Re: [openstack-dev] [Neutron] Stable/liberty breakage

2016-06-15 Thread Aaron Rosen
Sorry I think I gave Gary some bad information here. After digging into this more, the actually underlying issue that we hit is that the packaged 'distro' version of stable/liberty that was running with the vmware-nsx repo included this patch set which is not in upstream stable/liberty

Re: [openstack-dev] [neutron] I am pleased to propose two new Neutron API/DB/RPC core reviewers!

2015-08-18 Thread Aaron Rosen
+1 to both! (Sorry missed this email the first go around). On Fri, Aug 14, 2015 at 10:25 AM, Mark McClain m...@mcclain.xyz wrote: +1 to Brandon and Russell. mark On Aug 13, 2015, at 2:47 PM, Kevin Benton blak...@gmail.com wrote: +1 On Wed, Aug 12, 2015 at 10:43 PM, Akihiro Motoki

Re: [openstack-dev] [Neutron] Proposing Cedric Brandily to Neutron Core Reviewer Team

2015-07-17 Thread Aaron Rosen
+1 On Thu, Jul 16, 2015 at 1:47 AM, Oleg Bondarev obonda...@mirantis.com wrote: +1 On Thu, Jul 16, 2015 at 2:04 AM, Brian Haley brian.ha...@hp.com wrote: +1 On 07/15/2015 02:47 PM, Carl Baldwin wrote: As the Neutron L3 Lieutenant along with Kevin Benton for control plane, and Assaf

Re: [openstack-dev] [congress] is an openstack project

2015-03-31 Thread Aaron Rosen
Sure thing! Thanks Sean. Aaron On Tue, Mar 31, 2015 at 1:28 PM, sean roberts seanrobert...@gmail.com wrote: All is left now is to patch infra to copy the three repos from stackforge. Aaron can you take that on? Congratulations team! ~ sean

Re: [openstack-dev] [Congress]How to add tempest tests for testing murano drive

2015-03-11 Thread Aaron Rosen
/congress_datasources ? So, I don't need to worry about adding python-congerssclient and python-muranoclient in stack/tempest/requirements.txt right ? Thanks, Hong *From:* Aaron Rosen [mailto:aaronoro...@gmail.com aaronoro...@gmail.com] *Sent:* Monday, March 09, 2015 9:28 PM

Re: [openstack-dev] [Congress]How to add tempest tests for testing murano drive

2015-03-09 Thread Aaron Rosen
Hi Hong, I you should be able to run the tempest tests with ./run_tempest.sh -N which by default uses site-packages so they should be installed by the devstack script. If you want to run tempest via tox and venv you'll need to do: echo python-congressclient requirements.txt echo

Re: [openstack-dev] [neutron] high dhcp lease times in neutron deployments considered harmful (or not???)

2015-02-03 Thread Aaron Rosen
I believe I was the one who changed the default value of this. When we upgraded our internal cloud ~6k networks back then from folsom to grizzly we didn't account that if the dhcp-agents went offline that instances would give up their lease and unconfigure themselves causing an outage. Setting a

Re: [openstack-dev] [Fuel] 10Gbe performance issue.

2015-01-20 Thread Aaron Rosen
If you can get 9Gbps with multiple connections I'm guessing it's because of latency and the buffer size of your sockets. If you change the sending and receiving window size you should be able to fully saturate the link with one connection (though there are several reasons for not doing that). On

Re: [openstack-dev] [neutron] Changes to the core team

2015-01-19 Thread Aaron Rosen
+1 On Fri, Jan 16, 2015 at 12:03 PM, Carl Baldwin c...@ecbaldwin.net wrote: +1 On Thu, Jan 15, 2015 at 3:31 PM, Kyle Mestery mest...@mestery.com wrote: The last time we looked at core reviewer stats was in December [1]. In looking at the current stats, I'm going to propose some changes to

[openstack-dev] python-congressclient 1.0.1 released

2014-12-10 Thread Aaron Rosen
The congress team is pleased to announce the release of the python-congressclient 1.0.1. This release includes several bug fixes as well as many other changes - a few highlights: - python34 compatibility - New CLI command to simulate results of rule - openstack congress policy

Re: [openstack-dev] [neutron] Changes to the core team

2014-12-02 Thread Aaron Rosen
+1 for Kevin and Henry! On Tue, Dec 2, 2014 at 10:40 AM, Nati Ueno nati.u...@gmail.com wrote: Hi folks Congrats! Henry and Kevin. I'll keep contributing the community, but Thank you for working with me as core team :) Best Nachi 2014-12-03 2:05 GMT+09:00 Carl Baldwin

Re: [openstack-dev] [Neutron] Enabling vlan trunking on neutron port.

2014-09-19 Thread Aaron Rosen
Neutron doesn't allow you to send tagged traffic from the guest today https://github.com/openstack/neutron/blob/master/neutron/plugins/openvswitch/agent/ovs_neutron_agent.py#L384 On Fri, Sep 19, 2014 at 7:01 AM, Parikshit Manur parikshit.ma...@citrix.com wrote: Hi All, I

Re: [openstack-dev] [Neutron] keep old specs

2014-09-17 Thread Aaron Rosen
I agree as well. I think moving them to an unimplemented folder makes sense and would be helpful in reviewing if one re-proposes a blueprint. On Mon, Sep 15, 2014 at 7:20 AM, Russell Bryant rbry...@redhat.com wrote: On 09/15/2014 10:01 AM, Kevin Benton wrote: Some of the specs had a

Re: [openstack-dev] [neutron][security-groups] Neutron default security groups

2014-09-16 Thread Aaron Rosen
Hi, Inline: On Tue, Sep 16, 2014 at 1:00 AM, Fawad Khaliq fa...@plumgrid.com wrote: Folks, I have had discussions with some folks individually about this but I would like bring this to a broader audience. I have been playing with security groups and I see the notion of 'default' security

Re: [openstack-dev] [congress] Jenkins failure

2014-08-19 Thread Aaron Rosen
You need to rebase again. The readme file changed before Jenkins got a chance to test your patch. On Monday, August 18, 2014, Rajdeep Dua rajdeep@gmail.com wrote: my branch already has the latest changes. it is not able to merge two rst files hence it failed On Tue, Aug 19, 2014 at

Re: [openstack-dev] [Neutron] Is network ordering of vNICs guaranteed?

2014-08-14 Thread Aaron Rosen
of vNICs is not 100% guaranteed for the cloud images which are not shipped with /etc/udev/rules.d/70-persistent-net.rules. e.g. attaching a port and deattaching another port, then reboot the instance. 2014-08-12 15:52 GMT+08:00 Aaron Rosen aaronoro...@gmail.com: This bug was true in grizzly

Re: [openstack-dev] [Neutron] Simple proposal for stabilizing new features in-tree

2014-08-13 Thread Aaron Rosen
Hi, I've been thinking a good bit on this on the right way to move forward with this and in general the right way new services should be added. Yesterday I was working on a bug that was causing some problems in the openstack infra. We tracked down the issue then I uploaded a patch for it. A

Re: [openstack-dev] [Neutron] Is network ordering of vNICs guaranteed?

2014-08-12 Thread Aaron Rosen
This bug was true in grizzly and older (and was reintroduced in icehouse for a few days but was fixed before the nova icehouse shipped). Aaron On Mon, Aug 11, 2014 at 7:10 AM, CARVER, PAUL pc2...@att.com wrote: Armando M. [mailto:arma...@gmail.com] wrote: On 9 August 2014 10:16, Jay

Re: [openstack-dev] [Congress] congress-server fails to start

2014-08-11 Thread Aaron Rosen
Hi Rajdeep, I think the issue you're facing here is because you have a non-asci char in your etc/congress.conf.sample file. Could you try the following commands: mv congress/etc/congress.config.sample /tmp git checkout congress/etc/config.sample ./bin/congress-server --config-file

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

2014-08-07 Thread Aaron Rosen
on that. I'm just trying to convince you of the value of declarative network configuration. On Thu, Aug 7, 2014 at 12:02 PM, Aaron Rosen aaronoro...@gmail.com wrote: On Thu, Aug 7, 2014 at 9:54 AM, Kevin Benton blak...@gmail.com wrote: You said you had no idea what group based policy was buying

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

2014-08-07 Thread Aaron Rosen
module with a pointer to the file, the section name, the key, and the value with a notification to restart the service. On Wed, Aug 6, 2014 at 7:40 PM, Aaron Rosen aaronoro...@gmail.com wrote: On Wed, Aug 6, 2014 at 5:27 PM, Kevin Benton blak...@gmail.com wrote: Web tier can communicate

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

2014-08-07 Thread Aaron Rosen
with flat and provider networks. Either way one could easily write a nova-binding to the command they used previously to create a router and uplink it hiding the fact that there is a router there. On Thu, Aug 7, 2014 at 9:10 AM, Aaron Rosen aaronoro...@gmail.com wrote: Hi Kevin, I feel as your

Re: [openstack-dev] [Neutron] Group Based Policy and the way forward

2014-08-06 Thread Aaron Rosen
On Tue, Aug 5, 2014 at 11:18 PM, Gary Kotton gkot...@vmware.com wrote: On 8/5/14, 8:53 PM, Russell Bryant rbry...@redhat.com wrote: On 08/05/2014 01:23 PM, Gary Kotton wrote: Ok, thanks for the clarification. This means that it will not be done automagically as it is today ­ the tenant

Re: [openstack-dev] [Neutron] Group Based Policy and the way forward

2014-08-06 Thread Aaron Rosen
On Wed, Aug 6, 2014 at 12:59 AM, Gary Kotton gkot...@vmware.com wrote: From: Aaron Rosen aaronoro...@gmail.com Reply-To: OpenStack List openstack-dev@lists.openstack.org Date: Wednesday, August 6, 2014 at 10:09 AM To: OpenStack List openstack-dev@lists.openstack.org Subject: Re

Re: [openstack-dev] [Neutron] Group Based Policy and the way forward

2014-08-06 Thread Aaron Rosen
As a cloud admin one needs to make sure the endpoints in keystone publicurl, internalurl and adminurl all map to the right places in the infrastructure. As a cloud user (for example when using the HP/RAX public cloud that has multiple regions/endpoints) a user needs to be aware of which region

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

2014-08-06 Thread Aaron Rosen
Hi, I've made my way through the group based policy code and blueprints and I'd like ask several questions about it. My first question really is what is the advantage that the new proposed group based policy model buys us? Bobs says, The group-based policy BP approved for Juno addresses the

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

2014-08-06 Thread Aaron Rosen
Hi Ryan, On Wed, Aug 6, 2014 at 11:55 AM, Ryan Moats rmo...@us.ibm.com wrote: Jay Pipes jaypi...@gmail.com wrote on 08/06/2014 01:04:41 PM: [snip] AFAICT, there is nothing that can be done with the GBP API that cannot be done with the low-level regular Neutron API. I'll take you up

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

2014-08-06 Thread Aaron Rosen
this to a different thread labeled what is the point of group policy? I don't want to derail this one again and we should stick to Salvatore's options about the way to move forward with these code changes. On Aug 6, 2014 12:42 PM, Aaron Rosen aaronoro...@gmail.com wrote: Hi, I've made my way through

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

2014-08-06 Thread Aaron Rosen
to create an endpointgroup. What is being done implicitly here? I fail to see the difference. Also, I agree with Kevin when he says that this is a whole different discussion. Thanks, Ivar. On Wed, Aug 6, 2014 at 9:12 PM, Aaron Rosen aaronoro...@gmail.com wrote: Hi Ryan, On Wed, Aug 6

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

2014-08-06 Thread Aaron Rosen
On Wed, Aug 6, 2014 at 12:45 PM, Ryan Moats rmo...@us.ibm.com wrote: Aaron Rosen aaronoro...@gmail.com wrote on 08/06/2014 02:12:05 PM: From: Aaron Rosen aaronoro...@gmail.com To: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.org Date: 08/06

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

2014-08-06 Thread Aaron Rosen
On Wed, Aug 6, 2014 at 12:46 PM, Kevin Benton blak...@gmail.com wrote: I believe the referential security group rules solve this problem (unless I'm not understanding): I think the disconnect is that you are comparing the way to current mapping driver implements things for the reference

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

2014-08-06 Thread Aaron Rosen
if it wanted to as it should also know that graph. No? On Wed, Aug 6, 2014 at 4:03 PM, Aaron Rosen aaronoro...@gmail.com wrote: On Wed, Aug 6, 2014 at 12:46 PM, Kevin Benton blak...@gmail.com wrote: I believe the referential security group rules solve this problem (unless I'm

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

2014-08-06 Thread Aaron Rosen
on a router or a switch, which doesn't violate the user's intent and buys a performance improvement and works with ports that don't support security groups. states On Wed, Aug 6, 2014 at 5:00 PM, Aaron Rosen aaronoro...@gmail.com wrote: On Wed, Aug 6, 2014 at 3:35 PM, Kevin Benton blak

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

2014-08-06 Thread Aaron Rosen
that communication between these two hosts can be prevented by using an ACL on a router or a switch, which doesn't violate the user's intent and buys a performance improvement and works with ports that don't support security groups. On Wed, Aug 6, 2014 at 5:00 PM, Aaron Rosen aaronoro...@gmail.com

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

2014-08-06 Thread Aaron Rosen
determine that communication between these two hosts can be prevented by using an ACL on a router or a switch, which doesn't violate the user's intent and buys a performance improvement and works with ports that don't support security groups. On Wed, Aug 6, 2014 at 5:00 PM, Aaron Rosen aaronoro

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

2014-08-06 Thread Aaron Rosen
could determine that communication between these two hosts can be prevented by using an ACL on a router or a switch, which doesn't violate the user's intent and buys a performance improvement and works with ports that don't support security groups. On Wed, Aug 6, 2014 at 5:00 PM, Aaron Rosen

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

2014-08-06 Thread Aaron Rosen
Gah, clearly hitting some kind of gmail bug as i replied to the right thread all 3 times i believe. On Wed, Aug 6, 2014 at 4:56 PM, Aaron Rosen aaronoro...@gmail.com wrote: [Moving my reply to the correct thread as someone changed the subject line. Attempt 3 :'( ] On Wed, Aug 6, 2014 at 4

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

2014-08-06 Thread Aaron Rosen
, Aaron On Wed, Aug 6, 2014 at 5:39 PM, Aaron Rosen aaronoro...@gmail.com wrote: On Wed, Aug 6, 2014 at 4:18 PM, Kevin Benton blak...@gmail.com wrote: Given this information I don't see any reason why the backend system couldn't do enforcement at the logical router and if it did so neither

Re: [openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

2014-08-06 Thread Aaron Rosen
? Honestly, I know a lot of work has been put into this. I haven't said I'm for or against it either. I'm really just trying to understand what is the motivation for this and why does it make neutron better. Best, Aaron On Wed, Aug 6, 2014 at 6:06 PM, Aaron Rosen aaronoro...@gmail.com wrote

Re: [openstack-dev] [Nova] Nominating Jay Pipes for nova-core

2014-07-31 Thread Aaron Rosen
+1! On Thu, Jul 31, 2014 at 12:40 AM, Nikola Đipanov ndipa...@redhat.com wrote: On 07/30/2014 11:02 PM, Michael Still wrote: Greetings, I would like to nominate Jay Pipes for the nova-core team. Jay has been involved with nova for a long time now. He's previously been a nova core,

Re: [openstack-dev] Creating new python-new_project_nameclient

2014-06-26 Thread Aaron Rosen
Thanks guys, very helpful. Aaron On Wed, Jun 25, 2014 at 11:53 PM, Jamie Lennox jamielen...@redhat.com wrote: On Wed, 2014-06-25 at 22:42 -0500, Dean Troyer wrote: On Wed, Jun 25, 2014 at 10:18 PM, Aaron Rosen aaronoro...@gmail.com wrote: I'm looking at creating a new python

[openstack-dev] Creating new python-new_project_nameclient

2014-06-25 Thread Aaron Rosen
Hi, I'm looking at creating a new python-new_project_nameclient and I was wondering if there was any on going effort to share code between the clients or not? I've looked at the code in python-novaclient and python-neutronclient and both of them seem to have their own homegrown HTTPClient and

Re: [openstack-dev] [Neutron] default security group rules in neutron

2014-06-24 Thread Aaron Rosen
Hi Lingxian, I've definitely experienced this problem first hand when new tenants are allowed access to our openstack cloud. I understand that nova has an extension to do this but I'm curious if part of the tenant onboarding script if the desired security group rules could be set. I'm not opposed

Re: [openstack-dev] [Nova] Nominating Ken'ichi Ohmichi for nova-core

2014-06-16 Thread Aaron Rosen
+1 On Monday, June 16, 2014, Andrew Laski andrew.la...@rackspace.com wrote: +1 On 06/13/2014 06:40 PM, Michael Still wrote: Greetings, I would like to nominate Ken'ichi Ohmichi for the nova-core team. Ken'ichi has been involved with nova for a long time now. His reviews on API changes

Re: [openstack-dev] [neutron] Supporting retries in neutronclient

2014-05-28 Thread Aaron Rosen
. Aaron Rosen aaronoro...@gmail.com wrote on 05/27/2014 09:40:00 PM: From: Aaron Rosen aaronoro...@gmail.com To: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.org, Date: 05/27/2014 09:44 PM Subject: Re: [openstack-dev] [neutron] Supporting

Re: [openstack-dev] [Nova] [Neutron] heal_instance_info_cache_interval - Can we kill it?

2014-05-28 Thread Aaron Rosen
On Wed, May 28, 2014 at 7:39 AM, Assaf Muller amul...@redhat.com wrote: - Original Message - Hi, Sorry somehow I missed this email. I don't think you want to disable it, though we can definitely have it run less often. The issue with disabling it is if one of the

Re: [openstack-dev] [IceHouse][Neutron][Ubuntu 14.04] Error: Failed to delete network

2014-05-27 Thread Aaron Rosen
Hi, can you open a bug report on this and provide your setup configuration? I just tested this with ML2 and wasn't able to reproduce the issue. arosen@arosen-MacBookPro:~/devstack$ neutron net-create asdf --provider:network_type vlan --provider:segmentation_id 124 --provider:physical_network

Re: [openstack-dev] [IceHouse][Neutron][Ubuntu 14.04] Error: Failed to delete network

2014-05-27 Thread Aaron Rosen
L3 Router, it will break the External Network and its Floating IPs, then, it becomes impossible to delete that External Network... It enters in a stuck state... Regards, Thiago On 27 May 2014 18:34, Aaron Rosen aaronoro...@gmail.com wrote: Hi, can you open a bug report

Re: [openstack-dev] [neutron] Supporting retries in neutronclient

2014-05-27 Thread Aaron Rosen
Hi, Is it possible to detect when the ssl handshaking error occurs on the client side (and only retry for that)? If so I think we should do that rather than retrying multiple times. The danger here is mostly for POST operations (as Eugene pointed out) where it's possible for the response to not

Re: [openstack-dev] [Nova] [Neutron] heal_instance_info_cache_interval - Can we kill it?

2014-05-27 Thread Aaron Rosen
Hi, Sorry somehow I missed this email. I don't think you want to disable it, though we can definitely have it run less often. The issue with disabling it is if one of the notifications from neutron-nova never gets sent successfully to nova (neutron-server is restarted before the event is sent or

Re: [openstack-dev] Glance

2014-05-23 Thread Aaron Rosen
Do you have a loadbalancer or something that limits the request time in the path? That would be my guess, you probably need to raise the request_termination_timeout. Best, Aaron On Thu, May 22, 2014 at 10:59 PM, Tizy Ninan tizy.e...@gmail.com wrote: Hi, We have an openstack deployment

Re: [openstack-dev] [neutron] Proposed changes to core team

2014-05-21 Thread Aaron Rosen
+1 I agree. Carl has make a lot of great contributions in both code and reviews. On Wed, May 21, 2014 at 3:19 PM, Armando M. arma...@gmail.com wrote: +1 from me too: Carl's contributions, code and reviews, have helped raise the quality of this project. Cheers, Armando On 21 May 2014

Re: [openstack-dev] Chalenges with highly available service VMs

2014-05-20 Thread Aaron Rosen
submit my patch removing this check. Thanks, Praveen On Mon, May 19, 2014 at 12:32 PM, Aaron Rosen aaronoro...@gmail.comwrote: Hi, Sure, if you look at this method: def _check_fixed_ips_and_address_pairs_no_overlap(self, context, port): address_pairs

Re: [openstack-dev] Chalenges with highly available service VMs

2014-05-20 Thread Aaron Rosen
| +---+--+ On Tue, May 20, 2014 at 7:52 PM, Aaron Rosen aaronoro...@gmail.com wrote: Hi Praveen, I think there is some confusion here. This function doesn't check

Re: [openstack-dev] Chalenges with highly available service VMs

2014-05-20 Thread Aaron Rosen
case, allowed-address-pairs is ADDING on to what is allowed because of the fixed IPs. So, there is no possibility of conflict. The check will probably make sense if we are maintaining denied addresses instead of allowed addresses. Cheers, Praveen On Tue, May 20, 2014 at 9:34 AM, Aaron Rosen

Re: [openstack-dev] Chalenges with highly available service VMs

2014-05-19 Thread Aaron Rosen
677 elif changed_fixed_ips: 678 self._check_fixed_ips_and_address_pairs_no_overlap( 679 context, updated_port) --- Thanks, Praveen On Wed, Jul 17, 2013 at 3:45 PM, Aaron Rosen aro...@nicira.com wrote: Hi Ian

[openstack-dev] Changing glances default policy on setting image public to admin only

2014-05-08 Thread Aaron Rosen
Hi, The current default settings that glance ships with allows any tenant to upload an image and mark it as public for other tenants to use. I'd like to change the default (https://review.openstack.org/#/c/92739/) so that only a admin user can make an image public by default. Allowing any tenant

Re: [openstack-dev] q-agt error

2014-05-06 Thread Aaron Rosen
I don't see any error in the above logs you've pasted. I'd check the nova-compute logs as well. Aaron On Mon, May 5, 2014 at 10:51 PM, sonia verma soniaverma9...@gmail.comwrote: Hi all I want to boot VM from openstack dashboard onto compute node using devstack.When I'm booting VM from

Re: [openstack-dev] [Openstack][Neutron] 2 NICs on Instance Creation not working

2014-04-21 Thread Aaron Rosen
Hi, I'm guessing the scripts inside your guest is only setup to configure dhcp on the first interface. See /etc/network/interfaces Best, Aaron On Mon, Apr 21, 2014 at 4:59 PM, Hopper, Justin justin.hop...@hp.comwrote: They are on separate Networks. Justin Hopper Software Engineer -

Re: [openstack-dev] [Openstack][nova][Neutron] Launch VM with multiple Ethernet interfaces with I.P. of single subnet.

2014-04-17 Thread Aaron Rosen
-cli or API to update the port object with the extra IP. 5. Hope that Neutron will never allocate that IP address for something else. On Wed, Apr 16, 2014 at 9:46 PM, Aaron Rosen aaronoro...@gmail.comwrote: Whoops Akihiro beat me to it :) On Wed, Apr 16, 2014 at 9:46 PM, Aaron Rosen

Re: [openstack-dev] [Openstack][nova][Neutron] Launch VM with multiple Ethernet interfaces with I.P. of single subnet.

2014-04-17 Thread Aaron Rosen
Rosen aaronoro...@gmail.comwrote: Whoops Akihiro beat me to it :) On Wed, Apr 16, 2014 at 9:46 PM, Aaron Rosen aaronoro...@gmail.comwrote: The allowed-address-pair extension that was added here ( https://review.openstack.org/#/c/38230/) allows us to add arbitrary ips to an interface to allow

Re: [openstack-dev] [Openstack][nova][Neutron] Launch VM with multiple Ethernet interfaces with I.P. of single subnet.

2014-04-17 Thread Aaron Rosen
for a tenant workflow to get multiple addresses. I would like to improve this during the Juno cycle. What is the limitation that is blocking the multi-nic use cases? Is it Nova? On Wed, Apr 16, 2014 at 11:27 PM, Aaron Rosen aaronoro...@gmail.comwrote: Hi Kevin, You'd would just create ports

Re: [openstack-dev] Running neutron in child cells

2014-04-16 Thread Aaron Rosen
Hi Ramkumar, Today there is no type of cells integration or cells like logic in neutron. If using nova cells, each cell must share the same neturon deployment. This neutron deployment though can be scaled out across several neutron servers behind a loadbalancer though. Another scaling option

Re: [openstack-dev] [Openstack][nova][Neutron] Launch VM with multiple Ethernet interfaces with I.P. of single subnet.

2014-04-16 Thread Aaron Rosen
This is true. Several people have asked this same question over the years though I've yet to hear a use case why one really need to do this. Do you have one? On Wed, Apr 16, 2014 at 3:12 PM, Ronak Shah ro...@nuagenetworks.net wrote: Hi Vikash, Currently this is not supported. the NIC not only

Re: [openstack-dev] [Neutron] API list operations are not fast as they could because they're dumb

2014-04-16 Thread Aaron Rosen
Hi, Comments inline: On Tue, Apr 8, 2014 at 3:16 PM, Salvatore Orlando sorla...@nicira.comwrote: I have been recently investigating reports of slowness for list responses in the Neutron API. This was first reported in [1], and then recently was observed with both the ML2 and the NSX

Re: [openstack-dev] [Openstack][nova][Neutron] Launch VM with multiple Ethernet interfaces with I.P. of single subnet.

2014-04-16 Thread Aaron Rosen
. On Thu, Apr 17, 2014 at 6:20 AM, Aaron Rosen aaronoro...@gmail.comwrote: This is true. Several people have asked this same question over the years though I've yet to hear a use case why one really need to do this. Do you have one? On Wed, Apr 16, 2014 at 3:12 PM, Ronak Shah ro

Re: [openstack-dev] [Openstack][nova][Neutron] Launch VM with multiple Ethernet interfaces with I.P. of single subnet.

2014-04-16 Thread Aaron Rosen
is there? On Wed, Apr 16, 2014 at 5:50 PM, Aaron Rosen aaronoro...@gmail.comwrote: This is true. Several people have asked this same question over the years though I've yet to hear a use case why one really need to do this. Do you have one? On Wed, Apr 16, 2014 at 3:12 PM, Ronak Shah ro

Re: [openstack-dev] [Openstack][nova][Neutron] Launch VM with multiple Ethernet interfaces with I.P. of single subnet.

2014-04-16 Thread Aaron Rosen
support the SNI extension. There is no way for a server to get multiple IP addresses on the same interface is there? On Wed, Apr 16, 2014 at 5:50 PM, Aaron Rosen aaronoro...@gmail.comwrote: This is true. Several people have asked this same question over the years though I've yet to hear a use case

Re: [openstack-dev] [Openstack][nova][Neutron] Launch VM with multiple Ethernet interfaces with I.P. of single subnet.

2014-04-16 Thread Aaron Rosen
...@gmail.com wrote: I was under the impression that the security group rules blocked addresses not assigned by neutron[1]. 1. https://github.com/openstack/neutron/blob/master/neutron/agent/linux/iptables_firewall.py#L188 On Wed, Apr 16, 2014 at 9:20 PM, Aaron Rosen aaronoro...@gmail.comwrote: You

Re: [openstack-dev] [Openstack][nova][Neutron] Launch VM with multiple Ethernet interfaces with I.P. of single subnet.

2014-04-16 Thread Aaron Rosen
Whoops Akihiro beat me to it :) On Wed, Apr 16, 2014 at 9:46 PM, Aaron Rosen aaronoro...@gmail.com wrote: The allowed-address-pair extension that was added here ( https://review.openstack.org/#/c/38230/) allows us to add arbitrary ips to an interface to allow them. This is useful if you want

Re: [openstack-dev] [Openstack] [NOVA] Missing network info in nova list

2014-04-02 Thread Aaron Rosen
Hi Slawek, Interesting, I haven't seen this issue of network info not showing up on nova list and the instance being in ACTIVE state. Could you check out the nova logs and see if there are any TRACE's there? If you're using icehouse you should be able to do neutron port-update port_id that maps

Re: [openstack-dev] [neutron]Success to create securitygroup with invalid tenant_id. Does it need to check the tenant_id?

2014-04-02 Thread Aaron Rosen
Hi Lee, No, currently only an admin user can create something with a different tenant_id by default. The issue with validating the tenant_id is we need to involve keystone in order to check if the tenant_id is valid (which will cause things to slow down). I believe this question has already come

Re: [openstack-dev] [neutron][rootwrap] Performance considerations, sudo?

2014-03-13 Thread Aaron Rosen
The easiest/quickest thing to do for ice house would probably be to run the initial sync in parallel like the dhcp-agent does for this exact reason. See: https://review.openstack.org/#/c/28914/ which did this for thr dhcp-agent. Best, Aaron On Thu, Mar 13, 2014 at 12:18 PM, Miguel Angel Ajo

Re: [openstack-dev] [neutron][rootwrap] Performance considerations, sudo?

2014-03-10 Thread Aaron Rosen
We had this same issue with the dhcp-agent. Code was added that paralleled the initial sync here: https://review.openstack.org/#/c/28914/ that made things a good bit faster if I remember correctly. Might be worth doing something similar for the l3-agent. Best, Aaron On Mon, Mar 10, 2014 at

Re: [openstack-dev] No route matched for POST

2014-03-10 Thread Aaron Rosen
Hi Vijay, I think you'd have to post you're code for anyone to really help you. Otherwise we'll just be taking shots in the dark. Best, Aaron On Mon, Mar 10, 2014 at 7:22 PM, Vijay B os.v...@gmail.com wrote: Hi, I'm trying to implement a new extension API in neutron, but am running into

Re: [openstack-dev] [Neutron][ML2]

2014-03-05 Thread Aaron Rosen
Hi Nader, Devstack's default plugin is ML2. Usually you wouldn't 'inherit' one plugin in another. I'm guessing you probably wire a driver that ML2 can use though it's hard to tell from the information you've provided what you're trying to do. Best, Aaron On Wed, Mar 5, 2014 at 10:42 PM,

[openstack-dev] [nova][neutron][keystone] getting keystone endpoints

2014-02-27 Thread Aaron Rosen
Hi, Dan Smith and I have been working on the integration between nova and neutron to have neutron issue callbacks into nova to trigger certain events. One of the things I'm trying to figure out is how to support multiple nova regions with this kind of interaction since neutron would now needs to

[openstack-dev] False Positive testing for 3rd party CI

2014-02-21 Thread Aaron Rosen
Hi, Yesterday, I pushed a patch to review and was surprised that several of the third party CI systems reported back that the patch-set worked where it definitely shouldn't have. Anyways, I tested out my theory a little more and it turns out a few of the 3rd party CI systems for neutron are just

Re: [openstack-dev] False Positive testing for 3rd party CI

2014-02-21 Thread Aaron Rosen
This should fix the false positive for brocade: https://review.openstack.org/#/c/75486/ Aaron On Fri, Feb 21, 2014 at 10:34 AM, Aaron Rosen aaronoro...@gmail.com wrote: Hi, Yesterday, I pushed a patch to review and was surprised that several of the third party CI systems reported back

Re: [openstack-dev] [Neutron][nova] Neutron plugin authors: Does port status indicate liveness?

2014-02-19 Thread Aaron Rosen
up on the destination host. This could potentially resolve this bug : https://bugs.launchpad.net/neutron/+bug/1274160 Best, Mathieu On Tue, Feb 18, 2014 at 2:55 AM, Aaron Rosen aaronoro...@gmail.com wrote: Hi Maru, Thanks for getting this thread started. I've filed the following

Re: [openstack-dev] [Neutron] Nominate Oleg Bondarev for Core

2014-02-18 Thread Aaron Rosen
+1 On Feb 16, 2014 8:10 PM, Armando M. arma...@gmail.com wrote: +1 On Feb 13, 2014 5:52 PM, Nachi Ueno na...@ntti3.com wrote: +1 2014年2月12日水曜日、Mayur Patilram.nath241...@gmail.comさんは書きました: +1 *--* *Cheers,* *Mayur* ___ OpenStack-dev

Re: [openstack-dev] [Neutron][nova] Neutron plugin authors: Does port status indicate liveness?

2014-02-17 Thread Aaron Rosen
allocation. Aaron Rosen and I have been talking about fixing this by having Nova perform a check for port 'liveness' after vif plug and before vm boot. The idea is to have Nova fail the instance if its ports are not seen to be 'live' within a reasonable timeframe after plug. Our initial

Re: [openstack-dev] [Neutron] Support for multiple provider networks with same VLAN segmentation id

2014-02-12 Thread Aaron Rosen
of the network_type. Vinay On Tue, Feb 11, 2014 at 12:32 PM, Aaron Rosen aaronoro...@gmail.comwrote: I believe it would need to be like: network_vlan_ranges = physnet1:100:300, phynet2:100:300, phynet3:100:300 Additional comments inline: On Mon, Feb 10, 2014 at 8:49 PM, Vinay Bannai vban

Re: [openstack-dev] [Neutron] Support for multiple provider networks with same VLAN segmentation id

2014-02-11 Thread Aaron Rosen
I believe it would need to be like: network_vlan_ranges = physnet1:100:300, phynet2:100:300, phynet3:100:300 Additional comments inline: On Mon, Feb 10, 2014 at 8:49 PM, Vinay Bannai vban...@gmail.com wrote: Bob and Kyle, Thanks for your review. We looked at this option and it seems it

Re: [openstack-dev] [Neutron] Calling a controller from within a session in the plugin

2013-12-04 Thread Aaron Rosen
In my experience doing any kind of http request inside a of a db transaction kills performance vastly (and can lead to situations where deadlock often occurs due to eventlet+sqlalchemly). This topic also was recently discussed here:

Re: [openstack-dev] [nova] Should the server create API return 404 errors?

2013-11-25 Thread Aaron Rosen
On Mon, Nov 25, 2013 at 6:00 PM, Christopher Yeoh cbky...@gmail.com wrote: On Tue, Nov 26, 2013 at 7:27 AM, Matt Riedemann mrie...@linux.vnet.ibm.com wrote: Aaron Rosen is working a patch [1] to handle a NetworkNotFound exception in the server create API. For the V2 API this will return

Re: [openstack-dev] [Nova] Proposal to add Matt Riedemann to nova-core

2013-11-22 Thread Aaron Rosen
+1 On Fri, Nov 22, 2013 at 12:53 PM, Russell Bryant rbry...@redhat.com wrote: Greetings, I would like to propose adding Matt Riedemann to the nova-core review team. Matt has been involved with nova for a long time, taking on a wide range of tasks. He writes good code. He's very engaged

Re: [openstack-dev] [Neutron] Find the compute host on which a VM runs

2013-11-21 Thread Aaron Rosen
On Thu, Nov 21, 2013 at 8:12 AM, Robert Kukura rkuk...@redhat.com wrote: On 11/21/2013 04:20 AM, Stefan Apostoaie wrote: Hello again, I studied the portbindings extension (the quantum.db.portbindings_db and quantum.extensions.portbindings modules). However it's unclear for me who sets

Re: [openstack-dev] [Openstack-security] Neutron security groups for L2 networks in Havana

2013-11-19 Thread Aaron Rosen
on the ip address what they provided to the vnics. I mean to say, ports will have subnet but just that this subnet is not known to openstack during the instance boot time. On Fri, Nov 8, 2013 at 9:42 AM, Aaron Rosen aro...@nicira.com wrote: On Thu, Nov 7, 2013 at 12:23 PM, Kanthi P

Re: [openstack-dev] [Neutron][LBaaS] Loadbalancer instance design.

2013-11-18 Thread Aaron Rosen
On Fri, Nov 15, 2013 at 5:59 AM, Stephen Gran stephen.g...@theguardian.comwrote: On 15/11/13 13:14, Eugene Nikanorov wrote: Hi folks, I've created a brief description of this feature. You can find it here: https://wiki.openstack.org/wiki/Neutron/LBaaS/LoadbalancerInstance

Re: [openstack-dev] [Neutron] Race condition between DB layer and plugin back-end implementation

2013-11-18 Thread Aaron Rosen
This actually doesn't solve the issue because if you run multiple neutron servers behind a loadbalancer you will still run into the same issue with the transaction on the database I believe. We handle this issue in the NVP plugin by removing the transaction and attempt to manually delete the port

Re: [openstack-dev] [Heat] Network topologies

2013-10-29 Thread Aaron Rosen
Hi Edgar, I definitely see the usecase for the idea that you propose. In my opinion, I don't see the reason for moving the management of topology into neutron, Heat already provides this functionality (besides for the part of taking an existing deployment and generating a template file). Also, I

Re: [openstack-dev] {opestack-dev][Horizon] Errors while creating networks

2013-10-29 Thread Aaron Rosen
Just curious what does keystone endpoint-list show? On Oct 29, 2013 9:36 PM, Somanchi Trinath-B39208 b39...@freescale.com wrote: Hi- ** ** I have got the following error in apache error logs while I try to bring up a new instance. ** ** I have followed Openstack Havana for

Re: [openstack-dev] Havana neutron security groups config issue

2013-10-21 Thread Aaron Rosen
about libvirt vif driver (that we alreade have on the conf ) Here it is: http://pastebin.com/RMgQxFyN Any clues ? Best Lean On Fri, Oct 18, 2013 at 8:06 PM, Aaron Rosen aro...@nicira.com wrote: Is anything showing up in the agents log on the hypervisors? Also, can you confirm you have

Re: [openstack-dev] Havana neutron security groups config issue

2013-10-18 Thread Aaron Rosen
Hi Leandro, I don't believe the setting of: security_group_api=neutron in nova.conf actually doesn't matter at all on the compute nodes (still good to set it though). But it matters on the nova-api node. can you confirm that your nova-api node has: security_group_api=neutron in it's nova.conf?

Re: [openstack-dev] Havana neutron security groups config issue

2013-10-18 Thread Aaron Rosen
, and bring all the secgroup details from netruon On Fri, Oct 18, 2013 at 3:48 PM, Aaron Rosen aro...@nicira.com wrote: Hi Leandro, I don't believe the setting of: security_group_api=neutron in nova.conf actually doesn't matter at all on the compute nodes (still good to set it though

Re: [openstack-dev] Havana neutron security groups config issue

2013-10-18 Thread Aaron Rosen
-bd7921a26609 223f36a9e1fc44659ac93479cb508902 df26f374a7a84eddb06881c669ffd62f] 172.16.124.10 GET /v2/df26f374a7a84eddb06881c669ffd62f/servers/detail HTTP/1.1 status: 200 len: 1878 time: 0.6089120 On Fri, Oct 18, 2013 at 5:07 PM, Aaron Rosen aro...@nicira.com wrote: Do you have [default

Re: [openstack-dev] How to enable quantum Nicira NVP plugin in devstack

2013-09-26 Thread Aaron Rosen
Hi Xin, In order to use the NVP plugin you need to have NVP which the plugin talks to. Do you have access to NVP? Best, Aaron On Thu, Sep 26, 2013 at 1:47 PM, openstack learner openstacklea...@gmail.com wrote: Hi, From the link

Re: [openstack-dev] [Neutron] FWaaS: Support for explicit commit

2013-08-07 Thread Aaron Rosen
Hi Sumit, Neutron has a concept of a bulk creation where multiple things can be created in one api request rather that N (and then be implemented atomically on the backend). In my opinion, I think it would be better to implement a bulk update/delete operation rather than a commit. I think that

Re: [openstack-dev] Article on Improving Openstack's Parallel Performance

2013-07-29 Thread Aaron Rosen
Hi Peter, Great article. Any interest in pushing your N-work quantum-server patch upstream? Thanks, Aaron On Mon, Jul 22, 2013 at 8:44 AM, Peter Feiner pe...@gridcentric.ca wrote: Hello, I've written an article about my ongoing work on improving OpenStack's parallel performance:

  1   2   >