Re: [openstack-dev] [glance] HTTPS client breaks nova

2014-09-09 Thread Rob Crittenden
Flavio Percoco wrote: On 07/23/2014 06:05 PM, Rob Crittenden wrote: Rob Crittenden wrote: It looks like the switch to requests in python-glanceclient (https://review.openstack.org/#/c/78269/) has broken nova when SSL is enabled. I think it is related to the custom object

[openstack-dev] [DevStack] neutron config not working

2014-06-24 Thread Rob Crittenden
Before I get punted onto the operators list, I post this here because this is the default config and I'd expect the defaults to just work. Running devstack inside a VM with a single NIC configured and this in localrc: disable_service n-net enable_service q-svc enable_service q-agt enable_service

Re: [openstack-dev] [DevStack] neutron config not working

2014-06-26 Thread Rob Crittenden
Mark Kirkwood wrote: On 25/06/14 10:59, Rob Crittenden wrote: Before I get punted onto the operators list, I post this here because this is the default config and I'd expect the defaults to just work. Running devstack inside a VM with a single NIC configured and this in localrc

Re: [openstack-dev] [DevStack] neutron config not working

2014-07-01 Thread Rob Crittenden
Rob Crittenden wrote: Mark Kirkwood wrote: On 25/06/14 10:59, Rob Crittenden wrote: Before I get punted onto the operators list, I post this here because this is the default config and I'd expect the defaults to just work. Running devstack inside a VM with a single NIC configured

[openstack-dev] [glance] HTTPS client breaks nova

2014-07-23 Thread Rob Crittenden
It looks like the switch to requests in python-glanceclient (https://review.openstack.org/#/c/78269/) has broken nova when SSL is enabled. I think it is related to the custom object that the glanceclient uses. If another connection gets pushed into the pool then things fail because the object

Re: [openstack-dev] [glance] HTTPS client breaks nova

2014-07-23 Thread Rob Crittenden
Rob Crittenden wrote: It looks like the switch to requests in python-glanceclient (https://review.openstack.org/#/c/78269/) has broken nova when SSL is enabled. I think it is related to the custom object that the glanceclient uses. If another connection gets pushed into the pool then things

[openstack-dev] SSL in Common client

2014-05-02 Thread Rob Crittenden
TL;DR Work is happening on a unified client library. This provides the opportunity to rework the way SSL options are handled. Can we discuss this in one of the sessions at the Atlanta Summit in a few weeks? https://blueprints.launchpad.net/oslo/+spec/common-client-library-2 outlines a path

Re: [openstack-dev] SSL in Common client

2014-05-02 Thread Rob Crittenden
Dean Troyer wrote: On Fri, May 2, 2014 at 2:14 PM, Adam Young ayo...@redhat.com mailto:ayo...@redhat.com wrote: Did swift leave this behind when they switched to Requests? Swift and Glance clients were not changed to requests when I did the initial work in the fall of 2012 due to their

Re: [openstack-dev] SSL in Common client

2014-05-02 Thread Rob Crittenden
Dean Troyer wrote: On Fri, May 2, 2014 at 2:06 PM, Rob Crittenden rcrit...@redhat.com mailto:rcrit...@redhat.com wrote: I'm trying to get devstack to the point where it can configure all the services with SSL so it can be be part of the acceptance process. This is for client

Re: [openstack-dev] SSL in Common client

2014-05-05 Thread Rob Crittenden
Chmouel Boudjnah wrote: Rob Crittenden rcrit...@redhat.com writes: From what I found nothing has changed either upstream or in swift. If you are asking about the ability to disable SSL compression it is up to the OS to provide that so nothing was added when we changed swiftclient

Re: [openstack-dev] [nova] [devstack] configuring https for glance client

2015-02-10 Thread Rob Crittenden
Andrew Lazarev wrote: Hi Nova experts, Some time ago I figured out that devstack fails to stack with USE_SSL=True option because it doesn't configure nova to work with secured glace [1]. Support of secured glance was added to nova in Juno cycle [2], but it looks strange for me. Glance

[openstack-dev] service metadata discovery URLs

2015-06-09 Thread Rob Crittenden
If you hit the root page of many of the services (keystone, glance-api, cinder and nova-api at least), the output will include the available versions and their URLs. These URLs are more or less hardcoded, with a config override. In keystone these are public_endpoint and admin_endpoint, in

Re: [openstack-dev] [nova] nova hooks - document & test or deprecate?

2016-02-29 Thread Rob Crittenden
Andrew Laski wrote: > > > On Mon, Feb 29, 2016, at 12:12 PM, Dan Smith wrote: >>> In our continued quest on being more explicit about plug points it feels >>> like we should other document the interface (which means creating >>> stability on the hook parameters) or we should deprecate this

Re: [openstack-dev] [nova] nova hooks - document & test or deprecate?

2016-03-01 Thread Rob Crittenden
Daniel P. Berrange wrote: > On Mon, Feb 29, 2016 at 12:36:03PM -0700, Rich Megginson wrote: >> On 02/29/2016 12:19 PM, Chris Friesen wrote: >>> On 02/29/2016 12:22 PM, Daniel P. Berrange wrote: >>> There's three core scenarios for hooks 1. Modifying some aspect of the Nova

Re: [openstack-dev] [nova] nova hooks - document & test or deprecate?

2016-03-01 Thread Rob Crittenden
Daniel P. Berrange wrote: > On Mon, Feb 29, 2016 at 11:59:06AM -0500, Sean Dague wrote: >> The nova/hooks.py infrastructure has been with us since early Nova. It's >> currently only annotated on a few locations - 'build_instance', >> 'create_instance', 'delete_instance', and

[openstack-dev] Are injected files in compute going to be deprecated?

2016-03-30 Thread Rob Crittenden
In nova/compute/manager.py I see: def inject_file(self, context, path, file_contents, instance): """Write a file to the specified path in an instance on this host.""" # NOTE(russellb) Remove this method, as well as the underlying virt # driver methods, when the

Re: [openstack-dev] [devstack] How to enable SSL in devStack?

2016-07-22 Thread Rob Crittenden
Brant Knudson wrote: On Wed, Jul 20, 2016 at 12:29 PM, Rob Crittenden <rcrit...@redhat.com <mailto:rcrit...@redhat.com>> wrote: Fixing Keystone is easy. An Apache VirtualHost for 443 needs to be added. But I found another, deeper problem: cinder won't listen on S

Re: [openstack-dev] [devstack] How to enable SSL in devStack?

2016-07-26 Thread Rob Crittenden
Clark Boylan wrote: On Wed, Jul 20, 2016, at 07:01 AM, Rob Crittenden wrote: Andrey Pavlov wrote: Hi, When I ran devstack with SSL I found a bug and tried to fix it - https://review.openstack.org/#/c/242812/ But no one agree with me. Try to apply this patch - it may help. Also

Re: [openstack-dev] [devstack] How to enable SSL in devStack?

2016-07-20 Thread Rob Crittenden
Andrey Pavlov wrote: Hi, When I ran devstack with SSL I found a bug and tried to fix it - https://review.openstack.org/#/c/242812/ But no one agree with me. Try to apply this patch - it may help. Also there is a chance that new bugs present in devstack that prevented to install it with SSL.

Re: [openstack-dev] [devstack] How to enable SSL in devStack?

2016-07-20 Thread Rob Crittenden
Rob Crittenden wrote: Andrey Pavlov wrote: Hi, When I ran devstack with SSL I found a bug and tried to fix it - https://review.openstack.org/#/c/242812/ But no one agree with me. Try to apply this patch - it may help. Also there is a chance that new bugs present in devstack that prevented

[openstack-dev] [nova][keystone] auth for new metadata plugins

2016-08-15 Thread Rob Crittenden
Review https://review.openstack.org/#/c/317739/ added a new dynamic metadata handler to nova. The basic jist is that rather than serving metadata statically, it can be done dyamically, so that certain values aren't provided until they are needed, mostly for security purposes (like credentials

Re: [openstack-dev] [nova][keystone] auth for new metadata plugins

2016-08-22 Thread Rob Crittenden
Adam Young wrote: On 08/15/2016 05:10 PM, Rob Crittenden wrote: Review https://review.openstack.org/#/c/317739/ added a new dynamic metadata handler to nova. The basic jist is that rather than serving metadata statically, it can be done dyamically, so that certain values aren't provided until

[openstack-dev] [nova] vendordata plugin for freeIPA host enrollment

2016-11-10 Thread Rob Crittenden
Wanted to let you know I'm working on a nova metadata vendordata plugin that will help automate instance enrollment into a freeIPA server. This will do a number of things for a user: - provide centralized user identity, sudo and host-based access control for the instances - provide the instance