[Openstack] [Quantum] Floodlight plugin: request for doc assistance
All: I'm trying to figure out how the Floodlight plugin for Quantum works, so we can document it fully. Unfortunately, I haven't been able to get it working. I've started a wiki page on how to set up Floodlight at https://wiki.openstack.org/wiki/Quantum/FloodlightPluginSetup. If somebody has been successful with Floodlight and could help complete this, please let me know. Once this is working, I can transfer it to the DocBook docs. Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Quantum conceptual question (bridges)
Édouard: I didn't realize that there's a Linux software bridge inolved when security groups are enabled. However, this doesn't really answer my original question. I asked about the fact that there seemed to be two openvswitch bridges that packets have to cross to get from the virtual interface (say, vnet0) to the physical interface (say, eth2) on the host, assuming the openvswitch plugin and using vlan for transport. vnet0 -- br-int -- br-eth2 -- eth2. Based on your answer, I see that there are actually three bridges that packets have to traverse when using security groups: vnet0 -- qbr -- br-int -- br-eth2 -- eth2 Is this view correct? If so, is there a performance penalty (e.g., increased latency, reduced bandwidth) for having to cross two Open vSwitch bridges: br-int and br-eth2? If there is a penalty, I was curious as to whether this splitting into two bridges was done because it isn't possible to implement the desired functionality using a single openvswitch bridge, or if there was some other reason why it was split out into two (e.g., to simplify the implementation). Lorin On Tue, May 7, 2013 at 2:38 AM, Édouard Thuleau thul...@gmail.com wrote: OVS is not compatible with iptables + ebtables rules that are applied directly on VIF ports. So the libvirt_vif_driver 'nova.virt.libvirt.vif.LibvirtHybirdOVSBridgeDriver' create a Linux software bridge to be able to apply security group rules with iptables. If you don't need the security group functionalities, you can use libvirt_vif_driver 'nova.virt.libvirt.vif.LibvirtOpenVswitchVirtualPortDriver' or 'nova.virt.libvirt.vif.LibvirtOpenVswitchDriver' (depends on your libvirt version). http://docs.openstack.org/trunk/openstack-network/admin/content/nova_with_quantum_vifplugging_ovs.html I think this point must be listed in the limitations page of the OpenStack Networking Admin guide http://docs.openstack.org/grizzly/openstack-network/admin/content/ch_limitations.html Édouard. On Tue, May 7, 2013 at 2:46 AM, Lorin Hochstein lo...@nimbisservices.comwrote: I'm trying to wrap my head around how Quantum works. If understanding things correctly, when using the openvswitch plugin, a packet traveling from a guest out to the physical switch has to cross two software bridges: 1. br-int 2. br-ethN or br-tun (depending on whether using VLANs or GRE tunnels) So, I think I understand the motivation behind this: the integration bridge handles the rules associated with the virtual networks defined by OpenStack users, and the (br-ethN | br-tun) bridge handles the rules associated with moving the packets across the physical network. My question is: Does having two software bridges in the path incur a larger network performance penalty than if there was only a single software bridge between the VIF and the physical network interface? If so, was Quantum implemented this way because it's simply not possible to achieve the desired functionality using a single openvswitch bridge, or was it because using the dual-bridge approach simplified the implementation, or was there some other reason? Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Quantum conceptual question (bridges)
I'm trying to wrap my head around how Quantum works. If understanding things correctly, when using the openvswitch plugin, a packet traveling from a guest out to the physical switch has to cross two software bridges: 1. br-int 2. br-ethN or br-tun (depending on whether using VLANs or GRE tunnels) So, I think I understand the motivation behind this: the integration bridge handles the rules associated with the virtual networks defined by OpenStack users, and the (br-ethN | br-tun) bridge handles the rules associated with moving the packets across the physical network. My question is: Does having two software bridges in the path incur a larger network performance penalty than if there was only a single software bridge between the VIF and the physical network interface? If so, was Quantum implemented this way because it's simply not possible to achieve the desired functionality using a single openvswitch bridge, or was it because using the dual-bridge approach simplified the implementation, or was there some other reason? Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] How to integrate Cloudsim
Harry: I believe that Cloudsim is a cloud simulator, intended to be run on your local desktop/laptop. You wouldn't actually run it on a cloud such as OpenStack. Take care, Lorin On Tue, Apr 30, 2013 at 8:18 AM, harryxiyou harryxi...@gmail.com wrote: Hi all, I just wonder how to integrate Cloudsim(https://code.google.com/p/cloudsim ) into Openstack, that is to say i wanna use Cloudsim in local clouds with Openstack. Would anyone please give me some suggestions about this one? Or give me an example patch that is integrated into Openstack. Thanks very much in advance ;-) -- Thanks Harry Wei ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Should we discourage KVM block-based live migration?
In the docs, we describe how to configure KVM block-based live migration, and it has the advantage of avoiding the need for shared storage of instances. However, there's this email from Daniel Berrangé from back in Aug 2012: http://osdir.com/ml/openstack-cloud-computing/2012-08/msg00293.html Block migration is a part of the KVM that none of the upstream developers really like, is not entirely reliable, and most distros typically do not want to support it due to its poor design (eg not supported in RHEL). It is quite likely that it will be removed in favour of an alternative implementation. What that alternative impl will be, and when I will arrive, I can't say right now. Based on this info, the OpenStack Ops guide currently recommends against using block-based live migration, but the Compute Admin guide has no warnings about this. I wanted to sanity-check against the mailing list to verify that this was still the case. What's the state of block-based live migration with KVM? Should we say be dissuading people from using it, or is it reasonable for people to use it? Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Should we discourage KVM block-based live migration?
On Wed, Apr 24, 2013 at 11:59 AM, Daniel P. Berrange d...@berrange.comwrote: On Wed, Apr 24, 2013 at 11:48:35AM -0400, Lorin Hochstein wrote: In the docs, we describe how to configure KVM block-based live migration, and it has the advantage of avoiding the need for shared storage of instances. However, there's this email from Daniel Berrangé from back in Aug 2012: http://osdir.com/ml/openstack-cloud-computing/2012-08/msg00293.html Block migration is a part of the KVM that none of the upstream developers really like, is not entirely reliable, and most distros typically do not want to support it due to its poor design (eg not supported in RHEL). It is quite likely that it will be removed in favour of an alternative implementation. What that alternative impl will be, and when I will arrive, I can't say right now. Based on this info, the OpenStack Ops guide currently recommends against using block-based live migration, but the Compute Admin guide has no warnings about this. I wanted to sanity-check against the mailing list to verify that this was still the case. What's the state of block-based live migration with KVM? Should we say be dissuading people from using it, or is it reasonable for people to use it? What I wrote above about the existing impl is still accurate. The new block migration code is now merged into libvirt and makes use of an NBD server built-in to the QMEU process todo block migration. API wise it should actually work in the same way as the existing deprecated block migration code. So if you have new enough libvirt and new enough KVM, it probably ought to 'just work' with openstack without needing any code changes in nova. I have not actually tested this myself though. So we can probably update the docs - but we'd want to checkout just what precise versions of libvirt + qemu are needed, and have someone check that it does in fact work. Thanks, Daniel. I can update the docs accordingly. How can I find out what are the minimum versions of libvirt and qemu are needed? Also, I noticed you said qemu and not kvm, and I see that http://wiki.qemu.org/KVM says that qemu-kvm fork for x86 is deprecated, use upstream QEMU now. Is it the case now that when using KVM as the hypervisor for a host, an admin will just install a qemu package instead of a qemu-kvm package to get the userspace stuff? Lorin ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Grizzly release notes and the never-ending image-cache-manager issue
On Thu, Apr 4, 2013 at 4:45 PM, Michael Still mi...@stillhq.com wrote: On Fri, Apr 5, 2013 at 7:20 AM, Lorin Hochstein lo...@nimbisservices.com wrote: Michael (et al): The Grizzly release notes https://wiki.openstack.org/wiki/ReleaseNotes/Grizzly say: The image-cache-manager has been turned on by default. This may have potential issues for users who are using a shared filesystem for their instances_path. Set remove_unused_base_images=false in your nova.conf file on your compute nodes to revert this behaviour. My understanding was that in Grizzly, this wasn't an issue since shared storage was automatically detected (e.g. https://bugs.launchpad.net/nova/+bug/1075018) This is my understanding as well -- that we now detect shared storage and do the right thing. I don't have any data on how much real world testing that code has experienced though. Is it safe to zap this from the release notes? Safe is a relative thing. I'd be more comfortable if I knew that someone had deployed the code and had a good experience, but when I ask on the operators list I get puzzled stares... Michael I reworded the release note as follows: Grizzly should now be able to detect when a shared filesystem is being used for instances path, eliminating a bug in previous versions where the image cache manager erroneously deleted images that were in use on shared filesystems. However, this bugfix has not been extensively tested in production environments. If you wish to be conservative, you may set image_cache_manager_interval=0 in your nova.conf file on your compute nodes to prevent the image cache manager from deleting any images. Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Grizzly release notes and the never-ending image-cache-manager issue
Michael (et al): The Grizzly release notes https://wiki.openstack.org/wiki/ReleaseNotes/Grizzly say: The image-cache-manager has been turned on by default. This may have potential issues for users who are using a shared filesystem for their instances_path. Set remove_unused_base_images=false in your nova.conf file on your compute nodes to revert this behaviour. My understanding was that in Grizzly, this wasn't an issue since shared storage was automatically detected (e.g. https://bugs.launchpad.net/nova/+bug/1075018) Is it safe to zap this from the release notes? Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] DHCP lease not accepted when libvirt_use_virtio_for_bridges=true
On Fri, Mar 22, 2013 at 11:55 PM, Lorin Hochstein lo...@nimbisservices.comwrote: On Thu, Mar 21, 2013 at 12:00 PM, Vishvananda Ishaya vishvana...@gmail.com wrote: Well phooey: 987 if network_ref['multi_host']: 988 _add_dhcp_mangle_rule(dev) The mangle rule is only added my nova-network in multihost mode. Can you verify whether or not adding the rule on the compute or network node fixes it? That way we can either remove the check on multi_host or add it in plug_vif on the compute host. I'll check on this and get back to you. As an aside, note that we're *not* running with the vhost-net kernel module loaded, and the mangle rule only gets applied if this module is loaded: https://github.com/openstack/nova/blob/master/nova/network/linux_net.py#L885 884 def _add_dhcp_mangle_rule(dev): 885 if not os.path.exists('/dev/vhost-net'): 886 return So, either this situation can occur even without vhost-net, or I'm hitting a different issue. BTW: iptables -D POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM --checksum-fill that should be -A not -D D'oh! I'll make sure that's correct when I do the testing. OK, I've tested this again, and I'm having the same problem. I'm able to get DHCP addresses for Ubuntu instances, but not CentOS ones. If I do a tcpdump on the vnetX interface, I can see the DHCP request and replies. listening on vnet1, link-type EN10MB (Ethernet), capture size 65535 bytes 14:20:15.124839 IP 10.40.0.2.68 255.255.255.255.67: BOOTP/DHCP, Request from fa:16:3e:6b:d3:44, length 300 14:20:48.204962 IP 0.0.0.0.68 255.255.255.255.67: BOOTP/DHCP, Request from fa:16:3e:5a:e9:f9, length 300 14:20:48.205023 IP 0.0.0.0.68 255.255.255.255.67: BOOTP/DHCP, Request from fa:16:3e:5a:e9:f9, length 300 14:20:48.205596 IP 10.40.0.1.67 10.40.0.6.68: BOOTP/DHCP, Reply, length 320 But if I do the tcpdump on eth0 inside the CentOS instances, I don't see the DHCP reply packets. They aren't making it from vnet1 to eth0. This is Folsom with nova-network, running in FlatDHCP, non-multi host, on Ubuntu12.04. I tried adding the iptables rule, but alas, it didn't resolve my issue. iptables -A POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM --checksum-fill Here are the various things I've tried * Adding the checksum rule to iptables nova-network node * Adding the checksum rule to the nova-compute node * Setting libvirt_use_virtio_for_bridge to yes and no (restarting nova-compute, re-launching instances) * With and without vhost_net loaded in nova-compute (restarting nova-compute, re-launching instances) * Disabling ipv6 inside of the CentOS guest If I VNC into the instance and put a static IP on it, like this, it still doesn't have connectivity to the outside: ip addr add 10.40.0.2/16 broadcast 10.40.255.255 dev eth0 Since it works with Ubuntu but not CentOS guests, on the same compute node, I assume there's something about the configuration of the CentOS guest that isn't working properly with my setup. But, at this point, I'm really stumped. Lorin Lorin Vish On Mar 20, 2013, at 1:43 PM, Lorin Hochstein lo...@nimbisservices.com wrote: On Wed, Mar 20, 2013 at 4:15 PM, Nathanael Burton nathanael.i.bur...@gmail.com wrote: On Wed, Mar 20, 2013 at 3:51 PM, Lorin Hochstein lo...@nimbisservices.com wrote: I'm doing a Folsom deployment with FlatDHCP (not multihost). When I try to boot a quantal image, the instance doesn't pick up the DHCP lease. I've confirmed that dnsmasq is sending out the DHCPOFFER, and I can see by tcpdump on the compute host that the DHCP packets are making it to the vnet0 interface. Note that I tried adding this iptables rule as mentioned here https://github.com/mseknibilel/OpenStack-Folsom-Install-guide/issues/14, but that didn't resolve it. iptables -D POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM --checksum-fill However, the problem goes away if I change this setting on the compute hosts in /etc/nova/nova.conf libvirt_use_virtio_for_bridges=true to: libvirt_use_virtio_for_bridges=false Anybody know what would cause this? I'm on Ubuntu 12.04 with the cloud-archive packages, with KVM as the hypervisor You didn't restart nova-network without killing and restarting dnsmasq, did you? Nate Of course not! (Well, maybe...). But just tried again, killing dnsmasq and restarting nova-network doesn't seem to help. I'm guessing the issue is confined to the compute node, and since I'm not running multihost, I don't think I even need to restart nova-network each time I make a virtio-related change on the compute node... Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help
Re: [Openstack] Forcing a VM to a specific node in grizzly
Vish: I suspect there's a Grizzly doc bug here. The Folsom docs say http://docs.openstack.org/folsom/openstack-compute/admin/content/specify-host-to-boot-instances-on.html : With the Folsom release it is no longer possible to indicate a specific compute host to use to boot an instance with the --force_hosts parameter. See bug 1061665 for further discussion. However, the Grizzly docs say http://docs.openstack.org/trunk/openstack-compute/admin/content/specify-host-to-boot-instances-on.html : With the Grizzly release, the provider can change the policy to enable users to choose a specific host to launch a VM instance upon using the create:forced_host setting within policy.json on certain roles, such as an admin role. ... You can now select the host on which the instance would be spawned, using the --hint flag: $ nova boot --image 1 --flavor 2 --key_name test --hint force_hosts=server2 my-first-server --- Doc patch which introduced this change here: https://review.openstack.org/25341 My guess is that the doc editor misunderstood the implication of the create:forced_host setting, and that --force_hosts still no longer works. I'm going to zap that and add the original author as reviewer to ensure things are OK. On Sat, Mar 30, 2013 at 10:56 PM, Vishvananda Ishaya vishvana...@gmail.comwrote: I wasn't aware that force_hosts actually works. Someone should probably verify. The availability zone method still works in grizzly. Vish On Mar 30, 2013, at 6:42 PM, Lorin Hochstein lo...@nimbisservices.com wrote: I see that in grizzly an admin can use a scheduler hint to force a VM to launch on a particular host, e.g.: nova boot --image 1 --flavor 2 --key_name test --hint force_hosts=server2 my-first-server (from: http://docs.openstack.org/trunk/openstack-compute/admin/content/specify-host-to-boot-instances-on.html ) In Folsom, an admin could do this with the availability zone flag: nova boot --image uuid --flavor m1.tiny --key_name test --availability-zone nova:server2 (from: http://docs.openstack.org/trunk/openstack-compute/admin/content/specify-zone-to-boot-instances-on.html ) Does the second method work in grizzly as well? If so, should we recommend one approach over the other in the docs? Lorin ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Forcing a VM to a specific node in grizzly
Anne: I read that as meaning you can now control who has access to do this via policy.json, but the UI for doing it still uses the --availability-zone flag. I documented my understanding here: https://review.openstack.org/25804, but we should wait for Phil Day's response. Lorin On Sun, Mar 31, 2013 at 10:06 PM, Anne Gentle a...@openstack.org wrote: Woops, hit send too soon. I made the doc change based on this mailing list post by Phil Day. https://lists.launchpad.net/openstack/msg19784.html Which was in this doc bug: https://bugs.launchpad.net/openstack-manuals/+bug/1096168 Phil, can you verify on a grizzly install and post the correct commands and results? Thanks, Anne On Sat, Mar 30, 2013 at 9:56 PM, Vishvananda Ishaya vishvana...@gmail.com wrote: I wasn't aware that force_hosts actually works. Someone should probably verify. The availability zone method still works in grizzly. Vish On Mar 30, 2013, at 6:42 PM, Lorin Hochstein lo...@nimbisservices.com wrote: I see that in grizzly an admin can use a scheduler hint to force a VM to launch on a particular host, e.g.: nova boot --image 1 --flavor 2 --key_name test --hint force_hosts=server2 my-first-server (from: http://docs.openstack.org/trunk/openstack-compute/admin/content/specify-host-to-boot-instances-on.html ) In Folsom, an admin could do this with the availability zone flag: nova boot --image uuid --flavor m1.tiny --key_name test --availability-zone nova:server2 (from: http://docs.openstack.org/trunk/openstack-compute/admin/content/specify-zone-to-boot-instances-on.html ) Does the second method work in grizzly as well? If so, should we recommend one approach over the other in the docs? Lorin ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Forcing a VM to a specific node in grizzly
I see that in grizzly an admin can use a scheduler hint to force a VM to launch on a particular host, e.g.: nova boot --image 1 --flavor 2 --key_name test --hint force_hosts=server2 my-first-server (from: http://docs.openstack.org/trunk/openstack-compute/admin/content/specify-host-to-boot-instances-on.html ) In Folsom, an admin could do this with the availability zone flag: nova boot --image uuid --flavor m1.tiny --key_name test --availability-zone nova:server2 (from: http://docs.openstack.org/trunk/openstack-compute/admin/content/specify-zone-to-boot-instances-on.html ) Does the second method work in grizzly as well? If so, should we recommend one approach over the other in the docs? Lorin ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] nova-compute and querying keystone for glance endpoint
On Wed, Mar 20, 2013 at 12:12 AM, Nathanael Burton nathanael.i.bur...@gmail.com wrote: On Mar 19, 2013 11:56 PM, Lorin Hochstein lo...@nimbisservices.com wrote: OK, so I'm not crazy, that means that I really do need to do something like: glance_api_servers=192.168.206.130:9292 or (since the default port is used) glance_host=192.168.206.130 Lorin Kinda, if using FLAGS.glance_api_servers you still need to specify the port because the code will default to port 80 if not specified [1]. Also if your glance server is configured with SSL you would do: glance_api_servers=https://192.168.206.130:9292 Looking back at the code, your original idea also works. If you just specify FLAGS.glance_host it will build FLAGS.glance_api_servers based on your glance_host and the default glance_port [2]. I've always specified the glance_api_servers flag since it's the only way to specify SSL. [1] - https://github.com/openstack/nova/blob/stable/folsom/nova/image/glance.py#L84 [2] - https://github.com/openstack/nova/blob/stable/folsom/nova/flags.py#L138 I filed an ops bug against nova asking to change the default behavior: https://bugs.launchpad.net/nova/+bug/1159043 -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] DHCP lease not accepted when libvirt_use_virtio_for_bridges=true
On Thu, Mar 21, 2013 at 12:00 PM, Vishvananda Ishaya vishvana...@gmail.comwrote: Well phooey: 987 if network_ref['multi_host']: 988 _add_dhcp_mangle_rule(dev) The mangle rule is only added my nova-network in multihost mode. Can you verify whether or not adding the rule on the compute or network node fixes it? That way we can either remove the check on multi_host or add it in plug_vif on the compute host. I'll check on this and get back to you. As an aside, note that we're *not* running with the vhost-net kernel module loaded, and the mangle rule only gets applied if this module is loaded: https://github.com/openstack/nova/blob/master/nova/network/linux_net.py#L885 884 def _add_dhcp_mangle_rule(dev): 885 if not os.path.exists('/dev/vhost-net'): 886 return So, either this situation can occur even without vhost-net, or I'm hitting a different issue. BTW: iptables -D POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM --checksum-fill that should be -A not -D D'oh! I'll make sure that's correct when I do the testing. Lorin Vish On Mar 20, 2013, at 1:43 PM, Lorin Hochstein lo...@nimbisservices.com wrote: On Wed, Mar 20, 2013 at 4:15 PM, Nathanael Burton nathanael.i.bur...@gmail.com wrote: On Wed, Mar 20, 2013 at 3:51 PM, Lorin Hochstein lo...@nimbisservices.com wrote: I'm doing a Folsom deployment with FlatDHCP (not multihost). When I try to boot a quantal image, the instance doesn't pick up the DHCP lease. I've confirmed that dnsmasq is sending out the DHCPOFFER, and I can see by tcpdump on the compute host that the DHCP packets are making it to the vnet0 interface. Note that I tried adding this iptables rule as mentioned here https://github.com/mseknibilel/OpenStack-Folsom-Install-guide/issues/14, but that didn't resolve it. iptables -D POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM --checksum-fill However, the problem goes away if I change this setting on the compute hosts in /etc/nova/nova.conf libvirt_use_virtio_for_bridges=true to: libvirt_use_virtio_for_bridges=false Anybody know what would cause this? I'm on Ubuntu 12.04 with the cloud-archive packages, with KVM as the hypervisor You didn't restart nova-network without killing and restarting dnsmasq, did you? Nate Of course not! (Well, maybe...). But just tried again, killing dnsmasq and restarting nova-network doesn't seem to help. I'm guessing the issue is confined to the compute node, and since I'm not running multihost, I don't think I even need to restart nova-network each time I make a virtio-related change on the compute node... Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] DHCP lease not accepted when libvirt_use_virtio_for_bridges=true
I'm doing a Folsom deployment with FlatDHCP (not multihost). When I try to boot a quantal image, the instance doesn't pick up the DHCP lease. I've confirmed that dnsmasq is sending out the DHCPOFFER, and I can see by tcpdump on the compute host that the DHCP packets are making it to the vnet0 interface. Note that I tried adding this iptables rule as mentioned here https://github.com/mseknibilel/OpenStack-Folsom-Install-guide/issues/14, but that didn't resolve it. iptables -D POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM --checksum-fill However, the problem goes away if I change this setting on the compute hosts in /etc/nova/nova.conf libvirt_use_virtio_for_bridges=true to: libvirt_use_virtio_for_bridges=false Anybody know what would cause this? I'm on Ubuntu 12.04 with the cloud-archive packages, with KVM as the hypervisor Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] DHCP lease not accepted when libvirt_use_virtio_for_bridges=true
On Wed, Mar 20, 2013 at 4:15 PM, Nathanael Burton nathanael.i.bur...@gmail.com wrote: On Wed, Mar 20, 2013 at 3:51 PM, Lorin Hochstein lo...@nimbisservices.com wrote: I'm doing a Folsom deployment with FlatDHCP (not multihost). When I try to boot a quantal image, the instance doesn't pick up the DHCP lease. I've confirmed that dnsmasq is sending out the DHCPOFFER, and I can see by tcpdump on the compute host that the DHCP packets are making it to the vnet0 interface. Note that I tried adding this iptables rule as mentioned here https://github.com/mseknibilel/OpenStack-Folsom-Install-guide/issues/14, but that didn't resolve it. iptables -D POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM --checksum-fill However, the problem goes away if I change this setting on the compute hosts in /etc/nova/nova.conf libvirt_use_virtio_for_bridges=true to: libvirt_use_virtio_for_bridges=false Anybody know what would cause this? I'm on Ubuntu 12.04 with the cloud-archive packages, with KVM as the hypervisor You didn't restart nova-network without killing and restarting dnsmasq, did you? Nate Of course not! (Well, maybe...). But just tried again, killing dnsmasq and restarting nova-network doesn't seem to help. I'm guessing the issue is confined to the compute node, and since I'm not running multihost, I don't think I even need to restart nova-network each time I make a virtio-related change on the compute node... Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] nova-compute and querying keystone for glance endpoint
Hi All: I was doing a Folsom deployment from scratch, and when I tried to launch an instance my compute host failed to connect to the glance server to download the image, instead it tried to connect to itself. I can resolve this by putting glance_host=ip into nova.conf. But I'd prefer if my compute host fetched this information from keystone rather than hard-code (hard-configure?) like this. I assume that I don't have the right config in nova.conf (a template for that file is here: https://github.com/lorin/openstack-ansible/blob/folsom/playbooks/templates/etc/nova/nova.conf). However, tracing through the nova code, I couldn't figure out where it was that the compute host was supposed to connect to keystone to get the right endpoint for glance. Where in the nova Folsom code does the nova-compute service query the keystone service catalog to get the endpoint for glance? Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] nova-compute and querying keystone for glance endpoint
On Tue, Mar 19, 2013 at 11:51 PM, Nathanael Burton nathanael.i.bur...@gmail.com wrote: On Tue, Mar 19, 2013 at 11:39 PM, Lorin Hochstein lo...@nimbisservices.com wrote: Hi All: I was doing a Folsom deployment from scratch, and when I tried to launch an instance my compute host failed to connect to the glance server to download the image, instead it tried to connect to itself. I can resolve this by putting glance_host=ip into nova.conf. But I'd prefer if my compute host fetched this information from keystone rather than hard-code (hard-configure?) like this. I assume that I don't have the right config in nova.conf (a template for that file is here: https://github.com/lorin/openstack-ansible/blob/folsom/playbooks/templates/etc/nova/nova.conf). However, tracing through the nova code, I couldn't figure out where it was that the compute host was supposed to connect to keystone to get the right endpoint for glance. Where in the nova Folsom code does the nova-compute service query the keystone service catalog to get the endpoint for glance? Lorin, I don't believe nova pulls the glance endpoint from keystone's service catalog. I believe it's based on FLAGS.glance_api_servers here https://github.com/openstack/nova/blob/stable/folsom/nova/image/glance.py#L73 Nate OK, so I'm not crazy, that means that I really do need to do something like: glance_api_servers=192.168.206.130:9292 or (since the default port is used) glance_host=192.168.206.130 Lorin ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] OpenStack Operations Guide
Hi folks: Anne Gentle somehow managed to corral together a group of operators who have deployed OpenStack into production and were willing to write about it. They were locked together in a room last week and produced a book from scratch about how to design and operate an OpenStack cloud. It is now available at http://docs.openstack.org/ops The license is Creative Commons (cc by), PDF, ePub and mobi formats available for free download from the site above, with a link to purchase option if you want the dead tree version. Any money from sales goes back to The OpenSack Foundation, who paid travel costs for most of the authors' travel. Like all of the content at docs.openstack.org, this is a living document and we'd love to have more people's help and input. Details on contributing are, of course, in the book. We all really enjoyed the process of creating this book, and hope the community finds this a useful resource. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] What is the typical way to deploy OpenStack Compute with ESXi
Sean: Could you say a little more about why it is that running nova-compute inside of a VM makes it easier to integrate with nova-network or quantum (ova)? The OpenStack docs on VMWare http://docs.openstack.org/folsom/openstack-compute/admin/content/vmware.html unfortunately don't have any detail about this. Also, is the VM that runs nova-compute supposed to be managed by OpenStack, or is it supposed to be set up manually? Take care, Lorin On Tue, Jan 8, 2013 at 12:38 AM, Sean Chen xuch...@gmail.com wrote: It makes nova-network, quantum (ovs) integration easier. Sean On Jan 5, 2013, at 8:25 PM, Lorin Hochstein lo...@nimbisservices.com wrote: Sean: I'd like to add this to the documentation on that page. Can you describe in more detail why you recommend installing nova-compute on a VM hosted on the ESXi that nova compute manages? Lorin On Fri, Jan 4, 2013 at 10:18 PM, Sean Chen xuch...@gmail.com wrote: Both physical machine and VM work. It's preferred to install nova compute on a VM hosted on the ESXi that nova compute manages. -- Sean ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] swift -- object layout on storage
This is good info, I submitted a doc patch to capture this in the Swift admin guide: https://review.openstack.org/19046 Lorin On Fri, Jan 4, 2013 at 1:27 PM, John Dickinson m...@not.mn wrote: It's pretty simple. Swift uses the underlying filesystem to store the data on disk, and so you can use normal FS tools to find and inspect your data. For the object server, the magic happens here: https://github.com/openstack/swift/blob/master/swift/obj/server.py#L117 The end result is that the data is stored here: /path/to/mount/points/device/objects/partition/hash_suffix/hash/ That directory is the object. Inside the directory, there is normally just one file (named timestamp.data). The object's data is stored in the file, and the object's metadata is stored in the xattrs of the file. In some cases (mostly around failure handling), there may be more than one file in that directory, but for the general case, all the .data files are sorted (by filename) and the last is chosen (ie the most recent). As I said, there is normally just the one file in there. If you delete the object, the .data file is deleted and a timestamp.ts (ts for tombstone) file is created as a zero-byte file. This is a delete marker that will be eventually reaped, but it exists to ensure that the delete properly propagates to all replicas in the cluster. --John On Jan 4, 2013, at 10:14 AM, Snider, Tim tim.sni...@netapp.com wrote: I’d like to understand more on how Swift lays out objects on the underlaying storage. I can’t seem to find out much about this in the openstack / swift documentation itself or in associated web searchs. Thanks for pointers / links. Tim ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [nova] python-novaclient 2.10.0 released
Vish: On Thu, Nov 29, 2012 at 2:47 PM, Vishvananda Ishaya vishvana...@gmail.comwrote: Hello Everyone, I just pushed out a new version of python-novaclient[1]. Mostly cleanups although a few new features were added for people using the trunk release of nova. New commands for grizzly/trunk nova cloudpipe-update Are you sure the cloudpipe-update command made it to the 2.10.0 version? I just checked after logging a doc bug to get this stuff into the manuals, and while the other commands are in all there, that one doesn't seem to be. $ pip freeze | grep novaclient python-novaclient==2.10.0 $ nova help cloudpipe-update ERROR: 'cloudpipe-update' is not a valid subcommand Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Getting Trusted Compute Pools working in Open Stack Folsom
I noticed that Trusted Compute Pools weren't documented and took a shot at it here, based on the wiki and these emails: https://review.openstack.org/16783 I believe that adding these lines to nova.conf in Folsom will enable the trust filter: scheduler_available_filters=nova.scheduler.filters.standard_filters scheduler_available_filters=nova.scheduler.filters.trusted_filter scheduler_default_filters=AvailabilityZoneFilter,RamFilter,ComputeFilter,TrustedFilter However, if this isn't right, somebody let me know and I'll fix it in the docs. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On Nov 22, 2012, at 3:23 AM, Jiang, Yunhong yunhong.ji...@intel.com wrote: I think trusted_filter is not in the scheduler_default_filters, so you have to make sure it’s used by the filter scheduler. Thanks --jyh From: openstack-bounces+yunhong.jiang=intel@lists.launchpad.net [mailto:openstack-bounces+yunhong.jiang=intel@lists.launchpad.net] On Behalf Of Dale, StewartX T Sent: Thursday, November 22, 2012 7:28 AM To: openstack@lists.launchpad.net Subject: [Openstack] Getting Trusted Compute Pools working in Open Stack Folsom Hi All, I am trying to get trusted compute pools working in my installation of open stack Folsom but so far am unable to get it to work. Currently when I spawn a new instance I don't see any interaction with the attestation server and the instance spawns just fine on a untrusted host. I have followed all the documentation I could find on TCP (http://wiki.openstack.org/TrustedComputingPools , https://github.com/openstack/nova/blob/stable/folsom/nova/scheduler/filters/trusted_filter.py ) but am still having no luck so I am hoping I missed something while setting it up. Hopefully someone can point out what I am doing wrong. Steps to Setup TCP: 1. Set the following value in nova.conf scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler 2. Add trusted_computing section to nova.conf [trusted_computing] server=10.x.x.x port=8181 server_ca_file=/etc/nova/ssl.10.1.71.206.crt api_url=/AttestationService/resources/PollHosts auth_blob=i-am-openstack 3. Add the trusted requirement to an existing flavor by running nova-manage instance_type set_key m1.tiny trust:trusted_host trusted 4. Restart nova-compute and nova-scheduler service At this point I test it by going to openstack page - projects - instances and launching a new instance of m1.tiny. At this point I should see a connection attempt on the attestion server (which I don't) and then the instance fail to launch (which it doesn't) since the host is untrusted. My version of open stack is Folsom and nova is 2012.2. Hopefully someone can point out my mistake or what I am missing. -Stewart ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Enabling logging in keystone.
On Oct 3, 2012, at 7:33 PM, Alan Pevec ape...@gmail.com wrote: On Wed, Oct 3, 2012 at 8:31 AM, Dolph Mathews dolph.math...@gmail.com wrote: At the very least, I'd like to move this approach to the end of the page; and ideally, the script would be managed by openstack. There's a sample script in Keystone https://github.com/openstack/keystone/blob/master/tools/sample_data.sh although I must say that yaml is much more readable. While at the it, there's one more in Devstack https://github.com/openstack-dev/devstack/blob/master/files/keystone_data.sh so maybe replacing both with keystone-init.py + yaml, maintained in Keystone git makes sense? Alan: The doc fix landed at https://review.openstack.org/#/c/13984/ and the documentation now references https://github.com/openstack/keystone/blob/master/tools/sample_data.sh for a scripted install. However, if somebody finds my keystone-init.py script useful and wants to move it into an official OpenStack repository like the keystone repo, I would be supportive of that. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com Cheers, Alan ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] multi_host sample nova.conf files?
On Jul 6, 2012, at 6:46 AM, Marnus van Niekerk m...@mjvn.net wrote: Hi, is anybody prepared to share a set of working nova.conf files for a multi_host installation? For both the controller node and a compute node. And please tell me what services you are running on the compute node. I have been over this 100s of times now and even recreated the nova database and no success. Marnus: You need multi_host=True in your nova.conf, and you need to run the following services on the compute node: nova-compute nova-network nova-api-metadata See: http://docs.openstack.org/essex/openstack-compute/admin/content/existing-ha-networking-options.html#d6e6509 Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] inter-tenant and VM-to-bare-metal communication policies/restrictions.
On Jul 5, 2012, at 11:47 AM, Christian Parpart tra...@gmail.com wrote: Hi all, I am running multiple compute nodes and a single nova-network node, that is to act as a central gateway for the tenant's VMs. However, since this nova-network node (of course) knows all routes, every VM of any tenant can talk to each other, including to the physical nodes, which I highly disagree with and would like to restrict that. :-) If you add this to nova.conf: allow_same_net_traffic=false It should prevent the VMs from communicating with each other. From http://docs.openstack.org/essex/openstack-compute/admin/content/compute-options-reference.html#d6e3133 Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Does glance-scrubber.conf require sql_connection?
On Aug 13, 2012, at 11:33 AM, Jay Pipes jaypi...@gmail.com wrote: On 08/12/2012 10:12 PM, Lorin Hochstein wrote: Doc question: Does glance-scrubber require sql_connection? The Install and Deploy Guide specifies the sql_connection parameter http://docs.openstack.org/essex/openstack-compute/install/apt/content/glance-scrubber-conf-file.html, but it wasn't clear to me that the scrubber actually makes any queries against the database. It used to make direct queries against the registry database, but now it makes queries via the registry's REST API. So this option can safely be removed now. Does now mean as of essex or as of folsom? ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Does glance-scrubber.conf require sql_connection?
On Aug 13, 2012, at 1:52 PM, Jay Pipes jaypi...@gmail.com wrote: On 08/13/2012 01:45 PM, Lorin Hochstein wrote: On Aug 13, 2012, at 11:33 AM, Jay Pipes jaypi...@gmail.com wrote: On 08/12/2012 10:12 PM, Lorin Hochstein wrote: Doc question: Does glance-scrubber require sql_connection? The Install and Deploy Guide specifies the sql_connection parameter http://docs.openstack.org/essex/openstack-compute/install/apt/content/glance-scrubber-conf-file.html, but it wasn't clear to me that the scrubber actually makes any queries against the database. It used to make direct queries against the registry database, but now it makes queries via the registry's REST API. So this option can safely be removed now. Does now mean as of essex or as of folsom? Sorry, good point, Lorin :) This behaviour (of not requiring the registry database connection) was implemented in Essex: https://bugs.launchpad.net/glance/+bug/836381 Thanks, Jay. Docfix submitted: https://review.openstack.org/11294 Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Documenting libvirt live migration
It recently came up on the mailing list that nova does not use libvirt's live migration functionality when implementing what it calls live migration. I took a shot at documenting this, as well as documenting how to enable it. However, there was some concern about the possibility of race conditions with libvirt live migration that could prevent it from ever terminating. I'd appreciate some feedback on just what we should put in the docs about this, since I don't have any particular expertise in this area. Proposed doc addition: https://review.openstack.org/11172 Original thread on the mailing list: http://www.mail-archive.com/openstack@lists.launchpad.net/msg15296.html Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Does glance-scrubber.conf require sql_connection?
Doc question: Does glance-scrubber require sql_connection? The Install and Deploy Guide specifies the sql_connection parameter http://docs.openstack.org/essex/openstack-compute/install/apt/content/glance-scrubber-conf-file.html, but it wasn't clear to me that the scrubber actually makes any queries against the database. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Nova ignores nova.conf
On Aug 10, 2012, at 6:07 AM, Mark McLoughlin mar...@redhat.com wrote: On Fri, 2012-08-10 at 00:23 -0900, Simon Walter wrote: Nova does not respect the options set in the /etc/nova/nova.conf file. I've seen some examples with -- prefixing the flags, as if they are command line arguments. I've also seen examples without. I've tried removing the --, that does nothing. Specifically, I've set --flat_network_bridge=br0 --fixed_range=10.0.3.0/24 --flat_network_dhcp_start=10.0.3.1 I always get a br100 created with an IP address of 10.0.2.33 This is really annoying. If I empty the /etc/nova/nova.conf nothing gets created. I've greped all sorts of places for defaults, but come up blank. If nova is being run with --config-file, then the syntax is [DEFAULT] flat_network_bridge=br0 OTOH, if it is being run with --flagfile, the syntax is: --flat_network_bridge=br0 I assumed that the nova-* services were auto-deteting the nova.conf format. When I run on Ubuntu, the default nova.conf file is in the deprecated flag file format, but I just edited the nova.conf file to use the new ini-style format, and everything seemed to just work. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Is it ok to post a job here?
Hi Eugene: On Aug 10, 2012, at 9:25 PM, Eugene Kirpichov ekirpic...@gmail.com wrote: Hello community, I'm wondering whether it's ok to post an OpenStack-related job to this mailing list. On one hand, I didn't find anything hinting that it's not ok in the MailingListEtiquette page; on the other hand, I didn't find any job postings in the archives either. So I figured I better ask first :) The place to post OpenStack-related jobs is the OpenStack Job Board: http://www.openstack.org/community/jobs/ Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Hiding complexity of paste config files from operators
On Jul 30, 2012, at 9:48 AM, Adam Young ayo...@redhat.com wrote: On 07/30/2012 05:12 AM, Thierry Carrez wrote: Lorin Hochstein wrote: I wanted to discuss the usability of the paste config files from an operator's point of view. The paste config files are opaque to administrators who are trying to stand an OpenStack cloud for the first time, since they expose a lot of implementation details about the middleware. I can follow the instructions in the Install and Deploy guide, but I have no idea what the options I don't edit are, and if the documentation has deviated from the implementation, I'm pretty much stuck. [...] This was mentioned in the Making configuration easier session on the DevOps track at the last design summit. You can find the notes at: http://etherpad.openstack.org/FolsomMakingConfigurationEasier In particular, it was identified that paste configs were evil, failing to properly separate service/code configuration from end-user configuration. Assuming that the *-paste.ini files always need to be there, is there some way we could avoid requiring admins to edit these files, and instead make it more like editing the .conf files? For example, could the paste.ini files be generated from the corresponding .conf file as needed? I would not assume that *-paste.ini files always need to be there... Paste is a pain point if we are to support Python 3 one day, so it's also on the black list of the (still inexistant) OpenStack Python3 advocacy group. So I'd rather investigate a solution that solves our two problems, rather than adding a layer on top of the current broken solution... That said I'm not really a specialist of Paste alternatives. It seems to me that there is nothing that you can do in Paste that you cannot do in straight python. THe advantage of Paste is hat it is viewed as a Config file, not as code and thus is a file that end system administrators can use. A paste file is nothing more than an assignment to a variable name from a string that is done at run time. For example, the Keystone config file has a paste fragment in it: [app:public_version_service] paste.app_factory = keystone.service:public_version_app_factory This same code could be performed inside the Python code base with pretty much the same code interpred as Python. The issue is that we would then want to allow a value such as this to be overridden: For example, specifying the driver for the token api is done: [token] driver = keystone.token.backends.kvs.Token Since most of these cases have reasonable defaults, they should be left out of the paste files. What needs to be available is solid documentation of the values that can be overridden this way. Any keys that are not defaulted, but are not really designed to be overloaded should be modified so that they are defaulted, and then the keys removed from the paste file. I logged a doc bug: https://answers.launchpad.net/openstack-manuals/+question/204782 but we really need someone who understands these files to help us document this. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Instance stuck in deleting state with error
On Aug 1, 2012, at 12:19 PM, Jonathan Proulx j...@jonproulx.com wrote: FYI the nova reset-state command exists on my Debian 6.0 workstations where python-novaclient is installed via pip (presumably the gets latest version from trunk?) it is not available on my Ubuntu 12.04 systems using standard Ubuntu repository versions (essex). -Jon I believe pip gets it from PyPI: http://pypi.python.org/pypi/python-novaclient/ I'm not sure how often PyPI gets updated, but I don't think it's on every commit to trunk. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Instance stuck in deleting state with error
On Jul 30, 2012, at 3:35 PM, Kevin L. Mitchell kevin.mitch...@rackspace.com wrote: On Mon, 2012-07-30 at 14:25 -0500, Chris Behrens wrote: You may still have to reset the instance's task_state to NULL in the DB (instances table) to delete ones already in this state. No, I fixed the state problem with soft_delete(); as long as he updates, delete should work fine. That said, be aware that there is a reset-state command to novaclient, so that you can do Chris's recommended reset without having to muck around with the database directly. -- Kevin L. Mitchell kevin.mitch...@rackspace.com From the python-novaclient tests, it looks like nova reset-state instance puts an instance into the error state or (with the --active) flag into the active state: def test_reset_state(self): self.run_command('reset-state sample-server') self.assert_called('POST', '/servers/1234/action', {'os-resetState': {'state': 'error'}}) self.run_command('reset-state sample-server --active') self.assert_called('POST', '/servers/1234/action', {'os-resetState': {'state': 'active'}}) What's the use case for resetting an instance to the error state? Is the idea to do: nova reset-state instance nova delete instance Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [glance] legacy client removal and python-glanceclient
On Jul 31, 2012, at 2:41 PM, Brian Waldon bcwal...@gmail.com wrote: This is a reminder that the client in glance is deprecated and will not ship with Folsom. Horizon and Devstack both use python-glanceclient, and I'm presently working on updating Nova. I also wanted to point out that I just released python-glanceclient v0.2.0 and would love to gather some feedback. Please file bugs on the python-glanceclient project in launchpad if you find anything to be missing. Brian Waldon Brian: I logged a doc bug to track this https://bugs.launchpad.net/openstack-manuals/+bug/1031578. Is there any current documentation on this, or is it just the output of glance help? Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Hiding complexity of paste config files from operators
All: I wanted to discuss the usability of the paste config files from an operator's point of view. The paste config files are opaque to administrators who are trying to stand an OpenStack cloud for the first time, since they expose a lot of implementation details about the middleware. I can follow the instructions in the Install and Deploy guide, but I have no idea what the options I don't edit are, and if the documentation has deviated from the implementation, I'm pretty much stuck. As an example, the install and deploy guide says to add authtoken to the pipeline:glance-api section in glance-api-paste.ini http://docs.openstack.org/essex/openstack-compute/install/content/configure-glance-files.html, the example in the docs looks like this: [pipeline:glance-api] pipeline = versionnegotiation authtoken auth-context apiv1app If I install from packages on precise, there's also some lines that look like this: [pipeline:glance-api-keystone] pipeline = versionnegotiation authtoken context apiv1app It looks similar, and it has keystone in there, so maybe that's intended to be used for keystone? And it looks pretty similar, but there's a auth-context instead of context. Maybe the pipeline:glance-api-keystone is used for something else in glance? In the end, I'm just going to slavishly follow the documentation, and I have no mental model of what these options do. On the other hand, the traditional configuration files (e.g., nova.conf) are (relatively) well-documented, have default values, and everything that's exposed is something that could potentially be changed by an administrator. In particular, there's generally a one-to-one correspondence between changing a configuration setting and changing the behavior of the system in a way that's meaningful for the operator. For example, enabling FlatDHCP in nova.conf is just setting a config option to one value: network_manager=nova.network.manager.FlatDHCPManager Assuming that the *-paste.ini files always need to be there, is there some way we could avoid requiring admins to edit these files, and instead make it more like editing the .conf files? For example, could the paste.ini files be generated from the corresponding .conf file as needed? Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [nova] Specifying Schedule Filters Per Request?
Jon: I don't think this is possible. As far as I know, in a request, all you can do is pass hints to existing filters. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On Jul 21, 2012, at 11:48 PM, Jonathan Proulx wrote: Hi All, http://docs.openstack.org/essex/openstack-compute/admin/content/compute-options-reference.html states that the scheduler_default_filters option in nova.conf controls which filter class names to use for filtering hosts when not specified in the request. How can I specify what filters to use in the request (or can I)? I've been experimenting with DifferentHostFilter and SameHostFilter both of which seem very expensive if left in the default list (even if not passing hints to engage either). It would be nice if these we only enabled for the few cases that want them but I don't see any options to the python-novaclient to pass in a filter list. Thanks, -Jon ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Weird nova-network bridging problem with precise/essex
On Jul 20, 2012, at 9:57 PM, Narayan Desai wrote: Just for the record, we found the issue. There was some filtering being applied in the bridge code which randomly (?) dropped some DNS requests. Setting: net.bridge.bridge-nf-call-arptables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-ip6tables = 0 completely resolved the problem. I've written up full details here: http://buriedlede.blogspot.com/2012/07/debugging-networking-problems-with.html -nld Great writeup, I proposed a section to the docs for this: https://review.openstack.org/10106 Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [HPC] BoF at SC12
On Jul 6, 2012, at 1:28 PM, John Paul Walters wrote: I'm strongly considering putting together a proposal for a BoF (birds of a feather) session at this year's Supercomputing in Salt Lake City. For those of you who are likely to attend, is anyone else interested? It's not a huge amount of time invested on my end to put together the proposal, but I'd like to gauge the community interest before doing so. I would likely broaden things a bit from being exclusively Openstack and instead turn it into more of an HPC in the Cloud session so that we could, perhaps, take some input from other HPC cloud projects. The submissions are due July 31, so we've got a little bit of time, but not too much. Anyone else interested? best, JP JP: I think this was a great idea, we were thinking about proposing this if nobody else did. I would suggest making it OpenStack-specific, since there was an HPC in the Cloud BoF last year (http://sc11.supercomputing.org/schedule/event_detail.php?evid=bof140), and they'll probably re-apply this year as well. I think we can get critical mass for an OpenStack BoF. Along these lines: Chris Hoge from U. Oregon gave a talk last week at OSCON about their use of OpenStack on HPC http://www.oscon.com/oscon2012/public/schedule/detail/24261 (There are some good slides attached to that web page) Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] OVF vs. bare container formats for qcow2 images
Paul: I assume you're using XenServer? When I grepped through the code, there appears to be a XenServer plugin for glance for supporting tar balls that could be OVAs, but don't necessarily contain the OVF file (?). Here's the code: https://github.com/openstack/nova/blob/stable/essex/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance#L365 Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On Jul 5, 2012, at 11:22 AM, Paul Voccio wrote: Lorin, We've been using OVA packages since the beginning. I believe there is a flag in glance for this. Thanks, ~pvo Paul Voccio paul.voc...@rackspace.com 770-335-2143 (c) pvo on #openstack ಠ_ಠ On Jul 3, 2012, at 9:07 PM, Lorin Hochstein wrote: On Jun 29, 2012, at 9:53 PM, Adam Young wrote: On 04/01/2012 11:15 AM, Lorin Hochstein wrote: On Mar 29, 2012, at 12:40 PM, Daniel P. Berrange wrote: On Wed, Mar 28, 2012 at 04:41:28PM -0400, Lorin Hochstein wrote: All: Given that I have a qcow2 image from somewhere (e.g., downloaded it from a uec-images.ubuntu.com, created one from a raw image using qemu-img) that i want to add to glance: 1. How can I tell whether it's an ovf or bare container format? You are mixing up terminology here. Disk image formats are things like raw, qcow2, vmdk, etc. OVF refers to the format of a metadata file provided alongside the disk image, which describes various requirements for running the image. The two are not tied together at all, merely complementary to each other. Thanks, that clears things up. I was confused by this language, which sounded to me like the metadata was embedded in the disk image file: http://glance.openstack.org/formats.html The container format refers to whether the virtual machine image is in a file format that also contains metadata about the actual virtual machine. In addition, the docs have examples like this, which clearly aren't meaningful: http://glance.openstack.org/glance.html#important-information-about-uploading-images Just to add to the confusion the OVF can contain both the metadata file and the disk image file in a single archived file. An OVF package consists of several files, placed in one directory. A one-file alternative is the OVA package, which is a TAR file with the OVF directory inside. http://en.wikipedia.org/wiki/Open_Virtualization_Format#Technical_description Does anybody know if OpenStack (nova+glance) currently supports OVA packages? Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] OVF vs. bare container formats for qcow2 images
On Jun 29, 2012, at 9:53 PM, Adam Young wrote: On 04/01/2012 11:15 AM, Lorin Hochstein wrote: On Mar 29, 2012, at 12:40 PM, Daniel P. Berrange wrote: On Wed, Mar 28, 2012 at 04:41:28PM -0400, Lorin Hochstein wrote: All: Given that I have a qcow2 image from somewhere (e.g., downloaded it from a uec-images.ubuntu.com, created one from a raw image using qemu-img) that i want to add to glance: 1. How can I tell whether it's an ovf or bare container format? You are mixing up terminology here. Disk image formats are things like raw, qcow2, vmdk, etc. OVF refers to the format of a metadata file provided alongside the disk image, which describes various requirements for running the image. The two are not tied together at all, merely complementary to each other. Thanks, that clears things up. I was confused by this language, which sounded to me like the metadata was embedded in the disk image file: http://glance.openstack.org/formats.html The container format refers to whether the virtual machine image is in a file format that also contains metadata about the actual virtual machine. In addition, the docs have examples like this, which clearly aren't meaningful: http://glance.openstack.org/glance.html#important-information-about-uploading-images Just to add to the confusion the OVF can contain both the metadata file and the disk image file in a single archived file. An OVF package consists of several files, placed in one directory. A one-file alternative is the OVA package, which is a TAR file with the OVF directory inside. http://en.wikipedia.org/wiki/Open_Virtualization_Format#Technical_description Does anybody know if OpenStack (nova+glance) currently supports OVA packages? Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Problems accessing metadata service due to nova-network generated iptables rules
On Jun 20, 2012, at 5:44 PM, Lars Kellogg-Stedman wrote: Is the DNAT rule expected to work? Does linux_net.py need a special case for when the metadata address is on the local host? I have confirmed that the DNAT rule works *unless* metadata_host is 127.0.0.1, in which case you need a REDIRECT rule. Did you ever find out what was causing the issue with your configuration? We run using multi-host (nova-api metadata service and nova-compute on every node) in VLAN mode, and our instances have no problem reaching the metadata service. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Testing NOVA-OVS-Quantum setup
That guide is now linked at docs.openstack.org. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On Jun 20, 2012, at 7:30 AM, Joseph Suh wrote: Trinath, I found the following Quantun admin guide was useful for that purpose: http://www.google.com/url?sa=trct=jq=esrc=ssource=webcd=4ved=0CHsQFjADurl=http%3A%2F%2Fdocs.openstack.org%2Ftrunk%2Fopenstack-network%2Fadmin%2Fquantum-admin-guide-trunk.pdfei=prHhT-SMMMa70QG_uJTwAwusg=AFQjCNEq2fuo4dQrvFQT0zw8v05zMdIFWwsig2=6eAgFutMS_VLrhpR4Lhy2w Thanks, Joseph (w) 703-248-6160 (f) 703-812-3712 3811 N. Fairfax Drive Suite 200 Arlington, VA, 22203, USA http://www.east.isi.edu/~jsuh - Original Message - From: Trinath Somanchi trinath.soman...@gmail.com To: openstack@lists.launchpad.net Sent: Wednesday, June 20, 2012 7:04:21 AM Subject: [Openstack] Testing NOVA-OVS-Quantum setup Hi- I have installed configured NOVA-OVS-Quantum based setup using the guide provided by openstack and OVS. I have a instance up and running. I'm new to Openstack. Can you any one help me out on the testing/validating on is instance up with OVS and Quantum. Thanking you.. -- Regards, -- Trinath Somanchi, +91 9866 235 130 ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack-doc-core] Editing the hypervisor support matrix
I don't have an Edit (GUI) link in my interface, just an Edit (Text) link. I can save the content offline, but it's still pretty horrible to edit. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On Jun 19, 2012, at 5:47 PM, Anne Gentle wrote: Are you editing with the Edit (Text) or Edit (GUI) link? I've had problems with the Edit (GUI) editor and large tables, but the text-editor is a nightmare also. Sorry I don't have suggestions for you. Can you take it offline, edit, and then reupload wholesale? I think that's how it got there in the first place, offline editing. Anne On Tue, Jun 19, 2012 at 2:22 PM, Lorin Hochstein lo...@nimbisservices.com wrote: Doc'ers: Has anybody tried to edit the hypervisor support matrix? http://wiki.openstack.org/HypervisorSupportMatrix The HTML renders nicely, but it's kind of a nightmare to try to make changes to it. Does somebody have a better way to do this than editing the raw HTML? Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com -- Mailing list: https://launchpad.net/~openstack-doc-core Post to : openstack-doc-core@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack-doc-core More help : https://help.launchpad.net/ListHelp smime.p7s Description: S/MIME cryptographic signature -- Mailing list: https://launchpad.net/~openstack-doc-core Post to : openstack-doc-core@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack-doc-core More help : https://help.launchpad.net/ListHelp
Re: [Openstack-doc-core] Editing the hypervisor support matrix
I use QuickCursor on OS X: http://www.hogbaysoftware.com/products/quickcursor It doesn't support too many text editors, but it works across multiple web browsers. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On Jun 19, 2012, at 5:57 PM, David Cramer wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Not that it will help a lot in this case, but I like the itsalltext Firefox addon for wiki text boxes: https://addons.mozilla.org/en-US/firefox/addon/its-all-text/ Then you can at least easily edit these text fields in emacs or whatever your favorite editor is. David On 06/19/2012 04:47 PM, Anne Gentle wrote: Are you editing with the Edit (Text) or Edit (GUI) link? I've had problems with the Edit (GUI) editor and large tables, but the text-editor is a nightmare also. Sorry I don't have suggestions for you. Can you take it offline, edit, and then reupload wholesale? I think that's how it got there in the first place, offline editing. Anne On Tue, Jun 19, 2012 at 2:22 PM, Lorin Hochstein lo...@nimbisservices.com wrote: Doc'ers: Has anybody tried to edit the hypervisor support matrix? http://wiki.openstack.org/HypervisorSupportMatrix The HTML renders nicely, but it's kind of a nightmare to try to make changes to it. Does somebody have a better way to do this than editing the raw HTML? Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com -- Mailing list: https://launchpad.net/~openstack-doc-core Post to : openstack-doc-core@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack-doc-core More help : https://help.launchpad.net/ListHelp -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJP4PW9AAoJEMHeSXG7afUhLn8H/ity+HRWZtAalYi9kBNqN92R P+C5OB5dapGOfiBfUyXTO45QVDXCwO0UHyPx7PnG57HQUBGMjxPXID4H6lNPW737 nq6DrXowK00yGfXc+KM1AJwqZa1wJPzTD87hNfWnAVBHzih19J5D9D4x25nlZWp+ 7rKdIgQxphT+E8pU6psfaw4PYL82u1j1uYmqspEPL1F8w6gQak4v0ZCJX5Li+H5O K5YtB3e9mVDNQ3M9vJEysR/E+xucwQkvfVqdkUVEPkegUeMPTSkhN5Ivo2xleNhR 0nHqwneVRQpPUvdoNYmy0/uWvzNlK4ui5FWY34dNYEDYSQ6geqTOlSFC1ahQ0LY= =+FmP -END PGP SIGNATURE- smime.p7s Description: S/MIME cryptographic signature -- Mailing list: https://launchpad.net/~openstack-doc-core Post to : openstack-doc-core@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack-doc-core More help : https://help.launchpad.net/ListHelp
Re: [Openstack] how to set individual gateway for each VLAN or Tenant network?
Cool, thanks. I'll try to get this into the docs. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On Jun 12, 2012, at 11:10 AM, Nathanael Burton wrote: Lorin, Diego, I wrote up a pastebin of setting up an example dnsmasq.conf file, setting it within nova.conf, patching linux_net.py (in stable/essex), and showing the example dhcp leases file which set custom values for the router, ntp-server, and dns-server using the dnsmasq conf and tags based on the network label field within the network defined within nova. The same process should work with both FlatDHCP or VLANManager. http://paste.openstack.org/show/18471/ Thanks, Nate On Mon, Jun 11, 2012 at 10:17 PM, Lorin Hochstein lo...@nimbisservices.com wrote: Hey Nate: On Jun 11, 2012, at 2:17 PM, Nathanael Burton wrote: dnsmasq supports setting parameters such as the gateway IP and other settings based on tag. I have run a patched version of nova-network in the Diablo time that used the network DB label field as the network tag in dnsmasq. This then allows you to set custom configs by modifying the dnsmasq.conf file. This was done with VLANmanager. Are you able to share an exampleof a dnsmasq.conf file that uses tags to handle different config settings per network/VLAN? Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com Thanks Nate On Jun 11, 2012 2:09 PM, Lorin Hochstein lo...@nimbisservices.com wrote: On Jun 4, 2012, at 8:22 PM, romi zhang wrote: Hi, I am using VLAN network mode and will connect eth1 and eth2 of my compute node to the LAN Switch, and LAN switch will create individual VLAN IP interface for each Tenant/VLAN and then route to the NAT equipment,through SNAT/DNAT to touch internet. So, that needs I can set the default gateway of each Tenant VLAN to the different IP address of VLAN interface on the switch. I have the same question, I would love to know if you can set the gateways in VLAN mode. For example, my first tenant(auto0Tenant) is at VLAN200/br200/eth1/fix_ip range is 192.168.2.0/28 and second(aotu1Tenant) is VLAN300/br300/eth2/fix_ip_range 192.168.3.0/28, the VLAN interface ip address for them on switch is 192.168.2.9 and 192.168.3.9, I want to set the default gateway of VMs in auto0Tenant to 192.168.2.9 and 192.168.3.9 for aotu1Tenant’s VMs. I try to use two methods, the first is to use nova-command: nova-manage network create --label=auto0Tenat --fixed_range_v4=192.168.2.0/28 --num_networks=1 --gateway=192.168.2.9 --dns1=61.139.2.69 --vlan=200 --bridge=br200 --bridge_interface=eth1 --network_size=16 --multi_host=T --project_id=5f9281bca6854fe3974a457d81afd78c nova-manage network create --label=aotu1Tenant --fixed_range_v4=192.168.3.0/28 --num_networks=1 --gateway=192.168.3.9 --dns1=61.139.2.69 --vlan=300 --bridge=br300 --bridge_interface=eth2 --network_size=16 --multi_host=T --project_id=5f9281bca6854fe3974a457d81afd78c but the result is the newest created VM default gateway is still the IP address of br200 or br300 by the system, that means the factor of “gateway” and “dns1” in nova-mange network command did not work. The second way is to use dnsmasq.conf that Vish told me, that I set just dhcp_option=3,192.168.2.9. Yes it is useful for auto0Tenat VLAN, it can set auto0Tenant gateway to 192.168.2.9, but how to set others at the same time? Then I tried to use: Interface=vlan200 dhcp_option=3,192.168.2.9 Interface=vlan300 dhcp_option=3,192.168.3.9 Does it actually work to specify multiple interfaces in the dnsmasq conf file like that? I would have thought that the second values would override the first ones. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Filter Scheduler, a complete example
On Jun 11, 2012, at 11:41 AM, Christian Parpart wrote: Hi all, while I am still somewhat new to OpenStack, I was able to successfully deploy a 6-node OpenStack setup with 4 compute nodes, one controller node (yet to be HA'd) and one network node (yet to be HA'd). However, now, that I am that far, I am in need to create a custom filter, due to the companies requirements on what VMs to put on what hardware. Unfortunately, I am not yet that experienced in Python (know quite a few others, so I shouldn't have it that hard in getting into) and I - of course - don't know the Nova API as well as you do. So I am looking for a complete basic Hello World Filter Scheduler example, e.g. in form of a github repo, that I can fork off, and improve it, and learn Nova by doing. I could not really find anything that helpful yet, and I think it might be a wonderful entry-point for quite a few of us. Is there anyone willing to help us here out a bit? Many many thanks, Christian Parpart. ___ Christian: The admin docs have a chapter on scheduling that discusses the filter scheduler: http://docs.openstack.org/essex/openstack-compute/admin/content/ch_scheduling.html It's from a user's point, not a developer, but it does describe what all of the built-in filters do. You should be able to look at the corresponding code and see what they do pretty easily. Check out the nova/scheduler/filters directory which has the implementation of the existing filters: https://github.com/openstack/nova/tree/master/nova/scheduler/filters The simplest filter is the AllHostsFilter, which doesn't filter anything at all: https://github.com/openstack/nova/blob/master/nova/scheduler/filters/all_hosts_filter.py Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] memory allocation while creating a linux image
On Jun 11, 2012, at 9:10 PM, Udit Agarwal wrote: Hi, I am following the guide –“Openstack Compute Administration Manual”. I have a doubt on this page http://docs.openstack.org/trunk/openstack-compute/admin/content/creating-a-linux-image.html which talks about creating a linux image. The thing that I can’t understand is that the first line talks about creating a linux image of size 5G, but this allocation of 5G is done from which partition of our disk. Can anyone help me with this ?? Thanks in advance. --Udit Agarwal ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp Udit: I assume you are talking about this command: kvm-img create -f raw server.img 5G That will create a file called server.img in the current directory where you issued the command. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] how to set individual gateway for each VLAN or Tenant network?
Hey Nate: On Jun 11, 2012, at 2:17 PM, Nathanael Burton wrote: dnsmasq supports setting parameters such as the gateway IP and other settings based on tag. I have run a patched version of nova-network in the Diablo time that used the network DB label field as the network tag in dnsmasq. This then allows you to set custom configs by modifying the dnsmasq.conf file. This was done with VLANmanager. Are you able to share an exampleof a dnsmasq.conf file that uses tags to handle different config settings per network/VLAN? Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com Thanks Nate On Jun 11, 2012 2:09 PM, Lorin Hochstein lo...@nimbisservices.com wrote: On Jun 4, 2012, at 8:22 PM, romi zhang wrote: Hi, I am using VLAN network mode and will connect eth1 and eth2 of my compute node to the LAN Switch, and LAN switch will create individual VLAN IP interface for each Tenant/VLAN and then route to the NAT equipment,through SNAT/DNAT to touch internet. So, that needs I can set the default gateway of each Tenant VLAN to the different IP address of VLAN interface on the switch. I have the same question, I would love to know if you can set the gateways in VLAN mode. For example, my first tenant(auto0Tenant) is at VLAN200/br200/eth1/fix_ip range is 192.168.2.0/28 and second(aotu1Tenant) is VLAN300/br300/eth2/fix_ip_range 192.168.3.0/28, the VLAN interface ip address for them on switch is 192.168.2.9 and 192.168.3.9, I want to set the default gateway of VMs in auto0Tenant to 192.168.2.9 and 192.168.3.9 for aotu1Tenant’s VMs. I try to use two methods, the first is to use nova-command: nova-manage network create --label=auto0Tenat --fixed_range_v4=192.168.2.0/28 --num_networks=1 --gateway=192.168.2.9 --dns1=61.139.2.69 --vlan=200 --bridge=br200 --bridge_interface=eth1 --network_size=16 --multi_host=T --project_id=5f9281bca6854fe3974a457d81afd78c nova-manage network create --label=aotu1Tenant --fixed_range_v4=192.168.3.0/28 --num_networks=1 --gateway=192.168.3.9 --dns1=61.139.2.69 --vlan=300 --bridge=br300 --bridge_interface=eth2 --network_size=16 --multi_host=T --project_id=5f9281bca6854fe3974a457d81afd78c but the result is the newest created VM default gateway is still the IP address of br200 or br300 by the system, that means the factor of “gateway” and “dns1” in nova-mange network command did not work. The second way is to use dnsmasq.conf that Vish told me, that I set just dhcp_option=3,192.168.2.9. Yes it is useful for auto0Tenat VLAN, it can set auto0Tenant gateway to 192.168.2.9, but how to set others at the same time? Then I tried to use: Interface=vlan200 dhcp_option=3,192.168.2.9 Interface=vlan300 dhcp_option=3,192.168.3.9 Does it actually work to specify multiple interfaces in the dnsmasq conf file like that? I would have thought that the second values would override the first ones. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack-doc-core] Documenting policy.json stuff
All: I'm working on documenting the actions in the variously policy.json files. I just posted a WIP branch here: https://review.openstack.org/8347 Can I get some feedback on whether this is a reasonable structure for documenting all of these options? It renders OK in HTML, but currently it looks terrible in PDF because the action names are so long, I don't know how to fix that. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature -- Mailing list: https://launchpad.net/~openstack-doc-core Post to : openstack-doc-core@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack-doc-core More help : https://help.launchpad.net/ListHelp
Re: [Openstack] EBS-backed AMIs on nova: how?
David: I just submitted a documentation patch on how to do this: https://review.openstack.org/8134/ Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On Apr 24, 2012, at 7:56 AM, David Wragg wrote: Hi all, The feature comparison matrix at http://wiki.openstack.org/Nova/APIFeatureComparison has a row labelled AMI's backed by EBS, which suggests to me that there is a way to have nova-compute start a VM with its root store managed by nova-volume. But I haven't been able to find anything that shows how to achieve this. Can anyone provide a pointer? Thanks, David ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Openstack-operators] ERROR: Malformed request url (HTTP 400)
Hi Igor: The best place to report problems with the docs is to file a bug in the openstack-manuals project on launchpad: https://bugs.launchpad.net/openstack-manuals (You'll need to create a Launchpad account to report a bug if you don't have one yet). Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On May 30, 2012, at 3:10 PM, Igor Laskovy wrote: Hi all again! Just need clarification, in which way I can send a messages about mistakes in that docs? On Sun, May 13, 2012 at 6:47 PM, Igor Laskovy igor.lask...@gmail.com wrote: Well, instead of it I did use the real uuid of service tenant)) End, actually that clarify about %(tenant_id)s is exist at docs. BTW, for what reason needs to execute TENANT variable in the volume section? On May 13, 2012 5:55 PM, Dolph Mathews dolph.math...@gmail.com wrote: Igor, What did you use instead / how did you interpret that portion of the docs? I think we need to clarify in the docs that %(tenant_id)s is very intentional, and intended to be used exactly as written (and explain how it behaves) -- you're certainly not the first person to run into this kind of issue on endpoints. -Dolph On Sun, May 13, 2012 at 8:42 AM, Igor Laskovy igor.lask...@gmail.com wrote: Hello all, I have solved this problem)) For me it was incorrect built endpoints in keystone for nova and volume services. I thought that %(tenant_id)s is mistake as other mistakes in the installation guide (http://docs.openstack.org/trunk/openstack-compute/install/content/keystone-service-endpoint-create.html), but it wasn't . Thanks everybody for attention! On Sat, May 12, 2012 at 4:53 PM, Igor Laskovy igor.lask...@gmail.com wrote: Guys, I am still need help)) On May 10, 2012 9:45 PM, Igor Laskovy igor.lask...@gmail.com wrote: Hi Dolph and Kevin, thank you for your attention and sorry for delay reply. Here are what I have in nova-api.log : 2012-05-10 14:40:08 INFO nova.api.openstack.wsgi [req-c6b9ea76-bbe1-4796-a231-41fc41c7695f 50be127b9b7f49dcbf5ffea06d23d83a ebf29e67cbd445daa5ad09f76cdf69f9] GET http://192.168.1.71:8774/v2/7033300637bc4964a8d0a43649fcf898/images/detail 2012-05-10 14:40:08 DEBUG nova.api.openstack.wsgi [req-c6b9ea76-bbe1-4796-a231-41fc41c7695f 50be127b9b7f49dcbf5ffea06d23d83a ebf29e67cbd445daa5ad09f76cdf69f9] Unrecognized Content-Type provided in request from (pid=1005) get_body /usr/lib/python2.7/dist-packages/nova/api/openstack/wsgi.py:697 On Thu, May 10, 2012 at 2:27 AM, Dolph Mathews dolph.math...@gmail.com wrote: Hrm, good catch! I see no problems with that request at all... -Dolph Mathews On May 9, 2012, at 5:58 PM, Kevin L. Mitchell kevin.mitch...@rackspace.com wrote: On Wed, 2012-05-09 at 15:32 -0500, Dolph Mathews wrote: It also just occurred to me that perhaps you're using a *very* old novaclient against a more recent version of keystone? Actually, if you look a little more closely: $ nova --debug image-list connect: (192.168.1.71, 5000) send: 'POST /v2.0/tokens HTTP/1.1\r\nHost: 192.168.1.71:5000\r\nContent-Length: 117\r \ncontent-type: application/json\r\naccept-encoding: gzip, deflate\r \naccept: application/json\r\nuser-agent: python-novaclient\r\n \r\n{auth: {tenantName: labSpaceDemo, passwordCredentials: {username: adminUser, password: lfplhfgthvf}}}' The request body for Keystone is not, in fact, malformed. It would be interesting to look at the nova-api logs for this request… -- Kevin L. Mitchell kevin.mitch...@rackspace.com -- Igor Laskovy -- Igor Laskovy -- Igor Laskovy Kiev, Ukraine ___ Openstack-operators mailing list openstack-operat...@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Why is an image required when booting from volume
I'm trying to figure out boot from volume, both so I can use it and so I can add it to the docs. It seems that when calling nova boot or using Horizon, you need to specify an image. Why is that? I naively tried to create a volume image by creating a volume and then doing on my volume server: dd if=/tmp/precise-server-cloudimg-amd64-disk1.img of=/dev/nova-volumes/volume-000d Then I tried this: $ nova boot --flavor 2 --key_name lorin --block_device_mapping /dev/vda=13:::0 test Which generated an error: Invalid imageRef provided. (HTTP 400) If I try to specify an image, it at least attempts to boot: $ nova boot --flavor 2 --key_name lorin --block_device_mapping /dev/vda=13:::0 --image 7d6923d9-1c13-4405-ba0c-41c7487dd6bc test I noticed that the devstack example specifies an image: https://github.com/openstack-dev/devstack/blob/master/exercises/boot_from_volume.sh: VOL_VM_UUID=`nova boot --flavor $INSTANCE_TYPE --image $IMAGE --block_device_mapping vda=$VOLUME_ID:::0 --security_groups=$SECGROUP --key_name $KEY_NAME $VOL_INSTANCE_NAME | grep ' id ' | get_field 2` Looking at nova/api/openstack/compute/servers.py, it does look like _image_uuid_from_href() is called regardless of whether we are booting from volume or not. What is --image used for when booting from volume? Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Nova] Blueprint and core cleanup
On May 18, 2012, at 5:33 AM, Thierry Carrez wrote: Vishvananda Ishaya wrote: *Core Cleanup* [...] If a former core member has time to start participating in reviews again, i think he should be able to review for a couple of weeks or two and send an email to the list saying, Hey, I've got time to review again, can I be added back in. If we don't here any -1 votes by other core members for three days we will bring them back. In other words, its former members can be accelerated back into core. Sound reasonable? Yes. *Blueprint Cleanup* As I mentioned in my previous email, I've now obsoleted all blueprints not targetted to folsom. The blueprint system has been used for feature requests, and I don't think it is working because there is no one grabbing unassigned blueprints. I think it has to be up to the drafter of the blueprint to find a person/team to actually implement the blueprint or it will just sit there. Therefore I've removed all of the good idea blueprints. This was kind of sad, because there were some really good ideas there. We discussed for quite some time that wishlist bugs that don't get worked on for some time should be closed as Opinion/Wishlist... and use that search to get a nice list of things that sound like a good idea but nobody has had time to work on. Maybe we should create wishlist bugs for stuff on obsoleted blueprints, so that we have a single place to look for abandoned good ideas ? -- Thierry Carrez (ttx) Release Manager, OpenStack ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp +1 I think this is a great idea. There was definitely some good ideas in some of those obsoleted blueprints and I'd hate for us to lose track of them simply because the project doesn't currently have the resources to tackle them. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [nova-compute] vm migration problem
On May 22, 2012, at 6:08 PM, Soren Hansen wrote: 2012/5/21 Lorin Hochstein lo...@nimbisservices.com: Has anybody ever written a script that grabs the host public key from the instance's console and updates the .ssh/config/known_hosts file accordingly, instead of throwing away host key checking? That would be a handy little thing if it was out there. Ubuntu's cloud-utils package has a cloud-run-instances utility that does this. It's not exactly in the do-one-thing-and-do-it-well sort of category, but perhaps it's just what you need. Wow, I never knew about that package. Are all of those utils compatible with OpenStack? Are they documented everywhere? Now that we're adding distribution-specific content to the docs, these are probably worth a mention in the Ubuntu OpenStack install guide. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] confuse about keystone rule
Hi William: Some new documentation just landed that should clear things up: http://docs.openstack.org/trunk/openstack-compute/admin/content/keystone-concepts.html (Short answer: by default, only the admin role has meaning unless you edit the policy.conf files). Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On May 20, 2012, at 9:19 PM, William Herry wrote: Hi, I am a little confuse about keystone roles, there are several role like admin, Member, KeystoneAdmin, KeystoneServiceAdmin, sysadmin, netadmin, I want to know does those name have special means, or just a name and I can name my role with any name I like, if they have special means, why should I create them manually? can some one explain to me or give me some links? Thanks -- === William Herry williamherrych...@gmail.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Keystone 2012.1 - global and private endpoints
These are now in the docs: http://docs.openstack.org/trunk/openstack-compute/admin/content/keystone-concepts.html Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On May 12, 2012, at 8:43 AM, Leandro Reox wrote: Clear as crystal. Thanks a lot Lorin! i didnt see this reflected on the docs. Best Lean On May 12, 2012 8:45 AM, Lorin Hochstein lo...@nimbisservices.com wrote: Leandro: On May 10, 2012, at 10:58 AM, Leandro Reox wrote: Hi all, I was wondering if is there any way to create private and global endpoints in Keystone essex final, what for ? I have users defined for specific applications, for example i want that the images user, just to have access to the SWIFT endpoint, but no to nova, and etc In previous versions of Keystone, you can define is_global attribute for an endpoint, or create a direct relationship between a tenant and an endpoint if your endpoint was previously defined as non global. Is there any way to do this on the new Essex Final Keystone ? If not, how do i avoid the swift users to create instances on nova? The /etc/$APP/policy.json controls what users are allowed to do for $APP. For example, /etc/nova/policy.json controls this for nova, /etc/glance/policy.json controls glance. (I think swift uses a different scheme). If you want to restrict users from doing things in nova, you need to create a role in keystone and then modify /etc/nova/policy.json so that this role is required for nova operations. For example, you could create a role called novauser, and then /etc/nova/policy.json to require that role for every operation. I think it would look like this (haven't tried this myself): { admin_or_owner: [[role:admin], [project_id:%(project_id)s]], default: [[rule:admin_or_owner]], compute:create: [role:novauser], compute:create:attach_network: [role:novauser], compute:create:attach_volume: [role:novauser], compute:get_all: [role:novauser], admin_api: [[role:admin]], compute_extension:accounts: [[rule:admin_api]], compute_extension:admin_actions: [[rule:admin_api]], compute_extension:admin_actions:pause: [[rule:admin_or_owner]], compute_extension:admin_actions:unpause: [[rule:admin_or_owner]], compute_extension:admin_actions:suspend: [[rule:admin_or_owner]], compute_extension:admin_actions:resume: [[rule:admin_or_owner]], compute_extension:admin_actions:lock: [[rule:admin_api]], compute_extension:admin_actions:unlock: [[rule:admin_api]], compute_extension:admin_actions:resetNetwork: [[rule:admin_api]], compute_extension:admin_actions:injectNetworkInfo: [[rule:admin_api]], compute_extension:admin_actions:createBackup: [[rule:admin_or_owner]], compute_extension:admin_actions:migrateLive: [[rule:admin_api]], compute_extension:admin_actions:migrate: [[rule:admin_api]], compute_extension:aggregates: [[rule:admin_api]], compute_extension:certificates: [role:novauser], compute_extension:cloudpipe: [[rule:admin_api]], compute_extension:console_output: [role:novauser], compute_extension:consoles: [role:novauser], compute_extension:createserverext: [role:novauser], compute_extension:deferred_delete: [role:novauser], compute_extension:disk_config: [role:novauser], compute_extension:extended_server_attributes: [[rule:admin_api]], compute_extension:extended_status: [role:novauser], compute_extension:flavorextradata: [role:novauser], compute_extension:flavorextraspecs: [role:novauser], compute_extension:flavormanage: [[rule:admin_api]], compute_extension:floating_ip_dns: [role:novauser], compute_extension:floating_ip_pools: [role:novauser], compute_extension:floating_ips: [role:novauser], compute_extension:hosts: [[rule:admin_api]], compute_extension:keypairs: [role:novauser], compute_extension:multinic: [role:novauser], compute_extension:networks: [[rule:admin_api]], compute_extension:quotas: [role:novauser], compute_extension:rescue: [role:novauser], compute_extension:security_groups: [role:novauser], compute_extension:server_action_list: [[rule:admin_api]], compute_extension:server_diagnostics: [[rule:admin_api]], compute_extension:simple_tenant_usage:show: [[rule:admin_or_owner]], compute_extension:simple_tenant_usage:list: [[rule:admin_api]], compute_extension:users: [[rule:admin_api]], compute_extension:virtual_interfaces: [role:novauser], compute_extension:virtual_storage_arrays: [role:novauser], compute_extension:volumes: [role:novauser], compute_extension:volumetypes: [role:novauser], volume:create: [role:novauser], volume:get_all: [role:novauser], volume:get_volume_metadata: [role:novauser], volume:get_snapshot: [role:novauser], volume:get_all_snapshots
Re: [Openstack] [nova-compute] vm migration problem
Has anybody ever written a script that grabs the host public key from the instance's console and updates the .ssh/config/known_hosts file accordingly, instead of throwing away host key checking? That would be a handy little thing if it was out there. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On May 21, 2012, at 6:09 AM, Joe Breu wrote: Hi Eric, It would appear that the nova user on one of the compute nodes had at one time cached the SSH host key of the other node and now the key has changed. You can bypass this by adding the following to ~nova/.ssh/config on both compute nodes: Host * StrictHostKeyChecking no UserKnownHostsFile=/dev/null --- Joseph Breu Deployment Engineer Rackspace Cloud Builders 210-312-3508 On May 21, 2012, at 11:34 AM, Eric Luo wrote: Hello ,all. I have a two nodes installation . OS1 is the cloud controller ,and OS2 is a nova-compute node. I have a vm (name as vm1) running on OS1. When I use the command nova migrate vm1 The dashboard is showing the vm1 as : status :error ,task :Resize Prep I tail ed the nova-compute.log in OS1, and found the following error information while running the nova migrate vm1 command : Can someone please explain to me what does these error mean ,and what's wrong with my config ... 2012-05-21 17:20:45 ERROR nova.compute.manager [req-d0f494cb-e9d6-41d2-b6df-6faa432a644d 6ffaaedb60c24f5eb888319e1e387d75 0d7a5a12b6f54aa9bff986bf138bc0b7] Unex pected error while running command. Command: ssh 192.168.0.205 mkdir -p /var/lib/nova/instances/instance-000a Exit code: 255 Stdout: '' Stderr: 'Host key verification failed.\r\n'. Setting instance vm_state to ERROR 2012-05-21 17:20:45 ERROR nova.rpc.amqp [req-d0f494cb-e9d6-41d2-b6df-6faa432a644d 6ffaaedb60c24f5eb888319e1e387d75 0d7a5a12b6f54aa9bff986bf138bc0b7] Exception during message handling 2012-05-21 17:20:45 TRACE nova.rpc.amqp Traceback (most recent call last): 2012-05-21 17:20:45 TRACE nova.rpc.amqp File /usr/lib/python2.7/dist-packages/nova/rpc/amqp.py, line 252, in _process_data 2012-05-21 17:20:45 TRACE nova.rpc.amqp rval = node_func(context=ctxt, **node_args) 2012-05-21 17:20:45 TRACE nova.rpc.amqp File /usr/lib/python2.7/dist-packages/nova/exception.py, line 114, in wrapped 2012-05-21 17:20:45 TRACE nova.rpc.amqp return f(*args, **kw) 2012-05-21 17:20:45 TRACE nova.rpc.amqp File /usr/lib/python2.7/dist-packages/nova/compute/manager.py, line 153, in decorated_function 2012-05-21 17:20:45 TRACE nova.rpc.amqp function(self, context, instance_uuid, *args, **kwargs) 2012-05-21 17:20:45 TRACE nova.rpc.amqp File /usr/lib/python2.7/dist-packages/nova/compute/manager.py, line 177, in decorated_function 2012-05-21 17:20:45 TRACE nova.rpc.amqp sys.exc_info()) 2012-05-21 17:20:45 TRACE nova.rpc.amqp File /usr/lib/python2.7/contextlib.py, line 24, in __exit__ 2012-05-21 17:20:45 TRACE nova.rpc.amqp self.gen.next() 2012-05-21 17:20:45 TRACE nova.rpc.amqp File /usr/lib/python2.7/dist-packages/nova/compute/manager.py, line 171, in decorated_function 2012-05-21 17:20:45 TRACE nova.rpc.amqp return function(self, context, instance_uuid, *args, **kwargs) 2012-05-21 17:20:45 TRACE nova.rpc.amqp File /usr/lib/python2.7/dist-packages/nova/compute/manager.py, line 1330, in resize_instance 2012-05-21 17:20:45 TRACE nova.rpc.amqp self._set_instance_error_state(context, instance_uuid) 2012-05-21 17:20:45 TRACE nova.rpc.amqp File /usr/lib/python2.7/contextlib.py, line 24, in __exit__ 2012-05-21 17:20:45 TRACE nova.rpc.amqp self.gen.next() 2012-05-21 17:20:45 TRACE nova.rpc.amqp File /usr/lib/python2.7/dist-packages/nova/compute/manager.py, line 1325, in resize_instance 2012-05-21 17:20:45 TRACE nova.rpc.amqp instance_type_ref, self._legacy_nw_info(network_info)) 2012-05-21 17:20:45 TRACE nova.rpc.amqp File /usr/lib/python2.7/dist-packages/nova/exception.py, line 114, in wrapped 2012-05-21 17:20:45 TRACE nova.rpc.amqp return f(*args, **kw) 2012-05-21 17:20:45 TRACE nova.rpc.amqp File /usr/lib/python2.7/dist-packages/nova/virt/libvirt/connection.py, line 2363, in migrate_disk_and_power_off 2012-05-21 17:20:45 TRACE nova.rpc.amqp raise e 2012-05-21 17:20:45 TRACE nova.rpc.amqp ProcessExecutionError: Unexpected error while running command. 2012-05-21 17:20:45 TRACE nova.rpc.amqp Command: ssh 192.168.0.205 mkdir -p /var/lib/nova/instances/instance-000a 2012-05-21 17:20:45 TRACE nova.rpc.amqp Exit code: 255 2012-05-21 17:20:45 TRACE nova.rpc.amqp Stdout: '' 2012-05-21 17:20:45 TRACE nova.rpc.amqp Stderr: 'Host key verification failed.\r\n' 2012-05-21 17:20:45 TRACE nova.rpc.amqp ^C ___ Mailing list: https://launchpad.net/~openstack Post to : openstack
Re: [Openstack] python-swiftclient in gerrit
On May 21, 2012, at 6:25 AM, Chmouel Boudjnah wrote: Hi, As mentioned a couple of times we are splitting python-swiftclient out of swift, this is mostly ready to cut in its own gerrit project here : https://github.com/chmouel/python-swiftclient Are you planning on making it available through PyPi once it's broken out? Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack-doc-core] How should we mark up nova-* services?
I think monospace is fine for now. In the long run think I'd like a different font (not italics/bold) to make it visually distinct from literals, but I'm not sure what would look good, and I don't want to create too much visual noise. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On May 18, 2012, at 5:13 PM, David Cramer wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rather decide how you want it to render (monospace, bold, italics, quoted, red, green, different font size, different font, in a blink tag, or some combination) and let me know, I'll adjust the xslts and it will start doing that in the future (starting with that version of the plugin). David On 05/18/2012 04:01 PM, Razique Mahroua wrote: Thanks, so I can, basically run a formatting test, send you the xml file and you could show us how it'll render ? I've deployed the maven env. on my comp ^^ Razique David Cramer mailto:david.cra...@rackspace.com 18 mai 2012 21:18 Btw., I can make the html and pdf output (and the Oxygen wysioo view) do whatever you want for that markup (or for any other markup). David Razique Mahroua mailto:razique.mahr...@gmail.com 18 mai 2012 10:37 Hi all, it would be interesting to see if the markup systemitem class=service get interpreted for the html output, if so, we could give it a try. It would make the service designation in itself definitely clearer Best regards, Razique Anne Gentle mailto:a...@openstack.org 17 mai 2012 16:35 Thanks David for the guidance and Razique for knowing what our docs mostly do. :) I'm fine with adding the systemitem class=service markup and see what it gains us later. Does anyone prefer quotation marks around the service names or is there another output style you'd like? Thanks, Anne Anne Gentle | http://justwriteclick.com/ Facebook http://facebook.com/conversationandcommunityLinkedin http://linkedin.com/annegentleTwitter http://twitter.com/annegentle Razique Mahroua mailto:razique.mahr...@gmail.com 17 mai 2012 12:32 Actually it uses eg nova-volume is... I think 90% of the doc uses that convention. But it could be great to have a convention for it yes :) On Thu, 17 May 2012 05:21:40 +0200, David Cramer david.cra...@rackspace.com wrote: David Cramer mailto:david.cra...@rackspace.com 17 mai 2012 05:21 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You probably want: systemitem class=service http://www.docbook.org/tdg5/en/html/systemitem.html The things to think about in deciding whether to mark something like this up are: 1) Do I want to be able to have this thing formatted in a particular way? E.g. monospace, bold. 2) Do I want to be able to do something else later (index, cross reference, etc) with this term? If either are true, then you should have a policy of marking it up and agree on a tag to use. Typing systemitem class=service probably seems cumbersome, but I can add to oxygen a shortcut so that it feels like there's really a service tag. I.e. you press enter to pull up the context completion window, start typing systemitem...it autocompletes and you pick systemitem-service from thei list. Or we could even add a service tag to the schema. David -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPtG7BAAoJEMHeSXG7afUhNeAH/jmNOn4Iw7MKKQr9enFhUdq1 qL3xP6ixeqR+UZP0HrdTKchM2TLeljDY5gXLYKf1m9ZofIk5nnFKFBQGlACWC8Z3 TjmEQM8XtAJeflmmWWEqnwWZ3kcjz3ivFB79liHpnkqhaqECcDEAISDLcLn+2xSW SqckiyCusDMffdhSZIZAx9pfY5B6utBJlSdDJYNauM+ARlPOtVq9UREy/UwK5oAe QzAzg6u1WkxFOqp+TdlLhqOcGOqMucL4qGvMQ+xb6nDMYo0lMJeIrNWzJXDYRBhi UaEtg2N+lJeu2cPbrEj+R95DNQ9ovPhXjtv3n6Pi1HRN746f01thDR+6HGMNCA4= =s5qz -END PGP SIGNATURE- -- Nuage Co - Razique Mahroua razique.mahr...@gmail.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPtrtnAAoJEMHeSXG7afUhhRUH/jyYqZZV1pPL1/tw1848aVlP +nVwc1/RaHXj3h3W6zjQaKrCAkPE7wbLeLZD2OG+f7D7oPrIT4M+U1EXJgLf7SJk LMQz+5gJjXTMNxQxg8L4oLKuKv3GYcGR91A1G5Si3Fe6gSiFQr++mIaj9uVwGbWJ EOKz9owz0bC3kTXWzW4Kq4WU/al8ft8FXgzw4fYEgWZTY6esXCMsKeAKHAnQFEIN AYxI0hrOq8oYEXH68orXWX22MeR6yJl29lCJyHrh+6NWgisHDqIGSApmdMU5vU2L Ku9j8zMOuFknVQYWv2DlnRtWdyOOhmm7r/jY2TDdbj5zoD6AuOKAA0ZynWMUgOA= =CDl3 -END PGP SIGNATURE- -- Mailing list: https://launchpad.net/~openstack-doc-core Post to : openstack-doc-core@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack-doc-core More help : https://help.launchpad.net/ListHelp -- Mailing list: https://launchpad.net/~openstack-doc-core Post to : openstack-doc-core@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack-doc-core More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [openstack]create network project_id
Eric: root@node1:~# nova-manage network modify --fixed_range 10.0.6.0/24 --project f6a1 --host node1 I didn't know you could specify partial strings for uuids, i.e.: --project f6a1 instead of: --project f6a1c12cf10b43e68aa0952470f1bb56 Does that really work? Does that work everywhere or just for nova-manage? Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Error in documentation openstack install and deploy manual
Thanks, Alessandro. I've proposed a doc fix for these issues here: https://review.openstack.org/7442 Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On May 15, 2012, at 9:32 AM, Alessandro Tagliapietra wrote: I tried to install openstack following this guide, i think these things are wrong. I'm not sure so maybe it's intentional. 1) http://docs.openstack.org/trunk/openstack-compute/install/content/keystone-service-endpoint-create.html Defining the volume service there is this line: $ TENANT=eb7e0c10a99446cfa14c244374549e9d which i think is not needed. Later in image service defining this line is missing the escape char at the end of line --endpoint http://192.168.206.130:35357/v2.0/ 2) http://docs.openstack.org/trunk/openstack-compute/install/content/configure-glance-files.html The step about db version control and sync on ubuntu 12.04 should be done before the services restart else glance-registry will die after a few seconds due no tables found Best Regards Alessandro ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Problem with attaching disks to an instance
On May 15, 2012, at 1:27 PM, Vishvananda Ishaya wrote: FYI iscsi_ip_prefix doesn't exist in essex. That flag is referenced in the XenAPI code in essex: https://github.com/openstack/nova/blob/stable/essex/nova/virt/xenapi/volume_utils.py#L408 However, it doesn't appear anywhere else in essex. Is this a bug? Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Dhcp lease errors in vlan mode
On May 14, 2012, at 1:46 PM, Vishvananda Ishaya wrote: TL;DR To fix issues with failed dhcp leases in vlan mode, upgrade to dnsmasq 2.6.1[1] I attempted to document this issue in the docs: https://review.openstack.org/7403 (As an aside, we're using VLAN mode at Nimbis). Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Keystone 2012.1 - global and private endpoints
Unfortunately, It isn't in the docs yet. :( I'm hoping to find some time to add this to the docs in the next few days. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On May 12, 2012, at 8:43 AM, Leandro Reox wrote: Clear as crystal. Thanks a lot Lorin! i didnt see this reflected on the docs. Best Lean On May 12, 2012 8:45 AM, Lorin Hochstein lo...@nimbisservices.com wrote: Leandro: On May 10, 2012, at 10:58 AM, Leandro Reox wrote: Hi all, I was wondering if is there any way to create private and global endpoints in Keystone essex final, what for ? I have users defined for specific applications, for example i want that the images user, just to have access to the SWIFT endpoint, but no to nova, and etc In previous versions of Keystone, you can define is_global attribute for an endpoint, or create a direct relationship between a tenant and an endpoint if your endpoint was previously defined as non global. Is there any way to do this on the new Essex Final Keystone ? If not, how do i avoid the swift users to create instances on nova? The /etc/$APP/policy.json controls what users are allowed to do for $APP. For example, /etc/nova/policy.json controls this for nova, /etc/glance/policy.json controls glance. (I think swift uses a different scheme). If you want to restrict users from doing things in nova, you need to create a role in keystone and then modify /etc/nova/policy.json so that this role is required for nova operations. For example, you could create a role called novauser, and then /etc/nova/policy.json to require that role for every operation. I think it would look like this (haven't tried this myself): { admin_or_owner: [[role:admin], [project_id:%(project_id)s]], default: [[rule:admin_or_owner]], compute:create: [role:novauser], compute:create:attach_network: [role:novauser], compute:create:attach_volume: [role:novauser], compute:get_all: [role:novauser], admin_api: [[role:admin]], compute_extension:accounts: [[rule:admin_api]], compute_extension:admin_actions: [[rule:admin_api]], compute_extension:admin_actions:pause: [[rule:admin_or_owner]], compute_extension:admin_actions:unpause: [[rule:admin_or_owner]], compute_extension:admin_actions:suspend: [[rule:admin_or_owner]], compute_extension:admin_actions:resume: [[rule:admin_or_owner]], compute_extension:admin_actions:lock: [[rule:admin_api]], compute_extension:admin_actions:unlock: [[rule:admin_api]], compute_extension:admin_actions:resetNetwork: [[rule:admin_api]], compute_extension:admin_actions:injectNetworkInfo: [[rule:admin_api]], compute_extension:admin_actions:createBackup: [[rule:admin_or_owner]], compute_extension:admin_actions:migrateLive: [[rule:admin_api]], compute_extension:admin_actions:migrate: [[rule:admin_api]], compute_extension:aggregates: [[rule:admin_api]], compute_extension:certificates: [role:novauser], compute_extension:cloudpipe: [[rule:admin_api]], compute_extension:console_output: [role:novauser], compute_extension:consoles: [role:novauser], compute_extension:createserverext: [role:novauser], compute_extension:deferred_delete: [role:novauser], compute_extension:disk_config: [role:novauser], compute_extension:extended_server_attributes: [[rule:admin_api]], compute_extension:extended_status: [role:novauser], compute_extension:flavorextradata: [role:novauser], compute_extension:flavorextraspecs: [role:novauser], compute_extension:flavormanage: [[rule:admin_api]], compute_extension:floating_ip_dns: [role:novauser], compute_extension:floating_ip_pools: [role:novauser], compute_extension:floating_ips: [role:novauser], compute_extension:hosts: [[rule:admin_api]], compute_extension:keypairs: [role:novauser], compute_extension:multinic: [role:novauser], compute_extension:networks: [[rule:admin_api]], compute_extension:quotas: [role:novauser], compute_extension:rescue: [role:novauser], compute_extension:security_groups: [role:novauser], compute_extension:server_action_list: [[rule:admin_api]], compute_extension:server_diagnostics: [[rule:admin_api]], compute_extension:simple_tenant_usage:show: [[rule:admin_or_owner]], compute_extension:simple_tenant_usage:list: [[rule:admin_api]], compute_extension:users: [[rule:admin_api]], compute_extension:virtual_interfaces: [role:novauser], compute_extension:virtual_storage_arrays: [role:novauser], compute_extension:volumes: [role:novauser], compute_extension:volumetypes: [role:novauser], volume:create: [role:novauser], volume:get_all: [role:novauser], volume:get_volume_metadata: [role:novauser], volume:get_snapshot: [role:novauser], volume:get_all_snapshots
Re: [Openstack] [OpenStack][Keystone] Blueprint to store quota data in Keystone
On May 10, 2012, at 12:55 PM, Everett Toews wrote: Hi All, I've started a blueprint and spec to store quota data in Keystone. Please have a look if you're interested and any feedback is welcome. Of course, writing up the spec brought up number of questions for me. You can find more detail in the spec but here they are to get some more exposure. 1. For the keystone CLI I'm proposing using JSON for batch create, update, and delete of quotas. I don't believe this is done anywhere else in OpenStack. Good idea? Bad idea? My plan is to go with the JSON. If you're going to use json in the CLI for complex operations, I would recommend reading the json from stdin rather than passing it as a command-line flag. This means users could do either: echo {'key': 'value'} | keystone … or: keystone … batch.json Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Keystone client, user belongs to many tenants?
Are there any documented examples out there of how to use roles? I still have a hard time building a mental model of how the system works. In particular: Do I need to create a new role for every user-tenant pair? Or can I reuse the same role? Where are the semantics of roles specified? What I mean is, what determines what a role allows a user to do with a specific service? The examples I see always create a magical admin role, but how does, say, nova, know that this role is associated with admin privileges? Is it because the label is admin? What if I want to create a role that allows users in a tenant to have regular access to nova, but not to swift? How do I do that? Do I need to create a novaUser role? Where do I describe what a novaUser role means? In nova? In keystone? How? Pointer to an example here would be really helpful, would love to add this to the docs. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On May 10, 2012, at 3:50 AM, Dolph Mathews wrote: +1 The second way to accomplish this is exactly what keystone currently supports (explicit role grants), which didn't change between diablo and essex at all. The first method (using global unscopedness) was dropped because its just as confusing as you describe it. -Dolph Mathews On May 10, 2012, at 2:35 AM, Joseph Heck he...@mac.com wrote: Guang, I think you need to re-read the code. The association between a user and tenant is what the role represents, and its inaccurate to assert that a user is aligned only with a single tenant ever, that is not the case. A role is no longer global, specifically to avoid the tremendous confusion and inaccuracy of implementation about how to apply a role that relates a tenant and user along with a potential global role concept that was in the earliest implementations of Keystone. The current implementation is simpler and far more specific and clear in it's implementation. -joe On May 9, 2012, at 10:22 PM, Yee, Guang wrote: I think this use case underscores one of the key differences between the fat Keystone (Diablo - E3) and KSL (Essex final). In fat Keystone, users and tenants are loosely coupled. They are bind together by role assignments. In KSL, users and tenants are tightly coupled, and IMHO very inflexible. Maybe the following example would further clarify this … Suppose you have tenants Dodgers, Giants, and Brewers, user Bud Selid, roles Commissioner and Minority Owner, and service MLB. And you want Bud Selid to have the Commissioner role for Dodgers, Giants, and Brewers, but Minority Owner role for Brewers only. In fat Keystone, there a couple of ways you can accomplish this. 1) Make Commissioner a “global role” (unscoped) and assign it to user Bud Selid. Assign the Minority Owner role to Bud Selid for tenant Brewers by creating a role reference. When Bud Selid tries to access MLB with his unscoped token, MLB will get his Commissioner role back from Keystone. When Bud Selid tries to access MLB with his token scoped to Brewers, MLB will get both his Commissioner and Minority Owner roles back from Keystone. When Bud Selid tries to acess MLB with his token scoped to Giants or Dodgers, MLB will only get his Commissioner role back from Keystone. 2) Assign the Commissioner role to Bud Selid to tenants Giants, Dodgers, and Brewers individually by creating the respective role references. Assign the Minority Owner role to Bud Selid for tenant Brewers by creating another role reference. In this scenario, Bud Selid will always need a scoped token to access MLB. In KSL, there really aren’t any effective ways to accomplish the same thing. Global roles are no longer supported. A given user must assign to exactly one tenant. I suppose you can have Bud Selid under the “Default Tenant”, and assign both Commissioner and Minority Owner roles to him. But there are two major side effects. 1) Bud Selid must access MLB with the token scoped to the “Default Tenant” in order for MLB to recognize him as Commissioner. Which means he IS ALSO the Minority Owner for Dodgers, Giants, and Brewers. J 2) If Bud Selid tries to access MLB with the token scoped to either Giants, Dodgers, or Brewers, his a NOBODY. J The upcoming Domains blueprint (to be implemented for Folsom), which offers true multitenancy, should support these types of use cases. https://blueprints.launchpad.net/keystone/+spec/keystone-domains With Domains, you can create a MLB domain with tenants Dodgers, Giants, and Brewers. And have Bud Selid under the MLB domain. Notice that users will no longer be assigned to tenants. They will be under a domain. Create roles Commissioner and Minority Owner in the MLB domain. Assign the Commissioner role to Bud Selid, and the Minority Owner role scoped to Brewers. Suppose you have
Re: [Openstack] dimenssion of vnc console window
On May 9, 2012, at 6:06 AM, Staicu Gabriel wrote: Hi, I found a way to change the dimenssion of the window image for the vnc console. The file to be changed is: /usr/share/pyshared/horizon/dashboards/nova/templates/nova/instances_and_volumes/instances/_detail_vnc.html. The parameters are: width=1280 height=900 Regards, Gabriel Thanks, Gabriel. I proposed adding this info to the docs: https://review.openstack.org/7278 Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Keystone client, user belongs to many tenants?
On May 9, 2012, at 4:46 PM, Joshua Harlow wrote: A question, I am using anvil to setup the keystone roles/users/tenants. It seems like the python keystone client has the following command: client.users.create Which seems to take in the following: create(self, name, password, email, tenant_id=None, enabled=True): I would assume a user name can be used in multiple tenants but when I am trying to create a user that spans tenants and it seems like it borks. My guess is that once you have a user created, you would then use the client.tenants.add_user method to add the user to different tenants: add_user(tenant, user, role) I think you would do something like: user=client.users.create(…) role=… for tenant in other_tenants: client.tenants.add_user(tenant, user, role) ClientException: Conflict occurred attempting to store user. (IntegrityError) (1062, Duplicate entry 'admin' for key 'name') 'INSERT INTO user (id, name, extra) VALUES (%s, %s, %s)' ('3e14a9c1fd404c7e81c0dba8bd640575', 'admin', '{password: $6$rounds=4$yX5fL51OyGKjuPjr$8yv.S3GpqsKeaHv4GjNY4YW2vvykWzrEV7RX.qJpyy3CjmyXrZMRRJifEzfa7xv1l.NzoggQBXUAESn3Oqm0x/, enabled: true, email: ad...@example.com, tenantId: d1506184877a449a91fc6adcb553ad97}') (HTTP 409) Is this supposed to happen? Is the client supposed to send back this much info also (hashed password??) :-P Not sure about this one. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack-doc-core] Backporting doc fixes to essex
Now that the essex docs have been cut, how should we handle back porting doc fixes to the stable/essex branch? I've been proposing doc changes to master and then, once the master is approved, cherry-picking the commit and proposing to stable/essex . Is that the way we should be doing it? If so, how do we keep doc fixes from slipping through the cracks for authors who don't realize they need to submit a second merge proposal to stable/essex? Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature -- Mailing list: https://launchpad.net/~openstack-doc-core Post to : openstack-doc-core@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack-doc-core More help : https://help.launchpad.net/ListHelp
[Openstack] OpenStack support: KVM vs. QEMU
Are there any Nova features that work with KVM but don't work with QEMU? Either way, I'd like to capture this in the documentation I know that KVM is faster than QEMU because of hardware support, but I don't know if there's additional functionality that only works with KVM. The Hypervisor support matrix wiki page http://wiki.openstack.org/HypervisorSupportMatrix has no specific information on OpenStack features supported by KVM but not QEMU Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] (no subject)
On Apr 17, 2012, at 3:09 AM, Tomasz Paszkowski wrote: On Tue, Apr 17, 2012 at 5:07 AM, cloud...@hush.com wrote: While I've seen in the nova code some references/drivers to RBD, I couldn't find any documentation on how to use it concretely. Is there any howto or anywhere that I missed? you missed them. Where are these? Based on this email, I added some documentation here: http://docs.openstack.org/trunk/openstack-compute/admin/content/rados.html But if there's more documentation about using RBD with OpenStack, I would love to pull it into the docs. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack-doc-core] Documentation accuracy rating
Hi Anne: It's good to know the analytics data is there if we want to dig deeper. However, until somebody working on docs starts asking specific analytics-driven questions about the site usage, it's probably not worth setting up an automatic report emailed to the team. At least, I know I wouldn't spend much time looking at the report... Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On May 4, 2012, at 10:00 AM, Anne Gentle wrote: Hi all - Not a silly idea at all. We've had a request to the doc tools team for a while to get ratings on pages - annotations would be another great step. How to take action... so we did make the Cloud doc tool plugin open source before the summit. The first priority to me is to get anchor tags on api.openstack.org, and I've asked Matt Stephenson to take that on. Can we find another Java programmer who would like to work on a user story like one of these: As a reader of the OpenStack documentation, I'd like to quickly log a bug against a page that's out-dated. As a reader of the OpenStack documentation, I'd like to make a quick vote on how effective the page is. Joe Savak, can you put these request into the tracking system you want to use for the Cloud docs plugin? It can be openstack-manuals if you want. As for analytics, I've attached the weekly report. We've been collecting data since the site started and I find it informative but of course you have to interpret. I could set up the report to be emailed to this list weekly. What do you think? I can also do customized reports for particular pages or sections (volumes, networking, and so on). Thanks, Anne On Thu, May 3, 2012 at 1:32 PM, Lorin Hochstein lo...@nimbisservices.com wrote: On May 3, 2012, at 10:15 AM, Razique Mahroua wrote: Hey there, just had that silly idea : is it possible to rank/ note some part of the documentations ? The logic here is to gather from readers what are the pages they often read, and how much accurate they are . That would help to update the doc bugs importance, and also know for the docs what the readers are expecting from it : - incomplete sections - false directions - outdated examples - kick-ass section etc... Maybe I'm just rambling, possible I'd love a lightweight mechanism for annotating the documentation, where I can do something equivalent to taking a red pen, circling some text, and writing a comment in the margin. Also, As I recall from the summit, we also discussed collecting Google Analytics data on the HTML documentation hosted on docs.openstack.org(?). (I can't remember the outcome of that, though). Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com -- Mailing list: https://launchpad.net/~openstack-doc-core Post to : openstack-doc-core@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack-doc-core More help : https://help.launchpad.net/ListHelp Analytics_docs.openstack.org_20120423-20120429_(Weekly_Google_analytics_report).pdf smime.p7s Description: S/MIME cryptographic signature -- Mailing list: https://launchpad.net/~openstack-doc-core Post to : openstack-doc-core@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack-doc-core More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Compute State Machine diagram ... (orchestration? docs?)
I added these to the Nova developer docs here: https://review.openstack.org/7177 Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On May 3, 2012, at 8:26 PM, Sandy Walsh wrote: Even better, here's the Open/LibreOffice Impress original. Have at it! http://dl.dropbox.com/u/166877/PowerStates.odp (Added a walk-thru of run_instance() as well) Cheers, Sandy From: Lorin Hochstein [lo...@nimbisservices.com] Sent: Thursday, May 03, 2012 1:08 PM To: Sandy Walsh Cc: openstack@lists.launchpad.net Subject: Re: [Openstack] Compute State Machine diagram ... (orchestration? docs?) Hi Sandy: On May 2, 2012, at 12:10 PM, Sandy Walsh wrote: Here's a little diagram I did up this morning for the required vm_state / task_state transitions for compute api operations. http://dl.dropbox.com/u/166877/PowerStates.pdf Might be useful to the orchestration effort (or debugging in general) Nice! I'd like to add those diagrams to the Nova developer documentation that lives at nova.openstack.org. Can you export them as two png files? Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] heads up regarding keystone dev venv on an Ubuntu VM (VirtualBox)
Duncan: Are you using Vagrant? I saw a recent Vagrant update (1.0.3) that dealt with a networking issue with Ubuntu 12.04, but it was DNS-related: https://github.com/mitchellh/vagrant/commit/6f5a9d13f3afb64c3efacb7a0873226d68bba10a https://github.com/mitchellh/vagrant/commit/93d0821220dbe483bd1d129969ac18d914901bb4 Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On May 4, 2012, at 12:59 PM, Duncan McGreggor wrote: Updates: * Doug Hellmann narrowed this down to the network access that was happening with pip * Mark McClain further narrowed it down to VirtualBox's networking: with a NATed interface, big probs -- with a bridged interface, things go well. I haven't taken the time to check this on my own system, since I've got a working solution right now, but when I need to rebuild, I will check. Mark also mentioned that VBox networking sometimes does some weird stuff (rewriting headers or something) and that might be contributing to the problem. Hope this helps, d On Fri, May 4, 2012 at 12:40 PM, Duncan McGreggor dun...@dreamhost.com wrote: Hey folks, We're really pressed for time right now, so there are certain rabbit holes we can't dive down, but I wanted to bring this up in case it hasn't been seen yet. On Mac OS X 10.6 and 10.7, when running a 12.04 Ubuntu VM and setting up the dev env for Keystone, we get some madness. 10.6: VirtualBox instance aborts, leaving no traces of issue in system logs (that I could see) 10.7: VB dies, OS X kernel panics The second time, I watched carefully, and it happened as python-memcached was getting installed via pip in the .venv. So I built a third. That burned down, fell over, then sank into the swamp. But the fourth one stayed up after I removed .venv and changed tools/install_venv.py to enable system site-package use. d ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack-doc-core] Documentation accuracy rating
On May 3, 2012, at 10:15 AM, Razique Mahroua wrote: Hey there, just had that silly idea : is it possible to rank/ note some part of the documentations ? The logic here is to gather from readers what are the pages they often read, and how much accurate they are . That would help to update the doc bugs importance, and also know for the docs what the readers are expecting from it : - incomplete sections - false directions - outdated examples - kick-ass section etc... Maybe I'm just rambling, possible I'd love a lightweight mechanism for annotating the documentation, where I can do something equivalent to taking a red pen, circling some text, and writing a comment in the margin. Also, As I recall from the summit, we also discussed collecting Google Analytics data on the HTML documentation hosted on docs.openstack.org(?). (I can't remember the outcome of that, though). Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature -- Mailing list: https://launchpad.net/~openstack-doc-core Post to : openstack-doc-core@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack-doc-core More help : https://help.launchpad.net/ListHelp
[Openstack] [client] Where will client API libraries live?
(Apologies if this has been already answered in the mailing list, dealing with a large backlog of mailing list emails). With the current nova client (python-novaclient), there are Python bindings so you can write Python scripts that use the API without having to deal with the REST interface directly. Will the new unified CLI also provide Python bindings, so people can write Python scripts against the libraries that ship with the CLI (like python-novaclient)? Or is that out of scope? The original Etherpad says this http://etherpad.openstack.org/FolsumCLI does it include client API libraries? * not directly, abstract out common ancestor classes If that's the case, where are the client API libraries going to live? Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack-doc-core] Welcome to doc-core Russell Bryant!
On Apr 30, 2012, at 11:23 AM, Anne Gentle wrote: Hi all - I've invited Russell Bryant to join our ranks and he has graciously accepted. Welcome Russell! Thanks for all you've done so far with reviews, markup conventions, and content additions. Warmly, Anne Welcome aboard! Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature -- Mailing list: https://launchpad.net/~openstack-doc-core Post to : openstack-doc-core@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack-doc-core More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Using Foreign Keys
On Apr 26, 2012, at 12:03 PM, Monty Taylor wrote: On 04/26/2012 10:14 AM, Sean Dague wrote: On 04/25/2012 05:17 PM, Vishvananda Ishaya wrote: The main issue is when the relevant tables are moved into a separate service a la quantum or cinder. We can't keep referential integrity across multiple databases, so the foreign keys in this case need to be removed. It leads to an odd situation when there is still an internal implementation in addition to the external implementation because the internal implementation no longer has foreign keys. As an example, we used to have foreign key relationships between instances and networks. We can no longer have these because we support networks declared externally. The internal network management now has no referential integrity, but this is the price we pay for separation of concerns. We are going through a similar set of relationship-breaking with the volume code. There are definitely the practical aspects of where this can't be done because the services have split out, and I think that's fine. But enforcing the ref constraints where possible just provides another level of safety in the data. A policy where we break FK relationships if the preferred core model is 2 services (i.e. Nova / Quantum), but we add FK constraints within a service might be a good idea. I think the real key is to have a config option to tell sqlalchemy to not, even if we're running innodb, add the foreign keys to the DDL sent to the database. If sqlalchemy doesn't have that ability, we should write it and contribute it, because anyone using MySQL at scale via sqlalchemy actually wants the feature, whether they recognize it yet or not. I registered a blueprint for this: https://blueprints.launchpad.net/nova/+spec/disable-fkeys-by-config Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [OpenStack][Nova] Minimum required code coverage per file
On Apr 26, 2012, at 9:19 PM, Kevin L. Mitchell wrote: Kevin, should we start copying openstack-common tests to client projects? Or just make sure to not count openstack-common code in the code coverage numbers for client projects? That's a tough one. If we copy in the tests, they end up being somewhat redundant, but slow down the project unit tests, but on the other hand, we'd be able to easily demonstrate that that code works properly. I think I'd prefer if we just try to not count openstack-common code for code coverage numbers… I just submitted this to ignore openstack-common code in coverage calculations: https://review.openstack.org/6905 Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] proposal for Russell Bryant to be added to Nova Core
On Apr 27, 2012, at 11:09 AM, Dan Prince wrote: Russell Bryant wrote the Nova Qpid rpc implementation and is a member of the Nova security team. He has been helping chipping away at reviews and contributing to discussions for some time now. I'd like to seem him Nova core so he can help out w/ reviews... definitely the RPC ones. +1 Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] How does everyone build OpenStack disk images?
Broader question: what's the best place to capture this information? Right now, there's a chapter in the OpenStack Compute Admin Guide about images, but I'm tempted to break out a new document dedicated to creating and obtaining appropriate images that are compatible with OpenStack (or, more specifically, with OpenStack-supported hypervisors), and have that be accessible on docs.openstack.org. We could use the wiki, but I'm afraid most users wouldn't find it there, and this is a pretty critical issue for new users. Unless Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On Apr 26, 2012, at 7:04 AM, Michael Basnight wrote: In reddwarf for development we use Ubuntu-vm-builder. It works like a charm for creating qcow2 images. Sent from my digital shackles. On Apr 25, 2012, at 8:14 PM, Justin Santa Barbara jus...@fathomdb.com wrote: How does everyone build OpenStack disk images? The official documentation describes a manual process (boot VM with ISO), which is sub-optimal in terms of repeatability / automation / etc. I'm hoping we can do better! I posted how I do it on my blog, here: http://blog.justinsb.com/blog/2012/04/25/creating-an-openstack-image/ Please let me know the many ways in which I'm doing it wrong :-) I'm thinking we can have a discussion here, and then I can then compile the responses into a wiki page and/or a nice script... Justin ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] raw or qcow2
Since we're talking snapshots, quick doc-related snapshot questions: - Are snapshots only supported on qemu/kvm, or do they work with other hypervisors as well? (Does Xen support qcow2 images?) - Does OpenStack do anything with snapshots other than using them to generate new images? I was a little confused by the existence of the Snapshots pane in Diablo Horizon. I originally thought snapshotting was just a qemu/kvm implementation detail about how nova created a new image from a running instance, so I didn't understand why there was a Snapshots pane in addition to an Images pane. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On Apr 25, 2012, at 1:55 AM, Vishvananda Ishaya wrote: ? Did you mistype your comment or misread mine? Raw does NOT work for snapshots. snapshots only work for qcow2. Implementing snapshotting with raw would be possible. Logic just needs to be added to skip the internal snapshot step and just use the entire file when uploading to glance. This would be pretty darn slow for large images though. If you are asking about differencing images in glance that is a different question and one that we haven't addressed. It has a lot of implications and needs changes in both nova and glance to be useful. Logic needs to be added around dependency chains and coalescing. Plus it has implications when trying to migrate and resize instances, so there is a lot to consider. As caitlin mentioned, something will be implemented in the volume service anyway, so it might be better to wait and see what happens there. Vish On Apr 24, 2012, at 4:30 PM, Joshua Harlow wrote: What changes would be needed to make qcow2 files work as snapshots? Some type of image “dependency” management in glance (and failure cases) and the corresponding “dependency” fetching in nova (and failure cases)? Might be something pretty useful to have, instead of forcing raw for snapshots? On 4/24/12 3:51 PM, Vishvananda Ishaya vishvana...@gmail.com wrote: On Apr 17, 2012, at 2:04 AM, William Herry wrote: so, what changes should I make if I want use raw in openstack, I didn't find some configure option in nova.conf.sample I also try to modify the source code in nova/virt/libvirt/utils.py, and didn't succeed I noticed that the type of snapshot is same as the instance's image by default, does this right, and what about the type of model image that uploaded to glance, does it affect the disk type I use? Thanks snapshots will not work with raw images. To make openstack use raw images, you simply have to set: use_cow_images=false you can upload to glance in qcow or raw, it will be decoded to raw when the image is downloaded to the compute host. Vish ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] wsgi code duplication
On Apr 24, 2012, at 10:55 AM, Thompson Lee wrote: On Apr 24, 2012, at 9:28 AM, Ghe Rivero wrote: I have plans to try to move as much as possible into openstack-common. I will start with nova as a test bed and see what we get from there. My future plans include db code and tests (in the case of quantum, plugins test also have a lot of duplicated code). I register a bp for the wsgi issue: https://blueprints.launchpad.net/openstack-common/+spec/wsgi-common Ghe Rivero Is there a code metrics site that continually reports on metrics like duplication? Adding Ghe's report to a metric site would be the first step. That has always been a starting point as it gives code reviewers quick evaluation criteria to stop duplication before it ends up in trunk. Going at it directly fixes it looking backward but the duplication ends up back int the code eventually. The reports help fix the issue going forward. I don't know of any duplication metrics being calculated, but Jenkins continually reports test coverage metrics: https://jenkins.openstack.org/portlet/dashboard_portlet_30/ Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [OpenStack][Nova] Minimum required code coverage per file
On Apr 24, 2012, at 4:11 PM, Joe Gordon wrote: Hi All, I would like to propose a minimum required code coverage level per file in Nova. Say 80%. This would mean that any new feature/file should only be accepted if it has over 80% code coverage. Exceptions to this rule would be allowed for code that is covered by skipped tests (as long as 80% is reached when the tests are not skipped). I like the idea of looking at code coverage numbers. For any particular merge proposal, I'd also like to know whether it increases or decreases the overall code coverage of the project. I don't think we should gate on this, but it would be helpful for a reviewer to see that, especially for larger proposals. With 193 python files in nova/tests, Nova unit tests produce 85% overall code coverage (calculated with ./run_test.sh -c [1]). But 23% of files (125 files) have lower then 80% code coverage (30 tests skipped on my machine). Getting all files to hit the 80% code coverage mark should be one of the goals for Folsom. I would really like to see a visualization of the code coverage distribution, in order to help spot the outliers. Along these lines, there's been a lot of work in the software engineering research community about predicting which parts of the code are most likely to contain bugs (fault prone is a good keyword to find this stuff, e.g.: http://scholar.google.com/scholar?q=fault+prone, big names include Nachi Nagappan at MS Research and Elaine Weyuker, formerly of ATT Research). I would *love* to see some academic researchers try to apply those techniques to OpenStack to help guide QA activities by identifying which parts of the code should get more rigorous testing and review. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Quantum deployment on Essex
Salut Emilien! On Apr 20, 2012, at 12:22 PM, OpenStack-Lists wrote: Hi everyone, My name is Emilien, I'm a french student in University and I'm working on OpenStack for a internship project. I'm working on Quantum deployment at this time, and I would like to share with you my work. I have two physicals servers for playing, and I've setup a dual-node infrastructure with Essex on Ubuntu 12.04. Server 1 : Ubuntu 12.04 All nova services, Glance, Horizon, Keystone and Quantum-agent (coming soon). [snip] I can say now what is working and not : - All nova services : Yes, without VNC access (I have a 404 error, and I will fix it next week I think). This might be due to a known issue with the noVNC package that is distributed with Ubuntu 12.04: https://bugs.launchpad.net/ubuntu/+source/novnc/+bug/956949 I have heard that the noVNC fork maintained by Rackspace Cloud Builders works properly with Essex: https://github.com/cloudbuilders/noVNC/ Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] image_service=nova.image.s3.S3ImageService???
I'm updating the documentation for this page: http://docs.openstack.org/trunk/openstack-compute/admin/content/configuring-compute-to-use-the-image-service.html My question is: is there any use case where you would configure nova to do: image_service=nova.image.s3.S3ImageService Looking at the code, it seems like this would not even work. The S3ImageService defers several methods (e.g., index, create, delete) to the image service so by the image_service flag, so you'd get an infinite recursion. It appears like theS3ImageService can only be used as a wrapper around the default image service, and can't be a default image service on its own. I'm going to zap this as a valid option from the documentation (unless someone sets me straight here). Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] OpenStack Client Followup
I'm interested as well. I wasn't able to attend the session, but I'd like to see something akin to the proposed Human Interface Guideline http://wiki.openstack.org/Design for the CLI to ensure that the implementation achieves the goals spelled out in the Etherpad. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On Apr 19, 2012, at 1:57 PM, Matt Joyce wrote: I'd be down with helping out as well. On Thu, Apr 19, 2012 at 1:43 PM, Doug Hellmann doug.hellm...@dreamhost.com wrote: On Wed, Apr 18, 2012 at 11:07 PM, Dean Troyer dtro...@gmail.com wrote: We had a good discussion about a unified OpenStack command line client on Monday at the Design Summit. The notes are in the Etherpad at http://etherpad.openstack.org/FolsumCLI, I summarized my recollection at the bottom; those who were there feel free to add the bits I missed. One of the first things to do is to find out who is interested in contributing to this project.and hopefully coordinating some of the work with the other emerging project-specific clients. Send me an email and I'll build a list to get the discussion started. Count me in. We also should look for some consensus on the name of the command itself. 'oscli' is a placeholder, and while sufficiently short and unique for my tastes it is hard to pronounce and remember. The leading candidates I have heard at the summit so far are 'openstack' and 'stack'. Let's gather some feedback at the bottom of the Etherpad about this as I am sure there are other opinions out there. Thanks dt -- Dean Troyer dtro...@gmail.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] nova.conf query
Hi Salman: Can you send me a link to any docs that have the old --flag format? Lorin Sent from my iPad On Apr 16, 2012, at 6:17 AM, Salman Malik salma...@live.com wrote: Hi All, A quick question regarding nova.conf: How can I modify nova.conf and get it to work with devstack. The problem that I am facing is after modifying nova.conf, I have to reboot so as to restart services. But when I reboot, devstack needs to be reinstalled all over again using stack.sh and in the process it rewrites /etc/nova/nova.conf. Also according to documentation we can set flags in nova.conf using --flag_name=flag_value format. Is that an obsolete format ? (because the nova.conf that devstack creates don't have any -- in it). Please let me know how to effectively modify nova.conf so that the changes take effect (I am looking forward to change the network manager...) Thanks! Salman ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Endpoints problems
On Apr 12, 2012, at 6:44 PM, Pete Zaitcev wrote: On Thu, 12 Apr 2012 15:28:21 -0500 Anne Gentle a...@openstack.org wrote: keystone --token 012345SECRET99TOKEN012345 --endpoint http://192.168.206.130:35357/v2.0 endpoint-create \ [] --internalurl http://192.168.206.130:8774/v2/$(tenant_id)s I haven't fixed this yet because I'm not sure if the $(tenant_id)s is literal or which tenant_id specifically to use (the Service tenant for the adminurl possibly)? The expression $(tenant_id)s is really contained inside the pattern in the database. It is substituded with a specific tennant ID when an application makes its request. The weird syntax is inherited from Python, where one can use constructs like %s or %(key)s. My understanding (based on somebody's previous answer in the mailing list, or possibly one of the IRC channels) was that you could only do this with the template backend, and when you were using the database backend you had to explicitly add endpoints for each tenant that needed to talk to the API. Can you confirm that you can use the $(tenant_id)s syntax when the backend is set using the following keystone.conf entry: [catalog] driver = keystone.catalog.backends.sql.Catalog Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [OpenStack] preallocation
Vish: For documentation purposes, if the user wants to be able to do snapshots, what combinations of the following three variables are allowed? 1. original image format (qcow2 | raw) 2. use_cow_image flag (true | false) 3. force_raw_images flag (true | false) Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On Apr 10, 2012, at 1:32 AM, Vishvananda Ishaya wrote: You can disable using backing files with the following config: use_cow_images=false You should be aware that you likely won't be able to snapshot images unless you make sure to upload them all in qcow format and also set: force_raw_images=false On Apr 9, 2012, at 9:37 PM, William Herry wrote: Hi I read from an article that said use preallocation can improve disk I/O performance in kvm, when I add it to openstack, suck error come to me (nova.rpc.amqp): TRACE: Stderr: 'Backing file and preallocation cannot be used at the same time\nqemu-img: /usr/local/lib/python2.7/dist-packages/nova-2012.1-py2.7.egg/instances/instance-000e/disk: error while creating qcow2: Invalid argument\n' I was added it to utils.py in virt/libvirt directory (line 77) def create_cow_image(backing_file, path): Create COW image Creates a COW image with the given backing file :param backing_file: Existing image on which to base the COW image :param path: Desired location of the COW image execute(FLAGS.qemu_img, 'create', '-f', 'qcow2', '-o', 'preallocation=metadata,cluster_size=2M,backing_file=%s' % backing_file, path) here is the article: http://itscblog.tamu.edu/improve-disk-io-performance-in-kvm/ so what is Backing file for, can I disable it for use preallocation cause I can't got both Thanks -- === William Herry williamherrych...@gmail.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Doc] Docs meeting today, Monday 2000 UTC (3:00 CST)
Anne: Can you confirm the time? The wiki page says March 9, 2012, 2000 UTC (3:00 CST). But isn't 2000 UTC the same as 1:00 PM CDT? Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On Apr 9, 2012, at 10:57 AM, Anne Gentle wrote: Hi all, If you're interested in the state of the docs and planning docs sessions for the Design Summit, please attend this afternoon's doc team meeting. Feel free to add to the agenda at wiki.openstack.org/Meetings/DocTeamMeeting. Action items from the last meeting Design Summit planning General documentation status api.openstack.org site and extensions Open discussion Thanks, Anne ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Doc] Docs meeting today, Monday 2000 UTC (3:00 CST)
My fault, I just mixed up CDT and PDT in my head (I'm on EDT). Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On Apr 9, 2012, at 11:15 AM, Anne Gentle wrote: It used to be 2:00 CST but now it's 3:00 CST. Here's the UTC converter I used: http://timeanddate.com/worldclock/meetingtime.html?iso=20120409p1=400 Thanks for checking! Please confirm my methods are correct. :) Anne On Mon, Apr 9, 2012 at 10:13 AM, Lorin Hochstein lo...@nimbisservices.com wrote: Anne: Can you confirm the time? The wiki page says March 9, 2012, 2000 UTC (3:00 CST). But isn't 2000 UTC the same as 1:00 PM CDT? Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On Apr 9, 2012, at 10:57 AM, Anne Gentle wrote: Hi all, If you're interested in the state of the docs and planning docs sessions for the Design Summit, please attend this afternoon's doc team meeting. Feel free to add to the agenda at wiki.openstack.org/Meetings/DocTeamMeeting. Action items from the last meeting Design Summit planning General documentation status api.openstack.org site and extensions Open discussion Thanks, Anne ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] mock, mox, stubs, fakes, etc
mox and mock are two competing Python libraries for defining mock objects for unit tests. I think they're basically equivalent in terms of what you can do with them, but they use different styles: In mox the assertions are written before the code under test, and in mock the assertions are written after the code under test. I personally think mock is more Pythonic, and it's what I use on other projects. Mox is a port of a Java library, and mock was (AFAIK) written specifically for Python. Also, Mock has been accepted into the Python 3.3(?) standard library as a submodule of unit tests. However, mox has been the main mocking library used in Nova unit test for as long as I have been familiar with the code. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On Apr 8, 2012, at 4:06 PM, Joseph Heck wrote: Poking around through all various mechanisms we have to test and verify OpenStack - does anyone have a concise writeup on the various tools and techniques that we're using? I'm not familiar with the stubs or mock libraries, and a little familiar with mox. Is anyone who is familiar with them all willing to take a stab at outlining where they're individually most effective and useful? -joe ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] ESXi documentation..
On Apr 3, 2012, at 5:49 PM, Michael March wrote: I accidentally posted this on openstack-operat...@lists.openstack.org.. -- Forwarded message -- Everyone, After googlin' around I can not find any docs on how to setup OpenStack with ESXi as a hypervisor. This official link is dead: http://nova.openstack.org/vmwareapi_readme.html Does anyone have any links that might help in this endeavor? thanks! Hi Mike: That link was killed by this commit authored by Doug Hellmann about a month ago: https://github.com/openstack/nova/commit/c16cd04cf61fc Doug, do you recall why the vmwareapi_readme.rst docs got moved to the unused_docs list? Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] ESXi documentation..
Doug: I'm not sure. I'll port these to compute admin docs so it shows up in the OpenStack Compute Admin guide at docs.openstack.org. Mike, in the meantime, you can view this page by going to: https://github.com/openstack/nova/blob/master/doc/source/vmwareapi_readme.rst The missing block diagram is here: https://github.com/openstack/nova/blob/master/doc/source/images/vmwareapi_blockdiagram.jpg Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On Apr 4, 2012, at 1:43 PM, Doug Hellmann wrote: I think it was because it was not linked from any of the other rst files. Which table of contents should it be listed in? Doug On Apr 4, 2012, at 1:41 PM, Lorin Hochstein lo...@nimbisservices.com wrote: On Apr 3, 2012, at 5:49 PM, Michael March wrote: I accidentally posted this on openstack-operat...@lists.openstack.org.. -- Forwarded message -- Everyone, After googlin' around I can not find any docs on how to setup OpenStack with ESXi as a hypervisor. This official link is dead: http://nova.openstack.org/vmwareapi_readme.html Does anyone have any links that might help in this endeavor? thanks! Hi Mike: That link was killed by this commit authored by Doug Hellmann about a month ago: https://github.com/openstack/nova/commit/c16cd04cf61fc Doug, do you recall why the vmwareapi_readme.rst docs got moved to the unused_docs list? Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Doc review request for keystone install
All: I proposed a change in the OpenStack Install and Deploy manual https://review.openstack.org/6085 to fix bug https://bugs.launchpad.net/openstack-manuals/+bug/968679. However, I'm not a keystone expert, and would appreciate it if somebody familiar with installing keystone could take a look and do a sanity check. I based my changes on http://www.hastexo.com/resources/docs/installing-openstack-essex-4-ubuntu-1204-precise-pangolin/step-3-install-and-configur. Also, it's unclear to me whether the official recommended practice is to manually create the service catalog entries so they are stored in the database backend (as was originally documented and seems to be the default Ubuntu package setup) or to use the templated catalog file (as suggested by that blog entry and used by devstack). Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Documenting public sites with VM images
All: I'm working on a doc update on where to download VM images that work with OpenStack https://review.openstack.org/6055. So far, I've got sections on CirrOS (Scott Moser's test image), Ubuntu and Fedora. Are there any other projects out there that have downloadable images that we can point users to? Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] multiple floating ip pools
Vish: Are floating IP pools (--pool) documented anywhere? I did a quick look but couldn't find it in the main docs. Take care, Lorin Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On Mar 30, 2012, at 2:18 PM, Vishvananda Ishaya wrote: Floating ip pools allow you to specify a different ip range and bind interface for sets of ips, so it will work for segregation purposes. There isn't policy acl on which pool the ip comes from but it could be added. The policy wrapping in the network layer is very basic right now. The underlying objects aren't passed in so we can't set policies based on (for example) pool name. If/when the policy wrapping is improved to include more information that is a possibility. Vish On Mar 30, 2012, at 6:23 AM, Kevin Jackson wrote: I'm also interested in providing multiple floating IP pools. Is this something that is achievable or conceived? My use case is as follows: Each tenant gets its own private VLAN and address space, so intercommunication between each tenant is able to be segregated. On assignment of public floating IPs though this segregation breaks down. To put this into context, I'd like to be able to have, say, a Production tenant and a Development tenant. Inter-communication between the two should be prohibited. As soon as I assign a floating IP address, this model breaks down. I noticed that nova-manage floating create has a ' --pool=pool Optional pool ' option. How is this used? Does this help solve my problem? Cheers, Kev On 6 February 2012 18:46, Xu (Simon) Chen xche...@gmail.com wrote: Hi all, I am running devstack and got a dev instance of OpenStack running. I am happy to see the concept of multiple floating IP pools, and the per-floating-ip interface in the trunk, which I consider a very good basis for my blueprint proposal here: https://blueprints.launchpad.net/nova/+spec/multi-network-without-multi-nic I have a quick question. Is there a plan (or maybe it's already there) for access control whether a project is allowed to take floating IPs from a pool? Thanks! -Simon ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp -- Kevin Jackson @itarchitectkev ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp