Re: [openstack-dev] [Congress] congress-server fails to start

Hi Rajdeep, I think the issue you're facing here is because you have a non-asci char in your etc/congress.conf.sample file. Could you try the following commands: mv congress/etc/congress.config.sample /tmp git checkout congress/etc/config.sample ./bin/congress-server --config-file etc/congres

Re: [openstack-dev] [Neutron] Is network ordering of vNICs guaranteed?

This bug was true in grizzly and older (and was reintroduced in icehouse for a few days but was fixed before the nova icehouse shipped). Aaron On Mon, Aug 11, 2014 at 7:10 AM, CARVER, PAUL wrote: >Armando M. [mailto:arma...@gmail.com] wrote: > > > > >>On 9 August 2014 10:16, Jay Pipes wro

Re: [openstack-dev] [Neutron] Simple proposal for stabilizing new features in-tree

Hi, I've been thinking a good bit on this on the right way to move forward with this and in general the right way new services should be added. Yesterday I was working on a bug that was causing some problems in the openstack infra. We tracked down the issue then I uploaded a patch for it. A little

Re: [openstack-dev] [Neutron] Is network ordering of vNICs guaranteed?

f vNICs is not 100% guaranteed for the cloud images which are > not shipped with > /etc/udev/rules.d/70-persistent-net.rules. > e.g. attaching a port and deattaching another port, then reboot the > instance. > > > 2014-08-12 15:52 GMT+08:00 Aaron Rosen : > > This bug was tr

Re: [openstack-dev] [congress] Jenkins failure

You need to rebase again. The readme file changed before Jenkins got a chance to test your patch. On Monday, August 18, 2014, Rajdeep Dua wrote: > my branch already has the latest changes. > it is not able to merge two rst files hence it failed > > > On Tue, Aug 19, 2014 at 10:02 AM, Akash Gangi

Re: [openstack-dev] [neutron][security-groups] Neutron default security groups

Hi, Inline: On Tue, Sep 16, 2014 at 1:00 AM, Fawad Khaliq wrote: > Folks, > > I have had discussions with some folks individually about this but I would > like bring this to a broader audience. > > I have been playing with security groups and I see the notion of 'default' > security group seems

Re: [openstack-dev] [Neutron] keep old specs

I agree as well. I think moving them to an unimplemented folder makes sense and would be helpful in reviewing if one re-proposes a blueprint. On Mon, Sep 15, 2014 at 7:20 AM, Russell Bryant wrote: > On 09/15/2014 10:01 AM, Kevin Benton wrote: > > Some of the specs had a significant amount of det

Re: [openstack-dev] [Openstack-security] Neutron security groups for L2 networks in Havana

t; Later users can configure security groups based on the ip address what > they provided to the vnics. > > I mean to say, ports will have subnet but just that this subnet is not > known to openstack during the instance boot time. > > > > > On Fri, Nov 8, 2013 at 9:4

Re: [openstack-dev] [Neutron] Find the compute host on which a VM runs

On Thu, Nov 21, 2013 at 8:12 AM, Robert Kukura wrote: > On 11/21/2013 04:20 AM, Stefan Apostoaie wrote: > > Hello again, > > > > I studied the portbindings extension (the quantum.db.portbindings_db and > > quantum.extensions.portbindings modules). However it's unclear for me > > who sets the port

Re: [openstack-dev] [Nova] Proposal to add Matt Riedemann to nova-core

+1 On Fri, Nov 22, 2013 at 12:53 PM, Russell Bryant wrote: > Greetings, > > I would like to propose adding Matt Riedemann to the nova-core review team. > > Matt has been involved with nova for a long time, taking on a wide range > of tasks. He writes good code. He's very engaged with the deve

Re: [openstack-dev] [nova] Should the server create API return 404 errors?

On Mon, Nov 25, 2013 at 6:00 PM, Christopher Yeoh wrote: > On Tue, Nov 26, 2013 at 7:27 AM, Matt Riedemann < > mrie...@linux.vnet.ibm.com> wrote: > >> Aaron Rosen is working a patch [1] to handle a NetworkNotFound exception >> in the server create API. For the V2

Re: [openstack-dev] [Neutron] Calling a controller from within a session in the plugin

In my experience doing any kind of http request inside a of a db transaction kills performance vastly (and can lead to situations where deadlock often occurs due to eventlet+sqlalchemly). This topic also was recently discussed here: http://lists.openstack.org/pipermail/openstack-dev/2013-November/0

Re: [openstack-dev] [Neutron] Support for multiple provider networks with same VLAN segmentation id

I believe it would need to be like: network_vlan_ranges = physnet1:100:300, phynet2:100:300, phynet3:100:300 Additional comments inline: On Mon, Feb 10, 2014 at 8:49 PM, Vinay Bannai wrote: > Bob and Kyle, > > Thanks for your review. > We looked at this option and it seems it might meet our n

Re: [openstack-dev] [Neutron] Support for multiple provider networks with same VLAN segmentation id

better if we were able to do this type of thing regardless of the network_type. > Vinay > > > On Tue, Feb 11, 2014 at 12:32 PM, Aaron Rosen wrote: > >> I believe it would need to be like: >> >> network_vlan_ranges = physnet1:100:300, phynet2:100:300, phynet3:100:

Re: [openstack-dev] [Neutron][nova] Neutron plugin authors: Does port status indicate liveness?

> http://lists.openstack.org/pipermail/openstack-dev/2014-February/026750.html > [2]https://review.openstack.org/#/c/72452/ > > On Thu, Feb 13, 2014 at 3:13 AM, Maru Newby wrote: > > Booting a Nova instance when Neutron is enabled is often unreliable due > to the lack of coor

Re: [openstack-dev] [Neutron] Nominate Oleg Bondarev for Core

+1 On Feb 16, 2014 8:10 PM, "Armando M." wrote: > +1 > On Feb 13, 2014 5:52 PM, "Nachi Ueno" wrote: > >> +1 >> >> 2014年2月12日水曜日、Mayur Patilさんは書きました: >> >>> +1 >>> >>> *--* >>> *Cheers,* >>> *Mayur* >>> >> >> ___ >> OpenStack-dev mailing list >> OpenSta

Re: [openstack-dev] [Neutron][nova] Neutron plugin authors: Does port status indicate liveness?

uld occur once the port is set up on the destination > host. This could potentially resolve this bug : > > https://bugs.launchpad.net/neutron/+bug/1274160 > > Best, > > Mathieu > > On Tue, Feb 18, 2014 at 2:55 AM, Aaron Rosen > wrote: > > Hi Maru, > > > &

[openstack-dev] False Positive testing for 3rd party CI

Hi, Yesterday, I pushed a patch to review and was surprised that several of the third party CI systems reported back that the patch-set worked where it definitely shouldn't have. Anyways, I tested out my theory a little more and it turns out a few of the 3rd party CI systems for neutron are just r

Re: [openstack-dev] False Positive testing for 3rd party CI

This should fix the false positive for brocade: https://review.openstack.org/#/c/75486/ Aaron On Fri, Feb 21, 2014 at 10:34 AM, Aaron Rosen wrote: > Hi, > > Yesterday, I pushed a patch to review and was surprised that several of > the third party CI systems reported back that t

[openstack-dev] [nova][neutron][keystone] getting keystone endpoints

Hi, Dan Smith and I have been working on the integration between nova and neutron to have neutron issue callbacks into nova to trigger certain events. One of the things I'm trying to figure out is how to support multiple nova regions with this kind of interaction since neutron would now needs to k

Re: [openstack-dev] [neutron] Changes to the core team

+1 for Kevin and Henry! On Tue, Dec 2, 2014 at 10:40 AM, Nati Ueno wrote: > Hi folks > > Congrats! Henry and Kevin. > I'll keep contributing the community, but Thank you for working with > me as core team :) > > Best > Nachi > > 2014-12-03 2:05 GMT+09:00 Carl Baldwin : > > +1 from me for all the

[openstack-dev] [congress] low-hanging-fruit

Hi, At this morning's irc meeting there were several newcomers that were looking to start contributing to congress. As promised we've come up with several low hanging bugs to start getting your feet wet: https://bugs.launchpad.net/congress/+bugs?field.tag=low-hanging-fruit Best, Aaron __

[openstack-dev] python-congressclient 1.0.1 released

The congress team is pleased to announce the release of the python-congressclient 1.0.1. This release includes several bug fixes as well as many other changes - a few highlights: - python34 compatibility - New CLI command to simulate results of rule - openstack congress policy sim

Re: [openstack-dev] [neutron] Changes to the core team

+1 On Fri, Jan 16, 2015 at 12:03 PM, Carl Baldwin wrote: > +1 > > On Thu, Jan 15, 2015 at 3:31 PM, Kyle Mestery wrote: > > The last time we looked at core reviewer stats was in December [1]. In > > looking at the current stats, I'm going to propose some changes to the > core > > team. Reviews a

Re: [openstack-dev] [Fuel] 10Gbe performance issue.

If you can get 9Gbps with multiple connections I'm guessing it's because of latency and the buffer size of your sockets. If you change the sending and receiving window size you should be able to fully saturate the link with one connection (though there are several reasons for not doing that). On T

Re: [openstack-dev] [nova][neutron] VIF event callbacks implementation

Hi Mike, Comments inline: On Mon, Apr 28, 2014 at 1:57 AM, Mike Kolesnik wrote: > Hi, > > I came across the implementation of > https://blueprints.launchpad.net/neutron/+spec/nova-event-callback > and have a question about the way it was implemented. > > I notice that now Neutron has a depende

Re: [openstack-dev] q-agt error

I don't see any error in the above logs you've pasted. I'd check the nova-compute logs as well. Aaron On Mon, May 5, 2014 at 10:51 PM, sonia verma wrote: > Hi all > > I want to boot VM from openstack dashboard onto compute node using > devstack.When I'm booting VM from opensatck dashboard onto

[openstack-dev] Changing glances default policy on setting image public to admin only

Hi, The current default settings that glance ships with allows any tenant to upload an image and mark it as public for other tenants to use. I'd like to change the default (https://review.openstack.org/#/c/92739/) so that only a admin user can make an image public by default. Allowing any tenant

Re: [openstack-dev] Chalenges with highly available service VMs

in > why that is needed? > > - icehouse final: neutron/plugins/ml2/plugin.py > > 677 elif changed_fixed_ips: > > 678 self._check_fixed_ips_and_address_pairs_no_overlap( > > 679 context, updated_port) >

Re: [openstack-dev] Chalenges with highly available service VMs

en assigning fixed IPs. > > If it sounds right to you, I can submit my patch removing this check. > > Thanks, > Praveen > > > > On Mon, May 19, 2014 at 12:32 PM, Aaron Rosen wrote: > >> Hi, >> >> Sure, if you look at this method: >> >

Re: [openstack-dev] Chalenges with highly available service VMs

7fa4098 | | status| ACTIVE | | tenant_id | c71ebe8d1f6e47bab7d44046ec2f6b39 | +---+------+ On Tue, May

Re: [openstack-dev] Chalenges with highly available service VMs

gt; > Cheers, > Praveen > > > On Tue, May 20, 2014 at 9:34 AM, Aaron Rosen wrote: > >> Hi Praveen, >> >> I think we should fix the update_method instead to properly check for >> this. I don't see any advantage to allow the fixed_ips/mac to be in the &

Re: [openstack-dev] [neutron] Proposed changes to core team

+1 I agree. Carl has make a lot of great contributions in both code and reviews. On Wed, May 21, 2014 at 3:19 PM, Armando M. wrote: > +1 from me too: Carl's contributions, code and reviews, have helped raise > the quality of this project. > > Cheers, > Armando > > On 21 May 2014 15:05, Maru New

Re: [openstack-dev] Glance

Do you have a loadbalancer or something that limits the request time in the path? That would be my guess, you probably need to raise the request_termination_timeout. Best, Aaron On Thu, May 22, 2014 at 10:59 PM, Tizy Ninan wrote: > Hi, > > We have an openstack deployment (Havana on CentOS) i

Re: [openstack-dev] [IceHouse][Neutron][Ubuntu 14.04] Error: Failed to delete network

Hi, can you open a bug report on this and provide your setup configuration? I just tested this with ML2 and wasn't able to reproduce the issue. arosen@arosen-MacBookPro:~/devstack$ neutron net-create asdf --provider:network_type vlan --provider:segmentation_id 124 --provider:physical_network a

Re: [openstack-dev] [IceHouse][Neutron][Ubuntu 14.04] Error: Failed to delete network

attaching a private IPv6 subnet to your L3 Router, it > will break the "External Network" and its "Floating IPs", then, it becomes > impossible to delete that "External Network"... It enters in a "stuck" > state... > > Regards, > Thiago &g

Re: [openstack-dev] [neutron] Supporting retries in neutronclient

Hi, Is it possible to detect when the ssl handshaking error occurs on the client side (and only retry for that)? If so I think we should do that rather than retrying multiple times. The danger here is mostly for POST operations (as Eugene pointed out) where it's possible for the response to not ma

Re: [openstack-dev] [Nova] [Neutron] heal_instance_info_cache_interval - Can we kill it?

Hi, Sorry somehow I missed this email. I don't think you want to disable it, though we can definitely have it run less often. The issue with disabling it is if one of the notifications from neutron->nova never gets sent successfully to nova (neutron-server is restarted before the event is sent or

Re: [openstack-dev] [neutron] Supporting retries in neutronclient

a write operation. > > > > Aaron Rosen wrote on 05/27/2014 09:40:00 PM: > > > From: Aaron Rosen > > > To: "OpenStack Development Mailing List (not for usage questions)" > > , > > Date: 05/27/2014 09:44 PM > > > Subject: Re: [openstack

Re: [openstack-dev] [Nova] [Neutron] heal_instance_info_cache_interval - Can we kill it?

On Wed, May 28, 2014 at 7:39 AM, Assaf Muller wrote: > > > - Original Message - > > Hi, > > > > Sorry somehow I missed this email. I don't think you want to disable it, > > though we can definitely have it run less often. The issue with > disabling it > > is if one of the notifications fr

Re: [openstack-dev] [Nova] Nominating Ken'ichi Ohmichi for nova-core

+1 On Monday, June 16, 2014, Andrew Laski wrote: > +1 > > On 06/13/2014 06:40 PM, Michael Still wrote: > >> Greetings, >> >> I would like to nominate Ken'ichi Ohmichi for the nova-core team. >> >> Ken'ichi has been involved with nova for a long time now. His reviews >> on API changes are excell

Re: [openstack-dev] [Neutron][ML2]

Hi Nader, Devstack's default plugin is ML2. Usually you wouldn't 'inherit' one plugin in another. I'm guessing you probably wire a driver that ML2 can use though it's hard to tell from the information you've provided what you're trying to do. Best, Aaron On Wed, Mar 5, 2014 at 10:42 PM, Nader

Re: [openstack-dev] [neutron][rootwrap] Performance considerations, sudo?

We had this same issue with the dhcp-agent. Code was added that paralleled the initial sync here: https://review.openstack.org/#/c/28914/ that made things a good bit faster if I remember correctly. Might be worth doing something similar for the l3-agent. Best, Aaron On Mon, Mar 10, 2014 at 5:

Re: [openstack-dev] No route matched for POST

Hi Vijay, I think you'd have to post you're code for anyone to really help you. Otherwise we'll just be taking shots in the dark. Best, Aaron On Mon, Mar 10, 2014 at 7:22 PM, Vijay B wrote: > Hi, > > I'm trying to implement a new extension API in neutron, but am running > into a "No route ma

Re: [openstack-dev] [neutron][rootwrap] Performance considerations, sudo?

The easiest/quickest thing to do for ice house would probably be to run the initial sync in parallel like the dhcp-agent does for this exact reason. See: https://review.openstack.org/#/c/28914/ which did this for thr dhcp-agent. Best, Aaron On Thu, Mar 13, 2014 at 12:18 PM, Miguel Angel Ajo wrote

Re: [openstack-dev] [Openstack] [NOVA] Missing network info in nova list

Hi Slawek, Interesting, I haven't seen this issue of network info not showing up on nova list and the instance being in ACTIVE state. Could you check out the nova logs and see if there are any TRACE's there? If you're using icehouse you should be able to do neutron port-update that maps to the i

Re: [openstack-dev] [neutron]Success to create securitygroup with invalid tenant_id. Does it need to check the tenant_id?

Hi Lee, No, currently only an admin user can create something with a different tenant_id by default. The issue with validating the tenant_id is we need to involve keystone in order to check if the tenant_id is valid (which will cause things to slow down). I believe this question has already come u

Re: [openstack-dev] Running neutron in child cells

Hi Ramkumar, Today there is no type of cells integration or cells like logic in neutron. If using nova cells, each cell must share the same neturon deployment. This neutron deployment though can be scaled out across several neutron servers behind a loadbalancer though. Another scaling option could

Re: [openstack-dev] [Openstack][nova][Neutron] Launch VM with multiple Ethernet interfaces with I.P. of single subnet.

This is true. Several people have asked this same question over the years though I've yet to hear a use case why one really need to do this. Do you have one? On Wed, Apr 16, 2014 at 3:12 PM, Ronak Shah wrote: > Hi Vikash, > Currently this is not supported. the NIC not only needs to be in differ

Re: [openstack-dev] [Neutron] API list operations are not fast as they could because they're dumb

Hi, Comments inline: On Tue, Apr 8, 2014 at 3:16 PM, Salvatore Orlando wrote: > I have been recently investigating reports of slowness for list responses > in the Neutron API. > This was first reported in [1], and then recently was observed with both > the ML2 and the NSX plugins. > The root ca

Re: [openstack-dev] [Openstack][nova][Neutron] Launch VM with multiple Ethernet interfaces with I.P. of single subnet.

rate this use case if u want. > > > > On Thu, Apr 17, 2014 at 6:20 AM, Aaron Rosen wrote: > >> This is true. Several people have asked this same question over the years >> though I've yet to hear a use case why one really need to do this. Do you >> have on

Re: [openstack-dev] [Openstack][nova][Neutron] Launch VM with multiple Ethernet interfaces with I.P. of single subnet.

at 8:53 PM, Kevin Benton wrote: > Web server running multiple SSL sites that wants to be compatible with > clients that don't support the SNI extension. There is no way for a server > to get multiple IP addresses on the same interface is there? > > > On Wed, Apr 16, 2014

Re: [openstack-dev] [Openstack][nova][Neutron] Launch VM with multiple Ethernet interfaces with I.P. of single subnet.

unning multiple SSL sites that wants to be compatible with >> clients that don't support the SNI extension. There is no way for a server >> to get multiple IP addresses on the same interface is there? >> >> >> On Wed, Apr 16, 2014 at 5:50 PM, Aaron Rosen wrote: >>

Re: [openstack-dev] [Openstack][nova][Neutron] Launch VM with multiple Ethernet interfaces with I.P. of single subnet.

; I was under the impression that the security group rules blocked addresses > not assigned by neutron[1]. > > 1. > https://github.com/openstack/neutron/blob/master/neutron/agent/linux/iptables_firewall.py#L188 > > > On Wed, Apr 16, 2014 at 9:20 PM, Aaron Rosen wrote: > >&g

Re: [openstack-dev] [Openstack][nova][Neutron] Launch VM with multiple Ethernet interfaces with I.P. of single subnet.

Whoops Akihiro beat me to it :) On Wed, Apr 16, 2014 at 9:46 PM, Aaron Rosen wrote: > The allowed-address-pair extension that was added here ( > https://review.openstack.org/#/c/38230/) allows us to add arbitrary ips > to an interface to allow them. This is useful if you want to run

Re: [openstack-dev] [Openstack][nova][Neutron] Launch VM with multiple Ethernet interfaces with I.P. of single subnet.

his use case? >>> >>> 1. Create an instance. >>> 2. Wait to see what which subnet it gets an allocation from. >>> 3. Pick an IP from that subnet that doesn't currently appear to be in >>> use. >>> 4. Use the neutron-cli or API to update

Re: [openstack-dev] [Openstack][nova][Neutron] Launch VM with multiple Ethernet interfaces with I.P. of single subnet.

Wait to see what which subnet it gets an allocation from. > 3. Pick an IP from that subnet that doesn't currently appear to be in use. > 4. Use the neutron-cli or API to update the port object with the extra IP. > 5. Hope that Neutron will never allocate that IP address for something >

Re: [openstack-dev] [Openstack][nova][Neutron] Launch VM with multiple Ethernet interfaces with I.P. of single subnet.

ms painful for a tenant workflow to get multiple addresses. I > would like to improve this during the Juno cycle. What is the limitation > that is blocking the multi-nic use cases? Is it Nova? > > > On Wed, Apr 16, 2014 at 11:27 PM, Aaron Rosen wrote: > >> Hi Kevin, >> >

Re: [openstack-dev] [Openstack][Neutron] 2 NICs on Instance Creation not working

Hi, I'm guessing the scripts inside your guest is only setup to configure dhcp on the first interface. See /etc/network/interfaces Best, Aaron On Mon, Apr 21, 2014 at 4:59 PM, Hopper, Justin wrote: > They are on separate Networks. > > Justin Hopper > Software Engineer - DBaaS > irc: juice |

Re: [openstack-dev] [Neutron] Enabling vlan trunking on neutron port.

Neutron doesn't allow you to send tagged traffic from the guest today https://github.com/openstack/neutron/blob/master/neutron/plugins/openvswitch/agent/ovs_neutron_agent.py#L384 On Fri, Sep 19, 2014 at 7:01 AM, Parikshit Manur wrote: > Hi All, > > I have a setup which has VM o

Re: [openstack-dev] [Neutron] default security group rules in neutron

Hi Lingxian, I've definitely experienced this problem first hand when new tenants are allowed access to our openstack cloud. I understand that nova has an extension to do this but I'm curious if part of the tenant onboarding script if the desired security group rules could be set. I'm not opposed

[openstack-dev] Creating new python-client

Hi, I'm looking at creating a new python-client and I was wondering if there was any on going effort to share code between the clients or not? I've looked at the code in python-novaclient and python-neutronclient and both of them seem to have their own homegrown HTTPClient and keystone integration

Re: [openstack-dev] Creating new python-client

Thanks guys, very helpful. Aaron On Wed, Jun 25, 2014 at 11:53 PM, Jamie Lennox wrote: > On Wed, 2014-06-25 at 22:42 -0500, Dean Troyer wrote: > > On Wed, Jun 25, 2014 at 10:18 PM, Aaron Rosen > > wrote: > > I'm looking at creating a new python-client >

Re: [openstack-dev] [Nova] Nominating Jay Pipes for nova-core

+1! On Thu, Jul 31, 2014 at 12:40 AM, Nikola Đipanov wrote: > On 07/30/2014 11:02 PM, Michael Still wrote: > > Greetings, > > > > I would like to nominate Jay Pipes for the nova-core team. > > > > Jay has been involved with nova for a long time now. He's previously > > been a nova core, as wel

Re: [openstack-dev] [Neutron] Group Based Policy and the way forward

On Tue, Aug 5, 2014 at 11:18 PM, Gary Kotton wrote: > > > On 8/5/14, 8:53 PM, "Russell Bryant" wrote: > > >On 08/05/2014 01:23 PM, Gary Kotton wrote: > >> Ok, thanks for the clarification. This means that it will not be done > >> automagically as it is today ­ the tenant will need to create a Ne

Re: [openstack-dev] [Neutron] Group Based Policy and the way forward

On Wed, Aug 6, 2014 at 12:59 AM, Gary Kotton wrote: > > > From: Aaron Rosen > Reply-To: OpenStack List > Date: Wednesday, August 6, 2014 at 10:09 AM > > To: OpenStack List > Subject: Re: [openstack-dev] [Neutron] Group Based Policy and the way > forward > >

Re: [openstack-dev] [Neutron] Group Based Policy and the way forward

As a cloud admin one needs to make sure the endpoints in keystone publicurl, internalurl and adminurl all map to the right places in the infrastructure. As a cloud user (for example when using the HP/RAX public cloud that has multiple regions/endpoints) a user needs to be aware of which region maps

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

Hi, I've made my way through the group based policy code and blueprints and I'd like ask several questions about it. My first question really is what is the advantage that the new proposed group based policy model buys us? Bobs says, "The group-based policy BP approved for Juno addresses the >

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

Hi Ryan, On Wed, Aug 6, 2014 at 11:55 AM, Ryan Moats wrote: > Jay Pipes wrote on 08/06/2014 01:04:41 PM: > > [snip] > > > > AFAICT, there is nothing that can be done with the GBP API that cannot > > be done with the low-level regular Neutron API. > > I'll take you up on that, Jay :) > > How ex

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

nt thread > labeled "what is the point of group policy?" > > I don't want to derail this one again and we should stick to Salvatore's > options about the way to move forward with these code changes. > On Aug 6, 2014 12:42 PM, "Aaron Rosen" wrote: > >

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

till needs to create an endpointgroup. What is being done implicitly here? I fail to see the difference. > > Also, I agree with Kevin when he says that this is a whole different > discussion. > > Thanks, > Ivar. > > > On Wed, Aug 6, 2014 at 9:12 PM, Aaron Rosen wrote: >

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

On Wed, Aug 6, 2014 at 12:45 PM, Ryan Moats wrote: > Aaron Rosen wrote on 08/06/2014 02:12:05 PM: > > > From: Aaron Rosen > > > To: "OpenStack Development Mailing List (not for usage questions)" > > > > Date: 08/06/2014 02:12 PM > > Subject: R

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

On Wed, Aug 6, 2014 at 12:46 PM, Kevin Benton wrote: > >I believe the referential security group rules solve this problem > (unless I'm not understanding): > > I think the disconnect is that you are comparing the way to current > mapping driver implements things for the reference implementation w

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

this on the physical fabic as well if it wanted to as it should also know that graph. No? > > On Wed, Aug 6, 2014 at 4:03 PM, Aaron Rosen wrote: > >> >> >> >> On Wed, Aug 6, 2014 at 12:46 PM, Kevin Benton wrote: >> >>> >I believe the referential

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

an be prevented by using an ACL on a router or a switch, which doesn't violate the user's intent and buys a performance improvement and works with ports that don't support security groups. states > > > On Wed, Aug 6, 2014 at 5:00 PM, Aaron Rosen wrote: > >> >

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

latter, a mapping driver could determine that communication between these two hosts can be prevented by using an ACL on a router or a switch, which doesn't violate the user's intent and buys a performance improvement and works with ports that don't support security groups. > > On W

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

[1] - With the latter, a mapping driver could determine that communication between these two hosts can be prevented by using an ACL on a router or a switch, which doesn't violate the user's intent and buys a performance improvement and works with ports that don't support security group

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

policy? [1] - With the latter, a mapping driver could determine that communication between these two hosts can be prevented by using an ACL on a router or a switch, which doesn't violate the user's intent and buys a performance improvement and works with ports that don't support secu

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

Gah, clearly hitting some kind of gmail bug as i replied to the right thread all 3 times i believe. On Wed, Aug 6, 2014 at 4:56 PM, Aaron Rosen wrote: > [Moving my reply to the correct thread as someone changed the subject > line. Attempt 3 :'( ] > > > > On Wed, Aug 6,

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

ology can be? Thanks, Aaron > On Wed, Aug 6, 2014 at 5:39 PM, Aaron Rosen wrote: > >> >> >> >> On Wed, Aug 6, 2014 at 4:18 PM, Kevin Benton wrote: >> >>> >Given this information I don't see any reason why the backend system >>> co

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

otten into). Would you agree this is accurate? Honestly, I know a lot of work has been put into this. I haven't said I'm for or against it either. I'm really just trying to understand what is the motivation for this and why does it make neutron better. Best, Aaron > > On Wed, Aug 6

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

tting is changed, > but it's much easier and less error prone to just write a puppet manifest > that uses the INI module with a pointer to the file, the section name, the > key, and the value with a notification to restart the service. > > > > On Wed, Aug 6, 2014 at 7:40

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

ected to the Internet. That wasn't requested because > people thought neutron networks were too easy to setup already. :-) > I think the confusion why that comment was made is probably because the nova-networks model doesn't have a concept of routers. Neutron can operate in the same

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

entries to an sqlite database, but that > doesn't mean it's the best level of abstraction for what the users are > trying to accomplish. > > I'll let someone else explain the current GBP API because I'm not working > on that. I'm just trying to convince you of the

Re: [openstack-dev] How to enable quantum Nicira NVP plugin in devstack

Hi Xin, In order to use the NVP plugin you need to have NVP which the plugin talks to. Do you have access to NVP? Best, Aaron On Thu, Sep 26, 2013 at 1:47 PM, openstack learner < openstacklea...@gmail.com> wrote: > Hi, > > From the link > http://docs.openstack.org/grizzly/openstack-network/ad

Re: [openstack-dev] Havana neutron security groups config issue

Hi Leandro, I don't believe the setting of: security_group_api=neutron in nova.conf actually doesn't matter at all on the compute nodes (still good to set it though). But it matters on the nova-api node. can you confirm that your nova-api node has: security_group_api=neutron in it's nova.conf?

Re: [openstack-dev] Havana neutron security groups config issue

arameter at > all ... > > If i hardcode all the settings on the neutronv2/init.py .. at least it > works, and bring all the secgroup details from netruon > > > > On Fri, Oct 18, 2013 at 3:48 PM, Aaron Rosen wrote: > >> Hi Leandro, >> >> >> I don't

Re: [openstack-dev] Havana neutron security groups config issue

cription": "", > "security_group_rules": [{"remote_group_id": null, "direction": "egress", > "remote_ip_prefix": null, "protocol": null, "ethertype": "IPv6", > "tenant_id": "df26f

Re: [openstack-dev] Havana neutron security groups config issue

ation about libvirt vif driver (that we alreade have on the conf ) > > Here it is: http://pastebin.com/RMgQxFyN > > Any clues ? > > > Best > Lean > > > On Fri, Oct 18, 2013 at 8:06 PM, Aaron Rosen wrote: > >> Is anything showing up in the agents log on t

Re: [openstack-dev] Disable async network allocation

On Wed, Oct 23, 2013 at 4:37 PM, Nachi Ueno wrote: > Hi Phil > > 2013/10/21 Day, Phil : > > Hi Folks, > > > > > > > > I’m trying to track down a couple of obsecure issues in network port > > creation where it would be really useful if I could disable the async > > network allocation so that every

Re: [openstack-dev] [Heat] Network topologies

Hi Edgar, I definitely see the usecase for the idea that you propose. In my opinion, I don't see the reason for moving the management of topology into neutron, Heat already provides this functionality (besides for the part of taking an existing deployment and generating a template file). Also, I

Re: [openstack-dev] [Heat] Network topologies

g and it will help me to improve > current proposal. > > Thanks, > > Edgar > > From: Aaron Rosen > Reply-To: OpenStack List > Date: Tuesday, October 29, 2013 12:48 PM > To: OpenStack List > Subject: Re: [openstack-dev] [Heat] Network topologies > > Hi Edgar

Re: [openstack-dev] {opestack-dev][Horizon] Errors while creating networks

Just curious what does keystone endpoint-list show? On Oct 29, 2013 9:36 PM, "Somanchi Trinath-B39208" wrote: > Hi- > > ** ** > > I have got the following error in apache error logs while I try to bring > up a new instance. > > ** ** > > I have followed Openstack Havana for Ubuntu 12.04

Re: [openstack-dev] [Openstack-security] Neutron security groups for L2 networks in Havana

On Thu, Nov 7, 2013 at 12:23 PM, Kanthi P wrote: > Hi, > > I am trying to boot a VM which has a network without subnet in Havana, but > it throws an exception saying that subnet is mandatory if quantum security > groups are enabled. > > Here are the commands I used. > > neutron net-create testNet

Re: [openstack-dev] [Neutron][LBaaS] Loadbalancer instance design.

On Fri, Nov 15, 2013 at 5:59 AM, Stephen Gran wrote: > On 15/11/13 13:14, Eugene Nikanorov wrote: > >> Hi folks, >> >> I've created a brief description of this feature. >> You can find it here: >> https://wiki.openstack.org/wiki/Neutron/LBaaS/LoadbalancerInstance >>

Re: [openstack-dev] [Neutron] Race condition between DB layer and plugin back-end implementation

This actually doesn't solve the issue because if you run multiple neutron servers behind a loadbalancer you will still run into the same issue with the transaction on the database I believe. We handle this issue in the NVP plugin by removing the transaction and attempt to manually delete the port

Re: [openstack-dev] [Networking] Allocation of IPs

Hi Edgar, In this case if you don't associate a subnet with a network you should achieve that. Why doesn't that work? Thanks, Aaron On Thu, Jun 20, 2013 at 1:51 PM, Edgar Magana wrote: > Could it be possible to add a flag to disable the allocation for the IP? > If the "no allocation" flag

Re: [openstack-dev] [Openstack] CLI command to figure out security-group's association to particular tenant/user

Hi Rahul, The issue is that you are running as an admin user so it shows all the security groups for every tenant. If you want to list the security groups for just one particular tenant you can do this: quantum security-group-list -- --tenant-id= Aaron On Thu, Jun 27, 2013 at 5:54 AM, Rah

Re: [openstack-dev] [Openstack] CLI command to figure out security-group's association to particular tenant/user

e error > message. I am using Grizzly release. > > quantum security-group-rule-create --protocol tcp --ethertype IPv4 --port-range-min 1 --port-range-max 65535 --remote-ip-prefix 0.0.0.0/0 default or nova secgroup-add-rule default tcp 1 65355 0.0.0.0/0 > Thanks and Regards >

Re: [openstack-dev] [Networking] Allocation of IPs

les the > DHCP: > > quantum subnet-create--enable_dhcp False > > > Besides, the CIDR is actually the information that is sent to the DHCP > to locate IP Addresses. > > > Thanks, > > > Edgar > > > From: Aaron Rosen > Reply-To: OpenStack Lis

  1   2   >