[Openstack] Why security guide advise against uwsgi for deploying horizon with nginx?

HI all, I'm trying to deploy horizon with nginx, and to my surprise, the security guide advice against uwsgi, which is the WSGI server of choice for all my other WSGI apps. In the security guide [1], it says When using nginx, we recommend gunicorn

Re: [Openstack] How to mirror ubuntu cloud archive?

On Mon, Aug 18, 2014 at 1:00 PM, Thomas Goirand wrote: > On Mon Aug 18 2014 12:24:03 PM HKT, gustavo panizzo (gfa) < > g...@zumbi.com.ar> wrote: > > > apt-mirror should be able to mirror it > > there's that, reprepro, aptly, and more... > > Thomas > > Thanks, I didn't know about aptly. aptly webs

[Openstack] How to mirror ubuntu cloud archive?

Hi stackers, The ubuntu cloud archive hosts latest openstack packages for ubuntu LTS releases. https://wiki.ubuntu.com/ServerTeam/CloudArchive Is there a rsync interface to mirror it? rsync rsync://ubuntu-cloud.archive.canonical.com/ returns no modules. -- *YY Inc. is hiring* openstack and py

Re: [Openstack] Problem with Keystone on Debian 7

> so I create a special admin via > keystone user-create --name dsp --pass 123 > keystone user-role-add --name dsp --role admin --tenant admin > then I unset OS_SERVICE_TOKEN > and try to get the user-role-list via > keystone --debug --os-username=dsp --os-auth-url= > http://172.23.56.78:35357/v2.0

Re: [Openstack] where is the RESTful api for nova in source code

On Fri, Aug 15, 2014 at 11:14 AM, zhchaobey...@gmail.com < zhchaobey...@gmail.com> wrote: > Hi,List: > i added a simple function to nova ,and want to call it by RESTful api > exists now.i wander where is the RESTful api for nova in source code and > some tutorial for developer. > thanks a

Re: [Openstack] Problem with Keystone on Debian 7

On Tue, Aug 12, 2014 at 4:42 PM, Daniel Spiekermann < daniel.spiekerm...@fernuni-hagen.de> wrote: > Hi all, > > I'm new to Openstack, and now have some problems with the installation of > OS Havana on Debian 7. > I used the official document for Debian 7(http://docs.openstack.org/ > icehouse/insta

Re: [Openstack] CentOS 6.5 cloud-init growpart/resizefs does not work on first boot.

> >> > After a reboot, the relevant cloud-init logs: > >> > === > >> > cc_growpart.py[DEBUG]: '/' NOCHANGE: no change necessary (/dev/vda, 1) > >> > util.py[DEBUG]: Resizing took 13.776 seconds > >> > cc_resizefs.py[DEBUG]: Resized root filesystem (type=ext4, val=Tru

Re: [Openstack] CentOS 6.5 cloud-init growpart/resizefs does not work on first boot.

On Wed, Aug 6, 2014 at 2:05 PM, Juerg Haefliger wrote: > Hi, > > > On Wed, Aug 6, 2014 at 4:35 AM, sylecn wrote: > > > > Hi stackers, > > > > I have come across this problem of growpart/resizefs not working with > CentOS 6.5 Cloud image on first boot. >

[Openstack] CentOS 6.5 cloud-init growpart/resizefs does not work on first boot.

Hi stackers, I have come across this problem of growpart/resizefs not working with CentOS 6.5 Cloud image on first boot. Here is the relevant config in cloud.cfg == growpart: mode: auto devices: ["/"] resize_rootfs: True resize_rootfs_tmp: /dev cloud_init_modules

Re: [Openstack] ask - Multiple External Network and Multiple NIC

Hi, vm1eth0localnet - externalnet--Internet > vm1eth1---localnet 1-- externalnet1 - Internet > > I have confidence this works. The logical network topology will look like this: externalnetexternalnet1 ||

Re: [Openstack] Cannot access metadata

Hi, The metadata service is only accessible from within VM. Did the VM get IP address from DHCP server? Where did you run the curl command? Do you have access to the VM? My suggestions: 1. check whether the instance get IP correctly and can connect to nova and neutron node. 2. check whether neutr

Re: [Openstack] [OpenStack] [nova] Is there any method to record the operation of a nova user

On Fri, Jun 27, 2014 at 7:32 PM, sylecn wrote: > > On Fri, Jun 27, 2014 at 5:03 PM, yangmin zhu wrote: > >> Hi all, >> I want to record a user's operation for later audit purpose. For >> example, A user may start/reboot/shutdown a VM using nova command from &g

Re: [Openstack] [OpenStack] [nova] Is there any method to record the operation of a nova user

On Fri, Jun 27, 2014 at 5:03 PM, yangmin zhu wrote: > Hi all, > I want to record a user's operation for later audit purpose. For > example, A user may start/reboot/shutdown a VM using nova command from > terminal or using the dashboard from browser. > > How can I record this action and it's resul

Re: [Openstack] Issue with Security Groups

On Thu, Jun 26, 2014 at 9:37 AM, Muralidhar Balcha wrote: > > Hi, > I am using Openstack havana and I am using default security group with > my own set of new rules added to the security group to enable ssh into > instances. I am noticing that occasionally nova drops those > corresponding rules fr

Re: [Openstack] Fwd: Issue with Horizon

Sorry. I think I have missed the "continuous use" part. Are you saying horizon session just timeout while it should have not? -- *YY Inc. is hiring openstack and python developers. Interested? Check http://www.nsbeta.info/jobs * -- Thanks, Yuanle __

Re: [Openstack] Fwd: Issue with Horizon

On Tue, May 20, 2014 at 7:06 AM, vibhu wrote: > Hi Folks, > I am running into an issue with Horizon where after few hours of > continuous use the system starts misbehaving.Each click on different panels > actually end up going to the login page. > Have tried reopening the browser but to no avail.

Re: [Openstack] Openstack deployment with DPDK?

On Wed, May 7, 2014 at 10:25 AM, BYEONG-GI KIM wrote: > Hi all, > > I hear that the new Openstack version, Icehouse, has been released in > April. In this version, is DPDK vSwitch supported as an alternative of the > current Open vSwitch for Openstack deployment? > > > Hi, The list of plugins sup

Re: [Openstack] Multiple fixed IPs

On Tue, May 6, 2014 at 1:52 PM, Matej wrote: > Hi Yuanle, > > thanks for this very useful information. I have tried to update the > existing port and was getting > Duplicated options --fixed-ip > subnet_id=2d30ade0-5713-4857-b610-9ab29453ab92 --fixed-ip > subnet_id=2d30ade0-5713-4857-b610-9ab2945

Re: [Openstack] Multiple fixed IPs

> However, I would like to set-up more than one public IP to the instance. I > set up an IP address for interface (for example eth0:0) in the virtual > instance, but the traffic doesn't go past Neutron. > > > Hi Matej, Bind additional IP on eth0:0 would not work because OVS does not route traffic

Re: [Openstack] nova metadata api w/Neutron

On Tue, Apr 22, 2014 at 4:57 AM, Aaron Knister wrote: > I just spent a couple hours trying to figure this out so I thought I'd > share. > > I'm using the stackforge puppet modules and writing my own integration > module to pull the individual modules together. That allows me to integrate > better

Re: [Openstack] [Neutron] one virtual port with two IP, what is the best way to bind the addresses in VM?

On Sun, Apr 13, 2014 at 9:57 PM, Ashok Kumaran wrote: > > > > On Sun, Apr 13, 2014 at 11:06 AM, sylecn wrote: > >> Hi all, >> >> neutron port-create usually allocate one IP with one port, but in a >> recent use case, I need to allocate two IP addresses

Re: [Openstack] [Neutron] one virtual port with two IP, what is the best way to bind the addresses in VM?

On Mon, Apr 14, 2014 at 3:48 AM, gustavo panizzo wrote: > if you manually configure the second ip, can you ping it? > Yes. The outside world can see both IPs. *YY Inc. is hiring openstack and python developers. Interested? Check http://www.nsbeta.info/jobs * -- T

[Openstack] [Neutron] one virtual port with two IP, what is the best way to bind the addresses in VM?

Hi all, neutron port-create usually allocate one IP with one port, but in a recent use case, I need to allocate two IP addresses on one port. I am glade to see it is already supported by neutron. The vm also boots fine with the virtual port. Problem is vm is configured to get address from DHCP an

Re: [Openstack] Controller and network services in same node

Hi, The minimum requirement is 1 node and 1 physical network interface. I was confused by the installation docs when I started, but it turns out 1 NIC (+ several OVS bridges) is enough to get openstack with neutron running. *YY Inc. is hiring openstack and python developers. Interested? Check ht

Re: [Openstack] The Dashboard not accessible

Hi Jay and Mandar, Does the 2nd comment in this bug fix your problem? https://bugs.launchpad.net/horizon/+bug/1125622 In Havana, I see import base at the top of all imports: from openstack_dashboard.api import base from openstack_dashboard.api import ceilometer from openstack_dashboard.api impo

Re: [Openstack] Some problems with horizon

Hi, You already noticed nova can't connect to rabbitmq. Have you fixed the credentials in nova.conf? These two logs have nothing to do with dashboard access though. You need to check apache/horizon's log to locate the dashboard problem. *YY Inc. is hiring openstack and python developers. Intere

Re: [Openstack] Visualize network topology

Hi, Just FYI, horizon already provides the visualization part. It's in "Network Topology" tab. Creating a network topology by drag and drop will be more challenging since neutron can fail in varies ways, especially when you want to support many different topologies in one cluster. Neutron api is

Re: [Openstack] The Dashboard not accessible

x27;] = 'openstack_dashboard.settings' > sys.stdout = sys.stderr > > DEBUG = False > > application = django.core.handlers.wsgi.WSGIHandler() > === > > Thanks. > Mandar > > > On Wed, Mar 12, 2014 at 10:59 AM, sylecn wrote: > >> Hi Mandar, >

Re: [Openstack] The Dashboard not accessible

Hi Mandar, The import error means /usr/share/openstack-dashboard/ is not in python's sys.path. Did you install horizon from system package? Which distro and horizon version did you run? Paste the apache site file and horizon's wsgi file would be helpful to debug this problem. On ubuntu, apache s

Re: [Openstack] neutron configuration problem

Hi Ghassen, First I would check whether neutron api is running (status neturon-server), if it is, which port (netstat -ntlp) and IP it is configured to listen on. Then check how you register neutron endpoint in keystone. Are there any firewall blocking connection from client to keystone and from

Re: [Openstack] Progress bar for image create in python-glanceclient

Hi Alex, I think the progress attribute should be there on the query api. i.e. nova.images.get(uuid). After the create command, you get the new image's id, then just query on it on intervals that you see appropriate. *YY Inc. is hiring openstack and python developers. Interested? Check http://w

Re: [Openstack] [openstack] [neutron] how to config one l3 agent for each l3 router?

t; > is not what you ask for, but is the closest thing i've seen > > also check if your pkgs have this patch applied > > https://review.openstack.org/#/c/59359/ > > > On 03/05/2014 09:21 AM, sylecn wrote: > > > > I started two l3 agents on two nodes. In l3_

[Openstack] [openstack] [neutron] how to config one l3 agent for each l3 router?

Hi all, I'm experimenting to config one l3 agent for each l3 router. I'm running Havana with neutron + OVS with GRE. AFAIK when using virtual tenant network as fixed ip, when vm access the internet, all traffic will go through l3 agent/router (NAT), then to router's gateway. If floating ip is us

Re: [Openstack] unable to ping google.com

Hi, Have you tried directly ping 74.125.236.206 or 8.8.8.8? Have you enabled icmp in security groups? What kind of network topology are you using? *YY Inc. is hiring openstack and python developers. Interested? Check http://www.nsbeta.info/jobs * -- Thanks, Yuanle

Re: [Openstack] Image Network+SWAP

Hi Georgios, 1. I haven't seen that problem in my environment using pre-build cloud images. But I haven't build an image from scratch myself except using the magic "build-openstack-debian-image" command in debian. But this is certainly not the expected behavior. A well-built cloud image should

Re: [Openstack] problem in configuring Graphite databases

Hi Pragya, In the guide you mentioned, django and graphite components are installed via system package and tar.gz files. It would be easier if you create a virtualenv and install graphite via pip. It's already mentioned that the problem may be the django version is too old. I guess that is still

Re: [Openstack] nova-api-metadata dependencies

Hi, >From your output, I see you are running 2013.2.2. In this release, nova-api-metadata is not needed. The metadata service is included in nova-api and it is enabled by default in /etc/nova/nova.conf (enabled_apis=ec2,osapi_compute,metadata). Thanks, Yuanle On Mon, Feb 24, 2014 at 4:13 PM, Ra

Re: [Openstack] packages for release 2013.2.2

Hi Cristina, It will take a while for upstream to checkout and package the new release and make them available. For ubuntu, it will be in the same cloud-archive:havana ppa. -- Yuanle On Mon, Feb 17, 2014 at 4:45 PM, Cristina Aiftimiei wrote: > Hi, > > according to https://wiki.openstack.org/wi

Re: [Openstack] Neutron (Havana) configuration on Ubuntu

Hi Ross, 1. Make sure you have enabled ping (ICMP) in security groups. The default security groups does not allow ping. neutron security-group-rule-create --direction ingress --protocol icmp $SG_ID I suggest you explicitly create security group and use that when you boot instance. In

Re: [Openstack] [horizon][urls rule]what and how

Horizon is just a django app. For urlconf, check django's document: https://docs.djangoproject.com/en/1.6/topics/http/urls/ Thanks, Yuanle On Wed, Jan 22, 2014 at 12:23 PM, 王飞 wrote: > Hi,all: > My study at horizon src has been going on for some time.Now I > could create a penal on it

[Openstack] [Nova] libvirtError: Failed to terminate process X with SIGKILL: Device or resource busy

Hi all, Under some conditions, I see this error in nova show . | fault| {u'message': u'Failed to terminate process 956 with SIGKILL: Device or resource busy', u'code': 500, u'created': u'2014-01-21T10:10:32Z'} | After that delete/reboot/destroy/rebuild that instan

Re: [Openstack] [openstack]No option to specify subnet to launch an instance

Hi Ageeleshwar, "neutron port-create" supports choosing subnet via the --fixed-ip option, although it might not be obvious. --fixed-ip ip_address=IP_ADDR desired IP for this port: subnet_id=,ip_address=, (This option can be

Re: [Openstack] Neutron metadata agent

Hi, Do you have these settings in nova.conf: service_neutron_metadata_proxy=True neutron_metadata_proxy_shared_secret= Thanks, Yuanle On Fri, Jan 10, 2014 at 8:24 PM, Mārtiņš Jakubovičs wrote: > Hello, > > How can I debug neutron metadata agent? Problem is, that this service is > not working

Re: [Openstack] Using KVM for Large Infrastructures

Openstack supports restricting IOPS for libvirt+KVM based vm. https://wiki.openstack.org/wiki/InstanceResourceQuota You can restrict disk and network IO. It's implemented using libvirt + cgroups. Thanks, Yuanle On Thu, Jan 9, 2014 at 10:17 PM, Mridhul Pax wrote: > Hello Stackers, > > Any on

Re: [Openstack] need configration for Vm network should communicate with seconf NIC

Hi Sathya, You need to tell us more information. Do you use nova-network or neutron? Did all openstack services including cloud controller and compute node run on that single ubuntu host? Thanks, Yuanle On Fri, Jan 10, 2014 at 3:40 PM, Sathyanarayana Pvr < sathyanarayana@tcs.com> wrote: >

Re: [Openstack] No valid host was found

Hi Danny, You can enable debug in nova.conf to get more detailed log on why no valid host was found. Add this to nova.conf and restart nova scheduler: debug=True Thanks, Yuanle On Thu, Jan 9, 2014 at 11:06 PM, Danny Roberts wrote: > I am running OpenStack Havana on CentOS 6.5 using 1 control

Re: [Openstack] [Neutron] slow download speed inside vm [Resolved]

normal. Thanks, Yuanle On Wed, Jan 1, 2014 at 1:29 PM, sylecn wrote: > > Hi Thiago, > > The Network Node is a physical server. GRO does affect network much. When > GRO is on on the neutron node, from outside to VM bandwidth is about > 60Mbps. When it is turned off, from outside

[Openstack] [Neutron] where is the link to latest network admin guide

Hi all, The network admin guide was at http://docs.openstack.org/network-admin/admin/content/ch_adv_features.html, but the link has been down for a while, it just redirects to cloud admin guide, which is not the same thing. Google did not tell me the new link. FYI I can find the grizzly network a

Re: [Openstack] [Neutron] slow download speed inside vm

tual Machine, or a physical server? If it is a VM (KVM), you'll need to > turn GRO off at the hypervisor too. > > Happy new year! > > Cheers! > Thiago > > > On 31 December 2013 13:55, sylecn wrote: > >> Hi all, >> >> I have come across a netw

[Openstack] [Neutron] slow download speed inside vm

Hi all, I have come across a network problem when doing network performance testing. From vm, wget a file on external network is much slower than expected. The network is setup like this [1]. To download a file, packets travel from target server public ip to public ip on neutron node, via iptabl

[Openstack] [Nova] enable hyper-threading or not?

Hi all, I notice in ops guide [1], it mentioned that whether to enable hyper-threading depends on use case. I'd like to hear some real world experience on this topic. Do you enable hyper-threading in your openstack cluster? Does it matter at all for your use case? My current use case is java bas

Re: [Openstack] [Nova] scheduling new instance fail when host aggregates are enabled

uanle On Fri, Dec 13, 2013 at 12:48 PM, sylecn wrote: > > I think I should post the log message here in case someone here knows what > is the problem: > > 2013-12-13 12:24:15.267 16982 DEBUG > nova.scheduler.filters.compute_capabilities_filter > [req-67cbd36a-f

Re: [Openstack] [Nova] scheduling new instance fail when host aggregates are enabled

.geocast.net, ceph3.geocast.net) ram:1339 disk:273408 io_ops:0 instances:3 fails instance_type extra_specs requirements host_passes /usr/lib/python2.7/dist-packages/nova/scheduler/filters/compute_capabilities_filter.py:73 Thanks, Yuanle On Fri, Dec 13, 2013 at 12:36 PM, sylecn wrote: > Thanks

Re: [Openstack] [Nova] scheduling new instance fail when host aggregates are enabled

start nova > scheduler /etc/init.d/openstack-nova-scheduler restart. > > Thanks, > > Jay > > > 2013/12/13 sylecn > >> Hi, >> >> I have enabled host aggregates to aid scheduling instances on hosts >> with cpus of the same type (in order to test live mig

[Openstack] [Nova] scheduling new instance fail when host aggregates are enabled

after updating nova.conf. sylecn@vboxw1:~/projects/openstack-deploy$ bin/nova flavor-show lm.c1 ++--+ | Property | Value| ++---

Re: [Openstack] [neutron] provider router with private networks, can not ping private IP and floating IP [RESOLVED]

tenant. If not, create vm works, but delete vm and other action may fail. The related bug report is here: https://bugs.launchpad.net/nova/+bug/1246258 -- Yuanle On Mon, Nov 18, 2013 at 12:51 PM, sylecn wrote: > Hi Remo, > > That is a good point. > I am using the CirrOS 0.3.1 image to

Re: [Openstack] [neutron] provider router with private networks, can not ping private IP and floating IP

; You could chk if your vm has the ip do not chk from the dashboard because > you may see the ip but the vm may not have it. > > Let us know > > Inviato da iPhone () > > Il giorno Nov 17, 2013, alle ore 17:24, sylecn ha > scritto: > > I have enabled namespace, but I

Re: [Openstack] [neutron] provider router with private networks, can not ping private IP and floating IP

packets:50 errors:0 dropped:0 overruns:0 frame:0 TX packets:36 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2624 (2.6 KB) TX bytes:2000 (2.0 KB) On Mon, Nov 18, 2013 at 9:24 AM, sylecn wrote: > I have enabled namespace, but I did not

Re: [Openstack] [neutron] provider router with private networks, can not ping private IP and floating IP

00% packet loss, time 12061ms pipe 3 root@172-17-6-68:/var/log/neutron# Using ip netns exec qdhcp-* ping, I can ping 10.0.1.1 and 10.0.1.2. However, ping 10.0.1.3 still fail. On Mon, Nov 18, 2013 at 12:59 AM, Kyle Mestery (kmestery) < kmest...@cisco.com> wrote: > On Nov 17, 2013, at 2

Re: [Openstack] [neutron] provider router with private networks, can not ping private IP and floating IP

Thanks for the information. Now I have configured a provider router based network, with Open vSwitch GRE tunnels. Here is the network topology: external network: 172.17.0.0/16 external network physical router: 172.17.0.1 neutron node IP: 172.17.6.68 virtual provider router: 172.17.6.70 virtual

[Openstack] Is single physical network interface neutron config possible?

Hi stackers, I am configuring an openstack installation for testing and development. Currently the setup is Node 1: keystone, nova controller, neutron Node 2: nova-compute (with neutron for computer node) Node 3: cinder Node 4: glance, horizon Each node has only one physical network interface.