date:20120515

Re: [Openstack] [Keystone] PKI

2012-05-15 Thread Tim Bell

Fully agreed. Academic and Research sites have extensive X.509
infrastructure that we would not wish to duplicate.

 

Are you only looking at user certificates or are host certificates in the
scope too ?

 

Tim

 

From: openstack-bounces+tim.bell=cern...@lists.launchpad.net
[mailto:openstack-bounces+tim.bell=cern...@lists.launchpad.net] On Behalf Of
Adam Young
Sent: 16 May 2012 03:10
To: openstack@lists.launchpad.net
Subject: Re: [Openstack] [Keystone] PKI

 

Well, the PKI pieces are the same regardless of the CA and certificate
issuing pieces.  All we will need to do is to use a signing key to sign a
document.  So EJBCA or Dogtag will work equally as well.  If people already
have a CA infrastructure, they should be able to leverage that, too.


On 05/15/2012 04:47 PM, Thor Wolpert wrote: 

If you're open to levarging other OSS projects,
http://www.ejbca.org/architecture.html us a great one to look at, assuming
you need a PKI implementation available. 

 

I believe it is at least worth a look.

On Tue, May 15, 2012 at 1:30 PM, Razique Mahroua 
wrote:

great topic :)





  Joseph Heck

15 mai 2012 21:06

Coming out of the Keystone meeting from today
(http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-me
eting.2012-05-15-18.02.html), I thought it worth mentioning that adam young
has been doing some tremendous lifting in terms of looking at adding in PKI
support to Keystone. The writeup and details are on the OpenStack wiki at
http://wiki.openstack.org/PKI

I rather suspect there's a lot of interest in this topic, so I wanted to
make sure the broader community knew about the effort, what we were
thinking, and were we are. 

If you're interested in discussing, the keystone meeting is on Tuesday
mornings at 18:00 UTC

-joe

___
Mailing list: https://launchpad.net/~openstack
 
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
 
More help : https://help.launchpad.net/ListHelp

 

-- 
Nuage & Co - Razique Mahroua 
razique.mahr...@gmail.com

  


___
Mailing list: https://launchpad.net/~openstack
 
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
 
More help   : https://help.launchpad.net/ListHelp

 






___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

 



smime.p7s
Description: S/MIME cryptographic signature
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] OpenStack Java SDK RC2 Relased!

2012-05-15 Thread Luis Gervaso

Hi!

Aligned with the JAX-RS 2.0 I have just uploaded the OpenStack Java SDK RC2

Source Code:

https://github.com/woorea/openstack-java-sdk

For Maven users:

groupId artifactId version  org.openstack openstack-java-sdk 1.0-RC2

https://raw.github.com/woorea/maven/master/releases/

This release fixes a lot of bugs and works with HPCloud.

It has been tested with stable/essex devstack branch

I have uploaded a demo video of one of the projects where i'm using it so
you can see it in action

http://youtu.be/Twf6cSrV3ys

Thank you everybody for emails and the bug reporting, but i have to remind
that you should use the bug tracking
on github in order to better management :P

https://github.com/woorea/openstack-java-sdk/issues

Cheers!

-- 
---
Luis Alberto Gervaso Martin
Woorea Solutions, S.L
CEO & CTO
mobile: (+34) 627983344
luis@ woorea.es
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Problem with attaching disks to an instance

2012-05-15 Thread Vishvananda Ishaya

Yes that code is unused and the removal is under review here:

https://review.openstack.org/#/c/7450/

Vish

On May 15, 2012, at 8:18 PM, Lorin Hochstein wrote:

> On May 15, 2012, at 1:27 PM, Vishvananda Ishaya wrote:
> 
>> FYI iscsi_ip_prefix doesn't exist in essex.  
> 
> That flag is referenced in the XenAPI code in essex: 
> https://github.com/openstack/nova/blob/stable/essex/nova/virt/xenapi/volume_utils.py#L408
> 
> However, it doesn't appear anywhere else in essex. Is this a bug?
> 
> Take care,
> 
> Lorin
> --
> Lorin Hochstein
> Lead Architect - Cloud Services
> Nimbis Services, Inc.
> www.nimbisservices.com
> 
> 
> 
> 

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Keystone] PKI

2012-05-15 Thread Haneef ALI

Hi Adam,

Can you please clarify the following  in PKI blueprint?


1) Do you assume that roles won't be changed after getToken and before
validateToken?



What is keystone private key?  Do you mean user private key?


1) Why do we need to store users client cert in keystone system?  BTW what
do you mean by keystone system? Is it  keystone server?  or  any system
like swift/nova which uses keystone to authenticate

Thanks

On Tue, May 15, 2012 at 6:09 PM, Adam Young  wrote:

>  Well, the PKI pieces are the same regardless of the CA and certificate
> issuing pieces.  All we will need to do is to use a signing key to sign a
> document.  So EJBCA or Dogtag will work equally as well.  If people already
> have a CA infrastructure, they should be able to leverage that, too.
>
>
>
> On 05/15/2012 04:47 PM, Thor Wolpert wrote:
>
> If you're open to levarging other OSS projects,
> http://www.ejbca.org/architecture.html us a great one to look at,
> assuming you need a PKI implementation available.
>
>  I believe it is at least worth a look.
>
> On Tue, May 15, 2012 at 1:30 PM, Razique Mahroua <
> razique.mahr...@gmail.com> wrote:
>
>>  great topic :)
>>
>>
>>Joseph Heck 
>>  15 mai 2012 21:06
>>   Coming out of the Keystone meeting from today (
>> http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-15-18.02.html),
>> I thought it worth mentioning that adam young has been doing some
>> tremendous lifting in terms of looking at adding in PKI support to
>> Keystone. The writeup and details are on the OpenStack wiki at
>> http://wiki.openstack.org/PKI
>>
>> I rather suspect there's a lot of interest in this topic, so I wanted to
>> make sure the broader community knew about the effort, what we were
>> thinking, and were we are.
>>
>> If you're interested in discussing, the keystone meeting is on Tuesday
>> mornings at 18:00 UTC
>>
>> -joe
>>
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help : https://help.launchpad.net/ListHelp
>>
>>
>> --
>> Nuage & Co - Razique Mahroua
>> razique.mahr...@gmail.com
>>
>>
>>
>>
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Problem with attaching disks to an instance

2012-05-15 Thread Lorin Hochstein

On May 15, 2012, at 1:27 PM, Vishvananda Ishaya wrote:

> FYI iscsi_ip_prefix doesn't exist in essex.  

That flag is referenced in the XenAPI code in essex: 
https://github.com/openstack/nova/blob/stable/essex/nova/virt/xenapi/volume_utils.py#L408

However, it doesn't appear anywhere else in essex. Is this a bug?

Take care,

Lorin
--
Lorin Hochstein
Lead Architect - Cloud Services
Nimbis Services, Inc.
www.nimbisservices.com




___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [openstack]create network project_id

2012-05-15 Thread heut2008

if you are using vlan mode then of cource you can allocate a network
to your project,if you are using flatdhcp mode  then all
project(tenant) share the network you created the instances in the
same broadcast domain.

2012/5/16 William Herry :
> Hi
>
> how can I create a network for specified project, I use --project_id option
> when create network, seems not work,
> do i miss something:
>
> any one can help?
>
> thanks
>
>
> --
>
> ===
> William Herry
>
> williamherrych...@gmail.com
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] [openstack]create network project_id

2012-05-15 Thread William Herry

Hi

how can I create a network for
*specified*project,
I use --project_id option when create network, seems not work,
do i miss something:

any one can help?

thanks


-- 

===
William Herry

williamherrych...@gmail.com
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Keystone] PKI

2012-05-15 Thread Adam Young

Well, the PKI pieces are the same regardless of the CA and certificate 
issuing pieces.  All we will need to do is to use a signing key to sign 
a document.  So EJBCA or Dogtag will work equally as well.  If people 
already have a CA infrastructure, they should be able to leverage that, too.



On 05/15/2012 04:47 PM, Thor Wolpert wrote:
If you're open to levarging other OSS projects, 
http://www.ejbca.org/architecture.html us a great one to look at, 
assuming you need a PKI implementation available.


I believe it is at least worth a look.

On Tue, May 15, 2012 at 1:30 PM, Razique Mahroua 
mailto:razique.mahr...@gmail.com>> wrote:


great topic :)



Joseph Heck 
15 mai 2012 21:06
Coming out of the Keystone meeting from today

(http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-15-18.02.html),
I thought it worth mentioning that adam young has been doing some
tremendous lifting in terms of looking at adding in PKI support
to Keystone. The writeup and details are on the OpenStack wiki at
http://wiki.openstack.org/PKI

I rather suspect there's a lot of interest in this topic, so I
wanted to make sure the broader community knew about the effort,
what we were thinking, and were we are.

If you're interested in discussing, the keystone meeting is on
Tuesday mornings at 18:00 UTC

-joe

___
Mailing list: https://launchpad.net/~openstack

Post to : openstack@lists.launchpad.net

Unsubscribe : https://launchpad.net/~openstack

More help : https://help.launchpad.net/ListHelp


-- 
Nuage & Co - Razique Mahroua

razique.mahr...@gmail.com 




___
Mailing list: https://launchpad.net/~openstack

Post to : openstack@lists.launchpad.net

Unsubscribe : https://launchpad.net/~openstack

More help   : https://help.launchpad.net/ListHelp




___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] glance nova and keystone clients in horizon dashboard

2012-05-15 Thread Gabriel Hurley

You can manually swap out the code in the src dir in your environment quite 
trivially. For development purposes I frequently have my own copies of the 
clients symlinked in.

There is no way to override the pip-requires file automagically, however. 
Requirement freezing in Horizon and client versioning for OpenStack (especially 
on PyPI) are both on deck to be addressed in Folsom.

All the best,


-  Gabriel

From: openstack-bounces+gabriel.hurley=nebula@lists.launchpad.net 
[mailto:openstack-bounces+gabriel.hurley=nebula@lists.launchpad.net] On 
Behalf Of Vijay
Sent: Tuesday, May 15, 2012 2:25 PM
To: openstack@lists.launchpad.net
Subject: [Openstack] glance nova and keystone clients in horizon dashboard

Hello,
I have installed essex released version of openstack. When I install horizon, 
as part of installation it installs everything in pip-requires. This file 
clones glance, nova and keystone clients from the git site which is dev version 
and overrides my earlier base essex versions.
If git cloning is commented out, then, dashboard cannot be accessed from 
browser. It says improperly configured no module novaclient.

Is there a way to properly configure dashboard with the current existing 
clients without having to clone it from the git site?

Thanks,
-vj


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Nova] Server UUID from metadata service?

2012-05-15 Thread Vishvananda Ishaya

AFAIK there isn't a way to get the uuid from the metadata server in essex. We 
were also discussing that it might be valuable for the ec2 api to tag the uuid 
onto the instance, but that doesn't help for essex either.

Vish

On May 15, 2012, at 3:40 PM, Martin Packman wrote:

> For juju, I need a snippet of shell that cloud-init can use to get the
> server id on startup. For the ec2 provider, the following is used:
> 
>$(curl http://169.254.169.254/1.0/meta-data/instance-id)
> 
> Is there any way of getting the server's uuid rather than the ec2
> style i-08x version? Requests against the openstack api with the
> integer form work, but not for comparing id values. Using the api to
> resolve the integer to a uuid would require reauthenticating on the
> instance.
> 
> There was some discussion about exposing openstack specific values via
> the metadata service as well for folsom, but is there a method that
> would work with essex?
> 
> Martin
> 
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] [Nova] nova floating-ip-list hangs, even when nova-network is running

2012-05-15 Thread Ding Deng

Hi,

I've a new 1-node 2012.1 setup in FlatDHCP mode. When I try to open the
Access & Security page in Horizon, it hangs. I've also tried the CLI way
(nova floating-ip-list), which hangs too.

I found some similar reports [0][1] which indicated that there may be
something wrong with the nova-network service. But as far as I know,
nova-network is fine:

# nova-manage service list
Binary   Host Zone Status  State Updated_At
nova-console host nova enabled :-)   2012-05-15 22:44:59
nova-consoleauth host nova enabled :-)   2012-05-15 22:44:56
nova-scheduler   host nova enabled :-)   2012-05-15 22:44:59
nova-compute host nova enabled :-)   2012-05-15 22:44:58
nova-network host nova enabled :-)   2012-05-15 22:44:59

What should I check next? Thanks.


Ding Deng

[0] https://bugs.launchpad.net/horizon/+bug/961761
[1] https://bugzilla.redhat.com/show_bug.cgi?id=812661

* nova-api.log

2012-05-16 06:49:42 INFO nova.api.openstack.wsgi
[req-3cc1da1e-cfe0-40e4-bbf1-516a5196eca6
1ae03a42d2364fb3bc9fa2162632fdc7 3fbde8c6c6ae431c9798c49d796cc066] GET
http://localhost:8774/v1.1/3fbde8c6c6ae431c9798c49d796cc066/os-floating-ips
2012-05-16 06:49:42 DEBUG nova.api.openstack.wsgi
[req-3cc1da1e-cfe0-40e4-bbf1-516a5196eca6
1ae03a42d2364fb3bc9fa2162632fdc7 3fbde8c6c6ae431c9798c49d796cc066]
Unrecognized Content-Type provided in request from (pid=4372) get_body
/usr/lib/python2.7/dist-packages/nova/api/openstack/wsgi.py:697
2012-05-16 06:49:42 DEBUG nova.rpc.amqp
[req-3cc1da1e-cfe0-40e4-bbf1-516a5196eca6
1ae03a42d2364fb3bc9fa2162632fdc7 3fbde8c6c6ae431c9798c49d796cc066]
Making asynchronous call on network ... from (pid=4372) multicall
/usr/lib/python2.7/dist-packages/nova/rpc/amqp.py:321
2012-05-16 06:49:42 DEBUG nova.rpc.amqp
[req-3cc1da1e-cfe0-40e4-bbf1-516a5196eca6
1ae03a42d2364fb3bc9fa2162632fdc7 3fbde8c6c6ae431c9798c49d796cc066]
MSG_ID is e1d0950c2e014a2a9948f20152a92089 from (pid=4372) multicall
/usr/lib/python2.7/dist-packages/nova/rpc/amqp.py:324
2012-05-16 06:49:42 DEBUG nova.rpc.amqp
[req-3cc1da1e-cfe0-40e4-bbf1-516a5196eca6
1ae03a42d2364fb3bc9fa2162632fdc7 3fbde8c6c6ae431c9798c49d796cc066] Pool
creating new connection from (pid=4372) create
/usr/lib/python2.7/dist-packages/nova/rpc/amqp.py:59
2012-05-16 06:49:42 INFO nova.rpc.common
[req-3cc1da1e-cfe0-40e4-bbf1-516a5196eca6
1ae03a42d2364fb3bc9fa2162632fdc7 3fbde8c6c6ae431c9798c49d796cc066]
Connected to AMQP server on localhost:5672

* nova-network.log

Nothing except some periodic tasks.

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] [keystone]Bug 963098 and related blueprint (meeting continuation)

2012-05-15 Thread Rafael Durán Castañeda

Hi,

I would like continue discussion started at Keystone meeting from
today 
(http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-15-18.02.html),
about bug 963098 (Keystone isn't acting on consecutive failed logins)
and related blueprint (Improve keystone security). At meeting there
was serious concerns about using a middleware and the current approach
audit&report mechanism that could be done elsewhere.

So after thinking again about this I've got a new approach: acting on
consecutive failed logins might be managed by identity backends
authenticate method. This approach would make all needed work specific
to the backend and thus a write/read backend will be able to do some
actions that a read only won't e.g.: storing login attempts on user
extra data, temporarily disable user, ... If we look at current SQL
identity backend after an authentication failure Keystone just raises
an exception, this approach will replace/extend it doing the
consecutive failed logins handling there.

I still think adding an optionally rate limiting middleware would help a lot.

https://github.com/openstack/keystone/blob/master/keystone/identity/backends/sql.py#L146
https://bugs.launchpad.net/keystone/+bug/963098
https://blueprints.launchpad.net/keystone/+spec/improve-keystone-security

Thanks,
Rafael

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] [Nova] Server UUID from metadata service?

2012-05-15 Thread Martin Packman

For juju, I need a snippet of shell that cloud-init can use to get the
server id on startup. For the ec2 provider, the following is used:

$(curl http://169.254.169.254/1.0/meta-data/instance-id)

Is there any way of getting the server's uuid rather than the ec2
style i-08x version? Requests against the openstack api with the
integer form work, but not for comparing id values. Using the api to
resolve the integer to a uuid would require reauthenticating on the
instance.

There was some discussion about exposing openstack specific values via
the metadata service as well for folsom, but is there a method that
would work with essex?

Martin

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Problem connecting to the VM with quantum and openvswitch

2012-05-15 Thread Ask Stack

Hello

I can't ping nor ssh to the VM. By the output of tcpdump, looks like the VM 
isn't connected to the vswitch but VM got a dhcp IP address.

Any help is greatly appreciated.


openstack-nova-2012.1-3.fc16.noarch
openstack-quantum-2012.1-1.fc16.noarch


[root@core01 ~]# nova-manage network create --label=public 
--fixed_range_v4=10.10.0.0/24 --project_id=76c41e7de2d0408489e94f8adb5b28ee
[root@core01 ~]# nova-manage network list
id       IPv4      IPv6       start address      
DNS1       DNS2       VlanID     project        
uuid   
13       10.10.0.0/24      None       10.10.0.2      
8.8.4.4        None       None       
76c41e7de2d0408489e94f8adb5b28ee    09656e2d-7f4e-4172-a37a-8cff745044b2


[root@core01 ~]# nova boot --image 2dec19df-b1a0-4091-840f-2c76455d2248 
--flavor 1 --nic net-id=09656e2d-7f4e-4172-a37a-8cff745044b2 test-vm1

[root@core01 ~]# nova list
+--+--++--+
|  ID  |   Name   | Status | Networks |
+--+--++--+
| 760f7622-a223-4fff-9cba-84dc144a6448 | test-vm1 | ACTIVE | public=10.10.0.3 |
+--+--++--+

[root@core01 ~]# ovs-vsctl show
1059a32e-7b7f-4b8a-aef1-b526f3c44b67
    Bridge br-int
    Port "gw-09656e2d-7f"
    tag: 1
    Interface "gw-09656e2d-7f"
    type: internal
    Port br-int
    Interface br-int
    type: internal
    Port "tap3421ac3b-94"
    tag: 1
    Interface "tap3421ac3b-94"
    ovs_version: "1.4.0"
[root@core01 ~]# 
[root@core01 ~]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags   MSS Window  irtt Iface
0.0.0.0 172.20.0.250    0.0.0.0 UG    0 0  0 em1.777
10.10.0.0   0.0.0.0 255.255.255.0   U 0 0  0 
gw-09656e2d-7f
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0  0 em1.777
172.20.0.0  0.0.0.0 255.255.255.0   U 0 0  0 em1.777


[root@core01 nova]# tcpdump -i gw-09656e2d-7f
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on gw-09656e2d-7f, link-type EN10MB (Ethernet), capture size 65535 
bytes
17:22:01.410697 ARP, Request who-has 10.10.0.3 tell core01, length 28
17:22:02.412664 ARP, Request who-has 10.10.0.3 tell core01, length 28

[root@core01 nova]# tcpdump -i tap3421ac3b-94
tcpdump: WARNING: tap3421ac3b-94: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tap3421ac3b-94, link-type EN10MB (Ethernet), capture size 65535 
bytes
17:25:10.460668 ARP, Request who-has 10.10.0.3 tell core01, length 28
17:25:11.462682 ARP, Request who-has 10.10.0.3 tell core01, length 28





[root@core01 nova]# ifconfig 
em1   Link encap:Ethernet  HWaddr 00:25:90:1C:1B:0E  
  inet6 addr: fe80::225:90ff:fe1c:1b0e/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:16529152 errors:0 dropped:4307 overruns:0 frame:0
  TX packets:2913065 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000 
  RX bytes:10432691482 (9.7 GiB)  TX bytes:1351181843 (1.2 GiB)
  Memory:fbd2-fbd4 

em1.777   Link encap:Ethernet  HWaddr 00:25:90:1C:1B:0E  
  inet addr:172.20.0.51  Bcast:172.20.0.255  Mask:255.255.255.0
  inet6 addr: fe80::225:90ff:fe1c:1b0e/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:3742346 errors:0 dropped:15956 overruns:0 frame:0
  TX packets:2500077 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0 
  RX bytes:8927367533 (8.3 GiB)  TX bytes:1323925155 (1.2 GiB)

gw-09656e2d-7f Link encap:Ethernet  HWaddr FA:16:3E:1E:EF:6F  
  inet addr:10.10.0.1  Bcast:10.10.0.255  Mask:255.255.255.0
  inet6 addr: fe80::f816:3eff:fe1e:ef6f/64 Scope:Link
  UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
  RX packets:12 errors:0 dropped:0 overruns:0 frame:0
  TX packets:140 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0 
  RX bytes:2520 (2.4 KiB)  TX bytes:6096 (5.9 KiB)

lo    Link encap:Local Loopback  
  inet addr:127.0.0.1  Mask:255.0.0.0
  inet6 addr: ::1/128 Scope:Host
  UP LOOPBACK RUNNING  MTU:16436  Metric:1
  RX packets:6445720 errors:0 dropped:0 overruns:0 frame:0
  TX packets:6445720 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0 
  RX bytes:43788857525 (40.7 GiB)  TX bytes:43788857525 (40.7 GiB)

tap3421ac3b-94 Link encap:Ethernet  HWaddr D6:FD:56:FD:76:FD  
  in

Re: [Openstack] [OpenStack][Keystone] Blueprint to store quota data in Keystone

2012-05-15 Thread Everett Toews

You raise some excellent points here. I've been focused on aligning the CLI
with REST methods one-to-one and staying consistent with the other
subcommands but there's more to consider.

It would really suck to be an admin and have to guess at whether or not a
tenant already had a quota set so you can decide to use quota-create or
quota-update. I suppose quota-update could make a call to the server within
the keystone client to figure it out but that's an extra call that
shouldn't be necessary. The same holds true if an admin were scripting this
and had to script in some error handling for it, it still amounts to an
extra call that shouldn't be necessary.

I think quota-set has merit. In terms of REST methods a PUT can be used for
a create or replace [1] so the semantics are okay there. As for staying
consistent with the other subcommands, this really isn't like the other
subcommands. As you say the quotas/metadata are effectively attributes of
the tenant and are not really their own independent entity so we treat them
a bit differently.

I've updated the spec [2] and revamped the CLI. Instead of quota-create and
quota-update there is quota-set. Instead of quota-list and quota-get there
is just quota-get. I also changed the positioning of the arguments to make
it easier for scriptors to append quota arguments when generating commands.

Since this spec has been out there for a week now (thank you for the
feedback) I came to some decisions about the questions I had. I recorded
those decisions at the end of the spec.

Thanks,
Everett

[1]
http://tools.ietf.org/html/draft-ietf-httpbis-p2-semantics-16#section-7.6
[2] http://wiki.openstack.org/KeystoneStoreQuotaData

On Tue, May 15, 2012 at 8:05 AM, Joe Topjian  wrote:

> Hi Everett,
>
>
>>  Secondly, with regard to quota-create and quota-update, is there a huge
>>> difference between the two besides one would ultimately do an "insert" and
>>> one would do an "update"? If that is the only difference, could the two be
>>> combined into a single "quota-set" subcommand?
>>>
>>
>> They're two distinct actions and having both is consistent with the rest
>> of the keystone CLI.
>>
>
> I spent some time thinking about this over the weekend and realized why
> quota-create and quota-update seem like weird actions to me. I apologize
> for the lengthy response.
>
> Let's define a "quota resource" as "swift.total" or "nova.ram".
>
>
> In the design specs, the examples are showing create and update commands
> for the same quota resource:
>
>
> keystone quota-create --quota swift.total=1073741824 
>
> keystone quota-update --quota swift.total=2147483648 
>
>
> The specs do not explicitly say if this is allowed or not:
>
>
> keystone quota-create --quota nova.ram=10240 $joe_tenant_id
>
> keystone quota-update --quota nova.instances=20 $joe_tenant_id
>
>
> It might be obvious to some that those two commands are in no way legal,
> but to me, they are. Here's why:
>
>
> Rule 1-1: Let's define a "quota-less tenant" as a tenant that has no quota
> data in a metadata table.
>
> Rule 1-2: Let's define a "quota'd tenant" as a tenant that has at least
> one quota resource in a metadata table.
>
>
> Once a quota-create command is issued on any tenant for any quota
> resource, that tenant is now a "quota'd tenant". Thus, any further updates
> to a "quota'd tenant", regardless of the quota resource, is legal.
>
>
> Conversely:
>
>
> Rule 2-1: Let's define a "quota-less tenant" as a tenant that has no quota
> data of a specific quota resource in a metadata table.
>
> Rule 2-2: Let's define a "quota'd tenant" as a tenant that has a quota set
> for a specific quota resource in a metadata table.
>
>
> Now:
>
>
> keystone quota-create --quota nova.ram=10240 $joe_tenant_id
>
> keystone quota-update --quota nova.instances=20 $joe_tenant_id
>
> Error: quota resource "nova.instances" does not exist for $joe_tenant_id.
> Create it first.
>
>
> quota-create only created the nova.ram quota resource and the tenant is
> only quota'd for that single quota resource. Updates can only be applied to
> resources that are quota'd on that tenant.
>
>
> If Rule 2-1 and Rule 2-2 are how you are designing the Keystone quota
> system, then this all ends here and the below is invalid. But when I first
> read the spec, I got in my head that Rule 1-1 and Rule 1-2 are how it works
> and so here is my thought-trail on why I think quota-set should just be
> used:
>
>
> Let's look at the unix "useradd" command. The only required field is the
> username:
>
>
> useradd jtopjian
>
>
> Once the user is added, "usermod" can be used to modify any user option by
> referencing the username:
>
>
> usermod --uid 1234 jtopjian
>
>
> The same is true with the keystone command. In order to work on quotas,
> the tenant_id must first be created:
>
>
> keystone tenant-create ...
>
>
> Since $joe_tenant_id is specified for each call of "keystone quota-*", it
> makes the quota-* commands more like the "usermod" command.
>
>
> In this way,

Re: [Openstack] [Kesytone] get endpoint list when validating a token

2012-05-15 Thread Alejandro Comisario


Sorry!
Surfing the code, i've found the "*belongsTo*" query string to ask for 
the endpoints also.


thanks!

On 05/15/2012 03:30 PM, Alejandro Comisario wrote:

Hi all !!
Its seems that in 2012.1 the call 
"*http://kstn:35357/v2.0/tokens/[userToken]/endpoints*"; with admin 
token is not implemented.
So, how can i get the endpoints for a given token through the admin 
port/token ?
If i do *http://kstn:35357/v2.0/endpoints *i get the endpoint list, 
but without the region nor the service "type" that is what i need to 
know in the endpoints related to the given token !


Any help on how this can be achieved in 2012.1 ?
Best regards !

Alejandro.


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] glance nova and keystone clients in horizon dashboard

2012-05-15 Thread Vijay

Hello,
I have installed essex released version of openstack. When I install horizon, 
as part of installation it installs everything in pip-requires. This file 
clones glance, nova and keystone clients from the git site which is dev version 
and overrides my earlier base essex versions.
If git cloning is commented out, then, dashboard cannot be accessed from 
browser. It says improperly configured no module novaclient.
 
Is there a way to properly configure dashboard with the current existing 
clients without having to clone it from the git site?
 
Thanks,
-vj___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Instance Networking Issue

2012-05-15 Thread Salman Malik


Hi Guys,

I am having trouble with launching instances. The launch fails on networking 
task with status error. Here is the output (at nova-compute screen session) on 
launching instance :

2012-05-02 06:41:52 TRACE nova.rpc.amqp RemoteError: Remote error: 
QuantumNotFoundException (u'Quantum entity not found: %s', '{"QuantumError": 
{"message": "Unable to find a network with the specified identifier.", "type": 
"NetworkNotFound", "detail": "Network 5f227bba-eb3b-4dba-ad4c-b47c80aaffd7 
could not be found"}}')


Here is the output when I terminated the instance:
2012-05-02 06:44:04 TRACE nova.rpc.amqp Command: sudo 
/usr/local/bin/nova-rootwrap ovs-vsctl get Interface tap772ad8ff-89 ofport
2012-05-02 06:44:04 TRACE nova.rpc.amqp Exit code: 1
2012-05-02 06:44:04 TRACE nova.rpc.amqp Stdout: ''
2012-05-02 06:44:04 TRACE nova.rpc.amqp Stderr: 'ovs-vsctl: no row 
"tap772ad8ff-89" in table Interface\n'


Question/Problems:

1. Network with uuid 5f227bba-eb3b-4dba-ad4c-b47c80aaffd7 is not a Quantum 
network (or may be its a quantum network but it doesn't belong to any tenant) . 
This network got created automatically when I ran stack.sh script and is 
associated with the fixed_range=10.0.0.0/24 in the nova.conf file. So problem 
here is that I wanted to launch this instance on a quantum network managed by a 
tenant/use (that I created before launching instance), how can I fix this?

2. Before running stack.sh, I could see gw-** port in my br-int bridge. Now it 
doesn't show up anywhere. Can you tell me what is the purpose of this port and 
how can I get it back in my br-int ?

3. Would answer to 1 and 2 help in succesful launch of instances ? If not, what 
else do I need to do ?


Thanks,
Salman
  ___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Boston UG

2012-05-15 Thread andi abes

Quick note about our next meetup, morrow 5/16, @ Harvard University.
If you happen to be in Boston area, come eat some pizza, get to know
some cool folks and have some Openstack shop-talk
(if you're commuting, fear not the parking. There are instructions on
getting cheap parking at Harvard facilities for 5$)

Thanks SUSE for feeding us, and Dell for herding the cats...

logistics and such here: http://www.meetup.com/Openstack-Boston/events/63106082/

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Keystone] PKI

2012-05-15 Thread Thor Wolpert

If you're open to levarging other OSS projects,
http://www.ejbca.org/architecture.html us a great one to look at, assuming
you need a PKI implementation available.

I believe it is at least worth a look.

On Tue, May 15, 2012 at 1:30 PM, Razique Mahroua
wrote:

> great topic :)
>
>
>  Joseph Heck 
>  15 mai 2012 21:06
> Coming out of the Keystone meeting from today (
> http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-15-18.02.html),
> I thought it worth mentioning that adam young has been doing some
> tremendous lifting in terms of looking at adding in PKI support to
> Keystone. The writeup and details are on the OpenStack wiki at
> http://wiki.openstack.org/PKI
>
> I rather suspect there's a lot of interest in this topic, so I wanted to
> make sure the broader community knew about the effort, what we were
> thinking, and were we are.
>
> If you're interested in discussing, the keystone meeting is on Tuesday
> mornings at 18:00 UTC
>
> -joe
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
>
>
> --
> Nuage & Co - Razique Mahroua
> razique.mahr...@gmail.com
>
>
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Keystone] PKI

2012-05-15 Thread Razique Mahroua

great topic :) 	   
   	Joseph Heck  
  15 mai 2012 21:06Coming out of the Keystone
 meeting from today 
(http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-15-18.02.html),
 I thought it worth mentioning that adam young has been doing some 
tremendous lifting in terms of looking at adding in PKI support to 
Keystone. The writeup and details are on the OpenStack wiki at 
http://wiki.openstack.org/PKII rather suspect there's a lot of 
interest in this topic, so I wanted to make sure the broader community 
knew about the effort, what we were thinking, and were we are. If
 you're interested in discussing, the keystone meeting is on Tuesday 
mornings at 18:00 UTC-joe___Mailing
 list: https://launchpad.net/~openstackPost to : 
openstack@lists.launchpad.netUnsubscribe : 
https://launchpad.net/~openstackMore help   : 
https://help.launchpad.net/ListHelp-- Nuage & Co - Razique Mahroua 
razique.mahr...@gmail.com








 






___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Baremetal Support

2012-05-15 Thread Mikyung Kang

Hello Chuck,

The general bare-metal framework and tilera-specific back-end descriptions are 
written in the following wiki page.

http://wiki.openstack.org/HeterogeneousTileraSupport
https://blueprints.launchpad.net/nova/+spec/heterogeneous-tilera-architecture-support

The nova/virt/baremetal/* codes were pushed into essex, 
but HeterogeneousInstanceTypes and HeterogeneousArchitectureScheduler were not 
merged into upstream yet.

Currently, to support general IPMI-PXE machines and extend features (including 
ARM instance types), 
we (USI/ISI) are collaborating with NTT docomo and Calxeda for the following 
blueprint.

https://blueprints.launchpad.net/nova/+spec/general-bare-metal-provisioning-framework

Please let us know if you have more questions or need more description about 
bare-metal support.

Thanks,
Mikyung


- Original Message -
From: "Chuck Short" 
To: openstack@lists.launchpad.net
Sent: Tuesday, May 15, 2012 2:42:08 PM
Subject: [Openstack] Baremetal Support

Hi,

The documentation for the baremetal support is a bit scarce. Does
anyone know where I can find some more documentation please?

Thanks
chuck

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] [Keystone] PKI

2012-05-15 Thread Joseph Heck

Coming out of the Keystone meeting from today 
(http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-15-18.02.html),
 I thought it worth mentioning that adam young has been doing some tremendous 
lifting in terms of looking at adding in PKI support to Keystone. The writeup 
and details are on the OpenStack wiki at http://wiki.openstack.org/PKI

I rather suspect there's a lot of interest in this topic, so I wanted to make 
sure the broader community knew about the effort, what we were thinking, and 
were we are. 

If you're interested in discussing, the keystone meeting is on Tuesday mornings 
at 18:00 UTC

-joe

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Heat API v3 released!

2012-05-15 Thread Chris Alfonso


Hi,

Heat is a AWS CloudForm API implementation for OpenStack.  The purpose
of the software is to orchestrate resources (including virtual machines,
networks, storage) into a running cloud application.  The software
converts an AWS template into native OpenStack API calls and provides a
REST API to access the template (called a stack).  Our development
community has been busy over the last 3 weeks working on our third
release.  New in this release is:

+ cloudformation (cfn) tools for high availability orchestration - monitors and 
restarts services and VMs if they fail
+ mysql database setup for for rpm/.deb based installations
+ file and sources support in cfn-init
+ WaitCondition support - to allow synchronization of resource starting
+ additional template support - try out a highly available  set of VMs and a 
rails stack
+ unit test framework to support futher development - run the unit tests 
without any dependency services running
+ unit tests for stacks, resources, cfntools, validation, and more
+ pep8 and virtual environment compliance
+ usability improvements
+ bug fixes

The references to cfn-* is explained here:
https://github.com/heat-api/heat/tree/9de4d852dcc484485df5a47a17092f186fed3d1e/heat/cfntools


pgpG0NjuscWSv.pgp
Description: PGP signature
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Baremetal Support

2012-05-15 Thread Chuck Short

Hi,

The documentation for the baremetal support is a bit scarce. Does
anyone know where I can find some more documentation please?

Thanks
chuck

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Problem with attaching disks to an instance

2012-05-15 Thread Shashank Sahni

Thanks for the info. This way is indeed more convenient.

-- Shashank Sahni

On Tue, May 15, 2012 at 10:57 PM, Vishvananda Ishaya
wrote:

> FYI iscsi_ip_prefix doesn't exist in essex.  The ip is passed back to the
> compute node based on what it has stored in the database, so the compute
> node no longer finds it through discovery and matching to the prefix.  You
> should only need iscsi_ip_address on the volume node to make sure that the
> db entry is created properly.
>
> Vish
>
> On May 15, 2012, at 12:25 AM, Razique Mahroua wrote:
>
> In fact, it looks like the service is not able to retrieve the
> nova-volume' IP; as if there were some issue parsing the flag or something
> like that.
> Could you try by commenting that entry on all your servers :
>
> --iscsi_ip_address
>
>  and only keep the prefix ?
> Razique
>
>
>  Shashank Sahni 
>  14 mai 2012 18:22
> Hi,
>
> Oh! They are same. I just masked the values before pasting the
> configuration files. Although, now that I think of it, its pretty harmless.
> Here are the originals.
>
> controller node - http://paste.openstack.org/show/17513/
> compute node - http://paste.openstack.org/show/17514/
> volume node - http://paste.openstack.org/show/17515/
>
> As per my understanding, I just need to figure out how the volume node is
> identified. Thank you for replying.
>
> Regards,
> Shashank Sahni
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
>
>
> --
> Nuage & Co - Razique Mahroua
> razique.mahr...@gmail.com
>
>  
>
>
>  ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
>
<>___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Dashboard doesn't list out multiple projects associated with a user

2012-05-15 Thread Shashank Sahni

Hi,

I'm trying to make use of tenant feature provided by keystone. I want each
user to have one default project and based on the requirements make them
part of others enabling them to work in groups. Tenant is perfect for such
setup.

My understanding is that in order to add a user to a tenant we use
'user-role-add' option of python keystone client. I've been playing with it
for a while and it seems to be working. I can see the same user as part of
multiple projects(with member roles) in the admin syspanel. But when I log
in as the user I can't see the list of projects the user is part of. The
default project is the one in which the user has been most recently added.
I believe the project title button is meant to be a drop down list but
isn't showing anything.

I might be missing something trivial here. Some help would be greatly
appreciated.

Kind Regards,
Shashank Sahni
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] [Kesytone] get endpoint list when validating a token

2012-05-15 Thread Alejandro Comisario


Hi all !!
Its seems that in 2012.1 the call 
"*http://kstn:35357/v2.0/tokens/[userToken]/endpoints*"; with admin token 
is not implemented.
So, how can i get the endpoints for a given token through the admin 
port/token ?
If i do *http://kstn:35357/v2.0/endpoints *i get the endpoint list, but 
without the region nor the service "type" that is what i need to know in 
the endpoints related to the given token !


Any help on how this can be achieved in 2012.1 ?
Best regards !

Alejandro.
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Understanding Integration Bridge and MACs

2012-05-15 Thread Dan Wendlandt

On Tue, May 15, 2012 at 10:19 AM, Salman Malik  wrote:

>  Thanks for quick reply Dan.
> Here is another problem: there are some networks that show up in
> nova-manage network list command but when I delete them using nova-manage
> network delete --uuid , I get get this error:
>
> 2012-05-02 02:43:57 TRACE nova   File
> "/opt/stack/nova/nova/network/quantum/client.py", line 196, in do_request
> 2012-05-02 02:43:57 TRACE nova _("Quantum entity not found: %s"), data)
> 2012-05-02 02:43:57 TRACE nova QuantumNotFoundException: (u'Quantum entity
> not found: %s', '{"QuantumError": {"message": "Unable to find a network
> with the specified identifier.", "type": "NetworkNotFound", "detail":
> "Network 8fdced2b-8235-4db8-b063-08e7cc9b78d8 could not be found"}}')
>
> Whereas other networks get deleted with great ease.
> Seems to be a problem with database consistency? I have tried to restart
> the stack as a whole, but get the same error...
>

It looks like your system is probably inconsistent due to the actions you
described in the previous email (i.e., deleting networks directly via
quantum, rather than using nova-manage network delete).  The network likely
still exists in nova, even though you deleted it via Quantum (hence the 404
exception from quantum).

You'll probably need to reset your nova database and the ovs_quantum
database (assuming you're using the OVS plugin).  If you're using devstack,
simply re-running stack.sh should do it.

dan



>
>
> --
> From: d...@nicira.com
> Date: Tue, 15 May 2012 09:29:02 -0700
>
> Subject: Re: [Openstack] Understanding Integration Bridge and MACs
> To: salma...@live.com
> CC: openstack@lists.launchpad.net
>
> Hi Salman,
>
> You need to delete by UUID (since if quantum is used with melange,
> fixed_range is not guaranteed to be unique).
>
> just use:
>
> nova network delete --uuid 
>
> I just yesterday noticed that this was missing from the Quantum Admin
> Guide and added it:
> http://docs.openstack.org/trunk/openstack-network/admin/content/Net-Create-dle455.html
>
> Dan
>
> On Tue, May 15, 2012 at 9:22 AM, Salman Malik  wrote:
>
>  Thank you both but when I try to delete any such network using
> nova-manage network delete tenant net_ID, I get the following error:
>
> 2012-05-02 01:47:59 TRACE nova   File "/opt/stack/nova/bin/nova-manage",
> line 867, in delete
> 2012-05-02 01:47:59 TRACE nova raise Exception("Deleting by
> fixed_range is not supported " \
> 2012-05-02 01:47:59 TRACE nova Exception: Deleting by fixed_range is not
> supported with the QuantumManager
>
> How can I delete nets defined using fixed_range parameter?
>
> Thanks,
> Salman
>
>
> --
> From: d...@nicira.com
> Date: Mon, 14 May 2012 19:23:34 -0700
> Subject: Re: [Openstack] Understanding Integration Bridge and MACs
> To: salma...@live.com
> CC: openstack@lists.launchpad.net
>
>
>
>
> On Mon, May 14, 2012 at 3:19 PM, Salman Malik  wrote:
>
>  In addition to the mail that follows, I am having some problem with
> quantum networks as well. When I create a network using :
>
> sudo nova-manage network create --label=$tenant0
> --fixed_range_v4=$iprange0 --project_id=$tenant0
>
> I can see the network using both "quantum list_nets $tenant0" and
> "nova-manage network list", but when I delete the network using "quantum
> delete_net $tenant0 $netID", the nova-manage network list still shows the
> network and when I try to use the same CIDR for another network,I get an
> error saying CIDR already in use. Shouldn't deleting "quantum list_nets"
> and "nova-manage network list" be consistent with each other ?
>
>
> In Essex, when using Nova all Quantum network creation and deletion must
> occur using nova-manage.  This is because we store the IP address
> management data associated with a network is stored in the Nova database.
>  As Yong mentioned, in Folsom we are storing IP address management data in
> Quantum itself, in which case network creation can happen directly via the
> Quantum API and Nova VMs will still be able to get IPs.
>
> Dan
>
>
>
>
>
>
>
> --
> From: salma...@live.com
> To: openstack@lists.launchpad.net
> Subject: Understanding Integration Bridge and MACs
> Date: Sun, 13 May 2012 19:42:14 -0500
>
>
>  Hi Dan and Others,
>
> I am trying to understand the actions taken by Ryu when the new instance
> sends DHCP discover message to dnsmasq. When I launch new instannce it
> keeps on sending discover messages and controller keeps on dropping these
> messages. But looking at the traffic I couldn't exactly map which MAC
> address belonged to which entity. Can someone help me with my understanding
> of the MAC addresses. Using ifconfig , "ovs-ofctl show br-int" and
> "ovs-ofctl snoop br-int" (output shown after MAC addresses), I know exactly
> about some MAC addresses and can't figure out some of them:
>
> Interfaces  |HWAddress  |IP-addr
>
> --

Re: [Openstack] HELP: About Nova long time response when taking snapshot

2012-05-15 Thread Sam Su

Hi Yun,

Thank you for your quick response.

Yes, I am using essex release. I added one line 'libvirt_nonblocking=true'
in nova.conf, took a snapshot, then created a VM, it also needs a long
time(about 3 minutes) during the task of  'networking' and 'spawning' -- I
think this is because I was snapshoting at the same time.

I am thinking whether it can get better response time if move the glance
service to another server or deploy  multi-node glance. I wonder whether
glance support multi-nodes mode and where can I get the instruction. All
help are appreciated.

Thanks,
sam

On Tue, May 15, 2012 at 4:43 AM, Yun Mao  wrote:

> If you are using the essex release, have you tried to enable the
> libvirt_nonblocking option?
>
> Yun
>
> On Tue, May 15, 2012 at 2:18 AM, Sam Su  wrote:
> > Hi,
> >
> > I have a multi-nodes openstack environment, including a control node
> running
> > Glance, nova-api, nova-scheduler, nova-network, rabbitmq, mysql, keystone
> > and dashboard services, and two compute nodes running nova-compute and
> > nova-network services.
> >
> > When someone is taking a snapshot for his/her VMs, the Openstack system
> > looks like very busy and it will take a long time (at least 3 to
> 4 minutes
> > in this situation and regular time is in 30 seconds) to create a VM.
> >
> > I wonder is there any solution to optimize this system so that it can
> > response quickly. it will be much appreciated if someone could give me
> some
> > hints about this.
> >
> > Thanks,
> > Sam
> >
> > ___
> > Mailing list: https://launchpad.net/~openstack
> > Post to : openstack@lists.launchpad.net
> > Unsubscribe : https://launchpad.net/~openstack
> > More help   : https://help.launchpad.net/ListHelp
> >
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Problem with attaching disks to an instance

2012-05-15 Thread Vishvananda Ishaya

FYI iscsi_ip_prefix doesn't exist in essex.  The ip is passed back to the compute node based on what it has stored in the database, so the compute node no longer finds it through discovery and matching to the prefix.  You should only need iscsi_ip_address on the volume node to make sure that the db entry is created properly.VishOn May 15, 2012, at 12:25 AM, Razique Mahroua wrote:

In fact, it looks like the service is not able to retrieve the 
nova-volume' IP; as if there were some issue parsing the flag or 
something like that.Could you try by commenting that entry on all 
your servers : --iscsi_ip_address and
 only keep the prefix ?Razique 	   
   	Shashank Sahni  
  14 mai 2012 18:22
  

  
Hi,

Oh! They are same. I just masked the values before pasting the
configuration files. Although, now that I think of it, its pretty
harmless. Here are the originals.

controller node - http://paste.openstack.org/show/17513/
compute node - http://paste.openstack.org/show/17514/
volume node - http://paste.openstack.org/show/17515/

As per my understanding, I just need to figure out how the volume
node is identified. Thank you for replying.

Regards,
Shashank Sahni


  ___Mailing list: 
https://launchpad.net/~openstackPost to : 
openstack@lists.launchpad.netUnsubscribe : 
https://launchpad.net/~openstackMore help   : 
https://help.launchpad.net/ListHelp-- Nuage & Co - Razique Mahroua 
razique.mahr...@gmail.com








 






___Mailing list: https://launchpad.net/~openstackPost to : openstack@lists.launchpad.netUnsubscribe : https://launchpad.net/~openstackMore help   : https://help.launchpad.net/ListHelp___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Opening up bug triaging rights

2012-05-15 Thread Patel, Nayna (Cloud Services)

+1

Nayna


On May 15, 2012, at 10:14 AM, "Jay Pipes"  wrote:

> On 05/15/2012 10:56 AM, Thierry Carrez wrote:
>> c. Keep it as a PROJECT-core only duty, and create regular triaging
>> activity for core members (preventing other devs from helping or
>> nominating bugs for backports)
> 
> This would be my preference. I think that just like Nova has Review Days 
> that all nova-core members have a duty to focus on reviewing Nova patch 
> submissions, I think that having "Bug Triage Days" each week where one 
> or more people are focusing on triage activities makes sense.
> 
> Best,
> -jay
> 
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Understanding Integration Bridge and MACs

2012-05-15 Thread Salman Malik


Thanks for quick reply Dan.
Here is another problem: there are some networks that show up in nova-manage 
network list command but when I delete them using nova-manage network delete 
--uuid , I get get this error:

2012-05-02 02:43:57 TRACE nova   File 
"/opt/stack/nova/nova/network/quantum/client.py", line 196, in do_request
2012-05-02 02:43:57 TRACE nova _("Quantum entity not found: %s"), data)
2012-05-02 02:43:57 TRACE nova QuantumNotFoundException: (u'Quantum entity not 
found: %s', '{"QuantumError": {"message": "Unable to find a network with the 
specified identifier.", "type": "NetworkNotFound", "detail": "Network 
8fdced2b-8235-4db8-b063-08e7cc9b78d8 could not be found"}}')

Whereas other networks get deleted with great ease.
Seems to be a problem with database consistency? I have tried to restart the 
stack as a whole, but get the same error...

From: d...@nicira.com
Date: Tue, 15 May 2012 09:29:02 -0700
Subject: Re: [Openstack] Understanding Integration Bridge and MACs
To: salma...@live.com
CC: openstack@lists.launchpad.net

Hi Salman,
You need to delete by UUID (since if quantum is used with melange, fixed_range 
is not guaranteed to be unique).  
just use:
nova network delete --uuid 


I just yesterday noticed that this was missing from the Quantum Admin Guide and 
added it: 
http://docs.openstack.org/trunk/openstack-network/admin/content/Net-Create-dle455.html
  


Dan

On Tue, May 15, 2012 at 9:22 AM, Salman Malik  wrote:









Thank you both but when I try to delete any such network using nova-manage 
network delete tenant net_ID, I get the following error:



2012-05-02 01:47:59 TRACE nova   File "/opt/stack/nova/bin/nova-manage", line 
867, in delete
2012-05-02 01:47:59 TRACE nova raise Exception("Deleting by fixed_range is 
not supported " \
2012-05-02 01:47:59 TRACE nova Exception: Deleting by fixed_range is not 
supported with the QuantumManager



How can I delete nets defined using fixed_range parameter?

Thanks,
Salman


From: d...@nicira.com
Date: Mon, 14 May 2012 19:23:34 -0700


Subject: Re: [Openstack] Understanding Integration Bridge and MACs
To: salma...@live.com
CC: openstack@lists.launchpad.net





On Mon, May 14, 2012 at 3:19 PM, Salman Malik  wrote:











In addition to the mail that follows, I am having some problem with quantum 
networks as well. When I create a network using :

sudo nova-manage network create --label=$tenant0 --fixed_range_v4=$iprange0 
--project_id=$tenant0





I can see the network using both "quantum list_nets $tenant0" and "nova-manage 
network list", but when I delete the network using "quantum delete_net $tenant0 
$netID", the nova-manage network list still shows the network and when I try to 
use the same CIDR for another network,I get an error saying CIDR already in 
use. Shouldn't deleting "quantum list_nets" and "nova-manage network list" be 
consistent with each other ?





In Essex, when using Nova all Quantum network creation and deletion must occur 
using nova-manage.  This is because we store the IP address management data 
associated with a network is stored in the Nova database.  As Yong mentioned, 
in Folsom we are storing IP address management data in Quantum itself, in which 
case network creation can happen directly via the Quantum API and Nova VMs will 
still be able to get IPs.  




Dan
 







From: salma...@live.com
To: openstack@lists.launchpad.net




Subject: Understanding Integration Bridge and MACs
Date: Sun, 13 May 2012 19:42:14 -0500





Hi Dan and Others,

I am trying to understand the actions taken by Ryu when the new instance sends 
DHCP discover message to dnsmasq. When I launch new instannce it keeps on 
sending discover messages and controller keeps on dropping these messages. But 
looking at the traffic I couldn't exactly map which MAC address belonged to 
which entity. Can someone help me with my understanding of the MAC addresses. 
Using ifconfig , "ovs-ofctl show br-int" and "ovs-ofctl snoop br-int" (output 
shown after MAC addresses), I know exactly about some MAC addresses and can't 
figure out some of them:





Interfaces  |HWAddress  |IP-addr
-
eth0|08:00:27:7a:ff:65|10.0.3.15




eth1|08:00:27:16:d5:09  |10.0.0.10

Re: [Openstack] Swift Object Storage ACLs with KeyStone

2012-05-15 Thread Nguyen, Liem Manh

There is a nice write-up of Keystone RBAC here:

https://blueprints.launchpad.net/keystone/+spec/rbac-keystone

AFAIK, Keystone will provide CRUD API around policy.json, but policy 
enforcement is done at the service level…  Joe or Dolph may be able to provide 
more insights…

Liem

From: Chmouel Boudjnah [mailto:chmo...@chmouel.com]
Sent: Tuesday, May 15, 2012 9:41 AM
To: Nguyen, Liem Manh
Cc: 张家龙; openstack
Subject: Re: [Openstack] Swift Object Storage ACLs with KeyStone

This has been filled already zhangjialong :

https://bugs.launchpad.net/keystone/+bug/999615

I am not very familiar with how Keystone RBAC u work, AFAIK the current way to 
do that with policy.json is going to go away in the future, right?

Chmouel.
On Tue, May 15, 2012 at 6:37 PM, Nguyen, Liem Manh 
mailto:liem_m_ngu...@hp.com>> wrote:
Yeah, that is because the swift/keystone middleware checks for the tenantId to 
match the accountId in the URL path...  Perhaps, we should rely strictly on 
Swift ACL for granting access to a given Swift container, and rely on Keystone 
RBAC for what you can do with a given Swift account.

BTW, we also ran into this issue before...  Has a bug/feature request been 
filed for this yet?  If not, I can file one.

Thanks,
Liem

-Original Message-
From: 
openstack-bounces+liem_m_nguyen=hp@lists.launchpad.net
 
[mailto:openstack-bounces+liem_m_nguyen=hp@lists.launchpad.net]
 On Behalf Of Chmouel Boudjnah
Sent: Tuesday, May 15, 2012 2:55 AM
To: 张家龙
Cc: openstack
Subject: Re: [Openstack] Swift Object Storage ACLs with KeyStone

Hi,

In swift+keystone you are not allowed to have ACL between different
account/tenant/project, you can only allow ACL between  different
users in a tenant.
This is probably something not too difficult to implement but it may
needs some tinkering to get it right. Please feel free to log a bug in
keystone and we'll try to address that.

Chmouel.

On Sat, May 12, 2012 at 4:02 AM, 张家龙 
mailto:zhan...@awcloud.com>> wrote:
> Vish ,
>  Thank you for answering.
>  While ,sorry,I don`t understand your said.
>  Do you mean I have to do like follows when I setting up acls:
>
> curl -X PUT -i \
> -H "X-Auth-Token: " \
> -H "X-Container-Read: " \
> http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
>
> Or,other operations and settings?
> --
> Best Regards
>
> ZhangJialong
>
>
>
> -- Original --
> From:  "Vishvananda 
> Ishaya"mailto:vishvana...@gmail.com>>;
> Date:  Sat, May 12, 2012 03:03 AM
> To:  "张家龙"mailto:zhan...@awcloud.com>>;
> Cc:  
> "openstack"mailto:openstack@lists.launchpad.net>>;
> Subject:  Re: [Openstack] Swift Object Storage ACLs with KeyStone
>
> I'm not totally sure about this, but you might have to use the project_id
> from keystone instead of the project_name when setting up acls.   The same
> may be true of user_id.
>
> Vish
>
> On Fri, May 11, 2012 at 12:51 AM, 张家龙 
> mailto:zhan...@awcloud.com>> wrote:
>>
>>
>> Hello, everyone.
>>
>> I encountered some problems when i set permissions (ACLs) on Openstack
>> Swift containers.
>> I installed swift-1.4.8(essex) and use keystone-2012.1 as
>> authentication system on CentOS 6.2 .
>>
>> My swift proxy-server.conf and keystone.conf are here:
>> http://pastebin.com/dUnHjKSj
>>
>> Then,I use the script named opensatck_essex_data.sh(
>> http://pastebin.com/LWGVZrK0 ) to
>> initialize keystone.
>>
>> After these operations,I got the token of demo:demo and
>> newuser:newuser
>>
>> curl -s -H 'Content-type: application/json' \
>> -d '{"auth": {"tenantName": "demo", "passwordCredentials":
>> {"username": "demo", "password": "admin"}}}' \
>> http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool
>>
>> curl -s -H 'Content-type: application/json' \
>> -d '{"auth": {"tenantName": "newuser", "passwordCredentials":
>> {"username": "newuser", "password": "admin"}}}' \
>> http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool
>>
>> Then,enable read access to newuser:newuser
>>
>> curl -X PUT -i \
>> -H "X-Auth-Token: " \
>> -H "X-Container-Read: newuser:newuser" \
>>
>> http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
>>
>> Check the permission of the container:
>>
>> curl -k -v -H 'X-Auth-Token:' \
>>
>> http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
>>
>> This is the reply of the operation:
>>
>> HTTP/1.1 200 OK
>> X-Container-Object-Count: 1
>> X-Container-Read: newuser:newuser
>> X-Container-Bytes-Used: 2735
>> Accept-Ranges: bytes
>> Content-Length: 24
>> Content-Type: text/plain; charset=utf-8
>> Date: Fri, 11 May 2012 07:30:23 GMT
>>
>> opensatck_essex_data.sh
>>
>> Now,the user newuser:newuser visit the container of demo:demo
>>
>> curl -k -v -H '

Re: [Openstack] Swift: tempURL

2012-05-15 Thread Nguyen, Liem Manh

Hi Chmouel,

The code looks good (+1 it for allowing anonymous access), but specifically for 
tempurl support, we will still need to validate the user's identity.  The only 
difference is that we will validate the user's identity via a signature vs a 
token.  We still need to validate that the assumed identity does indeed have 
access to the given container (i.e., you cannot give someone access to a 
container you yourself do not have access to via the tempurl mechanism).

More on the BP here:

http://wiki.openstack.org/Projects/IncubatorApplication/Keystone?action=AttachFile&do=get&target=Tempurl+blueprint+proposal

Thanks,
Liem

-Original Message-
From: openstack-bounces+liem_m_nguyen=hp@lists.launchpad.net 
[mailto:openstack-bounces+liem_m_nguyen=hp@lists.launchpad.net] On Behalf 
Of Chmouel Boudjnah
Sent: Tuesday, May 15, 2012 8:46 AM
To: Rouault, Jason (Cloud Services)
Cc: openstack@lists.launchpad.net
Subject: Re: [Openstack] Swift: tempURL

On Tue, May 15, 2012 at 4:46 PM, Rouault, Jason (Cloud Services)
 wrote:
> There is a blueprint for this work in Keystone Folsom

Review is up: https://review.openstack.org/7446

Chmouel.

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Error in documentation: Swift + Keystone + S3

2012-05-15 Thread Chmouel Boudjnah

On Tue, May 15, 2012 at 4:07 PM, Razique Mahroua
wrote:

>
> We are updating the doc for the essex docs. Should the changes be also in
> the trunk and diablo docs ?
> Razique
>

It's only working from the essex release.

Thanks,
Chmouel.
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Opening up bug triaging rights

2012-05-15 Thread Jay Pipes


On 05/15/2012 10:56 AM, Thierry Carrez wrote:

c. Keep it as a PROJECT-core only duty, and create regular triaging
activity for core members (preventing other devs from helping or
nominating bugs for backports)


This would be my preference. I think that just like Nova has Review Days 
that all nova-core members have a duty to focus on reviewing Nova patch 
submissions, I think that having "Bug Triage Days" each week where one 
or more people are focusing on triage activities makes sense.


Best,
-jay

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Swift Object Storage ACLs with KeyStone

2012-05-15 Thread Chmouel Boudjnah

This has been filled already zhangjialong :

https://bugs.launchpad.net/keystone/+bug/999615

I am not very familiar with how Keystone RBAC u work, AFAIK the current way
to do that with policy.json is going to go away in the future, right?

Chmouel.

On Tue, May 15, 2012 at 6:37 PM, Nguyen, Liem Manh wrote:

> Yeah, that is because the swift/keystone middleware checks for the
> tenantId to match the accountId in the URL path...  Perhaps, we should rely
> strictly on Swift ACL for granting access to a given Swift container, and
> rely on Keystone RBAC for what you can do with a given Swift account.
>
> BTW, we also ran into this issue before...  Has a bug/feature request been
> filed for this yet?  If not, I can file one.
>
> Thanks,
> Liem
>
> -Original Message-
> From: openstack-bounces+liem_m_nguyen=hp@lists.launchpad.net [mailto:
> openstack-bounces+liem_m_nguyen=hp@lists.launchpad.net] On Behalf Of
> Chmouel Boudjnah
> Sent: Tuesday, May 15, 2012 2:55 AM
> To: 张家龙
> Cc: openstack
> Subject: Re: [Openstack] Swift Object Storage ACLs with KeyStone
>
> Hi,
>
> In swift+keystone you are not allowed to have ACL between different
> account/tenant/project, you can only allow ACL between  different
> users in a tenant.
> This is probably something not too difficult to implement but it may
> needs some tinkering to get it right. Please feel free to log a bug in
> keystone and we'll try to address that.
>
> Chmouel.
>
> On Sat, May 12, 2012 at 4:02 AM, 张家龙  wrote:
> > Vish ,
> >  Thank you for answering.
> >  While ,sorry,I don`t understand your said.
> >  Do you mean I have to do like follows when I setting up acls:
> >
> > curl -X PUT -i \
> > -H "X-Auth-Token: " \
> > -H "X-Container-Read: " \
> >
> http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
> >
> > Or,other operations and settings?
> > --
> > Best Regards
> >
> > ZhangJialong
> >
> >
> >
> > -- Original --
> > From:  "Vishvananda Ishaya";
> > Date:  Sat, May 12, 2012 03:03 AM
> > To:  "张家龙";
> > Cc:  "openstack";
> > Subject:  Re: [Openstack] Swift Object Storage ACLs with KeyStone
> >
> > I'm not totally sure about this, but you might have to use the project_id
> > from keystone instead of the project_name when setting up acls.   The
> same
> > may be true of user_id.
> >
> > Vish
> >
> > On Fri, May 11, 2012 at 12:51 AM, 张家龙  wrote:
> >>
> >>
> >> Hello, everyone.
> >>
> >> I encountered some problems when i set permissions (ACLs) on
> Openstack
> >> Swift containers.
> >> I installed swift-1.4.8(essex) and use keystone-2012.1 as
> >> authentication system on CentOS 6.2 .
> >>
> >> My swift proxy-server.conf and keystone.conf are here:
> >> http://pastebin.com/dUnHjKSj
> >>
> >> Then,I use the script named opensatck_essex_data.sh(
> >> http://pastebin.com/LWGVZrK0 ) to
> >> initialize keystone.
> >>
> >> After these operations,I got the token of demo:demo and
> >> newuser:newuser
> >>
> >> curl -s -H 'Content-type: application/json' \
> >> -d '{"auth": {"tenantName": "demo", "passwordCredentials":
> >> {"username": "demo", "password": "admin"}}}' \
> >> http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool
> >>
> >> curl -s -H 'Content-type: application/json' \
> >> -d '{"auth": {"tenantName": "newuser", "passwordCredentials":
> >> {"username": "newuser", "password": "admin"}}}' \
> >> http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool
> >>
> >> Then,enable read access to newuser:newuser
> >>
> >> curl -X PUT -i \
> >> -H "X-Auth-Token: " \
> >> -H "X-Container-Read: newuser:newuser" \
> >>
> >> http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
> >>
> >> Check the permission of the container:
> >>
> >> curl -k -v -H 'X-Auth-Token:' \
> >>
> >> http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
> >>
> >> This is the reply of the operation:
> >>
> >> HTTP/1.1 200 OK
> >> X-Container-Object-Count: 1
> >> X-Container-Read: newuser:newuser
> >> X-Container-Bytes-Used: 2735
> >> Accept-Ranges: bytes
> >> Content-Length: 24
> >> Content-Type: text/plain; charset=utf-8
> >> Date: Fri, 11 May 2012 07:30:23 GMT
> >>
> >> opensatck_essex_data.sh
> >>
> >> Now,the user newuser:newuser visit the container of demo:demo
> >>
> >> curl -k -v -H 'X-Auth-Token:' \
> >>
> >> http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
> >>
> >> While,I got 403 error.Can someone help me?
> >>
> >> --
> >> Best Regards
> >>
> >> ZhangJialong
> >>
> >>
> >> ___
> >> Mailing list: https://launchpad.net/~openstack
> >> Post to : openstack@lists.launchpad.net
> >> Unsubscribe : https://launchpad.net/~openstack
> >> More help   : https://help.launchpad.net/ListHelp
> >>
> >
> >
> > ___

Re: [Openstack] Swift Object Storage ACLs with KeyStone

2012-05-15 Thread Nguyen, Liem Manh

Yeah, that is because the swift/keystone middleware checks for the tenantId to 
match the accountId in the URL path...  Perhaps, we should rely strictly on 
Swift ACL for granting access to a given Swift container, and rely on Keystone 
RBAC for what you can do with a given Swift account.

BTW, we also ran into this issue before...  Has a bug/feature request been 
filed for this yet?  If not, I can file one.

Thanks,
Liem

-Original Message-
From: openstack-bounces+liem_m_nguyen=hp@lists.launchpad.net 
[mailto:openstack-bounces+liem_m_nguyen=hp@lists.launchpad.net] On Behalf 
Of Chmouel Boudjnah
Sent: Tuesday, May 15, 2012 2:55 AM
To: 张家龙
Cc: openstack
Subject: Re: [Openstack] Swift Object Storage ACLs with KeyStone

Hi,

In swift+keystone you are not allowed to have ACL between different
account/tenant/project, you can only allow ACL between  different
users in a tenant.
This is probably something not too difficult to implement but it may
needs some tinkering to get it right. Please feel free to log a bug in
keystone and we'll try to address that.

Chmouel.

On Sat, May 12, 2012 at 4:02 AM, 张家龙  wrote:
> Vish ,
>  Thank you for answering.
>  While ,sorry,I don`t understand your said.
>  Do you mean I have to do like follows when I setting up acls:
>
> curl -X PUT -i \
> -H "X-Auth-Token: " \
> -H "X-Container-Read: " \
> http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
>
> Or,other operations and settings?
> --
> Best Regards
>
> ZhangJialong
>
>
>
> -- Original --
> From:  "Vishvananda Ishaya";
> Date:  Sat, May 12, 2012 03:03 AM
> To:  "张家龙";
> Cc:  "openstack";
> Subject:  Re: [Openstack] Swift Object Storage ACLs with KeyStone
>
> I'm not totally sure about this, but you might have to use the project_id
> from keystone instead of the project_name when setting up acls.   The same
> may be true of user_id.
>
> Vish
>
> On Fri, May 11, 2012 at 12:51 AM, 张家龙  wrote:
>>
>>
>> Hello, everyone.
>>
>> I encountered some problems when i set permissions (ACLs) on Openstack
>> Swift containers.
>> I installed swift-1.4.8(essex) and use keystone-2012.1 as
>> authentication system on CentOS 6.2 .
>>
>> My swift proxy-server.conf and keystone.conf are here:
>> http://pastebin.com/dUnHjKSj
>>
>> Then,I use the script named opensatck_essex_data.sh(
>> http://pastebin.com/LWGVZrK0 ) to
>> initialize keystone.
>>
>> After these operations,I got the token of demo:demo and
>> newuser:newuser
>>
>> curl -s -H 'Content-type: application/json' \
>> -d '{"auth": {"tenantName": "demo", "passwordCredentials":
>> {"username": "demo", "password": "admin"}}}' \
>> http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool
>>
>> curl -s -H 'Content-type: application/json' \
>> -d '{"auth": {"tenantName": "newuser", "passwordCredentials":
>> {"username": "newuser", "password": "admin"}}}' \
>> http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool
>>
>> Then,enable read access to newuser:newuser
>>
>> curl -X PUT -i \
>> -H "X-Auth-Token: " \
>> -H "X-Container-Read: newuser:newuser" \
>>
>> http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
>>
>> Check the permission of the container:
>>
>> curl -k -v -H 'X-Auth-Token:' \
>>
>> http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
>>
>> This is the reply of the operation:
>>
>> HTTP/1.1 200 OK
>> X-Container-Object-Count: 1
>> X-Container-Read: newuser:newuser
>> X-Container-Bytes-Used: 2735
>> Accept-Ranges: bytes
>> Content-Length: 24
>> Content-Type: text/plain; charset=utf-8
>> Date: Fri, 11 May 2012 07:30:23 GMT
>>
>> opensatck_essex_data.sh
>>
>> Now,the user newuser:newuser visit the container of demo:demo
>>
>> curl -k -v -H 'X-Auth-Token:' \
>>
>> http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
>>
>> While,I got 403 error.Can someone help me?
>>
>> --
>> Best Regards
>>
>> ZhangJialong
>>
>>
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net

Re: [Openstack] Understanding Integration Bridge and MACs

2012-05-15 Thread Dan Wendlandt

Hi Salman,

You need to delete by UUID (since if quantum is used with melange,
fixed_range is not guaranteed to be unique).

just use:

nova network delete --uuid 

I just yesterday noticed that this was missing from the Quantum Admin Guide
and added it:
http://docs.openstack.org/trunk/openstack-network/admin/content/Net-Create-dle455.html

Dan

On Tue, May 15, 2012 at 9:22 AM, Salman Malik  wrote:

>  Thank you both but when I try to delete any such network using
> nova-manage network delete tenant net_ID, I get the following error:
>
> 2012-05-02 01:47:59 TRACE nova   File "/opt/stack/nova/bin/nova-manage",
> line 867, in delete
> 2012-05-02 01:47:59 TRACE nova raise Exception("Deleting by
> fixed_range is not supported " \
> 2012-05-02 01:47:59 TRACE nova Exception: Deleting by fixed_range is not
> supported with the QuantumManager
>
> How can I delete nets defined using fixed_range parameter?
>
> Thanks,
> Salman
>
>
> --
> From: d...@nicira.com
> Date: Mon, 14 May 2012 19:23:34 -0700
> Subject: Re: [Openstack] Understanding Integration Bridge and MACs
> To: salma...@live.com
> CC: openstack@lists.launchpad.net
>
>
>
>
> On Mon, May 14, 2012 at 3:19 PM, Salman Malik  wrote:
>
>  In addition to the mail that follows, I am having some problem with
> quantum networks as well. When I create a network using :
>
> sudo nova-manage network create --label=$tenant0
> --fixed_range_v4=$iprange0 --project_id=$tenant0
>
> I can see the network using both "quantum list_nets $tenant0" and
> "nova-manage network list", but when I delete the network using "quantum
> delete_net $tenant0 $netID", the nova-manage network list still shows the
> network and when I try to use the same CIDR for another network,I get an
> error saying CIDR already in use. Shouldn't deleting "quantum list_nets"
> and "nova-manage network list" be consistent with each other ?
>
>
> In Essex, when using Nova all Quantum network creation and deletion must
> occur using nova-manage.  This is because we store the IP address
> management data associated with a network is stored in the Nova database.
>  As Yong mentioned, in Folsom we are storing IP address management data in
> Quantum itself, in which case network creation can happen directly via the
> Quantum API and Nova VMs will still be able to get IPs.
>
> Dan
>
>
>
>
>
>
>
> --
> From: salma...@live.com
> To: openstack@lists.launchpad.net
> Subject: Understanding Integration Bridge and MACs
> Date: Sun, 13 May 2012 19:42:14 -0500
>
>
>  Hi Dan and Others,
>
> I am trying to understand the actions taken by Ryu when the new instance
> sends DHCP discover message to dnsmasq. When I launch new instannce it
> keeps on sending discover messages and controller keeps on dropping these
> messages. But looking at the traffic I couldn't exactly map which MAC
> address belonged to which entity. Can someone help me with my understanding
> of the MAC addresses. Using ifconfig , "ovs-ofctl show br-int" and
> "ovs-ofctl snoop br-int" (output shown after MAC addresses), I know exactly
> about some MAC addresses and can't figure out some of them:
>
> Interfaces  |HWAddress  |IP-addr
>
> -
> eth0|08:00:27:7a:ff:65|10.0.3.15
> eth1|08:00:27:16:d5:09  |
> 10.0.0.10  gw-82bd3a73-dc|fa:16:3e:49:57:1b  |10.0.0.1
>  dnsmasqs)
> br-int   |08:00:27:16:d5:09 |
>  new-instance  |*02:d8:47:48:35:26*  <== MAC address
> of newly launched instance? (see output below)
>
> *Unkown* |*fa:16:3e:5e:02:17   *<==Seemingly
> unknown MAC address(which is related to the new instance?)
> Unkown  |*33:33:00:00:00:16**   *<== MAC
> address related to multicast ?
>
>
> Questions:
>
> 1. What is gw-82bd3a73-dc interface ?
> 2. I am kind of unsure why br-int is so useful?
> 3. Why doesn't br-int don't have any IP address?
> 4. Why do we need to plugin a compute node's interface to br-int? (so that
> guest instances on remote host can communicate with each other?)
> 5. What is the relationship b/w *02:d8:47:48:35:26 and **fa:16:3e:5e:02:17
> *MAC addresses in the following output?
>
> =
> Output of : ovs-ofctl snoop br-int
> =
> OFPT_ECHO_REQUEST (xid=0x0): 0 bytes of payload
> OFPT_ECHO_REPLY (xid=0x0): 0 bytes of payload
> OFPT_PORT_STATUS (xid=0x0): ADD: 7(tap76127847-b1): addr:*
> 02:d8:47:48:35:26*
>  config: 0
>  state:  LINK_DOWN
>  current:10MB-FD COPPER
> OFPT_FLOW_MOD (xid=0x491662da): DEL priority=0 buf:0x0 actions=drop
> OFPT_BA

Re: [Openstack] Understanding Integration Bridge and MACs

2012-05-15 Thread Salman Malik





Thank you both but when I try to delete any such network using nova-manage 
network delete tenant net_ID, I get the following error:

2012-05-02 01:47:59 TRACE nova   File "/opt/stack/nova/bin/nova-manage", line 
867, in delete
2012-05-02 01:47:59 TRACE nova raise Exception("Deleting by fixed_range is 
not supported " \
2012-05-02 01:47:59 TRACE nova Exception: Deleting by fixed_range is not 
supported with the QuantumManager

How can I delete nets defined using fixed_range parameter?

Thanks,
Salman

From: d...@nicira.com
Date: Mon, 14 May 2012 19:23:34 -0700
Subject: Re: [Openstack] Understanding Integration Bridge and MACs
To: salma...@live.com
CC: openstack@lists.launchpad.net



On Mon, May 14, 2012 at 3:19 PM, Salman Malik  wrote:









In addition to the mail that follows, I am having some problem with quantum 
networks as well. When I create a network using :

sudo nova-manage network create --label=$tenant0 --fixed_range_v4=$iprange0 
--project_id=$tenant0



I can see the network using both "quantum list_nets $tenant0" and "nova-manage 
network list", but when I delete the network using "quantum delete_net $tenant0 
$netID", the nova-manage network list still shows the network and when I try to 
use the same CIDR for another network,I get an error saying CIDR already in 
use. Shouldn't deleting "quantum list_nets" and "nova-manage network list" be 
consistent with each other ?



In Essex, when using Nova all Quantum network creation and deletion must occur 
using nova-manage.  This is because we store the IP address management data 
associated with a network is stored in the Nova database.  As Yong mentioned, 
in Folsom we are storing IP address management data in Quantum itself, in which 
case network creation can happen directly via the Quantum API and Nova VMs will 
still be able to get IPs.  


Dan
 





From: salma...@live.com
To: openstack@lists.launchpad.net


Subject: Understanding Integration Bridge and MACs
Date: Sun, 13 May 2012 19:42:14 -0500





Hi Dan and Others,

I am trying to understand the actions taken by Ryu when the new instance sends 
DHCP discover message to dnsmasq. When I launch new instannce it keeps on 
sending discover messages and controller keeps on dropping these messages. But 
looking at the traffic I couldn't exactly map which MAC address belonged to 
which entity. Can someone help me with my understanding of the MAC addresses. 
Using ifconfig , "ovs-ofctl show br-int" and "ovs-ofctl snoop br-int" (output 
shown after MAC addresses), I know exactly about some MAC addresses and can't 
figure out some of them:



Interfaces  |HWAddress  |IP-addr
-
eth0|08:00:27:7a:ff:65|10.0.3.15


eth1|08:00:27:16:d5:09  |10.0.0.10  
   33:33:00:00:00:16 type86dd 
proto58 tos0 ipv6::->ff02::16 port143->0
fa:16:3e:5e:02:17 > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length

Re: [Openstack] Install Your Own OpenStack Cloud - Essex Edition

2012-05-15 Thread George Mihaiescu

Hi Eric,

 

First of all, thanks for this great documentation.

 

I was curious how did you get the "Region" drop-down list to show up in 
Dashboard (page 22)?

Do you need to create multiple regions for this, and if yes, could you please 
elaborate on how you did this?

 

Thank you,

George 

 

 



From: openstack-bounces+george.mihaiescu=q9@lists.launchpad.net 
[mailto:openstack-bounces+george.mihaiescu=q9@lists.launchpad.net] On 
Behalf Of Eric Dodemont
Sent: Tuesday, May 08, 2012 3:46 AM
To: Emilien Macchi
Cc: openstack@lists.launchpad.net
Subject: Re: [Openstack] Install Your Own OpenStack Cloud - Essex Edition

 

Emilien,

In a next version, I will include: 

- Quantum (I just mention it in this version);
- LXC (experimental);
- a "study case";
- instance migration, etc.

Eric  

On 07/05/12 14:59, Emilien Macchi wrote: 

Nice work Eric,


But you don't speak about Quantum. Is it on schedule ?



Regards


Le lundi 07 mai 2012 à 14:23 +0200, Eric Dodemont a écrit : 

I have written a 50 pages document: "Install Your Own OpenStack Cloud - 
Essex Edition".
 
The PDF file can be downloaded here: http://tiny.cc/qstxdw
 
In the document, I describe in detail the installation, configuration 
and use of my OpenStack cloud. I try to not use scripts to show clearly 
all the steps to follow.
 
Installation is made on two physical servers and explanations are given 
to add more compute nodes.
 
I added a lot of information, especially about the VLAN networking mode.
 
Software Versions:
 
- Operating System: Linux Ubuntu Server version 12.04 (Precise), 64 bits.
- Cloud Computing: OpenStack version 2012.1 (Essex) including Nova, 
Glance, Keystone, and Horizon.
 
Best regards,
 
Eric
 
___
Mailing list: https://launchpad.net/~openstack 
 
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack 
 
More help   : https://help.launchpad.net/ListHelp

 

 

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Swift: tempURL

2012-05-15 Thread Chmouel Boudjnah

On Tue, May 15, 2012 at 4:46 PM, Rouault, Jason (Cloud Services)
 wrote:
> There is a blueprint for this work in Keystone Folsom

Review is up: https://review.openstack.org/7446

Chmouel.

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Opening up bug triaging rights

2012-05-15 Thread Thierry Carrez

Brian Waldon wrote:
> While I agree we need to make a better effort at triaging our bugs (some 
> projects more than others), I'm hesitant to fully open up bug triaging rights 
> to everyone. I doubt everyone who would start clicking those buttons have 
> enough information to make the right decisions. This is similar to why we 
> have *-core teams - while that is a bit of a higher risk situation, it's the 
> same concept.

I understand your concern. At that session the room was filled with
people wanting to help with triaging, which obviously stacked the deck
in favor of opening up the teams. Adding more people to the teams was
also prompted by the need to give more people the ability to nominate a
bug for backporting (which is also a bug supervisor right, while
accepting a nomination is a project driver right).

For Nova, I really think we need a lot more triagers if we want to touch
all incoming bugs. I set up instructions [1] but I never managed to go
beyond step 4. After I stopped doing routine triaging, the number of
untriaged bugs [2] skyrocketed, despite the efforts of a small number
(including you). The end result is an unusable list of open bugs, which
in turn results in a quality drop (worst issues not addressed or
addressed too late).

[1] http://wiki.openstack.org/BugTriage
[2] http://webnumbr.com/untouched-nova-bugs

How do we fix that ? I agree that there is some risk with incompetent
triagers, but I thought the benefit outweighed the risk. And with good
documentation, the risk is limited. Alternative solutions include:

a. Only open specific projects, to avoid introducing risk in
already-well-triaged projects (but would result in confusion ?)

b. Have someone (chief triager) review applications of proposed members
(but who would do it ? and what would be the objective criteria for
acceptation ?)

c. Keep it as a PROJECT-core only duty, and create regular triaging
activity for core members (preventing other devs from helping or
nominating bugs for backports)

Thoughts ?

-- 
Thierry Carrez (ttx)
Release Manager, OpenStack

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Opening up bug triaging rights

2012-05-15 Thread Brian Waldon

While I agree we need to make a better effort at triaging our bugs (some 
projects more than others), I'm hesitant to fully open up bug triaging rights 
to everyone. I doubt everyone who would start clicking those buttons have 
enough information to make the right decisions. This is similar to why we have 
*-core teams - while that is a bit of a higher risk situation, it's the same 
concept.

Brian

On May 14, 2012, at 8:06 AM, Thierry Carrez wrote:

> Hello everyone,
> 
> Currently the bug triaging rights for a given PROJECT (ability to set
> status and importance of bugs, but also ability to nominate a bug for a
> past series) is restricted to the corresponding PROJECT-bugs team, which
> is generally a moderated team that nobody really monitors new members
> applications for. This restricts the number of people who can help with
> bugs, whereas we should probably encourage more people to do that.
> 
> During the bug triaging session at the OpenStack Design Summit we
> proposed to open membership to the core PROJECT-bugs teams. This means
> that anybody could join the team(s) and start helping with bug triaging.
> If we get the documentation right first, the benefit (more triagers,
> empowered community) should outweigh the drawbacks (potentially insane
> triaging that needs to be reverted).
> 
> If all projects are in agreement with this plan, we would create a
> single, open, openstack-bugs team. People joining that team would be
> able to  helping with bug triaging in all OpenStack core projects. This
> would certainly be clearer than having multiple teams with different
> membership rules.
> 
> Please let me know if you think this is not a good idea. Otherwise I'll
> soon start implementing the plan:
> 
> * Refresh bug triaging documentation on the wiki
> * Merge PROJECT-bugs team into a single, open openstack-bugs team
> * Point to triaging documentation from the team's page
> 
> Regards,
> 
> -- 
> Thierry Carrez (ttx)
> Release Manager, OpenStack
> 
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Swift: tempURL

2012-05-15 Thread Rouault, Jason (Cloud Services)

There is a blueprint for this work in Keystone Folsom

From: openstack-bounces+jason.rouault=hp@lists.launchpad.net
[mailto:openstack-bounces+jason.rouault=hp@lists.launchpad.net] On
Behalf Of Suchi Sinha (susinha)
Sent: Monday, May 14, 2012 11:29 AM
To: openstack@lists.launchpad.net
Subject: [Openstack] Swift: tempURL

I am trying to run swift  temp url  feature. We have keystone as identity
service. 

Does this feature works with  keystone? 

I am always getting "no such file or directory".

I am  following all  the steps   generate the tempURL.

I will  appreciate any  help.

Thanks.

~Suchi 

smime.p7s
Description: S/MIME cryptographic signature
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [metering] resources metadata

2012-05-15 Thread Doug Hellmann

Copying the list...

On Tue, May 15, 2012 at 10:26 AM, Doug Hellmann  wrote:

>
>
> On Tue, May 15, 2012 at 8:21 AM, Julien Danjou  > wrote:
>
>> On Tue, May 15 2012, Loic Dachary wrote:
>>
>> > On 05/15/2012 12:05 PM, Julien Danjou wrote:
>> >>
>> >> OTOH I find the metadata proposal in another table too much
>> >> complicated. Why not storing what metadata in the meter.payload field
>> >> in the same table (e.g. as a JSON string)?
>> > I would be much simpler to store the metadata in the resource_id field
>> > which could be renamed into resource field.
>>
>> That'd be even more radical.
>>
>
> I like it because it would simplify the messaging. We can leave the
> storage optimization question to the daemon that stores the data.
>
>
>>
>> > Instead of resource_id=134123 we could have resource={ 'id': 134123,
>> > 'name': 'foobar', 'flavor': 'm1.small' etc.. } There would be no need
>> > for versioning, format, separate table, etc. etc. The only convention
>> > would be that it's a hash with at least one field : the id of the
>> > resource. The rest is metadata.
>> >
>> > It will use a lot of disk space with highly redundant information.
>>
>> Ok, so the current proposal is just early optimization, as I understood.
>>
>> If you want to optimize the storage, why not use resource_id as a
>> foreign key to the metatable table which would contains unique records
>> of metadata?
>>
>> That would allow to store identical metadata once (and therefore
>> optimize space) and will be much simpler. There would not be any need of
>> version, timestamp, or whatever on metadata.
>>
>> --
>> Julien Danjou
>> // eNovance  http://enovance.com
>> // ✉ julien.dan...@enovance.com  ☎ +33 1 49 70 99 81
>>
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Stackforge server migration

2012-05-15 Thread Andrew Hutchings

Hi guys,

After a few minor issues the Stackforge review server has been migrated.
 Please let us know if there are any problems post-migration.

Kind Regards
-- 
Andrew Hutchings - LinuxJedi - http://www.linuxjedi.co.uk/

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Error in documentation: Swift + Keystone + S3

2012-05-15 Thread Razique Mahroua

We are updating the doc for the 
essex docs. Should the changes be also in the trunk and diablo docs ?Razique 	   
   	Anne Gentle  
  15 mai 2012 14:23Thanks for reporting, Philipp -
 doc bug logged and we'll get it taken care of. https://bugs.launchpad.net/openstack-manuals/+bug/999655Thanks
 Chmouel for confirming the correct settings.

AnneAnne Gentle | http://justwriteclick.com/






___Mailing list: 
https://launchpad.net/~openstackPost to : 
openstack@lists.launchpad.netUnsubscribe : 
https://launchpad.net/~openstackMore help   : 
https://help.launchpad.net/ListHelp 	   
   	Philipp Wollermann  
  15 mai 2012 11:22Hi,today, I was 
trying to setup Swift with Keystone authentication and S3 compatibility.Thanks
 to the very good documentation at http://swift.openstack.org/ and 
http://keystone.openstack.org/configuringservices.html I got a working 
setup quite fast, however S3 compatibility didn't work. The client 
couldn't authenticate, got a HTTP 500 error, which was caused by 
Keystone responding with a HTTP 404 to an internal request to 
/v2.0/s3tokens.After several hours, I found out, that no one 
ever mentions the small detail, that you have to include this in 
keystone.conf:[filter:s3_extension]paste.filter_factory = 
keystone.contrib.s3:S3Extension.factoryand add "s3_extension" in
 the "[pipeline:admin_api]" section between "ec2_extension" and 
"crud_extension".As a user, that's nearly impossible to find out
 - try it using the documentation and Google. The only "official" place,
 where you can find it mentioned, is in the middle of the 81.5kb 
stack.sh inside devstack and you'll only find that, if you already know 
exactly what you're looking for :/I'm currently trying to get a 
CCLA signed by my company, if that succeeds, I'd like to contribute a 
fix to the docs. In the meantime, maybe that already helps someone. :)Best
 regards,--
 Nuage & Co - 
Razique Mahroua 
razique.mahr...@gmail.com








 






___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Error in documentation "openstack install and deploy manual"

2012-05-15 Thread Lorin Hochstein

Thanks, Alessandro. I've proposed a doc fix for these issues here: 
https://review.openstack.org/7442


Take care,

Lorin
--
Lorin Hochstein
Lead Architect - Cloud Services
Nimbis Services, Inc.
www.nimbisservices.com





On May 15, 2012, at 9:32 AM, Alessandro Tagliapietra wrote:

> I tried to install openstack following this guide, i think these things are 
> wrong. I'm not sure so maybe it's intentional.
> 
> 1)
> http://docs.openstack.org/trunk/openstack-compute/install/content/keystone-service-endpoint-create.html
>   Defining the volume service there is this line:
>   $ TENANT=eb7e0c10a99446cfa14c244374549e9d
>   which i think is not needed.
>   Later in image service defining this line is missing the escape char at 
> the end of line
>--endpoint http://192.168.206.130:35357/v2.0/
> 
> 2)
> http://docs.openstack.org/trunk/openstack-compute/install/content/configure-glance-files.html
>   The step about db version control and sync on ubuntu 12.04 should be 
> done before the services restart else glance-registry will die after a few 
> seconds due no tables found
> 
> Best Regards
> 
> Alessandro
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [OpenStack][Keystone] Blueprint to store quota data in Keystone

2012-05-15 Thread Joe Topjian

Hi Everett,


> Secondly, with regard to quota-create and quota-update, is there a huge
>> difference between the two besides one would ultimately do an "insert" and
>> one would do an "update"? If that is the only difference, could the two be
>> combined into a single "quota-set" subcommand?
>>
>
> They're two distinct actions and having both is consistent with the rest
> of the keystone CLI.
>

I spent some time thinking about this over the weekend and realized why
quota-create and quota-update seem like weird actions to me. I apologize
for the lengthy response.

Let's define a "quota resource" as "swift.total" or "nova.ram".


In the design specs, the examples are showing create and update commands
for the same quota resource:


keystone quota-create --quota swift.total=1073741824 

keystone quota-update --quota swift.total=2147483648 


The specs do not explicitly say if this is allowed or not:


keystone quota-create --quota nova.ram=10240 $joe_tenant_id

keystone quota-update --quota nova.instances=20 $joe_tenant_id


It might be obvious to some that those two commands are in no way legal,
but to me, they are. Here's why:


Rule 1-1: Let's define a "quota-less tenant" as a tenant that has no quota
data in a metadata table.

Rule 1-2: Let's define a "quota'd tenant" as a tenant that has at least one
quota resource in a metadata table.


Once a quota-create command is issued on any tenant for any quota resource,
that tenant is now a "quota'd tenant". Thus, any further updates to a
"quota'd tenant", regardless of the quota resource, is legal.


Conversely:


Rule 2-1: Let's define a "quota-less tenant" as a tenant that has no quota
data of a specific quota resource in a metadata table.

Rule 2-2: Let's define a "quota'd tenant" as a tenant that has a quota set
for a specific quota resource in a metadata table.


Now:


keystone quota-create --quota nova.ram=10240 $joe_tenant_id

keystone quota-update --quota nova.instances=20 $joe_tenant_id

Error: quota resource "nova.instances" does not exist for $joe_tenant_id.
Create it first.


quota-create only created the nova.ram quota resource and the tenant is
only quota'd for that single quota resource. Updates can only be applied to
resources that are quota'd on that tenant.


If Rule 2-1 and Rule 2-2 are how you are designing the Keystone quota
system, then this all ends here and the below is invalid. But when I first
read the spec, I got in my head that Rule 1-1 and Rule 1-2 are how it works
and so here is my thought-trail on why I think quota-set should just be
used:


Let's look at the unix "useradd" command. The only required field is the
username:


useradd jtopjian


Once the user is added, "usermod" can be used to modify any user option by
referencing the username:


usermod --uid 1234 jtopjian


The same is true with the keystone command. In order to work on quotas, the
tenant_id must first be created:


keystone tenant-create ...


Since $joe_tenant_id is specified for each call of "keystone quota-*", it
makes the quota-* commands more like the "usermod" command.


In this way, quotas are just non-required, supplemental attributes to the
tenant.


Now, from an end-user perspective:


keystone quota-create --quota nova.ram=10240 $joe_tenant_id

keystone quota-update --quota nova.instances=20 $joe_tenant_id


or


keystone quota-set --quota nova.ram=10240 $joe_tenant_id

keystone quota-set --quota nova.instances=20 $joe_tenant_id


In my mind, I see an "if" statement happening for both sets of commands.
With the first set of commands, the "if" statement is happening in the
user's head:


if $joe_tenant_id is already quota'd:

  issue keystone quota-update

else:

  issue keystone quota-create


In the second set of commands, the "if" statement is happening in the
"quota-set" function:


if $joe_tenant_id is in metadata table:

  update metadata table

else:

  insert into metadata table


I feel that the "if" statement should be placed in the quota-set function
because of the idea that quota-* commands work on non-required attributes
of the tenant. Why should the end-user have to figure out what non-required
attributes have already been set?


Does that make sense at all? I realize that this is just a ridiculous
blather of design theory that I'm making more complicated than it should
be.


While writing this out, I thought of the case with the global default nova
quota where each quota resource is properly defined. If tenants had no
quota metadata specified, they would use the global quota. But quotas could
be overridden on a per-resource basis, which would then make each
overriding action, even the initial override, seem like an update and not a
create.


Or what about the idea that "swift" and "nova" are two distinct quota
groups. It could then be possible that a tenant can be quota'd for one
quota group and not another just by having one quota resource of the quota
group specified. For example, if a tenant has nova.ram specified, the
tenant is now

Re: [Openstack] [Swift] swift news and plans

2012-05-15 Thread Soren Hansen

2012/5/15 Andy Edmonds :
> If I'm not mistaken:
> http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-08-20.00.log.html

That meeting happened 4 days *after* the e-mail I responded to was
sent to the mailing list.

-- 
Soren Hansen             | http://linux2go.dk/
Senior Software Engineer | http://www.cisco.com/
Ubuntu Developer         | http://www.ubuntu.com/
OpenStack Developer      | http://www.openstack.org/

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Error in documentation "openstack install and deploy manual"

2012-05-15 Thread Alessandro Tagliapietra

I tried to install openstack following this guide, i think these things are 
wrong. I'm not sure so maybe it's intentional.

1)  
http://docs.openstack.org/trunk/openstack-compute/install/content/keystone-service-endpoint-create.html
Defining the volume service there is this line:
$ TENANT=eb7e0c10a99446cfa14c244374549e9d
which i think is not needed.
Later in image service defining this line is missing the escape char at 
the end of line
 --endpoint http://192.168.206.130:35357/v2.0/

2)  
http://docs.openstack.org/trunk/openstack-compute/install/content/configure-glance-files.html
The step about db version control and sync on ubuntu 12.04 should be 
done before the services restart else glance-registry will die after a few 
seconds due no tables found

Best Regards

Alessandro___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] "Error: Unable to retrieve container list." From the openstack-dashboard

2012-05-15 Thread Razique Mahroua

In fact, I can't explain why, but the restarting of the server 
fixed the issuepartially ; not any container is displayedStorageURL: 
http://192.168.71.152:8080/v1/AUTH_aabeefb101f749a7b06a94a57f416d82Auth 
Token: 3e6ad70205fc4addb98d70aff254fa1f   Account: 
AUTH_aabeefb101f749a7b06a94a57f416d82Containers:
 1   Objects: 0 Bytes: 0Accept-Ranges: bytesX-Trans-Id:
 tx29e2aa6cb5b04f6a933c619050ab8f32But when I refresh the
 browser, the container appears !Refresh 1 : http://goo.gl/gzNDB1
 second later, refresh 2 : http://goo.gl/4zjVSThis is weird.@
 Imen Khabou, I'll mail you the pdf :) 	   
   	Razique Mahroua  
  15 mai 2012 12:22

Hi guys,using the good CSScorp 
guide https://cssoss.files.wordpress.com/2012/05/openstackbookv3-0_csscorp.pdfI'm

 deployin an AIO solution, the only thing I'm unable to make work is the
 swift <-> dash communication.The first thing I'm don't really
 know how to do is enabling Horizon debug either in the syslog or in a 
file.I have the following error :http://goo.gl/WAJwjI
 triple-checked my Keystone configuration (Swift Service, Endpoint, 
Role, User and Tenant), and it is the only service that is unable to 
communicate. Swift works well, and I've been able to create myself a 
container.Here is the KS log when I click on "containers" from 
Horizon : http://paste.openstack.org/show/17647/Thanks,Razique
-- Nuage & Co - Razique Mahroua 
razique.mahr...@gmail.com








 






___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Error in documentation: Swift + Keystone + S3

2012-05-15 Thread Anne Gentle

Thanks for reporting, Philipp - doc bug logged and we'll get it taken care
of. https://bugs.launchpad.net/openstack-manuals/+bug/999655

Thanks Chmouel for confirming the correct settings.

Anne

Anne Gentle | http://justwriteclick.com/

[image: Facebook] [image:
Linkedin] [image:
Twitter]


On Tue, May 15, 2012 at 4:22 AM, Philipp Wollermann <
wollermann_phil...@cyberagent.co.jp> wrote:

> Hi,
>
> today, I was trying to setup Swift with Keystone authentication and S3
> compatibility.
>
> Thanks to the very good documentation at http://swift.openstack.org/ and
> http://keystone.openstack.org/configuringservices.html I got a working
> setup quite fast, however S3 compatibility didn't work. The client couldn't
> authenticate, got a HTTP 500 error, which was caused by Keystone responding
> with a HTTP 404 to an internal request to /v2.0/s3tokens.
>
> After several hours, I found out, that no one ever mentions the small
> detail, that you have to include this in keystone.conf:
>
> [filter:s3_extension]
> paste.filter_factory = keystone.contrib.s3:S3Extension.factory
>
> and add "s3_extension" in the "[pipeline:admin_api]" section between
> "ec2_extension" and "crud_extension".
>
> As a user, that's nearly impossible to find out - try it using the
> documentation and Google. The only "official" place, where you can find it
> mentioned, is in the middle of the 81.5kb stack.sh inside devstack and
> you'll only find that, if you already know exactly what you're looking for
> :/
>
> I'm currently trying to get a CCLA signed by my company, if that succeeds,
> I'd like to contribute a fix to the docs. In the meantime, maybe that
> already helps someone. :)
>
> Best regards,
>
> --
> Philipp Wollermann
>
> Infrastructure Engineer
> CyberAgent, Inc. (Tokyo)
> https://github.com/philwo
>
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [metering] resources metadata

2012-05-15 Thread Julien Danjou

On Tue, May 15 2012, Loic Dachary wrote:

> On 05/15/2012 12:05 PM, Julien Danjou wrote:
>>
>> OTOH I find the metadata proposal in another table too much
>> complicated. Why not storing what metadata in the meter.payload field
>> in the same table (e.g. as a JSON string)?
> I would be much simpler to store the metadata in the resource_id field
> which could be renamed into resource field.

That'd be even more radical.

> Instead of resource_id=134123 we could have resource={ 'id': 134123,
> 'name': 'foobar', 'flavor': 'm1.small' etc.. } There would be no need
> for versioning, format, separate table, etc. etc. The only convention
> would be that it's a hash with at least one field : the id of the
> resource. The rest is metadata.
>
> It will use a lot of disk space with highly redundant information.

Ok, so the current proposal is just early optimization, as I understood.

If you want to optimize the storage, why not use resource_id as a
foreign key to the metatable table which would contains unique records
of metadata?

That would allow to store identical metadata once (and therefore
optimize space) and will be much simpler. There would not be any need of
version, timestamp, or whatever on metadata.

-- 
Julien Danjou
// eNovance  http://enovance.com
// ✉ julien.dan...@enovance.com  ☎ +33 1 49 70 99 81

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [metering] resources metadata

2012-05-15 Thread Loic Dachary

On 05/15/2012 12:05 PM, Julien Danjou wrote:
>
> OTOH I find the metadata proposal in another table too much
> complicated. Why not storing what metadata in the meter.payload field
> in the same table (e.g. as a JSON string)?
I would be much simpler to store the metadata in the resource_id field which 
could be renamed into resource field.
Instead of resource_id=134123 we could have resource={ 'id': 134123, 'name': 
'foobar', 'flavor': 'm1.small' etc.. }
There would be no need for versioning, format, separate table, etc. etc. The 
only convention would be that it's a hash with at least one field : the id of 
the resource. The rest is metadata.

It will use a lot of disk space with highly redundant information.

Cheers

-- 
Loïc Dachary Chief Research Officer
// eNovance labs   http://labs.enovance.com
// ✉ l...@enovance.com  ☎ +33 1 49 70 99 82


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] ImageNotFound: Image could not be found

2012-05-15 Thread Pierre Amadio

Hi there !

On 05/15/2012 01:28 PM, Shashi Kanth Boddula wrote:
> Essex on Ubuntu 12.04.
> 
> I am storing images in swift. glance is configured to point to swift.
> 
> I have imported few images, they are stored in swift.
> 
> From dashboard, if i launch an instance from a image, it is failing, and
> the nova compute logs says "TRACE nova.rpc.amqp ImageNotFound: Image
> e2859b55-4a1c-49ce-9fa3-5d03dbd07343 could not be found."

I recently experienced a similar issue as well as some other who posted
about it here:

https://lists.launchpad.net/openstack/msg10631.html

It seems its related to bz979745

https://lists.launchpad.net/openstack/msg10674.html

https://bugs.launchpad.net/glance/+bug/979745

On my boxes, things started to work after applying the proposed patch:

https://github.com/openstack/glance/commit/fa82103f1cdb9bb26473df3a4ee9ddc077c0541e



___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] HELP: About Nova long time response when taking snapshot

2012-05-15 Thread Yun Mao

If you are using the essex release, have you tried to enable the
libvirt_nonblocking option?

Yun

On Tue, May 15, 2012 at 2:18 AM, Sam Su  wrote:
> Hi,
>
> I have a multi-nodes openstack environment, including a control node running
> Glance, nova-api, nova-scheduler, nova-network, rabbitmq, mysql, keystone
> and dashboard services, and two compute nodes running nova-compute and
> nova-network services.
>
> When someone is taking a snapshot for his/her VMs, the Openstack system
> looks like very busy and it will take a long time (at least 3 to 4 minutes
> in this situation and regular time is in 30 seconds) to create a VM.
>
> I wonder is there any solution to optimize this system so that it can
> response quickly. it will be much appreciated if someone could give me some
> hints about this.
>
> Thanks,
> Sam
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] ImageNotFound: Image could not be found

2012-05-15 Thread Razique Mahroua

Hi, I found this https://bugs.launchpad.net/nova/+bug/948286Maybe
 a link ? 	   
   	Shashi Kanth Boddula  
  15 mai 2012 13:28Essex on Ubuntu 12.04.I
 am storing images in swift. glance is configured to point to swift.I
 have imported few images, they are stored in swift.From
 dashboard, if i launch an instance from a image, it is failing, and the
 nova compute logs says "TRACE nova.rpc.amqp ImageNotFound: Image 
e2859b55-4a1c-49ce-9fa3-5d03dbd07343 could not be found."
# glance indexID
                                   Name                           Disk 
Format          Container Format     Size          
 --  
 --
01eb3158-3bf2-4ee7-9534-b06187886614 Ubuntu 12.04 LTS 64-bit       
 qcow2                bare                      22695116881f5f73e-fd88-4cb2-9d4e-d583deb5dc93
 CentOS 6.0 64-bit              raw                  bare                
      536412160
e2859b55-4a1c-49ce-9fa3-5d03dbd07343 RHEL5 U6 64-Bit               
 raw                  bare                      295900672#
 nova image-list+--+-+++
|                  ID                  |           Name          | 
Status | Server |+--+-+++|
 01eb3158-3bf2-4ee7-9534-b06187886614 | Ubuntu 12.04 LTS 64-bit | ACTIVE
 |        |
| 81f5f73e-fd88-4cb2-9d4e-d583deb5dc93 | CentOS 6.0 64-bit       | 
ACTIVE |        || e2859b55-4a1c-49ce-9fa3-5d03dbd07343 | 
RHEL5 U6 64-Bit         | ACTIVE |        |+--+-+++

# swift -V 2.0 -A http://openstack:5000/v2.0 -U 
service:glance -K glance list glance01eb3158-3bf2-4ee7-9534-b0618788661481f5f73e-fd88-4cb2-9d4e-d583deb5dc93
e2859b55-4a1c-49ce-9fa3-5d03dbd07343What
 i am missing here? Do i am missing something in nova.conf ?Thanks
 & Regards,
Shashi Kanth

___Mailing list: 
https://launchpad.net/~openstackPost to : 
openstack@lists.launchpad.netUnsubscribe : 
https://launchpad.net/~openstackMore help   : 
https://help.launchpad.net/ListHelp-- Nuage & Co - Razique Mahroua 
razique.mahr...@gmail.com








 






___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] ImageNotFound: Image could not be found

2012-05-15 Thread Shashi Kanth Boddula

Essex on Ubuntu 12.04.

I am storing images in swift. glance is configured to point to swift.

I have imported few images, they are stored in swift.

>From dashboard, if i launch an instance from a image, it is failing, and
the nova compute logs says "TRACE nova.rpc.amqp ImageNotFound: Image
e2859b55-4a1c-49ce-9fa3-5d03dbd07343 could not be found."


# glance index
ID   Name   Disk
Format  Container Format Size
 --
  --
01eb3158-3bf2-4ee7-9534-b06187886614 Ubuntu 12.04 LTS 64-bitqcow2
 bare  226951168
81f5f73e-fd88-4cb2-9d4e-d583deb5dc93 CentOS 6.0 64-bit  raw
 bare  536412160
e2859b55-4a1c-49ce-9fa3-5d03dbd07343 RHEL5 U6 64-Bitraw
 bare  295900672

# nova image-list
+--+-+++
|  ID  |   Name  | Status |
Server |
+--+-+++
| 01eb3158-3bf2-4ee7-9534-b06187886614 | Ubuntu 12.04 LTS 64-bit | ACTIVE |
   |
| 81f5f73e-fd88-4cb2-9d4e-d583deb5dc93 | CentOS 6.0 64-bit   | ACTIVE |
   |
| e2859b55-4a1c-49ce-9fa3-5d03dbd07343 | RHEL5 U6 64-Bit | ACTIVE |
   |
+--+-+++


# swift -V 2.0 -A http://openstack:5000/v2.0 -U service:glance -K glance
list glance
01eb3158-3bf2-4ee7-9534-b06187886614
81f5f73e-fd88-4cb2-9d4e-d583deb5dc93
e2859b55-4a1c-49ce-9fa3-5d03dbd07343


What i am missing here? Do i am missing something in nova.conf ?


Thanks & Regards,
Shashi Kanth
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] AMQP server on localhost:5672 is unreachable: IOError Socket closed.

2012-05-15 Thread Shashi Kanth Boddula

Thank you, i simply reinstalled rabbitmq server and restarted nova api, now
things looks fine.

Thanks.


On Tue, May 15, 2012 at 3:08 PM, Bilel Msekni  wrote:

>  Le 15/05/2012 11:14, Shashi Kanth Boddula a écrit :
>
> Essex on Ubuntu 12.04.
>
>  I am seeing these messages in noa-api.log file, and the nova is not
> functional in dashboard. I believe the problem is with rabbitmq, but i
> don't know how to solve this situation.
>
>
>  2012-05-15 14:20:11 ERROR nova.rpc.common
> [req-1d70ea22-fb6e-4be8-84f5-54cfd78698ac 0c1bd987f8b84088983e17645067c225
> 488ef90f59fd4bf68fc78f7086556af2] AMQP server on localhost:5672 is
> unreachable: Socket closed. Trying again in 30 seconds.
> 2012-05-15 14:20:11 TRACE nova.rpc.common Traceback (most recent call
> last):
> 2012-05-15 14:20:11 TRACE nova.rpc.common   File
> "/usr/lib/python2.7/dist-packages/nova/rpc/impl_kombu.py", line 446, in
> reconnect
> 2012-05-15 14:20:11 TRACE nova.rpc.common self._connect()
> 2012-05-15 14:20:11 TRACE nova.rpc.common   File
> "/usr/lib/python2.7/dist-packages/nova/rpc/impl_kombu.py", line 423, in
> _connect
> 2012-05-15 14:20:11 TRACE nova.rpc.common self.connection.connect()
> 2012-05-15 14:20:11 TRACE nova.rpc.common   File
> "/usr/lib/python2.7/dist-packages/kombu/connection.py", line 154, in connect
> 2012-05-15 14:20:11 TRACE nova.rpc.common return self.connection
> 2012-05-15 14:20:11 TRACE nova.rpc.common   File
> "/usr/lib/python2.7/dist-packages/kombu/connection.py", line 560, in
> connection
> 2012-05-15 14:20:11 TRACE nova.rpc.common self._connection =
> self._establish_connection()
> 2012-05-15 14:20:11 TRACE nova.rpc.common   File
> "/usr/lib/python2.7/dist-packages/kombu/connection.py", line 521, in
> _establish_connection
> 2012-05-15 14:20:11 TRACE nova.rpc.common conn =
> self.transport.establish_connection()
> 2012-05-15 14:20:11 TRACE nova.rpc.common   File
> "/usr/lib/python2.7/dist-packages/kombu/transport/pyamqplib.py", line 255,
> in establish_connection
> 2012-05-15 14:20:11 TRACE nova.rpc.common
> connect_timeout=conninfo.connect_timeout)
> 2012-05-15 14:20:11 TRACE nova.rpc.common   File
> "/usr/lib/python2.7/dist-packages/kombu/transport/pyamqplib.py", line 52,
> in __init__
> 2012-05-15 14:20:11 TRACE nova.rpc.common super(Connection,
> self).__init__(*args, **kwargs)
> 2012-05-15 14:20:11 TRACE nova.rpc.common   File
> "/usr/lib/python2.7/dist-packages/amqplib/client_0_8/connection.py", line
> 144, in __init__
> 2012-05-15 14:20:11 TRACE nova.rpc.common (10, 30), # tune
> 2012-05-15 14:20:11 TRACE nova.rpc.common   File
> "/usr/lib/python2.7/dist-packages/amqplib/client_0_8/abstract_channel.py",
> line 95, in wait
> 2012-05-15 14:20:11 TRACE nova.rpc.common self.channel_id,
> allowed_methods)
> 2012-05-15 14:20:11 TRACE nova.rpc.common   File
> "/usr/lib/python2.7/dist-packages/amqplib/client_0_8/connection.py", line
> 202, in _wait_method
> 2012-05-15 14:20:11 TRACE nova.rpc.common
> self.method_reader.read_method()
> 2012-05-15 14:20:11 TRACE nova.rpc.common   File
> "/usr/lib/python2.7/dist-packages/amqplib/client_0_8/method_framing.py",
> line 221, in read_method
> 2012-05-15 14:20:11 TRACE nova.rpc.common raise m
> 2012-05-15 14:20:11 TRACE nova.rpc.common IOError: Socket closed
> 2012-05-15 14:20:11 TRACE nova.rpc.common
>
>
>
>  # service rabbitmq-server status
> Status of node rabbit@openstack ...
> [{pid,2137},
>  {running_applications,[{rabbit,"RabbitMQ","2.7.1"},
> {os_mon,"CPO  CXC 138 46","2.2.7"},
> {sasl,"SASL  CXC 138 11","2.1.10"},
> {mnesia,"MNESIA  CXC 138 12","4.5"},
> {stdlib,"ERTS  CXC 138 10","1.17.5"},
> {kernel,"ERTS  CXC 138 10","2.14.5"}]},
>  {os,{unix,linux}},
>  {erlang_version,"Erlang R14B04 (erts-5.8.5) [source] [64-bit] [smp:24:24]
> [rq:24] [async-threads:30] [kernel-poll:true]\n"},
>  {memory,[{total,26413240},
>   {processes,10154960},
>   {processes_used,10134760},
>   {system,16258280},
>   {atom,1124441},
>   {atom_used,1120341},
>   {binary,69304},
>   {code,11134417},
>   {ets,742384}]},
>  {vm_memory_high_watermark,0.397628105},
>  {vm_memory_limit,13491309772}]
> ...done.
>
>
>
>
>  --
> Thanks & Regards,
> Shashi Kanth
>
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>  Nova connects to RabbitMQ through the defaults values  ( localhost:5672)
> and credentials (guest)
> Check for the address of your rabbitMQ in the config file
> (/etc/rabbitmq/rabbitMQ.config)
>
> and do this
> nano /etc/rabbitmq/rabbitmq.config
> [{rabbit, [{tcp_listeners, [{"127.0.0.1",5672}] }] } ]. #Paste this line
> #Exit and SAVE
> service start rabbitmq-server
>
>

[Openstack] "Error: Unable to retrieve container list." From the openstack-dashboard

2012-05-15 Thread Razique Mahroua


Hi guys,using the good CSScorp 
guide https://cssoss.files.wordpress.com/2012/05/openstackbookv3-0_csscorp.pdfI'm
 deployin an AIO solution, the only thing I'm unable to make work is the
 swift <-> dash communication.The first thing I'm don't really
 know how to do is enabling Horizon debug either in the syslog or in a 
file.I have the following error :http://goo.gl/WAJwjI
 triple-checked my Keystone configuration (Swift Service, Endpoint, 
Role, User and Tenant), and it is the only service that is unable to 
communicate. Swift works well, and I've been able to create myself a 
container.Here is the KS log when I click on "containers" from 
Horizon : http://paste.openstack.org/show/17647/Thanks,Razique-- Nuage & Co - Razique Mahroua 
razique.mahr...@gmail.com








 








___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] AMQP server on localhost:5672 is unreachable: IOError Socket closed.

2012-05-15 Thread raja.meena

Hi  Shashi,



 1. check for the below..

 root@openstack:/# cat /etc/rabbitmq/rabbitmq.conf
[
{rabbit, [
{tcp_listeners, [{"0.0.0.0",5672}]}
]}
]

2. restart rabbitmq service & check below

root@openstack:/# service rabbitmq-server status
Status of node rabbit@openstack ...
[{pid,26880},
 {running_applications,[{rabbit,"RabbitMQ","2.5.0"},
{os_mon,"CPO  CXC 138 46","2.2.5"},
{sasl,"SASL  CXC 138 11","2.1.9.3"},
{mnesia,"MNESIA  CXC 138 12","4.4.17"},
{stdlib,"ERTS  CXC 138 10","1.17.3"},
{kernel,"ERTS  CXC 138 10","2.14.3"}]},
 {os,{unix,linux}},
 {erlang_version,"Erlang R14B02 (erts-5.8.3) [source] [64-bit] [smp:8:8] [rq:8] 
[async-threads:30] [kernel-poll:true]\n"},
 {memory,[{total,24810216},
  {processes,9821528},
  {processes_used,9807032},
  {system,14988688},
  {atom,1108281},
  {atom_used,1096662},
  {binary,128184},
  {code,10829429},
  {ets,693600}]}]
...done.


3. root@openstack:/# lsof +M -i4
COMMAND PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
rpcbind 951  root6u  IPv4   2018  0t0  UDP 
*:sunrpc[portmapper]
rpcbind 951  root7u  IPv4   2021  0t0  UDP *:695
rpcbind 951  root8u  IPv4   2022  0t0  TCP 
*:sunrpc[portmapper] (LISTEN)
tgtd   1149  root4u  IPv4478  0t0  TCP *:3260 
(LISTEN)
tgtd   1162  root4u  IPv4478  0t0  TCP *:3260 
(LISTEN)
rpc.statd  1209 statd5r  IPv4  11631  0t0  UDP *:961
rpc.statd  1209 statd8u  IPv4  11636  0t0  UDP 
*:49976[status]
rpc.statd  1209 statd9u  IPv4  11639  0t0  TCP 
*:59630[status] (LISTEN)
libvirtd   1322  root   12u  IPv4   6765  0t0  TCP *:16514 
(LISTEN)
python 1467  ajaxterm5u  IPv4568  0t0  TCP 
localhost:8022 (LISTEN)
apt-cache  1498 apt-cacher-ng5u  IPv4  13673  0t0  TCP *:3142 
(LISTEN)
epmd   1647  rabbitmq3u  IPv4   9534  0t0  TCP *:epmd 
(LISTEN)
epmd   1647  rabbitmq5u  IPv4 2677682264  0t0  TCP 
localhost:epmd->localhost:43894 (ESTABLISHED)
apache22993  root3u  IPv4 2666216358  0t0  TCP *:www 
(LISTEN)
apache23005  www-data3u  IPv4 2666216358  0t0  TCP *:www 
(LISTEN)
apache23006  www-data3u  IPv4 2666216358  0t0  TCP *:www 
(LISTEN)
glance-ap 18946glance4u  IPv4  247572803  0t0  TCP *:9292 
(LISTEN)
mysqld1 mysql   10u  IPv4  248299715  0t0  TCP *:mysql 
(LISTEN)
glance-re 22691glance5u  IPv4  247573527  0t0  TCP *:9191 
(LISTEN)
beam.smp  26880  rabbitmq8u  IPv4 2653102073  0t0  TCP *:60924 
(LISTEN)
beam.smp  26880  rabbitmq9u  IPv4 2653102075  0t0  TCP 
localhost:43894->localhost:epmd (ESTABLISHED)



4. root@openstack:/# netstat -anp | grep 5672
tcp6   0  0 :::5672 :::*LISTEN  
26880/beam.smp




This should solve the issue.





Meena Raja
Consultant
__
WIPRO TECHNOLOGIES
No 53/1 Ganapa Towers ,Near Madivala Police Station , Hosur Main Road 
,Bangalore-560068
Hand Phone : +91-9880549725 | Desk : +91-80-39912554 |Fax No: +91-80-25502160
Email : raja.me...@wipro.com | Website : www.wipro.com

From: openstack-bounces+raja.meena=wipro@lists.launchpad.net 
[openstack-bounces+raja.meena=wipro@lists.launchpad.net] on behalf of Bilel 
Msekni [ski...@hotmail.fr]
Sent: Tuesday, May 15, 2012 3:08 PM
To: openstack@lists.launchpad.net
Subject: Re: [Openstack] AMQP server on localhost:5672 is unreachable: IOError 
Socket closed.

Le 15/05/2012 11:14, Shashi Kanth Boddula a écrit :
Essex on Ubuntu 12.04.

I am seeing these messages in noa-api.log file, and the nova is not functional 
in dashboard. I believe the problem is with rabbitmq, but i don't know how to 
solve this situation.


2012-05-15 14:20:11 ERROR nova.rpc.common 
[req-1d70ea22-fb6e-4be8-84f5-54cfd78698ac 0c1bd987f8b84088983e17645067c225 
488ef90f59fd4bf68fc78f7086556af2] AMQP server on localhost:5672 is unreachable: 
Socket closed. Trying again in 30 seconds.
2012-05-15 14:20:11 TRACE nova.rpc.common Traceback (most recent call last):
2012-05-15 14:20:11 TRACE nova.rpc.common   File 
"/usr/lib/python2.7/dist-packages/nova/rpc/impl_kombu.py", line 446, in 
reconnect
2012-05-15 14:20:11 TRACE nova.rpc.common self._connect()
2012-05-15 14:20:11 TRACE nova.rpc.common   File 
"/usr/lib/python2.7/dist-packages/nova/rpc/impl_kombu.py", line 423, in _connect
2012-05-15 14:20:11 TRACE nova.rpc.common self.connection.connect()
2012-05-15 14:20:11 TRACE nova.rpc.common   File 
"/usr/lib/python2.7/dist-packages/kombu/connection.py", line 154, in connect
2012-05-15 14:20:11

Re: [Openstack] [metering] resources metadata

2012-05-15 Thread Julien Danjou

On Mon, May 14 2012, Loic Dachary wrote:

>> Each set of metering data will need to be associated with the appropriate
>> metadata from the resource at the time the metering information was
>> collected. The rate of change of metadata and metering events are
>> different, though, so the timestamps of the metadata records are unlikely
>> to match exactly with the values in the metering records. Depending on the
>> clock resolution, it would be possible to have metadata changes and meter
>> data with the same timestamp, resulting in an incorrect association.
> Indeed, good point.
>>
>> We can work around that by maintaining proper foreign key references using
>> the metadata version field as you describe in the schema above (so the
>> resource id and metadata version value point to the correct metadata
>> record). It will make recording the metering data less efficient because
>> we will need to determine the current version for the resource metadata,
>> but we can optimize that eventually through indexes and caching.
>>
>> Aggregation will also need to take the metadata version into account, so 
>> everywhere in the list of queries we say "by resource_id" we need to change 
>> that to "by resource_id and version".
> I added the idea of a format version for when the payload format changes and 
> tried to write down a description of the metadata storage matching this 
> thread in the wiki.
>
> http://wiki.openstack.org/EfficientMetering?action=diff&rev2=80&rev1=78
>
> What do you think ?

I'm jumping in a bit late in the discussion, but there may be a point I
miss in the current definition because, I think it's getting too
complicated.

We now have 2 "payload" fields: one for meter and one for metadata.

For example, if you look at the c1 counter (instance) you need to store
the "type" as payload of the meter. This is a metadata of the instance,
but it's not currently defined as being stored in metadata, but in the
"payload" field of the meter.
Moreover, I'm rather sure there will soon be a counter with the need of
2 different "payload" information, and we'll have a problem since we can
only store one in the current meter schema, so we'll store the second
one as a metadata or something. So clearly the initial "payload"
solution is not enough.

OTOH I find the metadata proposal in another table too much
complicated. Why not storing what metadata in the meter.payload field
in the same table (e.g. as a JSON string)?

I miss the point of the introduction of a dedicated metadata table with
version string. It sounds to me like early optimization, which is the
root of all evil. :) But I might miss something.

-- 
Julien Danjou
// eNovance  http://enovance.com
// ✉ julien.dan...@enovance.com  ☎ +33 1 49 70 99 81

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Reminder: OpenStack Project meeting - 21:00 UTC

2012-05-15 Thread Thierry Carrez

Hello everyone,

Our weekly project & release status meeting will take place at 21:00 UTC
this Tuesday in #openstack-meeting on IRC. PTLs who can't make it should
name a substitute on [2].

We are just one week away from folsom-1 milestone-proposed cut, so for
affected projects we will look at progress against folsom-1 published goals.

You can doublecheck what "21:00 UTC" means for your timezone at [1]:
[1] http://www.timeanddate.com/worldclock/fixedtime.html?iso=20120515T21

See the meeting agenda, edit the wiki to add new topics for discussion:
[2] http://wiki.openstack.org/Meetings/ProjectMeeting

Cheers,

-- 
Thierry Carrez (ttx)
Release Manager, OpenStack

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Swift Object Storage ACLs with KeyStone

2012-05-15 Thread Chmouel Boudjnah

Hi,

In swift+keystone you are not allowed to have ACL between different
account/tenant/project, you can only allow ACL between  different
users in a tenant.
This is probably something not too difficult to implement but it may
needs some tinkering to get it right. Please feel free to log a bug in
keystone and we'll try to address that.

Chmouel.

On Sat, May 12, 2012 at 4:02 AM, 张家龙  wrote:
> Vish ,
>  Thank you for answering.
>  While ,sorry,I don`t understand your said.
>  Do you mean I have to do like follows when I setting up acls:
>
> curl -X PUT -i \
> -H "X-Auth-Token: " \
> -H "X-Container-Read: " \
> http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
>
> Or,other operations and settings?
> --
> Best Regards
>
> ZhangJialong
>
>
>
> -- Original --
> From:  "Vishvananda Ishaya";
> Date:  Sat, May 12, 2012 03:03 AM
> To:  "张家龙";
> Cc:  "openstack";
> Subject:  Re: [Openstack] Swift Object Storage ACLs with KeyStone
>
> I'm not totally sure about this, but you might have to use the project_id
> from keystone instead of the project_name when setting up acls.   The same
> may be true of user_id.
>
> Vish
>
> On Fri, May 11, 2012 at 12:51 AM, 张家龙  wrote:
>>
>>
>> Hello, everyone.
>>
>> I encountered some problems when i set permissions (ACLs) on Openstack
>> Swift containers.
>> I installed swift-1.4.8(essex) and use keystone-2012.1 as
>> authentication system on CentOS 6.2 .
>>
>> My swift proxy-server.conf and keystone.conf are here:
>> http://pastebin.com/dUnHjKSj
>>
>> Then,I use the script named opensatck_essex_data.sh(
>> http://pastebin.com/LWGVZrK0 ) to
>> initialize keystone.
>>
>> After these operations,I got the token of demo:demo and
>> newuser:newuser
>>
>> curl -s -H 'Content-type: application/json' \
>> -d '{"auth": {"tenantName": "demo", "passwordCredentials":
>> {"username": "demo", "password": "admin"}}}' \
>> http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool
>>
>> curl -s -H 'Content-type: application/json' \
>> -d '{"auth": {"tenantName": "newuser", "passwordCredentials":
>> {"username": "newuser", "password": "admin"}}}' \
>> http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool
>>
>> Then,enable read access to newuser:newuser
>>
>> curl -X PUT -i \
>> -H "X-Auth-Token: " \
>> -H "X-Container-Read: newuser:newuser" \
>>
>> http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
>>
>> Check the permission of the container:
>>
>> curl -k -v -H 'X-Auth-Token:' \
>>
>> http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
>>
>> This is the reply of the operation:
>>
>> HTTP/1.1 200 OK
>> X-Container-Object-Count: 1
>> X-Container-Read: newuser:newuser
>> X-Container-Bytes-Used: 2735
>> Accept-Ranges: bytes
>> Content-Length: 24
>> Content-Type: text/plain; charset=utf-8
>> Date: Fri, 11 May 2012 07:30:23 GMT
>>
>> opensatck_essex_data.sh
>>
>> Now,the user newuser:newuser visit the container of demo:demo
>>
>> curl -k -v -H 'X-Auth-Token:' \
>>
>> http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
>>
>> While,I got 403 error.Can someone help me?
>>
>> --
>> Best Regards
>>
>> ZhangJialong
>>
>>
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Error in documentation: Swift + Keystone + S3

2012-05-15 Thread Chmouel Boudjnah

On Tue, May 15, 2012 at 11:22 AM, Philipp Wollermann
 wrote:
> As a user, that's nearly impossible to find out - try it using the 
> documentation and Google. The only "official" place, where you can find it 
> mentioned, is in the middle of the 81.5kb stack.sh inside devstack and you'll 
> only find that, if you already know exactly what you're looking for :/

documentation should have been updated indeed :(

I have proposed a review to get it by default in keystone.conf sample
at https://review.openstack.org/#/c/7436/

> I'm currently trying to get a CCLA signed by my company, if that succeeds, 
> I'd like to contribute a fix to the docs. In the meantime, maybe that already 
> helps someone. :)

Thanks.

Chmouel.

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] AMQP server on localhost:5672 is unreachable: IOError Socket closed.

2012-05-15 Thread Bilel Msekni


Le 15/05/2012 11:14, Shashi Kanth Boddula a écrit :

Essex on Ubuntu 12.04.

I am seeing these messages in noa-api.log file, and the nova is not 
functional in dashboard. I believe the problem is with rabbitmq, but i 
don't know how to solve this situation.



2012-05-15 14:20:11 ERROR nova.rpc.common 
[req-1d70ea22-fb6e-4be8-84f5-54cfd78698ac 
0c1bd987f8b84088983e17645067c225 488ef90f59fd4bf68fc78f7086556af2] 
AMQP server on localhost:5672 is unreachable: Socket closed. Trying 
again in 30 seconds.
2012-05-15 14:20:11 TRACE nova.rpc.common Traceback (most recent call 
last):
2012-05-15 14:20:11 TRACE nova.rpc.common   File 
"/usr/lib/python2.7/dist-packages/nova/rpc/impl_kombu.py", line 446, 
in reconnect

2012-05-15 14:20:11 TRACE nova.rpc.common self._connect()
2012-05-15 14:20:11 TRACE nova.rpc.common   File 
"/usr/lib/python2.7/dist-packages/nova/rpc/impl_kombu.py", line 423, 
in _connect

2012-05-15 14:20:11 TRACE nova.rpc.common self.connection.connect()
2012-05-15 14:20:11 TRACE nova.rpc.common   File 
"/usr/lib/python2.7/dist-packages/kombu/connection.py", line 154, in 
connect

2012-05-15 14:20:11 TRACE nova.rpc.common return self.connection
2012-05-15 14:20:11 TRACE nova.rpc.common   File 
"/usr/lib/python2.7/dist-packages/kombu/connection.py", line 560, in 
connection
2012-05-15 14:20:11 TRACE nova.rpc.common self._connection = 
self._establish_connection()
2012-05-15 14:20:11 TRACE nova.rpc.common   File 
"/usr/lib/python2.7/dist-packages/kombu/connection.py", line 521, in 
_establish_connection
2012-05-15 14:20:11 TRACE nova.rpc.common conn = 
self.transport.establish_connection()
2012-05-15 14:20:11 TRACE nova.rpc.common   File 
"/usr/lib/python2.7/dist-packages/kombu/transport/pyamqplib.py", line 
255, in establish_connection
2012-05-15 14:20:11 TRACE nova.rpc.common 
connect_timeout=conninfo.connect_timeout)
2012-05-15 14:20:11 TRACE nova.rpc.common   File 
"/usr/lib/python2.7/dist-packages/kombu/transport/pyamqplib.py", line 
52, in __init__
2012-05-15 14:20:11 TRACE nova.rpc.common super(Connection, 
self).__init__(*args, **kwargs)
2012-05-15 14:20:11 TRACE nova.rpc.common   File 
"/usr/lib/python2.7/dist-packages/amqplib/client_0_8/connection.py", 
line 144, in __init__

2012-05-15 14:20:11 TRACE nova.rpc.common (10, 30), # tune
2012-05-15 14:20:11 TRACE nova.rpc.common   File 
"/usr/lib/python2.7/dist-packages/amqplib/client_0_8/abstract_channel.py", 
line 95, in wait
2012-05-15 14:20:11 TRACE nova.rpc.common self.channel_id, 
allowed_methods)
2012-05-15 14:20:11 TRACE nova.rpc.common   File 
"/usr/lib/python2.7/dist-packages/amqplib/client_0_8/connection.py", 
line 202, in _wait_method
2012-05-15 14:20:11 TRACE nova.rpc.common 
self.method_reader.read_method()
2012-05-15 14:20:11 TRACE nova.rpc.common   File 
"/usr/lib/python2.7/dist-packages/amqplib/client_0_8/method_framing.py", 
line 221, in read_method

2012-05-15 14:20:11 TRACE nova.rpc.common raise m
2012-05-15 14:20:11 TRACE nova.rpc.common IOError: Socket closed
2012-05-15 14:20:11 TRACE nova.rpc.common

# service rabbitmq-server status
Status of node rabbit@openstack ...
[{pid,2137},
 {running_applications,[{rabbit,"RabbitMQ","2.7.1"},
{os_mon,"CPO  CXC 138 46","2.2.7"},
{sasl,"SASL  CXC 138 11","2.1.10"},
{mnesia,"MNESIA  CXC 138 12","4.5"},
{stdlib,"ERTS  CXC 138 10","1.17.5"},
{kernel,"ERTS  CXC 138 10","2.14.5"}]},
 {os,{unix,linux}},
 {erlang_version,"Erlang R14B04 (erts-5.8.5) [source] [64-bit] 
[smp:24:24] [rq:24] [async-threads:30] [kernel-poll:true]\n"},

 {memory,[{total,26413240},
  {processes,10154960},
  {processes_used,10134760},
  {system,16258280},
  {atom,1124441},
  {atom_used,1120341},
  {binary,69304},
  {code,11134417},
  {ets,742384}]},
 {vm_memory_high_watermark,0.397628105},
 {vm_memory_limit,13491309772}]
...done.




--
Thanks & Regards,
Shashi Kanth



___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp
Nova connects to RabbitMQ through the defaults values  ( localhost:5672) 
and credentials (guest)
Check for the address of your rabbitMQ in the config file 
(/etc/rabbitmq/rabbitMQ.config)


and do this
nano /etc/rabbitmq/rabbitmq.config
[{rabbit, [{tcp_listeners, [{"127.0.0.1",5672}] }] } ]. #Paste this line
#Exit and SAVE
service start rabbitmq-server

This certainly will make your rabbitMQ talk to Nova. otherwise there is 
something wrong with your nova
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Error in documentation: Swift + Keystone + S3

2012-05-15 Thread Philipp Wollermann

Hi,

today, I was trying to setup Swift with Keystone authentication and S3 
compatibility.

Thanks to the very good documentation at http://swift.openstack.org/ and 
http://keystone.openstack.org/configuringservices.html I got a working setup 
quite fast, however S3 compatibility didn't work. The client couldn't 
authenticate, got a HTTP 500 error, which was caused by Keystone responding 
with a HTTP 404 to an internal request to /v2.0/s3tokens.

After several hours, I found out, that no one ever mentions the small detail, 
that you have to include this in keystone.conf:

[filter:s3_extension]
paste.filter_factory = keystone.contrib.s3:S3Extension.factory

and add "s3_extension" in the "[pipeline:admin_api]" section between 
"ec2_extension" and "crud_extension".

As a user, that's nearly impossible to find out - try it using the 
documentation and Google. The only "official" place, where you can find it 
mentioned, is in the middle of the 81.5kb stack.sh inside devstack and you'll 
only find that, if you already know exactly what you're looking for :/

I'm currently trying to get a CCLA signed by my company, if that succeeds, I'd 
like to contribute a fix to the docs. In the meantime, maybe that already helps 
someone. :)

Best regards,

-- 
Philipp Wollermann

Infrastructure Engineer
CyberAgent, Inc. (Tokyo)
https://github.com/philwo



___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] AMQP server on localhost:5672 is unreachable: IOError Socket closed.

2012-05-15 Thread Shashi Kanth Boddula

Essex on Ubuntu 12.04.

I am seeing these messages in noa-api.log file, and the nova is not
functional in dashboard. I believe the problem is with rabbitmq, but i
don't know how to solve this situation.


2012-05-15 14:20:11 ERROR nova.rpc.common
[req-1d70ea22-fb6e-4be8-84f5-54cfd78698ac 0c1bd987f8b84088983e17645067c225
488ef90f59fd4bf68fc78f7086556af2] AMQP server on localhost:5672 is
unreachable: Socket closed. Trying again in 30 seconds.
2012-05-15 14:20:11 TRACE nova.rpc.common Traceback (most recent call last):
2012-05-15 14:20:11 TRACE nova.rpc.common   File
"/usr/lib/python2.7/dist-packages/nova/rpc/impl_kombu.py", line 446, in
reconnect
2012-05-15 14:20:11 TRACE nova.rpc.common self._connect()
2012-05-15 14:20:11 TRACE nova.rpc.common   File
"/usr/lib/python2.7/dist-packages/nova/rpc/impl_kombu.py", line 423, in
_connect
2012-05-15 14:20:11 TRACE nova.rpc.common self.connection.connect()
2012-05-15 14:20:11 TRACE nova.rpc.common   File
"/usr/lib/python2.7/dist-packages/kombu/connection.py", line 154, in connect
2012-05-15 14:20:11 TRACE nova.rpc.common return self.connection
2012-05-15 14:20:11 TRACE nova.rpc.common   File
"/usr/lib/python2.7/dist-packages/kombu/connection.py", line 560, in
connection
2012-05-15 14:20:11 TRACE nova.rpc.common self._connection =
self._establish_connection()
2012-05-15 14:20:11 TRACE nova.rpc.common   File
"/usr/lib/python2.7/dist-packages/kombu/connection.py", line 521, in
_establish_connection
2012-05-15 14:20:11 TRACE nova.rpc.common conn =
self.transport.establish_connection()
2012-05-15 14:20:11 TRACE nova.rpc.common   File
"/usr/lib/python2.7/dist-packages/kombu/transport/pyamqplib.py", line 255,
in establish_connection
2012-05-15 14:20:11 TRACE nova.rpc.common
connect_timeout=conninfo.connect_timeout)
2012-05-15 14:20:11 TRACE nova.rpc.common   File
"/usr/lib/python2.7/dist-packages/kombu/transport/pyamqplib.py", line 52,
in __init__
2012-05-15 14:20:11 TRACE nova.rpc.common super(Connection,
self).__init__(*args, **kwargs)
2012-05-15 14:20:11 TRACE nova.rpc.common   File
"/usr/lib/python2.7/dist-packages/amqplib/client_0_8/connection.py", line
144, in __init__
2012-05-15 14:20:11 TRACE nova.rpc.common (10, 30), # tune
2012-05-15 14:20:11 TRACE nova.rpc.common   File
"/usr/lib/python2.7/dist-packages/amqplib/client_0_8/abstract_channel.py",
line 95, in wait
2012-05-15 14:20:11 TRACE nova.rpc.common self.channel_id,
allowed_methods)
2012-05-15 14:20:11 TRACE nova.rpc.common   File
"/usr/lib/python2.7/dist-packages/amqplib/client_0_8/connection.py", line
202, in _wait_method
2012-05-15 14:20:11 TRACE nova.rpc.common
self.method_reader.read_method()
2012-05-15 14:20:11 TRACE nova.rpc.common   File
"/usr/lib/python2.7/dist-packages/amqplib/client_0_8/method_framing.py",
line 221, in read_method
2012-05-15 14:20:11 TRACE nova.rpc.common raise m
2012-05-15 14:20:11 TRACE nova.rpc.common IOError: Socket closed
2012-05-15 14:20:11 TRACE nova.rpc.common



# service rabbitmq-server status
Status of node rabbit@openstack ...
[{pid,2137},
 {running_applications,[{rabbit,"RabbitMQ","2.7.1"},
{os_mon,"CPO  CXC 138 46","2.2.7"},
{sasl,"SASL  CXC 138 11","2.1.10"},
{mnesia,"MNESIA  CXC 138 12","4.5"},
{stdlib,"ERTS  CXC 138 10","1.17.5"},
{kernel,"ERTS  CXC 138 10","2.14.5"}]},
 {os,{unix,linux}},
 {erlang_version,"Erlang R14B04 (erts-5.8.5) [source] [64-bit] [smp:24:24]
[rq:24] [async-threads:30] [kernel-poll:true]\n"},
 {memory,[{total,26413240},
  {processes,10154960},
  {processes_used,10134760},
  {system,16258280},
  {atom,1124441},
  {atom_used,1120341},
  {binary,69304},
  {code,11134417},
  {ets,742384}]},
 {vm_memory_high_watermark,0.397628105},
 {vm_memory_limit,13491309772}]
...done.




-- 
Thanks & Regards,
Shashi Kanth
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Problem with attaching disks to an instance

2012-05-15 Thread Razique Mahroua

Oh sorry, haven't read Vish answer, my bad :-) 	   
   	Shashank Sahni  
  14 mai 2012 23:30
  

  
Thank you Vish. That did the trick :)

Regards,
Shashank Sahni


  ___Mailing list: 
https://launchpad.net/~openstackPost to : 
openstack@lists.launchpad.netUnsubscribe : 
https://launchpad.net/~openstackMore help   : 
https://help.launchpad.net/ListHelp 	   
   	Vishvananda Ishaya  
  14 mai 2012 23:13you have to set 
iscsi_ip_address on the volume node.  The volume node is the one that 
creates this db entry.Vish___Mailing
 list: https://launchpad.net/~openstackPost to : 
openstack@lists.launchpad.netUnsubscribe : 
https://launchpad.net/~openstackMore help   : 
https://help.launchpad.net/ListHelp 	   
   	Shashank Sahni  
  14 mai 2012 22:54
  

  
Hi Vish,

Yeah you are right. I checked the settings in the volume database
and for all volumes the entry is similar to following.

controller_node:3260,3 iqn.2010-10.org.openstack:volume-0004 

But it seems these entries are being generated automatically, i.e.
as soon as I issue volume creation command. How do I fix this? I am
already using properly configured iscsi_ip_address option in the
controller's nova.conf file.

Regards,
Shashank Sahni


  ___Mailing list: 
https://launchpad.net/~openstackPost to : 
openstack@lists.launchpad.netUnsubscribe : 
https://launchpad.net/~openstackMore help   : 
https://help.launchpad.net/ListHelp 	   
   	Vishvananda Ishaya  
  14 mai 2012 22:45It should be getting the 
connection properties via the call to the volume node.  Is it possible 
your volume in the database has incorrect properties stored in 
provider_location?It is set from the cofig 
iscsi_ip_address, so if you have not set that configuration option to a 
routable ip from compute -> volume then it will not work.  Also, 
changing the config option will not change the existing values in the 
db, so you might have to change those manually.Vish___Mailing
 list: https://launchpad.net/~openstackPost to : 
openstack@lists.launchpad.netUnsubscribe : 
https://launchpad.net/~openstackMore help   : 
https://help.launchpad.net/ListHelp 	   
   	Shashank Sahni  
  14 mai 2012 16:28
  

  
Hi,

Thanks for the reply.

Yes, I've gone through the document. Volume creation and deletion
are working perfectly fine. When I run "iscsiadm -m discovery -t st
-p volume_node" on the compute node, I can see the volumes. But
somehow the compute node is being misinformed about the volume node
after giving the attach command.

I'm not using iscsitarget as per that document. Installation of
nova-volume on ubuntu precise automatically took care of it using
tgt.

Kind Regards,
Shashank Sahni

On 05/14/2012 07:34 PM, raja.me...@wipro.com

  -- Nuage & Co - Razique Mahroua 
razique.mahr...@gmail.com








 






___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Dhcp lease errors in vlan mode

2012-05-15 Thread Razique Mahroua

Great work Lorin, just reviewed :-) 	   
   	Lorin Hochstein  
  14 mai 2012 21:59I attempted to 
document this issue in the docs: https://review.openstack.org/7403(As
 an aside, we're using VLAN mode at Nimbis).Take
 care,Lorin--Lorin 
HochsteinLead Architect - Cloud ServicesNimbis 
Services, Inc.www.nimbisservices.com___Mailing
 list: https://launchpad.net/~openstackPost to : 
openstack@lists.launchpad.netUnsubscribe : 
https://launchpad.net/~openstackMore help   : 
https://help.launchpad.net/ListHelp 	   
   	Vishvananda Ishaya  
  14 mai 2012 19:46TL;DRTo
 fix issues with failed dhcp leases in vlan mode, upgrade to dnsmasq 
2.6.1[1]THE LONG VERSIONThere
 is an issue with the way nova uses dnsmasq in VLAN mode. It starts up a
 single copy of dnsmasq for each vlan on the network host (or on every 
host in multi_host mode). The problem is in the way that dnsmasq binds 
to an ip address and port[2]. Both copies can respond to broadcast 
packet, but unicast packets can only be answered by one of the copies.In
 nova this means that guests from only one project will get responses to
 their unicast dhcp renew requests.  Unicast projects from guests in 
other projects get ignored. What happens next is different depending on 
the guest os.  Linux generally will send a broadcast packet out after 
the unicast fails, and so the only effect is a small (tens of ms) hiccup
 while interface is reconfigured.  It can be much worse than that, 
however. I have seen cases where Windows just gives up and ends up with a
 non-configured interface.This bug was first 
noticed by some users of openstack who rolled their own fix. Basically, 
on linux, if you set the SO_BINDTODEVICE socket option, it will allow 
different daemons to share the port and respond to unicast packets, as 
long as they listen on different interfaces. I managed to communicate 
with Simon Kelley, the maintainer of dnsmasq and he has integrated a 
fix[3] for the issue in the current version[1] of dnsmaq.I
 don't know how may users out there are using vlan mode, but you should 
be able to deal with this issue by upgrading dnsmasq. It would be great 
if the various distributionss could upgrade as well, or at least try to 
patch in the fix[3]. If upgrading dnsmasq is out of the question, a 
possible workaround is to minimize lease renewals with something like 
the following combination of config options.# 
release leases immediately on terminateforce_dhcp_release=true#
 one week lease timedhcp_lease_time=604800# two 
week disassociate timeoutfixed_ip_disassociate_timeout=1209600Vish[1] http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.61.tar.gz[2] http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2011q3/005233.html[3] http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=9380ba70d67db6b69f817d8e318de5ba1e990b12___Mailing
 list: https://launchpad.net/~openstackPost to : 
openstack@lists.launchpad.netUnsubscribe : 
https://launchpad.net/~openstackMore help   : 
https://help.launchpad.net/ListHelp-- Nuage & Co - Razique Mahroua 
razique.mahr...@gmail.com








 






___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] not able to start nova-compute "Instance could not be found"

2012-05-15 Thread Razique Mahroua

Hi :-)Did you use to have that
 instance and destroyed it - lost it while it is still logged into the 
database ?does $ nova list works, if so use it to retrieve the 
compute node used for it and check /var/lib/nova/instances, or connect 
to the node, and isue : $ virsh list --allRazique 	   
   	Shashi Kanth Boddula  
  14 mai 2012 20:36Essex on Ubuntu 12.04 LTS.I
 am not able to start nova-compute service. # start nova-compute
 nova-compute start/running, process 2262# status 
nova-compute nova-compute stop/waiting
In the log i see bellow. "Instance instance-0009 could not be 
found".2012-05-15 00:02:11 INFO nova.rpc.common 
[req-16833960-e870-4425-9ef9-be21737ffa9d None None] Connected to AMQP 
server on openstack:5672
2012-05-15 00:02:12 CRITICAL nova [-] Instance instance-0009 could 
not be found.2012-05-15 00:02:12 TRACE nova Traceback (most recent 
call last):2012-05-15 00:02:12 TRACE nova   File 
"/usr/bin/nova-compute", line 49, in 
2012-05-15 00:02:12 TRACE nova service.wait()2012-05-15 00:02:12
 TRACE nova   File "/usr/lib/python2.7/dist-packages/nova/service.py", 
line 413, in wait2012-05-15 00:02:12 TRACE nova _launcher.wait()
2012-05-15 00:02:12 TRACE nova   File 
"/usr/lib/python2.7/dist-packages/nova/service.py", line 131, in wait2012-05-15
 00:02:12 TRACE nova service.wait()2012-05-15 00:02:12 TRACE 
nova   File "/usr/lib/python2.7/dist-packages/eventlet/greenthread.py", 
line 166, in wait
2012-05-15 00:02:12 TRACE nova return self._exit_event.wait()2012-05-15
 00:02:12 TRACE nova   File 
"/usr/lib/python2.7/dist-packages/eventlet/event.py", line 116, in wait2012-05-15
 00:02:12 TRACE nova return hubs.get_hub().switch()
2012-05-15 00:02:12 TRACE nova   File 
"/usr/lib/python2.7/dist-packages/eventlet/hubs/hub.py", line 177, in 
switch2012-05-15 00:02:12 TRACE nova return 
self.greenlet.switch()2012-05-15 00:02:12 TRACE nova   File 
"/usr/lib/python2.7/dist-packages/eventlet/greenthread.py", line 192, in
 main
2012-05-15 00:02:12 TRACE nova result = function(*args, **kwargs)2012-05-15
 00:02:12 TRACE nova   File 
"/usr/lib/python2.7/dist-packages/nova/service.py", line 101, in 
run_server2012-05-15 00:02:12 TRACE nova server.start()
2012-05-15 00:02:12 TRACE nova   File 
"/usr/lib/python2.7/dist-packages/nova/service.py", line 162, in start2012-05-15
 00:02:12 TRACE nova self.manager.init_host()2012-05-15 00:02:12
 TRACE nova   File 
"/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 247, in
 init_host
2012-05-15 00:02:12 TRACE nova self.reboot_instance(context, 
instance['uuid'])2012-05-15 00:02:12 TRACE nova   File 
"/usr/lib/python2.7/dist-packages/nova/exception.py", line 114, in 
wrapped2012-05-15 00:02:12 TRACE nova return f(*args, **kw)
2012-05-15 00:02:12 TRACE nova   File 
"/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 153, in
 decorated_function2012-05-15 00:02:12 TRACE nova function(self,
 context, instance_uuid, *args, **kwargs)
2012-05-15 00:02:12 TRACE nova   File 
"/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 171, in
 decorated_function2012-05-15 00:02:12 TRACE nova return 
function(self, context, instance_uuid, *args, **kwargs)
2012-05-15 00:02:12 TRACE nova   File 
"/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 898, in
 reboot_instance2012-05-15 00:02:12 TRACE nova reboot_type)2012-05-15
 00:02:12 TRACE nova   File 
"/usr/lib/python2.7/dist-packages/nova/exception.py", line 114, in 
wrapped
2012-05-15 00:02:12 TRACE nova return f(*args, **kw)2012-05-15 
00:02:12 TRACE nova   File 
"/usr/lib/python2.7/dist-packages/nova/virt/libvirt/connection.py", line
 718, in reboot2012-05-15 00:02:12 TRACE nova if 
self._soft_reboot(instance):
2012-05-15 00:02:12 TRACE nova   File 
"/usr/lib/python2.7/dist-packages/nova/virt/libvirt/connection.py", line
 738, in _soft_reboot2012-05-15 00:02:12 TRACE nova dom = 
self._lookup_by_name(instance.name)
2012-05-15 00:02:12 TRACE nova   File 
"/usr/lib/python2.7/dist-packages/nova/virt/libvirt/connection.py", line
 1542, in _lookup_by_name2012-05-15 00:02:12 TRACE nova raise 
exception.InstanceNotFound(instance_id=instance_name)
2012-05-15 00:02:12 TRACE nova InstanceNotFound: Instance 
instance-0009 could not be found.2012-05-15 00:02:12 TRACE nova Anyone
 help me how to solve this issue?Thanks in advance.# 
nova-manage service list
nova-compute openstack    nova 
enabled    XXX   2012-05-14 12:38:29nova-scheduler   
openstack    nova enabled    :-)   
2012-05-14 18:35:15
nova-volume  openstack    nova 
enabled    :-)   2012-05-14 18:35:16nova-network 
openstack    nova enabled    :-)   
2012-05-14 18:35:14
nova-consoleauth openstack    nova 
enabled    :-)   2012-05-14 18:35:22-- Thanks
 & Regards,Sha

Re: [Openstack] Problem with attaching disks to an instance

2012-05-15 Thread Razique Mahroua

In fact, it looks like the service is not able to retrieve the 
nova-volume' IP; as if there were some issue parsing the flag or 
something like that.Could you try by commenting that entry on all 
your servers : --iscsi_ip_address and
 only keep the prefix ?Razique 	   
   	Shashank Sahni  
  14 mai 2012 18:22
  

  
Hi,

Oh! They are same. I just masked the values before pasting the
configuration files. Although, now that I think of it, its pretty
harmless. Here are the originals.

controller node - http://paste.openstack.org/show/17513/
compute node - http://paste.openstack.org/show/17514/
volume node - http://paste.openstack.org/show/17515/

As per my understanding, I just need to figure out how the volume
node is identified. Thank you for replying.

Regards,
Shashank Sahni


  ___Mailing list: 
https://launchpad.net/~openstackPost to : 
openstack@lists.launchpad.netUnsubscribe : 
https://launchpad.net/~openstackMore help   : 
https://help.launchpad.net/ListHelp-- Nuage & Co - Razique Mahroua 
razique.mahr...@gmail.com








 






___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Swift] swift news and plans

2012-05-15 Thread Andy Edmonds

If I'm not mistaken:
http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-08-20.00.log.html

Also included in the discussion was 3rd party APIs within nova.

Andy
andy.edmonds.be


On Thu, May 10, 2012 at 2:50 AM, Soren Hansen  wrote:

> 2012/5/4 John Dickinson :
> > TL;DR: removing code from swift, associated projects doc, swift 1.5.0
>
> This is interesting stuff. Where was this discussed?
>
> --
> Soren Hansen | http://linux2go.dk/
> Senior Software Engineer | http://www.cisco.com/
> Ubuntu Developer | http://www.ubuntu.com/
> OpenStack Developer  | http://www.openstack.org/
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [devstack/quantum] Configuration issue

2012-05-15 Thread Gary Kotton


Hi,
Thanks. The Quantum DB is empty. The script for devstack ensures that it 
is clean prior to running.

Thanks
Gary

On 05/15/2012 09:46 AM, Edgar Magana (eperdomo) wrote:

BTW. I also restart the network service to be sure that any previous
configuration is completely removed.

Edgar

-Original Message-
From: openstack-bounces+eperdomo=cisco@lists.launchpad.net
[mailto:openstack-bounces+eperdomo=cisco@lists.launchpad.net] On
Behalf Of Gary Kotton
Sent: Monday, May 14, 2012 11:01 PM
To: openstack@lists.launchpad.net
Subject: [Openstack] [devstack/quantum] Configuration issue

Hi,
This morning I encountered a problem (which did not happen a few days
ago :)). When devstack is launched, with quantum configured, the gateway

and bridge devices are created. This causes problems with quantum.

For example when devstack is up and running prior to deploying an
instance we have:

brq744ec2f4-c0 Link encap:Ethernet  HWaddr fa:16:3e:03:a6:55
inet addr:10.0.0.1  Bcast:0.0.0.0  Mask:255.255.255.0
UP BROADCAST MULTICAST  MTU:1500  Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

gw-744ec2f4-c0 Link encap:Ethernet  HWaddr fa:16:3e:03:a6:55
inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0
UP BROADCAST MULTICAST  MTU:1500  Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

When an instance is deployed the following happens:

2012-05-15 01:59:18 DEBUG nova.utils
[req-4d50ed10-46e1-406c-9074-dc45da860365
df07eec326434b25800f3ebc17202fb3 2cafe0be4d7740098a89be39ffd1b72e]
Running cmd (subprocess): sudo /usr/local/bin/nova-rootwrap ip address
add 10.0.0.1/24 dev brq744ec2f4-c0 from (pid=4234) execute
/opt/stack/nova/nova/utils.py:178
2012-05-15 01:59:18 DEBUG nova.utils
[req-4d50ed10-46e1-406c-9074-dc45da860365
df07eec326434b25800f3ebc17202fb3 2cafe0be4d7740098a89be39ffd1b72e]
Result was 254 from (pid=4234) execute /opt/stack/nova/nova/utils.py:194
2012-05-15 01:59:18 ERROR nova.rpc.amqp
[req-4d50ed10-46e1-406c-9074-dc45da860365
df07eec326434b25800f3ebc17202fb3 2cafe0be4d7740098a89be39ffd1b72e]
Exception during message handling
2012-05-15 01:59:18 TRACE nova.rpc.amqp Traceback (most recent call
last):
2012-05-15 01:59:18 TRACE nova.rpc.amqp   File
"/opt/stack/nova/nova/rpc/amqp.py", line 263, in _process_data
2012-05-15 01:59:18 TRACE nova.rpc.amqp rval =
node_func(context=ctxt, **node_args)
2012-05-15 01:59:18 TRACE nova.rpc.amqp   File
"/opt/stack/nova/nova/network/quantum/manager.py", line 390, in
allocate_for_instance
2012-05-15 01:59:18 TRACE nova.rpc.amqp network, vif_rec,
network['net_tenant_id'])
2012-05-15 01:59:18 TRACE nova.rpc.amqp   File
"/opt/stack/nova/nova/utils.py", line 880, in inner
2012-05-15 01:59:18 TRACE nova.rpc.amqp retval = f(*args, **kwargs)
2012-05-15 01:59:18 TRACE nova.rpc.amqp   File
"/opt/stack/nova/nova/network/quantum/manager.py", line 501, in
enable_dhcp
2012-05-15 01:59:18 TRACE nova.rpc.amqp
self.l3driver.initialize_gateway(network_ref)
2012-05-15 01:59:18 TRACE nova.rpc.amqp   File
"/opt/stack/nova/nova/network/l3.py", line 98, in initialize_gateway
2012-05-15 01:59:18 TRACE nova.rpc.amqp
gateway=(network_ref['gateway'] is not None))
2012-05-15 01:59:18 TRACE nova.rpc.amqp   File
"/opt/stack/nova/nova/network/linux_net.py", line 900, in plug
2012-05-15 01:59:18 TRACE nova.rpc.amqp return
_get_interface_driver().plug(network, mac_address, gateway)
2012-05-15 01:59:18 TRACE nova.rpc.amqp   File
"/opt/stack/nova/nova/network/linux_net.py", line 1160, in plug
2012-05-15 01:59:18 TRACE nova.rpc.amqp run_as_root=True)
2012-05-15 01:59:18 TRACE nova.rpc.amqp   File
"/opt/stack/nova/nova/utils.py", line 201, in execute
2012-05-15 01:59:18 TRACE nova.rpc.amqp cmd=' '.join(cmd))
2012-05-15 01:59:18 TRACE nova.rpc.amqp ProcessExecutionError:
Unexpected error while running command.
2012-05-15 01:59:18 TRACE nova.rpc.amqp Command: sudo
/usr/local/bin/nova-rootwrap ip address add 10.0.0.1/24 dev
brq744ec2f4-c0
2012-05-15 01:59:18 TRACE nova.rpc.amqp Exit code: 254
2012-05-15 01:59:18 TRACE nova.rpc.amqp Stdout: ''
2012-05-15 01:59:18 TRACE nova.rpc.amqp Stderr: 'RTNETLINK answers: File

exists\n'
2012-05-15 01:59:18 TRACE nova.rpc.amqp
2012-05-15 01:59:18 ERROR nova.rpc.common
[req-4d50ed10-46e1-406c-9074-dc45da860365
df07eec326434b25800f3ebc17202fb3 2cafe0be4d7740098a89be39ffd1b72e]
Returning exception Unexpected error while running command.
Command: sudo /usr/local/bin/nova-rootwrap ip address add 10.0.0.1/24
dev brq744ec2f4-c0
Exit code: 254
Stdout: ''
Stderr: 'RTNETLINK answers: File exists\n' to caller
2012-05-15 01:59:18 ERROR nova.rpc.common
[req-4d50

Re: [Openstack] [devstack/quantum] Configuration issue

2012-05-15 Thread Edgar Magana (eperdomo)

BTW. I also restart the network service to be sure that any previous
configuration is completely removed.

Edgar

-Original Message-
From: openstack-bounces+eperdomo=cisco@lists.launchpad.net
[mailto:openstack-bounces+eperdomo=cisco@lists.launchpad.net] On
Behalf Of Gary Kotton
Sent: Monday, May 14, 2012 11:01 PM
To: openstack@lists.launchpad.net
Subject: [Openstack] [devstack/quantum] Configuration issue

Hi,
This morning I encountered a problem (which did not happen a few days 
ago :)). When devstack is launched, with quantum configured, the gateway

and bridge devices are created. This causes problems with quantum.

For example when devstack is up and running prior to deploying an 
instance we have:

brq744ec2f4-c0 Link encap:Ethernet  HWaddr fa:16:3e:03:a6:55
   inet addr:10.0.0.1  Bcast:0.0.0.0  Mask:255.255.255.0
   UP BROADCAST MULTICAST  MTU:1500  Metric:1
   RX packets:0 errors:0 dropped:0 overruns:0 frame:0
   TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
   collisions:0 txqueuelen:0
   RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

gw-744ec2f4-c0 Link encap:Ethernet  HWaddr fa:16:3e:03:a6:55
   inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0
   UP BROADCAST MULTICAST  MTU:1500  Metric:1
   RX packets:0 errors:0 dropped:0 overruns:0 frame:0
   TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
   collisions:0 txqueuelen:500
   RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

When an instance is deployed the following happens:

2012-05-15 01:59:18 DEBUG nova.utils 
[req-4d50ed10-46e1-406c-9074-dc45da860365 
df07eec326434b25800f3ebc17202fb3 2cafe0be4d7740098a89be39ffd1b72e] 
Running cmd (subprocess): sudo /usr/local/bin/nova-rootwrap ip address 
add 10.0.0.1/24 dev brq744ec2f4-c0 from (pid=4234) execute 
/opt/stack/nova/nova/utils.py:178
2012-05-15 01:59:18 DEBUG nova.utils 
[req-4d50ed10-46e1-406c-9074-dc45da860365 
df07eec326434b25800f3ebc17202fb3 2cafe0be4d7740098a89be39ffd1b72e] 
Result was 254 from (pid=4234) execute /opt/stack/nova/nova/utils.py:194
2012-05-15 01:59:18 ERROR nova.rpc.amqp 
[req-4d50ed10-46e1-406c-9074-dc45da860365 
df07eec326434b25800f3ebc17202fb3 2cafe0be4d7740098a89be39ffd1b72e] 
Exception during message handling
2012-05-15 01:59:18 TRACE nova.rpc.amqp Traceback (most recent call
last):
2012-05-15 01:59:18 TRACE nova.rpc.amqp   File 
"/opt/stack/nova/nova/rpc/amqp.py", line 263, in _process_data
2012-05-15 01:59:18 TRACE nova.rpc.amqp rval = 
node_func(context=ctxt, **node_args)
2012-05-15 01:59:18 TRACE nova.rpc.amqp   File 
"/opt/stack/nova/nova/network/quantum/manager.py", line 390, in 
allocate_for_instance
2012-05-15 01:59:18 TRACE nova.rpc.amqp network, vif_rec, 
network['net_tenant_id'])
2012-05-15 01:59:18 TRACE nova.rpc.amqp   File 
"/opt/stack/nova/nova/utils.py", line 880, in inner
2012-05-15 01:59:18 TRACE nova.rpc.amqp retval = f(*args, **kwargs)
2012-05-15 01:59:18 TRACE nova.rpc.amqp   File 
"/opt/stack/nova/nova/network/quantum/manager.py", line 501, in
enable_dhcp
2012-05-15 01:59:18 TRACE nova.rpc.amqp 
self.l3driver.initialize_gateway(network_ref)
2012-05-15 01:59:18 TRACE nova.rpc.amqp   File 
"/opt/stack/nova/nova/network/l3.py", line 98, in initialize_gateway
2012-05-15 01:59:18 TRACE nova.rpc.amqp 
gateway=(network_ref['gateway'] is not None))
2012-05-15 01:59:18 TRACE nova.rpc.amqp   File 
"/opt/stack/nova/nova/network/linux_net.py", line 900, in plug
2012-05-15 01:59:18 TRACE nova.rpc.amqp return 
_get_interface_driver().plug(network, mac_address, gateway)
2012-05-15 01:59:18 TRACE nova.rpc.amqp   File 
"/opt/stack/nova/nova/network/linux_net.py", line 1160, in plug
2012-05-15 01:59:18 TRACE nova.rpc.amqp run_as_root=True)
2012-05-15 01:59:18 TRACE nova.rpc.amqp   File 
"/opt/stack/nova/nova/utils.py", line 201, in execute
2012-05-15 01:59:18 TRACE nova.rpc.amqp cmd=' '.join(cmd))
2012-05-15 01:59:18 TRACE nova.rpc.amqp ProcessExecutionError: 
Unexpected error while running command.
2012-05-15 01:59:18 TRACE nova.rpc.amqp Command: sudo 
/usr/local/bin/nova-rootwrap ip address add 10.0.0.1/24 dev
brq744ec2f4-c0
2012-05-15 01:59:18 TRACE nova.rpc.amqp Exit code: 254
2012-05-15 01:59:18 TRACE nova.rpc.amqp Stdout: ''
2012-05-15 01:59:18 TRACE nova.rpc.amqp Stderr: 'RTNETLINK answers: File

exists\n'
2012-05-15 01:59:18 TRACE nova.rpc.amqp
2012-05-15 01:59:18 ERROR nova.rpc.common 
[req-4d50ed10-46e1-406c-9074-dc45da860365 
df07eec326434b25800f3ebc17202fb3 2cafe0be4d7740098a89be39ffd1b72e] 
Returning exception Unexpected error while running command.
Command: sudo /usr/local/bin/nova-rootwrap ip address add 10.0.0.1/24 
dev brq744ec2f4-c0
Exit code: 254
Stdout: ''
Stderr: 'RTNETLINK answers: File exists\n' to caller
2012-05-15 01:59:18 ERROR nova.rpc.common 
[req-4d50ed10-46e1-406c-9074-dc45da860365 
df07eec326434b25800f3ebc17202fb3 2cafe0be4d7740098a89be39ffd1b72e] 
['Traceback (most recent call last):\n', '

78 matches

Mail list logo