[Openstack] Key management

2016-03-28 Thread Jagga Soorma 
Hey Guys,

I have a new openstack environment and one thing I have noticed is that my
keys are all over the place now which got me thinking what others might be
doing for key management?  Just curious if there is a better more
central/secure way to store my keys.

Thanks!
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] [Nova] [DPDK] [Liberty] Issues in booting VMs via Nova onto DPDK-enabled OVS

2016-03-28 Thread Martinx - ジェームズ 
On 28 March 2016 at 05:21, N Vivekanandan 
wrote:

> Hi Openstack Team,
>
>
>
> We were trying to boot VMs via Openstack Nova (off Liberty release) into
> DPDK-enabled OVS instances.
>
> Our OVS is version 2.5  + DPDK 2.2 + Qemu 2.3 + Libvirt 1.2.16.
>
>
>
> We followed the guidelines here for installation of OVS Datapath and
> enable them for DPDK:
>
> https://github.com/openvswitch/ovs/blob/master/INSTALL.DPDK.md
>
>
>
> Howeve,r we were not able to get the VMs booted successfully via Nova.
>   When we attempted to boot the VMs , they went into error state.
>
> The vhostdpdkuser ports got created in the OVS-DPDK instance, but Libvirt
> Driver invoked by Nova, could not successfully attach this port to the VM.
>
>
>
> *We got these set of errors in libvirtd.log whenever we booted the VMs:*
>
> 2016-03-26 13:57:20.535+: 7354: error : virSecurityDriverLookup:80 :
> unsupported configuration: Security driver apparmor not enabled
>
> 2016-03-26 13:57:51.007+: 7339: error : virNetSocketReadWire:1520 :
> End of file while reading data: Input/output error
>
> 2016-03-26 13:58:36.293+: 7341: error : qemuMonitorOpenUnix:358 :
> failed to connect to monitor socket: No such process
>
> 2016-03-26 13:58:36.293+: 7341: error : qemuProcessWaitForMonitor:2113
> : internal error: process exited while connecting to monitor: 
> 2016-03-*26T13:58:36.235874Z
> qemu-system-x86_64: -chardev
> socket,id=charnet0,path=/var/lib/libvirt/qemu/vhu189ade8e-3b: Failed to
> connect socket: Permission denied*
>
>
>
>
>
> *On the QEMU log:*
>
> 2016-03-26 13:58:35.479+: starting up libvirt version: 1.2.16,
> package: 1.2.16-2ubuntu11.15.10.4~cloud0, qemu version: 2.3.0 (Debian
> 1:2.3+dfsg-5ubuntu9.2~cloud0)
>
> LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin
> QEMU_AUDIO_DRV=none /usr/bin/kvm-spice -name instance-000c -S -machine
> pc-i440fx-vivid,accel=kvm,usb=off -m 512 -realtime mlock=off -smp
> 1,sockets=1,cores=1,threads=1 -uuid dbe34ace-960e-4915-884a-5a30b8ec896d
> -smbios type=1,manufacturer=OpenStack Foundation,product=OpenStack
> Nova,version=12.0.3,serial=----002590883f20,uuid=dbe34ace-960e-4915-884a-5a30b8ec896d,family=Virtual
> Machine -no-user-config -nodefaults -chardev
> socket,id=charmonitor,path=/var/lib/libvirt/qemu/instance-000c.monitor,server,nowait
> -mon chardev=charmonitor,id=monitor,mode=control -rtc
> base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=discard -no-hpet
> -no-shutdown -boot strict=on -kernel
> /opt/stack/data/nova/instances/dbe34ace-960e-4915-884a-5a30b8ec896d/kernel
> -initrd
> /opt/stack/data/nova/instances/dbe34ace-960e-4915-884a-5a30b8ec896d/ramdisk
> -append root=/dev/vda console=tty0 console=ttyS0 -device
> piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive
> file=/opt/stack/data/nova/instances/dbe34ace-960e-4915-884a-5a30b8ec896d/disk,if=none,id=drive-virtio-disk0,format=qcow2,cache=none
> -device
> virtio-blk-pci,scsi=off,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1
> -drive
> file=/opt/stack/data/nova/instances/dbe34ace-960e-4915-884a-5a30b8ec896d/disk.config,if=none,id=drive-ide0-1-1,readonly=on,format=raw,cache=none
> -device ide-cd,bus=ide.1,unit=1,drive=drive-ide0-1-1,id=ide0-1-1 -chardev
> socket,id=charnet0,path=/var/lib/libvirt/qemu/vhu189ade8e-3b -netdev
> type=vhost-user,id=hostnet0,chardev=charnet0 -device
> virtio-net-pci,netdev=hostnet0,id=net0,mac=fa:16:3e:bd:cb:d6,bus=pci.0,addr=0x3
> -chardev
> file,id=charserial0,path=/opt/stack/data/nova/instances/dbe34ace-960e-4915-884a-5a30b8ec896d/console.log
> -device isa-serial,chardev=charserial0,id=serial0 -chardev
> pty,id=charserial1 -device isa-serial,chardev=charserial1,id=serial1 -vnc
> 10.183.254.64:0 -k en-us -device cirrus-vga,id=video0,bus=pci.0,addr=0x2
> -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5 -msg timestamp=on
>
> *2016-03-26T13:58:36.235874Z qemu-system-x86_64: -chardev
> socket,id=charnet0,path=/var/lib/libvirt/qemu/vhu189ade8e-3b: Failed to
> connect socket: Permission denied*
>
>
>
> We verified in our setup that we have given user/group as ‘root/root’ in
> etc/libvirt/qemu.conf and also
>
> affirmed that our ovs-vswitchd runs as ‘root’ with DPDK enabled.
>
>
>
> The ‘vhuxxx’ ports are appearing in /var/lib/libvirt/qemu which is the
> vsock_host_dir folder that we have configured
>
> for ovs-vswitchd as well as in Nova.
>
> srwxr-xr-x 1 root root0 Mar 26 20:12 vhu98c8f690-41
>
>
>
> But QEMU is not able to complete attaching the VM to the vhostdpdkuser
> port.
>
> We included "/var/lib/libvirt/qemu" which is the vhost_sock_dir into
> cgroup_device_acl as well.
>
>
>
> And we also tried to put ‘security_driver’ to ‘None’ in qemu.conf to see
> if that helps (just to remove any bearing on SELinux (or) apparmor), but
> that
>
> didn’t help either.
>
>
>
> Highly Appreciate any tips.
>
>
>
> --
>
> Thanks,
>
>
>
> Vivek
>

Hello,

Maybe you're facing this BUG:

Ownership/Permissions o

[Openstack] March 29 Price Increase - OpenStack Summit Austin

2016-03-28 Thread Kendall Waters 
Hi everyone,

Prices for the Austin Summit will be increasing on Tuesday, March 29 at 11:59pm 
PT (Wednesday, March 30 at 6:59 UTC).

Register NOW  
before prices increase.

All discount registration codes (including ATC, speaker, sponsor, etc.) must be 
redeemed by April 19.

If you have any Summit-related questions, please contact sum...@openstack.org 
.

Cheers,
Kendall

Kendall Waters
OpenStack Marketing
kend...@openstack.org


___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] [Fuel] How to configure Xen + Libvirt using Fuel 8.0

2016-03-28 Thread Ashish Yadav 
Hi,

Lately, I was trying to deploy the Openstack with Xen + Libvirt on the bare
metal but that whole process can be done quickly using fuel which I came
across while searching for solution for the above problem.

For that reason, I want to know is that how may I change the default
hyervisor from Qemu/KVM to Xen not (Xenserver from Citrix). Is there any
plugin for Xen hypervisor in Fuel so that I can select that at the time of
initialization.

Please let me know if that is possible or not. I am waiting for for your
reply.

--Regards
Ashishkumar S. Yadav
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] [Nova] [DPDK] [Liberty] Issues in booting VMs via Nova onto DPDK-enabled OVS

2016-03-28 Thread N Vivekanandan 
Hi Openstack Team,

We were trying to boot VMs via Openstack Nova (off Liberty release) into 
DPDK-enabled OVS instances.
Our OVS is version 2.5  + DPDK 2.2 + Qemu 2.3 + Libvirt 1.2.16.

We followed the guidelines here for installation of OVS Datapath and enable 
them for DPDK:
https://github.com/openvswitch/ovs/blob/master/INSTALL.DPDK.md

Howeve,r we were not able to get the VMs booted successfully via Nova.   When 
we attempted to boot the VMs , they went into error state.
The vhostdpdkuser ports got created in the OVS-DPDK instance, but Libvirt 
Driver invoked by Nova, could not successfully attach this port to the VM.

We got these set of errors in libvirtd.log whenever we booted the VMs:
2016-03-26 13:57:20.535+: 7354: error : virSecurityDriverLookup:80 : 
unsupported configuration: Security driver apparmor not enabled
2016-03-26 13:57:51.007+: 7339: error : virNetSocketReadWire:1520 : End of 
file while reading data: Input/output error
2016-03-26 13:58:36.293+: 7341: error : qemuMonitorOpenUnix:358 : failed to 
connect to monitor socket: No such process
2016-03-26 13:58:36.293+: 7341: error : qemuProcessWaitForMonitor:2113 : 
internal error: process exited while connecting to monitor: 
2016-03-26T13:58:36.235874Z qemu-system-x86_64: -chardev 
socket,id=charnet0,path=/var/lib/libvirt/qemu/vhu189ade8e-3b: Failed to connect 
socket: Permission denied


On the QEMU log:
2016-03-26 13:58:35.479+: starting up libvirt version: 1.2.16, package: 
1.2.16-2ubuntu11.15.10.4~cloud0, qemu version: 2.3.0 (Debian 
1:2.3+dfsg-5ubuntu9.2~cloud0)
LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin 
QEMU_AUDIO_DRV=none /usr/bin/kvm-spice -name instance-000c -S -machine 
pc-i440fx-vivid,accel=kvm,usb=off -m 512 -realtime mlock=off -smp 
1,sockets=1,cores=1,threads=1 -uuid dbe34ace-960e-4915-884a-5a30b8ec896d 
-smbios type=1,manufacturer=OpenStack Foundation,product=OpenStack 
Nova,version=12.0.3,serial=----002590883f20,uuid=dbe34ace-960e-4915-884a-5a30b8ec896d,family=Virtual
 Machine -no-user-config -nodefaults -chardev 
socket,id=charmonitor,path=/var/lib/libvirt/qemu/instance-000c.monitor,server,nowait
 -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew 
-global kvm-pit.lost_tick_policy=discard -no-hpet -no-shutdown -boot strict=on 
-kernel 
/opt/stack/data/nova/instances/dbe34ace-960e-4915-884a-5a30b8ec896d/kernel 
-initrd 
/opt/stack/data/nova/instances/dbe34ace-960e-4915-884a-5a30b8ec896d/ramdisk 
-append root=/dev/vda console=tty0 console=ttyS0 -device 
piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive 
file=/opt/stack/data/nova/instances/dbe34ace-960e-4915-884a-5a30b8ec896d/disk,if=none,id=drive-virtio-disk0,format=qcow2,cache=none
 -device 
virtio-blk-pci,scsi=off,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1
 -drive 
file=/opt/stack/data/nova/instances/dbe34ace-960e-4915-884a-5a30b8ec896d/disk.config,if=none,id=drive-ide0-1-1,readonly=on,format=raw,cache=none
 -device ide-cd,bus=ide.1,unit=1,drive=drive-ide0-1-1,id=ide0-1-1 -chardev 
socket,id=charnet0,path=/var/lib/libvirt/qemu/vhu189ade8e-3b -netdev 
type=vhost-user,id=hostnet0,chardev=charnet0 -device 
virtio-net-pci,netdev=hostnet0,id=net0,mac=fa:16:3e:bd:cb:d6,bus=pci.0,addr=0x3 
-chardev 
file,id=charserial0,path=/opt/stack/data/nova/instances/dbe34ace-960e-4915-884a-5a30b8ec896d/console.log
 -device isa-serial,chardev=charserial0,id=serial0 -chardev pty,id=charserial1 
-device isa-serial,chardev=charserial1,id=serial1 -vnc 10.183.254.64:0 -k en-us 
-device cirrus-vga,id=video0,bus=pci.0,addr=0x2 -device 
virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5 -msg timestamp=on
2016-03-26T13:58:36.235874Z qemu-system-x86_64: -chardev 
socket,id=charnet0,path=/var/lib/libvirt/qemu/vhu189ade8e-3b: Failed to connect 
socket: Permission denied

We verified in our setup that we have given user/group as 'root/root' in 
etc/libvirt/qemu.conf and also
affirmed that our ovs-vswitchd runs as 'root' with DPDK enabled.

The 'vhuxxx' ports are appearing in /var/lib/libvirt/qemu which is the 
vsock_host_dir folder that we have configured
for ovs-vswitchd as well as in Nova.
srwxr-xr-x 1 root root0 Mar 26 20:12 vhu98c8f690-41

But QEMU is not able to complete attaching the VM to the vhostdpdkuser port.
We included "/var/lib/libvirt/qemu" which is the vhost_sock_dir into 
cgroup_device_acl as well.

And we also tried to put 'security_driver' to 'None' in qemu.conf to see if 
that helps (just to remove any bearing on SELinux (or) apparmor), but that
didn't help either.

Highly Appreciate any tips.

--
Thanks,

Vivek

___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] How to achieve OpenStack compute nodes "HA" ?

2016-03-28 Thread Martinx - ジェームズ 
Guys,

 What about Virtual Machine Asynchronous replication under OpenStack?

 Something like:

 http://wiki.xen.org/wiki/Remus

 Or:

 http://wiki.qemu.org/Features/FaultTolerance

 This way, your can take the power cable off the physical compute node,
that all of your instances will be up and running on second node. No
downtime, not even TCP connection will be lost, like SSH or Windows RDP
sessions!

 Can we make OpenStack aware of Remus? And deal with this? I mean, I think
that OpenStack must create two instances, and put it in sync, when you
launch one instance that must be under H.A.. Looks like "quantum
entanglement" for Virtual Machines...   :-P

 I know that there are something similar to Remux (Xen) for QEmu, called
Kemari but, I don't know if it is under development...

 http://www.linux-kvm.org/images/0/0d/0.5.kemari-kvm-forum-2010.pdf

 Remus Xen:

 https://www.youtube.com/watch?v=2jV4lOgFJMY

 Kemari QEMu:

 https://www.youtube.com/watch?v=YrVNZG77PhY

Cheers!
Thiago

On 19 March 2016 at 00:09, Shinobu Kinjo  wrote:

> Thank you for the pointer.
> This project is a bit old, isn't it? Is it still on going ... no??
>
> Have a nice weekend too.
>
> Cheers,
> S
>
> On Sat, Mar 19, 2016 at 11:30 AM, CHOW Anthony
>  wrote:
> >
> https://blueprints.launchpad.net/nova/+spec/dynamic-consolidation-of-virtual-machines
> >
> > Seems like this is a feature under Nova.
> >
> > Nowadays with the Big Tent approach, we cannot rely on GitHub and
> StackForge to see if it is a full OpenStack "project".
> >
> > Have a nice weekend,
> >
> > Anthony.
> >
> > -Original Message-
> > From: Shinobu Kinjo [mailto:shinobu...@gmail.com]
> > Sent: Friday, March 18, 2016 6:54 PM
> > To: Jean-Pierre Ribeauville
> > Cc: openstack@lists.openstack.org
> > Subject: Re: [Openstack] How to achieve OpenStack compute nodes "HA" ?
> >
> > What is *this* project?
> >
> > Cheers,
> > S
> >
> > On Fri, Mar 18, 2016 at 10:28 PM, Jean-Pierre Ribeauville <
> jpribeauvi...@axway.com> wrote:
> >> Hi,
> >>
> >> Good point.
> >>
> >> I was only aware of  OpenStack Neat project .
> >>
> >> Are these talks related to this project ?
> >>
> >> BTW, is there a chance that RedHat OpenStack Platform  offers this
> feature ?
> >>
> >> Thx for help.
> >>
> >> Regards,
> >>
> >>
> >> J.P.
> >>
> >> -Original Message-
> >> From: Danny Abukalam [mailto:danny.abuka...@codethink.co.uk]
> >> Sent: jeudi 17 mars 2016 12:56
> >> To: Jean-Pierre Ribeauville
> >> Cc: openstack@lists.openstack.org
> >> Subject: Re: [Openstack] How to achieve OpenStack compute nodes "HA" ?
> >>
> >> Jean-Pierre,
> >>
> >> In case you're not already aware of it, just a quick pointer to a talk
> that will cover this exact topic at the summit:
> >>
> >> https://www.openstack.org/summit/austin-2016/summit-schedule/events/73
> >> 27
> >>
> >> Thanks,
> >>
> >> Danny
> >>
> >> On 16/03/16 16:13, Jean-Pierre Ribeauville wrote:
> >>> Hi,
> >>>
> >>> I'm quite a newbie  in Openstack HA stuff.
> >>>
> >>> My concern is the following :
> >>>
> >>> By using a two compute nodes infrastructure ( with shared iSCSi
> >>> storage) , I want to build an Openstack  environment  which offers
> >>> automatic Guest migration from a compute node to the second one.
> >>>
> >>> I presume that these two compute nodes must be part of a "cluster".
> >>>
> >>> I'm a little bit lost in all docs I 've found related to Openstack HA
> stuff.
> >>>
> >>> As I understood HA for two controller nodes , I don't see clearly the
> >>> equivalent for the compute nodes.
> >>>
> >>> Any hint  to clarify the infrastructure and softwares pieces  ( in
> >>> addition to  all 'classical"  OpenStack components)  I need ?
> >>>
> >>> Thanks  for help.
> >>>
> >>> Regards,
> >>>
> >>> Jean-Pierre RIBEAUVILLE
> >>>
> >>> +33 1 4717 2049
> >>>
> >>> axway_logo_tagline_87px
> >>>
> >>>
> >>>
> >>> ___
> >>> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >>> Post to : openstack@lists.openstack.org
> >>> Unsubscribe :
> >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >>>
> >>
> >> ___
> >> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >> Post to : openstack@lists.openstack.org
> >> Unsubscribe :
> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >
> >
> >
> > --
> > Email:
> > shin...@linux.com
> > GitHub:
> > shinobu-x
> > Blog:
> > Life with Distributed Computational System based on OpenSource
> >
> > ___
> > Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > Post to : openstack@lists.openstack.org
> > Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >
> > ___
> > Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > Post to : openstack@li