Re: [Openstack-operators] 2017 Openstack Operators Mid-Cycle Meetups - venue selection etherpads

more time in> groups with ops for requirements gathering and such.>> -Erik>>> On Oct 27, 2016 11:05 AM, "Jesse Keating" > <mailto:omg...@us.ibm.com>> wrote:>>     I may have missed something, but why aren't we meeting at the>     Project Technica

Re: [Openstack-operators] 2017 Openstack Operators Mid-Cycle Meetups - venue selection etherpads

I may have missed something, but why aren't we meeting at the Project Technical Gathering, which is at the end of February in Atlanta?   I understand that this mid-cycle is targeting EU, which is totally awesome; and if that happens, will there also be operator focused sessions and such at the PTG?

Re: [Openstack-operators] Kilo ->-> Mitaka anyone have notes :)

That's strange, this very command has worked for every environment we've tried, Kilo -> Mitaka. No errors, successful appearing migration, continued Nova operation after the fact.   Maybe I'm missing something. I realize it's untested, but the sync command does not fail. -jlk     - Original mes

Re: [Openstack-operators] Upgrade OpenStack Juno to Mitaka

I'll offer a counter point.   We're not doing Juno to Mitaka, however we are doing Kilo to Mitaka, skipping over Liberty.   The database migrations to get from Kilo to Mitaka have ran smoothly for us.   https://github.com/blueboxgroup/ursula/blob/master/upgrade.yml -jlk     - Original message -

Re: [Openstack-operators] [Rally] Scale testing of openstack

If you have multiple networks, you have to define the one you want used. You can define it in the json.   In the args you need to add a nics block, that defines the net-id of the network you need. -jlk     - Original message -From: Akshay Kumar Sanghai To: Dina Belova Cc: openstack-operator

Re: [Openstack-operators] What are you excited for in Mitaka?

Perhaps I was confused by the wording I found at http://docs.openstack.org/liberty/networking-guide/migration-classic-to-l3ha.html   I was looking for a way to do it on Kilo :( -jlk     - Original message -From: "Clayton O'Neill" To: Jesse Keating/Seattle/IBM@IBMUSCc: open

Re: [Openstack-operators] What are you excited for in Mitaka?

I found one. In Mitaka Neutron you can take an existing router and turn it into a HA router. That will make it quite easy to transition older environments into a more stable configuration. Previously we'd have to tear down the router and build a new one, then re-attach all the interfaces. -jlk    

Re: [Openstack-operators] [keystone] RBAC usage at production

ımtepe wrote: > Using a middleware is what we are doing also. Can you give more details > about your structure? Our middleware is like the Rackspace OpenRepose. What > do you use for role definitions? Are you using any backend for Keystone > like LDAP? > > Regards. > > > >

Re: [Openstack-operators] [keystone] RBAC usage at production

We use RBAC, however we've done it based on roles and some middleware. The policy files are essentially static. - jlk On Wed, Dec 9, 2015 at 12:39 AM, Oguz Yarimtepe wrote: > Hi, > > I am wondering whether there are people using RBAC at production. The > policy.json file has a structure that r

Re: [Openstack-operators] Liberty cinder ceph architecture

Cinder volume service just needs to know how to contact the ceph cluster via rbd. It does not need to run on the ceph nodes that has the storage locally. - jlk On Tue, Dec 8, 2015 at 12:26 AM, Ignazio Cassano wrote: > Hi all, I am going to install openstack liberty and I already installed > tw

Re: [Openstack-operators] Cinder V1 endpoints

Reading that linked bug, it does indeed seem like the use of v2 in the path for both volume and volumev2 was indeed a mistake. Further supported by http://lists.openstack.org/pipermail/openstack-operators/2015-December/009092.html It may have been intended for the documentation at the time, but se

Re: [Openstack-operators] Service Catalog TNG urls

We make use of http urls internally for services to talk to each other, but not for human users. All our human users should be using https public url. We don't actually utilize the internalURL framework, instead we use /etc/hosts entries to change the domain resolution of our publicURL entries, and

Re: [Openstack-operators] Cinder V1 endpoints

Yes, that appears to be a documentation error. - jlk On Thu, Dec 3, 2015 at 7:33 AM, Salman Toor wrote: > Hi, > > In the following link of Kilo document the cinder V1 endpoints have v2 in > it. > > > http://docs.openstack.org/kilo/install-guide/install/yum/content/cinder-install-controller-nod

Re: [Openstack-operators] [keystone] Request for Feedback: Online database migrations

These steps seem reasonable, and will help Operators. Thanks for going through this! - jlk On Wed, Dec 2, 2015 at 12:06 PM, Lance Bragstad wrote: > Hey all, > > I wanted to send out a follow up on this. Yesterday in the keystone > meeting we voted on Mitaka specs that we would like to commit t

Re: [Openstack-operators] [keystone] Removing functionality that was deprecated in Kilo and upcoming deprecated functionality in Mitaka

https://github.com/openstack/keystone/blob/master/keystone/server/wsgi.py ) to load a virtualenv at the top with execfile() Neither of these are very good options. - jlk On Mon, Nov 30, 2015 at 12:41 PM, Robert Collins wrote: > On 1 December 2015 at 09:36, Jesse Keating wrote: > > I hav

Re: [Openstack-operators] [keystone] Removing functionality that was deprecated in Kilo and upcoming deprecated functionality in Mitaka

I have an objection to eventlet going away. We have problems with running Apache and mod_wsgi with multiple python virtual environments. In some of our stacks we're running both Horizon and Keystone. Each get their own virtual environment. Apache mod_wsgi doesn't really work that way, so we'd have

Re: [Openstack-operators] OPs Midcycle location discussion.

Lets calm down the negative positioning here. Matt offered his experience in trying what exists today. Others second it (including me). That's not putting a stake in the ground and claiming "THOU SHALT NOT PERMIT REMOTE PARTICIPATION". It's offering an opinion, which is what the point of these th

Re: [Openstack-operators] OPs Midcycle location discussion.

I second Matt's opinion here. We would prefer a singular meeting, regardless of location. - jlk On Mon, Nov 16, 2015 at 9:37 AM, Matt Fischer wrote: > I think that sticking with a singular official one is the plan. It's > difficult enough for the foundation to line up sponsors/hosts etc for a

Re: [Openstack-operators] [openstack-dev] [stable][all] Keeping Juno "alive" for longer.

ould it be to setup a small > group to do this for the community? I’m sure there would be a few people > interested in maintaining it… > > > > *From:* matt [mailto:m...@nycresistor.com] > *Sent:* Friday, November 06, 2015 1:18 PM > *To:* Fox, Kevin M > *Cc:* Jesse Keating; Ope

Re: [Openstack-operators] [openstack-dev] [stable][all] Keeping Juno "alive" for longer.

We (Blue Box, an IBM company) do have a lot of installs on Juno, however we'll be aggressively moving to Kilo, so we are not interested in keeping Juno alive. - jlk On Fri, Nov 6, 2015 at 9:37 AM, Dan Smith wrote: > > Worth mentioning that OpenStack releases that come out at the same time > >

Re: [Openstack-operators] Cannot delete a cinder volume; alternative manual procedure ?

> On Tue, Oct 27, 2015 at 12:43 AM Matt Riedemann < > mrie...@linux.vnet.ibm.com> wrote: > >> >> >> On 6/9/2015 11:28 AM, Jesse Keating wrote: >> > We've used >> > >> https://github.com/snemetz/openstack-scripts/blob/master/cinder-volume-delete.txt >>

Re: [Openstack-operators] Fwd: [openstack-dev] [nova] should we allow overcommit for a single VM?

As an operator, I would have no problem with changing the behavior to match the NUMA case, no single VM should overcommit. I also agree that this type of scenario is unlikely to hit production installs, instead it could potentially hit a lot of CI / staging installs. - jlk On Tue, Aug 18, 2015 a

Re: [Openstack-operators] Scaling the Ops Meetup

On Thu, Jul 2, 2015 at 12:15 PM, Jesse Keating wrote: > >> Honestly I'm fine with the elected board helping to make this decision. >> Folks that want to underwrite the event can submit a proposal to host, >> board picks from the submissions? Having a wide vote on it seem

Re: [Openstack-operators] Scaling the Ops Meetup

Honestly I'm fine with the elected board helping to make this decision. Folks that want to underwrite the event can submit a proposal to host, board picks from the submissions? Having a wide vote on it seems overkill to me. Open call for submissions, board votes. Is that unreasonable? - jlk On

Re: [Openstack-operators] Scaling the Ops Meetup

RE Evening event: I agree it was pretty crowded. Perhaps just a list of area venues for various activities and a sign up board somewhere. Let it happen organically, and everybody is on their own for paying for whatever they do. That way those that may not be into the bar scene don't feel left out b

Re: [Openstack-operators] Scaling the Ops Meetup

Hi Tom, thanks for bringing up the subject. Like many commenters I share some of the same views. I'm very "+1" on preventing vendor booth space from happening. This isn't an event to sell a product, booth space would be wasted on both the attendees and the booth staff. I feel that multiple corpor

Re: [Openstack-operators] Cannot delete a cinder volume; alternative manual procedure ?

We've used https://github.com/snemetz/openstack-scripts/blob/master/cinder-volume-delete.txt with apparent success to delete stuck volumes. - jlk On Tue, Jun 9, 2015 at 6:37 AM, Alvise Dorigo wrote: > Hi, > I've a cinder volume which is permanently in "deleting" state. I cannot > retrace the f

Re: [Openstack-operators] [nova] Can we bump MIN_LIBVIRT_VERSION to 1.2.2 in Liberty?

I'd imagine the use of a Software Collection that includes a newer python for the OpenStack packages, or RHOSP, being purpose built for OpenStack, will take the plunge and upgrade the system python version. - jlk On Fri, May 15, 2015 at 6:46 PM, Tim Bell wrote: > I¹m not seeing an easy solutio

Re: [Openstack-operators] : Using keystone to keystone federation

I'm not sure I understand the question. Can you elaborate some more? - jlk On Sat, May 16, 2015 at 1:12 AM, Kanthi P wrote: > Hi, > > I want to have multiple cloud service providers(of openstack) and a 3rd > party identity provider, keystone in my deployment. > So essentially the endpoints of

[Openstack-operators] Ansible working group at Vancouver summit

Hey all. I'm moderating the Ansible working group session. We have an etherpad where I've tossed some ideas on what to work on: https://etherpad.openstack.org/p/YVR-ops-ansible Please feel free to add more. Our session is at Wednesday, May 20 • 11:00am - 11:40am ( https://libertydesignsummit.sche

Re: [Openstack-operators] [nova] Can we bump MIN_LIBVIRT_VERSION to 1.2.2 in Liberty?

I'm +1 on this. If people want to run Liberty on an old platform, the onus is on them to figure out how to install the relevant deps on that platform. - jlk On Thu, May 14, 2015 at 2:33 PM, Matt Riedemann wrote: > > > On 5/14/2015 3:35 PM, Matt Riedemann wrote: > >> >> >> On 5/14/2015 2:59 PM,

Re: [Openstack-operators] expanding to 2nd location

I agree with Subbu. You'll want that to be a region so that the control plane is mostly contained. Only Keystone (and swift if you have that) would be doing lots of site to site communication to keep databases in sync. http://docs.openstack.org/arch-design/content/multi_site.html is a good read on

Re: [Openstack-operators] [neutron] [QoS] Interface/API for review.

Thanks Miguel! The command line reference set looks good, although I'm curious what the openstackclient version of them will be. I've also left a comment on the spec review. - jlk On Mon, May 4, 2015 at 7:29 AM, Miguel Ángel Ajo wrote: > > Hello, we're working [1] on the QoS API definition a

Re: [Openstack-operators] over commit ratios

A juno feature may help with this, Utilization based scheduling: https://blueprints.launchpad.net/nova/+spec/utilization-aware-scheduling That helps when landing the instance, but doesn't help if utilization changes /after/ instances have landed, but could help with a resize action to relocate the

Re: [Openstack-operators] logging for Keystone on user/project delete/create operations

Standing up Ceilometer (and patching things) just to be able to log this stuff to a file seems rather... heavy handed? We understand that these things are emitted via notifications, but as of right now trying to do anything with those notifications such as simply logging them requires too much addi

Re: [Openstack-operators] What are people using for configuration management? Puppet? Chef? Other?

We are using Ansible. We need the orchestration capability that Ansible provides, particularly for upgrades where pieces have to move in a very coordinated order. https://github.com/blueboxgroup/ursula - jlk On Thu, Mar 26, 2015 at 9:40 AM, Forrest Flagg wrote: > Hi all, > > Getting ready to i

Re: [Openstack-operators] OpenStack services and ca certificate config entries

n’t believe utilizes > httplib2. > > [1] https://code.google.com/p/httplib2/issues/detail?id=292&q=certificate > > On Wednesday, March 25, 2015 at 11:13 AM, Jesse Keating wrote: > > We're facing a bit of a frustration. In some of our environments, we're > using

[Openstack-operators] OpenStack services and ca certificate config entries

We're facing a bit of a frustration. In some of our environments, we're using a self-signed certificate for our ssl termination (haproxy). We have our various services pointing at the haproxy for service cross-talk, such as nova to neutron or nova to glance or nova to cinder or neutron to nova or c

Re: [Openstack-operators] FYI: Rabbit Heartbeat Patch Landed

On 3/19/15 10:15 AM, Davanum Srinivas wrote: Apologies. i was waiting for one more changeset to merge. Please try oslo.messaging master branch https://github.com/openstack/oslo.messaging/commits/master/ (you need at least till Change-Id: I4b729ed1a6ddad2a0e48102852b2ce7d66423eaa - change id is

Re: [Openstack-operators] Hyper-converged OpenStack with Ceph

On 3/19/15 9:08 AM, Jared Cook wrote: Hi, I'm starting to see a number of vendors push hyper-converged OpenStack solutions where compute and Ceph OSD nodes are one in the same. In addition, Ceph monitors are placed on OpenStack controller nodes in these architectures. Recommendations I have rea

Re: [Openstack-operators] Example configs

On 3/16/15 9:33 AM, Caius Howcroft wrote: For what its worth all bloomberg's configs are open source (apart from things like ips, tokens and such) and in chef templates: https://github.com/bloomberg/chef-bcpc/tree/master/cookbooks/bcpc/templates/default thats what we run in production on several

Re: [Openstack-operators] max_age and until_refresh for fixing Nova quotas

On 3/14/15 8:11 AM, Mike Dorman wrote: I did short write-up here http://t.co/Q5X1hTgJG1 if you are interested in the details. Thanks for sharing Matt! That's an excellent write up. -- -jlk ___ OpenStack-operators mailing list OpenStack-operators@li

Re: [Openstack-operators] Documentation Sprint

On 3/11/15 11:09 AM, matt wrote: So this email is basically a call to arms. We need some folks to be willing to sign up to help fix / update some documentation. Are you willing? Put me down as willing. I've done doc sprints before. -- -jlk ___ O

Re: [Openstack-operators] [nova] Deprecation of ComputeFilter

On 3/6/15 10:48 AM, Jay Pipes wrote: Have you ever done this in practice? One way of doing this would be to enable the host after adding it to a host aggregate that only has your administrative tenant allowed. Then launch an instance specifying some host aggregate extra_spec tag and the launch

Re: [Openstack-operators] [nova] Deprecation of ComputeFilter

On 3/6/15 10:27 AM, Jay Pipes wrote: As for adding another CONF option, I'm -1 on that. I see no valid reason to schedule workloads to disabled hosts. There may be a better way to skin this cat, but one scenario is we have a host that has alerted, we want to evacuate it and prevent any future

Re: [Openstack-operators] Rolling upgrades and Neutron

On 3/4/15 12:56 PM, Assaf Muller wrote: Hello everyone, An issue came up recently: http://lists.openstack.org/pipermail/openstack-dev/2015-March/058280.html Where a recent Kilo patch made non-backwards compatible to the RPC interface between the Neutron server and its agents. I'm trying to figu

Re: [Openstack-operators] cinder v2 and cinder-client

On 2/23/15 8:13 PM, Fischer, Matt wrote: What does everyone else do here? I've been trying to get this to work as well. I thought I had it going with just putting the v2 path into the volume endpoint url, and that worked from Nova's POV (including novaclient), but cinderclient did not like i

Re: [Openstack-operators] cinder v2 and cinder-client

On 2/23/15 10:04 PM, Mike Perez wrote: On 23:13 Mon 23 Feb , Fischer, Matt wrote: I’m in the process of trying to cleanup all the deprecations we have after moving some services in Juno. One I have outstanding is this warning about cinder. "The v1 api is deprecated and will be removed after

Re: [Openstack-operators] State of Juno in Production

On 2/17/15 8:46 AM, Joe Topjian wrote: The only issue I'm aware of is that live snapshotting is disabled. Has anyone re-enabled this and seen issues? What was the procedure to re-enable? We've re-enabled it. Live snapshots take more system resources, which meant I had to dial back down my Ral

Re: [Openstack-operators] Cannot connect to open-stack network

On 2/16/15 2:25 AM, Vedsar Kushwaha wrote: Cannot connect to open-stack network. Openstack public network address is 172.24.4.0/28 Where as my computer IP address is 10.16.38.222. How can I connect both these network so that I can ssh to openstack instance. This is more

Re: [Openstack-operators] Draft agenda for PHL Ops Meetup (9-10 March)

On 2/12/15 11:01 PM, Tom Fifield wrote: There will be a followup email shortly regarding moderators for the sessions - thanks to those who volunteered so far! Thank you Tom for putting much time and effort into this! -- -jlk ___ OpenStack-operators

Re: [Openstack-operators] demo environment ( embedded device openstack ) ?

On 2/11/15 12:19 PM, Abel Lopez wrote: There is DIY LOM for the NUC, it was demo'd at Paris Summit. It was quite elegant, featuring LEGO Mindstorm robots being instructed to push the power button. Remote power is not LOM. Remote power could be done with a sufficient power strip. Real LOM is r

Re: [Openstack-operators] Neutron db syncs

On 2/11/15 11:10 AM, Kris G. Lindgren wrote: Does anyone know why under Juno (and I assume above) - you need to install *ALL* of the plugins in order to do a db_sync? This seems broken considering that we pass the config file in as a command line parameter. The db_sync code should know what plu

Re: [Openstack-operators] demo environment ( embedded device openstack ) ?

On 2/11/15 9:12 AM, Will Snow (wasnow) wrote: I do miss LOM on the boxes tho – the dual interface would be nice, but I can work around that. I have a covey (pod? Gaggle?) of 4 NUCs with 1 being the master to deploy the others. That master has 2 nics (built in 1g, wifi) so you can very easily conn

Re: [Openstack-operators] Swift-Proxy + Keystone with HAProxy and SSL

On 2/10/15 3:40 PM, Gui Maluf wrote: Something wrong with my certificates and Keystone, cause changing to self-signed certificates everything is working. There is an undocumented (in the usual places) for keystone middleware to point at the CA file for your certificates. http://docs.opensta

Re: [Openstack-operators] Error migrating Neutron from Havana to IceHouse

On 2/2/15 12:36 PM, Alvise Dorigo wrote: On 02 Feb 2015, at 20:46, Jesse Keating wrote: On 2/2/15 5:56 AM, Alvise Dorigo wrote: For neutron I got a problem at the very last step: neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini

Re: [Openstack-operators] Error migrating Neutron from Havana to IceHouse

On 2/2/15 5:56 AM, Alvise Dorigo wrote: For neutron I got a problem at the very last step: neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade icehouse [...] sqlalchemy.exc.ProgrammingError: (ProgrammingError) (1146, "Table 'neutr

Re: [Openstack-operators] [openstack-dev] [all][log] Openstack HTTP error codes

On 1/30/15 1:33 PM, Everett Toews wrote: Once I have the token from Keystone, I’ll be talking directly to the services. So either something goes wrong with Keystone and I get no token or I get a token and talk directly to a service. Either way a client knows who it's talking to. That's only tru

Re: [Openstack-operators] [openstack-dev] [all][log] Openstack HTTP error codes

On 1/30/15 1:08 PM, Everett Toews wrote: Project: A client dealing with the API already knows what project (service) they’re dealing with. Including this in an API error message would be redundant. That’s not necessarily so bad and it could actually be convenient for client logging purposes to ha

Re: [Openstack-operators] [all] SQL Schema Downgrades: A Good Idea?

On 1/30/15 11:37 AM, Tim Bell wrote: Any ideas how are the online upgrade teams looking to address this ? Not an easy problem to solve. The direction is additive migrations. Create new columns and tables for new place for the data, but support pulling data from old locations as well. Once al

Re: [Openstack-operators] [all] SQL Schema Downgrades: A Good Idea?

On 1/29/15 11:26 AM, Morgan Fainberg wrote: I’m looking at the expectation that a downgrade is possible. Each time I look at the downgrades I feel that it doesn’t make sense to ever really perform a downgrade outside of a development environment. The potential for permanent loss of data / incons

Re: [Openstack-operators] Specifying multiple tenants for aggregate_multitenancy_isolation_filter

On 1/27/15 1:54 PM, Sam Morrison wrote: Hi operators, I have a review up to fix this filter to allow multiple tenants, there are 2 proposed ways in which this can be specified. 1. using a comma e.g., tenantid1,tenantid2 2. Using a json list eg. [“tenantid1”, “tenantid2”] Which one do you think

Re: [Openstack-operators] [openstack-dev][openstack-operators]flush expired tokens and moves deleted instance

On 1/27/15 9:21 AM, gustavo panizzo (gfa) wrote: i prefer a cronjob to something on the code that i have to test, configure and possible troubleshot besides, i think is well documented. i don't see a problem there. maybe distributions could ship the script into /etc/cron.daily by default? i wo

Re: [Openstack-operators] [openstack-dev][openstack-operators]flush expired tokens and moves deleted instance

On 1/27/15 9:13 AM, Fischer, Matt wrote: Our keystone database is clustered across regions, so we have this job running on node1 in each site on alternating hours. I don’t think you’d want a bunch of cron jobs firing off all at once to cleanup tokens on multiple clustered nodes. That’s one reason

Re: [Openstack-operators] RHEL 7 / CentOS 7 instances losing their network gateway

At first guess, I would say it's the client trying to refresh it's lease and the lease is coming back without a gateway, due to a bug in dnsmasq. Just a guess though. We are running 12.04 as well, but I don't recall running into this situation. We're on Neutron (havana for now, juno very soon)

Re: [Openstack-operators] Mar 9-10, 2015, Philadelphia, USA - Next Ops Meetup

On 1/23/15 4:55 AM, Tom Fifield wrote: On 22/01/15 14:36, Mathieu Gagné wrote: On 2015-01-12 12:11 AM, Tom Fifield wrote: Yup - standby for registration. Most likely some time this week. Any update? I would like to know the schedule to plan my return flight accordingly. http://www.eventbr

Re: [Openstack-operators] [openstack-operators] [Rally] New awesome Rally Docs available on ReadTheDocs now!

On 1/20/15 7:50 AM, Mikhail Dubov wrote: Hi stackers, on behalf of the Rally team, I am happy to announce that we have completely redesigned our Rally documentation in ReadTheDocs . The docs have now received a simpler structure and have become much easie

Re: [Openstack-operators] [Ironic] anyone using it?

On 1/17/15 3:23 AM, Thirunaresh wrote: Hi Lucian, I too got the same task assigned. I am planning to start from Monday. We can work together. :-) We at Blue Box are starting to use it. While not in production yet, we've made some good strides. You can find our ironic roles in https://githu

[Openstack-operators] Lets talk capacity monitoring

We have a need to better manage the various openstack capacities across our numerous clouds. We want to be able to detect when capacity of one system or another is approaching the point where it would be a good idea to arrange to increase that capacity. Be it volume space, VCPU capability, obje

Re: [Openstack-operators] Openstack-Keystone error

On 1/15/15 2:17 AM, Anwar Durrani wrote: ​I did following steps earlier : These steps don't mention doing the keystone-manage db_sync action. When you install keystone itself and configure it to connect to a sql service, and you have created a keystone database within the sql service, the ne

Re: [Openstack-operators] I WANT TO SETUP AND CONFIGURE HAVANA ON CENTOS 6.5

On 1/15/15 1:48 AM, Anwar Durrani wrote: Thanks Edgar for help, i have question in following section : * Edit /etc/keystone/keystone.conf: vim /etc/keystone/keystone.conf [DEFAULT] admin_token=ADMIN log_dir=/var/log/keystone [database] connection = mysql://keyst

Re: [Openstack-operators] Way to check compute <-> rabbitmq connectivity

On 1/15/15 7:34 AM, Gustavo Randich wrote: Hi, I'm experiencing some issues with nova-compute services not responding to rabbitmq messages, despite the service reporting OK state via periodic tasks. Apparently the TCP connection is open but in a stale or unresponsive state. This happens sporadic

Re: [Openstack-operators] Fwd: HAPROXY 504 errors in HA conf

On 1/13/15 10:42 AM, Pedro Sousa wrote: Hi I've changed some haproxy confs, now I'm getting a different error: *== Nova networks ==* *ERROR (ConnectionError): HTTPConnectionPool(host='172.16.21.20', port=8774): Max retries exceeded with url: /v2/2524b02b63994749ad1fed6f3a82

Re: [Openstack-operators] glance directory traversal bug and havana

On 1/7/15 8:47 PM, George Shuklin wrote: I spend few hours trying to backport to Havana, but than I found, that Havana seems be immune to the bug. I'm not 100% sure, so someone else advised to look too. The bug was that icehouse+ accepts all supported schemas. Fix excludes 'bad' schemes. Altho

Re: [Openstack-operators] glance directory traversal bug and havana

On 1/6/15 10:31 AM, Jesse Keating wrote: Hopefully all of you have seen http://seclists.org/oss-sec/2015/q1/64 which is the glance v2 api directory traversal bug. Upstream has fixed master (kilo) and juno, but havana has not been fixed. We, unfortunately, have a few havana installs out there

[Openstack-operators] glance directory traversal bug and havana

Hopefully all of you have seen http://seclists.org/oss-sec/2015/q1/64 which is the glance v2 api directory traversal bug. Upstream has fixed master (kilo) and juno, but havana has not been fixed. We, unfortunately, have a few havana installs out there and we'd like to patch this ahead of our p

Re: [Openstack-operators] Small openstack

On 12/20/14 2:16 PM, George Shuklin wrote: I've suddenly got request for small installation of openstack (about 3-5 computes). They need almost nothing (just a management panel to span simple instances, few friendly tennants), and I curious, is nova-network good solution for this? They don't wa