[Openstack] glance_api_servers vs. glance_host vs. keystone?

troller.int.seas.harvard.edu:5000/v2.0/ | | publicURL | http://os-controller.int.seas.harvard.edu:5000/v2.0/ | | region | SEAS | +-+---+ -- Lars Kellogg-Stedman| Senior Technologist| http://ac.seas.harvard.edu/

Re: [Openstack] glance_api_servers vs. glance_host vs. keystone?

_port - glance_api_servers These seem suspiciously similar. Do they do the same thing? And shouldn't this information actually come from Keystone, in which there is an endpoint registered for the glance service? -- Lars Kellogg-Stedman| Senior Technologist

Re: [Openstack] glance_api_servers vs. glance_host vs. keystone?

ding | deleting | | 2 | lars1| building | scheduling | | 3 | lars0| building | deleting | | 4 | lars2| building | scheduling | ++--+------++ 4 rows in set (0.00 sec) -- Lars Kellogg-Stedman| Senior Technologist

Re: [Openstack] glance_api_servers vs. glance_host vs. keystone?

ython-test" that appears to complete successfully when run on the compute host using the broker on the controller. -- Lars Kellogg-Stedman| Senior Technologist| http://ac.seas.harvard.edu/ Academic Computing | http://c

Re: [Openstack] glance_api_servers vs. glance_host vs. keystone?

ne for endpoints and continues to rely on explicit configuration (or to rephrase your answer, "the reason these options have not gone away is because Nova does not yet have the necessary support for Keystone"). Is that approximately correct? -- Lars Kellogg-Stedman| Sen

Re: [Openstack] glance_api_servers vs. glance_host vs. keystone?

nces...so that was apparently a bad idea on our part. -- Lars Kellogg-Stedman| Senior Technologist| http://ac.seas.harvard.edu/ Academic Computing | http://code.seas.harvard.edu/ Harvard

Re: [Openstack] glance_api_servers vs. glance_host vs. keystone?

int directory seems like a good idea. Just out of question, what *does* use the endpoint registry in KeyStone (in the Essex release)? -- Lars Kellogg-Stedman| Senior Technologist| http://ac.seas.harvard.edu/ Academic Comput

[Openstack] OpenStack ate my error message!

t our environment. I'm not suggesting there's an easy fix to this. Delivering error messages correctly in this sort of asynchronous, RPC environment is difficult. Thanks for all the hard work, -- Lars Kellogg-Stedman| Senior Technologist| http://ac.s

[Openstack] Deleting a volume stuck in "attaching" state?

t;nova volume-delete": # nova volume-delete nova volume-delete 9 ERROR: Invalid volume: Volume status must be available or error (HTTP 400) Other than directly editing the database (and I've had to do that an awful lot already), how do I recover from this situation? -- Lars Kellogg-Stedma

Re: [Openstack] Deleting a volume stuck in "attaching" state?

On Wed, Jun 20, 2012 at 02:30:12PM +, Thomas, Duncan wrote: > "nova-manage volume delete" on a nova host works for this... Ah, that appears to do it. I wasn't previously aware that there were volume management commands in both 'nova' and 'nova-manage

Re: [Openstack] Deleting a volume stuck in "attaching" state?

software, we would really prefer to be able to delete things regardless of their state using established tools, rather than manipulating the database directly. I'm always worried that I'll screw something up due to my incomplete understanding of the database schema. -- Lars Ke

[Openstack] Problems accessing metadata service due to nova-network generated iptables rules

ts will have the wrong source address). I'm assuming that some part of our configuration does not match the expectations of nova-network. I would be grateful for suggestions as to which part needs fixing. -- Lars Kellogg-Stedman| Senior Technologist

Re: [Openstack] Problems accessing metadata service due to nova-network generated iptables rules

access http://169.254.169.254/. Is the DNAT rule expected to work? Does linux_net.py need a special case for when the metadata address is on the local host? Thanks, -- Lars Kellogg-Stedman| Senior Technologist| http://ac.seas.harvard.edu/ Academi

Re: [Openstack] Problems accessing metadata service due to nova-network generated iptables rules

bly other people have this working successfully, so I'm assuming there's something about the network configuration on this host that is awry. -- Lars Kellogg-Stedman| Senior Technologist| http://ac.seas.harvard.edu/ Academic Computing

Re: [Openstack] Problems accessing metadata service due to nova-network generated iptables rules

-to-destination %s:%s' % (FLAGS.metadata_host, FLAGS.metadata_port)) iptables_manager.apply() -- Lars Kellogg-Stedman| Senior Technologist| http://ac.s

Re: [Openstack] Problems accessing metadata service due to nova-network generated iptables rules

> > Is the DNAT rule expected to work? Does linux_net.py need a special > > case for when the metadata address is on the local host? I have confirmed that the DNAT rule works *unless* metadata_host is 127.0.0.1, in which case you need a REDIRECT rule. -- Lars Kellogg-Stedman

[Openstack] When are hostnames okay and when are ip addresses required?

: - Is this expected behavior? - Should I always use ip addresses for *_host values? - Is this a bug? - Should linux_net.py resolve hostnames? Thanks, -- Lars Kellogg-Stedman| Senior Technologist| http://ac.seas.harvard.edu/ Academic Computing

[Openstack] Diagnosing RPC timeouts when attaching volumes

s.harvard.edu nova enabled:-) 2012-06-21 16:35:16 nova-network os-host.int.seas.harvard.edu nova enabled:-) 2012-06-21 16:35:17 Creating volumes works just fine. -- Lars Kellogg-Stedman| Senior Technologist| http:/

Re: [Openstack] Diagnosing RPC timeouts when attaching volumes

ll on the volume server getting reset...but it's part of a larger issue we're struggling with, which is that in general OpenStack makes it very hard to track down errors along the RPC chain. Thanks! -- Lars Kellogg-Stedman| Senior Technologist

[Openstack] Nova doesn't release ips when terminating instances

e error: NoMoreFixedIps Zero fixed ips available. Manually set instance_id=NULL in the fixed_ips table allows things to work again. We're running the 2012.1.1 release and we're using the FlatDHCP model. Is this a known bug? Thanks, -- Lars Kellogg-Stedman| Senior Technologi

Re: [Openstack] Nova doesn't release ips when terminating instances

this a shot later tonight. -- Lars Kellogg-Stedman| Senior Technologist| http://ac.seas.harvard.edu/ Academic Computing | http://code.seas.harvard.edu/ Harvard School of Engine

Re: [Openstack] Nova doesn't release ips when terminating instances

aid, "oh, it's supposed to work that way, you need to set the nova_act_sane_please configuration option to change the behavior"). Given the two responses here I will open a bug report later this evening. -- Lars Kellogg-Stedman| Senior Technologist

Re: [Openstack] Nova doesn't release ips when terminating instances

> can you try with the flag: > force_dhcp_release=false It turns out I already had force_dhcp_release set to False. I've opened https://bugs.launchpad.net/nova/+bug/1017013 on this issue. -- Lars Kellogg-Stedman| Senior Technologist

Re: [Openstack] Nova doesn't release ips when terminating instances

will hang around with allocated=0 and instance_id != NULL forever, until I manually correct the database. -- Lars Kellogg-Stedman| Senior Technologist| http://ac.seas.harvard.edu/ Academic Computing | http://code.seas.harvard.e

[Openstack] A collection of utilities for cleaning up the database

l over hard. On the other hand, if you're in the early stages of testing this may save you some grief. -- Lars Kellogg-Stedman| Senior Technologist| http://ac.seas.harvard.edu/ Academic Computing | http://cod

Re: [Openstack] Nova doesn't release ips when terminating instances

ld be reclaimed > after 10 minutes unless you have changed the value of that option. That option appears to be set to the default of 600 seconds. -- Lars Kellogg-Stedman| Senior Technologist| http://ac.seas.harvard.edu/ Academic Computing

Re: [Openstack] Nova doesn't release ips when terminating instances

> A rebuild of this would probably work: > http://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/dnsmasq-2.48-6.el6.src.rpm Thanks for the pointer! I'll drop that into our build system and see what comes out. -- Lars Kellogg-Stedman| Senior T

Re: [Openstack] Nova doesn't release ips when terminating instances

> Fix here: https://review.openstack.org/9026 That changes appears to be against nova/network/quantum/nova_ipam_lib.py. Is that also in the code path for non-Quantum users (specifically, people using the FlatDHCP model)? -- Lars Kellogg-Stedman| Senior Technolog

Re: [Openstack] Nova doesn't release ips when terminating instances

Got it. I can confirm that it has fixed our problem with addresses not being released. Thanks! -- Lars Kellogg-Stedman| Senior Technologist| http://ac.seas.harvard.edu/ Academic Computing | http://code.seas.harvard.edu/ Ha

Re: [Openstack] When are hostnames okay and when are ip addresses required?

> - Should I always use ip addresses for *_host values? > - Is this a bug? > - Should linux_net.py resolve hostnames? -- Lars Kellogg-Stedman| Senior Technologist| http://ac.seas.harvard.edu/ Academic Computing |

[Openstack] How do I stop image-create from using /tmp?

enough space to meet the needs of disk images, but an explicit parameter would probably be a better option. -- Lars Kellogg-Stedman| Senior Technologist| http://ac.seas.harvard.edu/ Academic Computing | http://code.seas.harva

Re: [Openstack] How do I stop image-create from using /tmp?

I can sort out the corporate contributor agreement stuff I may try to submit a patch... -- Lars Kellogg-Stedman| Senior Technologist| http://ac.seas.harvard.edu/ Academic Computing | http://code.seas.harvard.edu/ Harvar

[Openstack] qpid_heartbeat...doesn't?

ts across the connection. We're running openstack-nova-2012.1.1-0.20120615.13614 from EPEL (and qpid 0.14). Thanks, -- Lars Kellogg-Stedman| Senior Technologist| http://ac.seas.harvard.edu/ Academic Computing

Re: [Openstack] qpid_heartbeat...doesn't?

penstack-compute/admin/content/configuration-qpid.html -- Lars Kellogg-Stedman| Senior Technologist| http://ac.seas.harvard.edu/ Academic Computing | http://code.seas.harvard.edu/ Harvard School of Engineering and

Re: [Openstack] qpid_heartbeat...doesn't?

across the connection). And indeed, if I run a packet trace on this connection, I can verify that packets are only showing up at five-minute intervals. -- Lars Kellogg-Stedman| Senior Technologist| http://ac.seas.harvard.ed

Re: [Openstack] qpid_heartbeat...doesn't?

On Sun, Jul 29, 2012 at 09:49:25PM -0400, Lars Kellogg-Stedman wrote: > And indeed, if I run a packet trace on this connection, I can verify > that packets are only showing up at five-minute intervals. Horrors! It may be that nova-volume didn't get restarted when I restarted ever

[Openstack] Inbound connectivity and FlatDHCP networking

seems to answer the outbound half of the question. Any pointers would be greatly appreciated. Thanks, -- Lars Kellogg-Stedman| Senior Technologist| http://ac.seas.harvard.edu/ Academic Computing | http://code.seas.harvard.ed

Re: [Openstack] Inbound connectivity and FlatDHCP networking

t things need to be specified in both places. Is that correct? -- Lars Kellogg-Stedman| Senior Technologist| http://ac.seas.harvard.edu/ Academic Computing | http://code.seas.harvard.edu/ Harvar

Re: [Openstack] qpid_heartbeat...doesn't?

On Thu, Aug 02, 2012 at 12:33:13PM -0400, Lars Kellogg-Stedman wrote: > > Looks like a typo. > > Could you try this. > > FYI: The same typo appears to exist in notify_qpid.py. Err, that is, glance/notifier/notify_qpid.py, in case it wasn't obvious... -- Lars Kellogg-

Re: [Openstack] Inbound connectivity and FlatDHCP networking

right gateway. I'm going to write up some details and post it here later. -- Lars Kellogg-Stedman| Senior Technologist| http://ac.seas.harvard.edu/ Academic Computing | http://code.seas.harvard.edu/ Harvard School of En

[Openstack] Preventing OpenStack from allocating some floating ips?

y. Thanks, -- Lars Kellogg-Stedman| Senior Technologist| http://ac.seas.harvard.edu/ Academic Computing | http://code.seas.harvard.edu/ Harvard School of Engineering and Applie

Re: [Openstack] Preventing OpenStack from allocating some floating ips?

p addresses in the database. That's good to know. We try as much as possible to avoid solutions that involve poking at the database, but we can probably live with this. Especially since MySQL knows about IP addresses (so we can select "all addresses below x.x.x.10" or something).

[Openstack] Snapshotting ephemeral disks?

hoping for something more convenient. I guess another option would be... - Boot from the live CD - Create a new volume - Attach the volume - Install onto the volume Is it possible to snapshot an ephemeral disk? -- Lars Kellogg-Stedman| Senior Technologist

[Openstack] Running multiple Glance instances?

some network i/o if we were to have each compute note run the glance service locally (but all managing the same directory). Does this make any sense? -- Lars Kellogg-Stedman| Senior Technologist| http://ac.seas.harvard.edu/ Academic Comp

Re: [Openstack] Running multiple Glance instances?

>I think it's possible if you set glance_api_servers option in nova.conf on >each compute node to something like: >glance_api_servers = localhost:9292 Thanks. I'll give that a try. -- Lars Kellogg-Stedman| Senior Technologist

Re: [Openstack] Snapshotting ephemeral disks?

pshottable root drive would certainly work. -- Lars Kellogg-Stedman| Senior Technologist| http://ac.seas.harvard.edu/ Academic Computing | http://code.seas.harvard.edu/ Harvard School of Engineering and A

[Openstack] dnsmasq stops talking to instances?

hings work again, but I haven't been able to figure out why dnsmasq stops responding in the first place. Has anyone seen this behavior before? Any pointers would be greatly appreciated. -- Lars Kellogg-Stedman | Senior Technologist | http://ac.seas.harvard.edu

Re: [Openstack] dnsmasq stops talking to instances?

.conf Oct 19 02:03:12 stack-1 dnsmasq[32013]: read /etc/hosts - 2 addresses Oct 19 02:03:12 stack-1 dnsmasq[32013]: read /var/lib/nova/networks/nova-br662.conf ...until I restart things. -- Lars Kellogg-Stedman | Senior Technologist | http://ac.seas.ha

Re: [Openstack] dnsmasq stops talking to instances?

On Fri, Oct 19, 2012 at 10:24:20AM -0400, Lars Kellogg-Stedman wrote: > It happened again last night -- which means we were without networking > on our instances for about seven hours -- and restarting nova-network > doesn't resolve the problem. It is necessary to first kill dnsmas

Re: [Openstack] dnsmasq stops talking to instances?

nce replacing qpid with rabbitmq, we have not had a single recurrence of this behavior. -- Lars Kellogg-Stedman | Senior Technologist | http://ac.seas.harvard.edu/ Academic Computing| http://code.seas.harvard.edu/ Harvard School of Engineer

[Openstack] Default default security rules?

viron['SERVICE_TOKEN'], ) Is there a way -- using either these credentials or the OpenStack "admin" user credentials -- for me to modify the "default" security group for a particular tenant? Or do I have to authenticate as a user that is a member of the target tenant

[Openstack] Handling of adminPass is arguably broken (essex)

min_password, fs) else: _inject_admin_password_into_fs(admin_password, fs) Thoughts? -- Lars Kellogg-Stedman | Senior Technologist | http://ac.seas.harvard.edu/ Academic Computing| http://code.seas.harvard.edu/

Re: [Openstack] Handling of adminPass is arguably broken (essex)

omething different...). As I said, this is pretty much what we're doing to provision an ssh key for administrator access to our windows host. -- Lars Kellogg-Stedman | Senior Technologist | http://ac.seas.harvard.edu/ Academic Computing|

Re: [Openstack] Handling of adminPass is arguably broken (essex)

enStack is provided to people running the "nova boot ..." command line clients but (a) isn't exposed in the web ui and (b) doesn't appear to be otherwise accessible (e.g., via euca-describe-password). -- Lars Kellogg-Stedman | Senior Technologist

Re: [Openstack] Handling of adminPass is arguably broken (essex)

t; screen. So not so much a bug but a design decision, I think. > (b) is definitely not going to work - we don't store the password at all, > an intentional decision. I figured that, although it appears that Amazon has made a different decision. I'm just looking for a way to ma

Re: [Openstack] Handling of adminPass is arguably broken (essex)

On Wed, Oct 31, 2012 at 09:09:14PM -0400, Lars Kellogg-Stedman wrote: > TL;DR: The way OpenStack handles the adminPass attribute during > metadata injection is not useful on operating systems without an > /etc/passwd and /etc/shadow. I would like to make the adminPass value > av

Re: [Openstack] Handling of adminPass is arguably broken (essex)

On Thu, Nov 01, 2012 at 11:03:14AM -0700, Vishvananda Ishaya wrote: > The new config drive code defaults to iso-9660, so that should work. The > vfat version should probably create a partition table. Is that what Folsom is using? Or is it new-er than that? -- Lars Kellogg-Stedman |

Re: [Openstack] Is there any method to Activate Windows during Launch a new Instance?

product key is the *only* thing in your user-data attribute, you can do something like this with PowerShell: $web = new-object system.net.webclient $data = $web.DownloadString("http://169.254.169.254/latest/user-data";) slmgr /ipk $data slmgr /ato -- Lars Kellogg-Stedman

[Openstack] Floating ip addresses take forever to display

start an instance...then go do something else for 30 minutes." -- Lars Kellogg-Stedman | Senior Technologist | http://ac.seas.harvard.edu/ Academic Computing| http://code.seas.harvard.edu/ Harvard School of Engineering

Re: [Openstack] Floating ip addresses take forever to display

On Tue, Nov 20, 2012 at 03:03:37PM -0500, Lars Kellogg-Stedman wrote: > automatically assigned ip address for several minutes (possibly more > than 10 or 15) after the system boots. In fact, 30 minutes. I spent some time staring at the clock yesterday. I'm assuming that t

[Openstack] FIXED IT! Re: Floating ip addresses take forever to display

er.py ever calls invalidate_instance_cache. -- Lars Kellogg-Stedman | Senior Technologist | http://ac.seas.harvard.edu/ Academic Computing| http://code.seas.harvard.edu/ Harvard School of Engineering | and

[Openstack] Python API: Getting a list of floating ips?

nce') print srvr.addresses {u'fixed_0': [{u'addr': u'172.16.10.31', u'version': 4}, {u'addr': u'10.243.28.46', u'version': 4}]} Do I just assume that the first address in the list is the fixed a

Re: [Openstack] FIXED IT! Re: Floating ip addresses take forever to display

r for this purpose called @refresh_cache Any chance we can get it fixed in Essex, too? Or has this release been abandoned? I'm not clear on what the maintenance schedule looks like as the steamroller of progress moves forward. -- Lars Kellogg-Stedman | Senior Technologist