Re: [openstack-dev] [Ceilometer] Is that possible to implement new APIs for horizon to show the usage report and charts?

2013-07-25 Thread Brooklyn Chen
Thanks for your reply. 1.Actually, statistics is used by horizon now to render the tables and grouping by resource is needed. The number of http requests should be reduced to speed up the page loading. 2. /statistics can't do this. You know, horizon may need hundreds or thousands of value to

Re: [openstack-dev] [Ceilometer] Is that possible to implement new APIs for horizon to show the usage report and charts?

2013-07-25 Thread Brooklyn Chen
Thanks for your reply. 1.Actually, statistics is used by horizon now to render the tables and grouping by resource is needed. The number of http requests should be reduced to speed up the page loading. 2. /statistics can't do this. You know, horizon may need hundreds or thousands of value to

Re: [openstack-dev] [Openstack-dev][nova] Disable per-user rate limiting by default

2013-07-25 Thread Rosa, Andrea (HP Cloud Services)
I'd like to turn it off by default, as already pointed in [1] I think the rate limiting should be managed by something else (for example load balancers) in front of the API. Regards -- Andrea Rosa [1] http://www.gossamer-threads.com/lists/openstack/operators/28599 From: Joe Gordon

Re: [openstack-dev] [keystone] Extending policy checking to include target entities

2013-07-25 Thread David Chadwick
I have responded to your post, as I dont think it solves the identified problem regards David On 24/07/2013 23:26, Tiwari, Arvind wrote: I have added my proposal @ https://etherpad.openstack.org/api_policy_on_target. Thanks, Arvind -Original Message- From: Henry Nash

Re: [openstack-dev] [Stackalytics] 0.1 release

2013-07-25 Thread Gareth
A suggestion: sort bugs number as int is much better than string, because '112' '8' but actually 112 8 http://stackalytics.com/companies/unitedstack On Thu, Jul 25, 2013 at 9:31 AM, Alex Freedland afreedl...@mirantis.comwrote: Roman, Thank you for your comment. I agree that is should not

Re: [openstack-dev] [Neutron] Chalenges with highly available service VMs - port adn security group options.

2013-07-25 Thread Samuel Bercovici
Hi, I had to patch the security groups to add the following rule, otherwise broadcast is blocked: -m pkttype --pkt-type multicast -j RETURN Ex: In /opt/stack/quantum/quantum/agent/linux/iptables_firewall.py def _allow_multicats_rule(self, iptables_rules): iptables_rules += ['-m

[openstack-dev] [savanna] Team meeting reminder July 25 18:00 UTC

2013-07-25 Thread Sergey Lukjanov
Hi folks, We'll be have the Savanna team meeting today as usual in #openstack-meeting-alt channel. Agenda: https://wiki.openstack.org/wiki/Meetings/SavannaAgenda#Agenda_for_July.2C_25 http://www.timeanddate.com/worldclock/fixedtime.html?msg=Savanna+Meetingiso=20130725T18 Sincerely yours,

Re: [openstack-dev] [tripleo] removing sudoers.d rules from disk-image-builder

2013-07-25 Thread Derek Higgins
On 25/07/13 09:41, Chris Jones wrote: Hi On 24 July 2013 22:18, Derek Higgins der...@redhat.com mailto:der...@redhat.com wrote: - setup passwordless sudo or Doesn't sound like a super awesome option to me, it places an ugly security problem on anyone wanting to set this up anywhere,

Re: [openstack-dev] Usage of mox through out the Openstack project.

2013-07-25 Thread Mark McClain
On Jul 25, 2013, at 4:01 AM, Julien Danjou jul...@danjou.info wrote: On Wed, Jul 24 2013, Russell Bryant wrote: A practical approach would probably be: 1) Prefer mock for new tests. 2) Use suggestion #2 above to mitigate the Python 3 concern. 3) Convert tests to mock over time,

[openstack-dev] [qa] QA discussions moving to openstack-dev mailing list

2013-07-25 Thread Sean Dague
Last week we decided on the QA meeting to deprecate the openstack-qa list and drive out conversations on openstack-dev instead, using the [qa] tag. We're still figuring out if there will be an alias for compatibility or not, but until then, please send your traffic over to openstack-dev.

[openstack-dev] [qa] Reminder - Weekly QA Meeting 17:00 UTC today (Thursday)

2013-07-25 Thread Sean Dague
So far we have the following proposed agenda items: * Blueprints (sdague) - Current state of implementation * WebDav status codes in nova? Consistently using the 404 or 422 on actions. * Adding test cases with skip attribute vote? Exact rule (afazekas) * py26 compatibility (afazekas) *

[openstack-dev] [nova] 422 status codes from API

2013-07-25 Thread Sean Dague
Some new tempest tests have been showing up that push deeper into the Nova API, and popping out seem to be a lot of places where we are returning 422 status codes. 422 is WebDav reserved code, not in a proper HTTP spec (WebDAV; RFC 4918), and a lot of the other projects have purged it out of

Re: [openstack-dev] Usage of mox through out the Openstack project.

2013-07-25 Thread Julien Danjou
On Thu, Jul 25 2013, Mark McClain wrote: The Neutron project has been enforcing this approach for about a year now. We're down to 8 files that still rely on Mox. Awesome, we'll have to bring Python 3 badges at the next summit for Neutron devs. ;) -- Julien Danjou /* Free Software hacker *

Re: [openstack-dev] [nova] 422 status codes from API

2013-07-25 Thread John Griffith
Just as a data point, we considered these a *bug* in Cinder and fixed them as I recall. On Thu, Jul 25, 2013 at 8:29 AM, Sean Dague s...@dague.net wrote: Some new tempest tests have been showing up that push deeper into the Nova API, and popping out seem to be a lot of places where we are

Re: [openstack-dev] [openstack-qa] [qa] A tempest test cann't pass gate-grenade-devstack-vm

2013-07-25 Thread Matthew Treinish
On Thu, Jul 25, 2013 at 10:16:54AM +0930, Christopher Yeoh wrote: On Wed, 24 Jul 2013 10:22:32 -0400 Matthew Treinish mtrein...@kortar.org wrote: On Wed, Jul 24, 2013 at 10:48:19PM +0930, Christopher Yeoh wrote: On Wed, 24 Jul 2013 21:08:03 +0800 Zhu Bo bo...@linux.vnet.ibm.com wrote:

Re: [openstack-dev] [Heat] Multi region support for Heat

2013-07-25 Thread Bartosz Górski
First of all sorry for the late reply. I needed some time to understand you vision and check a few things. On 07/24/2013 08:40 AM, Clint Byrum wrote: Excerpts from Adrian Otto's message of 2013-07-23 21:22:14 -0700: Clint, On Jul 23, 2013, at 10:03 AM, Clint Byrum cl...@fewbar.com wrote:

Re: [openstack-dev] [savanna] scalable architecture

2013-07-25 Thread Sergey Lukjanov
Hi Matt, thank you for your comments. First of all, I want to say that personally I like the approach with agents because of much more theoretical flexibility and scalability. I want to share several overall comments of using agents. We’ve already discussed such approach several times

[openstack-dev] [keystone] Does authorization not needed on “/auth/tokens” API??

2013-07-25 Thread Tiwari, Arvind
Thanks David. Since we are discussing authorization and access control, I would like to gain little attention on the below bug which basically propose authorization check on identity:check_token, identity:validate_token and identity:revoke_token APIs

Re: [openstack-dev] [nova] 422 status codes from API

2013-07-25 Thread Russell Bryant
On 07/25/2013 10:29 AM, Sean Dague wrote: Some new tempest tests have been showing up that push deeper into the Nova API, and popping out seem to be a lot of places where we are returning 422 status codes. 422 is WebDav reserved code, not in a proper HTTP spec (WebDAV; RFC 4918), and a lot

Re: [openstack-dev] [savanna] scalable architecture

2013-07-25 Thread Joe Gordon
On Jul 23, 2013 12:34 PM, Sergey Lukjanov slukja...@mirantis.com wrote: Hi evereyone, We’ve started working on upgrading Savanna architecture in version 0.3 to make it horizontally scalable. The most part of information is in the wiki page -

Re: [openstack-dev] [Openstack-dev][nova] Disable per-user rate limiting by default

2013-07-25 Thread Day, Phil
+1 to turning it off. Having something that doesn't really work on by default now we have a threaded API is just wrong From: Rosa, Andrea (HP Cloud Services) Sent: 25 July 2013 09:35 To: OpenStack Development Mailing List Subject: Re: [openstack-dev] [Openstack-dev][nova] Disable per-user rate

Re: [openstack-dev] [keystone] Does authorization not needed on “/auth/tokens” API??

2013-07-25 Thread David Chadwick
Hi Arvind thanks for pointing me to this issue, which I was not aware of. I have posted my twopence worth to the bug. Basically I agree with you, that if you want audit of third parties revoking tokens, then you need the token of the subject to be revoked and the third party requesting it.

[openstack-dev] [Netron] Allow OVS default veth MTU to be configured.

2013-07-25 Thread Jun Cheol Park
Neutron Core Reviewers, Could you please review and approve the following bug fix? https://review.openstack.org/#/c/27937/ Thanks, -Jun ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org

Re: [openstack-dev] [Heat] Multi region support for Heat

2013-07-25 Thread Zane Bitter
On 25/07/13 17:08, Bartosz Górski wrote: First of all sorry for the late reply. I needed some time to understand you vision and check a few things. On 07/24/2013 08:40 AM, Clint Byrum wrote: Excerpts from Adrian Otto's message of 2013-07-23 21:22:14 -0700: Clint, On Jul 23, 2013, at 10:03

Re: [openstack-dev] [Swift] question on Application class concurrency; paste.app_factory mechanism

2013-07-25 Thread Pete Zaitcev
On Wed, 24 Jul 2013 02:31:45 + Luse, Paul E paul.e.l...@intel.com wrote: I was thinking that each connection would get its own instance thus it would be sage to store connection-transient information there but I was surprised by my quick test. Yeah, you have it tracked in __call__,

Re: [openstack-dev] [Heat] Multi region support for Heat

2013-07-25 Thread Bartosz Górski
On 07/25/2013 06:38 PM, Zane Bitter wrote: On 25/07/13 17:08, Bartosz Górski wrote: First of all sorry for the late reply. I needed some time to understand you vision and check a few things. On 07/24/2013 08:40 AM, Clint Byrum wrote: Excerpts from Adrian Otto's message of 2013-07-23 21:22:14

Re: [openstack-dev] Discussing Amazon API compatibility [Nova][Swift]

2013-07-25 Thread Vishvananda Ishaya
On Jul 24, 2013, at 8:51 AM, Stefano Maffulli stef...@openstack.org wrote: Hello I have seen lots of discussions on blogs and twitter heating up around Amazon API compatibility and OpenStack. This seems like a recurring topic, often raised by pundits and recently joined by members of the

Re: [openstack-dev] [tripleo] removing sudoers.d rules from disk-image-builder

2013-07-25 Thread Chris Jones
Hi On 25 July 2013 14:20, Derek Higgins der...@redhat.com wrote: which only gives people an incorrect sense of security. I agree with your analysis of the effects of the sudoers file and I think it makes a great argument for recommending people run the main command itself with sudo, rather

Re: [openstack-dev] [keystone] Does authorization not needed on “/auth/tokens” API??

2013-07-25 Thread Adam Young
On 07/25/2013 01:03 PM, Tiwari, Arvind wrote: Thanks David for your comments. I will try to fix it as per my suggestion in bug. Arvind -Original Message- From: David Chadwick [mailto:d.w.chadw...@kent.ac.uk] Sent: Thursday, July 25, 2013 10:27 AM To: Tiwari, Arvind Cc: OpenStack

[openstack-dev] Python overhead for rootwrap

2013-07-25 Thread Joe Gordon
Hi All, We have recently hit some performance issues with nova-network. It turns out the root cause of this was we do roughly 20 rootwrapped shell commands, many inside of global locks. (https://bugs.launchpad.net/oslo/+bug/1199433) It turns out starting python itself, has a fairly significant

Re: [openstack-dev] [Openstack-dev][nova] Disable per-user rate limiting by default

2013-07-25 Thread Davanum Srinivas
+1 to turn it off -- dims On Thu, Jul 25, 2013 at 12:07 PM, Day, Phil philip@hp.com wrote: +1 to turning it off. Having something that doesn’t really work on by default now we have a threaded API is just wrong From: Rosa, Andrea (HP Cloud Services) Sent: 25 July 2013 09:35 To:

Re: [openstack-dev] Python overhead for rootwrap

2013-07-25 Thread Mike Wilson
In my opinion: 1. Stop using rootwrap completely and get strong argument checking support into sudo (regex). 2. Some sort of long lived rootwrap process, either forked by the service that want's to shell out or a general purpose rootwrapd type thing. I prefer #1 because it's surprising that sudo

Re: [openstack-dev] Python overhead for rootwrap

2013-07-25 Thread Russell Bryant
On 07/25/2013 04:40 PM, Mike Wilson wrote: In my opinion: 1. Stop using rootwrap completely and get strong argument checking support into sudo (regex). 2. Some sort of long lived rootwrap process, either forked by the service that want's to shell out or a general purpose rootwrapd type

Re: [openstack-dev] Python overhead for rootwrap

2013-07-25 Thread Thierry Carrez
Russell Bryant wrote: On 07/25/2013 04:40 PM, Mike Wilson wrote: In my opinion: 1. Stop using rootwrap completely and get strong argument checking support into sudo (regex). 2. Some sort of long lived rootwrap process, either forked by the service that want's to shell out or a general

Re: [openstack-dev] [Stackalytics] 0.1 release

2013-07-25 Thread Alex Freedland
Thank you Gareth, this makes total sense. We will make sure to include this in the next release. Alex Freedland Mirantis, Inc. On Thu, Jul 25, 2013 at 3:21 AM, Gareth academicgar...@gmail.com wrote: A suggestion: sort bugs number as int is much better than string, because '112' '8' but

[openstack-dev] [Glance] property protections -- final call for comments

2013-07-25 Thread Brian Rosmaita
After lots of discussion, I think we've come to a consensus on what property protections should look like in Glance. Please reply with comments! The blueprint: https://blueprints.launchpad.net/glance/+spec/api-v2-property-protection The full specification:

Re: [openstack-dev] Discussing Amazon API compatibility [Nova][Swift]

2013-07-25 Thread Thierry Carrez
Stefano Maffulli wrote: I have seen lots of discussions on blogs and twitter heating up around Amazon API compatibility and OpenStack. This seems like a recurring topic, often raised by pundits and recently joined by members of the community. I think it's time to bring the discussions inside

Re: [openstack-dev] Discussing Amazon API compatibility [Nova][Swift]

2013-07-25 Thread Russell Bryant
On 07/25/2013 06:11 PM, Thierry Carrez wrote: Stefano Maffulli wrote: I have seen lots of discussions on blogs and twitter heating up around Amazon API compatibility and OpenStack. This seems like a recurring topic, often raised by pundits and recently joined by members of the community. I

Re: [openstack-dev] Discussing Amazon API compatibility [Nova][Swift]

2013-07-25 Thread Michael Still
On Fri, Jul 26, 2013 at 8:30 AM, Russell Bryant rbry...@redhat.com wrote: If an external proxy (like AWSOME) is what you want, one of those already exists (at least for the EC2 API). http://deltacloud.apache.org/ It supports EC2 on the frontend and the OpenStack compute API on the backend.

Re: [openstack-dev] Python overhead for rootwrap

2013-07-25 Thread Michael Still
On Fri, Jul 26, 2013 at 7:43 AM, Thierry Carrez thie...@openstack.org wrote: I would rather support solution 3: create a single, separate executable that does those 20 things that need to be done (can be a shell script with some logic in it), and have rootwrap call that *once*. That way you

Re: [openstack-dev] [Stackalytics] 0.1 release [metrics]

2013-07-25 Thread Stefano Maffulli
On 07/23/2013 07:25 AM, Roman Prykhodchenko wrote: I still think counting lines of code is evil because it might encourage some developers to write longer code just for statistics. Data becomes evil when you decide to use them for evil purposes :) I don't think that lines of code is a bad

Re: [openstack-dev] [Openstack-dev][nova] Disable per-user rate limiting by default

2013-07-25 Thread Joshua Harlow
You mean process/forking API right? Honestly I'd sort of think the whole limits.py that is this rate-limiting could also be turned off by default (or a log warn message occurs) when multi-process nova-api is used since the control for that paste module actually returns the currently enforced

Re: [openstack-dev] [Swift] question on Application class concurrency; paste.app_factory mechanism

2013-07-25 Thread Luse, Paul E
Thanks for the reply Pete. Don't quite follow you so will continue to do some reading and experimenting and see if I can't come up some additional questions... Thx Paul -Original Message- From: Pete Zaitcev [mailto:zait...@redhat.com] Sent: Thursday, July 25, 2013 9:51 AM To:

[openstack-dev] [OpenStack][Cinder] Driver qualification

2013-07-25 Thread John Griffith
Hey Everyone, Something I've been kicking around for quite a while now but never really been able to get around to is the idea of requiring that drivers in Cinder run a qualification test and submit results prior to introduction in to Cinder. To elaborate a bit, the idea could start as something

Re: [openstack-dev] [OpenStack][Cinder] Driver qualification

2013-07-25 Thread Russell Bryant
On 07/25/2013 08:44 PM, John Griffith wrote: Hey Everyone, Something I've been kicking around for quite a while now but never really been able to get around to is the idea of requiring that drivers in Cinder run a qualification test and submit results prior to introduction in to Cinder. In

Re: [openstack-dev] [OpenStack][Cinder] Driver qualification

2013-07-25 Thread Joshua Harlow
100% agree, its hard to handle these 3rd party type of drivers but I think we need to find out a way that will test it in a way that doesn't require having said 3rd party gear directly available. Could it be possible to have CI gating be blocked/tested by individual subfolders of cinder. For

Re: [openstack-dev] [OpenStack][Cinder] Driver qualification

2013-07-25 Thread Huang Zhiteng
Great idea and 100% agree. It'd be even better if maintainer can publish functional test results using their own back-ends on a regular basis (weekly/bi-weekly test report) to 'openstack-dev' mailing list. On Fri, Jul 26, 2013 at 9:05 AM, Joshua Harlow harlo...@yahoo-inc.comwrote: 100%

Re: [openstack-dev] [OpenStack][Cinder] Driver qualification

2013-07-25 Thread John Griffith
On Thu, Jul 25, 2013 at 7:37 PM, yang, xing xing.y...@emc.com wrote: +1. I like this idea. With this qualification test, is each driver still required to have its own unit test? Keep in mind this is just a proposal that I wanted to get feed-back on, I'll likely submit something more

[openstack-dev] [Keystone] Alembic support

2013-07-25 Thread Adam Young
I've been looking into Alembic support. It seems that there is one thing missing that I was counting on: multiple migration repos. It might be supported, but the docs are thin, and reports vary. In the current Keystone implementation, we have a table like this: mysql desc migrate_version;

Re: [openstack-dev] [Keystone] Alembic support

2013-07-25 Thread Morgan Fainberg
+1 to getting the multiple repos in place. Moving to Alembric later on in H or even as the first commit of I should meet our goals to be on Alembric in a reasonable timeframe. This also allows us to ensure we aren't rushing the work to get our migration repos over to Alembric. I think that