Saturday, 2010-08-14

gholtAh, nice! :)00:00
creihtctennis: woot!00:03
*** mtaylor has joined #openstack00:14
*** ChanServ sets mode: +v mtaylor00:14
*** silassewell has joined #openstack00:16
*** mbostwick_ has quit IRC00:22
*** mtaylor has quit IRC00:23
*** binaryWarrior has joined #openstack00:26
*** binaryWarrior has quit IRC00:30
*** metoikos has quit IRC01:00
*** jdmaturen has quit IRC01:26
*** alekibango has quit IRC01:30
*** alekibango has joined #openstack01:31
*** maplebed has quit IRC01:33
*** alekibango has quit IRC01:35
notmynamectennis: are you the cyberduck developer?01:49
*** jdmaturen has joined #openstack01:51
*** syah has quit IRC01:56
*** syah has joined #openstack02:06
*** metoikos has joined #openstack02:09
*** silassewell has quit IRC02:10
*** zul has quit IRC02:14
*** zul has joined #openstack02:28
*** miclorb has joined #openstack02:33
*** sophiap has quit IRC02:34
*** mtaylor has joined #openstack02:35
*** ChanServ sets mode: +v mtaylor02:35
*** sophiap has joined #openstack02:40
*** sophiap_ has joined #openstack02:44
*** sophiap has quit IRC02:44
*** sophiap_ is now known as sophiap02:44
*** rajijoom has joined #openstack02:57
*** nettok has joined #openstack03:07
*** sirp1 has quit IRC03:20
*** RobertLJ has joined #openstack03:21
*** justinsheehy has quit IRC03:39
*** justinsheehy has joined #openstack03:46
*** metoikos has quit IRC03:47
*** rektide_ is now known as rektide04:24
*** justinsheehy has quit IRC04:44
*** justinsheehy has joined #openstack04:51
*** mtaylor has quit IRC05:09
*** RobertLJ has quit IRC05:20
*** miclorb has quit IRC05:29
*** hornbeck has quit IRC05:40
*** hornbeck has joined #openstack05:41
*** rajijoom has quit IRC06:29
*** jdmaturen has quit IRC06:30
*** henriquetft has joined #openstack06:54
*** sophiap has quit IRC06:58
*** zheng_li has joined #openstack07:09
*** nettok has quit IRC07:29
*** alekibango has joined #openstack07:33
*** cglee has joined #openstack07:34
*** jsgotangco has joined #openstack07:38
*** henriquetft has quit IRC07:43
*** allsystemsarego has joined #openstack07:45
*** jsgotangco has quit IRC07:45
*** mtaylor has joined #openstack08:13
*** ChanServ sets mode: +v mtaylor08:13
*** brd_from_italy has joined #openstack10:01
*** cglee has quit IRC10:07
*** miclorb_ has joined #openstack10:14
*** cglee has joined #openstack10:15
*** metoikos has joined #openstack10:18
*** rnewson has joined #openstack10:22
uvirtbotNew bug: #617776 in nova "DescribeImagesResponse contains type element, when it should be called imageType" [Undecided,In progress]
*** miclorb_ has quit IRC10:41
*** brd_from_italy has quit IRC10:48
*** cglee has quit IRC10:48
*** justinsheehy has quit IRC10:49
*** justinsheehy has joined #openstack10:55
*** rnewson has quit IRC11:09
*** rnewson has joined #openstack11:09
ctennishere's my cyberduck->swift setup guide:
ctennisnotmyname: no, just needed a GUI to interact with swift :)11:20
uvirtbotNew bug: #617788 in nova "Cannot make EC2 API requests with empty arguments" [Undecided,New]
*** ptremblett has quit IRC11:43
*** brd_from_italy has joined #openstack12:15
*** brd_from_italy has quit IRC12:46
*** RobertLJ has joined #openstack13:39
gholtctennis: Nicely done. swift-auth-create-account should support https; I'll file a bug for that.13:58
gholtctennis: On 5. my auth-server config: Shouldn't the default_cluster_url have https instead of http?14:00
ctennisgholt: you are correct, updated, thanks!14:02
gholtAnd maybe similarly on 7.14:05
gholtGotta love Java and certs, hehe.14:05
uvirtbotNew bug: #617840 in swift "swift-auth-create-account should support ssl" [Undecided,New]
gholtGood work on all that.14:05
* gholt wonders if we could include that somewhere in the swift doc structure.14:06
ctenniscertainly welcome.  I'm a bzr idiot, so it was faster for me to just jot done my notes as I did it :)14:07
gholtCool, I'll poke at it a bit and see what it looks like in the docs. I want to run through it for real as well, as I'd like to use Cyberduck too. :)14:12
*** rajijoom has joined #openstack14:12
*** rnewson has quit IRC14:17
*** rnewson has joined #openstack14:17
*** sophiap has joined #openstack14:18
*** sophiap has quit IRC15:04
*** RobertLJ has quit IRC15:18
*** rnewson has quit IRC15:27
*** rnewson has joined #openstack15:28
*** rnewson has joined #openstack15:28
*** rajijoom has quit IRC15:30
gholtctennis: Damn, swift dev auth middleware requires non-ssl. It worked for you because you had already cached the token in memcache while the auth server was running non-ssl.15:38
gholtAlso, I had to change isHostnameConfigurable in Cyberduck, rather than isWebUrlConfigurable.15:47
gholtActually, that didn't work either. hmm. Stupid server field still isn't editable.15:48
gholtOh, yeah it did work. I forgot to rebuild Cyberduck. I'm sooo used to Python, heh.15:50
*** jdmaturen has joined #openstack15:51
*** kuttan_ has joined #openstack15:52
*** kuttan_ has left #openstack15:55
ctennisI'll update the doc16:12
gholtNo need, I'm working the docs into the swift code base as we speak. :)16:12
gholtAnd also fixing these bugs you've surfaced, hehe.16:13
*** dendro-afk is now known as dendrobates16:36
gholtctennis: What do you think of this? (swift ssl auth bugs fixed in the same commit)
ctennislooks fantastic, other than at the top my name is Caleb not Celeb :)16:39
gholtHaha! I just thought you were famous, yeah, that's it.16:40
ctennisdo you have a link to the commit fixing the auth?  I may want to patch it here16:41
gholtYessir, in just a moment I'll have the branch merge proposal for you to peek at.16:41
ctennisok thank you16:41
gholtLaunchpad is taking its time, heh.16:47
gholtDoh, and of course I just realized I'd misspelled your name twice.16:53
ctennisheh, no worries16:53
*** sirp1 has joined #openstack16:54
ctennisI'm going to run another fresh deploy to test some changes I've got, I'll checkout the ssl patch too16:54
*** cglee has joined #openstack16:55
*** cglee has quit IRC17:00
*** dendrobates is now known as dendro-afk17:03
*** nettok has joined #openstack17:49
uvirtbotNew bug: #617913 in nova "RunInstances response doesn't meet EC2 specification" [Undecided,In progress]
ctenniswell gholt, it isn't working 100% for me18:21
ctennisjust trying to figure out if it's the patch or not18:22
ctenniswhen I use the auth server with ssl, it times out Account HEAD failed:  401 Unauthorized18:24
ctennisif I switch the auth server to non-ssl, it works fine18:24
ctennisthis is the st command I'm using for testing18:24
*** heckj has joined #openstack18:24
gholtOh shoot, I'd might've mentioned, you need to update your proxy-server.conf with [auth-server] ssl = true18:25
*** silassewell has joined #openstack18:25
gholtI made an update to the sample conf in that commit, but forgot to say something to ya18:25
ctennisyeah, did that18:30
ctennisoh wait18:30
ctennisI see what you're saying18:30
ctennisok, missed that18:30
ctennislemme fix18:30
*** justinsheehy has quit IRC18:32
ctennisthat was it, thank you18:32
ctennisseems to be working great18:32
gholtAh cool18:35
*** justinsheehy has joined #openstack18:38
notmynamestats system is nearly done except for the "small" part of porting the unit tests and docs yay for 1100+ line merge proposal18:42
*** heckj has quit IRC18:47
notmynamelaptop battery dying. I guess this is my excuse to get off the computer and do something else on a saturday :-)18:48
*** sirp1 has quit IRC18:50
*** sophiap has joined #openstack18:52
*** sophiap has quit IRC19:03
*** sophiap has joined #openstack19:05
*** mrayzenoss has joined #openstack19:07
*** mrayzenoss has joined #openstack19:07
*** cglee has joined #openstack19:17
*** cglee has quit IRC19:33
*** mrayzenoss has quit IRC19:33
*** mrayzenoss has joined #openstack19:34
*** mrayzenoss has joined #openstack19:34
*** ptremblett has joined #openstack19:46
*** sirp1 has joined #openstack19:53
*** allsystemsarego has quit IRC20:02
*** rnewson has quit IRC20:07
*** rnewson has joined #openstack20:07
*** rnewson has joined #openstack20:07
*** jdmaturen has joined #openstack20:11
*** dendro-afk is now known as dendrobates20:12
*** jdmaturen has quit IRC20:13
*** avsm has joined #openstack20:27
*** sophiap has quit IRC20:31
*** jdmaturen has joined #openstack20:32
*** jdmaturen has quit IRC20:34
*** cglee has joined #openstack20:39
*** e1mer has quit IRC20:44
*** dendrobates is now known as dendro-afk20:47
*** dendro-afk is now known as dendrobates20:49
*** anotherjesse has quit IRC20:51
*** mrayzenoss has quit IRC20:54
*** anotherjesse has joined #openstack21:13
anotherjessewe've got a team of 5 people reviewing all the patches that have been pending ...  trying to unclog the tubes21:14
*** rnewson has quit IRC21:16
*** rnewson has joined #openstack21:17
*** rnewson has joined #openstack21:17
*** gasbakid has joined #openstack21:29
edayanotherjesse: I'm reviewing them too :)21:45
anotherjesseeday: awesome21:45
anotherjessewe are testing those which we've already deployed to our production system :)21:46
edaycool :)21:46
anotherjesseI think redis would work at 1000 node, but the cost is in bugs/work on the orm, data migration, ...21:58
edayanotherjesse: so, do you think redis will not sustain itself at 1k hosts currently?21:58
anotherjesseplus the auth model is a little annoying21:58
edayas in the fake ldap->redis thing? or auth into redis itself?21:59
anotherjesseright now compromise of a compute node allows the attacker to update/delete any data in the datastore since redis is all or nothing auth21:59
anotherjessefake ldap should probably go away and instead be: user system in ldap or user system outside of ldap (in the datastore -- kvs or sql)22:00
anotherjesseeday: we aren't going to cram the sql backed system down people's throats22:02
anotherjessebut the kvs solution would need updated before it worked in a multi-location system as well22:02
edaydo you see compute-node comprimise as a real risk currently? that seems fairly unlikely unless there is a major kvm/xen/... bug. plus you could probably just capture auth info from the compute worker config in that case22:02
anotherjesseeday: unfortunately it is stuff we have to worry about :(22:03
anotherjesseit is unlikely but compromize of a single system shouldn't cascade22:03
anotherjesseeday: is there a CLA for heckj?22:04
edayhmm, with the compute worker config stored locally, I don't see how it could be prevented22:04
edayanotherjesse: yeah, he's good. see the approved list at:
notmynamemaybe we could have a mapping in the approved contributor list to their launchpad login22:06
notmynamewouldn't work for companies, but it would help with individuals22:06
edayanotherjesse: so, to address your security concerns, I think the only way to do it is to not have a shared datastore outside each host. ie: sqlite database per host (which can have periodic snapshots backed up off the host) and all data is pushed up to schedulers/APIs/...22:07
anotherjesseeday: we have some ideas for how to improve the security - mostly the problem is deployment takes multiple hours because changes to the redis models are too easy to slip through the cracks22:07
anotherjesseeday: yeah, things like that are what we are thinking about22:07
anotherjessebut want to first take a pass at how well sql would work with this22:07
anotherjessehow it is22:07
edayanotherjesse: this is the idea I was proposing on the mailing list, since it helps with scalability as well22:07
anotherjesseeday: there is some information that needs to live at the higher level (like network address pools)22:08
edayanotherjesse: sure, I see network/volume/... config as other workers, much like the compute workers. This it represents another step in the provisioning process22:09
anotherjessehmm, tarmac is acting up again22:09
edayhow so?22:09
anotherjesseit merged something (fix-zipfile) successfully22:09
anotherjessebut marked the branch as not merged since the diff was empty22:10
anotherjesseit has happened a couple of times22:10
*** zheng_li has quit IRC22:12
edayanotherjesse: well, I see lp:nova with the correct changes already22:13
anotherjesseeday: yeah, but hudson emailed yelling that it didn't22:13
edayoh, it did apply the merge still, yeah, that's borked22:14
edayso, if we did move to a local data model for compute hosts, it really wouldn't matter what we use for scalability/security since it's such a small data set. We could use postgres/mysql as a tmp solution while the API and other components still need shared access, but once we get data pushing up, we can switch to sqlite22:17
edayso, sqlalchmey is probably the best choice for that (potential) path22:17
anotherjesseyeah, we've got a couple guys building models files for it now22:18
edayanotherjesse: I just marked vish's zipfile path as merged manually22:18
*** sirp1 has quit IRC22:21
vishyhudson is having some strange intermittent test errors22:24
dendrobatesI have access to the hudson server if you guys need anything done.22:26
dendrobatesI know nothing about hudson though.22:26
vishymore of an investigation22:26
vishymtaylor can prolly figure it out22:26
vishythere are tests that are failing sometimes22:26
vishythey never fail locally for me22:26
edayvishy: I don't see any failed hudson jobs for merge22:31
edayvishy: any more details to what you are seeing?22:32
vishylook at this
vishywent through fine on resubmit22:33
vishydifferent error here22:36
edayhmm, ok. so hudson is not showing those tarmac errors. If tarmac rejects the merge hudson still shows green22:37
vishyah ok so it is a tarmac issue then22:37
edaywell, not tarmac itself, but for some reason those tests are failing on the machine it is running on22:40
vishyis it possible that it is conflict between swift and nova22:41
vishyif they are building at the same time?22:41
edaypossibly some kind of leftover data issue or race condition perhaps? hmm22:41
*** jdmaturen has joined #openstack22:42
edaypossibly, although I've not seen anything else running besides these merges22:42
vishymaybe there is some kind of race condition with the twisted stuff22:42
vishythat is occassionally breaking22:42
*** jdmaturen has quit IRC22:43
edayahh, nova-coverage hudson job has also been running, possible that is conflicting22:43
vishythat breaks, right?22:43
vishymaybe we should shut it off for now?22:44
edayok, I've disabled it for now22:47
edaysee if that helps22:47
*** gasbakid has quit IRC23:02
*** justinsheehy has quit IRC23:11
mtaylorvishy: aroo?23:13
mtayloreday: nova-coverage shouldn't be running at the same time - but it's possible it's leaving crap in a temp dir23:14
mtayloreday: ALMOST done with the hudson-cloudserver plugin - so real-soon-now I'll be running tests in a clean machine each time23:14
*** stewart has quit IRC23:15
*** rnewson has quit IRC23:16
*** justinsheehy has joined #openstack23:17
edaymtaylor: all, cool :)23:17
mtaylornotmyname: working on a patch to launchpad to allow us to tie the appoved list to ability to submit merge props - so that we don't even have to check it manually23:21
mtaylornotmyname: it's a few down on the stack - but it's coming23:21
vishyi is herre23:23
vishybtw: I have two branches that need to be reviewed.  GOGOGO!23:23
edayvishy: you going to clean up that ldap-depedency tree still?23:29
vishyah forgot about that23:30
vishysure hold on23:30
anotherjesseAnyone want to review -- mostly renames other than ~20 lines23:48
*** heckj has joined #openstack23:56
anotherjesseheckj: vishy is vish here23:57
heckjbzr question if anyone's available - if I have a committed change in a bzr enlistment, how to I revert that one change23:57
heckjvishy - did you want me to update those docstrings prior to a merge - happy to do so.23:58
heckjTrying to figure out how to revert that one change that updates nova/network/...23:58
heckjnot so hot with bzr im afraid... still learning23:58
edayheckj: bzr uncommit23:58
heckjeday: that just rolls back the last change - yeah, that'll do it23:59

Generated by 2.14.0 by Marius Gedminas - find it at!