Re: [openstack-dev] [Keystone][Fernet] HA SQL backend for Fernet keys

2015-08-05 Thread joehuang
Hi, Lance, May we store the keys in Barbican, can the key rotation be done upon Barbican? And if we use Barican as the repository, then it’s easier for Key distribution and rotation in multiple KeyStone deployment scenario, the database replication (sync. or async.) capability could be

Re: [openstack-dev] [python-neutronclient][neutron] sub-project client extensions

2015-08-05 Thread Fawad Khaliq
Thanks Amir. This will be a step forward in that direction Extending my question to Henry and Kyle, as they are driving the decomposition phase II. Hello Henry/Kyle, With devref [1] for Neutron sub-projects getting in and sub-projects owners working towards completing the phase II, the Neutron

[openstack-dev] [nova][FFE] Feature Freeze Exception Request for 'Adding support for InfiniBand SR-IOV vif type'

2015-08-05 Thread Moshe Levi
Hi, I would like to request a FFE for the following BP https://blueprints.launchpad.net/nova/+spec/vif-driver-ib-passthrough The BP has one patch https://review.openstack.org/#/c/187052/ which had +2 but lost in the rebase. The neutron code it already merged

Re: [openstack-dev] [keystone] policy issues when generating trusts with different clients

2015-08-05 Thread Steve Martinelli
I think this is happening because the last session created was based off of trustee_auth. Try creating 2 sessions, one for each user (trustor and trustee). Maybe Jamie will chime in. Thanks, Steve Martinelli OpenStack Keystone Core michael mccune m...@redhat.com wrote on 2015/08/03 07:11:34 PM:

Re: [openstack-dev] [Cinder] A possible solution for HA Active-Active

2015-08-05 Thread Mike Perez
On Tue, Aug 4, 2015 at 7:47 PM, Morgan Fainberg morgan.fainb...@gmail.com wrote: On Tue, Aug 4, 2015 at 1:43 AM, Gorka Eguileor gegui...@redhat.com wrote: On Tue, Aug 04, 2015 at 05:47:44AM +1000, Morgan Fainberg wrote: On Aug 4, 2015, at 01:42, Fox, Kevin M kevin@pnnl.gov wrote:

[openstack-dev] [Stable][Nova] VMware NSXv Support

2015-08-05 Thread Gary Kotton
Hi, In the Kilo cycle a Neutron driver was added for supporting the Vmware NSXv plugin. This required patches in Nova to enable the plugin to work with Nova. These patches finally landed yesterday. I have back ported them to stable/kilo as the Neutron driver is unable to work without these in

Re: [openstack-dev] [Cinder] A possible solution for HA Active-Active

2015-08-05 Thread Flavio Percoco
On 04/08/15 23:39 -0700, Mike Perez wrote: On Tue, Aug 4, 2015 at 7:47 PM, Morgan Fainberg morgan.fainb...@gmail.com wrote: On Tue, Aug 4, 2015 at 1:43 AM, Gorka Eguileor gegui...@redhat.com wrote: On Tue, Aug 04, 2015 at 05:47:44AM +1000, Morgan Fainberg wrote: On Aug 4, 2015, at 01:42,

Re: [openstack-dev] [Cinder] A possible solution for HA Active-Active

2015-08-05 Thread Philipp Marek
Well, is it already decided that Pacemaker would be chosen to provide HA in Openstack? There's been a talk Pacemaker: the PID 1 of Openstack IIRC. I know that Pacemaker's been pushed aside in an earlier ML post, but IMO there's already *so much* been done for HA in Pacemaker that Openstack

Re: [openstack-dev] [Neutron] Common Base class for agents

2015-08-05 Thread Sean M. Collins
On Wed, Aug 05, 2015 at 01:42:20AM EDT, Sukhdev Kapur wrote: We discussed this in ML2 sub-team meeting last week and felt the best approach is to implement this agent in a separate repo. There is already an on-going effort/plan for modular L2 agent. This agent would be a perfect candidate to

[openstack-dev] [nova] Adding Project_id to the display list when using nova server-group-list

2015-08-05 Thread Zhenyu Zheng
Hi All, Currently, when using command: nova server-group-list, server groups' project id will not be displayed. As the admin user can use option --all-projects to list server groups in all projects, it will be really difficult to identify which serer group belongs to which project. It will be

Re: [openstack-dev] [python-neutronclient][neutron] sub-project client extensions

2015-08-05 Thread Mohankumar N
Hi Fawad, If I understood your question correctly , here some ways to do [1] you want to extend your client side packages . you can include entry point in “setup.cfg” https://review.openstack.org/#/c/200065/1/setup.cfg [2] To extend python-neutronclient base packages , you can add in

Re: [openstack-dev] [Keystone][Fernet] HA SQL backend for Fernet keys

2015-08-05 Thread Adam Heczko
Hi, I believe that Barbican keystore for signing keys was discussed earlier. I'm not sure if that's best idea since Barbican relies on Keystone authN/authZ. That's why this mechanism should be considered rather as out of band to Keystone/OS API and is rather devops task. regards, Adam On

Re: [openstack-dev] [Neutron] Common Base class for agents

2015-08-05 Thread Andreas Scheuring
Sukhdev, last week I spent some time to figure out the current state of modular l2 agent design and discussion. I got the impression it's not in a good shape! So I personally don't think that it makes any sense to start with a modular l2 agent prototype and in the worst case throw it all away, as

Re: [openstack-dev] [Cinder] A possible solution for HA Active-Active

2015-08-05 Thread Gorka Eguileor
On Tue, Aug 04, 2015 at 08:30:17AM -0700, Joshua Harlow wrote: Duncan Thomas wrote: On 3 August 2015 at 20:53, Clint Byrum cl...@fewbar.com mailto:cl...@fewbar.com wrote: Excerpts from Devananda van der Veen's message of 2015-08-03 08:53:21 -0700: Also on a side note, I think

Re: [openstack-dev] [Cinder] A possible solution for HA Active-Active

2015-08-05 Thread Gorka Eguileor
On Tue, Aug 04, 2015 at 08:40:13AM -0700, Joshua Harlow wrote: Clint Byrum wrote: Excerpts from Devananda van der Veen's message of 2015-08-03 08:53:21 -0700: On Mon, Aug 3, 2015 at 8:41 AM Joshua Harlowharlo...@outlook.com wrote: Clint Byrum wrote: Excerpts from Gorka Eguileor's message

Re: [openstack-dev] [python-neutronclient][neutron] sub-project client extensions

2015-08-05 Thread Fawad Khaliq
Thanks Mohankumar. Option #1 is exactly what I was looking for and that should work. Thanks a lot! Fawad Khaliq On Wed, Aug 5, 2015 at 12:36 PM, Mohankumar N mohankuma...@huawei.com wrote: Hi Fawad, If I understood your question correctly , here some ways to do [1] you want to extend

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-05 Thread David Chadwick
Hi Jamie On 05/08/2015 00:46, Jamie Lennox wrote: - Original Message - From: Steve Martinelli steve...@ca.ibm.com To: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.org Sent: Wednesday, August 5, 2015 3:59:34 AM Subject: Re:

Re: [openstack-dev] [Stable][Nova] VMware NSXv Support

2015-08-05 Thread Kuvaja, Erno
Hi Gary, While I do understand the interest to get this functionality included, I really fail to see how it would comply with the Stable Branch Policy: https://wiki.openstack.org/wiki/StableBranch#Stable_branch_policy Obviously the last say is on stable-maint-core, but normally new features are

Re: [openstack-dev] [CI]How to set proxy for nodepool

2015-08-05 Thread Xie, Xianshan
Hi Ramy, Thanks for your patience. I have tried your suggestion, but it did not work for me. According to the log, this element has already ran in the chroot before the pip commands are executed. So, in theory, the pip command would run behind this proxy, but the connection errors are still

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-05 Thread David Chadwick
On 04/08/2015 18:59, Steve Martinelli wrote: Right, but that API is/should be protected. If we want to list IdPs *before* authenticating a user, we either need: 1) a new API for listing public IdPs or 2) a new policy that doesn't protect that API. Hi Steve yes this was my understanding of

Re: [openstack-dev] [Stable][Nova] VMware NSXv Support

2015-08-05 Thread Gary Kotton
Hi, Thanks for the comments. I agree with you that this does not comply with the policy. I wanted to raise the issue as whoever is going to use the Neutron driver with stable/kilo will need these patches. I will update the plugin wiki indicating that these two patches are required to get it

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-05 Thread David Chadwick
On 04/08/2015 17:51, Lin Hua Cheng wrote: Hi David, There was a similar effort in Kilo to design the flow in the login page for federated login[1]. WebSSO feature[2] was implemented in Kilo, it allows the user to perform federated login by selecting an IdP protocol. This have tested

Re: [openstack-dev] [mistral] BPMN support

2015-08-05 Thread ITZIKOWITZ, Noy (Noy)
Thanks Dmitri! From: Dmitri Zimine Reply-To: OpenStack Development Mailing List (not for usage questions) Date: Tuesday, August 4, 2015 at 22:14 To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [mistral] BPMN support Hi Noy, The short answer is No,

[openstack-dev] [nova][FFE] Feature Freeze Exception Request

2015-08-05 Thread Sajeesh Cimson Sasi
Hello, I would like to request feature freeze exception for the implementation of Nested Quota Driver for Nova, which does the quota management of nested projects. Blueprint https://blueprints.launchpad.net/nova/+spec/nested-quota-driver-api

[openstack-dev] [third-party-ci]Issue with running noop-check-communication

2015-08-05 Thread Eduard Matei
Hi, We're in the process of rebuilding the Jenkins CI for Cinder and i'm stuck at testing the noop job. I've setup using the latest changes from os-ext-testing and os-ext-testing-data using project-config, jjb and dib and i have a jenkins running which has the 2 jobs defined and i have 3 slaves

[openstack-dev] [puppet][keystone] To always use or not use domain name?

2015-08-05 Thread Gilles Dubreuil
While working on trust provider for the Keystone (V3) puppet module, a question about using domain names came up. Shall we allow or not to use names without specifying the domain name in the resource call? I have this trust case involving a trustor user, a trustee user and a project. For each

Re: [openstack-dev] [Cinder] A possible solution for HA Active-Active

2015-08-05 Thread Jeremy Stanley
On 2015-08-05 09:10:30 +0200 (+0200), Philipp Marek wrote: [...] Pacemaker is *the* Linux HA Stack. [...] Can you expand on this assertion? It doesn't look to me like it's part of the Linux source tree and I see strong evidence to suggest it's released and distributed completely separately from

Re: [openstack-dev] [Cinder] A possible solution for HA Active-Active

2015-08-05 Thread Philipp Marek
[...] Pacemaker is *the* Linux HA Stack. [...] Can you expand on this assertion? It doesn't look to me like it's part of the Linux source tree and I see strong evidence to suggest it's released and distributed completely separately from the kernel. If you read Linux as GNU/Linux or Linux

[openstack-dev] [Tricircle]Weekly Team Meeting 2015.08.05 Agenda

2015-08-05 Thread Zhipeng Huang
Hi Team, As usual we will have weekly meeting today starting UTC1300. The agenda today is to address the AIs left in the last meeting: 1. update the doc for how to work with KeyStone, joehuang 2. gampel check what mistral supports and which taskflow we want in the reference

[openstack-dev] [Fuel][Plugins] Using DriverLog as the Fuel Plugins registry

2015-08-05 Thread Irina Povolotskaya
Hi, If you are now developing a plugin for Fuel, please feel free to use DriverLog to add an entry for your plugin. You can find details instructions on how to do that here [1]. If something seems unclear to you, feel free to request more details. Thanks. [1]

Re: [openstack-dev] [Stable][Nova] VMware NSXv Support

2015-08-05 Thread Ihar Hrachyshka
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, I think Erno made a valid point here. If that would touch only vmware code, that could be an option to consider. But it looks like both patches are very invasive, and they are not just enabling features that are already in the tree, but

[openstack-dev] [Ironic] weekly subteam status report

2015-08-05 Thread Ruby Loo
Hi, Following is the subteam report for Ironic. As usual, this is pulled directly from the Ironic whiteboard[0] and formatted. Bugs (dtantsur) As of Mon, Aug 3 (diff with July 27) - Open: 142 (-5). 8 new (+2), 48 in progress (-5), 0 critical, 11 high and 8 incomplete - Nova bugs

Re: [openstack-dev] [Keystone][Fernet] HA SQL backend for Fernet keys

2015-08-05 Thread Lance Bragstad
On Wed, Aug 5, 2015 at 2:38 AM, Adam Heczko ahec...@mirantis.com wrote: Hi, I believe that Barbican keystore for signing keys was discussed earlier. I'm not sure if that's best idea since Barbican relies on Keystone authN/authZ. Correct. Once we find a solution for that problem it would be

Re: [openstack-dev] [all] Does OpenStack need a common solution for DLM?

2015-08-05 Thread Mike Perez
On 21:14 Aug 04, Joshua Harlow wrote: I can start a cross-project spec tomorrow if people feel that is useful, it may be slightly opinionated (I am one of the cores that works on https://kazoo.readthedocs.org/ so I am going be slightly biased for obvious reasons).

Re: [openstack-dev] [Cinder] A possible solution for HA Active-Active

2015-08-05 Thread Mike Perez
On 17:03 Aug 05, Flavio Percoco wrote: snip That said, you may want to sync with Joshua since he's going to work on a cross-project spec as well (as he mentioned in the other thread).[0] http://lists.openstack.org/pipermail/openstack-dev/2015-August/071441.html -- Mike Perez

[openstack-dev] [Ironic] Was there a meeting yesterday (August 4, 2015 at 0500 UTC)

2015-08-05 Thread Ruby Loo
Hi, Was there an ironic meeting yesterday (August 4, 2015 at 0500 UTC)? I don't see any meeting logs from then. --ruby __ OpenStack Development Mailing List (not for usage questions) Unsubscribe:

Re: [openstack-dev] [Security] Would people see a value in the cve-check-tool? (Reshetova, Elena)

2015-08-05 Thread McPeak, Travis
(Merging thread from security ML) Bandit probably isn¹t the correct integration point for this - cve-check has its own analysis procedures while Bandit uses Python AST. Also I see the use workflows being different. For Bandit a developer/gate wants to check a specific code snippet whereas for

Re: [openstack-dev] [Cinder] A possible solution for HA Active-Active

2015-08-05 Thread Jeremy Stanley
On 2015-08-05 14:36:37 +0200 (+0200), Philipp Marek wrote: [...] Pacemaker is *the* Linux HA Stack. [...] Can you expand on this assertion? It doesn't look to me like it's part of the Linux source tree and I see strong evidence to suggest it's released and distributed completely

Re: [openstack-dev] [keystone] policy issues when generating trusts with different clients

2015-08-05 Thread michael mccune
On 08/05/2015 02:34 AM, Steve Martinelli wrote: I think this is happening because the last session created was based off of trustee_auth. Try creating 2 sessions, one for each user (trustor and trustee). Maybe Jamie will chime in. thanks for the reply Steve, i will give that a try. my

[openstack-dev] [trove][qa][stable] gate-trove-functional-dsvm-mysql needs some stable branch love

2015-08-05 Thread Matt Riedemann
Trove changes on the stable branches are blocked on bug 1479358 [1] because a change was made to fix trove-integration on master for liberty but didn't take into account that those scripts are branchless and therefore need to work on stable/kilo and stable/juno as well, where we have capped

Re: [openstack-dev] [Cinder] Quobyte Cinder Driver revert?

2015-08-05 Thread Robert Döbbelin
Hi all! Thank you Mike for proposing the revert of the revert. Today I prepared a change that tackles the docstring issues. As being new to the OpenStack development process, I didn't manage to upload it to Gerrit today. Most likely I'll get it uploaded tomorrow. Best regards, Robert Doebbelin

Re: [openstack-dev] [Cinder] A possible solution for HA Active-Active

2015-08-05 Thread Philipp Marek
[...] Pacemaker is *the* Linux HA Stack. [...] Can you expand on this assertion? It doesn't look to me like it's part of the Linux source tree and I see strong evidence to suggest it's released and distributed completely separately from the kernel. If you read Linux as

Re: [openstack-dev] [trove][qa][stable] gate-trove-functional-dsvm-mysql needs some stable branch love

2015-08-05 Thread Amrith Kumar
Matt, Nikhil was working on it late into the night last night. I'll continue to work with him today and try and get this wrestled to the ground. -amrith -Original Message- From: Matt Riedemann [mailto:mrie...@linux.vnet.ibm.com] Sent: Wednesday, August 05, 2015 6:57 PM To: OpenStack

Re: [openstack-dev] [Ironic] Was there a meeting yesterday (August 4, 2015 at 0500 UTC)

2015-08-05 Thread Michael Davies
Only a few people turned up (including me who was late) so no meeting was held. Hope this helps, Michael... On Wed, Aug 5, 2015 at 10:43 PM, Ruby Loo rlooya...@gmail.com wrote: Hi, Was there an ironic meeting yesterday (August 4, 2015 at 0500 UTC)? I don't see any meeting logs from then.

Re: [openstack-dev] [Ironic] Was there a meeting yesterday (August 4, 2015 at 0500 UTC)

2015-08-05 Thread Ramakrishnan G
There wasn't one. Some of us waited in the meeting room to see if someone turns up, but I just got very very few (almost none) responses. On Wed, Aug 5, 2015 at 7:02 PM, Michael Davies mich...@the-davies.net wrote: Only a few people turned up (including me who was late) so no meeting was

Re: [openstack-dev] [Ironic] Was there a meeting yesterday (August 4, 2015 at 0500 UTC)

2015-08-05 Thread Jim Rollenhagen
On Wed, Aug 05, 2015 at 09:13:18AM -0400, Ruby Loo wrote: Hi, Was there an ironic meeting yesterday (August 4, 2015 at 0500 UTC)? I don't see any meeting logs from then. There was not.

Re: [openstack-dev] [heat][ec2tokens] Questions about ec2tokens under keystone v3 api.

2015-08-05 Thread Andrey Pavlov
As I saw heat`s ec2tokens can work only with keystone v2 URL. It happens because keystone has different responses for v2 and v3 versions for token request by ec2 credentials. I found same problem in our ec2api project and keystonemiddleware project. For example: Patch for our ec2api project will

Re: [openstack-dev] [keystone] policy issues when generating trusts with different clients

2015-08-05 Thread michael mccune
On 08/05/2015 02:34 AM, Steve Martinelli wrote: I think this is happening because the last session created was based off of trustee_auth. Try creating 2 sessions, one for each user (trustor and trustee). Maybe Jamie will chime in. just as a followup, i tried creating new Session objects for

Re: [openstack-dev] [Cinder] A possible solution for HA Active-Active

2015-08-05 Thread Jeremy Stanley
On 2015-08-05 15:31:03 +0200 (+0200), Philipp Marek wrote: [...] Pacemaker is *the* Linux HA Stack. [...] Can you expand on this assertion? It doesn't look to me like it's part of the Linux source tree and I see strong evidence to suggest it's released and distributed

Re: [openstack-dev] [Neutron] Common Base class for agents

2015-08-05 Thread Kyle Mestery
I definitely don't think this work should start in a new repository. As Sean and Andreas have said, I think the changes should be done in-tree rather than creating another repository for this work. On Wed, Aug 5, 2015 at 2:42 AM, Andreas Scheuring scheu...@linux.vnet.ibm.com wrote: Sukhdev,

Re: [openstack-dev] [Cinder] A possible solution for HA Active-Active

2015-08-05 Thread Philipp Marek
Well, SUSE and Redhat (7) use Pacemaker by default, Debian/Ubuntu have it (along with others)... That gives it quite some market share, wouldn't you think? Yes, I guess the most popular meaning is a good match here. I see, so in the same way that nano is *the* Linux text editor

Re: [openstack-dev] [Security] Would people see a value in the cve-check-tool? (Reshetova, Elena)

2015-08-05 Thread Jeremy Stanley
On 2015-08-05 13:14:40 + (+), McPeak, Travis wrote: [...] The only concern that I have is the requisite database. Downloading a 500MB + CVE database for the jobs could become painful. We could either keep the CVE database on each node in the test pool or download it at the start of

Re: [openstack-dev] [third-party-ci]Issue with running noop-check-communication

2015-08-05 Thread Asselin, Ramy
Hi Eduard, There seems to be a bug regarding running jobs on master [1]. Try running it on a slave instead. Ramy [1] https://github.com/rasselin/os-ext-testing/blob/master/README.md#running-jobs-on-jenkins-master From: Eduard Matei [mailto:eduard.ma...@cloudfounders.com] Sent: Wednesday,

Re: [openstack-dev] [pbr] [stable] [infra] How to generate .Z version increments on stable/liberty commits

2015-08-05 Thread Alan Pevec
To give you an idea, if we enabled that for Kilo we'd be at Nova 11.0.80 (kilo) and Nova 10.0.218 (juno). I am not a fan of doing this second option at all. We would be polluting the ref space of our repos with redundant information making the output of `git tag` unusable to

Re: [openstack-dev] [CI]How to set proxy for nodepool

2015-08-05 Thread Asselin, Ramy
HI Xiexs, “Also, I’ve found some of the infra project-config elements don’t work in my environment and aren’t needed as they’re specific to infra. For those, simply comment out the portions that don’t work. I didn’t notice any negative side-effects.” This one you need to skip because you don’t

Re: [openstack-dev] [Cinder] A possible solution for HA Active-Active

2015-08-05 Thread Jeremy Stanley
On 2015-08-05 15:48:52 +0200 (+0200), Philipp Marek wrote: [...] How many cluster stack alternatives can you see in SUSE? How many cluster stack alternatives are available in _every_ major distribution? I think it depends a lot on how you define cluster stack and whether the solution to the

Re: [openstack-dev] [Tricircle]Weekly Team Meeting 2015.08.05 Agenda

2015-08-05 Thread Zhipeng Huang
Thanks for everyone attending the meeting, minutes could be found here: http://eavesdrop.openstack.org/meetings/tricircle/2015/tricircle.2015-08-05-13.00.html On Wed, Aug 5, 2015 at 8:37 PM, Zhipeng Huang zhipengh...@gmail.com wrote: Hi Team, As usual we will have weekly meeting today

[openstack-dev] [app-catalog] IRC Meeting Thursday August 6th at 17:00UTC

2015-08-05 Thread Christopher Aedo
Hello! Our next OpenStack App Catalog meeting will take place this Thursday August 6th at 17:00 UTC in #openstack-meeting-3 The agenda can be found here: https://wiki.openstack.org/wiki/Meetings/app-catalog Please add agenda items if there's anything specific you would like to discuss. Please

Re: [openstack-dev] [Cinder] A possible solution for HA Active-Active

2015-08-05 Thread Clint Byrum
Excerpts from Philipp Marek's message of 2015-08-05 00:10:30 -0700: Well, is it already decided that Pacemaker would be chosen to provide HA in Openstack? There's been a talk Pacemaker: the PID 1 of Openstack IIRC. I know that Pacemaker's been pushed aside in an earlier ML post, but IMO

Re: [openstack-dev] [Security] Would people see a value in the cve-check-tool? (Reshetova, Elena)

2015-08-05 Thread Ian Cordasco
On 8/5/15, 08:14, McPeak, Travis travis.mcp...@hp.com wrote: (Merging thread from security ML) Bandit probably isn¹t the correct integration point for this - cve-check has its own analysis procedures while Bandit uses Python AST. Also I see the use workflows being different. For Bandit a

Re: [openstack-dev] [puppet][keystone] To always use or not use domain name?

2015-08-05 Thread Adam Young
On 08/05/2015 08:16 AM, Gilles Dubreuil wrote: While working on trust provider for the Keystone (V3) puppet module, a question about using domain names came up. Shall we allow or not to use names without specifying the domain name in the resource call? I have this trust case involving a

[openstack-dev] [sahara] update methods

2015-08-05 Thread michael mccune
hey all, the recent discussions[1] on updating resources through the rest api has got me thinking that it might be worthwhile to convert the few methods we have implemented to use PATCH instead of PUT. we are starting to create a bifurcation in the api regarding updates. the new

Re: [openstack-dev] [Security] Would people see a value in the cve-check-tool? (Reshetova, Elena)

2015-08-05 Thread Jeremy Stanley
On 2015-08-05 15:04:15 + (+), Ian Cordasco wrote: One point of clarification. Not every project has to opt into global-requirements so this isn't necessarily true. Also with the merging of the stackforge and openstack namespaces, it'll be harder to distinguish when a project is or

Re: [openstack-dev] [Security] Would people see a value in the cve-check-tool? (Reshetova, Elena)

2015-08-05 Thread Clark Boylan
On Wed, Aug 5, 2015, at 08:22 AM, Jeremy Stanley wrote: On 2015-08-05 15:04:15 + (+), Ian Cordasco wrote: One point of clarification. Not every project has to opt into global-requirements so this isn't necessarily true. Also with the merging of the stackforge and openstack

Re: [openstack-dev] [Ironic] Was there a meeting yesterday (August 4, 2015 at 0500 UTC)

2015-08-05 Thread Ruby Loo
On 5 August 2015 at 09:35, Jim Rollenhagen j...@jimrollenhagen.com wrote: On Wed, Aug 05, 2015 at 09:13:18AM -0400, Ruby Loo wrote: Hi, Was there an ironic meeting yesterday (August 4, 2015 at 0500 UTC)? I don't see any meeting logs from then. There was not.

Re: [openstack-dev] [Ironic] weekly subteam status report

2015-08-05 Thread Ruby Loo
Hi, Oops, my bad. To be clear, there was no ironic meeting this week. But if there had been, this is what the subteams would have reported :) --ruby On 5 August 2015 at 09:05, Ruby Loo rlooya...@gmail.com wrote: Hi, Following is the subteam report for Ironic. As usual, this is pulled

Re: [openstack-dev] [neutron] VLAN aware VMs: Current status?

2015-08-05 Thread Ildikó Váncsa
Hi Kyle, First of all, sorry for the late response. We are working on the design and implementation, the first patches are planned to be up by the end of this week. We could surely use more hands as it is quite a large amount of work that this blueprint requires. If there are any Neutron

Re: [openstack-dev] [Security] Would people see a value in the cve-check-tool? (Reshetova, Elena)

2015-08-05 Thread Reshetova, Elena
The only concern that I have is the requisite database. Downloading a 500MB + CVE database for the jobs could become painful. We could either keep the CVE database on each node in the test pool or download it at the start of each cve-check job. I¹d be curious what the infra wizards have to

Re: [openstack-dev] [Security] Would people see a value in the cve-check-tool? (Reshetova, Elena)

2015-08-05 Thread Jeremy Stanley
On 2015-08-05 08:28:27 -0700 (-0700), Clark Boylan wrote: We already track it in the requirements repo itself [0]. Not sure if we need an additional tracking method. [0] https://git.openstack.org/cgit/openstack/requirements/tree/projects.txt That tracks repos which get reqs sync proposals

Re: [openstack-dev] [Cinder] Quobyte Cinder Driver revert?

2015-08-05 Thread Mike Perez
On 14:37 Aug 03, Matt Riedemann wrote: I guess there isn't a quobyte connector in os-brick yet, but just a reminder that there is a libvirt volume driver in nova for talking to quobyte [1]. It'd be good to get a heads up on the nova side when the cinder team is removing drivers so that we can

Re: [openstack-dev] [Security] Would people see a value in the cve-check-tool? (Reshetova, Elena)

2015-08-05 Thread Jeremy Stanley
On 2015-08-05 16:08:16 + (+), Reshetova, Elena wrote: [...] Actually the database is downloaded only once ( thefirst time) and then only database diffs are downloaded, which is much faster. I don't know enough about your node setup (do you fully clean up each node between the builds?)

Re: [openstack-dev] [Security] Would people see a value in the cve-check-tool? (Reshetova, Elena)

2015-08-05 Thread Clint Byrum
Excerpts from Reshetova, Elena's message of 2015-08-05 09:08:16 -0700: The only concern that I have is the requisite database. Downloading a 500MB + CVE database for the jobs could become painful. We could either keep the CVE database on each node in the test pool or download it at the

Re: [openstack-dev] [Security] Would people see a value in the cve-check-tool? (Reshetova, Elena)

2015-08-05 Thread Jeremy Stanley
On 2015-08-05 15:22:29 + (+), Jeremy Stanley wrote: [...] Now that we've dissolved more of those arbitrary distinctions, this seems like a great opportunity for tracking with a governance tag. I'll go ahead and propose one later today if I get a spare moment. Actually, I take that

Re: [openstack-dev] [Security] Would people see a value in the cve-check-tool? (Reshetova, Elena)

2015-08-05 Thread Jeremy Stanley
On 2015-08-05 09:54:52 -0700 (-0700), Clint Byrum wrote: Doesn't this feel like a job for AFS? Maintain the db there, and let the nodes access it as-needed? I guess it depends on whether the tool needs to read the entire database to perform its queries (in which case using AFS would be

Re: [openstack-dev] [nova] Thoughts on things that don't make freeze cutoffs

2015-08-05 Thread John Garbutt
On 4 August 2015 at 21:23, Matt Riedemann mrie...@linux.vnet.ibm.com wrote: On 8/4/2015 8:47 AM, Sahid Orentino Ferdjaoui wrote: On Tue, Aug 04, 2015 at 12:54:34PM +0200, Thierry Carrez wrote: John Garbutt wrote: [...] Personally I find a mix of coding and reviewing good to keep a decent

Re: [openstack-dev] [sahara] update methods

2015-08-05 Thread Luigi Toscano
On Wednesday 05 of August 2015 11:14:13 michael mccune wrote: hey all, the recent discussions[1] on updating resources through the rest api has got me thinking that it might be worthwhile to convert the few methods we have implemented to use PATCH instead of PUT. we are starting to create

Re: [openstack-dev] [Neutron] Common Base class for agents

2015-08-05 Thread Sukhdev Kapur
Sounds good. As long as proper due-diligence is done and there are is no duplication of effort, it make sense. Thanks -Sukhdev On Wed, Aug 5, 2015 at 12:42 AM, Andreas Scheuring scheu...@linux.vnet.ibm.com wrote: Sukhdev, last week I spent some time to figure out the current state of

Re: [openstack-dev] [Neutron] Common Base class for agents

2015-08-05 Thread Sukhdev Kapur
Hey Kyle, A concern was raised that this may create issue of breakages/instability in other agents at the late stage of the release cycle - hence I proposed a separate repo. But, if a proper due-diligence is done and the core team has a plan to deal with this, sounds like a good plan to me.

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-05 Thread Dolph Mathews
On Wed, Aug 5, 2015 at 5:39 AM, David Chadwick d.w.chadw...@kent.ac.uk wrote: On 04/08/2015 18:59, Steve Martinelli wrote: Right, but that API is/should be protected. If we want to list IdPs *before* authenticating a user, we either need: 1) a new API for listing public IdPs or 2) a new

Re: [openstack-dev] [Nova] Non-priority Feature Freeze is Tomorrow (July 30th)

2015-08-05 Thread John Garbutt
On 31 July 2015 at 11:05, John Garbutt j...@johngarbutt.com wrote: On 30 July 2015 at 09:56, John Garbutt j...@johngarbutt.com wrote: On 29 July 2015 at 19:20, John Garbutt j...@johngarbutt.com wrote: Hi, Tomorrow is: Non-priority Feature Freeze What does this mean? Well... * bug fixes:

Re: [openstack-dev] [Neutron] Common Base class for agents

2015-08-05 Thread Kevin Benton
Well we can always develop the new framework and wait until the start of the next cycle to swap over the existing agents if it doesn't look stable enough. On Wed, Aug 5, 2015 at 1:36 PM, Sukhdev Kapur sukhdevka...@gmail.com wrote: Hey Kyle, A concern was raised that this may create issue of

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-05 Thread Steve Martinelli
Some folks said that they'd prefer not to list all associated idps, which i can understand. Actually, I like jamie's suggestion of just making horizon a bit smarter, and expecting the values in the horizon settings (idp+protocol) Thanks, Steve Martinelli OpenStack Keystone Core From:

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-05 Thread Lance Bragstad
On Wed, Aug 5, 2015 at 1:02 PM, Steve Martinelli steve...@ca.ibm.com wrote: Some folks said that they'd prefer not to list all associated idps, which i can understand. Actually, I like jamie's suggestion of just making horizon a bit smarter, and expecting the values in the horizon settings

[openstack-dev] [TripleO] [Puppet] Deploying OpenStack with Puppet modules on Docker with Heat

2015-08-05 Thread Dan Prince
Hi, There is a lot of interest in getting support for container based deployment within TripleO and many different ideas and opinions on how to go about doing that. One idea on the table is to use Heat to help orchestrate the deployment of docker containers. This would work similar to our

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-05 Thread Thai Q Tran
text/html; charset=UTF-8: Unrecognized __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe

Re: [openstack-dev] [TripleO] [Puppet] [kolla] Deploying OpenStack with Puppet modules on Docker with Heat

2015-08-05 Thread Ryan Hallisey
Tagging kolla so the kolla community also sees it. Pardon the top posting. -Ryan - Original Message - From: Dan Prince dpri...@redhat.com To: openstack-dev openstack-dev@lists.openstack.org Sent: Wednesday, August 5, 2015 2:29:13 PM Subject: [openstack-dev] [TripleO] [Puppet] Deploying

[openstack-dev] Bandit 0.13.0 released

2015-08-05 Thread McPeak, Travis
Today we released Bandit version 0.13.0 which includes the following features and enhancements: Plugins now registered as entry points Improved Bandit run speed Added a confidence filter option Added timestamp to JSON report New plugin to detect Try, Except, Pass Improved detection for hardcoded

Re: [openstack-dev] [sahara] update methods

2015-08-05 Thread michael mccune
On 08/05/2015 01:31 PM, Luigi Toscano wrote: Isn't this an API change, which would require an API bump? A reason more to keep it working as it is with 1.x and go fast to 2.0. thanks Luigi, that's fair. i'll hold off on this until we can bump to 2.0. it also means i need to get a move on with

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-05 Thread Dolph Mathews
On Wed, Aug 5, 2015 at 1:02 PM, Steve Martinelli steve...@ca.ibm.com wrote: Some folks said that they'd prefer not to list all associated idps, which i can understand. Why? Actually, I like jamie's suggestion of just making horizon a bit smarter, and expecting the values in the horizon

[openstack-dev] [neutron][dvr] Removing fip namespace when restarting L3 agent.

2015-08-05 Thread Korzeniewski, Artur
Hi all, During testing of Neutron upgrades, I have found that restarting the L3 agent in DVR mode is causing the VM network downtime for configured floating IP. The lockdown is visible when pinging the VM from external network, 2-3 pings are lost. The responsible place in code is: DVR: destroy

Re: [openstack-dev] [pbr] [stable] [infra] How to generate .Z version increments on stable/liberty commits

2015-08-05 Thread Doug Hellmann
Excerpts from Alan Pevec's message of 2015-08-05 16:14:32 +0200: To give you an idea, if we enabled that for Kilo we'd be at Nova 11.0.80 (kilo) and Nova 10.0.218 (juno). I am not a fan of doing this second option at all. We would be polluting the ref space of our

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-05 Thread David Lyle
Forcing Horizon to duplicate Keystone settings just makes everything much harder to configure and much more fragile. Exposing whitelisted, or all, IdPs makes much more sense. On Wed, Aug 5, 2015 at 1:33 PM, Dolph Mathews dolph.math...@gmail.com wrote: On Wed, Aug 5, 2015 at 1:02 PM, Steve

Re: [openstack-dev] [neutron][dvr] Removing fip namespace when restarting L3 agent.

2015-08-05 Thread Fox, Kevin M
Thats troubling... We are considering using DVR soon, and we have to restart neutron-openvswitch-agent and openstack-nova-compute periodically go get them to talk to rabbit again Thanks, Kevin From: Korzeniewski, Artur [artur.korzeniew...@intel.com] Sent:

Re: [openstack-dev] [all] Does OpenStack need a common solution for DLM?

2015-08-05 Thread Joshua Harlow
Flavio Percoco wrote: On 04/08/15 21:14 -0700, Joshua Harlow wrote: Morgan Fainberg wrote: On Tue, Aug 4, 2015 at 8:44 AM, Joshua Harlow harlo...@outlook.com mailto:harlo...@outlook.com wrote: Flavio Percoco wrote: On 03/08/15 19:48 +0200, Gorka Eguileor wrote: On Mon, Aug 03, 2015 at

Re: [openstack-dev] [trove][qa][stable] gate-trove-functional-dsvm-mysql needs some stable branch love

2015-08-05 Thread Nikhil Manchanda
Hi Matt: Yes, this is on my radar and something I'm actively looking at. Hope to have a solution here for this pretty soon. Appreciate the help with this and the review you put up to get the stable branch unblocked! Cheers, Nikhil On Wed, Aug 5, 2015 at 6:33 AM, Amrith Kumar amr...@tesora.com

Re: [openstack-dev] [keystone] policy issues when generating trusts with different clients

2015-08-05 Thread Jamie Lennox
Hey Mike, I think it could be one of the hacks that are in place to try and keep compatibility with the old and new way of using the client is returning the wrong thing. Compare the output of trustor.user_id and trustor_auth.get_user_id(sess). For me trustor.user_id is None which will make

Re: [openstack-dev] [puppet][keystone] To always use or not use domain name?

2015-08-05 Thread Gilles Dubreuil
On 06/08/15 10:16, Jamie Lennox wrote: - Original Message - From: Adam Young ayo...@redhat.com To: openstack-dev@lists.openstack.org Sent: Thursday, August 6, 2015 1:03:55 AM Subject: Re: [openstack-dev] [puppet][keystone] To always use or not use domain name? On 08/05/2015

Re: [openstack-dev] [TripleO] [Puppet] Deploying OpenStack with Puppet modules on Docker with Heat

2015-08-05 Thread Sam Yaple
On Wed, Aug 5, 2015 at 1:29 PM, Dan Prince dpri...@redhat.com wrote: ...snip... -The external config file mechanism for Kolla containers only seems to support a single config file. Some services (Neutron) can have multiple files. Could we extend the external config support to use multiple

Re: [openstack-dev] [Keystone][Fernet] HA SQL backend for Fernet keys

2015-08-05 Thread joehuang
Hi, Even if Barbican can store the key, but it will add overhead for restful API interaction between KeyStone and Barbican. May we store the key in the KeyStone DB backend (or another separate DB backend), for example MySQL? Best Regards Chaoyi Huang ( Joe Huang ) From: Lance Bragstad

Re: [openstack-dev] [TripleO] [Puppet] [kolla] Deploying OpenStack with Puppet modules on Docker with Heat

2015-08-05 Thread Steven Dake (stdake)
Apologies for top post, but I just wanted to point out in the config-external examples I am aware /opt/kolla is the wrong directory to configure from (it should be /var/lib/kolla or something similar) and we will fix this during l3. Regards -steve On 8/5/15, 6:53 PM, Steven Dake (stdake)

  1   2   >