Re: [Openstack] Is there any way to migrate the Instance between the projects/tenants?
There is a specific need for this in incident response for some SOC teams. They may need to isolate a compromised instance to a more secure and security controlled tenancy. I think this would be an advantageous blueprint for next release. -Matt On Tue, Jul 16, 2013 at 9:46 AM, Lloyd Dewolf lloydost...@gmail.com wrote: Anyone had success automating this process? Is there a blueprint for this class of problem? Thank you, -- @lloyddewolf http://www.pistoncloud.com/ ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] How to Install OpenStack ???????????
You know, I am surprised none of us OpenStack distribution vendors have taken a page from 1999 and started selling OpenStack grizzly/havana books with installation CDs for our distribution in the back. -Matt On Fri, Jul 12, 2013 at 11:15 AM, Joshua McKenty jos...@pistoncloud.comwrote: Tiny product plug for Piston's Enterprise OpenStack distro as well. Neutron support is in our next release, but we can fix you up with a beta if it's critical. -- Joshua McKenty Chief Technology Officer Piston Cloud Computing, Inc. +1 (650) 242-5683 +1 (650) 283-6846 http://www.pistoncloud.com Oh, Westley, we'll never survive! Nonsense. You're only saying that because no one ever has. On Jul 12, 2013, at 11:10 AM, Samuel Winchenbach swinc...@gmail.com wrote: Wow, Mirantis Fuel looks impressive. Very impressive. Thanks for pointing that out. I wonder if there support for Quantum/Neutron. Hmm I might have to play around with that. On Fri, Jul 12, 2013 at 1:52 PM, Logan McNaughton lo...@bacoosta.comwrote: I think these are the 3 best options for an automated OpenStack install: RDO (Packstack), supports RHEL, CentOS, Fedora. MAAS/Juju, supports Ubuntu. Mirantis Fuel, supports RHEL/CentOS for now, they say Ubuntu support is coming. Try all 3 if you can. Fuel was just recently open sourced and has a pretty fancy web GUI. On Jul 12, 2013 10:16 AM, Min Pae sputni...@gmail.com wrote: I was able to go from nothing to a running Openstack environment using Ubuntu Juju/MAAS inside 2 weeks with no prior knowledge or experience with Juju nor MAAS nor Openstack. The trick seemed to be having enough boxes as some charms didn't seem to like running on the same boxes or whatever, and I ended up with a non-functional dashboard when trying to install all the services to the same box. Currently I have it working well with 7 physical boxes in total with one of those being a nova-compute node. On Fri, Jul 12, 2013 at 7:39 AM, claudio marques mrqss_...@hotmail.com wrote: Hi You can use this guide to. https://github.com/mseknibilel/OpenStack-Grizzly-Install-Guide Good luck Claudio Marques clau...@onesource.pt http://www.onesource.pt/ From: luisguilherme...@gmail.com Date: Fri, 12 Jul 2013 09:56:18 -0300 To: dj_dark_jungl...@yahoo.com CC: openstack@lists.launchpad.net Subject: Re: [Openstack] How to Install OpenStack ??? Hello Jake, I am new at OpenStack too, and I'm running a little environment with three computers, one is the controller + network node and the others are compute node. I've been following the manual at the OpenStack's documentation page but it's attached here, the most mess part is to create the networks, I ran the script attached too. Hope it helps you. Regards. Guilherme. 2013/7/12 Jake G. dj_dark_jungl...@yahoo.com Hi Mark, Thanks for your reply. I have about 3 physical rack servers and practically unlimited virtual machines. Right now I only need a test environment. I was thinking one physical server that will house and power openstack instances and virtual for all the other roles. How does that sound? What is your recommended setup? Best, Jake From: Mark Baker mark.ba...@canonical.com To: Jake G. dj_dark_jungl...@yahoo.com Sent: Friday, July 12, 2013 6:05 PM Subject: Re: [Openstack] How to Install OpenStack ??? On 12/07/13 07:58, Jake G. wrote: Hi All, I have been struggling with installing Openstack for the past 2 weeks and I am about to rip my own hair out. rant Does anyone have installation instructions that a human being can actually understand and follow? I am usually pretty good at installing new tech but OpenStack is the most convoluted environment (even worse documentation) I have ever come in contact with (Worse than IBM software). The advanced install and config of CloudStack 4.1 is a breeze compare to Openstack. Was this made to purposely line the pockets of Openstack deployment consulting companies? Openstack might be great but no one will know because its impossible to deploy. /rant I`m sure I am not the only one who feels this way. I would appreciate any help anyone can give. Someones blog, other installation methods, anything How many servers do you have? Instructions for using the Ubuntu packaging are at: http://www.ubuntu.com/download/cloud/install-ubuntu-cloud There are different options depending on if it is for test or real world deployment and the number of servers you have. Mark Thank you very much ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] OpenStack Monitoring with Nagios
Ceilometer is authoritative data taken directly from message bus queries and keeps a back history, as opposed to nagios which does periodic finite state checks. Ceilometer is intended to be a log of transactions necessary to provide billing information. Or potentially an audit log. Nagios is very definitely not that. So it would be a separate solution. They serve different purposes. But they can certainly be used to agument each other depending on what your goal is in monitoring coverage. -Matt On Fri, Jun 28, 2013 at 12:53 PM, Narayanan, Krishnaprasad naray...@uni-mainz.de wrote: Hi Stackers, ** ** I am Krishnaprasad from University of Mainz, Germany and as a part of a project, we have developed APIs that gets monitoring information from Nagios for the virtual machines running in OpenStack cloud. The component aggregates basic VM information from OpenStack, available resource from Libvirt and run time resource usage details from Nagios. The aggregated information is published via REST APIs and the APIs are programmed in Java. ** ** I would like to have a feedback from the community whether our monitoring using Nagios can be used or integrated with Ceilometer / Healthnmon. In this regard, I can share information regarding what we have developed so far and what we intend to do further. ** ** Thanks Krishnaprasad ** ** ** ** ** ** ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] The OpenStack Community Welcomes Developers in All Programming Languages
I am not sure we want to allow python developers... those guys have a PEP for everything. Can't even sit down to a slice of cake without a PEP to tell them how to cut it and a CI environment to make sure their slice is within those PEP defined tolerances. I've had it up to here with those people. -Matt On Wed, Jun 12, 2013 at 6:58 PM, Stefano Maffulli stef...@openstack.orgwrote: On 06/12/2013 02:10 PM, Sean Dague wrote: I'd just +1 on the more volunteers front. We could deputize some folks to make sure they pay attention to the channel and voice them in it. The reality is that with so many channels, #openstack tends to get forgotten by most of the -dev community, so having a concerted effort to have helpful people in there seems like the best approach. Alright. This is now an official topic for the next Community Meeting :) You're welcome to join on Wednesdays at 2300 UTC on #openstack-meeting. https://wiki.openstack.org/wiki/Meetings/Community#Agenda_for_next_meeting /stef -- Ask and answer questions on https://ask.openstack.org ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Customer Portal Security from Hackers
Chris, Someone will probably denounce this email as heresy for using this analogy, but so be it. Try to think of OpenStack as you would a motor vehicle's engine. It has many components that all tie together to allow the engine to operate. Sometimes it has different configurations such as having a turbo charger or a specific custom intake. But, by itself OpenStack is just that... an engine. Think of the OS as being the frame or chasis of the Car. Now you have a chasis with an engine. Maybe Horizon is the Dashboard. Awesome. Now we have most of what we need to move this vehicle from place to place. However, there's no seat belts, no windows, no a/c, or stereo, no bumpers, no breaks, no... etc etc. OpenStack by itself is just one component of a larger thing, be it an SaaS, IaaS, whatever... solution. You need to add the pieces to your cloud vehicle as you build it, or alternatively buy a cloud vehicle from one of the many fine purveyor's of OpenStack products. As far as basic security goes... I put together a basic introduction to security targetting for OpenStack for shmoocon earlier this year. It's very folsom specific and very high level. That's here: http://www.youtube.com/watch?v=TkFsBvymiNM Not sure if that is enough. A long time ago I wrote a security primer for OpenStack, probably around the cactus release time frame. I'll try to write something up for grizzly if I have time. It would probably be helpful to have something like that in Docs. -Matt On Mon, May 20, 2013 at 12:54 PM, Chris Bartels ch...@christopherbartels.com wrote: Hi, ** ** I’m interested in learning more about how to implement a customer portal for an OpenStack installation, and would like to know specifically about how the customer portal is safe from would-be hackers when exposed in the wild. I don’t know if there are any additional measures I would have to add like perhaps my own login page with its own security to protect the management page, or if it comes with its own login system for example. *** * ** ** How can I make the security of my VPS service a selling point when I’m using OpenStack for the backend? ** ** Mind you I don’t know anything about OpenStack yet, aside from what I see in videos on the OpenStack Foundation YouTube channel, and I haven’t seen anything addressing this issue as of yet. I don’t even know if OpenStack comes with a customer portal I can deploy or if I have to design one using the API. ** ** I hope to have servers arrive this week which I can use to build prototypes of my production setup, where I can test hardening configurations. But I don’t know where to begin. All I can think of is fail2ban, and I don’t think that would apply in this case. ** ** What can people tell me that would help me get a handle on this issue? ** ** ** ** Thanks in advance. ** ** -Chris ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] DevStack Question
most folks would use puppet or chef to accomplish that task. On Sun, May 12, 2013 at 2:46 PM, Arindam Choudhury arin...@live.com wrote: Hi, If the script is updated to use cloud repository instead of source code, it can be used as an automatic installer. Have anybody done it yet? Regards, Arindam ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [OpenStack Marketing] New code name for networks
to say nothing of the localization that will need complete re-translating. On Sun, May 12, 2013 at 6:27 PM, Sean Dague s...@dague.net wrote: On 05/12/2013 09:14 AM, Mark McLoughlin wrote: On Sat, 2013-05-11 at 19:50 +, Jason Smith wrote: Hello, I understand why we had to give up Quantum code name but rather than just refer to it as networking let's come up with a new code name! Yes, this was discussed at the summit: https://etherpad.openstack.**org/ProjectsReNaminghttps://etherpad.openstack.org/ProjectsReNaming The conclusion was that a number of choices for a new name would be put forward and that Quantum's contributors would vote for one of those choices. Just as a consideration to the Nova project (and probably others), it would be *really* nice if the new name was also 7 characters. There are currently 351 occurrences of the word quantum in the Nova code in current master, some of them will have pep8 implications after changing, if the length of the word changes. This probably bites quantum internally as well, but it's worth making sure it's highlighted. -Sean -- Sean Dague http://dague.net __**_ Mailing list: https://launchpad.net/~**openstackhttps://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~**openstackhttps://launchpad.net/~openstack More help : https://help.launchpad.net/**ListHelphttps://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] New code name for networks
Tyronosaurus Rex Optimus Prime Super Happy Fun Network Times A.N.A.L. - Automated Networking and Logistics And with that I am out of ideas. On Sat, May 11, 2013 at 12:58 PM, Davanum Srinivas dava...@gmail.comwrote: Lattice -- dims On Sat, May 11, 2013 at 3:52 PM, Mark Turner m...@amerine.net wrote: Tubes ;-) On Sat, May 11, 2013 at 12:51 PM, Jason Smith jason.sm...@rackspace.com wrote: Hello, I understand why we had to give up Quantum code name but rather than just refer to it as networking let's come up with a new code name! Thoughts? Thanks, -js ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp -- Davanum Srinivas :: http://davanum.wordpress.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] I release naming (calling APAC community)
'Impossible' might be a good name... seeing as how impossible it is becoming to find a word beginning with I in the region. On Thu, May 9, 2013 at 12:04 PM, John Wong gokoproj...@gmail.com wrote: Good point. A long time ago we used to call Beijing as Peking, but the journalists now will always pick up the pinyin version: Beijing. Since we are after I, we are pretty much down to either Ichang or Ili. Should either one be chosen, I think that we should document the pinyin version as well. The difference of Y and I is due to historical difference, which we are all familiar with. For example, there are more Wong than Wang, Chan than Chen in HK. John On Thu, May 9, 2013 at 2:21 PM, Yi Yang yyos1...@gmail.com wrote: AS the official translation of the citiy names are Yichang and Yili, we are facing a risk to pick up a Chinese city name that most Chinese won't recognize. If we really have to choose a city, IMO, Yichang (ichang) would be a better choice, as the Yili(ili) is more than 2300 miles away from Hong Kong, while Yichang (ichang) is (only) 600 miles away. Just my $.02 Yi On 5/6/13 5:00 AM, Thierry Carrez wrote: Jacob Godin wrote: +1 Ili Thanks for all the suggestions ! We probably have enough place names so that we don't need to extend the naming rules to things that are not place names. So far, the only suggestion that fits in our strict naming rules is Ili (a city or county in the country/state where the design summit is held, single word of 10 characters or less). To have more than one option, we'll probably extend the rules to include other places (like street names) in Hong Kong itself. We'll go through name checks and set up a vote soon, I'll keep you posted. __**_ Mailing list: https://launchpad.net/~**openstackhttps://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~**openstackhttps://launchpad.net/~openstack More help : https://help.launchpad.net/**ListHelphttps://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] I release naming (calling APAC community)
Alternatively... we name it after a kung fu movie. Invincible Fist for instance was a Shaw Brothers film. Hong Kong is famous for it's Kung Fu films =P On Thu, May 9, 2013 at 8:57 PM, Wang, Shane shane.w...@intel.com wrote: If the next release summit is going to be held in “Japan”, it should be easier to give a nameJ ** ** -- Shane Wang *From:* Openstack [mailto:openstack-bounces+shane.wang= intel@lists.launchpad.net] *On Behalf Of *Rajesh Vellanki *Sent:* Friday, May 10, 2013 3:50 AM *To:* Atul Jha; Matt Joyce; John Wong *Cc:* Thierry Carrez; openstack@lists.launchpad.net *Subject:* Re: [Openstack] I release naming (calling APAC community) ** ** +1 ** ** Rajesh -- *From:* Openstack [openstack-bounces+rvellank= rackspace@lists.launchpad.net] on behalf of Atul Jha [ atul@csscorp.com] *Sent:* Thursday, May 09, 2013 2:31 PM *To:* Matt Joyce; John Wong *Cc:* Thierry Carrez; openstack@lists.launchpad.net *Subject:* Re: [Openstack] I release naming (calling APAC community) Hi all, I was too late to respond here i would love to see next release name as India. I am saying because India is in APAC still i have need to find out rule book for release. Just my 1$ suggestion. :) Cheers!! Atul -- *From:* Openstack [openstack-bounces+atul.jha= csscorp@lists.launchpad.net] on behalf of Matt Joyce [ matt.jo...@cloudscaling.com] *Sent:* Friday, May 10, 2013 12:58 AM *To:* John Wong *Cc:* Thierry Carrez; openstack@lists.launchpad.net *Subject:* Re: [Openstack] I release naming (calling APAC community) 'Impossible' might be a good name... seeing as how impossible it is becoming to find a word beginning with I in the region. ** ** On Thu, May 9, 2013 at 12:04 PM, John Wong gokoproj...@gmail.com wrote:* *** Good point. A long time ago we used to call Beijing as Peking, but the journalists now will always pick up the pinyin version: Beijing. Since we are after I, we are pretty much down to either Ichang or Ili. Should either one be chosen, I think that we should document the pinyin version as well. The difference of Y and I is due to historical difference, which we are all familiar with. For example, there are more Wong than Wang, Chan than Chen in HK. ** ** John ** ** On Thu, May 9, 2013 at 2:21 PM, Yi Yang yyos1...@gmail.com wrote: AS the official translation of the citiy names are Yichang and Yili, we are facing a risk to pick up a Chinese city name that most Chinese won't recognize. If we really have to choose a city, IMO, Yichang (ichang) would be a better choice, as the Yili(ili) is more than 2300 miles away from Hong Kong, while Yichang (ichang) is (only) 600 miles away. Just my $.02 Yi On 5/6/13 5:00 AM, Thierry Carrez wrote: Jacob Godin wrote: +1 Ili Thanks for all the suggestions ! We probably have enough place names so that we don't need to extend the naming rules to things that are not place names. So far, the only suggestion that fits in our strict naming rules is Ili (a city or county in the country/state where the design summit is held, single word of 10 characters or less). To have more than one option, we'll probably extend the rules to include other places (like street names) in Hong Kong itself. We'll go through name checks and set up a vote soon, I'll keep you posted. ** ** ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ** ** ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ** ** http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Related Projects
This is going to come off as a bit of a rant. Pardon me. I feel it needs saying. There's a few ways to look at what OpenStack is. It's an IaaS solution. It's a cloud solution. But at it's heart, core to the design principles of OpenStack development ideology it is a collection of tools designed specifically to support elastic design patterns. The reason I bring this up is because of some thinking I've been doing about the future of OpenStack. Where it's place is in the world. Where it's place will be in the world. I've found that despite the crass nature of the puppies vs cattle explanation of elastic design, it really does get the most important selling point home to potential customers, and engineers who don't do ec2 already. And that point is that OpenStack exists to further a design pattern. It's not about clouds, or IaaS. It's about a design pattern. The pattern of horizontal scalability. The pattern of ephemeral resources. The pattern of share nothing. These core design ethics allow us to build software in a fashion that makes it consumable, scalable, and fault tolerant beyond any existing pattern by far. It makes development efforts become commodities that can be openly traded on a market free or otherwise. We need to stop thinking of OpenStack as just an IaaS solution. Or just a cloud. It's a development platform. It's a way of building software well. Once we do that, we can look to the past and see where we need to go. We want OpenStack to enjoy the some level of success as Java, or python as a collaborative development environment. We want kids in colleges to be training to write the next 50 years of applications in our environment, following our design patterns. But to do that, and to do it well, we'll need to solve a few things. This thread points to a growing problem in our community. One that was a primary focus of discussion in the last summit. OpenStack deployments are growing up and they are growing apart. We're building things too differently. The reason we employed PEP-8 gate tests, and the reason python works as a language in general is in part because when you give developers too many options, you end up losing a common language, or methodology that allows us to easily come up to speed on each others work. It makes collaboration hard. Now, not to start a language war, but I love perl. Nothing rips apart text like perl. Nothing. But, at the same time, I know that if I write perl code, it's going to be a pain in the ass for someone to come back to that code later and maintain it. Python on the other hand, especially with PEP-8, restricts a developers aesthetic options. It forces us to follow a common grammar. My point here, is that when you ask people what languages work with a 100+ active developers working on the same project, you get responses like Java, C#, maybe python. And you say, well why? And one of the responses is that Java and C# have an extensive common library. It allows developers to share a common method set. We've already begun the task of creating oslo to solve part of that problem for us in development. But in deployment, we're woefully behind the curve. We want to support diversity in the market eco system, but we also want to ensure that an OpenStack environment is adherent to some sort of baseline or flavor set. That is why folks have begun pushing things like refstack. I look at this thread, and what I see is a further need to unify solutions into a community supported method set that trumps outliers and one offs. A common set of tools. A common library of solutions. If OpenStack is to be the development environment of the next 75 years or more, we need to build this. It's one part of the many things we need to and are doing. But it's an important part. I think we can't just say, this isn't part of openstack, or this is outside of scope. It's part of the development environment that OpenStack is the runtime environment for ( forgive the analogy ). Anyways, That's my rant. -Matt On Fri, May 3, 2013 at 1:27 PM, Marton Kiss marton.k...@gmail.com wrote: Michael, thanks for the feedback, I record it as a feature request as a different view of projects. M. 2013/5/3 Michael Bright mjbrigh...@gmail.com I just discovered these different sites thanks to this mail thread. I guess different people are looking for different types of info, judging by these exchanges. Whatever you decide as to where the list is hosted, I just wanted to say that I appreciated the simple *but* informative format of the related projects page https://wiki.openstack.org/wiki/RelatedProjects rather than the more dashboard like interfaces. My 2 cts, Mike. On 3 May 2013 22:07, Marton Kiss marton.k...@gmail.com wrote: It is a good idea, it was the original plan with this project. If Harvard also like to use it we can refactor the current stackmeat distro into a common project distribution (like openatrium or
Re: [Openstack] Tamanho de partição - qcow2
talvez posse usar resize2fs? nao sei. 2013/3/13 JuanFra Rodriguez Cardoso juanfra.rodriguez.card...@gmail.com This link could be useful for you: http://kashyapc.wordpress.com/2013/02/24/novas-way-of-using-a-disk-image-when-it-boots-a-guest-for-first-time/ JuanFra 2013/3/13 Alex Vitola alex.vit...@gmail.com Estou instalando algumas maquinas a partir de templates do ubuntu, e algumas que eu mesmo tenho feito Crio uma máquina usando um Flavor que Root de 10GB e Epheremal de 20G Ok, quando dou um fdisk -l aparece os discos de 10G e 20G Mas quando dou um df -h o disco de 10G mostro apenas 1.7G e já estourando a capacidade, menos de 100MB livre. O que preciso fazer para corrigir isso? http://cloud-images.ubuntu.com/ Alex Vitola @alexvitola ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] PAM authentication for Folsom Keystone
Oops misunderstood. Was thinking PAM - Keystone. Sorry On Tue, Feb 26, 2013 at 12:25 PM, Matt Joyce matt.jo...@cloudscaling.comwrote: I did it. Works fine. But SSH won't work without an NSS service. SSH clients perform a getpwnam() before passing auth creds to PAM. I'll ask if I can publish my code. On Tue, Feb 26, 2013 at 12:15 PM, Joshua j...@root.bz wrote: I am trying to integrate Folsom Keystone PAM authentication. I was wondering if anyone has been successfully in getting basic PAM auth working? I am trying to do KEYSTONE - PAM - LDAP eventually. Any help with the PAM Auth would be greatly appreciated. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] PAM authentication for Folsom Keystone
I did it. Works fine. But SSH won't work without an NSS service. SSH clients perform a getpwnam() before passing auth creds to PAM. I'll ask if I can publish my code. On Tue, Feb 26, 2013 at 12:15 PM, Joshua j...@root.bz wrote: I am trying to integrate Folsom Keystone PAM authentication. I was wondering if anyone has been successfully in getting basic PAM auth working? I am trying to do KEYSTONE - PAM - LDAP eventually. Any help with the PAM Auth would be greatly appreciated. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Name it Hood!
I think we all know M is for Manhattan. On Thu, Jan 24, 2013 at 12:07 PM, Sean Dague sda...@linux.vnet.ibm.comwrote: On 01/24/2013 02:50 PM, Monty Taylor wrote: Hey all! Here's my pitch for Hood: a) It's the tallest mountain in Oregon, and honestly, it's a pretty kick-ass mountain in general b) Being in the pacific northwest, the mountain itself is quite regularly in the clouds. That's gotta count for something. c) It's actually a volcano. d) Mount Hood is CLEARLY an Oregon thing. Havana is clearly a town in Cuba. (We should have a design summit in cuba!!!) e) Harbor is super-problematic because of the US/UK clash in spelling. Half of us will spell it wrong no matter what. f) Hood is only 4 letters. Think about that when you think about typing hatfield a lot. Also, if we name it hatfield, we're going to have to have the M summit somewhere that has a town called McCoy. Yes, but I'm totally cool with that. +1 for Hatfield. Just means that we have to go to Florida for the M summit - http://en.wikipedia.org/wiki/**Fort_McCoy,_Floridahttp://en.wikipedia.org/wiki/Fort_McCoy,_Florida g) I'll buy you a beer at the summit if you vote for Hood. Monty __**_ Mailing list: https://launchpad.net/~**openstackhttps://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~**openstackhttps://launchpad.net/~openstack More help : https://help.launchpad.net/**ListHelphttps://help.launchpad.net/ListHelp -- Sean Dague IBM Linux Technology Center email: sda...@linux.vnet.ibm.com alt-email: slda...@us.ibm.com __**_ Mailing list: https://launchpad.net/~**openstackhttps://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~**openstackhttps://launchpad.net/~openstack More help : https://help.launchpad.net/**ListHelphttps://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Ubuntu Grizzly packages for 12.10
Cloud archive is only following the LTS release. LTS means long term support. So you shouldn't be standardizing on a NON-LTS release unless you intend to follow the ubuntu update cycle. You'll end up suffering a great deal by not doing so. =/ -Matt On Wed, Jan 23, 2013 at 8:32 AM, Blair Zajac bl...@orcaware.com wrote: Thanks for the link. It appears that my case is not explicitly supported, running Folsom on 12.10 is only supported. I'll take a look when I'm on my server, but if grizzly-2 packages are released for 12.04, then it'll be possible to point my 12.10 system at the 12.04 repo and it should just work ;) ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Ceilometer] Ganglia Ceilometer integration
I've had bad luck with ganglia. It tends to self pollute over time, especially in a lossy environment such as an elastic cloud. On Tue, Jan 8, 2013 at 7:23 AM, daniel_ley...@dell.com wrote: Shengjie, I've been thinking quite a lot about that recently. I was considering putting up a blueprint about supporting collection of metrics from Ganglia-monitored servers and pushing them into Ceilometer, assuming there isn't anything already up. I have run Ganglia on large numbers of servers in the past collecting metrics and was thinking that, particularly with monitoring tie-ins with Ceilometer, it would be useful to have a producer that will scrape Ganglia's native XML-based metric reports and push metrics into Ceilometer for persistence and analysis. I think that would complement the blueprint you raised about the HBase storage backend for storing would could quickly become a vast amount of data - more than the current backends could handle well - and if implemented properly should work well with the multi-producer work that is going on. Dan -Original Message- From: openstack-bounces+daniel_leyden=dell@lists.launchpad.net[mailto: openstack-bounces+daniel_leyden=dell@lists.launchpad.net] On Behalf Of Min, Shengjie Sent: 08 January 2013 13:02 To: jul...@danjou.info Cc: openstack@lists.launchpad.net Subject: Re: [Openstack] [Ceilometer] Ganglia Ceilometer integration Hi Julien, Just look at the blueprints and your post, seems like there is some effort around synaps, also something around heat, cloudwatch. Just trying to get a clear picture about the vision and direction around monitoring area. Shengjie ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Create tenant with RESTful api
https://github.com/rackspace/php-opencloud might want to check that out. On Fri, Dec 14, 2012 at 11:05 AM, Guillermo Alvarado guillermoalvarad...@gmail.com wrote: Because I am using PHP, so I am making the requests with REST. 2012/12/14 Matt Joyce matt.jo...@cloudscaling.com Is there a reason you are not using the keystone client api? On Fri, Dec 14, 2012 at 10:58 AM, Guillermo Alvarado guillermoalvarad...@gmail.com wrote: Hi Everyone, Please, someone can give me information about how to create a tenant with a REST request. I am trying to develop a module to use my legacy billing software, so I need to create tenants, create a vm, terminate it and suspend it. I can achieve the later with the vm but I can not find how to make the request to create a tenant... Thanks in advance, Best regards. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Vlans and openstack.
Check your switch. Make sure the ports are trunked. Make sure they have access to the vlans desired. All ports. On Wed, Dec 12, 2012 at 10:33 AM, Andrew Holway a.hol...@syseleven.dewrote: Hi, I have two hosts in my openstack setup: blade03 and blade04. I have set up my openstack with vlanned networking. The instances are being created on the specifed vlans correctly. The problem is that I cannot ping instances on blade03 from blade04. I can ping blade04 instances from blade04. I do not expect to be able to ping blade03 instances because the nova network service is not running there. I have experimented to make sure vlans are working on the switch. I created a new vlan interface on blade03 and blade04 and pinged between them quite happily. What am I missing? Thanks, Andrew [root@blade02 ~]# nova-manage network list id IPv4IPv6start address DNS1 DNS2VlanID project uuid 1 10.142.10.0/26 None10.142.10.3 None None142 88fe447d408d418baad31f681330a648 8ed0508f-d8bb-4845-8eea-ed7b12f61adc Switch Config: Current VLAN 142: name VLAN 142, ports INT11-INT14, enabled, Protocol- empty, spanning tree 1 Current VLAN 143: name VLAN 143, ports INT11-INT14, enabled, Protocol- empty, spanning tree 1 [root@blade03 instance-0011]# ifconfig eth0.143 eth0.143 Link encap:Ethernet HWaddr 00:1A:64:5D:10:98 inet addr:10.145.0.1 Bcast:10.145.255.255 Mask:255.255.0.0 inet6 addr: fe80::21a:64ff:fe5d:1098/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:9 errors:0 dropped:0 overruns:0 frame:0 TX packets:101 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:672 (672.0 b) TX bytes:8241 (8.0 KiB) [root@blade03 instance-0011]# ping 10.145.0.1 PING 10.145.0.1 (10.145.0.1) 56(84) bytes of data. 64 bytes from 10.145.0.1: icmp_seq=1 ttl=64 time=0.031 ms ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [SWIFT] Upgrade from 1.4.8 to 1.7.4 question
My guess would be that it would work. The keystone API hasn't changed massively between essex and folsom. I have not tested. But I am fairly confident it would work just fine. -Matt On Tue, Dec 11, 2012 at 2:25 PM, Alejandro Comisario alejandro.comisa...@mercadolibre.com wrote: Hi guys, we are planning to upgrade our production cluster from 1.4.8 to 1.7.4 to have the several features of the new version. One of the main doubts before dive into this task is as follow : Is it possible to use SWIFT 1.7.4 with Keystone/ESSEX ? Or is MUST to have Keystone from Folsom release ? Thanks in advance ! * * *Alejandrito* ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Nova metadata service
It is not a necessity, but it is very useful. Also look at config drive. -Matt On Mon, Dec 10, 2012 at 5:33 PM, Joshua Harlow harlo...@yahoo-inc.comwrote: Its really just a binary that activates https://github.com/openstack/nova/blob/master/nova/api/metadata/handler.py#L100 Its a way to allow for a VM to get metadata about itself and any userdata (of which users may have provided) on boot. Said feature is not just connected to ec2, but provides a generic mechanism for getting this type of data to an instance. The ec2 folks I believe are just the 'originators' of said concept and that’s how it got named initially. From: JuanFra Rodriguez Cardoso juanfra.rodriguez.card...@gmail.com Date: Monday, December 10, 2012 5:10 PM To: Openstack openstack@lists.launchpad.net Subject: [Openstack] Nova metadata service Hi guys! After looking for in the mailing list and docs, I honestly still don't understand what really is nova-api-metadata. it's a mandatory service in a multi-host deployment? it's only related to EC2? Thanks! Regards, JuanFra. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Dead walk from forum
Well you can present as many virtual resources as your hypervisor will handle. This usually can exceed physical resources. In common terminology that's called over subscribing. In terms of sharing resources between many individual physical nodes, you are now entering the realm of memory / bus pooling. Basically this is the domain of super computing hardware. However, batch job work can be performed on many systems independently and then results collected. This is behind the basic tenants of grid computing. OpenStack could be used to stand up grid computing solutions. Especially with the addition of physical layer provisioning. -Matt On Fri, Dec 7, 2012 at 12:53 AM, Agauger hacka...@gmail.com wrote: So I was curious if anyone has seen anything with a VM whose computing was greater than the host, as asked last year http://forums.openstack.org/viewtopic.php?f=16t=824 ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] LVM over LVM is acceptable?
other hazard to mention. live fs resizes tend to be sketchy. the growing of a live filesystem is possible and tends to work. but shrinking for obvious reasons is very dangerous and can be wrought with peril. also cannot be done live as far as I know for any ext filesystem. -matt On Tue, Nov 27, 2012 at 6:13 PM, Lei Zhang zhang.lei@gmail.com wrote: Got it. Could Cinder can check the created volume? I can not find any command like cinder update. I try to extends the volume by lvextend, but data in the cinder db doesn't update. So when I delete the changed volume, it raise error. On Tue, Nov 27, 2012 at 12:34 PM, Dean Troyer dtro...@gmail.com wrote: On Mon, Nov 26, 2012 at 8:04 PM, Lei Zhang zhang.lei@gmail.com wrote: Another question. If the vm treat the vol-0 as a normal block device, is it necessary to partition? If not, the fdisk will show Disk /dev/vdb doesn't contain a valid partition table. If yes, how can I extend the volume on the vm? It seems that treat the volume as a normal block device is not a good idea. It is not necessary to partition the device (vdb) inside com-0. If you use it as an LVM physical device (PV) inside com-0 then pvresize will update the metadata o recognize the new size inside com-0 after you lvextend the vol-0 in the host. If you do partition /dev/vdb and don't use LVM in com-0 it is still possible to grow a partition, but you'll have to delete and re-create the last partition to get com-0 to recognize the additional space. And you'd also need to do the filesystem resize too. Nested LVM can be tricky but if you are careful to keep the layers separated it can work. dt -- Dean Troyer dtro...@gmail.com -- Lei Zhang Blog: http://jeffrey4l.github.com twitter/weibo: @jeffrey4l ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] LVM over LVM is acceptable?
On Mon, Nov 26, 2012 at 12:52 PM, Dean Troyer dtro...@gmail.com wrote: On Mon, Nov 26, 2012 at 6:51 AM, Lei Zhang zhang.lei@gmail.com wrote: I creat a lvm named vol-0 and attach it to the machine com-0. After a period of time, the vol-0 is full and I want to extend it. At now, I have two solutions. Nested LVM gets tricky so I want to be sure I am clear on your setup: To parrot dean, if you end up with an LVM inside of an LVM that have the same volume name you are basically hosed. =/ ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Vietnam OpenStack Community
Congrats! And welcome to the global community! -Matt On Sun, Nov 25, 2012 at 11:28 PM, Hang Tran hang.t...@dtt.vn wrote: To whom it may concern As introduced, we would like to register to join this General Mailing List and OpenStack community. At the moment, we are excitingly organizing our first Vietnam OpenStack meetup on 29/11/2012. I have requested to register this event onto “upcoming events” section and thanks to Stefano, it’s now on the website :-). Looking forward to receiving upcoming events and other OpenStack community’s activities. Kind regards, Hang Tran ** ** -- Tran Thi Hang Project Management Team *DTT Technology Group* Add: Unit 305, Level 3, Ha Thanh Plaza, 102 Thai Thinh Street, Dong Da District, Ha Noi Tel: +(84) 902127811 Mail: hang.t...@dtt.vn Web: www.dtt.vn ** ** ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Ubuntu Openstack activity update
If we have changes we'd like to submit for review to the cloud archive packages. What is the correct method for doing so? -Matt On Thu, Nov 22, 2012 at 8:19 AM, James Page james.p...@ubuntu.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi All As Grizzly is about to release its first milestone, the Ubuntu Server Team thought it was a good opportunity to give an update on Ubuntu Server activities around Openstack. 1) Folsom Cloud Archive Aside from a few stable release updates which are working through the system, the Folsom Cloud Archive for Ubuntu 12.04 is available and ready for use. Please report any bugs that you find in packages from the Cloud Archive here: https://bugs.launchpad.net/cloud-archive/+filebug In terms of communication around the Cloud Archive, general annoucements about milestone and release avaliability will be made on ubuntu-cloud-anou...@lists.ubuntu.com: https://lists.ubuntu.com/mailman/listinfo/ubuntu-cloud-announce We have also set-up a new ML which will be higher volume, per upload notifications as new and updated packages land in the Cloud Archive: https://lists.ubuntu.com/mailman/listinfo/cloud-archive-changes For details on how to enable and use the Cloud Archive on Ubuntu 12.04 see https://wiki.ubuntu.com/ServerTeam/CloudArchive. 2) Grizzly Trunk PPA As we did for Folsom, a PPA is being maintained for Grizzly on Ubuntu 12.04 and Ubuntu Raring with the latest changes for each of the core Openstack components. This PPA should also contain any required dependencies to support Grizzly on Ubuntu 12.04 - see https://launchpad.net/~openstack-ubuntu-testing/+archive/grizzly-trunk-testing for full details and current build status. Please report bugs against Ubuntu for any issues that you find during development in packages from the Grizzly PPA. Note that these packages are not supported in the same way as the Cloud Archive; so please don't use them post release of Grizzly in your production deployments! 3) Packaging branches Packaging branches are maintained by the Openstack Ubuntu Testing team in the following branch URI format: lp:~openstack-ubuntu-testing/COMPONENT_NAME/UPSTREAM-RELEASE For example: lp:~openstack-ubuntu-testing/nova/folsom lp:~openstack-ubuntu-testing/nova/grizzly lp:~openstack-ubuntu-testing/quantum/grizzly If you have a packaging change that you would like to contribute, Launchpad merge proposals should be made against these branches. Note that the grizzly branch for any given component feeds both the main development release of Ubuntu and the Cloud Archive for Ubuntu 12.04. Please target 'UNRELEASED' in the change-log entry (rather than 'raring' or 'quantal' for example) unless you are the Ubuntu Server Dev responsible for the next upload to the Ubuntu or Cloud archive. These branches feed the automated build and deployment testing of Openstack on Ubuntu; see https://jenkins.qa.ubuntu.com/view/Openstack%20Testing/view/Overview/? for results. 4) Testing Changes The Ubuntu Server team continues to focus on the quality of Openstack on Ubuntu; as part of this we undertake significant CI testing of Openstack on bare metal. We are pleased to announce that the following components are currently being added to the Openstack CI reference architecture that we test in the lab: Quantum Cinder We are also adding Ceph as an option, with support for Glance, Cinder and Nova. As a result there may be periods of time when limited automated deployment and testing activity is undertaken whilst manual testing of these changes is under-way in the lab. Please refer to https://wiki.ubuntu.com/ServerTeam/OpenStack for more details on branches, PPA's and testing activities. Regards, James - -- James Page Ubuntu Server Team, Technical Lead james.p...@ubuntu.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBCAAGBQJQrlCHAAoJEL/srsug59jDT8IQANTjNJ1rVwiMx4H2J3o3yY5j eDX9OLMhvRPX8ELGz3q6Y2rB4Li1c2sDpoFcK41Ym60fFWQXA/LzH+phfzXHlige 6UIj8hfXY7cASGKJs6PESejTR/WEthsuWvFnxVJGFyaCtzK48tBuFO/cw7J5lyF3 VGma2N3JAIQ1guIHgm7PUhLUQVjmeAbQshJcm0b47G9pT/j5mYVe3bB1KdAN1voa NUWPHK0+sGZ7kkOm1H6uZ0LcdeWOBfxMXPlB7glTqZE5S0XaSM57Y0+aUeGRf4Uc Dp5cwmHV0H9sImO5hK/aX2qM44r4wb8QaZSs4ubwqnDsOv1LLyQosz1+OYPt5zzj g7hqkjkNbk+KRqwxGwzYPeWiJup0WJXLYDLQmxGIJ+imcVjvTnznvlF9Hzilf+2V zahxvLKpI+8OtrXubCjlAh/69U7ATVHhLcTABZq6pwIo61Tl5BaIj9OCNsBpPpC1 E80ItCsONZSGx+j2MP+mix087LPNkquiYk0wwJS+Xwr3RGkXWlT+jUNwICvqsq3R YnkBIFCPsdeICF91P/Qplxv4gjKsvZrRPS/S6P6e9WPPC2pz4XEmEix3jfwgY9LJ Pc07kN5ejhKd4h7GvJgWkmgg+TT6uWWoGRVtnTq5yZ3FXWGwFQvJ4SejDWq9Cw2h XXlPBdkp6fHhb2EZDZqQ =xSLk -END PGP SIGNATURE- ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack
Re: [Openstack] Finding version of keystone service
dpkg -p keystone | grep Version should show you in the version tag example: 2012.2 is folsom 2012.1 is essex -Matt On Fri, Oct 26, 2012 at 2:29 PM, Ahmed Al-Mehdi ah...@coraid.com wrote: Hi Joe, I did a apt-get install keystone, which I am as assuming installed both, is that right? If not, what did get installed? I am trying to to find the version of whatever got installed. # keystone --version usage: keystone [--os-username auth-user-name] [--os-password auth-password] [--os-tenant-name auth-tenant-name] [--os-tenant-id tenant-id] [--os-auth-url auth-url] [--os-region-name region-name] [--os-identity-api-version identity-api-version] [--token service-token] [--endpoint service-endpoint] [--os-cacert ca-certificate] [--os-cert certificate] [--os-key key] [--insecure] [--username auth-user-name] [--password auth-password] [--tenant_name tenant-name] [--auth_url auth-url] [--region_name region-name] subcommand ... keystone: error: too few arguments root@bodega:~# --Ahmed. From: heckj he...@mac.com Date: Friday, October 26, 2012 2:23 PM To: Ahmed Al-Mehdi ah...@coraid.com Cc: openstack@lists.launchpad.net openstack@lists.launchpad.net Subject: Re: [Openstack] Finding version of keystone service Ahmed, Are you trying to find out the version of Keystone installed, or of the CLI client? (they're different and somewhat unrelated) -joe On Oct 26, 2012, at 2:20 PM, Ahmed Al-Mehdi ah...@coraid.com wrote: Hello, The option --version (or any variation of it) does not seem to work for keystone, even though the man page lists --version as one of the options. The only way I was able to find the version number is using the dpkg command on ubuntu. Is this the only way? # dpkg -s keystone Package: keystone Status: install ok installed Priority: extra Section: python Installed-Size: 130 Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com Architecture: all *Version: 2012.2-0ubuntu1~cloud0* Depends: python, debconf (= 0.5) | debconf-2.0, upstart-job, python-keystone (= 2012.2-0ubuntu1~cloud0), adduser, ssl-cert (= 1.0.12), dbconfig-common Conffiles: /etc/keystone/default_catalog.templates e20825c5518f8c1482560f232ad78445 /etc/keystone/logging.conf c85cb75be85f3ec306f3da2730764d6e /etc/keystone/keystone.conf a3e9c22fd4bd3a551f919355b777058c /etc/keystone/policy.json 1bd2a9705a8361fc51f24211ac6ed260 /etc/init/keystone.conf e9b3d5b9bd13f9f5ac3601ebeb043f2f /etc/logrotate.d/keystone 5a7a4ded566affc47626bffe4a9d3231 Description: OpenStack identity service - Daemons Keystone is a proposed independent authentication service for OpenStack. . This initial proof of concept aims to address the current use cases in Swift and Nova which are: . * REST-based, token auth for Swift * many-to-many relationship between identity and tenant for Nova. Keystone does authentication and stuff . This package contains the daemons. Homepage: http://launchpad.net/keystone Original-Maintainer: Monty Taylor mord...@inaugust.com Thank you, Ahmed. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [ceilometer] Potential New Use Cases
I think a good deal of ceilometer's messaging and event tracking could additionally be used for event audit logging. -Matt On Wed, Oct 24, 2012 at 2:35 PM, Julien Danjou jul...@danjou.info wrote: On Wed, Oct 24 2012, Dan Dyer wrote: Use Case 1 Service Owned Instances There are a set of use cases where a service is acting on behalf of a user, the service is the owner of the VM but billing needs to be attributed to the end user of the system.This scenario drives two requirements: 1. Pricing is similar to base VM's but with a premium. So the type of service for a VM needs to be identifiable so that the appropriate pricing can be applied. 2. The actual end user of the VM needs to be identified so usage can be properly attributed I think that for this, you just need to add more meters on top of the existing one with your own user and project id information. As an example, in some of our PAAS use cases, there is a service controller running on top of the base VM that maintains the control and and manages the customer experience. The idea is to expose the service and not have the customer have to (or even be able to) manipulate the virtual machine directly. So in this case, from a Nova perspective, the PAAS service owns the VM and it's tenantID is what is reported back in events. The way we resolve this is to query the service controller for meta data about that instances they own. This is stored off in a separate table and used to determine the real user at aggregation time. This is probably where you should emit the meters you need. Use Case 2 Multple Instances combine to make a billable product/service In this use case, a service might consist of several VM's, but the actual number does not directly drive the billing. An example of this might be a redundant service that has a primary and two backup VM's that make up a deployment. The customer is charged for the service, not the fact that there are 3 VM's running. Once again, we need meta data that is able to describe this relationship so that when the billing records are processed, this relationship can be identified and billed properly. Kind of the same here, if you don't want to really bill the vm, just don't meter them (or ignore the meters) and emit your own meter via your PaaS platform to bill your customer. Or is there a limitation I miss? -- Julien Danjou -- Free Software hacker freelance -- http://julien.danjou.info ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] API Credentials
the gui is a bit misleading in this regard. On Mon, Oct 22, 2012 at 10:12 PM, Sam Stoelinga sammiest...@gmail.comwrote: No, I think what Vish is saying that it's possible to get the Openstack access key and secret by doing the following: (Based on Folsom, but think it's the same in Essex) 1. Login with your account in Openstack dashboard (Horizon) 2. Go to Settings page 3. Click on EC2 Credentials 4. Click on Download EC2 credentials The access key and secret seems to be in the file ec2rc.sh. Description: Clicking Download EC2 Credentials will download a zip file which includes an rc file with your access/secret keys, as well as your x509 private key and certificate. That's what you want right? Hope it helped. Sam On Tue, Oct 23, 2012 at 12:50 PM, Tummala Pradeep pradeep.tumm...@ericsson.com wrote: Actually, I am trying to integrate PaaS with OpenStack. So, I require access key and secret access key for that. So, I don't think ec2 credentials will work. Are you saying it is not possible to set up OpenStack's access key and secret access key ? Pradeep On 10/22/2012 10:26 PM, Vishvananda Ishaya wrote: access and secret keys are ec2 credentials and they can be retrieved using download ec2 credentials from the settings page in horizon. Vish On Oct 22, 2012, at 4:56 AM, Tummala Pradeep pradeep.tumm...@ericsson.com wrote: I deployed OpenStack Essex on my server using the documentation provided. Now, I need help with getting API credentials similar to what HP OpenStack has. For eg - Users having an account in HP Openstack can retrieve access key and secret access key from the api keys section.In my deployment, I can download Openstack credentials from the settings tab in .pem format but it does not contain access key and secret access key. Therefore I want to setup api keys so that users can view their credentials similar to HP Openstack. Someone please guide me to get started on this. Thanks Pradeep __**_ Mailing list: https://launchpad.net/~**openstackhttps://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~**openstackhttps://launchpad.net/~openstack More help : https://help.launchpad.net/**ListHelphttps://help.launchpad.net/ListHelp __**_ Mailing list: https://launchpad.net/~**openstackhttps://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~**openstackhttps://launchpad.net/~openstack More help : https://help.launchpad.net/**ListHelphttps://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Use of MAC addresses in Openstack VMs
If you are concerned about OUI collisions buy your own OUI. If we end up with people colliding in an OpenStack OUI, so be it. Better than causing grief for our neighbors. I'd rather be neighborly. -Matt On Tue, Oct 23, 2012 at 1:35 AM, Thierry Carrez thie...@openstack.orgwrote: Nachi Ueno wrote: My proposal is the default OUI value should be owned by OpenStack foundation if $2000 isn't concern for OpenStack foundation. To summarize the discussion so far, it is suggested that the OpenStack Foundation could buy a OUI that we'd use as the default value, rather than a random one that may be used by someone else. That one would be used for development, while all serious deployers are encouraged to get their own. The issue reported with that is that it creates a smaller space for collision amongst OpenStack users. Encouraging people to use locally-assigned OUI or buy their own might therefore be a better strategy. More thoughts ? -- Thierry Carrez (ttx) ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Use of MAC addresses in Openstack VMs
I am throwing in a vote of for openstack foundation acquiring a unique OUI for users to use if they wish. -Matt On Mon, Oct 22, 2012 at 5:43 PM, Shake Chen shake.c...@gmail.com wrote: On Mon, Oct 22, 2012 at 8:08 PM, Gary Kotton gkot...@redhat.com wrote: On 10/20/2012 07:23 PM, Tim Bell wrote: ** ** If we purchase an OUI, is there a mechanism within Quantum to only allocate Mac addresses with that prefix ? At the moment Quantum enables the user to define a base MAC address. That is the user can update the configuration file. The user selects a base MAC and the MAC's are allocated in that range. I think that this gives us a lot of flexibility. Please see below for the configuration options. # Base MAC address. The first 3 octets will remain unchanged. If the # 4h octet is not 00, it will also used. The others will be # randomly generated. # 3 octet # base_mac = fa:16:3e:00:00:00 # 4 octet # base_mac = fa:16:3e:4f:00:00 as my know, the fa:16:3e would on behalf of a company. If I recall correctly this is hard coded in nova networking. Thanks Gary ** ** Tim ** ** *From:* openstack-bounces+tim.bell=cern...@lists.launchpad.net [ mailto:openstack-bounces+tim.bell=cern...@lists.launchpad.netopenstack-bounces+tim.bell=cern...@lists.launchpad.net] *On Behalf Of *Salvatore Orlando *Sent:* 20 October 2012 10:20 *To:* Vinay Bannai *Cc:* openstack@lists.launchpad.net *Subject:* Re: [Openstack] Use of MAC addresses in Openstack VMs ** ** Hi Vinay, ** ** I understand your concerns about conflicts with already assigned OUIs.*** * It is however my opinion that it is not up to the Openstack Foundation, but to entities deploying Openstack, to buy MAC OUIs. As regards Quantum, we should ensure the default MAC range we use is locally assigned; unfortunately I do not know enough about nova-network.* *** Also, it is my opinion that a locally-assigned OUI would be sufficient for many use cases, without the need for a globally assigned one. ** ** Regards, Salvatore ** ** On 20 October 2012 04:05, Vinay Bannai vban...@gmail.com wrote: I was talking to Nachi and Gary during the Quantum design session about the need to have a proper MAC OUI allocation scheme for Openstack development folks. They suggested that I send it out for wider discussion on the mailing list. ** ** It turns out that it would be useful for the Openstack foundation to apply for a MAC OUI from IEEE that can be used for development purposes and testing. This way we don't unwittingly use someone else MAC allocation. Here are the details ** ** http://standards.ieee.org/develop/regauth/oui/index.html ** ** The cost to get a OUI allocation is around $2000 dollars. Remember if we use random MAC OUI, the actual owners can assert their legal claim on the MAC address in the event of a conflict now that we have support for more sophisticated tunnels that allow connections from public and private clouds. ** ** Comments welcome. ** ** Vinay ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ** ** ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp -- Shake Chen ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [openstack] Summit coverage
i know this was attempted for the last summit though not widely advertised. i am willing to help set up again if we have equipment on hand. -matt On Tue, Oct 2, 2012 at 9:44 PM, surya_prabha...@dell.com wrote: Hi Folks, For the folks who cannot attend the design summit, are the sessions streamed online? Surya. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Ubuntu Cloud Archive information
https://launchpad.net/~openstack-ubuntu-testing Maybe? On Mon, Sep 24, 2012 at 4:39 PM, Sam Morrison sorri...@gmail.com wrote: Hi, I've started using the Ubuntu Cloud Archive packages for Folsom in Precise. Haven't been able to find out much information about them so I'm asking here. I've found the packages have quite a few bugs eg.[1]. So trying to figure out where to submit bugs for these and also where the sources are for these packages so I can fix them. Doe anyone know anything about these packages? Cheers, Sam [1] https://bugs.launchpad.net/ubuntu/+source/glance/+bug/1053790 ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] TC candidacy
+1 On Wed, Sep 19, 2012 at 1:50 PM, Soren Hansen so...@linux2go.dk wrote: I'd like to hereby nominate myself as candidate for a seat on the Technical Committee. I'm a Senior Software Engineer at Cisco Systems. In the past, I've held similar positions at Nebula, Rackspace and Canonical. I've been part of this project since before it was called OpenStack, mostly focusing on Nova, but also spending a lot of time building up a lot of the automation (including the CI infrastructure) to help us hit the ground running in the very beginning. Monty's team is doing a fantastic job looking after the infrastructure stuff now, so I've almost entirely backed off from that. I'm a core developer of Ubuntu and hold a seat on Ubuntu's technical board. In the course of my work on Ubuntu, I've contributed to countless open source projects, in recent years mostly focusing on virtualisation related things. I think our most important qualities in OpenStack are reliability and scalability and this will very likely shine through in my work on the technical committee. Even though I've spent most of my OpenStack time working on Nova, I have a keen sense of the bigger picture, both in terms of considering the other OpenStack projects, but also considering our various upstreams and downstreams. -- Soren Hansen | http://linux2go.dk/ Senior Software Engineer | http://www.cisco.com/ Ubuntu Developer | http://www.ubuntu.com/ OpenStack Developer | http://www.openstack.org/ ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] TC Candidacy
Hi all. My Name is Matt Joyce. I do hereby on this, the eighteenth day of the ninth month in the year of our lord two thousand and twelve, announce my candidacy for a seat upon the technical committee. I have all the respect in the world for the folks running right now. But I figure the candidacy pool needs some more variety. And in the spirit of open source I've decided to add variety by doing it myself. Enjoy the added variety. And consider joining in yourself. Don't be shy. Jump in and get your hands dirty. So I guess here are my OpenStack Qualifications: I was a member of the Nebula Project at NASA as a DevOps team member and later team leader. I maintained the environment there for two years before joining Cloudscaling, where I continue my involvement with OpenStack. My most recent work has been in external software ( ssh ) integration with keystone. I've made some changes to horizon, nova, and of course did the bulk of the portuguese translations of horizon. I am core on the python-openstackclient. And I am helping kickstart the OpenStack Security Group. Here are my Non-OpenStack Qualifications: I am an ex-Opsware Professional Services consultant at HP. I used to work on the GTI Configuration Management team at JPMC. And, as a result I've seen and worked on some very large automated datacenter projects. I have a kinetic familiarity with the automation arena historically, and a deep appreciation of the future openstack aspires to. Other things you might want to know: I am involved with the ChaosVPN project. I am a former member of the NYC Resistor Hackerspace, Hacker Dojo Hackerspace, and a continual contributor to Make, Hackaday, and other fine blogs. I once gave a talk at Defcon on trolling. I enjoy long walks on the beach and finding creative ways to violate the three laws of robotics. Best Regards Matt ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] PTL elections results, Fall 2012
+1 On Fri, Sep 14, 2012 at 12:18 AM, Thierry Carrez thie...@openstack.orgwrote: The OpenStack PTL election period is now over. The following people have been elected as Project Technical Leads for the upcoming 6-month Grizzly development cycle: Nova PTL: Vish Ishaya Swift PTL: John Dickinson Glance PTL: Brian Waldon Keystone PTL: Joe Heck Horizon PTL: Gabriel Hurley Quantum PTL: Dan Wendlandt Cinder PTL: John Griffith openstack-common PTL: Mark McLoughlin Note that elected PTLs are automatically granted a 6-month seat on the OpenStack Technical Committee. Congrats everyone ! -- Thierry Carrez (ttx) Election official ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Create new Public User
horizon dashboard extensions are probably the way to go. http://docs.openstack.org/developer/horizon/topics/tutorial.html check that out for starters. -Matt On Mon, Sep 10, 2012 at 9:30 PM, Jegadeesh s.jegade...@gmail.com wrote: Hi Guys, I am new for OpenStack. For some testing, i have installed it (Ubuntu 12.04, Essex) and it works fine. Now, i want to customize the dashboard to add some more options like automate the user creation with mail confirmation, send a mail after create/delete instances etc... Can someone give some ideas? Thanks, Jegadeesh S ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [openstack-dev] Nova PTL candidacy
Vish doesn't sleep. He waits. On Thu, Sep 6, 2012 at 10:32 AM, Blake Yeager blake.yea...@gmail.comwrote: He also lives vicariously through himself. On Thu, Sep 6, 2012 at 10:12 AM, Ravi Jagannathan reagul.2...@gmail.comwrote: +1 . Plus he has a cool name. On Thu, Sep 6, 2012 at 10:58 AM, Sam Su susltd...@gmail.com wrote: +1 On Wed, Sep 5, 2012 at 12:19 AM, Michael Still michael.st...@canonical.com wrote: On 09/05/2012 06:03 AM, Matt Joyce wrote: Vish is also a pretty cool guy and doesn't afraid of anything. Vish does a great job -- many hours a day of code review and mentoring, puts up with criticism much more calmly than I think many would, and is a pleasure to work with. Mikal ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [openstack-dev] Nova PTL candidacy
Vish is also a pretty cool guy and doesn't afraid of anything. On Tue, Sep 4, 2012 at 12:58 PM, Vishvananda Ishaya vishvana...@gmail.comwrote: Hello Everyone, I'm writing to announce my candidacy for the Project Technical Lead of Nova for the Grizzly Release cycle. Qualifications -- I was part of the original Anso Labs Team that created Nova at NASA[1]. I have more commits to nova than any other contributor[2] and the second most in the past 12 months[3]. I am the most active reviewer for nova commits[4] I have been the Nova PTL since the position waw created[5]. Folsom Accomplishments -- A lot was achieved in Nova during this cycle. I have to give most of the credit to the active contributors we had. I don't have space to cover everything that we achieved during the release but here are some key points: * Split the volume code into its own project and helped it get under way. * Versioned the rpc apis * Improved api testing and xml support * Moved instances to using exclusively UUIDs * Improved our state management and minimized race conditions * Cleaned up the quota management to make it more robust Grizzly Plan While there is a great deal to be determined at the design summit, I think there are a few key things that we need to focus on over the next cycle. * Spreadi * No DB compute: We did a huge amount of preparation during folsom to allow us to remove database access from the compute nodes. This will dramatically improve the security profile of nova and allow us to scale * Better quantum integration: We are very close to a seamless integration with quantum where a provider could be using quantum on the backend and end-users wouldn't even have to know. * Upgrade consistency: Now that we have rpc versioning, we should be able to take steps to allow for the possibility of live upgrades * Better support for custom backends: we need to solidify the driver interfaces so custom backends can potentially live out-of-tree. This will allow the management Vish [1] https://github.com/openstack/nova/commit/f04c6ab2d082ce8fe48ec58cb5c7cc64ed2a282b [2] http://www.ohloh.net/p/novacc/contributors?query=sort=commits [3] http://www.ohloh.net/p/novacc/contributors [4] http://173.203.107.207/~soren/stats/nova-30days.json [5] https://lists.launchpad.net/openstack/msg01674.html ___ OpenStack-dev mailing list openstack-...@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Openstack Folsom - 3 Installation
As I recall localrc had a setting in the past for picking releases to install. Not sure what the status of that is. On Thu, Aug 23, 2012 at 12:45 AM, Atul Jha atul@csscorp.com wrote: Hi Trinath, snip On Wed, Aug 22, 2012 at 4:43 PM, Trinath Somanchi trinath.soman...@gmail.commailto:trinath.soman...@gmail.com wrote: Hi All- I'm installing Openstack Components of Folsom-3 milestone from the Tar files available from launchpad. Can any one guide me on the installation of the these components like the Essex component installation and configuration. I'm upto this level of Installation. For instance, Keystone component, I have untar the file and executed the following commands. Keystone $ python setup.py build Keystone $ python setup.py install. Will these two steps install the respective component and all its necessary components. With this type of Install can I use the Openstack components as I use them in the 'apt-get' based Essex installation. Kindly guide me on this... /snip You are trying to install Folsom from the development version and that is why you are doing source code based installation. I am sure it comes with a README file which explains details about the source file. Now when you are talking about apt-get best install, it means you are trying to download the package which is bundled by one of the Linux distribution providers repository. Now here is the thing, since Folsom is still in development phase thats why the package based installation is still in process of baking/bake, so folks from Ubuntu are best to answer your question when it will be available. Lastly source based install is not suggested for Production Environment. I will hope this solves all your confusion and questions. Thanks, Atul Jha http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [openstack-dev] Translation, Internationalization and Localization in OpenStack
Update on Horizon pt_BR Translated 234 32.28% Remaining 491 67.72% Reviewed 0 0.00% About a third of the way through now. On Tue, Aug 21, 2012 at 6:14 PM, Matt Joyce matt.jo...@cloudscaling.comwrote: I've already put a dent in the pt / pt_br translations for horizon. I'd love some assistance though. Especially since my portuguese is secondary and honestly not very fluent. -Matt On Tue, Aug 21, 2012 at 6:07 PM, Gabriel Hurley gabriel.hur...@nebula.com wrote: In conjunction with the PTLs, the Docs team, the Infrastructure team, various community members and more, I'm very happy to say that we are ready to share out a complete set of documentation and processes for translation, internationalization, and localization for OpenStack as a whole. The document lives on the wiki here: http://wiki.openstack.org/Translations The critical infrastructure is already in place, and Nova, Horizon, Keystone and Docs are already up and running with the new processes (and have been successfully for a little while now). Of immediate importance is the fact that we are technically under string freeze right now, so (as Thierry pointed out at the meeting earlier today) any review that alters strings marked for translation should be flagged and requires special consideration and coordination with translators before being merged. The string freeze gives translators a period of time before a release in which translations do not change so they can complete their work properly. Comments and critiques of the process are welcome, but let's keep them on the mailing list before making edits to the wiki page. Obviously we'll continue to refine this over time. Thanks, and happy translating! - Gabriel ___ OpenStack-dev mailing list openstack-...@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [openstack-dev] Translation, Internationalization and Localization in OpenStack
Muito Brigado. =P I'm American and I could use the assistance. =P On Wed, Aug 22, 2012 at 6:48 PM, Marcelo Dieder mdie...@sinos.net wrote: I'm Brazilian, and I'll help with the translation. Marcelo Dieder On 22-08-2012 22:38, Matt Joyce wrote: Update on Horizon pt_BR Translated 234 32.28% Remaining 491 67.72% Reviewed 0 0.00% About a third of the way through now. On Tue, Aug 21, 2012 at 6:14 PM, Matt Joyce matt.jo...@cloudscaling.comwrote: I've already put a dent in the pt / pt_br translations for horizon. I'd love some assistance though. Especially since my portuguese is secondary and honestly not very fluent. -Matt On Tue, Aug 21, 2012 at 6:07 PM, Gabriel Hurley gabriel.hur...@nebula.com wrote: In conjunction with the PTLs, the Docs team, the Infrastructure team, various community members and more, I'm very happy to say that we are ready to share out a complete set of documentation and processes for translation, internationalization, and localization for OpenStack as a whole. The document lives on the wiki here: http://wiki.openstack.org/Translations The critical infrastructure is already in place, and Nova, Horizon, Keystone and Docs are already up and running with the new processes (and have been successfully for a little while now). Of immediate importance is the fact that we are technically under string freeze right now, so (as Thierry pointed out at the meeting earlier today) any review that alters strings marked for translation should be flagged and requires special consideration and coordination with translators before being merged. The string freeze gives translators a period of time before a release in which translations do not change so they can complete their work properly. Comments and critiques of the process are welcome, but let's keep them on the mailing list before making edits to the wiki page. Obviously we'll continue to refine this over time. Thanks, and happy translating! - Gabriel ___ OpenStack-dev mailing list openstack-...@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [openstack-dev] Translation, Internationalization and Localization in OpenStack
I've already put a dent in the pt / pt_br translations for horizon. I'd love some assistance though. Especially since my portuguese is secondary and honestly not very fluent. -Matt On Tue, Aug 21, 2012 at 6:07 PM, Gabriel Hurley gabriel.hur...@nebula.comwrote: In conjunction with the PTLs, the Docs team, the Infrastructure team, various community members and more, I'm very happy to say that we are ready to share out a complete set of documentation and processes for translation, internationalization, and localization for OpenStack as a whole. The document lives on the wiki here: http://wiki.openstack.org/Translations The critical infrastructure is already in place, and Nova, Horizon, Keystone and Docs are already up and running with the new processes (and have been successfully for a little while now). Of immediate importance is the fact that we are technically under string freeze right now, so (as Thierry pointed out at the meeting earlier today) any review that alters strings marked for translation should be flagged and requires special consideration and coordination with translators before being merged. The string freeze gives translators a period of time before a release in which translations do not change so they can complete their work properly. Comments and critiques of the process are welcome, but let's keep them on the mailing list before making edits to the wiki page. Obviously we'll continue to refine this over time. Thanks, and happy translating! - Gabriel ___ OpenStack-dev mailing list openstack-...@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] sort_key and sort_dir for collections based REST APIs
+10 On Mon, Aug 20, 2012 at 11:42 AM, Gabriel Hurley gabriel.hur...@nebula.comwrote: For two summits running I've been advocating the need for a common standard of functionality for all OpenStack APIs (things like sorting, bulk operations, filtering, pagination, etc.). I intend to push on the issue even harder this time around at the Grizzly summit (I'm going to propose an entire working session on it). It's one of those problems that simply *cannot* be solved one project at a time. The community needs to agree, and then the projects need to implement the solutions over time. - Gabriel -Original Message- From: openstack-bounces+gabriel.hurley=nebula@lists.launchpad.net [mailto:openstack- bounces+gabriel.hurley=nebula@lists.launchpad.net] On Behalf Of Brian Waldon Sent: Monday, August 20, 2012 10:06 AM To: boden Cc: openstack@lists.launchpad.net Subject: Re: [Openstack] sort_key and sort_dir for collections based REST APIs As we can't just add things to our APIs, it's not straight-forward to support them across the board. I think it would make sense to bake these parameters into the next versions of our APIs for collection sorting, but my opinion is definitely biased. Maybe Joe Heck can comment, as he's working on the v2 Identity API. Brian On Aug 20, 2012, at 11:43 AM, boden wrote: All, Is anybody here familiar with the 'sort_key' and 'sort_dir' parameters for collection based APIs? Specifically I'm wondering if there are any plans to add support for these 2 params across the board (all collections based REST APIs including the 'primary compute extensions')? Based on my google-ability it appears they are only on the glance image APIs (http://docs.openstack.org/developer/glance/glanceapi.html ) at the present moment, so looking for more clarity on this topic intermediate to longer term. Thanks much ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)
I have to ask. Wasn't FUSE designed to do alot of this stuff? It is userspace and it doesn't do nasty stuff to file systems. Why aren't we going that route? -Matt On Tue, Aug 14, 2012 at 11:05 AM, Richard W.M. Jones r...@annexia.orgwrote: On Wed, Aug 08, 2012 at 11:08:48AM +0100, Daniel P. Berrange wrote: Also note that current work is being done to make libguestfs use libvirt to launch its appliance VMs, at which point libguestfs VMs will be strongly confined by sVirt (SELinux/AppArmour), and also able to run as a separate user ID. Thanks for the advert Dan :-) If you've got libguestfs = 1.19.25, then you can in fact already use libvirt to manage the appliance. You just need to set the environment variable LIBGUESTFS_ATTACH_METHOD=libvirt before running the libguestfs-using tool. SELinux confinement is nearly working too. I'm just waiting on a change to the SELinux policy before it's done. Fedora 18 will have all the necessary bits. Rich. -- Richard Jones Red Hat ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Dashboard] Multi-region support in Horizon?
In the short term you might be able to setup something with a horizon customization module... http://docs.openstack.org/developer/horizon/topics/customizing.html In the long term I think federation should be a concern for grizzly planning in horizon. But maybe I am just being a little too optimistic. -Matt On Tue, Aug 14, 2012 at 3:28 AM, Yufang Zhang yufang521...@gmail.comwrote: Hi all, I'd like to use horizon to manage clusters in multiple data centers(regions). Currently, horizon supports multi-region by means of deploying one keystone service for each region. Thus we have to manage multiple keystone services for all the regions(creating users or projects, etc.), which doesn't make sense. Should it be better to allow users to choose service endpoints(nova or glance) according to region name? At least, novaclient works as this way: you can provide region name(via --os_region_name option) as a filter to select nova service endpoint to access, so that we could deploy just one keystone service to manage services on different regions. Or is there any better workaround? Best Regards. Yufang ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)
I get what you are saying. And for the sake of compatibility with other clouds and their images obviously that's the way to go, but my inner nerd is screaming Well, about that... and wanting me to rally people to the idea of putting the logic inside the images rather than inside of the cloud. Let init negotiate the api access and produce the filesystems it needs to get booted up properly. =/ first world problems. On Tue, Aug 14, 2012 at 12:06 PM, Eric Windisch e...@cloudscaling.comwrote: On Tuesday, August 14, 2012 at 14:30 PM, Matt Joyce wrote: I have to ask. Wasn't FUSE designed to do alot of this stuff? It is userspace and it doesn't do nasty stuff to file systems. Why aren't we going that route? Fuse was really designed for the opposite scenario. Fuse modules run as daemons, they're not libraries. These daemons attach to a character device and map userspace code into the VFS. Instead, we want to access a filesystem from userspace code. It is a shame, however, because you're right… there is plenty of code there that knows how to read filesystems in userspace. Unfortunately, the FUSE design really doesn't do us any favors. That said, there are some crazy options to fix that. One could theoretically replace the FUSE character device with one that spoke to userspace processes, instead of interacting with the VFS. There has even been work into creating user-space character devices. One could also make FUSE work with Unix sockets as an alternative to character devices… None of this is out of the box, tested, or even in existence... Regards, Eric Windisch ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Setting Expectations
+1 to everything dean said.
On Tue, Aug 14, 2012 at 12:58 PM, Dean Troyer dtro...@gmail.com wrote:
On Tue, Aug 14, 2012 at 1:06 PM, Andrew Clay Shafer
a...@parvuscaptus.com wrote:
You say OpenStack has survived, but I believe we may have compounded and
multiplied the challenges OpenStack faces by collectively neglecting to
resolve this. Without going into all the technical necessity and
political
complexity, I would argue we allowed OpenStack fragmentation at the
project
level. Without a unified conscience of purpose, the fragmentation only
gets
magnified at the point users are interacting with different deployments.
This fragmentation with projects and goals is a real threat to the
long-term viability of OpenStack as a cloud standard.
I don't believe that the kernel is a perfect analogy, but even if it was
this one sentence 'OpenStack is like the Linux kernel' will not make it
so.
Honestly, I HATE this analogy. OpenStack has no BDFL, it has now a
foundation that is governed by Corporate interests that have a history
of working on common standards and tweaking them to add 'value'
('differentiation' I think is the buzzword for that). The
organization of the foundation is partially designed to prevent any
one or two of these interests from pushing the whole in their
particular direction. The foundation will have to prove itself
capable of pulling the projects forward. Together.
What is the OpenStack equivalent of this?
https://lkml.org/lkml/2012/3/8/495
The problem we have is that people in Linus' position are not created,
they grow and the position, respect and authority is earned. The TC
may be able to earn some of that over time, but without unifying
leadership it will be tough going. Hopefully their separation from
the rest of the board can give them a chance to provide the technical
leadership and direction needed even if it stubs a few toes along the
way.
It kills me that the acronym for OpenStack Foundation is OSF. While I
don't think we can really be the Linux of the cloud any time soon, we
will have to really work to NOT be the UNIX of the cloud...
dt
--
Dean Troyer
dtro...@gmail.com
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [openstack] [horizon] Adding quota information to horizon.usage.base ?
Yeah I was going to grab the code from the instance launch helper template and just fill in the variables from usage.base rather than usages. I think that's quick and easy. I just a quick test, and I think it should work fine. -Matt On Tue, Aug 14, 2012 at 12:52 PM, Gabriel Hurley gabriel.hur...@nebula.comwrote: Go for it. I assume this is related to https://bugs.launchpad.net/horizon/+bug/1018560 ? ** ** If you need to add stuff feel free. Were you thinking the end result would be to display those bars on the overview screen for the project? ** ** **- **Gabriel ** ** *From:* openstack-bounces+gabriel.hurley=nebula@lists.launchpad.net[mailto: openstack-bounces+gabriel.hurley=nebula@lists.launchpad.net] *On Behalf Of *Matt Joyce *Sent:* Tuesday, August 14, 2012 12:24 PM *To:* openstack@lists.launchpad.net *Subject:* [Openstack] [openstack] [horizon] Adding quota information to horizon.usage.base ? ** ** Is anyone opposed to me adding quota information to usage.base. ? I'd like to add the graph bars from _launch_details_help.html to provide a quick heads up on where you are in terms of current allocation of resources against quotas. Maybe later we can provide some graphing of deltas in resource use against quota. In that, I don't know if we even track past quotas anywhere. So I am going to avoid jumping into that any time soon. Maybe that's a job for ceilometer. -Matt ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Netstack] Nova-Compute the VMs
You are using virsh directly. Don't do that. Let openstack suspend nodes. Otherwise yes openstack will not know that you have decided to play with virsh. On Mon, Aug 6, 2012 at 11:05 PM, Trinath Somanchi trinath.soman...@gmail.com wrote: Hi-' I have been testing the openstack for past few days... and I have a doubt here... From the Horizon in the CONTROLLER, VMs are created in the NODE machine. Using the virsh console at the NODE machine, I have suspended the VM. But the same VM-STATE is not populated in the HORIZON. Does Nova-Compute in the NODE machine check for the status of the VMs and update the DB periodically?? Help me understand the same... -- Regards, -- Trinath Somanchi, +91 9866 235 130 -- Mailing list: https://launchpad.net/~netstack Post to : netst...@lists.launchpad.net Unsubscribe : https://launchpad.net/~netstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Netstack] Nova-Compute the VMs
point of clarity... it should figure out the vm is in a bad state eventually and list it as not running. On Mon, Aug 6, 2012 at 11:25 PM, Matt Joyce matt.jo...@cloudscaling.comwrote: You are using virsh directly. Don't do that. Let openstack suspend nodes. Otherwise yes openstack will not know that you have decided to play with virsh. On Mon, Aug 6, 2012 at 11:05 PM, Trinath Somanchi trinath.soman...@gmail.com wrote: Hi-' I have been testing the openstack for past few days... and I have a doubt here... From the Horizon in the CONTROLLER, VMs are created in the NODE machine. Using the virsh console at the NODE machine, I have suspended the VM. But the same VM-STATE is not populated in the HORIZON. Does Nova-Compute in the NODE machine check for the status of the VMs and update the DB periodically?? Help me understand the same... -- Regards, -- Trinath Somanchi, +91 9866 235 130 -- Mailing list: https://launchpad.net/~netstack Post to : netst...@lists.launchpad.net Unsubscribe : https://launchpad.net/~netstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Management tools survey
Do you have a final count on how many people responded? On Tue, Aug 7, 2012 at 4:09 AM, Nick Lothian nick.loth...@gmail.com wrote: For those that are interested, I've done a write-up of the results from this: http://fifthvertex.com/2012/08/07/cloud-tools-survey/ Thanks for all those who responded. Nick On Thu, Jul 12, 2012 at 1:28 PM, Nick Lothian nick.loth...@gmail.comwrote: Yes, I'll be happy to share results On Wed, Jul 11, 2012 at 6:33 PM, Nick Barcet nick.bar...@canonical.comwrote: On 07/11/2012 05:18 AM, Nick Lothian wrote: Hi, I'm trying to understand how people are doing management of servers and storage across multiple clouds (or perhaps it is only me that has this problem!). I've created a short survey I'd appreciate any responses on: http://www.surveymonkey.com/s/8PJCK9H Responses via email are fine too! Hello Nick, I am sure there are others, like me, interested in your findings in this area. Will you share the results of the survey? Thanks, Nick ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Angry People and OpenStack
George I like your contributions. I also like the idea of people treating each other well. Makes it easier for us to have the discussions you want to have. -Matt On Thu, Aug 2, 2012 at 8:54 AM, Stefano Maffulli stef...@openstack.orgwrote: On Thu 02 Aug 2012 07:19:28 AM PDT, George Reese wrote: ignore the fact that OpenStack governance has a huge trust problem, I don't think this is true: It's true that some people don't trust OpenStack governance, not that the governance is broken. The bylaws have been discussed for months, the governance model is based on the processes and principles that have brought OpenStack where it is today. We can't stop every time to address theoretical concerns expressed by people that fundamentally don't trust us (and they don't have to). that the product has stability and compatibility issues. Like all products out there: nobody is perfect. Attack me for criticizing OpenStack when on a daily basis I am doing a lot of work to get into real world deployments. you've been criticised for your questionable choice of words not for the content of your criticism. While you probably ended up in somebody's killfile, your contributions are still appreciated by many because you *do* real things with OpenStack (differently from others that just like to *talk* about OpenStack). Let's stick to making a great product and have fun meanwhile: this is an exciting time. OpenStack Foundation is being born, well funded, supported by a wide spectrum of companies and lots of people. The future is bright. /stef ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Angry People and OpenStack
I'd go further and say that regardless of who the person is, or the situation this list and this community has been pretty on the ball in ensuring that people treat each other with respect. There have been a number of incidents in which folks have wandered into questionable territory on this and I've felt the community has responded fairly well with due attention and reasoned response. Personal opinion. -Matt ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Default reply to behavior for mailing list
+1 On Jul 31, 2012 10:52 AM, Bhuvaneswaran A bhu...@apache.org wrote: Stefano, If a subscriber reply to a mailing list message, it's sent to the author only. Each subscriber should use Reply to All every time, to post a reply to mailing list. Can you please configure the mailing list and set reply-to header as mailing list address, openstack@lists.launchpad.net. With this setup, if the user click reply in his email client, the message is sent to mailing list, instead of the author. Thank you, -- Regards, Bhuvaneswaran A www.livecipher.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Default reply to behavior for mailing list
That being said, I realize we're entering mostly a land of religion here. So I'll just end with a long live emacs! to try to get us to the godwin rule as fast as possible. The Nazis had Headers too. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Default reply to behavior for mailing list
I'm sure Launchpad doesn't support user level configuration, to edit email headers. We're moving off of launchpad to mailman proper anyways. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [glance] legacy client removal and python-glanceclient
I think we're running out of opportunities to do stuff like this. This is exactly the sort of thing that will drive George Reese into a homocidal rage. More to the point its exactly the sort of thing our users are going to despise us for. And that hatred will outlive any benefit. Users only remember the bad stuff. We need to soften the blow on stuff like this. Hell we need to actively work our asses off to prevent stuff like this. You know it, but it needs to be said on list. Because people are going to complain that we didn't think. -Matt ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Performing HPCC Benchmark on OpenStack Cloud
I think for HPCC you will need a significant physical system deployment using matched configurations. Likely your concerns will be providing specific hardware constratins where I/O is a factor that match with what HPCC users would use. IE 10 gig or infiniband in networking. Lots of ram. Full system instances. SSD? At the very least fast disks. When we've benchmarked openstack in the past against super computing units one of the problems we ran into was that openstack was originally designed to run on top of commodity hardware. Which meant that out of the gate there was already a severe handicap unless that was taken into account. IE. Cost comparison. For x dollars you get x machines. Unless that is taken into account it exacerbates the issues at play. I would also focus on ensuring that painpoints that exist in existing HPCC are tested for against openstack and vice versa. Example... hypervisors introduce latency in memory allocations and cpu queries. Example... hypervisors make deploying new configurations to the cluster simple fast and userfriendly. Also make sure your work loads are diverse. Map Reduce obviously lends itself to cloud technologies. While some other methods do not. More to the point existing software for super computing applications in many cases have no immediate corollary outside of their own custom architectures. The diversity of options for users would be important data as well. It would be nice to see a more formal methodology agreed to by HPCC users. However, most HPCC users have such unique environments and demands that that has not been much of a priority. -Matt On Mon, Jul 30, 2012 at 7:22 AM, Reza Bakhshayeshi reza.b2...@gmail.comwrote: Hi I want to run HPCC benchmark on OpenStack cloud, I want you to help me to make the results more real. How can we impute the results to OpenStack and not to my computers? Do I really need a server farm to perform the test? And I think I have to run for example HPL on running instances and not on the main servers, is this correct? Please suggest me more rules and conditions. Best Regards ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Keyring support in openstack
I like making it optional with a default of off. At least for now. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Security Questons
I have read a few master thesis' written concerning openstack's overall security issues. I would suggest however that openstack has been changing drastically to date and getting a handle on its security issues is something of a highly volatile moving target. -Matt Quick refs: http://www.slideshare.net/oldbam/security-issues-in-openstack http://nordsecmob.aalto.fi/en/programme/publications/nordsecmob_thesis_2011/thesis_slipetskyy.pdf http://nordsecmob.aalto.fi/en/programme/publications/nordsecmob_thesis_2011/thesis_rasib_khan.pdf On Mon, Jul 30, 2012 at 2:48 PM, Briggs, Cordell A cbri...@lanl.gov wrote: Hello All: As a newbie to OpenStack, I have some concerns in regard to OpenStack security vulnerabilities in an HPCC environment. I am hoping that someone will be able to provide me with information on some security analysis that have been done on OpenStack. Thanks, Cordell ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [nova] a proposal to change metadata API data
Scott thanks =P ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [nova] a proposal to change metadata API data
What I am doing is putting credentials into user sessions on the instance. -Matt On Tue, Jul 24, 2012 at 10:10 AM, Martin Packman martin.pack...@canonical.com wrote: On 24/07/2012, Jay Pipes jaypi...@gmail.com wrote: The OpenStack Compute API POST /servers command creates a server UUID that is passed back in the initial response and allows the user to query the status of the server throughout its launch sequence. I'm not really seeing how that improves on the situation compared to the EC2 api. If a server needs to know its own id, it must either communicate with an external service or be able to use the compute api, which means putting credentials on the instance. Or am I missing a trick? Martin ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [nova] a proposal to change metadata API data
relevant to interacting with it without user interaction. And that's the key to this whole thing. I want to direct users or automation baked into instances to the keystone api and catalog service. And the only way I know how to do that is the metadata service. As mentioned above, config-drive extension was built for just this purpose IIRC. Chris Macgown, who wrote the original extension, cc'd, should be able to comment on this further. I disagree on that being the purpose. I think the config drive is a user customization option. In this case I am talking openstack community support like any other API query we support. As far as I can tell placing it as part of config-drive robs it of that. And that's unacceptable for people wanting to use that query for code baked into images. This api data can be classified as being first and foremost OpenStack infrastructure related. Additionally it is not available without a user providing it anywhere else. And finally it is a catalog service. I'd love some more input on whether this makes sense, or can be improved upon as an idea and formalized as a rule for using the metadata api without abusing it. Well, we know we can't change the EC2 Metadata API since we don't own or have any control over the Amazon APIs. We can however come up with an OpenStack-centric tool using config-drive and a tool that would query a Keystone endpoint for a local OpenStack Compute API endpoint and then use the existing OpenStack Compute API calls for server metadata [2]? That sounds doable to you? Not as it currently exists. Unless config-drive is going to be held to the same standard as an API query set. And currently it may be in terms of actually development support... but there is no authoritative community promise to that. I get the argument for using config-drive. And to be blunt I think it's probably superior to the metadata API on a number of things. But it's only functional in some reduced set of openstack deployments, it's not held to the same level of scrutiny as an API query set. And that means it's not going to be usable today. It means it MIGHT be usable sometime in the future maybe but as of now probably not. Best, -jay [1] Config Drive extension: http://docs.openstack.org/developer/nova/api_ext/ext_config_drive.html [2] Server metadata calls in Compute API: http://docs.openstack.org/api/openstack-compute/2/content/List_Metadata-d1e5089.html Cheers, Matt Joyce PS: My current work effort in regards to this is related to passing keystone credentials to instances via pam authentication. So I can do a number of API related queries into openstack because I have credentials available to the OS that are dynamically allocated. But to make my image portable I need to not be baking in the keystone API URI. If that gives any insight on why this is important to me. Or possibly you. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] [nova] a proposal to change metadata API data
Preamble: Until now, all data that is made available by the metadata server has been data that cannot be found anywhere else at the time it may be needed. In short, an instance can't be passed it's instance id before it's instance id has been allocated so a user cannot pass it to an instance that is being started up. So whether a user wants to jump through a few hoops or not to pass their instance the instance id of itself... they simply cannot without metadata api being there to provide it at creation time. This means that the metadata server holds an uneasy place as a necessary clearing house ( evil? ) of data that just doesn't have another place to be. It's not secure, it's not authenticated, and it's a little scary that it exists at all. I wish to add some data to the metadata server that can be found somewhere else. That a user could jump through a hoop or two to add to their instances. Esteemed personages are concerned that I would be crossing the rubicon in terms of opening up the metadata api for wanton abuse. They are not without a right or reason to be concerned. And that is why I am going to attempt to explicitly classify a new category of data that we might wish to allow into the metadata server. If we can be clear about what we are allowing we can avoid abuse. I want to provide a uniform ( standardized? ) way for instances in the openstack cloud to communicate back to the OpenStack APIs without having to be provided data by the users of the cloud services. Today the mechanism by which this is done is catastrophically difficult for a new user. This uniform way for instances to interact with the openstack API that I want already sort of exists in the keystone catalog service. The problem is that you need to know where the keystone server is in the world to access it. That of course changes from deployment to deployment. Especially with the way SSL endpoints are being handled. But the metadata API server is generally known as it uses a default ip address value that can be found on any amazon compatible deployment. In fact to my knowledge it is the only known way to query openstack for data relevant to interacting with it without user interaction. And that's the key to this whole thing. I want to direct users or automation baked into instances to the keystone api and catalog service. And the only way I know how to do that is the metadata service. This api data can be classified as being first and foremost OpenStack infrastructure related. Additionally it is not available without a user providing it anywhere else. And finally it is a catalog service. I'd love some more input on whether this makes sense, or can be improved upon as an idea and formalized as a rule for using the metadata api without abusing it. Cheers, Matt Joyce PS: My current work effort in regards to this is related to passing keystone credentials to instances via pam authentication. So I can do a number of API related queries into openstack because I have credentials available to the OS that are dynamically allocated. But to make my image portable I need to not be baking in the keystone API URI. If that gives any insight on why this is important to me. Or possibly you. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] What is the most commonly used Hypervisor and toolset combination?
+1 to Kiall's response. On Thu, Jul 19, 2012 at 2:50 AM, Kiall Mac Innes ki...@managedit.ie wrote: Until recently, stating that Ubuntu is the official distro for OpenStack wouldn't have hurt anybody's feelings.. That's changing now, with the Fedora+RedHat/Debian guys getting everything solid on their respective distros.. Anyway! DevStack is Ubuntu+KVM (by default), All the per commit testing is Ubuntu+QEMU/KVM.. The docs are best for Ubuntu+KVM. If you're doing your first install - I would suggest sticking to that. Once you have that all figured out, moving to something less documented like XenAPI should be much much easier. Good luck! Thanks, Kiall On Wed, Jul 18, 2012 at 5:20 AM, Wang Li fox...@gmail.com wrote: hi, all My team is trying to deploy openstack in production environment. We tried to get libvirt + xen 3.4.3 + CenOS 5.4 + Openstack 2012.2 working, but encountered lots of issues. We already have thousands of virtual machines running in production, and that's why we are trying Xen 3.4.3 and CentOS 5.4. After we solved one problem, there comes more, which is very annoying So, my question is: In real production environment using Openstack, what's the most commonly used Hypervisor and toolset? We hope to deploy Openstack quickly, and stay in main stream. Thank u. Regards Wang Li ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Identity API v3 - Why allow multi-tenant users?
I could see service users and security / operations teams having a need to span many domains. -Matt On Tue, Jul 17, 2012 at 11:24 PM, Tim Bell tim.b...@cern.ch wrote: ** ** I thought that the v3 API supports domains as a group of tenants which would make the question rather different. ** ** Thus, I guess the question is ** ** **A. **Should there be users in multiple tenants in a single domain ? **B. **Should there be users in multiple domains ? ** ** There are clear use cases for A (such as researchers working on multiple projects sharing project quotas) ** ** For B, it is less clear as if I am a domain administrator, I do not want to be told that I cannot allocate user X since another domain has already taken it. On the other hand, there is a clear architectural benefit from having the concept of identity (and authentication) split off from roles and projects. ** ** Tim ** ** *From:* openstack-bounces+tim.bell=cern...@lists.launchpad.net [mailto: openstack-bounces+tim.bell=cern...@lists.launchpad.net] *On Behalf Of *John Postlethwait *Sent:* 18 July 2012 07:42 *To:* Rouault, Jason (Cloud Services) *Cc:* openstack@lists.launchpad.net *Subject:* Re: [Openstack] Identity API v3 - Why allow multi-tenant users? ** ** Forcing a user to remember different usernames and/or passwords for each project they are a part of, when it is possible they are part of N projects, really isn't an acceptable option in my opinion. ** ** I believe that regardless of the engineering complexities, the end users shouldn't have to feel pain in order to make engineering the solutions and features they interact with easier. Software is for end users (in their various forms) and as such we need to take that into account when we make decisions. While no functionality is lost per se, there is a major end-user impact, and that should be reason enough to implement it… ** ** ** ** John Postlethwait Nebula, Inc. 206-999-4492 ** ** On Tuesday, July 17, 2012 at 4:15 PM, Rouault, Jason (Cloud Services) wrote: One benefit is the user does not need to have multiple sets of credentials to interact with multiple projects. Jason *From:* openstack-bounces+jason.rouault=hp@lists.launchpad.net [ mailto:openstack-bounces openstack-bounces+jason.rouault= hp@lists.launchpad.net] *On Behalf Of *Adam Young *Sent:* Tuesday, July 17, 2012 11:55 AM *To:* openstack@lists.launchpad.net *Subject:* Re: [Openstack] Identity API v3 - Why allow multi-tenant users? On 05/29/2012 01:18 PM, Caitlin Bestler wrote: One of the major complication I see in the API is that users can be associated with multiple tenants. What is the benefit of this? What functionality would be lost if a human user merely had to use a different account with each tenant? There are numerous issues with multi-tenant users. For example, if a user is associated with multiple tenants, who resets the user’s password? ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp Did you ever get an answer? This has been discussed in depth. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ** ** ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Identity API v3 - Why allow multi-tenant users?
the usual meaning of the term. We will be shortly switching back to using the term projects, and I think that is clearer. It certainly makes sense for a user to belong to one domain, but have access to a project controlled in another domain. Here is a scenario. Joe's Sporting Goods and Local Bank are both companies that have a presense in a coud provider. Each has their own domain. t...@localbank.com is going to set up a Point of Sale system for Joe. So Joe creates a project called joes-point-of-sale and provides access to user t...@localbank.com. On 07/18/2012 02:46 AM, Matt Joyce wrote: I could see service users and security / operations teams having a need to span many domains. -Matt On Tue, Jul 17, 2012 at 11:24 PM, Tim Bell tim.b...@cern.ch wrote: I thought that the v3 API supports domains as a group of tenants which would make the question rather different. Thus, I guess the question is A. Should there be users in multiple tenants in a single domain ? B. Should there be users in multiple domains ? There are clear use cases for A (such as researchers working on multiple projects sharing project quotas) For B, it is less clear as if I am a domain administrator, I do not want to be told that I cannot allocate user X since another domain has already taken it. On the other hand, there is a clear architectural benefit from having the concept of identity (and authentication) split off from roles and projects. Tim *From:* openstack-bounces+tim.bell=cern...@lists.launchpad.net [mailto: openstack-bounces+tim.bell=cern...@lists.launchpad.net] *On Behalf Of *John Postlethwait *Sent:* 18 July 2012 07:42 *To:* Rouault, Jason (Cloud Services) *Cc:* openstack@lists.launchpad.net *Subject:* Re: [Openstack] Identity API v3 - Why allow multi-tenant users? Forcing a user to remember different usernames and/or passwords for each project they are a part of, when it is possible they are part of N projects, really isn't an acceptable option in my opinion. I believe that regardless of the engineering complexities, the end users shouldn't have to feel pain in order to make engineering the solutions and features they interact with easier. Software is for end users (in their various forms) and as such we need to take that into account when we make decisions. While no functionality is lost per se, there is a major end-user impact, and that should be reason enough to implement it… John Postlethwait Nebula, Inc. 206-999-4492 On Tuesday, July 17, 2012 at 4:15 PM, Rouault, Jason (Cloud Services) wrote: One benefit is the user does not need to have multiple sets of credentials to interact with multiple projects. Jason *From:* openstack-bounces+jason.rouault=hp@lists.launchpad.net [ mailto:openstack-bounces openstack-bounces+jason.rouault= hp@lists.launchpad.net] *On Behalf Of *Adam Young *Sent:* Tuesday, July 17, 2012 11:55 AM *To:* openstack@lists.launchpad.net *Subject:* Re: [Openstack] Identity API v3 - Why allow multi-tenant users? On 05/29/2012 01:18 PM, Caitlin Bestler wrote: One of the major complication I see in the API is that users can be associated with multiple tenants. What is the benefit of this? What functionality would be lost if a human user merely had to use a different account with each tenant? There are numerous issues with multi-tenant users. For example, if a user is associated with multiple tenants, who resets the user’s password? ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp Did you ever get an answer? This has been discussed in depth. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post
Re: [Openstack] [nova] Proposal to add Padraig Brady to nova-core
Up the Padraig! On Wed, Jul 18, 2012 at 4:39 PM, John Postlethwait john.postlethw...@nebula.com wrote: +1 for more core contributors! John Postlethwait Nebula, Inc. 206-999-4492 On Wednesday, July 18, 2012 at 4:09 PM, Vishvananda Ishaya wrote: Hello Everyone! Padraig has been contributing a lot of code to all parts of nova, and has been contributing a lot to reviews[1]. I think he would make a great addition to nova-core. [1] https://review.openstack.org/#/dashboard/1812 Vish ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Keystone] API Question
As a non admin user. Querying the keystone v2 API is there a way for me to get a list of the tenants that I am a member of? Or is that only a v3 thing? -Matt ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Keystone] API Question
On Tue, Jul 17, 2012 at 12:55 PM, Adam Young ayo...@redhat.com wrote: On 07/17/2012 03:47 PM, Matt Joyce wrote: As a non admin user. Querying the keystone v2 API is there a way for me to get a list of the tenants that I am a member of? Or is that only a v3 thing? -Matt I was just looking into it, and there is no such API yet. The underlying Identity provider call is get_tenants_for_user and there does not seem to be a route set up that calls that. 8( --- sad panda face. That would have been a very useful call for me right now. I hope we have something by folsom ( albeit s/tenant/project/ig ) -Matt ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Keystone] API Question
curl -H X-Auth-Token:123456789001234 http://localhost:5000/v2.0/tenants that seems to do the trick for me for now. On Tue, Jul 17, 2012 at 1:03 PM, Adam Young ayo...@redhat.com wrote: On 07/17/2012 03:55 PM, Matt Joyce wrote: On Tue, Jul 17, 2012 at 12:55 PM, Adam Young ayo...@redhat.com wrote: On 07/17/2012 03:47 PM, Matt Joyce wrote: As a non admin user. Querying the keystone v2 API is there a way for me to get a list of the tenants that I am a member of? Or is that only a v3 thing? -Matt I was just looking into it, and there is no such API yet. The underlying Identity provider call is get_tenants_for_user and there does not seem to be a route set up that calls that. 8( --- sad panda face. That would have been a very useful call for me right now. I hope we have something by folsom ( albeit s/tenant/project/ig ) -Matt You can try this one out: https://github.com/admiyo/keystone/commit/997f9cb76fa908afebf434bef4905add085823ca ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Keystone] API Question
Anyone by any chance know how to read out the auth_token or raw_token that
is acquired in keystoneclient when it performs a client.Client()
Authenticate?
I'd love to be able to read that. And it's totally not documented anywhere
if it exists.
-Matt
On Tue, Jul 17, 2012 at 2:19 PM, Matt Joyce matt.jo...@cloudscaling.comwrote:
Works for me. =D
On Tue, Jul 17, 2012 at 1:51 PM, Dolph Mathews dolph.math...@gmail.comwrote:
Adam speaks lies ;)
Here's a regular user requesting a list of tenants on port 5000 (notice
they only get back 1 tenant):
GET http://localhost:5000/v2.0/tenants
==
X-Auth-Token: a6094f62e38c4fafa57e6edf7bd04961
200 OK
==
Status: 200
Content-Length: 133
Content-Location: http://localhost:5000/v2.0/tenants
Vary: X-Auth-Token
Date: Tue, 17 Jul 2012 20:49:16 GMT
Content-Type: application/json
{
tenants: [
{
enabled: true,
description: null,
name: my-project,
id: 2cf2efb1da5c4d5b8c97d8055ff3b5d8
}
],
tenants_links: []
}
Here's an admin API call for all tenants in the system (notice there is
an additional tenant the above user did not have access to):
GET http://localhost:35357/v2.0/tenants
===
X-Auth-Token: ADMIN
200 OK
==
Status: 200
Content-Length: 236
Content-Location: http://localhost:35357/v2.0/tenants
Vary: X-Auth-Token
Date: Tue, 17 Jul 2012 20:49:22 GMT
Content-Type: application/json
{
tenants: [
{
enabled: true,
description: null,
name: my-project,
id: 2cf2efb1da5c4d5b8c97d8055ff3b5d8
},
{
enabled: true,
description: null,
name: project-x,
id: 1213c2511f364264b1dfea9a56a225e0
}
],
tenants_links: []
}
-Dolph
On Tue, Jul 17, 2012 at 2:55 PM, Matt Joyce
matt.jo...@cloudscaling.comwrote:
On Tue, Jul 17, 2012 at 12:55 PM, Adam Young ayo...@redhat.com wrote:
On 07/17/2012 03:47 PM, Matt Joyce wrote:
As a non admin user. Querying the keystone v2 API is there a way for
me to get a list of the tenants that I am a member of? Or is that only a
v3 thing?
-Matt
I was just looking into it, and there is no such API yet. The
underlying Identity provider call is get_tenants_for_user and there does
not seem to be a route set up that calls that.
8( --- sad panda face.
That would have been a very useful call for me right now. I hope we
have something by folsom ( albeit s/tenant/project/ig )
-Matt
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
Re: [Openstack] About images list in dashboard
I agree if someone wants to commit a backported fix. This makes sense to do. It's a pretty significant bug for essex users. -Matt On Fri, Jul 13, 2012 at 3:00 PM, Christian Parpart tra...@gmail.com wrote: On Fri, Jul 13, 2012 at 10:56 PM, John Postlethwait john.postlethw...@nebula.com wrote: Well, it sounds like this issue only happens in Essex, and is no longer an issue in Folsom, so the bug will just be closed as invalid, as it is now fixed in the newer code... Please backport this bug then. That is, the bug report indeed makes absolutely sense to me. :-) John Postlethwait Nebula, Inc. 206-999-4492 On Friday, July 13, 2012 at 1:36 PM, Sam Su wrote: Thank you for you guys' suggestions. Even so, I'd like to file a bug to track this issue, if someone else have the same problem, they would know what happened and what progressed from the bug trace. Sam On Fri, Jul 13, 2012 at 12:43 PM, Gabriel Hurley gabriel.hur...@nebula.com wrote: Glance pagination was added in Folsom. Adding a bug for this won’t help since it’s already been added in the current code. ** ** **- **Gabriel ** ** *From:* openstack-bounces+gabriel.hurley=nebula@lists.launchpad.net[mailto: openstack-bounces+gabriel.hurley=nebula@lists.launchpad.net] *On Behalf Of *John Postlethwait *Sent:* Friday, July 13, 2012 12:05 PM *To:* Sam Su *Cc:* openstack *Subject:* Re: [Openstack] About images list in dashboard ** ** Hi Sam, ** ** Would you mind filing a bug against Horizon with the details so that we can get it fixed? You can do so here: https://bugs.launchpad.net/horizon/+filebug ** ** ** ** ** ** John Postlethwait Nebula, Inc. 206-999-4492 ** ** On Thursday, July 12, 2012 at 3:55 PM, Sam Su wrote: I finally found why this happened. ** ** If in one tenant, there are more than 30 images and snapshots so that glance cannot return the images list in one response, some images and snapshots will not be seen in the page Images Snapshots of Horizon. ** ** ** ** Sam ** ** ** ** On Thu, Jul 5, 2012 at 1:19 PM, Sam Su susltd...@gmail.com wrote: Thank you for your suggestion. ** ** I can see all images in other tenants from dashboard, so I think the images type should be ok. ** ** ** ** ** ** On Thu, Jul 5, 2012 at 11:54 AM, Gabriel Hurley gabriel.hur...@nebula.com wrote: The “Project Dashboard” hides images with an AKI or AMI image type (as they’re not launchable and generally shouldn’t be edited by “normal” users). You can see those in the “Admin Dashboard” if you want to edit them. So my guess is that the kernel and ramdisk images are being hidden correctly and your “ubuntu-11.10-server-amd64” and “ubuntu-12.04-server-amd64” have the wrong image type set. All the best, - Gabriel *From:* openstack-bounces+gabriel.hurley=nebula@lists.launchpad.net[mailto: openstack-bounces+gabriel.hurley=nebula@lists.launchpad.net] *On Behalf Of *Sam Su *Sent:* Thursday, July 05, 2012 11:20 AM *To:* openstack *Subject:* [Openstack] About images list in dashboard Hi, I have an Openstack Essex environment. The nova control services, glance, keystone and dashboard are all deployed in one server. Now I encounter a strange problem. I can only see two images (all images are set is_public=true) in the tenant 'demo' from dashboard, i.e., Horizon, as below: *Image Name Type Status Public Container Format Actions* CentOS-6.2-x86_64 Image Active YesOVF Launch CentOS-5.8-x86_64 Image Active YesOVF Launch However, when I use 'nova image-list' with the same credential for the same tenant 'demo', I can see many more images (see the following result) # nova image-list +-+--+- --+--+ | ID | Name | Status |Server | +-+--+--- +--+ | 18b130ce-a815-4671-80e8-9308a7b6fc6d | ubuntu-12.04-server-amd64 | ACTIVE | | | 388d16ce-b80b-4e9e-b8db-db6dce6f4a83 | ubuntu-12.04-server-amd64-kernel| ACTIVE | | | 8d9505ce-0974-431d-a53d-e9ed6dc89033 | CentOS-6.2-x86_64 | ACTIVE | | |
Re: [Openstack] [nova] [cinder] Nova-volume vs. Cinder in Folsom
To certain extent I agree with george's sentiment. Recent example... we're changing tenants to projects in the keystone api. Yes we maintain v2 api compatibility but there will be a cost to users in the confusion of decisions like this. George is right to be calling for openstack to grow up. That's my personal opinion. -Matt On Thu, Jul 12, 2012 at 11:55 AM, George Reese george.re...@enstratus.comwrote: I certainly wasn't picking on Vish, but instead the entire community so eagerly interested in option #1. You see, the OpenStack community has a perfect record of making sure stuff like that ends up breaking everyone between upgrades. So, if you take offense by my comments… err, well, I'm not at all sorry. It's time for this community to grow the hell up and make sure systems upgrade nicely now and forever and that OpenStack environments are actually compatible with one another. Hell, I still find Essex environments that aren't even API compatible with one another. You have the Rackspace CTO wandering around conferences talking about how the value proposition of OpenStack is interoperability among clouds and yet you can't even get interoperability within the same OpenStack distribution of the same OpenStack version. I smell a pile of bullshit and the community just keeps shoveling. -George On Jul 12, 2012, at 12:22 PM, Jay Pipes wrote: On 07/12/2012 12:32 PM, George Reese wrote: This community just doesn't give a rat's ass about compatibility, does it? a) Please don't be inappropriate on the mailing list b) Vish sent the email below to the mailing list *precisely because* he cares about compatibility. He wants to discuss the options with the community and come up with a reasonable action plan with the Cinder PTL, John Griffith for the move Now, would you care to be constructive with your criticism? Thanks, -jay On Jul 11, 2012, at 10:26 AM, Vishvananda Ishaya wrote: Hello Everyone, Now that the PPB has decided to promote Cinder to core for the Folsom release, we need to decide what happens to the existing Nova Volume code. As far as I can see it there are two basic strategies. I'm going to give an overview of each here: Option 1 -- Remove Nova Volume == Process --- * Remove all nova-volume code from the nova project * Leave the existing nova-volume database upgrades and tables in place for Folsom to allow for migration * Provide a simple script in cinder to copy data from the nova database to the cinder database (The schema for the tables in cinder are equivalent to the current nova tables) * Work with package maintainers to provide a package based upgrade from nova-volume packages to cinder packages * Remove the db tables immediately after Folsom Disadvantages - * Forces deployments to go through the process of migrating to cinder if they want to use volumes in the Folsom release Option 2 -- Deprecate Nova Volume = Process --- * Mark the nova-volume code deprecated but leave it in the project for the folsom release * Provide a migration path at folsom * Backport bugfixes to nova-volume throughout the G-cycle * Provide a second migration path at G * Package maintainers can decide when to migrate to cinder Disadvantages - * Extra maintenance effort * More confusion about storage in openstack * More complicated upgrade paths need to be supported Personally I think Option 1 is a much more manageable strategy because the volume code doesn't get a whole lot of attention. I want to keep things simple and clean with one deployment strategy. My opinion is that if we choose option 2 we will be sacrificing significant feature development in G in order to continue to maintain nova-volume for another release. But we really need to know if this is going to cause major pain to existing deployments out there. If it causes a bad experience for deployers we need to take our medicine and go with option 2. Keep in mind that it shouldn't make any difference to end users whether cinder or nova-volume is being used. The current nova-client can use either one. Vish ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net mailto:openstack@lists.launchpad.net openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp -- George Reese - Chief Technology Officer, enStratus e: george.re...@enstratus.com mailto:george.re...@enstratus.comgeorge.re...@enstratus.com Skype: nspollutiont: @GeorgeReesep: +1.207.956.0217 enStratus: Enterprise Cloud Management - @enStratus - http://www.enstratus.com http://www.enstratus.com/ To schedule a meeting with me: http://tungle.me/GeorgeReese
[Openstack] Created Portuguese Language Translation Team
https://launchpad.net/~openstack-portuguese-translation-team Created. Took a shot at translating horizon this weekend. Got a review pending. Didn't see an existing team for this so I created it in the same style as the simplified chinese team. Hope this makes sense. -Matt ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [HPC] Openstack HPC telecon
That's 1 PM west coast USA. I think the biggest concern may be Asia. On Fri, Jul 6, 2012 at 8:55 AM, Tim Bell tim.b...@cern.ch wrote: Would it be possible a bit earlier ? This would be 10pm in Europe so it would limit the participation. Tim -Original Message- From: openstack-bounces+tim.bell=cern...@lists.launchpad.net [mailto:openstack-bounces+tim.bell=cern...@lists.launchpad.net] On Behalf Of Narayan Desai Sent: 06 July 2012 17:08 To: John Paul Walters Cc: openstack@lists.launchpad.net (openstack@lists.launchpad.net) Subject: Re: [Openstack] [HPC] Openstack HPC telecon On Fri, Jul 6, 2012 at 9:51 AM, John Paul Walters jwalt...@isi.edu wrote: Does something like the first Monday of the month at 4:00pm EDT (UTC-4) work? I'm just throwing out that time as something that seems to broadly work on my end, but I'd welcome any input from others. That generally works fine for me. -nld ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [HPC] Openstack HPC telecon
I think that's probably fine. Might conflict with lunch... but you know you gotta decide whats important to you =P. On Fri, Jul 6, 2012 at 10:14 AM, John Paul Walters jwalt...@isi.edu wrote: Earlier is totally fine. I want to strike a balance with the people on the west coast. How about noon EDT or even 11am EDT? Is that getting too early for the west coast? JP On Jul 6, 2012, at 11:55 AM, Tim Bell wrote: Would it be possible a bit earlier ? This would be 10pm in Europe so it would limit the participation. Tim -Original Message- From: openstack-bounces+tim.bell=cern...@lists.launchpad.net [mailto:openstack-bounces+tim.bell=cern...@lists.launchpad.net] On Behalf Of Narayan Desai Sent: 06 July 2012 17:08 To: John Paul Walters Cc: openstack@lists.launchpad.net (openstack@lists.launchpad.net) Subject: Re: [Openstack] [HPC] Openstack HPC telecon On Fri, Jul 6, 2012 at 9:51 AM, John Paul Walters jwalt...@isi.edu wrote: Does something like the first Monday of the month at 4:00pm EDT (UTC-4) work? I'm just throwing out that time as something that seems to broadly work on my end, but I'd welcome any input from others. That generally works fine for me. -nld ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Keystone Federation
Don't know if we want it. But we may want to consider the idea of satellite read only keystone servers. Mind you that may just be solving problems we don't even have yet. -Matt On Thu, Jul 5, 2012 at 11:26 AM, Adam Young ayo...@redhat.com wrote: I am contemplating writing up a post-Folsom Blueprint for Keystone Federation and /or replication, and would like to solicit input from the community. With Signed tokens, we can provide the name of the Keystone server that signed the token. With this comes the need to verify that the specified Keystone server is a valid server. The logical way would be to check it against the service catalog. I think the flow should go something like this: when you start up a service like glance it should have a Keystone server specified. When a token comes in with Keystone server that it does not recognize, it queries the known Keystone server's service catalog to see if the keystone server is a registered endpoint. This service catalog can get cached for some short amount of time to ensure we don't trigger a flurry of activity on a series of bogus requests. When a new Keystone server comes on line, it gets registered with an existing Keystone server. At this point, it requests its token signing certificate. Once it recieves the signing cert, an AMQP message then goes out to the other Keystone servers announcing the new keystone service. Retirement of a Keystone server would be done in a similar way. There are three scenarios I could see: 1) No one Keystone server would hold a complete user or tenant list. Instead, each would hold a subset of the tenants. A user might exist in multiple Keystone databases if they are enrolled in multiple tenants, some of which are in one Keystone, some of which are in another. 2) The entire user database is synchronized across all of the keystone instances. 3) The Keystone instances use a single shared DBMS and are automatically synchronized. Federation is just for redundancy and scaling. I don't want to build this just to build it. I'd like to know if A) there is a real need for Keystone Federation and B) If anyone else has thought through the problem and encountered issues I have not enumerated. If there is enough interest, I will edit the discussion into a blueprint. __**_ Mailing list: https://launchpad.net/~**openstackhttps://launchpad.net/%7Eopenstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~**openstackhttps://launchpad.net/%7Eopenstack More help : https://help.launchpad.net/**ListHelphttps://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Openstack and Google Compute Engine
On Tue, Jul 3, 2012 at 2:01 AM, Simon G. semy...@gmail.com wrote: Secondly, I don't think we shouldn't compare GCE to Openstack. I understand that right now cloud (Openstack, Amazon, ...) is just easy in use, managed and scalable datacenter. It allows users to create VMs, upload their images, easily increase their (limited) demands, but don't you think that HPC is the right direction? I've always thought that final cloud's goal is to provide easy in use HPC infrastructure. Where users could do what they can do right now in the clouds (Amazon, Openstack), but also could do what they couldn't do in typical datacenter. They should run instance, run compute-heavy software and if they need more resources, they just add them. if cloud is unable to provide necessary resources, they should move their app to bigger cloud and do what they need. Openstack should be prepared for such large deployment. It should also be prepared for HPC use cases. Or if it's not prepared yet, it should be Openstack's goal. HPC in the cloud operates more like a grid computing solution. With things like Amazon HPC or HPC under openstack the idea is to allocate entire physical systems to a user on the fly. Traditionally to date that has been done with m1.full style instances. In many ways bare metal provisioning is a better option here than a hypervisor. And for many people who do work in an HPC environment bare metal really is the only solution that makes sense. The reality is that HPC use cases lose a lot of the underlying benefits of cloud infrastructure. So they really are something of an edge case at the moment. I believe that bare metal provisioning from within openstack could be a bit of a game changer in HPC, and that it could be useful in a wide variety of areas. But, ultimately I believe the usage that HPC in no way reflects general computing needs. And that really sums it up. Most folks do not need or want HPC. Most folks with HPC needs don't want a hypervisor slowing down their memory access. I know that clouds are fulfilling current needs for scalable datacenter, but it should also fulfill future needs. Apps are faster and faster. More often they do image processing, voice recognition, data mining and it should be clouds' goal to provide an easy way to create such advanced apps, not just simple web server which could be scaled up, by adding few VMs and load balancer to redirect requests. Infrastructure should be prepared even for such large deployment like that in google. It should also be optimized and support heavy computations. In the future it should be as efficient as grids (or almost as efficient), because ease of use has already been achieved. If, right now, it's easy to deploy VM into the cloud, the next step should be to optimize infrastructure to increase performance. Apps are actually slower and slower. The hardware is faster. The Applications themselves abstract more and more and thus slow down. As for what you do on your instances, that's entirely your own thing herr user. Some large data and some serious compute use cases simply don't lend themselves to cloud today. Hypervisors are limiting in so far as they give up some speed to provide the ability to share resources better. If you have no desire to share resources then virt machines become something of an impediment to you. So I don't see this as being accurate for some use cases. There are also other external limiting factors. People don't just turn on a dime. Many of the scientific and industrial applications of computing power are built around software stacks that have grown over time, and for a long time. Those stacks can't be made to easily adopt the benefits of a new technology. Sometimes the reason not to use cloud as a platform is entirely related to your inability to modify an existing software suite enough to make it worthwhile. I have seen this before at super computing facilities. I've always thought about clouds in that way. Maybe I was wrong. Maybe cloud should do only what it's doing right now and let to others technologies handle HPC. I think many, in the HPC environment, argue this is probably true. I don't necessarily agree. GCE obviously proves a point. Sharing resources means that you don't have to run your own super computer. You can simply rent enough of a compute environment to solve your problem at will. And odds are the environment will be pretty up to date. For many use cases cloud environments are just dandy. And HPC offerings in IaaS providers are getting better all the time. For low funded research, citizen science, and a million other small fries out there there is certainly a value in lowering the barrier to entry in this technology. That being said, I think that private HPC will never go away if only because of data retention rules and law. Much research deals with data that must be either safeguarded or simply classified and placed in an environment that
Re: [Openstack] OpenStack G naming poll
Grizzly is better than people making who is john galt jokes. +1 to grizzly. On Tue, Jul 3, 2012 at 5:51 PM, Mark Collier mark.coll...@rackspace.comwrote: +1 grizzly On Jul 3, 2012, at 7:45 PM, Gabriel Hurley gabriel.hur...@nebula.com wrote: +1 on “close enough to an arbitrary territory and also a great name”. ;-) ** ** Also, the Grizzly is the California state animal: http://www.statesymbolsusa.org/California/animal_grizzly_bear.html ** ** Food for thought. ** ** - Gabriel ** ** *From:* openstack-bounces+gabriel.hurley=nebula@lists.launchpad.net[mailto: openstack-bounces+gabriel.hurley=nebula@lists.launchpad.net] *On Behalf Of *Brian Waldon *Sent:* Tuesday, July 03, 2012 4:50 PM *To:* openstack@lists.launchpad.net (openstack@lists.launchpad.net) *Cc:* Thierry Carrez *Subject:* Re: [Openstack] OpenStack G naming poll ** ** TL;DR - Screw the rules, let's call the next release 'Grizzly' ** ** As California is rather lacking in the 'municipality names starting with a G that we should use for an OpenStack release' department, I have had to look *slightly* outside the ruleset to find a suitable 'G' release name - that name being 'Grizzly'. The rules clearly state that a release name must represent a city or county near the corresponding design summit and be comprised of a single word of ten characters or less - the problem here being that 'Grizzly' is actually 'Grizzly Flats.' Having already polled a small subset of the community, I feel like there would be enough support for 'Grizzly' to win if it were on the ballot. As I'm more interested in selecting a suitable name than accurately representing some arbitrary territory, I'd love to either permanently amend the rules to make this acceptable or grant an exception in this one case. As Thierry said, if this reaches critical mass, we will figure out what to do. Otherwise, I'll shut up and deal with '*Gazelle*'. ** ** Brian ** ** ** ** On Jul 3, 2012, at 3:20 PM, Thierry Carrez wrote: Yes, it's that time of the year again... time for us to choose the name of the next OpenStack release ! This time, cities and counties in California (San Diego, CA being the location of the G design summit) I set up a poll with the available options (based on our current rules of naming) at: https://launchpad.net/~openstack/+poll/g-release-naminghttps://launchpad.net/%7Eopenstack/+poll/g-release-naming Poll is accessible to all members of ~openstack group in Launchpad, and ends next Tuesday, 21:30 UTC. Please cast your vote! I'm aware that a subversive movement wants to try to amend the rules so that another name option becomes available. Since we can't stop (or modify) the poll now that it's been launched, if that movement reaches critical mass, we may organize a second round of polling :) -- Thierry Carrez (ttx) Release Manager, OpenStack ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ** ** ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Anyone using instance metadata?
It might be nice to set it up so that openstack admins can add metadata values to the metadata server for installation wide use. -Matt On Tue, Jul 3, 2012 at 3:10 PM, Steve Baker st...@stevebaker.org wrote: Hi Vish On Wed, Jul 4, 2012 at 6:28 AM, Vishvananda Ishaya vishvana...@gmail.com wrote: Metadata is supposed to be user tags that are associated with a guest that are available via the api. We discussed displaying these tags inside the guest as well. I've just been looking into what is already in place to implement the CreateTags, DeleteTags, DescribeTags API and I also came across the *_instance_metadata compute API. http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/Using_Tags.html#Using_Tags_API The tags API can add tags to a number of resource types, but currently there only seems to be a metadata tables for instances and volumes. Would there be interest in me working on a change to implement CreateTags, DeleteTags, DescribeTags for instances and volumes? Later changes could add new metadata tables for the other taggable resource types. cheers ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Openstack and Google Compute Engine
Semy, Google app engine and google compute engine are two different things. App engine has been around for quite some time. The compute engine that they offer as an IaaS solution is based off internal google software that has also been in use internally for a lengthy amount of time. Honestly, most people expected google to enter into the IaaS market much earlier than this. Noone tested or noone is interested in Google Compute Engine and Openstack? I believe most of us are simply interested in ensuring an API compatibility layer will exist. But as per planning that is not currently within the confines of the OpenStack project, but is rather left to the openstack distribution vendors. I think that eventually a standard method for abstracting the various IaaS API layers will arise. Usability functions are also interesting. Certainly compute engine provides a different approach to the user experience in IaaS from what has been the de facto standard in amazon. That's interesting as well. I've heard about Google's cloud recently. What do you think about it? Will it be compatible with openstack? Or will openstack be compatible with them? Anyone knows something about their solution? it's purely their technology? Or maybe they were inspired by openstack or something else. It is purely their technology. It likely pre-dates openstack. Eventually an API compatibility layer will exist. I am certain that several organizations are likely working on this as we speak. As stated earlier that is not something the OpenStack project has a hand in at the moment. What about scalability? Their test app is really impressive - 600.000 cores. Is it even achievable in openstack? How can I create environment with so many cores, in openstack? I don't believe anyone has ever approached that number of course in a single deployment. I have no doubt that openstack could scale to those numbers. However a 600,000 core environment is akin to a 50,000 physical node deployment of 2 cpu 6 core units. That is a colossal sum of hardware. Very few organizations have that many physical nodes, much less dedicated to a single IaaS environment. I'm waiting for my invitation to google compute, but maybe someone has already tested it. There are several reviews online already as well as reference documentation on the offering. -Matt -- *Semy* ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] How do I stop image-create from using /tmp?
I like the idea of making this a flagfile option. On Mon, Jul 2, 2012 at 2:48 AM, Daniel P. Berrange berra...@redhat.comwrote: On Sat, Jun 30, 2012 at 09:25:10PM -0400, Lars Kellogg-Stedman wrote: So, maybe setting any of this environment variables for nova-compute to desired value sholuld help. Yeah, I was expecting that. Given that this could easily take out a compute host I'd like to see it get an explicit configuration value (or default to instance_dir, I guess). In Fedora 18, /tmp is going to be a RAM filesystem, so we absolutely must not create any sizeable files on /tmp. In addition from a security POV, we must aim to *never* use /tmp for anything at all http://danwalsh.livejournal.com/11467.html It would be good to do a thorough audit of the code to make sure nothing is using the tmpfile functions without explicitly specifying a directory path that is private to the OpenStack daemon in question. Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/:| |: http://libvirt.org -o- http://virt-manager.org:| |: http://autobuild.org -o- http://search.cpan.org/~danberr/:| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc:| ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] RFC: Thoughts on improving OpenStack GIT commit practice/history
Can we set a location to the Authoritative HACKING.rst? There are fundamental and conflicting differences between the HACKING.rst in some of the projects. -Matt On Thu, Jun 28, 2012 at 3:15 AM, Daniel P. Berrange berra...@redhat.comwrote: On Thu, Jun 28, 2012 at 12:01:10PM +0200, Thierry Carrez wrote: Daniel P. Berrange wrote: [...] In other words, when reviewing a change in Gerrit, do not simply look at the correctness of the code. Review the commit message itself and request improvements to its content. Look out for commits which are mixing multiple logical changes and require the submitter to split them into separate commits. Ensure whitespace changes are not mixed in with functional changes. Ensure no-op code refactoring is done separately from functional changes. And so on. [...] Nice work, and agreed on all points ! I particularly hate the single-line Fixes bug 1234566-type commit messages. Is there a way a concise version of this advice could find its way into HACKING.rst ? And/Or into http://wiki.openstack.org/ReviewChecklist ? Sure, MarkMc suggested to me that I put this doc up on the wiki somewhere. I'll do that and then submit a concise version for HACKING.rst and the ReviewChecklist page, with a cross-reference to the full thing. Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/:| |: http://libvirt.org -o- http://virt-manager.org:| |: http://autobuild.org -o- http://search.cpan.org/~danberr/:| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc:| ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] When are hostnames okay and when are ip addresses required?
+1 On Thu, Jun 28, 2012 at 2:27 PM, Vishvananda Ishaya vishvana...@gmail.comwrote: those are supposed to be ip addresses, so I would go with doc bug now unless there is a good reason to change it. Vish On Jun 28, 2012, at 12:00 PM, Lars Kellogg-Stedman wrote: Maybe I sent this out too late at night; I think it slipped below everyone's radar. I'm interested in whether or not people think this behavior is a functional bug, or maybe just a documentation bug: I ran into an issue earlier today where I had metadata_host set to the *hostname* of our controller. This got stuffed into an iptables rule as... -d os-controller.int.seas.harvard.edu/32 ...which promptly failed. Setting this to an ip address fixed this particular error, leading me to wonder: - Is this expected behavior? - Should I always use ip addresses for *_host values? - Is this a bug? - Should linux_net.py resolve hostnames? -- Lars Kellogg-Stedman l...@seas.harvard.edu | Senior Technologist| http://ac.seas.harvard.edu/ Academic Computing | http://code.seas.harvard.edu/ Harvard School of Engineering and Applied Sciences | ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] When are hostnames okay and when are ip addresses required?
https://review.openstack.org/9153 now as a review. On Thu, Jun 28, 2012 at 5:08 PM, Nathanael Burton nathanael.i.bur...@gmail.com wrote: While at a minimum this is a doc bug, I would suggest we do one of the following: 1. Rename existing parameters that require the value to be an ip address such as 'metadata_host' to 'metadata_host_ip' so that it is more obvious. Make this a standard for all config parameters. 2. I agree with Lars, it would be even better if it was seamless (regardless of what was set, host or IP) and where we require IP addresses, do resolution. Nate On Jun 28, 2012 7:55 PM, Matt Joyce matt.jo...@cloudscaling.com wrote: +1 On Thu, Jun 28, 2012 at 2:27 PM, Vishvananda Ishaya vishvana...@gmail.com wrote: those are supposed to be ip addresses, so I would go with doc bug now unless there is a good reason to change it. Vish On Jun 28, 2012, at 12:00 PM, Lars Kellogg-Stedman wrote: Maybe I sent this out too late at night; I think it slipped below everyone's radar. I'm interested in whether or not people think this behavior is a functional bug, or maybe just a documentation bug: I ran into an issue earlier today where I had metadata_host set to the *hostname* of our controller. This got stuffed into an iptables rule as... -d os-controller.int.seas.harvard.edu/32 ...which promptly failed. Setting this to an ip address fixed this particular error, leading me to wonder: - Is this expected behavior? - Should I always use ip addresses for *_host values? - Is this a bug? - Should linux_net.py resolve hostnames? -- Lars Kellogg-Stedman l...@seas.harvard.edu | Senior Technologist| http://ac.seas.harvard.edu/ Academic Computing | http://code.seas.harvard.edu/ Harvard School of Engineering and Applied Sciences | ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] When are hostnames okay and when are ip addresses required?
I don't think we'll be able to dictate what our users decide host means. But this issue isn't worth this much traffic. On Thu, Jun 28, 2012 at 6:38 PM, Zhongyue Luo lzye...@gmail.com wrote: Shouldn't the options which requires hostname be *_hostname? I don't know if it's just me but ip address and host seem to be synonyms. On Fri, Jun 29, 2012 at 8:11 AM, Matt Joyce matt.jo...@cloudscaling.comwrote: https://review.openstack.org/9153 now as a review. On Thu, Jun 28, 2012 at 5:08 PM, Nathanael Burton nathanael.i.bur...@gmail.com wrote: While at a minimum this is a doc bug, I would suggest we do one of the following: 1. Rename existing parameters that require the value to be an ip address such as 'metadata_host' to 'metadata_host_ip' so that it is more obvious. Make this a standard for all config parameters. 2. I agree with Lars, it would be even better if it was seamless (regardless of what was set, host or IP) and where we require IP addresses, do resolution. Nate On Jun 28, 2012 7:55 PM, Matt Joyce matt.jo...@cloudscaling.com wrote: +1 On Thu, Jun 28, 2012 at 2:27 PM, Vishvananda Ishaya vishvana...@gmail.com wrote: those are supposed to be ip addresses, so I would go with doc bug now unless there is a good reason to change it. Vish On Jun 28, 2012, at 12:00 PM, Lars Kellogg-Stedman wrote: Maybe I sent this out too late at night; I think it slipped below everyone's radar. I'm interested in whether or not people think this behavior is a functional bug, or maybe just a documentation bug: I ran into an issue earlier today where I had metadata_host set to the *hostname* of our controller. This got stuffed into an iptables rule as... -d os-controller.int.seas.harvard.edu/32 ...which promptly failed. Setting this to an ip address fixed this particular error, leading me to wonder: - Is this expected behavior? - Should I always use ip addresses for *_host values? - Is this a bug? - Should linux_net.py resolve hostnames? -- Lars Kellogg-Stedman l...@seas.harvard.edu | Senior Technologist| http://ac.seas.harvard.edu/ Academic Computing | http://code.seas.harvard.edu/ Harvard School of Engineering and Applied Sciences | ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] resolving the current keystone api URL via metadata?
This is continuity on a thread I was having with Scott Moser about his blueprint on config drive improvements: https://blueprints.launchpad.net/nova/+spec/config-drive-v2 I had suggested adding the current keystone API url path ( from flags ) to metadata api response. The fundamental logic on my part is that it provides instances a known static path for finding out the dynamic value of the keystone API. With that it can perform any function in openstack it may need to ( so long as it has valid auth credentials to do so ). The concern however raised is that this may not be considered metadata and is more of a user data thing. And thus it would have no place being in metadata. Certainly I understand that argument. I however can think of no other way to make this available to instances in an automated fashion that does not involve external configuration management. And while I generally have no problem with the so what? answer to that. In this case, the problem relates specifically to functionality of openstack core applications. So it's sitting on the dividing line. I feel like this is useful functionality for openstack and its users. I think that metadata is the right place for it. But maybe I am in a minority in wanting to see this happen. Or maybe I am simply wrong about where it should / could be placed. Example usage: In my case, the specific use case I wish to achieve is having fully portable images that can authenticate against keystone ( via pam auth module ) and provide environment data from the nova APIs. With this functionality I could simply query the metadata API... lookup the keystone API. Authenticate with credentials and discover tenancy / owner of instance to deny or allow access. Pretty simple. Would love input from others... Here is a dissenting opinion from Scott : Begin Paste Regarding 'tenant' or 'keystone_api' being present in the metadata service I have the following thoughts: * in general we should not put data there that provides no added benefit. For example, is there a benefit to having keystone server information available in the metadata service versus being passed in in user-data, and a initialization script in the instance reading the information from user-data rather than meta-data. I disagree here. Having just the address of the current cluster's keystone API server available at meta-data means that any application can figure out it's environment data on the fly to a fairly high degree. Coupled with a pam auth it can fully populate env data for the cluster in which it is in with nothing other than the username and password or hash pass. I think it's highly beneficial for making instances that can be directly ported between clusters and require no modification or injection. More to I have a bad connotation for the term 'injection'. user-data is not injection. user-data is information about an instance's purpose provided to the instance at launch time by the entity that requested its creation. This data may include information such as: * location of package mirror * location of puppet / chef master server * location of juju's zookeeper node * users to add, or public keys to import * code to run on first boot There are numerous existing complex and successful examples of using user-data with such information. The first items above can be simplified to location of an external service to integrate with. Compare the above with the list of things that are inside the existing EC2 metadata (see http://paste.ubuntu.com/1027440/ for a full crawl): * ami-id * ami-launch-index * block-device-mapping * network information * public-keys * reservation id * public-ipv4 * instance-id * public-keys The information there is almost entirely composed of information that the entity launching the instance could not know at request time (when user-data is provided). It is information that is filled in by the cloud. There are exactly zero external services mentioned. I'm not sure why keystone api server is special when compared to puppet master or juju zookeeper node. The only difference I see is that openstack knows what the keystone server is for a given tenant and thus could provide it, while it has no knowledge at all of juju-server or puppet server. Between the two locations of 'user-data' and 'meta-data' it seems fairly obvious to me that 'keystone api server' fits more in line with user-data than meta-data. the point it can make interfacing with the APIs from within user space substantially easier. Usability wise I think it has definite benefits. I'm honestly not sure what those benefits are. It would be trivial to write a openstack-instance-launch tool that does: * get keystone-api server and tenant information of user doing the launch * create user-data with: keystone-api-server: tenant-id: abcdefg * launch instance This is 100 lines of code that would then
Re: [Openstack] Test tool
https://github.com/cloudscaling/tarkin This is a very minimal test set that supports pinging vms after launching them. Nothing crazy. -Matt On Mon, Jun 18, 2012 at 6:37 AM, Jay Pipes jaypi...@gmail.com wrote: On 06/14/2012 05:26 AM, Neelakantam Gaddam wrote: Hi All, Recently I came across the tool called Tempest to perform he integration tests on a live cluster running openstack. Can we use this tool to test Quantum networks also? Yes, though support is very new :) If you run Tempest (nosetests -sv --nologcapture tempest), the network tests will be run by default if and only if there is a network endpoint set up. Are there any tools which do the end-to end testing of openstack components (including Quantum) like creating multiple networks, launching VMs, adding compute nodes, pinging VMs.. etc ? That would be tempest :) Mostly. Tempest doesn't yet test things like bringing up bare-metal compute nodes, but perhaps in the future it will. All the best, -jay __**_ Mailing list: https://launchpad.net/~**openstackhttps://launchpad.net/%7Eopenstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~**openstackhttps://launchpad.net/%7Eopenstack More help : https://help.launchpad.net/**ListHelphttps://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] storage for virtual machines
I believe swift CAN be used as a block device via FUSE, and I believe it has been done before. I wouldn't recommend it though. -Matt On Tue, Jun 12, 2012 at 8:37 AM, Jay Pipes jaypi...@gmail.com wrote: Sebastien, you are correct. Udit, you will need to provide a bit more information on what you are looking to do with Swift. Thanks, -jay p.s. sorry for top-posting. On 06/12/2012 08:02 AM, Sébastien Han wrote: Hi, If you planned to use Swift to store the virtual images disk and run instance over Swift: it's not possible. If you planned to use swift for nova-volume (cinder) and attaching disk: it's also not possible. Swift is *NOT*: * a filesystem * a block device Perhaps, Swift can be use as a backend for Glance and of course object storage like S3. Someone correct me if I'm wrong. Cheers. On Tue, Jun 12, 2012 at 12:39 PM, Udit Agarwal fzdu...@gmail.com mailto:fzdu...@gmail.com wrote: Hi, I have setup nova compute and storage on different nodes. I want to create new virtual machine images on my nova compute node. I also want to configure these virtual machines to use swift(openstack storage that is setup on a different node) for their storage purposes. But I have no idea how to do this? Can anyone help me in this matter. __ __ Thanks in advance. __ __ --Udit Agarwal __**_ Mailing list: https://launchpad.net/~**openstackhttps://launchpad.net/%7Eopenstack Post to : openstack@lists.launchpad.net mailto:openstack@lists.**launchpad.netopenstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~**openstackhttps://launchpad.net/%7Eopenstack More help : https://help.launchpad.net/**ListHelphttps://help.launchpad.net/ListHelp __**_ Mailing list: https://launchpad.net/~**openstackhttps://launchpad.net/%7Eopenstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~**openstackhttps://launchpad.net/%7Eopenstack More help : https://help.launchpad.net/**ListHelphttps://help.launchpad.net/ListHelp __**_ Mailing list: https://launchpad.net/~**openstackhttps://launchpad.net/%7Eopenstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~**openstackhttps://launchpad.net/%7Eopenstack More help : https://help.launchpad.net/**ListHelphttps://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Filter Scheduler, a complete example
You may be better off considering a different approach all together. We ran into similar issues involving FISMA constraints and data classification in the past. One 'simple' solution is complete segregation ( not to be confused with isolation ). What we ended up coming up with was to basically deploy one openstack cluster as an operations control cluster then use it to deploy other openstack clusters as a service. If you tie that into live migration you can even move physical machines around between nodes by shutting them off and re-provisioning them as a new node entirely. The primary issue in this approach is network automation. One solution is to deploy gateway systems as a service, but that's a bit of a hack. If you are interested in discussing this further I'd be glad to go into depth in a blog post or something for yah. -Matt On Mon, Jun 11, 2012 at 8:41 AM, Christian Parpart tra...@gmail.com wrote: Hi all, while I am still somewhat new to OpenStack, I was able to successfully deploy a 6-node OpenStack setup with 4 compute nodes, one controller node (yet to be HA'd) and one network node (yet to be HA'd). However, now, that I am that far, I am in need to create a custom filter, due to the companies requirements on what VMs to put on what hardware. Unfortunately, I am not yet that experienced in Python (know quite a few others, so I shouldn't have it that hard in getting into) and I - of course - don't know the Nova API as well as you do. So I am looking for a complete basic Hello World Filter Scheduler example, e.g. in form of a github repo, that I can fork off, and improve it, and learn Nova by doing. I could not really find anything that helpful yet, and I think it might be a wonderful entry-point for quite a few of us. Is there anyone willing to help us here out a bit? Many many thanks, Christian Parpart. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Greatest deployment?
LXC has a few benefits. As you likely are aware it is faster than a traditional hypervisor. But I'm willing to argue that the price paid for that benefit makes it largely not worthwhile for HPC use cases where openstack would see use. Firstly, and foremost using LXC you immediately lose the ability for your users to define their own compute environment, or choose from more than one pre-existing compute environment templates. That's huge. That's one of the primary benefits of cloud in this area over existing technologies. You eliminate that, and I have to ask why virtualize at all? Secondly, while LXC does provide a lot of native access, it still does paging management internally just as kvm does. So direct memory management ( some HPC users like this ) becomes just as problematic as it is in kvm. Lots of overhead. Third, the generally espoused major benefit of LXC is Disk I/O. If you are using lustre or gluster... I don't see any reason you care all that much. Mind you I've been unable to find benchmarks on lustre use under kvm vs lxc. My guess is LXC is faster. My guess is the difference is probably negligible when compared to the general cost of either LXC or KVM over a grid / batch solution. Additionally there's always hardware pinning. And of course finally there is the LXC management issue. LXC has been known to cause a lot of grief for administrators if they hand out root to their users. Since the containers are directly calling the kernel, and not working through a hypervisor they can conflict each other. For instance if one unloads NFS or something, it can impact other users access to NFS. I guess depending on how you are performing your allocations this last concern may not matter. If you are allocating entire systems at a time to users, then obviously this doesn't matter. But that goes back to my first point, if you are doing that, why not just push a physical image to box at allocation time with pxe and call it a day? And I remind you hardware pinning can be done in kvm and xen, providing at least near native access to some devices ( ie network ). For the record I figure more than a couple folks are avoiding hypervisors entirely for the time being. For some loads that certainly makes sense. Others, I think it's just a general aversion to overhead and not really very strategic thinking. The opinions expressed here, are entirely my own. -Matt On Tue, May 29, 2012 at 9:31 PM, Michael Chapman michael.chap...@anu.edu.au wrote: Matt, LXC is not a good alternative for several obvious reasons. So think on all of that. Could you expand on why you believe LXC is not a good alternative? As an HPC provider we're currently weighing up options to get the most we can out of our Openstack deployment performance-wise. In particular we have quite a bit of IB, a fairly large Lustre deployment and some GPUs, and are seriously considering going down the LXC route to try to avoid wasting all of that by putting a hypervisor on top. - Michael Chapman On Fri, May 25, 2012 at 1:34 AM, Matt Joyce matt.jo...@cloudscaling.comwrote: We did some considerable HPC testing when I worked over at NASA Ames with the Nebula project. So I think we may have been the first to try out openstack in an HPC capacity. If you can find Piyush Mehrotra from the NAS division at Ames, ( I'll leave it to you to look him up ) he has comprehensive OpenStack tests from the Bexar days. He'd probably be willing to share some of that data if there was interest ( assuming he hasn't already ). Several points of interest I think worth mentioning are: I think fundamentally many of the folks who are used to doing HPC work dislike working with hypervisors in general. The memory management and general i/o latency is something they find to be a bit intolerable. OpenNebula, and OpenStack rely on the same sets of open source hypervisors. In fact, I believe OpenStack supports more. What they do fundamentally is operate as an orchestration layer on top of the hypervisor layer of the stack. So in terms of performance you should not see much difference between the two at all. That being said, that's ignoring the possibility of scheduler customisation and the sort. We ultimately, much like Amazon HPC ended up handing over VMs to customers that consumed all the resources on a system thus negating the benefit of VMs by a large amount. 1 primary reason for this is pinning the 10 gig drivers, or infiniband if you have it, to a single VM allows for direct pass through and no hypervisor latency. We were seeing a maximum throughput on our 10 gigs of about 8-9 gbit with virtio / jumbo frames via kvm, while hardware was slightly above 10. Several vendors in the area I have spoken with are engaged in efforts to tie in physical layer provisioning with OpenStack orchestration to bypass the hypervisor entirely. LXC is not a good alternative for several obvious reasons. So think on all
Re: [Openstack] Greatest deployment?
On Wed, May 30, 2012 at 12:39 PM, Soren Hansen so...@linux2go.dk wrote: 2012/5/30 Matt Joyce matt.jo...@cloudscaling.com: Secondly, while LXC does provide a lot of native access, it still does paging management internally just as kvm does. So direct memory management ( some HPC users like this ) becomes just as problematic as it is in kvm. Lots of overhead. I'm not convinced this is accurate. Can you provide some kind of reference for this? Okay so KVM uses a nastier abstraction layer in the form of shadow paging, while LXC simply relies on cgroups for memory isolation. Obviously two very different beasts. But there is the overhead of cgroup accounting and resource management inside LXC. It's not the same, and not nearly as much overhead but it's still there. pick your mirror: /kernel/Documentation/cgroups/memory.txt would be the best docs I know of. -Matt ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [metering] delta vs. cumulative meters
Do we want a history of deltas or just last delta and leave the history to UI implementers? On Tue, May 29, 2012 at 9:30 AM, Loic Dachary l...@enovance.com wrote: On 05/29/2012 05:42 PM, Doug Hellmann wrote: IIRC, the meters discussed in the wiki [1] are supposed to show delta values (usage since the last time an event was generated), although the Alternate Gauge Design section discusses cumulative meters instead. The libvirt pollsters we have now produce cumulative data, and it might be complicated and error-prone to change them to compute the deltas internally before generating events. On the other hand, some of the other counters may be more complicated to generate as cumulative values. Rather than taking an either/or approach, I propose we document for each counter whether it uses the delta or cumulative approach. The API server can ask the meter plugin for that piece of information when calculating the aggregate value so that the caller does not have to keep track of the rules for each meter. I tend to prefer using a gauge and I agree that documenting what was preferred (gauge or delta) for a given meter / counter is enough. My 2ct ;-) -- Loïc Dachary Chief Research Officer // eNovance labs http://labs.enovance.com // ✉ l...@enovance.com ☎ +33 1 49 70 99 82 ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] File injection support
https://help.ubuntu.com/community/CloudInit Might want to check this little beastie out. Folks using kvm seem to end up here for certain use cases. -Matt On Tue, May 29, 2012 at 11:35 AM, Nicolae Paladi n.pal...@gmail.com wrote: Hello, I am looking for more information about file injection support in OpenStack and find it increasingly inconsistent and incomplete. I have several questions: * This wiki article (http://wiki.openstack.org/HypervisorSupportMatrix) claims that file injection is supported in XenServer, is NOT supported inn KVM it's not clear about the others. is that still the case? At least there is some mentioning of file injection in the openstack xenserver wiki: http://wiki.openstack.org/XenServer/Development * Is there any guide or man page where file injection is explained? in this use case I would like to inject a file to e.g. /etc/security/.conf at launch time -- is that possible, and if yes how can it be done in the Essex release. * Are there any discussions about the future of file injection? Thanks a lot! /Nico. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Fwd: [Infra] administration of new mailinglists
+1 Simple. And works for most other projects well enough. -Matt On Tue, May 29, 2012 at 1:01 PM, Thierry Carrez thie...@openstack.orgwrote: James E. Blair wrote: I believe we should at least have the common set of three mailing lists (announce, user/operator, dev) and have a web page that lists them. +1 We need an official channel for reference information about, at the very least, milestones/releases and security updates. We also need it for major community events (think announce the next design summit or upcoming elections). So far we (ab)used the general mailing-list for that, and I think the amount of traffic now makes it an inappropriate channel for reference information. We never used the existing -announce list because it was never exposed as the medium for reference information. An -announce list still sounds like the best way to achieve that. You can have direct posters like security or release team. You can have a moderation team so that anyone can potentially post reference information. That doesn't mean we can't use other channels like Twitter, blogs, G+, newsletter or whatever is cool these days, but none of those are actually a reference channel, so they are complementary rather than a replacement. If we go for -announce and -dev, I think we should use the classic names and move the openstack@lists.launchpad.net to openstack-us...@lists.openstack.org. Then it would make sense to merge openstack-operators into it. Regards, -- Thierry Carrez (ttx) Release Manager, OpenStack ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Greatest deployment?
We did some considerable HPC testing when I worked over at NASA Ames with the Nebula project. So I think we may have been the first to try out openstack in an HPC capacity. If you can find Piyush Mehrotra from the NAS division at Ames, ( I'll leave it to you to look him up ) he has comprehensive OpenStack tests from the Bexar days. He'd probably be willing to share some of that data if there was interest ( assuming he hasn't already ). Several points of interest I think worth mentioning are: I think fundamentally many of the folks who are used to doing HPC work dislike working with hypervisors in general. The memory management and general i/o latency is something they find to be a bit intolerable. OpenNebula, and OpenStack rely on the same sets of open source hypervisors. In fact, I believe OpenStack supports more. What they do fundamentally is operate as an orchestration layer on top of the hypervisor layer of the stack. So in terms of performance you should not see much difference between the two at all. That being said, that's ignoring the possibility of scheduler customisation and the sort. We ultimately, much like Amazon HPC ended up handing over VMs to customers that consumed all the resources on a system thus negating the benefit of VMs by a large amount. 1 primary reason for this is pinning the 10 gig drivers, or infiniband if you have it, to a single VM allows for direct pass through and no hypervisor latency. We were seeing a maximum throughput on our 10 gigs of about 8-9 gbit with virtio / jumbo frames via kvm, while hardware was slightly above 10. Several vendors in the area I have spoken with are engaged in efforts to tie in physical layer provisioning with OpenStack orchestration to bypass the hypervisor entirely. LXC is not a good alternative for several obvious reasons. So think on all of that. GPUs are highly specialised. Depending on your workloads you may not benefit from them. Again you have the hardware pinning issue in VMs. As far as Disk I/O is concerned, large datasets need large disk volumes. Large non immutable disk volumes. So swift / lafs go right out the window. nova-volume has some limitations ( or it did at the time ) euca tools couldn't handle 1 TB volumes and the APT maxed out around 2. So we had users raiding their volumes and asking how to target them to nodes to increase I/O. This was sub optimal. Luster or gluster would be better options here. We chose gluster because we've used luster before, and anyone who has knows it's pain. As for node targeting users cared about specific families of cpus. Many people optimised by cpu and wanted to target westmeres of nehalems. We had no means to do that at the time. Scheduling full instances is somewhat easier so long as all the nodes in your zone are full instance use only. Matt Joyce Now at Cloudscaling On Thu, May 24, 2012 at 5:49 AM, John Paul Walters jwalt...@isi.edu wrote: Hi, On May 24, 2012, at 5:45 AM, Thierry Carrez wrote: OpenNebula has also this advantage, for me, that it's designed also to provide scientific cloud and it's used by few research centres and even supercomputing centres. How about Openstack? Anyone tried deploy it in supercomputing environment? Maybe huge cluster or GPU cluster or any other scientific group is using Openstack? Is anyone using Openstack in scentific environement or Openstack's purpose is to create commercial only cloud (business - large and small companies)? OpenStack is being used in a number of research clouds, including NeCTAR (Australia's national research cloud). There is huge interest around bridging the gap there, with companies like Nimbis or Bull being involved. Hopefully people with more information than I have will comment on this thread. We're developing GPU, bare metal, and large SMP (think SGI UV) support for Openstack and we're targeting HPC/scientific computing workloads. It's a work in progress, but we have people using our code and we're talking to folks about getting our code onto nodes within FutureGrid. We have GPU support for LXC right now, and we're working on adding support for other hypervisors as well. We're also working on getting the code into shape for merging upstream, some of which (the bare metal work) has already been done. We had an HPC session at the most recent Design Summit, and it was well-attended with lots of great input. If there are specific features that you're looking for, we'd love to hear about it. By the way, all of our code is available at https://github.com/usc-isi/nova, so if you'd like to try it out before it gets merged upstream, go for it. best, JP ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Greatest deployment?
s/APT/API/ s/of/or/ Please forgive spelling errors. On a train atm. On Thu, May 24, 2012 at 8:34 AM, Matt Joyce matt.jo...@cloudscaling.comwrote: We did some considerable HPC testing when I worked over at NASA Ames with the Nebula project. So I think we may have been the first to try out openstack in an HPC capacity. If you can find Piyush Mehrotra from the NAS division at Ames, ( I'll leave it to you to look him up ) he has comprehensive OpenStack tests from the Bexar days. He'd probably be willing to share some of that data if there was interest ( assuming he hasn't already ). Several points of interest I think worth mentioning are: I think fundamentally many of the folks who are used to doing HPC work dislike working with hypervisors in general. The memory management and general i/o latency is something they find to be a bit intolerable. OpenNebula, and OpenStack rely on the same sets of open source hypervisors. In fact, I believe OpenStack supports more. What they do fundamentally is operate as an orchestration layer on top of the hypervisor layer of the stack. So in terms of performance you should not see much difference between the two at all. That being said, that's ignoring the possibility of scheduler customisation and the sort. We ultimately, much like Amazon HPC ended up handing over VMs to customers that consumed all the resources on a system thus negating the benefit of VMs by a large amount. 1 primary reason for this is pinning the 10 gig drivers, or infiniband if you have it, to a single VM allows for direct pass through and no hypervisor latency. We were seeing a maximum throughput on our 10 gigs of about 8-9 gbit with virtio / jumbo frames via kvm, while hardware was slightly above 10. Several vendors in the area I have spoken with are engaged in efforts to tie in physical layer provisioning with OpenStack orchestration to bypass the hypervisor entirely. LXC is not a good alternative for several obvious reasons. So think on all of that. GPUs are highly specialised. Depending on your workloads you may not benefit from them. Again you have the hardware pinning issue in VMs. As far as Disk I/O is concerned, large datasets need large disk volumes. Large non immutable disk volumes. So swift / lafs go right out the window. nova-volume has some limitations ( or it did at the time ) euca tools couldn't handle 1 TB volumes and the APT maxed out around 2. So we had users raiding their volumes and asking how to target them to nodes to increase I/O. This was sub optimal. Luster or gluster would be better options here. We chose gluster because we've used luster before, and anyone who has knows it's pain. As for node targeting users cared about specific families of cpus. Many people optimised by cpu and wanted to target westmeres of nehalems. We had no means to do that at the time. Scheduling full instances is somewhat easier so long as all the nodes in your zone are full instance use only. Matt Joyce Now at Cloudscaling On Thu, May 24, 2012 at 5:49 AM, John Paul Walters jwalt...@isi.eduwrote: Hi, On May 24, 2012, at 5:45 AM, Thierry Carrez wrote: OpenNebula has also this advantage, for me, that it's designed also to provide scientific cloud and it's used by few research centres and even supercomputing centres. How about Openstack? Anyone tried deploy it in supercomputing environment? Maybe huge cluster or GPU cluster or any other scientific group is using Openstack? Is anyone using Openstack in scentific environement or Openstack's purpose is to create commercial only cloud (business - large and small companies)? OpenStack is being used in a number of research clouds, including NeCTAR (Australia's national research cloud). There is huge interest around bridging the gap there, with companies like Nimbis or Bull being involved. Hopefully people with more information than I have will comment on this thread. We're developing GPU, bare metal, and large SMP (think SGI UV) support for Openstack and we're targeting HPC/scientific computing workloads. It's a work in progress, but we have people using our code and we're talking to folks about getting our code onto nodes within FutureGrid. We have GPU support for LXC right now, and we're working on adding support for other hypervisors as well. We're also working on getting the code into shape for merging upstream, some of which (the bare metal work) has already been done. We had an HPC session at the most recent Design Summit, and it was well-attended with lots of great input. If there are specific features that you're looking for, we'd love to hear about it. By the way, all of our code is available at https://github.com/usc-isi/nova, so if you'd like to try it out before it gets merged upstream, go for it. best, JP ___ Mailing list: https://launchpad.net/~openstack
Re: [Openstack] Can't ssh into instance
First rule of security group. Do not talk about security group. j/k On Thu, May 24, 2012 at 9:35 AM, Rogerio Goncalves roge...@gmail.comwrote: Maybe you missed the rules of security group? Rogério Gonçalves roge...@gmail.com Cel: (11) 8840-9790 On Thu, May 24, 2012 at 12:12 PM, Leander Bessa Beernaert leande...@gmail.com wrote: I've formatted the host machine and reinstalled openstack, just in case. Now i am only getting connection refused. On Thu, May 24, 2012 at 3:01 PM, Leander Bessa Beernaert leande...@gmail.com wrote: Compute log: Log: http://paste.openstack.org/show/18149/ I've tried bot root and ubuntu as account names (ssh -i key.pem root@10.1.2.3 and ssh -i key.pem ubuntu@10.1.2.3) and the result is still Read from socket failed: Connection reset by peer On Thu, May 24, 2012 at 1:57 PM, Leander Bessa Beernaert leande...@gmail.com wrote: Complete log: http://paste.openstack.org/show/18144/ On Thu, May 24, 2012 at 1:49 PM, Anton Haldin ahal...@griddynamics.com wrote: you can try to look in console.log for this instance On Thu, May 24, 2012 at 4:41 PM, Leander Bessa Beernaert leande...@gmail.com wrote: No, at the moment the vnc console isn't working yet. I haven't gotten that far yet. On Thu, May 24, 2012 at 1:29 PM, Anton Haldin ahal...@griddynamics.com wrote: t can be an issue on OS side in instance ? do you have vnc access for this instance? On Thu, May 24, 2012 at 2:56 PM, Leander Bessa Beernaert leande...@gmail.com wrote: Hello, I'm having trouble sshing into the created instances. At first i was getting the following error: ssh -i testkey.pem root@10.1.1.3 -v OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.1.1.3 [10.1.1.3] port 22. debug1: Connection established. debug1: identity file testkey.pem type -1 debug1: identity file testkey.pem-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8p1 Debian-7ubuntu1 debug1: match: OpenSSH_5.8p1 Debian-7ubuntu1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1 debug1: SSH2_MSG_KEXINIT sent Read from socket failed: Connection reset by peer I then proceeded to reboot the machine and all it's services. However, now i can't even get that far. I'm alway faced with a connection refused. I've added the permissions for port 22 and icmp in the default security group and i'm also able to ping the instances. I'm using the openstack packages provided with ubuntu 12.04. Regards, Leander ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
