Joe Gordon wrote:
Having rootwrap on by default makes nova-network scale very poorly by
default. Which doesn't sound like a good default, but not sure if no
rootwrap is a better default.
If it boils down to that choice, by default I would pick security over
performance.
It will require a
On 2 August 2013 20:05, Thierry Carrez thie...@openstack.org wrote:
It was a bit of a maintenance nightmare (the file was maintained in
every distribution rather than centrally in openstack). Another issue
was that we shipped the same sudoers for every combination of nodes,
allowing for
Hello,
I'd like you to do a OpenStack Requirements code review. The reason I send
this request is another patch of mine is depends on whether this one patch
get approved.
Please visit https://review.openstack.org/#/c/38429/
Regards and best wishes,
Yijing Zhang
Robert Collins wrote:
On 2 August 2013 20:05, Thierry Carrez thie...@openstack.org wrote:
It was a bit of a maintenance nightmare (the file was maintained in
every distribution rather than centrally in openstack). Another issue
was that we shipped the same sudoers for every combination of
Yijing Zhang traceyzh...@siu.edu writes:
Hello,
I'd like you to do a OpenStack Requirements code review. The reason I send
this request is another patch of mine is depends on whether this one patch
get approved.
Please visit https://review.openstack.org/#/c/38429/
I am new here. Is it
On Thu, 2013-07-25 at 14:40 -0600, Mike Wilson wrote:
In my opinion:
1. Stop using rootwrap completely and get strong argument checking support
into sudo (regex).
2. Some sort of long lived rootwrap process, either forked by the service
that want's to shell out or a general purpose
On 08/02/2013 05:18 AM, Noorul Islam K M wrote:
Yijing Zhang traceyzh...@siu.edu writes:
Hello,
I'd like you to do a OpenStack Requirements code review. The reason I send
this request is another patch of mine is depends on whether this one patch
get approved.
Please visit
On Thu, Aug 1, 2013 at 8:52 PM, Sandy Walsh sandy.wa...@rackspace.comwrote:
On 08/01/2013 07:22 PM, Doug Hellmann wrote:
On Thu, Aug 1, 2013 at 10:31 AM, Sandy Walsh sandy.wa...@rackspace.com
mailto:sandy.wa...@rackspace.com wrote:
Hey y'all,
I've had a little thorn
On Thu, Aug 1, 2013 at 7:36 PM, Sam Morrison sorri...@gmail.com wrote:
On 31/07/2013, at 6:45 PM, Julien Danjou jul...@danjou.info wrote:
On Wed, Jul 31 2013, Sam Morrison wrote:
Hi Sam,
Does everything that gets stored in the datastore go through the
ceilometer.collector.metering
On Fri, Aug 02 2013, Doug Hellmann wrote:
I'm not certain any new code needs to be written. Couldn't we configure the
pipeline in the cell to send the data directly upstream to the central
collector, instead of having it pass through a collector in the cell?
That would need the RPC layer to
Hi,
As I understand, current OVS Quantum agent is assuming that there are two
Openflow bridges (br-int and br-tun).
br_tun, I think, is introduced to take care of overlay tunnels.
With flow based tunnel selection and tunnel parameters definition, I think
br-tun is no longer required.
On Fri, Aug 2, 2013 at 7:47 AM, Julien Danjou jul...@danjou.info wrote:
On Fri, Aug 02 2013, Doug Hellmann wrote:
I'm not certain any new code needs to be written. Couldn't we configure
the
pipeline in the cell to send the data directly upstream to the central
collector, instead of
On 08/02/2013 01:23 AM, Christopher Yeoh wrote:
Hi,
Matthew Trenish brought up an issue on one of the proposed Nova V3 API
tempest tests:
So I get why you do things this way. But, unlike nova we aren't
going to be able to do part1
being a straight copy and paste. Doing so will double the
On Aug 2, 2013, at 7:02 AM, Addepalli Srini-B22160 b22...@freescale.com wrote:
Hi,
As I understand, current OVS Quantum agent is assuming that there are two
Openflow bridges (br-int and br-tun).
“br_tun”, I think, is introduced to take care of overlay tunnels.
With flow based
Hi
On 2 August 2013 13:14, Daniel P. Berrange berra...@redhat.com wrote:
for managing VMs. Nova isn't using as much as it could do though. Nova
isn't using any of libvirt's storage or network related APIs currently,
which could obsolete some of its uses of rootwrap.
That certainly sounds
On 08/02/2013 08:38 AM, Doug Hellmann wrote:
On Thu, Aug 1, 2013 at 8:52 PM, Sandy Walsh sandy.wa...@rackspace.com
mailto:sandy.wa...@rackspace.com wrote:
On 08/01/2013 07:22 PM, Doug Hellmann wrote:
On Thu, Aug 1, 2013 at 10:31 AM, Sandy Walsh
Hi Paul,
There wasn't a follow up on the mailing list (actually, I guess this is it!).
Basically, we discussed Jay's points in the glance meetings and on irc, and
decided to stick with this approach. I think the final exchange in that thread
sums it up, he understands why we're proposing to
Hey all,
I've been poking around to get an understanding of what some of these default
meters mean in the course of researching this Glance bug
(https://bugs.launchpad.net/ceilometer/+bug/1201701). I was wondering if anyone
could explain to me what the instance meter is. The unit 'instance'
On 08/02/2013 07:52 AM, Thierry Carrez wrote:
Daniel P. Berrange wrote:
On Fri, Aug 02, 2013 at 10:58:11AM +0100, Mark McLoughlin wrote:
On Thu, 2013-07-25 at 14:40 -0600, Mike Wilson wrote:
In my opinion:
1. Stop using rootwrap completely and get strong argument checking support
into sudo
I would like to do this because it will let me grind out details I need to
cover for other tasks, but I'm in danger of over committing myself. How fast do
you want it done? ... because that is a big job ...
# Shawn Hartsock
Russell Bryant rbry...@redhat.com wrote:
On 08/02/2013 07:52 AM,
On Fri, 02 Aug 2013 09:29:48 -0400
David Kranz dkr...@redhat.com wrote:
On 08/02/2013 01:23 AM, Christopher Yeoh wrote:
times we run these tests in
the gate once this gets merged. I think it would be best to go
about
this as smaller patches in a
longer series, just adding the v3
Dear All,
There has been some discussions recently about project Climate on
Stackforge which aim is to provide host reservation services. This
project is somehow related to
https://wiki.openstack.org/wiki/WholeHostAllocation in that Climate
intends to deal with the reservation part of
On 08/01/2013 07:22 PM, Doug Hellmann wrote:
On Thu, Aug 1, 2013 at 10:31 AM, Sandy Walsh sandy.wa...@rackspace.com
mailto:sandy.wa...@rackspace.com wrote:
Hey y'all,
I've had a little thorn in my claw on this topic for a while and
thought
I'd ask the
Hi Jessica!
Unfortunately, I'm getting This account's public links are generating
too much traffic and have been temporarily disabled! when I go to that
link...
Is there an alternate location? I'm quite curious about the task flow
library and am looking forward to watching the vid :)
Hi,
Anthony Dodd has recently implemented some cool new features that we
discussed at the summit -- driving more automation from commit messages.
Here's what you need to know to use the new features:
Use header style references when referencing a bug in your commit
log. The following styles are
Yes - sorry about that. Wasn't thinking ahead when I uploaded the video. :p
You can view it on youtube here: http://www.youtube.com/watch?v=SJLc3U-KYxQ
On Aug 2, 2013, at 10:49 AM, Jay Pipes
jaypi...@gmail.commailto:jaypi...@gmail.com
wrote:
Hi Jessica!
Unfortunately, I'm getting This
On Fri, 2013-08-02 at 09:00 -0700, James E. Blair wrote:
Hi,
Anthony Dodd has recently implemented some cool new features that we
discussed at the summit -- driving more automation from commit messages.
Here's what you need to know to use the new features:
Use header style references when
On 13-08-02 12:13 PM, Mark McLoughlin wrote:
On Fri, 2013-08-02 at 09:00 -0700, James E. Blair wrote:
Hi,
Anthony Dodd has recently implemented some cool new features that we
discussed at the summit -- driving more automation from commit messages.
Here's what you need to know to use the new
On 08/02/2013 12:27 PM, Eoghan Glynn wrote:
On 08/01/2013 07:22 PM, Doug Hellmann wrote:
On Thu, Aug 1, 2013 at 10:31 AM, Sandy Walsh sandy.wa...@rackspace.com
mailto:sandy.wa...@rackspace.com wrote:
Hey y'all,
I've had a little thorn in my claw on this topic for a while and
Following up on my own thread, the fix can be integrated into ./stack.sh by
adding this to the localrc:
# FIXES: https://bugs.launchpad.net/neutron/+bug/1206013
OSLOCFG_REPO=https://github.com/openstack/oslo.config.git
OSLOCFG_BRANCH=1.2.0a3
If you've already run stack, might have to set
Thanks much!
On 08/02/2013 12:06 PM, Jessica Lucci wrote:
Yes - sorry about that. Wasn't thinking ahead when I uploaded the video. :p
You can view it on youtube here: http://www.youtube.com/watch?v=SJLc3U-KYxQ
*
*
On Aug 2, 2013, at 10:49 AM, Jay Pipes jaypi...@gmail.com
Any solution where you need to modify sudoers every time the code
changes is painful, because there is only one sudo configuration on a
machine and it's owned by root.
Hmm? At least on ubuntu there is a default /etc/sudoers.d directory,
where we could land per-service files like
On 07/09/2013 07:45 AM, Ken'ichi Ohmichi wrote:
Hi,
The blueprint nova-api-validation-fw has not been approved yet.
I hope the core patch of this blueprint is merged to Havana-2,
because of completing comprehensive API validation of Nova v3 API
for Havana release. What should we do for
Hi folks,
UX community for OpenStack
(https://plus.google.com/u/0/communities/100954512393463248122) is
looking for new place for UX related discussions. Current format of
Google+ is bringing us lot of issues, which we are trying to resolve
with new tool, where developers/designers can ask
On Fri, Aug 2, 2013 at 4:35 PM, Russell Bryant rbry...@redhat.com wrote:
On 07/09/2013 07:45 AM, Ken'ichi Ohmichi wrote:
Hi,
The blueprint nova-api-validation-fw has not been approved yet.
I hope the core patch of this blueprint is merged to Havana-2,
because of completing
On 08/02/2013 05:13 PM, Doug Hellmann wrote:
When we discussed this earlier, there was concern about moving to a
completely new toolset for the new API in Havana because of other
changes going on at the same time (something to do with extensions,
IIRC). I agreed it made sense to stick with our
Hi All,
even though Glance, has been pulled out of Nova years ago, Nova still has a
images API that proxies back to Glance. Since Nova is in the process of
creating a new, V3, API, we know have a chance to re-evaluate this API.
* Do we still need this in Nova, is there any reason to not just
Hello, I'm currently implementing the event api blueprint[0], and am
wondering what access controls we should impose on the event api. The
purpose of the blueprint is to provide a StackTach equivalent in the
ceilometer api. I believe that StackTach is used as an internal tool which
end with no
Hello,
With some minor tweaking of the keystone common/ldap/core.py file, I have been
able to authenticate and get an unscoped token for a user from an LDAP
Enterprise Directory. I want to continue testing but I have some questions that
need to be answered before I can continue.
1. Do
Hi Folks
It looks like neutron gating error improves as much as non-neutron gating one,
so I would like to suggest to enable neturon-gating again.
This is 12 hours failure rate in 2013-08-01.
gate-tempest-devstack-vm-full:18.75%
gate-tempest-devstack-vm-neutron:13.21%
There are graphs
[1]
On Fri, Aug 2, 2013 at 5:19 PM, Russell Bryant rbry...@redhat.com wrote:
On 08/02/2013 05:13 PM, Doug Hellmann wrote:
When we discussed this earlier, there was concern about moving to a
completely new toolset for the new API in Havana because of other
changes going on at the same time
It's official -- welcome, Chris!
On Wed, Jul 31, 2013 at 6:57 PM, Wentian Jiang went...@unitedstack.comwrote:
Chris +1
On Thu, Aug 1, 2013 at 4:17 AM, Joe Gordon joe.gord...@gmail.com wrote:
+1
On Wed, Jul 31, 2013 at 9:41 AM, Lucas Alvares Gomes
lucasago...@gmail.com wrote:
+1
On 08/02/2013 01:06 PM, James Kyle wrote:
Following up on my own thread, the fix can be integrated into
../stack.sh by adding this to the localrc:
# FIXES: https://bugs.launchpad.net/neutron/+bug/1206013
OSLOCFG_REPO=https://github.com/openstack/oslo.config.git
OSLOCFG_BRANCH=1.2.0a3
On 08/02/2013 05:23 PM, Joe Gordon wrote:
Hi All,
even though Glance, has been pulled out of Nova years ago, Nova still
has a images API that proxies back to Glance. Since Nova is in the
process of creating a new, V3, API, we know have a chance to re-evaluate
this API.
* Do we still
Hi All,
In Neutron Firewall as a Service (FWaaS), we currently support an
implicit commit mode, wherein a change made to a firewall_rule is
propagated immediately to all the firewalls that use this rule (via
the firewall_policy association), and the rule gets applied in the
backend firewalls.
Hi Joe,
Am on my phone so can't find the links at the moment but there was some
discussion around this when working out what we should leave out of the v3 api.
Some people had concerns about exposing the glance api publicly and so wanted
to retain the images support in Nova.
So the
On Sat, Aug 3, 2013 at 9:16 AM, Doug Hellmann
doug.hellm...@dreamhost.com=mailto:doug.hellm...@dreamhost.com; wrote:
On Fri, Aug 2, 2013 at 5:19 PM, Russell Bryant rbry...@redhat.com wrote:
On 08/02/2013 05:13 PM, Doug Hellmann wrote:
When we discussed this earlier, there was concern about
On Fri, Aug 2, 2013 at 10:33 AM, Dan Smith d...@danplanet.com wrote:
Any solution where you need to modify sudoers every time the code
changes is painful, because there is only one sudo configuration on a
machine and it's owned by root.
Hmm? At least on ubuntu there is a default
48 matches
Mail list logo