down the project unit tests, but on the other hand, > we'd be able to easily demonstrate that that code works properly. I > think I'd prefer if we just try to not count openstack-common code for > code coverage numbers… > I just submitted this to ignore openstack-common code in coverage calculations: https://review.openstack.org/6905 Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Using Foreign Keys
On Apr 26, 2012, at 12:03 PM, Monty Taylor wrote: > > > On 04/26/2012 10:14 AM, Sean Dague wrote: >> On 04/25/2012 05:17 PM, Vishvananda Ishaya wrote: >>> The main issue is when the relevant tables are moved into a separate >>> service a la quantum or cinder. We can't keep referential integrity >>> across multiple databases, so the foreign keys in this case need to be >>> removed. It leads to an odd situation when there is still an internal >>> implementation in addition to the external implementation because the >>> internal implementation no longer has foreign keys. >>> >>> As an example, we used to have foreign key relationships between >>> instances and networks. We can no longer have these because we support >>> networks declared externally. The internal network management now has no >>> referential integrity, but this is the price we pay for separation of >>> concerns. We are going through a similar set of relationship-breaking >>> with the volume code. >> >> There are definitely the practical aspects of where this "can't" be done >> because the services have split out, and I think that's fine. >> >> But enforcing the ref constraints where possible just provides another >> level of safety in the data. A policy where we break FK relationships if >> the preferred core model is 2 services (i.e. Nova / Quantum), but we add >> FK constraints within a service might be a good idea. > > I think the real key is to have a config option to tell sqlalchemy to > not, even if we're running innodb, add the foreign keys to the DDL sent > to the database. If sqlalchemy doesn't have that ability, we should > write it and contribute it, because anyone using MySQL at scale via > sqlalchemy actually wants the feature, whether they recognize it yet or not. > I registered a blueprint for this: https://blueprints.launchpad.net/nova/+spec/disable-fkeys-by-config Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] "Shutoff" Status
Anne:
I don't have first hand-experience, but based on looking at the code, it
appears that an instance is in "SHUTDOWN" state if the VM was powered down, but
not through the OpenStack API (e.g., by a user doing "shutdown -h" from inside
the instance). On Amazon EC2, if a user does a "shutdown -h", the instance will
transition to the terminated state. But apparently OpenStack doesn't behave
that way (?) by default (???).
Here are my ramblings through the code that led me to this:
Looking at ./nova/api/openstack/common.py:
_STATE_MAP = {
vm_states.SHUTOFF: {
'default': 'SHUTOFF',
},
It looks like SHUTOFF in the API corresponds to a VM state of SHUTOFF. The
transition to shutoff state seems to be in ./nova/compute/manager.py:
@manager.periodic_task(ticks_between_runs=10)
def _sync_power_states(self, context):
...
if (vm_power_state in (power_state.NOSTATE,
power_state.SHUTOFF,
power_state.SHUTDOWN,
power_state.CRASHED)
and db_instance['vm_state'] == vm_states.ACTIVE):
self._instance_update(context,
db_instance["id"],
power_state=vm_power_state,
vm_state=vm_states.SHUTOFF)
So, if the compute manager detects to the VM is powered down (e.g., the user
did a "shutdown" command), then it will transition to the SHUTOFF state.
I don't quite understand what happens if you use the compute API to try to
start an instance in the shutdown state. I think it tries to delete the
instance first, but this depends on a "shutdown_terminate" database field on
the Instance model.
Here's the start method from nova/compute/api.py:
@wrap_check_policy
@check_instance_state(vm_state=[vm_states.STOPPED, vm_states.SHUTOFF])
def start(self, context, instance):
"""Start an instance."""
vm_state = instance["vm_state"]
instance_uuid = instance["uuid"]
LOG.debug(_("Going to try to start instance"), instance=instance)
if vm_state == vm_states.SHUTOFF:
if instance['shutdown_terminate']:
LOG.warning(_("Instance %(instance_uuid)s is not "
"stopped. (%(vm_state)s") % locals())
return
# NOTE(yamahata): nova compute doesn't reap instances
# which initiated shutdown itself. So reap it here.
self.stop(context, instance, do_cast=False)
self.update(context,
instance,
vm_state=vm_states.STOPPED,
task_state=task_states.STARTING)
# TODO(yamahata): injected_files isn't supported right now.
# It is used only for osapi. not for ec2 api.
# availability_zone isn't used by run_instance.
self._cast_compute_message('start_instance', context, instance)
Here's the database field definition in db/sqlalchemy/models.py
class Instance(BASE, NovaBase):
...
# EC2 instance_initiated_shutdown_teminate
# True: -> 'terminate'
# False: -> 'stop'
shutdown_terminate = Column(Boolean(), default=True, nullable=False)
I can't tell if shutdown_terminate is a state variable (e.g., instance is
currently in "shutdown_terminate=True" state), or if it's a per-instance
behavior configuration variable (e.g., "terminate an instance in the shutdown
state if shutdown_terminate=True")
Take care,
Lorin
--
Lorin Hochstein
Lead Architect - Cloud Services
Nimbis Services, Inc.
www.nimbisservices.com
On Apr 25, 2012, at 3:23 PM, Anne Gentle wrote:
> Hey, sorry y'all. I grepped for SUSPENDED but needed to do it for SHUTOFF.
> What can you tell me about SHUTOFF based on the code here?
>
> Yep, not too embarrassed to admit this to 3000+ of you. :)
>
> ./nova/api/ec2/cloud.py:vm_states.SHUTOFF: inst_state.SHUTOFF,
> ./nova/api/ec2/cloud.py:if (vm_state == vm_states.SHUTOFF and
> ./nova/api/ec2/cloud.py:if vm_state not in (vm_states.ACTIVE,
> vm_states.SHUTOFF,
> ./nova/api/ec2/cloud.py:if vm_state in (vm_states.ACTIVE,
> vm_states.SHUTOFF):
> Binary file ./nova/api/ec2/cloud.pyc matches
> ./nova/api/ec2/inst_state.py:SHUTOFF = 'shutoff'
> ./nova/api/ec2/inst_state.py:SHUTOFF: TERMINATED_CODE,
> Binary file ./nova/api/ec2/inst_state.pyc matches
> ./nova/api/openstack/common.py:vm_states.SHUTOFF: {
> ./nova/api/openstack/common.py:'default': 'SHUTOFF',
Re: [Openstack] proposal for Russell Bryant to be added to Nova Core
On Apr 27, 2012, at 11:09 AM, Dan Prince wrote: > Russell Bryant wrote the Nova Qpid rpc implementation and is a member of the > Nova security team. He has been helping chipping away at reviews and > contributing to discussions for some time now. > > I'd like to seem him Nova core so he can help out w/ reviews... definitely > the RPC ones. > +1 Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] How does everyone build OpenStack disk images?
Broader question: what's the best place to capture this information? Right now, there's a chapter in the OpenStack Compute Admin Guide about images, but I'm tempted to break out a new document dedicated to creating and obtaining appropriate images that are compatible with OpenStack (or, more specifically, with OpenStack-supported hypervisors), and have that be accessible on docs.openstack.org. We could use the wiki, but I'm afraid most users wouldn't find it there, and this is a pretty critical issue for new users. Unless Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On Apr 26, 2012, at 7:04 AM, Michael Basnight wrote: > In reddwarf for development we use Ubuntu-vm-builder. It works like a charm > for creating qcow2 images. > > Sent from my digital shackles. > > On Apr 25, 2012, at 8:14 PM, Justin Santa Barbara wrote: > >> How does everyone build OpenStack disk images? The official documentation >> describes a manual process (boot VM with ISO), which is sub-optimal in terms >> of repeatability / automation / etc. I'm hoping we can do better! >> >> I posted how I do it on my blog, here: >> http://blog.justinsb.com/blog/2012/04/25/creating-an-openstack-image/ >> >> Please let me know the many ways in which I'm doing it wrong :-) >> >> I'm thinking we can have a discussion here, and then I can then compile the >> responses into a wiki page and/or a nice script... >> >> Justin >> >> >> ___ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] raw or qcow2
Since we're talking snapshots, quick doc-related snapshot questions: - Are snapshots only supported on qemu/kvm, or do they work with other hypervisors as well? (Does Xen support qcow2 images?) - Does OpenStack do anything with snapshots other than using them to generate new images? I was a little confused by the existence of the "Snapshots" pane in Diablo Horizon. I originally thought snapshotting was just a qemu/kvm implementation detail about how nova created a new image from a running instance, so I didn't understand why there was a "Snapshots" pane in addition to an "Images" pane. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On Apr 25, 2012, at 1:55 AM, Vishvananda Ishaya wrote: > ? > > Did you mistype your comment or misread mine? Raw does NOT work for > snapshots. snapshots only work for qcow2. Implementing snapshotting with raw > would be possible. Logic just needs to be added to skip the internal snapshot > step and just use the entire file when uploading to glance. This would be > pretty darn slow for large images though. > > If you are asking about differencing images in glance that is a different > question and one that we haven't addressed. It has a lot of implications and > needs changes in both nova and glance to be useful. Logic needs to be added > around dependency chains and coalescing. Plus it has implications when trying > to migrate and resize instances, so there is a lot to consider. > > As caitlin mentioned, something will be implemented in the volume service > anyway, so it might be better to wait and see what happens there. > > Vish > > On Apr 24, 2012, at 4:30 PM, Joshua Harlow wrote: > >> What changes would be needed to make qcow2 files work as snapshots? >> Some type of image “dependency” management in glance (and failure cases) and >> the corresponding “dependency” fetching in nova (and failure cases)? >> Might be something pretty useful to have, instead of forcing raw for >> snapshots? >> >> On 4/24/12 3:51 PM, "Vishvananda Ishaya" wrote: >> >> On Apr 17, 2012, at 2:04 AM, William Herry wrote: >> >> > so, what changes should I make if I want use raw in openstack, I didn't >> > find some configure option in nova.conf.sample >> > >> > I also try to modify the source code in nova/virt/libvirt/utils.py, and >> > didn't succeed >> > >> > I noticed that the type of snapshot is same as the instance's image by >> > default, does this right, and what about the type of model image that >> > uploaded to glance, does it affect the disk type I use? >> > >> > Thanks >> >> snapshots will not work with raw images. To make openstack use raw images, >> you simply have to set: >> >> use_cow_images=false >> >> you can upload to glance in qcow or raw, it will be decoded to raw when the >> image is downloaded to the compute host. >> >> Vish >> >> >> ___ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp >> > > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [OpenStack][Nova] Minimum required code coverage per file
On Apr 24, 2012, at 4:11 PM, Joe Gordon wrote:
> Hi All,
>
> I would like to propose a minimum required code coverage level per file in
> Nova. Say 80%. This would mean that any new feature/file should only be
> accepted if it has over 80% code coverage. Exceptions to this rule would be
> allowed for code that is covered by skipped tests (as long as 80% is reached
> when the tests are not skipped).
>
I like the idea of looking at code coverage numbers. For any particular merge
proposal, I'd also like to know whether it increases or decreases the overall
code coverage of the project. I don't think we should gate on this, but it
would be helpful for a reviewer to see that, especially for larger proposals.
> With 193 python files in nova/tests, Nova unit tests produce 85% overall code
> coverage (calculated with ./run_test.sh -c [1]). But 23% of files (125
> files) have lower then 80% code coverage (30 tests skipped on my machine).
> Getting all files to hit the 80% code coverage mark should be one of the
> goals for Folsom.
>
I would really like to see a visualization of the code coverage distribution,
in order to help spot the outliers.
Along these lines, there's been a lot of work in the software engineering
research community about predicting which parts of the code are most likely to
contain bugs ("fault prone" is a good keyword to find this stuff, e.g.:
http://scholar.google.com/scholar?q=fault+prone, big names include Nachi
Nagappan at MS Research and Elaine Weyuker, formerly of AT&T Research). I would
*love* to see some academic researchers try to apply those techniques to
OpenStack to help guide QA activities by identifying which parts of the code
should get more rigorous testing and review.
Take care,
Lorin
--
Lorin Hochstein
Lead Architect - Cloud Services
Nimbis Services, Inc.
www.nimbisservices.com
smime.p7s
Description: S/MIME cryptographic signature
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
Re: [Openstack] wsgi code duplication
On Apr 24, 2012, at 10:55 AM, Thompson Lee wrote: > On Apr 24, 2012, at 9:28 AM, Ghe Rivero wrote: > >> I have plans to try to move as much as possible into openstack-common. I >> will start with nova as a test bed and see what we get from there. My future >> plans include db code and tests (in the case of quantum, plugins test also >> have a lot of duplicated code). >> I register a bp for the wsgi issue: >> https://blueprints.launchpad.net/openstack-common/+spec/wsgi-common >> >> Ghe Rivero > > Is there a code metrics site that continually reports on metrics like > duplication? Adding Ghe's report to a metric site would be the first step. > That has always been a starting point as it gives code reviewers quick > evaluation criteria to stop duplication before it ends up in trunk. Going at > it directly fixes it looking backward but the duplication ends up back int > the code eventually. The reports help fix the issue going forward. I don't know of any duplication metrics being calculated, but Jenkins continually reports test coverage metrics: https://jenkins.openstack.org/portlet/dashboard_portlet_30/ Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Endpoints problems
On Apr 13, 2012, at 12:34 PM, Adam Gandelman wrote: > On 04/13/2012 10:50 AM, Dolph Mathews wrote: >> >> While $(tenant_id)s is certainly the documented syntax, it appears that the >> SQL catalog backend (and *only* the SQL catalog backend, as far as I can >> tell) explicitly supports both $(tenant_id)s and %(tenant_id)s: >> >> https://github.com/openstack/keystone/blob/master/keystone/catalog/backends/sql.py#L163 >> >> Perhaps Adam Gandelman has some insight? >> >> -Dolph > > Dolph- > > No, the same is supported in the case of templated catalog as well, which is > what the SQL catalog was largely based off: > > https://github.com/openstack/keystone/blob/master/keystone/catalog/backends/templated.py#L115 > > Just tested that "sed -i 's/\$/%/g' /etc/keystone/default_catalog.templates" > still produces a functional service catalog when configured to use the > templated backend. > > Seeing as both are supported, perhaps it would be better for docs to be > updated to refer to the use of % instead of $ to avoid people running into > problems with the $() sub-shell? > The OpenStack Install and Deploy manual has some language about this (see last paragraph): http://docs.openstack.org/trunk/openstack-compute/install/content/elements-of-keystone-service-catalog-entry.html This hasn't made its way into the admin docs yet, though. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Quantum deployment on Essex
Salut Emilien! On Apr 20, 2012, at 12:22 PM, OpenStack-Lists wrote: > Hi everyone, > > > My name is Emilien, I'm a french student in University and I'm working > on OpenStack for a internship project. > > > I'm working on Quantum deployment at this time, and I would like to > share with you my work. > > I have two physicals servers for "playing", and I've setup a dual-node > infrastructure with Essex on Ubuntu 12.04. > > Server 1 : > > Ubuntu 12.04 > > All nova services, Glance, Horizon, Keystone and Quantum-agent (coming > soon). [snip] > I can say now what is working and not : > > - All nova services : Yes, without VNC access (I have a 404 error, and I > will fix it next week I think). This might be due to a known issue with the noVNC package that is distributed with Ubuntu 12.04: https://bugs.launchpad.net/ubuntu/+source/novnc/+bug/956949 I have heard that the noVNC fork maintained by Rackspace Cloud Builders works properly with Essex: https://github.com/cloudbuilders/noVNC/ Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] OpenStack Client Followup
I'm interested as well. I wasn't able to attend the session, but I'd like to see something akin to the proposed Human Interface Guideline <http://wiki.openstack.org/Design> for the CLI to ensure that the implementation achieves the goals spelled out in the Etherpad. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On Apr 19, 2012, at 1:57 PM, Matt Joyce wrote: > I'd be down with helping out as well. > > On Thu, Apr 19, 2012 at 1:43 PM, Doug Hellmann > wrote: >> >> >> On Wed, Apr 18, 2012 at 11:07 PM, Dean Troyer wrote: >>> >>> We had a good discussion about a unified OpenStack command line client >>> on Monday at the Design Summit. The notes are in the Etherpad at >>> http://etherpad.openstack.org/FolsumCLI, I summarized my recollection >>> at the bottom; those who were there feel free to add the bits I >>> missed. >>> >>> One of the first things to do is to find out who is interested in >>> contributing to this project.and hopefully coordinating some of the >>> work with the other emerging project-specific clients. Send me an >>> email and I'll build a list to get the discussion started. >> >> >> Count me in. >> >>> >>> >>> We also should look for some consensus on the name of the command >>> itself. 'oscli' is a placeholder, and while sufficiently short and >>> unique for my tastes it is hard to pronounce and remember. The >>> leading candidates I have heard at the summit so far are 'openstack' >>> and 'stack'. Let's gather some feedback at the bottom of the Etherpad >>> about this as I am sure there are other opinions out there. >>> >>> Thanks >>> dt >>> >>> -- >>> >>> Dean Troyer >>> dtro...@gmail.com >>> >>> ___ >>> Mailing list: https://launchpad.net/~openstack >>> Post to : openstack@lists.launchpad.net >>> Unsubscribe : https://launchpad.net/~openstack >>> More help : https://help.launchpad.net/ListHelp >> >> >> >> ___ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp >> > > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] image_service=nova.image.s3.S3ImageService???
I'm updating the documentation for this page: http://docs.openstack.org/trunk/openstack-compute/admin/content/configuring-compute-to-use-the-image-service.html My question is: is there any use case where you would configure nova to do: image_service=nova.image.s3.S3ImageService Looking at the code, it seems like this would not even work. The S3ImageService defers several methods (e.g., index, create, delete) to the image service so by the image_service flag, so you'd get an infinite recursion. It appears like theS3ImageService can only be used as a wrapper around the default image service, and can't be a default image service on its own. I'm going to zap this as a valid option from the documentation (unless someone sets me straight here). Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] nova.conf query
Hi Salman: Can you send me a link to any docs that have the old --flag format? Lorin Sent from my iPad On Apr 16, 2012, at 6:17 AM, Salman Malik wrote: > Hi All, > > A quick question regarding nova.conf: How can I modify nova.conf and get it > to work with devstack. The problem that I am facing is after modifying > nova.conf, I have to reboot so as to restart services. But when I reboot, > devstack needs to be reinstalled all over again using stack.sh and in the > process it rewrites /etc/nova/nova.conf. > > Also according to documentation we can set flags in nova.conf using > --= format. Is that an obsolete format ? (because the > nova.conf that devstack creates don't have any -- in it). > > Please let me know how to effectively modify nova.conf so that the changes > take effect (I am looking forward to change the network manager...) > > Thanks! > > Salman > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Endpoints problems
On Apr 12, 2012, at 6:44 PM, Pete Zaitcev wrote: > On Thu, 12 Apr 2012 15:28:21 -0500 > Anne Gentle wrote: > >> keystone --token 012345SECRET99TOKEN012345 --endpoint >> http://192.168.206.130:35357/v2.0 endpoint-create \ >> [] >> --internalurl >> http://192.168.206.130:8774/v2/$(tenant_id)s >> >> I haven't fixed this yet because I'm not sure if the $(tenant_id)s is >> literal or which tenant_id specifically to use (the Service tenant for the >> adminurl possibly)? > > The expression "$(tenant_id)s" is really contained inside the pattern > in the database. It is substituded with a specific tennant ID when > an application makes its request. The weird syntax is inherited from > Python, where one can use constructs like %s or %(key)s. My understanding (based on somebody's previous answer in the mailing list, or possibly one of the IRC channels) was that you could only do this with the template backend, and when you were using the database backend you had to explicitly add endpoints for each tenant that needed to talk to the API. Can you confirm that you can use the $(tenant_id)s syntax when the backend is set using the following keystone.conf entry: [catalog] driver = keystone.catalog.backends.sql.Catalog Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [OpenStack] preallocation
Vish: For documentation purposes, if the user wants to be able to do snapshots, what combinations of the following three variables are allowed? 1. original image format (qcow2 | raw) 2. use_cow_image flag (true | false) 3. force_raw_images flag (true | false) Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On Apr 10, 2012, at 1:32 AM, Vishvananda Ishaya wrote: > You can disable using backing files with the following config: > use_cow_images=false > > You should be aware that you likely won't be able to snapshot images unless > you make sure to upload them all in qcow format and also set: > force_raw_images=false > > On Apr 9, 2012, at 9:37 PM, William Herry wrote: > >> Hi >> >> I read from an article that said use preallocation can improve disk I/O >> performance in kvm, when I add it to openstack, suck error come to me >> >> (nova.rpc.amqp): TRACE: Stderr: 'Backing file and preallocation cannot be >> used at the same time\nqemu-img: >> /usr/local/lib/python2.7/dist-packages/nova-2012.1-py2.7.egg/instances/instance-000e/disk: >> error while creating qcow2: Invalid argument\n' >> >> I was added it to utils.py in virt/libvirt directory (line 77) >> >> def create_cow_image(backing_file, path): >> """Create COW image >> >> Creates a COW image with the given backing file >> >> :param backing_file: Existing image on which to base the COW image >> :param path: Desired location of the COW image >> """ >> execute(FLAGS.qemu_img, 'create', '-f', 'qcow2', '-o', >> 'preallocation=metadata,cluster_size=2M,backing_file=%s' % >> backing_file, path) >> >> here is the article: >> http://itscblog.tamu.edu/improve-disk-io-performance-in-kvm/ >> >> so what is Backing file for, can I disable it for use preallocation cause I >> can't got both >> >> Thanks >> >> -- >> >> === >> William Herry >> >> williamherrych...@gmail.com >> >> ___ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp > > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Doc] Docs meeting today, Monday 2000 UTC (3:00 CST)
My fault, I just mixed up CDT and PDT in my head (I'm on EDT). Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On Apr 9, 2012, at 11:15 AM, Anne Gentle wrote: > It used to be 2:00 CST but now it's 3:00 CST. > > Here's the UTC converter I used: > > http://timeanddate.com/worldclock/meetingtime.html?iso=20120409&p1=400 > > Thanks for checking! Please confirm my methods are correct. :) > > Anne > > On Mon, Apr 9, 2012 at 10:13 AM, Lorin Hochstein > wrote: > Anne: > > Can you confirm the time? The wiki page says March 9, 2012, 2000 UTC (3:00 > CST). > > But isn't 2000 UTC the same as 1:00 PM CDT? > > Take care, > > Lorin > -- > Lorin Hochstein > Lead Architect - Cloud Services > Nimbis Services, Inc. > www.nimbisservices.com > > > > > > On Apr 9, 2012, at 10:57 AM, Anne Gentle wrote: > >> Hi all, >> If you're interested in the state of the docs and planning docs sessions for >> the Design Summit, please attend this afternoon's doc team meeting. Feel >> free to add to the agenda at wiki.openstack.org/Meetings/DocTeamMeeting. >> >> Action items from the last meeting >> Design Summit planning >> General documentation status >> api.openstack.org site and extensions >> Open discussion >> Thanks, >> Anne >> ___ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp > > ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
