Re: [Openstack] Boot from Volume via Horizon?
Couldn't find anything specifically tracking this so: https://bugs.launchpad.net/horizon/+bug/1190376 Somewhat related: https://blueprints.launchpad.net/horizon/+spec/improved-boot-from-volume On Jun 12, 2013, at 2:14 PM, Wolfgang Richter w...@cs.cmu.edu wrote: Ah! Touche! What a nicer option to start instances based on volumes :-) I was hoping also for a button or option from the Volumes or Snapshots areas of the web app as well, but this works (albeit being a bit hidden). -- Wolf On Wed, Jun 12, 2013 at 5:13 AM, Julie Pichon jpic...@redhat.com wrote: Hi, Wolfgang Richter w...@cs.cmu.edu wrote: Am I missing something or does Horizon as released with Grizzly not have an option for booting an instance from a volume? When you click on the button to Launch an instance on the Instances page, you should see a Volume Options tab that will let you choose a volume or volume snapshot to boot from. Hope this helps, Julie I am able to successfully do this with nova boot from the commandline. -- Wolf ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp -- Wolf ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] TC candidacy
Hella +1 On Sep 14, 2012, at 10:55 AM, Bhandaru, Malini K malini.k.bhand...@intel.com wrote: +1 -Original Message- From: openstack-bounces+malini.k.bhandaru=intel@lists.launchpad.net [mailto:openstack-bounces+malini.k.bhandaru=intel@lists.launchpad.net] On Behalf Of Anne Gentle Sent: Friday, September 14, 2012 10:25 AM To: openstack@lists.launchpad.net Subject: [Openstack] TC candidacy I'd like to propose myself as a Technical Committee candidate for one of the open seats in the current election. ==Background and Experience== Hi, I'm Anne Gentle, I work at Rackspace serving as the OpenStack doc coordinator. I put Content Stacker on my business cards to point out the power of content coming from many people and many projects that I happily stack into organized sites. I maintain the docs.openstack.org and api.openstack.org site by running the documentation project like a code project, with blueprints, bugs, and task tracking. Also documentation is published continuously and automatically with reviews in the Gerrit system like code. I've been working on OpenStack for two years. Here's a link to my contributed patches and reviews on Gerrit. https://review.openstack.org/#/q/reviewer:anne%2540openstack.org,n,z My open source experience precedes my OpenStack history. Starting around 2008, I worked with FLOSS Manuals writing open source manuals for open source software, http://flossmanuals.net. I'm always researching the latest tools, techniques, and limited amount of academic research available about open source and documentation. This year I released a 2nd edition of my book, Conversation and Community: The Social Web for Documentation that includes a chapter about open source and documentation. It's a unique field and I'm quite drawn to it. ==Technical Expertise== I've been working on technical documentation in software and IT and have built a unique perspective through the years on how to integrate documentation closely with fast-moving code. I also have the technical knowledge and user perspective for consuming OpenStack APIs. I'm a fast learner and open to many tools and processes related to code and docs. OpenStack affords us all opportunities to design, implement, experiment, and build upon documentation and I enjoy working with the community to continually improve the documentation. Thanks for your consideration. Anne Gentle --- http://justwriteclick.com http://www.linkedin.com/in/annegentle ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Need stable/essex review for Horizon
For some reason I can't +1 7731 but +1'd the rest fwiw. On Jun 21, 2012, at 1:21 PM, Devin Carlen wrote: Hey all, We've had a number of stable/essex reviews up that were abandoned due to lack of reviews. We have re-enabled them and are hoping to get some eyes on these so we can release 2012.1.1: https://review.openstack.org/#/c/7718/ https://review.openstack.org/#/c/7723/ https://review.openstack.org/#/c/7729/ https://review.openstack.org/#/c/7731/ Thanks all! Devin ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Proposal to add Tihomir Trifinov to Horizon Core
+1! On Jun 6, 2012, at 12:12 PM, Gabriel Hurley wrote: A couple of us on the Horizon team have been talking, and we'd like to recognize the tremendous work the Tihomir has been doing on Horizon for the past 6+ months by making him a member of Horizon Core. He's been writing great code, doing consistent and helpful reviews, tackling important bugs, and all around being an excellent contributor. I certainly trust his judgment at this point. I believe the official process is to propose new additions to the core teams on the mailing list, so... that's what I'm doing. All the best, - Gabriel ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Adding panel to a dashboard - Horizon
Keystone doesn't currently support querying for capabilities (i.e. what is the
Keystone auth backend) so Horizon defines a dict in local_settings that can be
used to specify the capabilities of Keystone in your deployment:
https://github.com/openstack/horizon/blob/master/openstack_dashboard/local/local_settings.py.example#L61
By changing can_edit_user value you will either turn on, or off, the
capability to edit user accounts which includes changing password:
https://github.com/openstack/horizon/blob/master/horizon/dashboards/syspanel/users/forms.py#L111
On Jun 4, 2012, at 12:22 PM, Tim Bell wrote:
BTW, isn’t the lack of option for a dashboard user to change their own
password considered as a missing functionality ?
Personally, if it was there, I’d like to turn it off (since we aim to use
Active Directory/LDAP) but for the standalone case, this would seem a
reasonable request.
Tim
From: openstack-bounces+tim.bell=cern...@lists.launchpad.net
[mailto:openstack-bounces+tim.bell=cern...@lists.launchpad.net] On Behalf Of
Guillermo Alvarado
Sent: 04 June 2012 19:48
To: openstack@lists.launchpad.net
Subject: [Openstack] Adding panel to a dashboard - Horizon
Hi everyone!
I want to add a panel to settings dashboard. This panel is named 'Password'
and here the users will be able to modify your password (This will be
programmed).
My problem is that I can not add another panel (I dont see the option
Password in the Settings dashboard). I did the following:
1.- Added a folder named password in /horizon/dashboards/settings
2.- A added the __init__.py file into password folder
3.- Added the views.py file into password folder with this content:
from django import shortcuts
def index(request):
return shortcuts.render(request, 'settings/password/password.html',
{})
4.- Added urls.py file into password folder with this content:
from django.conf.urls.defaults import patterns, url
from .views import IndexView
urlpatterns = patterns('horizon.dashboards.settings.password.views',
url(r'^$', IndexView.as_view(), name='index'),
)
5.-Added panel.py file into password folder with this content:
from django.utils.translation import ugettext_lazy as _
import horizon
from horizon.dashboards.settings import dashboard
class Password(horizon.Panel):
name = _(Password)
slug = 'password'
dashboard.Settings.register(Password)
6.- In dashboard.py file located in /horizon/dashboard/settings added
password to panels:
panels = ('user', 'project', 'ec2', 'password')
But I not see the password panel. What is the problem?
Any answer will be apreciated, thanks in advance!
Best Regards,
Guillermo Alvarado
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Adding panel to a dashboard - Horizon
If you copy the local_settings.py.example it is on by default.
The Keystone team is adding functionality in Folsom to query for backend
capabilities so this will be more explicit in that timeframe. Until then,
simply copy local_settings.py.example.
On Jun 4, 2012, at 1:05 PM, Tim Bell wrote:
How about changing the default to be on ?
Demonstrating all the capabilities of a product while clearly documenting (in
an admin guide rather than source code) how to disable them seems to me to be
the way to showcase the software…
Tim
From: Tres Henry [mailto:t...@treshenry.net]
Sent: 04 June 2012 21:50
To: Tim Bell
Cc: Guillermo Alvarado; openstack@lists.launchpad.net
Subject: Re: [Openstack] Adding panel to a dashboard - Horizon
Keystone doesn't currently support querying for capabilities (i.e. what is
the Keystone auth backend) so Horizon defines a dict in local_settings that
can be used to specify the capabilities of Keystone in your deployment:
https://github.com/openstack/horizon/blob/master/openstack_dashboard/local/local_settings.py.example#L61
By changing can_edit_user value you will either turn on, or off, the
capability to edit user accounts which includes changing password:
https://github.com/openstack/horizon/blob/master/horizon/dashboards/syspanel/users/forms.py#L111
On Jun 4, 2012, at 12:22 PM, Tim Bell wrote:
BTW, isn’t the lack of option for a dashboard user to change their own
password considered as a missing functionality ?
Personally, if it was there, I’d like to turn it off (since we aim to use
Active Directory/LDAP) but for the standalone case, this would seem a
reasonable request.
Tim
From: openstack-bounces+tim.bell=cern...@lists.launchpad.net
[mailto:openstack-bounces+tim.bell=cern...@lists.launchpad.net] On Behalf Of
Guillermo Alvarado
Sent: 04 June 2012 19:48
To: openstack@lists.launchpad.net
Subject: [Openstack] Adding panel to a dashboard - Horizon
Hi everyone!
I want to add a panel to settings dashboard. This panel is named 'Password'
and here the users will be able to modify your password (This will be
programmed).
My problem is that I can not add another panel (I dont see the option
Password in the Settings dashboard). I did the following:
1.- Added a folder named password in /horizon/dashboards/settings
2.- A added the __init__.py file into password folder
3.- Added the views.py file into password folder with this content:
from django import shortcuts
def index(request):
return shortcuts.render(request, 'settings/password/password.html',
{})
4.- Added urls.py file into password folder with this content:
from django.conf.urls.defaults import patterns, url
from .views import IndexView
urlpatterns = patterns('horizon.dashboards.settings.password.views',
url(r'^$', IndexView.as_view(), name='index'),
)
5.-Added panel.py file into password folder with this content:
from django.utils.translation import ugettext_lazy as _
import horizon
from horizon.dashboards.settings import dashboard
class Password(horizon.Panel):
name = _(Password)
slug = 'password'
dashboard.Settings.register(Password)
6.- In dashboard.py file located in /horizon/dashboard/settings added
password to panels:
panels = ('user', 'project', 'ec2', 'password')
But I not see the password panel. What is the problem?
Any answer will be apreciated, thanks in advance!
Best Regards,
Guillermo Alvarado
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Advanced configuration in Snapshots View
There is a blueprint for this in Nova: https://blueprints.launchpad.net/nova/+spec/volume-snapshots-scheduled This is something Horizon can expose but not something Horizon should implement. On Apr 29, 2012, at 3:28 PM, Jorge de la Cruz wrote: Hi folks, Is anyone working in advanced configuration for Snapshots View in Horizon? Let me explain, Openstack is awesome, and the new dashboard too, but i miss a lot an function to do recurrent snapshots. I think in a schedule view or something like that. Is not crazy do a basic backup with this functionallity i think, and if have deduplication and thin in NFS the backup is so light in total space terms. I know with script is possible but i talk about Horizon new improvement. What do you think? Cheers ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Using Nova APIs from Javascript: possible?
Interesting! Nice job on jstack! On Apr 26, 2012, at 12:50 AM, javier cerviño wrote: Hi all, I'm glad to hear that there's a lot of interest in the implementation of Openstack JavaScript clients. Actually, in my group we're developing a single page application developed entirely in JavaScript, that widely supports Nova and Keystone APIs. This work is part of a European Project called FI-Ware (http://www.fi-ware.eu/), in which we are currently using Openstack APIs. We've modified Nova and Keystone installations by adding CORS support. We did it by implementing a kind of filter on their APIs. For doing this we used Adam's implementation (https://github.com/adrian/swift/tree/cors), and we adapted it to Nova and Keystone components. We also developed a JS library (http://ging.github.com/jstack/) that can be used by both web and Node.js applications, for example. This library aims to provide same functionalities as python-novaclient, adding support for Keystone API. And finally we are copying Openstack horizon functionality, using JS library and other frameworks such as jQuery and Backbone.js to implement the web application. This web application is an early-stage work, but we will probably publish it by the end of this week. I will let you know the github link. We didn't find much problems with CORS implementation and support in browsers. For the time being, according to our experiments, the only web browser that is not usable at all with this technology is Internet Explorer, but we have tried it in Google Chrome, Safari and Firefox as well and we didn't have any problems. Cheers, Javier Cerviño. On 26 April 2012 06:28, Nick Lothian nick.loth...@gmail.com wrote: On Thu, Apr 26, 2012 at 5:49 AM, Adam Young ayo...@redhat.com wrote: Let me try to summarize: 1. If you are running from a web browser, post requests to hosts or ports other than the origin are allowed, but the headers cannot be modified. This prevents the addition of the token from Keystone to provide single sign on. 2. There are various browser side technologies (JSONP, CORS) that get around this limitation, but they are typically not enabled, and can be considered security issues. While implementing these might require support from teh Openstack server, they are fundamentally browser decisions. This is inaccurate. JSONP is supported by all browsers since ~Netscape 4.0. CORS is supported by all modern browsers: IE 8, Firefox 3.5, Chrome 3, Safari 4 (See http://en.wikipedia.org/wiki/Cross-origin_resource_sharing#Browser_support). Additionally, CORS support is not a browser decision - the server has to EXPLICITLY opt-in to support it. Obviously CORS support *can* be a security issue - that is why it is disabled unless the server enables it. I do not believe that CORS support adds any additional security issues above what the OpenStack APIs already face. Specially, the most common problem (CSRF) is not an issue here because the APIs are not authorised on a session basis. [snip] I've been working on Single Sign on Issues for another project for the past year and a half. Here's a couple things I've learned. Kerberos is designed to solve this problem. It has the benefit of being integrated into the browser. Where Kerberos fails is that: typically it only allows a single authentication provider (KDC in Kerberso speak) and it does not work well with Firewalls. The only crytographically secure way to authenticate on the web that can get around the firewall issue is Client side X509 certificates. This is the foundation for https://blueprints.launchpad.net/keystone/+spec/pki. This could, in theory, work in with OAuth, OpenID, or some other distributed authorization service, or we could embed the authorization information right into the Certitificate, which is what I suggest we do. To be clear, identity/authorisation is NOT the problem here. The OpenStack APIs work well for my use cases, once I work around the cross domain POST problem. However, I've also worked with SSO solutions. The simple truth is that client side certificates do not play well with the web - browser support ranges from non-existent (on some mobile platforms - see http://mobilitydojo.net/2010/12/28/client-certificate-support-across-mobile-platforms-a-summary/) to abysmal (there is a reason why many websites that use certificates end up using a Java applet), and their interaction with cross domain Javascript is unknown. Even if certificates did work for identification, CORS would still be needed - many OpenStack APIs require a POST request which is impossible without it. Nick ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Using Nova APIs from Javascript: possible?
Jan: is the concern that you don't see the value in the use case or that you
don't believe the proposed technologies are sufficiently mature?
In order to keep the thread somewhat linear I'm basically going to +1 what Nick
said and add that as an application developer I should be able to serve the JS,
HTML and CSS for my application from a CDN and have my application talk
directly to an OpenStack endpoint. This is an important scenario now but will
become critical with the wave of PAAS offerings coming for OpenStack (i.e. my
application should be able to talk directly to FathomDB running on OS).
On Apr 25, 2012, at 3:46 AM, Nick Lothian wrote:
JSONP has been used for years - for example Solr has supported it since 2008
(and possibly earlier). CORS matches the Openstack APIs better though.
Redirects are unrelated to the problem as far as I can see.
I think that toolmakers trying to build Javascript tools that connect to
multiple service providers is a completely valid use case. It is supported
for pretty much any other language, why not Javascript?
On Apr 25, 2012 12:33 PM, Jan Drake jan_dr...@hotmail.com wrote:
So, why such a focus on this? IMO both JSONP and CORS are way too early
stage to adopt and the security risks outweigh the rewards. Usually, I see
people doing this to enable mashups across separate providers.
Just curious why the focus/need is perceived in the community? If this is
really because of redirects then we probably have a broken model and/or
improper distribution of responsibilities.
Love to know if I'm missing a real use case. Can help fix model if it is
broken. Have much experience in this area.
IMO no solution should trick the browser.
Jan
On Apr 24, 2012, at 7:05 PM, Luis Gervaso l...@woorea.es wrote:
The solution until the webservice deliver that headers is:
Solution 1:
1. Put the webservice behind a remote or local proxy
2. Apply some a filter (decorator) for each response with the CORS headers
(in the proxy) in order to trick the browser
Solution 2:
Some time ago I tested it with Chrome (disabling security) and it worked for
me
Solution 3 (really dirty, but works):
Embedded Flash Proxy
On Wed, Apr 25, 2012 at 3:09 AM, Nick Lothian nick.loth...@gmail.com wrote:
Yes, this will work if I know in advance what server I will be connecting
too.
However, it does remove the ability to support any cloud without
intervention on the serverside.
On Apr 25, 2012 2:46 AM, Joel Semar sema...@gmail.com wrote:
Nick,
I know you said 'serverless clients' but you have to be serving the js from
somewhere right?
If you are using nginx it can be as simple as:
location /nova/ {
proxy_pass: http://nova-api.trystack.org;
}
then you can POST to yourserver/nova/v.02/. from the browser
etc.
(it's just about as simple on apache but you'd have to look it up)
But then i guess this won't work for you if you are writing some
distributable component/plugin/library.
(sorry if you've already dismissed this option but i thought it worth a shot
since it has worked flawlessly for me in the past)
On Tue, Apr 24, 2012 at 9:49 AM, Sandy Walsh sandy.wa...@rackspace.com
wrote:
On 04/24/2012 11:19 AM, Nick Lothian wrote:
JSONP is great, but won't work with POST requests.
Hmm, good point.
I don't quite understand what Due to the redirect nature of the auth
system means, though.
If I use a custom Webkit browser allow cross domain XMLHttpRequests it
works fine - I do a POST to /v2.0/tokens, get the token and then use
that. What am I missing?
The Auth system will give you a token and then a new management url
where the actual commands are issued (the real Nova API endpoint). These
are often two different systems (domains), so cross-site requests are
mandatory.
-S
Nick
On Tue, Apr 24, 2012 at 8:57 PM, Sandy Walsh sandy.wa...@rackspace.com
mailto:sandy.wa...@rackspace.com wrote:
Due to the redirect nature of the auth system we may need JSONP support
for this to work.
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
mailto:openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
--
Cheers,
Joel
Re: [Openstack] Using Nova APIs from Javascript: possible?
Jsonp sucks (get only) but might be the best choice. That's generally how AWS supports these use cases, fwiw. On Apr 24, 2012, at 7:49 AM, Sandy Walsh sandy.wa...@rackspace.com wrote: On 04/24/2012 11:19 AM, Nick Lothian wrote: JSONP is great, but won't work with POST requests. Hmm, good point. I don't quite understand what Due to the redirect nature of the auth system means, though. If I use a custom Webkit browser allow cross domain XMLHttpRequests it works fine - I do a POST to /v2.0/tokens, get the token and then use that. What am I missing? The Auth system will give you a token and then a new management url where the actual commands are issued (the real Nova API endpoint). These are often two different systems (domains), so cross-site requests are mandatory. -S Nick On Tue, Apr 24, 2012 at 8:57 PM, Sandy Walsh sandy.wa...@rackspace.com mailto:sandy.wa...@rackspace.com wrote: Due to the redirect nature of the auth system we may need JSONP support for this to work. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net mailto:openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Using Nova APIs from Javascript: possible?
The JS may be served from a CDN. You can't assume a server-side proxy. Here's
an example of a sever-less JS application that communicates directly to EC2:
http://aws.amazon.com/developertools/1424 (there are versions for other
services like SQS and SDB as well). Server-less JS applications are a fairly
new breed of app that OpenStack should enable.
On Apr 24, 2012, at 9:04 AM, Joel Semar wrote:
Nick,
I know you said 'serverless clients' but you have to be serving the js from
somewhere right?
If you are using nginx it can be as simple as:
location /nova/ {
proxy_pass: http://nova-api.trystack.org;
}
then you can POST to yourserver/nova/v.02/. from the browser
etc.
(it's just about as simple on apache but you'd have to look it up)
But then i guess this won't work for you if you are writing some
distributable component/plugin/library.
(sorry if you've already dismissed this option but i thought it worth a shot
since it has worked flawlessly for me in the past)
On Tue, Apr 24, 2012 at 9:49 AM, Sandy Walsh sandy.wa...@rackspace.com
wrote:
On 04/24/2012 11:19 AM, Nick Lothian wrote:
JSONP is great, but won't work with POST requests.
Hmm, good point.
I don't quite understand what Due to the redirect nature of the auth
system means, though.
If I use a custom Webkit browser allow cross domain XMLHttpRequests it
works fine - I do a POST to /v2.0/tokens, get the token and then use
that. What am I missing?
The Auth system will give you a token and then a new management url
where the actual commands are issued (the real Nova API endpoint). These
are often two different systems (domains), so cross-site requests are
mandatory.
-S
Nick
On Tue, Apr 24, 2012 at 8:57 PM, Sandy Walsh sandy.wa...@rackspace.com
mailto:sandy.wa...@rackspace.com wrote:
Due to the redirect nature of the auth system we may need JSONP support
for this to work.
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
mailto:openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
--
Cheers,
Joel
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Using Nova APIs from Javascript: possible?
Adam, in what way should the OS API support server-less clients? AFAIK the
options are CORS or JSONP, no?
On Apr 23, 2012, at 5:50 AM, Adam Young wrote:
I see this as a feature, not a drawback.The inability to access portions
of the HTTP protocol is there to defend against attacks such as cross site
request forgeries. If we suppress that mechanism, we open up a lot of
security holes.
On 04/23/2012 06:09 AM, Adrian Smith wrote:
The authentication request returns X-Storage-Url and X-Auth-Token
headers. For the JS client to see them they need to be referenced in
Access-Control-Expose-Headers. As of the last time checked, both these
headers were being stripped from the response before being presented
to JS.
Adrian
On 23 April 2012 10:35, Nick Lothiannick.loth...@gmail.com wrote:
Hi Adrian,
Good to know this is a known issue.
Why does the client need to see custom headers from the server anyway?
I know the client needs to pass the authorisation header to the server, but
I haven't seen any of the APIs yet that return custom headers. (It's likely
I'm missing them though)
Nick
On Apr 23, 2012 5:40 PM, Adrian Smithadr...@17od.com wrote:
Hi Nick,
I did some work with CORS a few months back [1].
At the time I couldn't get any browser to work properly with CORS so I
just parked the code. The problem was lack of support for the
Access-Control-Expose-Headers header.
According to the Chrome bug report [2] this issue may well be fixed
now so I need to retest.
Adrian
[1]
http://www.mail-archive.com/openstack@lists.launchpad.net/msg07219.html
[2] http://code.google.com/p/chromium/issues/detail?id=87338
On 23 April 2012 06:19, Nick Lothiannick.loth...@gmail.com wrote:
Hi,
I've been playing with the Nova APIs from Javascript, and I've run into
a
problem.
The very first thing one needs to do to use the APIs is to get a token.
That requires a POST to the API endpoint. Using curl trystack that
looks
like this:
$ curl -k -X 'POST' -v https://nova-api.trystack.org:5443/v2.0/tokens -d
'{auth:{passwordCredentials:{username: username,
password:password}}}' -H 'Content-type: application/json'
The Javascript equivalent (using JQuery) is:
$.ajax({
url: https://nova-api.trystack.org:5443/v2.0/tokens;,
type: 'POST',
headers: {Content-Type: application/json},
data: {auth:{passwordCredentials:{username:username,
password:password}}},
success: function(data) { alert(data); }
});
That fails because the call is cross-domain, and Nova doesn't support
CORS
(http://en.wikipedia.org/wiki/Cross-origin_resource_sharing).script
based
cross-domain requests only supports GET requests, so that doesn't work
either.
I have raised a bug: https://bugs.launchpad.net/nova/+bug/987044, but
I'm
really hoping someone can point out something obvious I'm missing here.
Regards
Nick Lothian
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Using Nova APIs from Javascript: possible?
Sorry, meant to say server-less client applications. The OP is trying to
create a client-side JS application that communicates directly to an OS
endpoint (specifically trystack). I believe his problem is same origin policy,
not authentication.
On Apr 23, 2012, at 12:33 PM, Adam Young wrote:
On 04/23/2012 01:13 PM, Tres Henry wrote:
Adam, in what way should the OS API support server-less clients? AFAIK the
options are CORS or JSONP, no?
I am not quite sure what you mean by serverless clients, but I think the
answer to this is getting a real Single Sign On solution, which is based on:
1. Kerberos,
2. X509
Kerberos is likely a non starter for Web applications due to some current
issues with handling multiple TGTs and also cross firewalls (Kerberso tickets
must get served out on port 88 without jumping through considerable hoops.)
I've written up about X509 support here:
http://wiki.openstack.org/PKI
I think that X509 Client Authentication is the right long-term approach for
what we are doing. Specifically, short term X509 certificates replacing the
Keystone tokens as the mechanism for SSO.
On Apr 23, 2012, at 5:50 AM, Adam Young wrote:
I see this as a feature, not a drawback.The inability to access
portions of the HTTP protocol is there to defend against attacks such as
cross site request forgeries. If we suppress that mechanism, we open up a
lot of security holes.
On 04/23/2012 06:09 AM, Adrian Smith wrote:
The authentication request returns X-Storage-Url and X-Auth-Token
headers. For the JS client to see them they need to be referenced in
Access-Control-Expose-Headers. As of the last time checked, both these
headers were being stripped from the response before being presented
to JS.
Adrian
On 23 April 2012 10:35, Nick Lothiannick.loth...@gmail.com wrote:
Hi Adrian,
Good to know this is a known issue.
Why does the client need to see custom headers from the server anyway?
I know the client needs to pass the authorisation header to the server,
but
I haven't seen any of the APIs yet that return custom headers. (It's
likely
I'm missing them though)
Nick
On Apr 23, 2012 5:40 PM, Adrian Smithadr...@17od.com wrote:
Hi Nick,
I did some work with CORS a few months back [1].
At the time I couldn't get any browser to work properly with CORS so I
just parked the code. The problem was lack of support for the
Access-Control-Expose-Headers header.
According to the Chrome bug report [2] this issue may well be fixed
now so I need to retest.
Adrian
[1]
http://www.mail-archive.com/openstack@lists.launchpad.net/msg07219.html
[2] http://code.google.com/p/chromium/issues/detail?id=87338
On 23 April 2012 06:19, Nick Lothiannick.loth...@gmail.com wrote:
Hi,
I've been playing with the Nova APIs from Javascript, and I've run into
a
problem.
The very first thing one needs to do to use the APIs is to get a token.
That requires a POST to the API endpoint. Using curl trystack that
looks
like this:
$ curl -k -X 'POST' -v https://nova-api.trystack.org:5443/v2.0/tokens -d
'{auth:{passwordCredentials:{username: username,
password:password}}}' -H 'Content-type: application/json'
The Javascript equivalent (using JQuery) is:
$.ajax({
url: https://nova-api.trystack.org:5443/v2.0/tokens;,
type: 'POST',
headers: {Content-Type: application/json},
data: {auth:{passwordCredentials:{username:username,
password:password}}},
success: function(data) { alert(data); }
});
That fails because the call is cross-domain, and Nova doesn't support
CORS
(http://en.wikipedia.org/wiki/Cross-origin_resource_sharing).script
based
cross-domain requests only supports GET requests, so that doesn't work
either.
I have raised a bug: https://bugs.launchpad.net/nova/+bug/987044, but
I'm
really hoping someone can point out something obvious I'm missing here.
Regards
Nick Lothian
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
Re: [Openstack] quantum UI in essex
The Quantum UI was disabled in Essex because it doesn't function. Quantum support in Horizon will be a primary focus for Folsom and Arvind Somya has already made some good progress. Quantum+Horizon will be a topic of discussion at the summit tomorrow if you are here and would like to stop by. On Apr 16, 2012, at 6:46 PM, Yi Sun wrote: Hi, I'm using dev stack and I have enabled Quantum. Now, I can see the quantum service is running and I can also create network with CLI. But I can not find any quantum related configuration UI from dashboard. Looking at the essex release note from this link ( http://wiki.openstack.org/ReleaseNotes/Essex#OpenStack_Dashboard_.28Horizon.29), it seems that the quantum support in Horizon has been disabled. Is there a way to re-enable it in my devstack environment? Thanks Yi ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] quantum UI in essex
That's one of the things that will be discussed tomorrow I think. On Apr 17, 2012, at 2:34 PM, Yi Sun wrote: Thanks, Tres, I really want to join the summit tomorrow, but I don't think there are extra ticket available :-(. I hope to learn more detail on quantum roadmap especially on the service insertion part as mentioned in http://wiki.openstack.org/QuantumServicesInsertion. Will the new UI covers the extension on the service insertion as well? Yi On 04/17/2012 02:26 PM, Tres Henry wrote: The Quantum UI was disabled in Essex because it doesn't function. Quantum support in Horizon will be a primary focus for Folsom and Arvind Somya has already made some good progress. Quantum+Horizon will be a topic of discussion at the summit tomorrow if you are here and would like to stop by. On Apr 16, 2012, at 6:46 PM, Yi Sun wrote: Hi, I'm using dev stack and I have enabled Quantum. Now, I can see the quantum service is running and I can also create network with CLI. But I can not find any quantum related configuration UI from dashboard. Looking at the essex release note from this link ( http://wiki.openstack.org/ReleaseNotes/Essex#OpenStack_Dashboard_.28Horizon.29), it seems that the quantum support in Horizon has been disabled. Is there a way to re-enable it in my devstack environment? Thanks Yi ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [OpenStack]issue on horizon
Anything in the horizon log when you create a container? On Apr 15, 2012, at 7:00 PM, William Herry wrote: Hi Developers I make all thing work on centos 6.2 with Essex 2012.1, except one little problem with horizon when I create containers, it always say: Error: Unable to create container. but actually the container already created and I can do further operating like upload object, list object so, can some one tell me where should the problem be Thanks -- === William Herry williamherrych...@gmail.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Adding a Glance image via API without POSTing the image data?
I think this is a slightly different (but related) use case. In this case the user wants to add an image to the configured Glance store through the web front-end performing the same task as 'glance add name=foo is_public=true blah.tar.gz' in the CLI. Ideally Horizon would provide a UI that allows the user to specify an image location URL and then optionally a check box for upload to image store or something along those lines. On Feb 7, 2012, at 2:09 PM, Eoghan Glynn wrote: The Horizon team is looking at adding a first-pass implementation of image upload before the Essex release, and we'd really like to bypass the problems associated with, say, passing a 700MB Ubuntu image through the user's browser to a web server and then across to Glance... So the question is this: is there a way to add an image to Glance via the API *without* passing the image data in via the POST body? Options might include specifying a Swift object for the image, or a download URL... Hi Gabriel, Check out the X-Image-Meta-Location header which allows a pre-existing HTTP, S3, Swift or 'file://' image location to be specified. The result is that the image content is not uploaded to glance, instead the external location is relied upon. Cheers, Eoghan ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Boot from volume invalid device name /dev/vda
Getting an error trying to boot an instance from volume (the following is
the traceback from nova compute):
(nova.rpc): TRACE: Traceback (most recent call last):
(nova.rpc): TRACE: File /opt/stack/nova/nova/rpc/impl_kombu.py, line
723, in _process_data
(nova.rpc): TRACE: rval = node_func(context=ctxt, **node_args)
(nova.rpc): TRACE: File /opt/stack/nova/nova/exception.py, line 126, in
wrapped
(nova.rpc): TRACE: return f(*args, **kw)
(nova.rpc): TRACE: File /opt/stack/nova/nova/compute/manager.py, line
150, in decorated_function
(nova.rpc): TRACE: self.add_instance_fault_from_exc(context,
instance_uuid, e)
(nova.rpc): TRACE: File /usr/lib/python2.7/contextlib.py, line 24, in
__exit__
(nova.rpc): TRACE: self.gen.next()
(nova.rpc): TRACE: File /opt/stack/nova/nova/compute/manager.py, line
145, in decorated_function
(nova.rpc): TRACE: return function(self, context, instance_uuid, *args,
**kwargs)
(nova.rpc): TRACE: File /opt/stack/nova/nova/compute/manager.py, line
565, in run_instance
(nova.rpc): TRACE: self._run_instance(context, instance_uuid, **kwargs)
(nova.rpc): TRACE: File /opt/stack/nova/nova/compute/manager.py, line
394, in _run_instance
(nova.rpc): TRACE: vm_state=vm_states.ERROR)
(nova.rpc): TRACE: File /usr/lib/python2.7/contextlib.py, line 24, in
__exit__
(nova.rpc): TRACE: self.gen.next()
(nova.rpc): TRACE: File /opt/stack/nova/nova/compute/manager.py, line
381, in _run_instance
(nova.rpc): TRACE: self._deallocate_network(context, instance)
(nova.rpc): TRACE: File /usr/lib/python2.7/contextlib.py, line 24, in
__exit__
(nova.rpc): TRACE: self.gen.next()
(nova.rpc): TRACE: File /opt/stack/nova/nova/compute/manager.py, line
378, in _run_instance
(nova.rpc): TRACE: injected_files, admin_password)
(nova.rpc): TRACE: File /opt/stack/nova/nova/compute/manager.py, line
511, in _spawn
(nova.rpc): TRACE: network_info, block_device_info)
(nova.rpc): TRACE: File /opt/stack/nova/nova/exception.py, line 126, in
wrapped
(nova.rpc): TRACE: return f(*args, **kw)
(nova.rpc): TRACE: File
/opt/stack/nova/nova/virt/libvirt/connection.py, line 681, in spawn
(nova.rpc): TRACE: domain = self._create_new_domain(xml)
(nova.rpc): TRACE: File
/opt/stack/nova/nova/virt/libvirt/connection.py, line 1255, in
_create_new_domain
(nova.rpc): TRACE: domain = self._conn.defineXML(xml)
(nova.rpc): TRACE: File /usr/lib/python2.7/dist-packages/libvirt.py,
line 1708, in defineXML
(nova.rpc): TRACE: if ret is None:raise
libvirtError('virDomainDefineXML() failed', conn=self)
(nova.rpc): TRACE: libvirtError: internal error Invalid harddisk device
name: /dev/vda
(nova.rpc): TRACE:
The block_device_mapping supplied was {/dev/vda: 1:::1} which results
in:
[{u'volume_size': u'', u'device_name': u'/dev/vda',
u'delete_on_termination': u'1', u'volume_id': u'1'}]), however I've tried
about every combination of values I can think of (supplying type, size,
changing device name, etc.) with the same result (although the error is
Invalid harddisk device name: /dev/vdb or whatever I supplied as the
device name).
If it helps:
Running devstack @ af0f7cadb9
Tried to launch an instance with both the cirros default devstack image and
UEC oneiric x64.
The existing volume is larger than the image's ephemeral volume (not sure
if that matters).
What am I doing wrong?
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
Re: [Openstack] user interface
Hi Khaled, The OpenStack Dashboard includes basic support for Swift if you are looking for a simple web interface to manage containers and objects. Instructions for installing Dashboard and enabling Swift can be found at: http://wiki.openstack.org/OpenStackDashboard Tres On Oct 5, 2011, at 11:11 AM, Khaled Ben Bahri wrote: Hi all, To manage files at swift I use swift tool commands (st) I wonder if there are any graphical user interface or web interface for ubuntu system I found cyberduck software for windows and MacOs, and it works fine. thanks in advance for any help Best regards Khaled ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Swift+Keystone error
Trying to get a Swift+Keystone dev environment setup and having some issues.
I'm running Swift 1.4.2 and have it pointing at Keystone 0.9 (on the same
VM) according to the instructions at https://github.com/rackspace/keystone,
however, Swift is reporting 500s from Keystone (Auth GET failed:
http://127.0.0.1:8080/v1.0 500 Internal Server Error) and the Keystone log
says:
eventlet.wsgi.server: DEBUGTraceback (most recent call last):
File /usr/lib/python2.6/dist-packages/eventlet/wsgi.py, line 336, in
handle_one_response
result = self.application(self.environ, start_response)
File /home/tres/nova/keystone/keystone/frontends/legacy_token_auth.py,
line 74, in __call__
new_request.body = json.dumps(params)
File /usr/lib/pymodules/python2.6/webob/request.py, line 1173, in
__setattr__
object.__setattr__(self, attr, value)
File /usr/lib/pymodules/python2.6/webob/request.py, line 498, in
_body__set
raise ValueError(%s requests cannot have body % self.method)
ValueError: GET requests cannot have body
(this was specifically when trying swift -A http://127.0.0.1:8080/v1.0 -U
joeuser -K secrete post container
Here's some relevant configs if it helps:
-- keystone.conf --
[DEFAULT]
# Show more verbose log output (sets INFO log level output)
verbose = True
# Show debugging output in logs (sets DEBUG log level output)
debug = True
# Which backend store should Keystone use by default.
# Default: 'sqlite'
# Available choices are 'sqlite' [future will include LDAP, PAM, etc]
default_store = sqlite
# Log to this file. Make sure you do not set the same log
# file for both the API and registry servers!
#log_file = /var/log/keystone.log
log_file = keystone.log
# SQLAlchemy connection string for the reference implementation
# registry server. Any valid SQLAlchemy connection string is fine.
# See:
http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine
sql_connection = sqlite:///../keystone/keystone.db
# Period in seconds after which SQLAlchemy should reestablish its connection
# to the database.
sql_idle_timeout = 30
#Dictionary Maps every service to a header.Missing services would get header
X_(SERVICE_NAME) Key = Service Name, Value = Header Name
service-header-mappings = {'nova' : 'X-Server-Management-Url' , 'swift' :
'X-Storage-Url', 'cdn' : 'X-CDN-Management-Url'}
# Address to bind the API server
#TODO Properties defined within app not available via pipeline.Till then
server props stay outside.
server_bind_host = 0.0.0.0
# Port the bind the API server to
server_bind_port = 8080
[app:admin]
paste.app_factory = keystone.server:admin_app_factory
# Address to bind the Admin API server
bind_host = 0.0.0.0
# Port the bind the Admin API server to
bind_port = 8081
[app:server]
paste.app_factory = keystone.server:app_factory
[pipeline:keystone-legacy-auth]
pipeline =
legacy_auth
server
[filter:legacy_auth]
paste.filter_factory = keystone.frontends.legacy_token_auth:filter_factory
-- proxy-server.conf --
[DEFAULT]
bind_port =
user = root
log_facility = LOG_LOCAL1
[pipeline:main]
pipeline = catch_errors healthcheck cache keystone proxy-server
[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
[filter:keystone]
use = egg:keystone#tokenauth
auth_protocol = http
auth_host = 127.0.0.1
auth_port = 8081
admin_token = 999888777666
delay_auth_decision = 0
service_protocol = http
service_host = 127.0.0.1
service_port = 8100
service_pass = dTpw
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:cache]
use = egg:swift#memcache
[filter:catch_errors]
use = egg:swift#catch_errors
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
