Re: [Openstack] Use of IANA-registered ports
As for the option of running multiple services on a single machine, this is really a deployment concern. The protocol is still HTTP, so 80/443 should be the default for all services, but some folks will change this to fit their deployment. They could bind multiple IPs and run each service on a specific IP or perhaps someday combine all services into a single process/listening port and route based on HTTP Host header. -Eric On Mon, Jan 03, 2011 at 01:57:10AM +, Ewan Mellor wrote: > Yes, that's a good point. Certainly for the API nodes we should use port > 80/443, and change the defaults if necessary. > > We've got some complications though: > http://swift.openstack.org/howto_installmultinode.html says "Auth node: ... > This can be on the same node as a Proxy node" and "Storage nodes: Runs the > swift-account-server, swift-container-server, and swift-object-server." This > implies that we need at least two ports for a storage proxy, and three ports > for a storage node. I think that some people plan to run the Glance API and > registry on the same machine too. We could run these things on 80, 81, and > 82 in the case of a storage node, but I don't see that that's any better than > using arbitrary ports as we are at the moment. 8080 is a possibility too of > course, but some people may want to run web UIs on these nodes too, in which > case it would be nice to keep 8080 available. > > All said, I think if people are serious about running storage nodes with > account, container, and object servers together, then it's reasonable for us > to ask for new ports to be assigned. The argument is weaker (but still > reasonable I think) for storage API nodes with auth and proxy together (proxy > will use port 80, but we still need one for auth). > > For Nova, I think we're OK with the HTTP ports, because most of the > components are using rabbitmq for communication. For Glance, I'm not sure. > > Cheers, > > Ewan. > > > > -Original Message- > > From: Eric Day [mailto:e...@oddments.org] > > Sent: 02 January 2011 17:12 > > To: Monty Taylor > > Cc: Jay Pipes; Ewan Mellor; openstack@lists.launchpad.net > > Subject: Re: [Openstack] Use of IANA-registered ports > > > > For production deployments, the default port should be 80, no? I > > imagine most production deployments will be running port 80 and > > have different sets of hosts running each service (swift, glance, > > nova). Four single-machine setup we should explain how to change > > the ports so they don't interfere, but the official *should* stay at > > 80, IMHO. > > > > Also, IANA is strict about handing out new ports, and the most likely > > response will be to use 80 or 8080 (HTTP-alt) since it is just HTTP. > > > > -Eric > > > > On Sun, Jan 02, 2011 at 08:29:11AM -0800, Monty Taylor wrote: > > > On 01/02/2011 05:39 AM, Jay Pipes wrote: > > > > This day was going to come sooner or later :) > > > > > > > > Yes, I think we should get IANA assignment of ports for Nova and > > Glance. > > > > > > > > Monty, you have experience doing this for Drizzle. Can you assist > > us? > > > > > > It was actually Eric who did it for Drizzle ... but I can certainly > > help. :) > > > > > > > On Sat, Jan 1, 2011 at 6:24 PM, Ewan Mellor > > wrote: > > > >> I’ve just noticed that Glance (by default) is using IANA- > > registered ports > > > >> (they’re in my /etc/services, so netstat shows the incorrect named > > port), > > > >> and that made me wonder whether we should register ports of our > > own for all > > > >> of the OpenStack services. Is anyone interested in getting IANA > > > >> registrations done? > > > >> > > > >> > > > >> > > > >> Ewan. > > > >> > > > >> > > > >> > > > >> ___ > > > >> Mailing list: https://launchpad.net/~openstack > > > >> Post to : openstack@lists.launchpad.net > > > >> Unsubscribe : https://launchpad.net/~openstack > > > >> More help : https://help.launchpad.net/ListHelp > > > >> > > > >> > > > > ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Use of IANA-registered ports
> streaming should be done inside nova-compute, rather than in a xapi plugin... do you _need_ the code inside a plugin for xs-snapshots, or will it be OK if we move it? If we moved the code into nova-compute, wouldn't that mean we're directing all image-download/image-snapshot traffic through the compute node? Swift -> Glance -> Compute -> XS-Host Since we're going to have far fewer compute nodes than XS-Hosts, wouldn't it be better to bypass compute-node entirely? Swift -> Glance -> XS-Host >From a maintenance/deployment/code-reuse perspective, I agree a plugin is >less-than-ideal, but I think, considering the tradeoffs, it solves the problem >quite nicely. > Assuming that that’s OK, where should this code go? The ImageService is probably not the right place for it since, as I understand it, it's an API-level abstraction for image discovery and description. We probably need a similar abstraction at the Compute-level which abstracts image uploading and fetching. However, this may be moot at some point, as the API and Compute-level could eventually delgate both responsibilities to Glance. > I was also expecting Sateesh to implement the Glance authentication, once Jay is finished with middleware-authentication. Was anyone else expecting to do this? We've been punting on auth for the moment. If you guys have a good idea of where to go with it, please do! > What is the intended semantics of the Glance x-image-meta-type header values > “raw” vs “machine”? If I'm remembering correctly, we lifted that from the Image model that was orginally defined-but-commented-out in Nova. It's not being used yet, but the idea would be that values would include ("raw", "machine", "kernel", "ramdisk"). > IANA Ports Agreed, 80/443 make sense. From: openstack-bounces+rick.harris=rackspace@lists.launchpad.net [openstack-bounces+rick.harris=rackspace@lists.launchpad.net] on behalf of Jay Pipes [jaypi...@gmail.com] Sent: Monday, January 03, 2011 9:20 AM To: Ewan Mellor Cc: openstack@lists.launchpad.net Subject: Re: [Openstack] Use of IANA-registered ports On Sun, Jan 2, 2011 at 8:57 PM, Ewan Mellor wrote: > For Nova, I think we're OK with the HTTP ports, because most of the > components are using rabbitmq for communication. For Glance, I'm not sure. Good discussion on the port assignments, and after further thought, what Eric said about using 80/443 for HTTP-based API servers is the correct default. As for Glance, there are two services, both HTTP REST-based services, one for the registry node and one for the API node. Of course, both can be run on the same physical machine. I don't see any reason not to stick with 80/443 for the both the API and registry servers and configuring an alternate port for the registry server when it is being run on the same physical machine. -jay ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp Confidentiality Notice: This e-mail message (including any attached or embedded documents) is intended for the exclusive and confidential use of the individual or entity to which this message is addressed, and unless otherwise expressly indicated, is confidential and privileged information of Rackspace. Any dissemination, distribution or copying of the enclosed material is prohibited. If you receive this transmission in error, please notify us immediately by e-mail at ab...@rackspace.com, and delete the original message. Your cooperation is appreciated. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Use of IANA-registered ports
On Sun, Jan 2, 2011 at 8:57 PM, Ewan Mellor wrote: > For Nova, I think we're OK with the HTTP ports, because most of the > components are using rabbitmq for communication. For Glance, I'm not sure. Good discussion on the port assignments, and after further thought, what Eric said about using 80/443 for HTTP-based API servers is the correct default. As for Glance, there are two services, both HTTP REST-based services, one for the registry node and one for the API node. Of course, both can be run on the same physical machine. I don't see any reason not to stick with 80/443 for the both the API and registry servers and configuring an alternate port for the registry server when it is being run on the same physical machine. -jay ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Use of IANA-registered ports
On Sun, Jan 2, 2011 at 7:57 PM, Ewan Mellor wrote: > We've got some complications though: > http://swift.openstack.org/howto_installmultinode.html says "Auth node: ... > This can be on the same node as a Proxy node" and "Storage nodes: Runs the > swift-account-server, swift-container-server, and swift-object-server." This > implies that we need at least two ports for a storage proxy, and three ports > for a storage node. I think that some people plan to run the Glance API and > registry on the same machine too. We could run these things on 80, 81, and > 82 in the case of a storage node, but I don't see that that's any better than > using arbitrary ports as we are at the moment. 8080 is a possibility too of > course, but some people may want to run web UIs on these nodes too, in which > case it would be nice to keep 8080 available. > All said, I think if people are serious about running storage nodes with > account, container, and object servers together, then it's reasonable for us > to ask for new ports to be assigned. The argument is weaker (but still > reasonable I think) for storage API nodes with auth and proxy together (proxy > will use port 80, but we still need one for auth). I don't see a lot of utility in trying to get IANA assigned ports for services that are completely internal to swift. They could change in the future, and vary greatly between different configurations/deployments anyway. I do recommend that in a production environment, public HTTP-based services live on port 80/443. I also recommend that the swift auth server is for entertainment purposes only. -- Mike ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Use of IANA-registered ports
Yes, that's a good point. Certainly for the API nodes we should use port 80/443, and change the defaults if necessary. We've got some complications though: http://swift.openstack.org/howto_installmultinode.html says "Auth node: ... This can be on the same node as a Proxy node" and "Storage nodes: Runs the swift-account-server, swift-container-server, and swift-object-server." This implies that we need at least two ports for a storage proxy, and three ports for a storage node. I think that some people plan to run the Glance API and registry on the same machine too. We could run these things on 80, 81, and 82 in the case of a storage node, but I don't see that that's any better than using arbitrary ports as we are at the moment. 8080 is a possibility too of course, but some people may want to run web UIs on these nodes too, in which case it would be nice to keep 8080 available. All said, I think if people are serious about running storage nodes with account, container, and object servers together, then it's reasonable for us to ask for new ports to be assigned. The argument is weaker (but still reasonable I think) for storage API nodes with auth and proxy together (proxy will use port 80, but we still need one for auth). For Nova, I think we're OK with the HTTP ports, because most of the components are using rabbitmq for communication. For Glance, I'm not sure. Cheers, Ewan. > -Original Message- > From: Eric Day [mailto:e...@oddments.org] > Sent: 02 January 2011 17:12 > To: Monty Taylor > Cc: Jay Pipes; Ewan Mellor; openstack@lists.launchpad.net > Subject: Re: [Openstack] Use of IANA-registered ports > > For production deployments, the default port should be 80, no? I > imagine most production deployments will be running port 80 and > have different sets of hosts running each service (swift, glance, > nova). Four single-machine setup we should explain how to change > the ports so they don't interfere, but the official *should* stay at > 80, IMHO. > > Also, IANA is strict about handing out new ports, and the most likely > response will be to use 80 or 8080 (HTTP-alt) since it is just HTTP. > > -Eric > > On Sun, Jan 02, 2011 at 08:29:11AM -0800, Monty Taylor wrote: > > On 01/02/2011 05:39 AM, Jay Pipes wrote: > > > This day was going to come sooner or later :) > > > > > > Yes, I think we should get IANA assignment of ports for Nova and > Glance. > > > > > > Monty, you have experience doing this for Drizzle. Can you assist > us? > > > > It was actually Eric who did it for Drizzle ... but I can certainly > help. :) > > > > > On Sat, Jan 1, 2011 at 6:24 PM, Ewan Mellor > wrote: > > >> I’ve just noticed that Glance (by default) is using IANA- > registered ports > > >> (they’re in my /etc/services, so netstat shows the incorrect named > port), > > >> and that made me wonder whether we should register ports of our > own for all > > >> of the OpenStack services. Is anyone interested in getting IANA > > >> registrations done? > > >> > > >> > > >> > > >> Ewan. > > >> > > >> > > >> > > >> ___ > > >> Mailing list: https://launchpad.net/~openstack > > >> Post to : openstack@lists.launchpad.net > > >> Unsubscribe : https://launchpad.net/~openstack > > >> More help : https://help.launchpad.net/ListHelp > > >> > > >> > > > ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Use of IANA-registered ports
For production deployments, the default port should be 80, no? I imagine most production deployments will be running port 80 and have different sets of hosts running each service (swift, glance, nova). Four single-machine setup we should explain how to change the ports so they don't interfere, but the official *should* stay at 80, IMHO. Also, IANA is strict about handing out new ports, and the most likely response will be to use 80 or 8080 (HTTP-alt) since it is just HTTP. -Eric On Sun, Jan 02, 2011 at 08:29:11AM -0800, Monty Taylor wrote: > On 01/02/2011 05:39 AM, Jay Pipes wrote: > > This day was going to come sooner or later :) > > > > Yes, I think we should get IANA assignment of ports for Nova and Glance. > > > > Monty, you have experience doing this for Drizzle. Can you assist us? > > It was actually Eric who did it for Drizzle ... but I can certainly help. :) > > > On Sat, Jan 1, 2011 at 6:24 PM, Ewan Mellor > > wrote: > >> I’ve just noticed that Glance (by default) is using IANA-registered ports > >> (they’re in my /etc/services, so netstat shows the incorrect named port), > >> and that made me wonder whether we should register ports of our own for all > >> of the OpenStack services. Is anyone interested in getting IANA > >> registrations done? > >> > >> > >> > >> Ewan. > >> > >> > >> > >> ___ > >> Mailing list: https://launchpad.net/~openstack > >> Post to : openstack@lists.launchpad.net > >> Unsubscribe : https://launchpad.net/~openstack > >> More help : https://help.launchpad.net/ListHelp > >> > >> > > ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Use of IANA-registered ports
On 01/02/2011 05:39 AM, Jay Pipes wrote: > This day was going to come sooner or later :) > > Yes, I think we should get IANA assignment of ports for Nova and Glance. > > Monty, you have experience doing this for Drizzle. Can you assist us? It was actually Eric who did it for Drizzle ... but I can certainly help. :) > On Sat, Jan 1, 2011 at 6:24 PM, Ewan Mellor wrote: >> I’ve just noticed that Glance (by default) is using IANA-registered ports >> (they’re in my /etc/services, so netstat shows the incorrect named port), >> and that made me wonder whether we should register ports of our own for all >> of the OpenStack services. Is anyone interested in getting IANA >> registrations done? >> >> >> >> Ewan. >> >> >> >> ___ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp >> >> > ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Use of IANA-registered ports
This day was going to come sooner or later :) Yes, I think we should get IANA assignment of ports for Nova and Glance. Monty, you have experience doing this for Drizzle. Can you assist us? -jay On Sat, Jan 1, 2011 at 6:24 PM, Ewan Mellor wrote: > I’ve just noticed that Glance (by default) is using IANA-registered ports > (they’re in my /etc/services, so netstat shows the incorrect named port), > and that made me wonder whether we should register ports of our own for all > of the OpenStack services. Is anyone interested in getting IANA > registrations done? > > > > Ewan. > > > > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > > ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp