Tuesday, 2010-11-02

*** miclorb has quit IRC00:00
pvoOrman: made some changes to your doc00:02
*** dendro-afk is now known as dendrobates00:03
*** sebastianstadil_ has joined #openstack00:05
*** sebastianstadil has quit IRC00:08
*** sebastianstadil_ is now known as sebastianstadil00:08
*** miclorb_ has joined #openstack00:08
*** gustavomzw has quit IRC00:09
*** dragondm has quit IRC00:09
*** aliguori has joined #openstack00:10
*** sparkycollier_ has joined #openstack00:11
*** sparkycollier has quit IRC00:13
*** sparkycollier_ is now known as sparkycollier00:13
*** Orman has joined #openstack00:20
OrmanAnyone on00:20
devcamcarfew of us lurkers!00:20
Ormandevcamcar: So which dev are you?00:21
OrmanNova or Swift.00:22
devcamcarprimarily nova, i'm on the nasa nebula dev team00:22
*** dendrobates is now known as dendro-afk00:25
*** sparkycollier has quit IRC00:25
Ormandevcamcar: I would like to work for Nasa one day in Security. ;D00:26
OrmanWe have made a Nova Security Notes doc to outline our plans.00:26
devcamcarorman: awesome00:26
Ormandevcamcar: Would you be interested in collab your knowledge of Nova to the notes?00:27
devcamcarorman: what do you have so far?00:27
pvoOrman: I made some notes.00:29
pvoOrman: are you coming to the summit?00:29
Ormanpvo:Ok awesome00:29
Ormanpvo: I wish,but I live in Florida. :(00:29
devcamcarorman: this is a great start00:29
devcamcari'll be at the summit all next week00:30
pvoOrman: its only a few hours from FL.00:30
pvo: )00:30
alekibangoorman: i striked out one line, have really no sense00:30
Ormananne said there will be some security info talked about their.00:30
Ormanalekibango: Ok I'll look.00:31
Ormanpvo: I know,but I am still in school. ;)00:31
pvoOrman: likely so. I'd love to talk more to this in person. Some of it makes perfect sense, but others seem contradictory.00:31
pvoOrman: I'm in class right now. :p00:31
Ormandevcamcar Feelfree to add new notes or code. ;)00:32
alekibangopvo: we can all meet using VOIP (mumble)00:32
pvo"Users should not be able to listen to packets coming in from the network"00:32
pvothis one is a bit confusing00:32
alekibangopvo please feel free to edit00:33
alekibangoits just piece of something00:33
alekibangoto lure people to actually help00:33
pvowell, I dont' mind editing, but I didn't want to go through ripping anything out without notes00:33
OrmanThat one line was mine pvo.00:33
alekibangopvo: there is history in worst case, dont be shy, edit00:33
pvoOrman: you might want to expand that one a bit more. I'm unsure of the intention.00:34
alekibangopvo: he means that user of one virtual guest should not be able to listen to what other VGs  are sending over network00:34
OrmanI mean just data being sent too one shouldn't be intercepted.00:34
alekibangoOrman: you have there different classess of data00:35
alekibangoyou need to list them00:35
OrmanAlekibango:Right I will do that when I get a sec.00:35
alekibangohe could listen to public network maybe, but he for sure should not listen to communication with storage center etc00:35
OrmanWhat we need is source code. :P00:35
*** MarkAtwood has quit IRC00:35
pvohttps://blueprints.launchpad.net/nova/+spec/xs-host-networking-protections <- applies to XenServer, but the *-tables can apply to any *nix host.00:35
alekibangoheh, right, and it differs for evry h-vizor00:36
OrmanGood blueprint00:36
alekibangoOrman: thats why we need to start with generic rules first00:36
pvoalekibango: not really. Unix hosts should have those 3 tools.00:36
OrmanOf course00:36
*** dabo has quit IRC00:36
pvoWindows, yea, off the reservaation00:36
OrmanI just excited sometimes. :P00:36
alekibango3 tools? uh???00:37
pvoebtables, iptables, tables00:37
OrmanAh  ok00:37
alekibangoah, i was not talking about them :)00:37
alekibangoanyway, they should00:37
pvoyou need to block at the bridge or just outside00:37
alekibangopvo: but thats technical talk00:37
alekibangowe need to first identify goals and expectations00:38
alekibangothen technical measures to achieve policy00:38
*** schisamo has quit IRC00:38
pvoalekibango: agreed00:38
alekibangoplease help orman, i have still some other work to do now :)00:38
*** daleolds has quit IRC00:38
OrmanHmmm what other goals could we add.00:39
pvosecure comm with guest00:39
* pvo wanders over to add it. 00:39
alekibangogo for it! :)00:40
alekibangoand secure virtual guest groups00:40
OrmanOrman likes that idea! ;)00:40
*** kevnfx has joined #openstack00:40
OrmanPermissions of guest groups00:42
*** daleolds has joined #openstack00:43
OrmanOh ahah I already have that one. ;)00:43
*** ppetraki has joined #openstack00:43
OrmanDon't be shy guys edit it!00:44
OrmanWant to be good. ;)00:44
*** ppetraki has quit IRC00:45
*** jc_smith has quit IRC00:46
*** grizzletooth has left #openstack00:46
Ormanpvo: Did you add that one? I don't see it.00:47
*** aliguori has quit IRC00:47
pvoI just changed that line we were discussing a few min ago00:47
pvoThe host should filter traffic to the guest to prevent the guest from spoofing traffic or sniffing traffic00:47
pvosounds more like a "goal"00:47
OrmanOk thats I wanted know.00:47
pvoor maybe "the system shoudl"00:48
OrmanI guess the system should00:48
pvoyea, may not be the host doing the filtering00:49
OrmanThe host would be protected from any threat of security from the guest.00:50
pvoOrman: agree in principle, but that might fall to some of the hypervisor implementations.00:51
*** abecc has quit IRC00:51
OrmanI would like to make that universal in which the host could be protected no matter the situation.00:52
pvoI'm not exactly sure you can do that.00:52
OrmanJust a thought.00:52
OrmanWe are doing well with outlining the goals and after that's done we can start on detailing them. ;)00:55
OrmanDiagrams,code,and so forth.00:55
*** miclorb_ has quit IRC00:56
*** littleidea has quit IRC01:01
*** adjohn has joined #openstack01:02
*** miclorb_ has joined #openstack01:03
*** miclorb_ has quit IRC01:05
*** littleidea has joined #openstack01:05
*** littleidea has quit IRC01:05
*** jdmaturen has quit IRC01:09
edaypvo: it looks like a number of blueprints you added already had blueprints from other folks. we should probably try to consolidate them01:10
pvoyep, I figured that would be the case.01:12
pvoI was going to dig into that later. easier to throw out dupes.01:12
pvosome may be specific to xenserver while others might be more generic.01:13
*** pvo has quit IRC01:15
*** adjohn has quit IRC01:18
*** mdomsch has quit IRC01:22
Ormandevcamcar: Good point with the Virtual guest one. ;)01:28
*** metcalfc has quit IRC01:29
Ormandevcamcar: We will have to add some more things to it.01:29
*** khussein has joined #openstack01:29
*** jbryce has quit IRC01:30
Orman+eday: Feel free to edit the notes too.01:32
*** daleolds has quit IRC01:32
*** Orman has quit IRC01:34
*** jdmaturen has joined #openstack01:37
*** MarkAtwood has joined #openstack01:37
*** Ryan_Lane has quit IRC01:51
*** Ryan_Lane has joined #openstack01:56
*** pvo has joined #openstack01:59
*** pvo has joined #openstack01:59
*** ChanServ sets mode: +v pvo01:59
*** jdmaturen has quit IRC02:05
pvoeday: to your point about duplicate blueprints, some of them are generic in "inject files" ( i see we both had that one) but some of the ones I added are xenserver specific.02:07
pvonot sure if we want to make a distinction somewhere.02:07
*** ambo has quit IRC02:13
*** ambo has joined #openstack02:17
*** Orman has joined #openstack02:20
OrmanBack online. :)02:21
*** mmalgeri has quit IRC02:24
Ormandevcamcar: Thanks for adding some notes to our Nova Security Notes. :D02:27
*** miclorb has joined #openstack02:27
edaypvo: ahh, ok. we should probably try to make them generic (not just xs). Of course there is the qquestion of if a feature is "complete" if it only works for one of the supported hypervisors02:29
pvoyea, I was just talking to ewan about that.02:29
pvodo we have to implement a 'not implemented' feature in other hypervisors or... ?02:30
pvoI dunno02:30
pvoI figured that was good summit fodder02:30
* eday sees a feature matrix coming soon02:31
pvoyea, I think thats going to be a necessity02:31
*** schisamo has joined #openstack02:33
*** schisamo_ has joined #openstack02:35
*** schisamo has quit IRC02:38
*** schisamo_ is now known as schisamo02:38
*** mdomsch has joined #openstack02:41
*** arthurc has quit IRC02:44
OrmanFeature matrix ah yes!!! ;)02:45
*** arthurc has joined #openstack02:47
*** jdmaturen has joined #openstack02:48
pvohave at it. : )02:56
pvoI'll add what I can later. Tonight I have to finish a paper. : /02:56
*** jdmaturen has quit IRC02:57
OrmanOkay pvo03:01
OrmanThanks for your help with the security stuff today.03:02
*** jdmaturen has joined #openstack03:04
*** jdmaturen has quit IRC03:08
pvonp. Hope we can finish the doc.03:08
*** blakeyeager has joined #openstack03:11
Orman+pvo: I hope so too.03:15
*** jdmaturen has joined #openstack03:16
OrmanI just can't wait to ee alekibango's diagram.03:16
pvoOrman: what is he diagramming?03:16
OrmanHe' drawing up a blueprint for the Nova Security Notes I believe.03:17
OrmanOutlining some things.03:17
*** joearnold has joined #openstack03:18
OrmanYep ;)03:18
Ormandevcamcar made a great point in the notes about the Virtual Guest I wrote about.03:19
pvowhich note?03:20
OrmanThe Nova Security Notes03:20
pvoright, I'm there, but I don't see his color. (purple)03:20
OrmanUnder the section Virtual Guest.03:21
pvo"Virtual Guest Security Permissions For The User" ?03:21
OrmanI messed up on that one.03:22
pvoI added the 2 comments in parenthesis03:22
OrmanOh ok it was you my bad.03:22
Ormanlol I thought it was devcamcar.03:23
OrmanThen I have you to thank.03:23
pvono worries, just trying to see what he added. : )03:23
OrmanSo with what you put in the second parentheses that's what I need to add.03:25
OrmanThey would need to be separate.03:25
pvothey don't have to be, but probably should be. Its less of an issue if you're not doing multi-tenent03:26
OrmanHowever it makes sense though with what you added.03:26
OrmanIt's probably safer as well. ;)03:26
OrmanIf you can add more about that I'd love that!03:27
pvoI will if I have time. : )03:27
OrmanI don't mean to rush you. I am just glad you're on the doc with us.03:28
OrmanThe more people the better. ;)03:28
pvowell, I have a lot more to add, so I'll chop the doc up soonish.03:28
OrmanOk that sounds good because I have class tomorrow so I won't be on till later in the afternoon around 4:00ESt.03:30
OrmanJust thought I'd tell you.03:30
pvo ha, won't be before then.03:30
OrmanI know03:35
OrmanI just wanted tell you03:35
*** neogenix has joined #openstack03:38
*** kashyapc has joined #openstack03:41
*** Ryan_Lane has quit IRC03:47
*** Ryan_Lane has joined #openstack03:47
*** ArdRigh has quit IRC03:54
*** jc_smith has joined #openstack04:01
*** gaveen has joined #openstack04:02
*** littleidea has joined #openstack04:02
Ormanalekibango:You on04:03
*** littleidea_ has joined #openstack04:04
*** littleidea has quit IRC04:07
*** littleidea_ is now known as littleidea04:07
*** AimanA is now known as HouseAway04:16
sebastianstadilWhere in the launchpad interface do you join Swift?04:16
Ormanalekibango: I added some new things under the Virtual Guest Security Permissions.04:17
Ormansebastianstadil: Did you try this https://launchpad.net/~swift04:20
*** Ryan_Lane has quit IRC04:21
Orman+pvo: Check the notes when you get a chance because I elaborated on what you said in the parentheses. ;)04:26
Orman+pvo: Ok04:30
*** ambo has quit IRC04:30
pvowatching me type? : P04:30
OrmanYou are pointing out some great ones.04:30
sebastianstadilOrman: Difference between https://launchpad.net/~swift and https://launchpad.net/swift is user / project? I can't any 'Join' on either.04:33
*** ambo has joined #openstack04:33
*** omidhdl has joined #openstack04:39
*** omidhdl1 has joined #openstack04:42
*** omidhdl has quit IRC04:42
*** blakeyeager has quit IRC04:43
Ormanalekibango: you on?04:44
Orman+pvo did added some great pointers.04:44
*** kashyapc has quit IRC04:45
sebastianstadilSeems like the subscription policy is set to closed04:46
Ormansebstainstadil: Are you a dev?04:50
sebastianstadilI am, yes04:50
OrmanDo you know Nova at all?04:50
sebastianstadilBut for this instance I am helping someone join04:51
*** BK_man has joined #openstack04:51
*** BK_man has joined #openstack04:51
OrmanI am helping to write the Nova Security Notes if you're interested at all.04:51
Ormanooops worng link haha04:52
OrmanHere: http://etherpad.openstack.org/NovaSecurityNotes04:52
sebastianstadilI run a cloud computing group in the Bay area, and encourage members to participate in OpenStack - I was asked how to join and couldn't respond04:53
OrmanWell if you have any security ideas or goals for Nova then please add them in the notes.04:54
*** mdomsch has quit IRC04:55
*** alekibango has quit IRC04:58
OrmanHave a blessed night guys. I'm going to hit the hay.;)05:02
OrmanSee ya guys tomorrow.05:02
*** kevnfx has quit IRC05:02
OrmanGod bless and night.05:02
sebastianstadilGood night05:03
*** Orman has quit IRC05:03
*** krish has joined #openstack05:13
*** schisamo has quit IRC05:16
*** krish has quit IRC05:20
*** joearnold has quit IRC05:23
*** krish has joined #openstack05:24
*** kashyapc has joined #openstack05:31
*** khussein has quit IRC05:34
*** kashyapc has quit IRC05:35
*** kashyapc has joined #openstack05:35
*** Dweezahr has quit IRC05:38
*** Dweezahr has joined #openstack05:39
*** MarkAtwood has quit IRC05:41
*** metcalfc has joined #openstack05:47
*** hazmat has quit IRC05:47
*** littleidea has quit IRC05:52
*** ramkrsna has joined #openstack05:54
*** ramkrsna has joined #openstack05:54
*** dmd17 has quit IRC05:56
*** dmd17 has joined #openstack05:56
*** zaitcev has quit IRC05:59
anticwredbo: awake?06:04
*** metcalfc has quit IRC06:08
*** alekibango has joined #openstack06:09
*** jc_smith has quit IRC06:10
*** pvo has quit IRC06:11
*** al-maisan has joined #openstack06:23
*** infernix has quit IRC06:32
*** infernix has joined #openstack06:33
*** ranjib has joined #openstack06:33
ranjibhi all06:38
*** stewart has quit IRC06:38
*** stewart has joined #openstack06:50
*** dmd17 has quit IRC06:51
*** dmd17 has joined #openstack06:52
*** stewart has quit IRC07:01
*** infernix has quit IRC07:02
*** infernix has joined #openstack07:11
*** miclorb has quit IRC07:11
*** alekibango has quit IRC07:13
*** stewart has joined #openstack07:14
*** alekibango has joined #openstack07:18
*** ramkrsna has quit IRC07:18
*** omidhdl1 has quit IRC07:22
*** omidhdl has joined #openstack07:23
*** alekibango has quit IRC08:04
*** termie has quit IRC08:12
*** termie has joined #openstack08:17
*** ramkrsna has joined #openstack08:18
*** alekibango has joined #openstack08:22
*** ibarrera has joined #openstack08:24
*** eldarnugaev has joined #openstack08:26
*** sebastianstadil has quit IRC08:28
*** krish has quit IRC08:33
*** sebastianstadil has joined #openstack08:41
*** krish has joined #openstack08:45
*** allsystemsarego has joined #openstack08:46
*** perestrelka has quit IRC08:47
*** eldarnugaev has quit IRC08:50
*** miclorb_ has joined #openstack08:58
*** dmd17 has quit IRC09:01
*** perestrelka has joined #openstack09:11
*** sebastianstadil_ has joined #openstack09:19
*** openfly has quit IRC09:20
*** sebastianstadil has quit IRC09:21
*** sebastianstadil_ is now known as sebastianstadil09:21
*** irahgel1 has joined #openstack09:25
*** sebastianstadil has quit IRC09:26
*** dizz|away has quit IRC09:38
*** ptremblett has quit IRC09:41
*** Ryan_Lane has joined #openstack09:55
*** f4m8_ is now known as f4m809:57
*** omidhdl1 has joined #openstack09:58
*** omidhdl has quit IRC09:58
*** ranjib has quit IRC10:01
*** Ryan_Lane has quit IRC10:04
*** ranjib has joined #openstack10:06
*** ambo has left #openstack10:08
*** ar1 has quit IRC10:14
*** ar1 has joined #openstack10:15
*** aimon has quit IRC10:18
*** aimon has joined #openstack10:18
*** ar1 has quit IRC10:20
*** aimon_ has joined #openstack10:23
*** miclorb_ has quit IRC10:25
*** aimon has quit IRC10:26
*** aimon_ is now known as aimon10:26
*** ptremblett has joined #openstack10:55
*** openstack_newbie has quit IRC11:05
*** omidhdl1 has left #openstack11:09
*** eldarnugaev has joined #openstack11:17
*** openfly has joined #openstack11:31
*** dendro-afk is now known as dendrobates11:35
*** ctennis has quit IRC11:37
*** ddumitriu has joined #openstack11:45
*** stewart has quit IRC11:48
*** ddumitriu has quit IRC11:50
*** stewart has joined #openstack11:55
*** dendrobates is now known as dendro-afk12:04
*** dendro-afk is now known as dendrobates12:04
*** ramkrsna has quit IRC12:04
*** dysinger has quit IRC12:09
*** littleidea has joined #openstack12:11
*** kashyapc has quit IRC12:14
*** littleidea has quit IRC12:19
*** littleidea has joined #openstack12:22
*** schisamo has joined #openstack12:23
*** littleidea_ has joined #openstack12:27
*** mdiver_ has joined #openstack12:27
*** ctennis has joined #openstack12:28
*** littleidea has quit IRC12:28
*** littleidea_ is now known as littleidea12:28
BK_mananybody trying to run nova on several hosts?12:32
BK_manmine got problems on second host12:32
BK_mannova-compute running ok, but euca-describe-instances failed to connect to localhost:877312:33
BK_manany clue?12:33
pikenBK_man: nova-compute or nova-manager?12:34
BK_manpiken: nova-compute, according to the http://etherpad.openstack.org/ep/pad/view/NovaMultinodeInstall/latest12:34
pikenBK_man: If your having connection issues to localhost:8773, you probally have the ec2_url set wrong on the node that is having the error.12:36
pikenec2_url needs to point to the cloud controller (nova-manager)12:37
BK_manpiken: this is what I have: http://paste.openstack.org/show/89/12:37
BK_manpiken: this is from compute (2nd) node12:38
pikenBK_man: hmm, something else is going wrong because you have url set right, but your error is stating it is trying to connect to localhost, not to
mdiver_Trying to start nova-api , I've got an Error,  " ImportError :   cannot import name pidlockfile "12:39
mdiver_any ideas ?12:39
mdiver_Running on Centos5.5.12:39
BK_manOh! My bad... nova/novarc was outdated. sorry!12:39
*** MarkAtwood has joined #openstack12:40
pikenmdiver: did you install python-daemon?12:41
*** MarkAtwood has quit IRC12:42
pikenyour failure is from an import.12:42
pikenfrom daemon import pidlockfile in server.py12:42
pikenThe docs for centos5.5 install are not that good as all the python libs installed are 2.4.3 not 2.6 that is needed.12:43
*** westmaas1 has joined #openstack12:43
pikenyou have to use easy-install2.6 to install the 2.6 version after you get 2.6 installed. Easiest to use epel to do that.12:43
BK_manInteresting... I can now see an instance running on first node from second node but can't reach it by network. What's wrong with my setup?12:43
pikenBK_man: not sure there. Might be a routing or iptables issue.12:44
*** kevnfx has joined #openstack12:44
*** mmalgeri has joined #openstack12:45
BK_manpiken: I do not even have a route to my VMs network on second node. What service is responsible for managing host's networking?12:47
BK_man(I meant what service in nova)12:47
mdiver_piken: I've installed Daemon.12:47
mdiver_The pidlockfile.py is there12:47
pikenmdiver: easy test start an interactive python shell and type `from daemon import pidlockfile`12:48
pikenBK_man: I am not sure. Let me ask the admin in ops that has been doing the setup while I have been focusing on dev work for it.12:48
mdiver_piken:  in python2.4 I can import.. not a problem... However, running python2.6 it gives me the error.12:50
mdiver_pike: I've noticed that  pidlockfile.py on 2.6 is a separated file12:50
mdiver_piken:  while in 2.4 it is a daemon.py function12:50
*** Podilarius has joined #openstack12:52
mdiver_piken: I was able to import   'import lockfile'12:53
*** pvo has joined #openstack12:54
*** ChanServ sets mode: +v pvo12:54
*** gustavomzw has joined #openstack12:54
*** pvo has quit IRC12:59
pikenmdiver_: when you used easy_install-2.6 to install daemon did you install daemon or python-daemon as they are different?13:00
*** BK_man_ has joined #openstack13:01
mdiver_piken: I've installed both.13:03
*** BK_man has quit IRC13:04
pikenIf you installed both, you would not have the issue.13:04
*** mdomsch_ has joined #openstack13:04
pikenfrom daemon import pidlockfile is an import from python-daemon13:05
*** BK_man_ has quit IRC13:05
pikenif you easy_install-2.6 python-daemon, it would work with out a failure on the import.13:05
mdiver_piken: I could import pidlockfile issuing =>     'from lockfile import pidlockfile'13:08
mdiver_I can find the file under  /usr/lib/python2.6/site-packages/python_daemon-1.5.5-py2.6.egg/daemon/pidlockfile.py13:10
*** eldarnugaev has quit IRC13:15
mdiver_piken:  It is not supposed to be 'from lockfile import pidlockfile' instead of 'from daemon import pidlockfile' ???13:16
pikenno, it is from daemon13:16
mdiver_piken:  It can't find pidlockfile on daemon, just on lockfile... spooky..13:17
ranjibmdiver: u there?13:19
ranjibmdiver_: i have recently documented the centos 5.5 installation .. its working smooth on my end.. i too faced the same issue.13:20
ranjibmdiver_: but after issuing easy_install-2.6 daemon, it was resolved13:20
mdiver_ranjib:  Hi, I'm here13:20
mdiver_ranjib:  I can see at least 3 daemon under site-packages  ./daemon , ./python_daemon, ./daemon-1.0-py2.6  , should I remove them ?13:22
mdiver_ranjib:  and re-install daemon only ?13:22
ranjibmdiver_:you should have python_daemon 1.5..5 only13:25
*** mmalgeri has quit IRC13:26
ranjibmdiver_:easy_install 2.6 daemon should do the job. but before that clean up rest13:26
mdiver_ranjib:  Python question... can I just delete them Up ?13:26
*** theron has joined #openstack13:28
*** pvo has joined #openstack13:30
*** ChanServ sets mode: +v pvo13:30
ranjibmdiver_:let me know if that fixes the problem13:32
*** pvo has quit IRC13:34
mdiver_ranjib:  I will. working on that now.13:34
*** pvo has joined #openstack13:34
*** ChanServ sets mode: +v pvo13:34
mdiver_ranjib: I've removed all Daemons and removed from the easy-install.pth file all daemon references, issued the command as explained in the guide : easy-install-2.6 daemon13:39
mdiver_ranjib: I can see now that under ./site-packages/daemon-1.0-py2.6.egg was installed13:39
mdiver_ranjib:  However, still not able to resolve pidlockfile13:40
mdiver_ranjib:  Still having the same error.13:40
mdiver_ranjib:  running Python prompt I can't either.13:41
*** abecc has joined #openstack13:42
*** kevnfx has quit IRC13:43
*** abecc has joined #openstack13:43
ranjibmdiver_: let me kickstart a centos and check things out at my end13:45
*** mdomsch_ has quit IRC13:47
*** gaveen has quit IRC13:48
pikenthe install is not easy-install-2.6 daemon13:56
pikenIt is easy-install-2.6 python-daemon13:56
pikenThey are different pypi packages and python-daemon is the required.13:57
*** gondoi has joined #openstack13:57
mdiver_piken:  I've tried this one easy-install-2.6 python-daemon , I didn't work... let me try again...13:57
pikenyou didn't do it if it did not work. I have tested it on 40+ nodes here that are all centos5.5 and it works without an issue.13:58
*** gaveen has joined #openstack14:01
ranjibmdiver_: hey, piken is right, its python-daemon14:01
*** Ryan_Lane has joined #openstack14:03
*** irahgel1 has quit IRC14:04
*** blakeyeager has joined #openstack14:09
*** littleidea_ has joined #openstack14:14
*** littleidea has quit IRC14:17
*** littleidea_ is now known as littleidea14:17
*** metcalfc has joined #openstack14:19
*** irahgel1 has joined #openstack14:25
*** ppetraki has joined #openstack14:26
sorenanotherjesse: Did you see my comment on the whiteboard of https://blueprints.launchpad.net/nova/+spec/austin-puppet-deployment ?14:27
*** Cybodog has joined #openstack14:32
*** johnpur has joined #openstack14:41
*** ChanServ sets mode: +v johnpur14:41
*** gustavomzw has quit IRC14:43
*** neogenix has quit IRC14:43
*** Ryan_Lane has quit IRC14:44
*** metcalfc has quit IRC14:44
pikenranjib: mdiver_ is having issues due to easy_install on the box he was working on. It was importing some weird new version of python-daemon-1.6 when it is missing have the package. Then when using setuptools and building 1.5.5 directly, it would fail when he would do the import for an issue with the lockfile egg.14:47
pikenSeems that system has something weird happening with pypi14:47
*** Orman has joined #openstack14:51
*** kevnfx has joined #openstack14:53
ranjibpiken: strange .14:53
*** f4m8 is now known as f4m8_14:53
*** schisamo has quit IRC14:55
*** Orman has quit IRC14:59
*** grizzletooth has joined #openstack15:00
ranjibi  am forking vishy's nova.sh for centos,,, any contribution is welcome .15:02
*** iammartian has left #openstack15:05
*** eldarnugaev has joined #openstack15:07
pikenI would suggest doing it all as one script with a param of the os to be added that way it can be extended to more in the future.15:07
piken./nova.sh centos15:07
piken./nova.sh ubuntu15:07
creihtwhat about ./nova.sh gentoo? :)15:08
pikenWe might also think of not doing it as bash15:09
grizzletoothgentoo-ers wouldn't use it.  they would just read the lines in the script and and try to run them each manually.15:09
pikenDoing it as python using very minor standards. python 2.4 min with no outside modules will give us a little more flexability to the script15:09
pikengrizzletooth: lol, good one15:09
ranjibpiken: wont that make the script too long...15:11
ranjibpiken: currenty i replace the services shebang line with env python2.6 too...15:11
ranjibpiken:as i cant change the systems's default python 2.4 for its dependance on yum15:12
*** iammartian has joined #openstack15:12
pikenranjib: I think it would be cleaner. Have the script be really basic and know how to install items for each os (and be in the base python installed on the system).15:13
pikenI would then have it use internals of python to first pull down a manifest from the nova repo that contains the deps for the system noted.15:14
pikenMANIFEST.centos for example15:14
ranjibpiken: good idea ..15:14
pikenIt would then loop through that to install rpms via yum, and use easy_install and such as needed.15:14
pikenranjib: I think it would make it clean to manage as each os would have a function set in the main on how to install for them, but the package naming and such would be in the manifest15:15
ranjibpiken: how do we do the manual installations.. stuff like gflags  binding? system commans?15:15
*** Cybodog has quit IRC15:15
pikenranjib: I would have a funciton for each as most will be the same on all systems.15:16
pikenAs for system commands, I would have a map in the script that associates commands with the system they are on, and use that map to determine what commands to run.15:16
pikenI got the idea for this from the fusion-forge installer. https://fusionforge.org/scm/viewvc.php/*checkout*/trunk/src/fusionforge-install-1-deps.php?root=fusionforge&revision=10070&content-type=text%2Fplain&pathrev=1007015:21
mdiver_ranjib:  For Centos how did you get the python-nova , nova-api, nova-objectstore, nova-compute ... etc   ??15:21
pikenIt does similar but in php except it has all the dependency names for each system internal.15:21
ranjibmdiver_: branched it from launchpad only ..15:22
pikenbzr clone https://launchpad.net/nova  or use the dl link on the side of https://launchpad.net/nova15:23
pikensry bzr branch https://launchpad.net/nova15:23
ranjibhad to replace the shebang line.. i used sed for that, dont know if theres a sain way.. wish python has something like rvm15:23
*** gaveen has quit IRC15:25
pikenThat is why I prefer writing installers in standards that use the installed version on the system  no matter what.15:25
pikenif you write in code that would work on 2.4 and 2.6 if it runs on /usr/bin/python or /usr/bin/python26 it doesn't matter.15:26
*** gaveen has joined #openstack15:26
grizzletoothuse perl for the install script and you won't have to worry about it <grizzletooth ducks and runs for cover>15:27
ranjibgrizzletooth: :-)15:28
ranjibleaving aside readability.. even im more comfortable with perl..15:29
grizzletoothI aspire to be a python coder, but am still stuck with too much perl experience ;)15:29
* piken slaps grizzletooth with a peice of trout!15:30
grizzletoothouch - stinky15:30
pikenI have done too much perl in my life, and too much php.15:30
*** rds__ has joined #openstack15:30
pikenI actually have become fond of python. It is a very clean and very easy language to work with.15:30
ranjibi did loads of perl, a bit python, and now ruby ....15:31
pikenTalk to me about perl when you have had to help recode a huge part of Bugzilla before they had a style guide. lol15:31
ranjibpiken:python is full of boiler plates15:31
pikenI am not a fan of ruby15:31
ranjibevery time i see  method(self) ,, i wonder what was wrong with perl then?15:32
*** khussein has joined #openstack15:33
*** schisamo has joined #openstack15:34
pikenOnly thing that pisses me off with python is != is not standard15:34
pikenStupid <>15:34
notmynamepiken: what are you talking about? != is the normal way to do inequality checks in python15:35
*** hazmat has joined #openstack15:36
*** comstud has joined #openstack15:38
*** ChanServ sets mode: +v comstud15:38
ranjibi just like python's readability ..15:40
ranjibelse gic, versions inconsistencies,  package management.. everything sucks big time15:40
pikennotmyname: one of the pep's pushes a standard use of <> over !=15:40
creihtpiken: http://docs.python.org/library/stdtypes.html#comparisons15:41
creiht<> is obsolete15:42
pikenHey, sue me. I haven't read the peps in a while. lol. Must have obsoleted it with 3.015:42
redboalso, I hate how python makes you end statements with semicolons15:43
notmynamejust for fun: http://docs.python.org/release/2.0/ref/comparisons.html15:44
notmynamementions <> is depreciated15:45
notmynamepiken: just giving you a hard time :-)15:45
edayvishy: are you guys still seeing any concurrency issues with eventlet?15:48
*** spectorclan has joined #openstack15:50
*** metcalfc has joined #openstack15:51
*** metcalfc has joined #openstack15:52
*** al-maisan is now known as almaisan-away16:00
vishyeday: I haven't been monitoring it recently16:01
vishyeday: we put HAProxy in front of 8 nova-apis16:01
*** sebastianstadil has joined #openstack16:02
vishyeday: last time i saw it, it appeared to be connecting to sql that was giving the error.  I'm thinking using the thread local session in db/sqlalchemy/session.py might fix it, but i haven't been able to investigate.16:03
edayvishy: ahh, ok16:19
*** mdiver_ has quit IRC16:29
*** mmalgeri has joined #openstack16:29
*** neogenix has joined #openstack16:29
*** eldarnugaev has quit IRC16:29
*** Dweezahr has quit IRC16:35
*** infernix has quit IRC16:36
*** ttx has quit IRC16:36
*** zykes- has quit IRC16:36
*** morfeas has quit IRC16:36
*** Xenith has quit IRC16:36
*** spike has quit IRC16:36
*** ttx has joined #openstack16:36
*** ttx has joined #openstack16:36
*** Xenith has joined #openstack16:36
*** morfeas has joined #openstack16:36
*** infernix has joined #openstack16:36
*** spike has joined #openstack16:36
*** joearnold has joined #openstack16:38
*** mdiver has joined #openstack16:40
*** joearnold has quit IRC16:41
ranjibmdiver: u there>16:43
ranjibmdiver: u need to remove daeom and python-daemon, u should install python-daemon -1.5.516:46
*** zykes- has joined #openstack16:46
*** Dweezahr has joined #openstack16:46
pikenranjib: he did16:46
pikenThere looks to be a metaclass issue with lockfile currently for him16:47
pikenhe might need to use an older version of lockfile as it looks like the newest lockfile and python-daemon are fubar in pypi at the moment16:47
piken0.9.0 and 0.9.1 have issues.16:48
*** DubLo7 has joined #openstack16:49
*** dpackard has joined #openstack16:50
dpackardhi all16:50
dpackardcan anyone tell me if installing openstack nova makes changes to /etc/inetd.conf   ?16:51
ranjibpiken: really? how he installed the python_daemon?16:52
ranjibpiken: i just did it using easy_install-2.6 python-daemon==1.5.5 , and now its working fine16:52
pikenHe installed it from the tarball16:53
*** jdmaturen has quit IRC16:53
sorendpackard: It doesn't.16:53
dpackardthanks soren16:54
pikenranjlib: there is the error the import gives and I have found some ubuntu bugs on google that point it at a lockfile 0.9.0 issue16:54
*** littleidea has quit IRC16:58
*** jdmaturen has joined #openstack17:00
*** sebastianstadil has quit IRC17:02
*** sebastianstadil has joined #openstack17:05
*** ranjib has quit IRC17:06
*** neogenix has quit IRC17:08
elasticdogis there not a swift.sh script to help set up the saio environment like the nova.sh script?17:17
*** jdmaturen has quit IRC17:20
grizzletoothelasticdog: not that I have seen - just the SAIO and multiserver docs  http://swift.openstack.org/development_saio.html  http://etherpad.openstack.org/MultiServerSwift17:21
elasticdoggrizzletooth: thanks...I've just been going through the development_saio page and thought there might be a quicker way17:23
*** DubLo7 has quit IRC17:23
*** joearnold has joined #openstack17:23
*** jdmaturen has joined #openstack17:24
notmynameelasticdog: I think there is a chef script around somewhere that sets up a SAIO17:28
creihtI'm not sure if the chef script has been updated with the latest version though17:30
elasticdognotmyname: thanks17:31
*** littleidea has joined #openstack17:31
*** joearnol_ has joined #openstack17:32
*** joearnold has quit IRC17:32
*** joearnold has joined #openstack17:32
*** sparkycollier has joined #openstack17:33
*** dendrobates is now known as dendro-afk17:35
*** grizzletooth has left #openstack17:36
*** kw1 has joined #openstack17:36
*** dendro-afk is now known as dendrobates17:37
mdiverpiken:  I've downgrade the lockfile to 0.8.0 it seem to work now..17:38
*** kw1 has left #openstack17:39
*** sparkycollier has quit IRC17:41
pikenranjib: There you go. you need python-daemon 1.5.5 and lockfile 0.8.0 as daemon 1.6 and lockfile 0.9.x are fubar.17:48
vishysoren: any idea if libvirt supports serial console output to two places at once?  We're trying to have ajaxterm as well as sending the output to a file.17:48
mdiverIt is now complaining about ./CA directory, I can see it on the source directory, Should I copy it over, or is there a way of specifying where the nova dir is  ? any NOVA_HOME= ?  Something like that ?17:49
*** ibarrera has quit IRC17:50
*** littleidea has quit IRC17:50
*** joearnol_ has joined #openstack17:58
*** joearnold has quit IRC18:00
*** jc_smith has joined #openstack18:01
*** kevnfx has quit IRC18:01
vishymdiver: --ca_path=/path/to/ca18:02
vishytry running the binaries from inside the source tree18:02
vishyand it should find the existing one18:02
vishycd /path/to/nova/18:03
mdivervishy:  got it.  Thanks.18:03
*** littleidea has joined #openstack18:04
jk0vishy: you ever see 'connection refused' when using sqlite and starting nova-compute with your install script?18:05
jk0it's almost like the sqlite db is locked18:06
*** joearnol_ has quit IRC18:07
*** joearnold has joined #openstack18:08
vishysounds likely18:08
vishysqlite locking is pretty bad for multiple binaries18:08
vishyi usually use mysql18:08
jk0that's what I figured18:09
vishybut i've usually only had to just rerun the command if it is locked18:09
pikenhave the openstack mailing lists been active? I did the signup for them and haven't seen anything come accross. I want to make sure work spamfilter is not eating it.18:09
spectorclanpiken which lists?18:09
vishyit spews errors on trying to update locked db18:09
jk0I'm getting conn refused for compute, network and volume.18:09
vishypiken: there hasn't been anything recently18:09
vishyjk0 o really?18:10
jk0there's no indication of locking but that's what I'm assuming18:10
vishyjk0: if you restart them, do they work?18:10
jk0nah, no go18:10
vishyjk0 sounds like a rabbit issue18:10
jk0API and objectstore fire right up18:10
vishyconnection refused is usually because rabbit isn't running18:10
vishyAPI and objectstore don't connect to rabbit so that would make sense18:11
jk0good call, I'll look quick18:11
*** khussein_ has joined #openstack18:13
jk0vishy: good catch - that was exactly it18:13
vishyjk0: np18:13
*** dragondm has joined #openstack18:15
*** jed has joined #openstack18:15
*** khussein has quit IRC18:15
*** khussein_ is now known as khussein18:15
*** ptremblett has quit IRC18:24
*** jdmaturen has joined #openstack18:25
spectorclanReminder - Register for Design Summit at http://openstack.org/register18:25
*** jdmaturen has joined #openstack18:25
*** Cybodog has joined #openstack18:28
*** dpackard has quit IRC18:33
*** jc_smith has quit IRC18:33
*** miclorb_ has joined #openstack18:36
*** jc_smith has joined #openstack18:37
*** dragondm has quit IRC18:41
vishydendrobates: are you here?18:46
dendrobatesvishy: yep18:46
zulis the schedule up yet for the dev side of the summit yet?18:47
vishydendrobates: what is the deal on the voting? Someone was saying that you have to be added to Nova or Swift in order to vote?18:48
dendrobatescreiht: on this page: code.launchpad.net/nova which do you need sessions for?18:48
vishyin addition to signing the cla18:48
creihtdendrobates: what does the public want? :)18:49
dendrobatesvishy: you needed to be on a member of any of the lp teams18:49
vishydendrobates: and how does one get added to the teams?18:49
dendrobatesvishy: it is too late, jonathon already grabbed the list.  You need to ping Jonathon if someone needs to be added to the voting18:50
creihtdendrobates: I'm assuming you are asking about blueprints?18:50
dendrobatescreiht: yes18:50
vishydendrobates: ok18:50
dendrobateszul: working on it now18:50
zuldendrobates: cool18:51
dendrobatescreiht: I assume you want to discuss all the ones marked future- at least?18:51
creihtIt depends on if there is anything to discuss? :)18:51
creihtThe only thing that I can think of that people would be really interested in discussing is the s3 api compatibility18:52
dendrobatesif there is nothing, I would just use the time to go over your plans and see if anyone has any comments.18:52
creihtThat's the problem, we don't have much in the way of "plans"18:52
dendrobatesthen this is the time to make them.18:53
creihtmost everything for at least a while is going to be incremental improvements18:53
creihtbut that's the thing, we have no major features to add18:53
creihtfor the near term18:53
devcamcarcreiht: how goes?  i may have such a feature in mind18:53
creihtand nobody else has requested much else :)18:53
creihtdevcamcar: !!!!18:53
creihthow's it going? :)18:53
devcamcarcreiht: good!18:53
devcamcari'll be in san antonio all next week18:54
dendrobatesdevcamcar: awesome create a blueprint and I'll schedule it.18:54
devcamcarone of the big features we've been discussing internally is multi-region support for swift18:54
*** Cybodog has quit IRC18:54
devcamcarbeing able to store a replica in an external swift store18:54
devcamcarbig win for us18:54
creihtadd a blueprint! :)18:54
devcamcari'm going to put a high level blue print up today18:54
creihtdendrobates: the only other possibly interesting thing to discuss is the large file support, but that is mostly implemented18:55
devcamcarcreiht: how large is a large file?18:55
creihtas large as you want it to be?18:56
devcamcarone meeeeeeellion TB18:56
creihtIf you can keep your connection open long enough to upload it, sure :)18:56
devcamcarcreiht: how are you guys handling that under the cover?18:56
devcamcarare you chunking on client side?18:56
creihtthe current implementation involves creating a manifest, and then chunking across the cluster18:57
creihtand it is done server side18:57
*** dysinger has joined #openstack18:57
devcamcarone of the questions we were asked recently is how easy it would be to saturate a 10G connection with a single large file being uploaded18:57
devcamcara lot of our potential users have a small number of huge files18:57
devcamcarswift is basically bound by spindle speed more than network speed18:58
devcamcars3 is same way18:58
devcamcaronly way around that is chunking client side, it gets messy18:58
creihtThere is an idea down the road to expose a similar chunking to the client side18:58
devcamcaranyway, just curious if you guys are thinking about it from that point of view18:58
creihtwhere the client would upload the manifest, and chunks18:59
devcamcarthat would have huge value for our customers18:59
creihtthat way you could upload those in parallel18:59
creihtIt has its own set of issues :)18:59
devcamcarwe have 10G everywhere now, though we're already talking about 40G or 100G pipes18:59
devcamcarcreiht: indeed it does!18:59
creihtdevcamcar: we can talk about it then next week18:59
devcamcarcreiht: worth a blueprint?19:00
creihtsure, why not? :)19:00
*** sebastianstadil has quit IRC19:01
*** khussein has quit IRC19:05
spectorclanIf anyone needs help with hotels next week, let me know and I can try and find you a roomate19:06
*** littleidea has quit IRC19:10
devcamcarcreiht: high level rough of multi region: https://blueprints.launchpad.net/swift/+spec/multi-region19:15
_0x44jaypipes: Are you about?19:15
jaypipes_0x44: sure am.19:16
_0x44Is there a way to make nose report on cyclomatic complexity the way it can report on code coverage?19:18
jaypipes_0x44: not that I know of.19:18
jaypipes_0x44: but isn't there a way to ask pylint to do that? eday?19:19
_0x44Great, thanks :)19:19
creihtdevcamcar: so what you are talking about in the proposal can already be done client side today19:20
alekibangodendrobates:  what do you think about my blueprint? https://blueprints.launchpad.net/nova/+spec/reserve-and-limit-resources...19:20
creihta small change to the auth would allow it to return several endpoint urls, to which the client could send data to either (or both)19:20
devcamcarcreiht: that is a great feature but want to see swift dictate that automatically on the server side if configured to do so19:21
creihtthat wasn't entirely clear from the description19:21
devcamcarcreiht: ok i will make that more explicit19:21
creihtcool... and should be interesting to discuss next week :)19:22
devcamcarcreiht: in short: swift installation A is configured to be aware of B, when data is uploaded to A, N number of copies are also replicated to B19:24
devcamcarand vice versa19:24
devcamcarcreiht: and bonus points for making it configurable by container :)19:24
creihtcontainer stored procedures! :)19:25
_0x44jaypipes: It doesn't look like there's a way to make pylint do it, I'll have to install another module. Thanks for the help19:25
jaypipes_0x44: selenium, then?19:26
*** khussein has joined #openstack19:28
jaypipes_0x44: http://www.traceback.org/2008/03/31/measuring-cyclomatic-complexity-of-python-code/19:28
dendrobatesalekibango: interesting, there is some overlap with blueprints that pvo is working on.19:30
alekibangodo you think we can plan that for bxar?19:30
_0x44jaypipes: I found that earlier, but I hadn't yet installed it because I was hoping for a nose plugin like complexity.py19:30
jaypipes_0x44: ah, gotcha.19:31
alekibangopvo: please what is dendrobates talking about, can you tell me more?19:32
alekibangodendrobates: not everyone wants to use shared resources :) there are customers who want reserved ones...  and there are customers who would like to have mix or reserved and mix of shared19:33
alekibangoeh, meant mix of reserved and shared :)19:34
alekibangoie, 10MBps reserved bandwidth and sharing rest with other users of the host19:35
dendrobatesalekibango: it seems to me that throttling with hard and soft limits can accomplish what you are asking for.19:35
alekibangodendrobates: i know its not exactly easy. bug kvm, lvm or UML can be easily limited by normal means19:36
dendrobatesfew users are willing to pay for resources they are not using currently.  That is one of the advantages of utility computing19:36
pikenI would stress that the limits be very flexable as ip over ib with kvm has seen 6.6GBps through put for our vms and we would not want to limit our selves out of the performance.19:36
alekibangos/bug/but/     sorry, myfingers are weak today19:37
alekibangodendrobates: yes... do you think we can target this for bexar?19:37
alekibangoi will help with it19:37
*** Cybodog has joined #openstack19:37
dendrobatesalekibango: why reserve resources? why do you care, as long as they are there when you try to use them?19:38
_0x44alekibango: Can it wait three months to whatever the C release is?19:38
alekibangowell, to be able to sell virtual host having certain parameters19:38
alekibangocertain SLA19:38
dendrobatesyour electric company does not reserve power for you.19:38
_0x44dendrobates: If you ask Blake and Opie they'll tell you lots of customers want explicitly specified hard limits19:38
alekibangonot more, not less19:38
dendrobatesalekibango: we can do that without reservations19:38
alekibangodendrobates: yes and suddenly power fails when my neigbour uses his tesla inspired tools19:39
dendrobates_0x44: I agree with the concept of limits, just not reservations19:39
*** khussein has quit IRC19:39
_0x44dendrobates: pm coming, I'm not sure I'm allowed to talk about what I'm going to say next publicly.19:39
pikendendrobates: a pure qouta system would the preferred as you can limit a user, but not restrict them if needed.19:39
alekibangodendrobates: i understand this will require reserved hosts...19:39
alekibangodendrobates: this comes as request from my customer, a hosting company19:40
alekibangoand he has tons of customers who need this :)19:40
alekibangoi know its not using the hardware to the max, but it gives some sort of good feeling to customers19:41
alekibangodendrobates: reservation of that is just change in scheduler19:42
alekibangolimiting is for nova-manage19:42
alekibangoif someone will guide me a bit, i can work on it19:43
pvoalekibango: whats the difference in reservation and provisioning a vm and not using it?19:43
dendrobateswhat gives me a good feeling is that when I flip on a light, it comes on.  I don't care if the power company reserved power for me.19:43
alekibangoreservations means that when other users will abuse resources of the host, you will not be affected19:43
pvoalekibango: thats not reservations19:44
pvoalekibango: those are resource limits19:44
alekibangoyes, and planning19:44
alekibangopvo: maybe i have wrong terminology :)19:44
dendrobatesI realize that some people may want this, but I think they are missing the point of the cloud19:44
pikenalekibango: No hosting company could live at that as the key to the hosting business is over provision.19:44
pvoalekibango: thats just how you configure your hypervisor19:44
pikenI worked for 5 years for one of the worlds largest and know that to be the truth19:44
alekibangoi want limits and scheduling -- and the scheduler should respect thole limits, so it will not schedule 150% of load on 1 cpu19:44
*** guynaor has joined #openstack19:45
pvoalekibango: scheduler is pluggable. You can write your own to take this into account already19:45
*** Cybodog has quit IRC19:45
*** Cybodog has joined #openstack19:46
pikenalekibango: at that point your not doing any better then buying single core servers that are bare metal. KVM and Xen do a good job of resource swaping for hosts using more resources taking from those that are not for a reason.19:46
alekibangopvo: what do you mean - thats just how you configure hypervisor?19:46
*** ptremblett has joined #openstack19:46
pvoyou can configure your hypervisor to burst or have hard caps19:46
pikenalekibango: a quota system is a must, but reserving alotments of resources is against the idea of KVM and Xen.19:47
pikenpvo: you can set hard caps, but not soft caps.19:47
alekibangopiken: i understand you, but there is demand for this :)19:47
pvopiken: hard caps, yes19:47
alekibangopiken: maybe only partial reservation19:47
dendrobateswe need to throttle network i/o, disk i/o and CPU.  pvo: do your blueprints cover throttling?19:47
*** Cybodog has quit IRC19:47
pvoalekibango: reservation is the same as provisioning, no?19:48
pikenalekibango: That is a demand that you will kill the performance of the cloud as a whole to meet.19:48
alekibangoi want to be able to tell hard limits -- not only max, but also MIN19:48
pvodendrobates: isn't there already throttling in openstack api?19:48
pvodidn't gundlach put that in?19:48
*** Cybodog has joined #openstack19:48
alekibangopiken: i know, but it might give you more money19:48
alekibangoits about SLA19:48
dendrobatespvo: on the hosts, using xs?19:48
alekibangoand people willing to pay19:48
pvothrottling at the pai19:48
alekibangopvo: you are working on throttling?19:49
alekibangoon limits?19:49
pvothere was work done on it.19:49
pikenalekibango: actually it is not, it is against SLA believe it or not. Ran into this head on at HostWay when doing OpenVZ vps's19:49
dendrobatespvo: I'm talking about backend, not API.19:49
pvodendrobates: not sure what you mean then.19:49
dendrobatespvo: do your spec cover hard and soft disk i/o limits and network i/o limit to prevent one vm from affecting it's neighbors?19:50
*** irahgel1 has left #openstack19:51
pvonot disk io, but we do cover network io19:51
alekibangopiken: i want to be able to tell: you will have 30-50 MBps available19:51
_0x44piken: OpenVZ lies about virtualization19:51
alekibangonot only you can be limited to max 50, min 019:51
dendrobatesI know, we can do disk i/o with KVM and hopefully soon with xs too.19:52
piken_0x44: at the time it was the best you can find. lol19:52
alekibangoor you will get shared 20019:52
*** dragondm has joined #openstack19:52
dendrobatespvo: but it's in your specs?  I'm trying to see if we need another.19:52
alekibangopiken: again, this is what this hosting company needs, and its one of largests in my country19:52
alekibangothey have companies waiting to pay for this limited hw :)19:53
pikenalekibango: I understand what you are saying, but from the idea of a cloud, that would be a step in the wrong direction  for the core project. Maybe for an extension for you. But I would highly advise keeping that from the core of nova.19:53
alekibangowe have also some cheap hosting companies, who use sharing to the max19:53
alekibangobut thats not the way of my customer19:53
pikenalekibango: maybe you should focus on vm migration priorities instead of reservations. The best solution would be if a node cannot offer the load a user is using, move them and keep it to hard limits only.19:54
alekibangopiken:  right19:54
alekibangothat would be the one19:54
alekibangosheepdog + live instant migration19:55
alekibangoor somthing like this19:55
pikenThat is live able, but needs a lot as there is no live migration in nova at the moment.19:55
pikenThat even opens up the option of node load balancing like vsphere.19:55
alekibangowhen do you think we can make migration real?19:55
alekibangopiken: right...19:55
*** Cybodog has quit IRC19:56
pikenDon't look at me. lol. I am still working out some blueprinting info and work for the VolumeManger Vishy started so I can use it internal here for VirtFS + Lustre over infiniband.19:56
alekibangomy other blueprint might be to  move instantions in a way they best use hardware in time (for example shools have different needs than shops or news)19:56
alekibangobut thats for far future maybe :)19:57
alekibangoand live migration would solve this also19:57
alekibangoi think, live migration would be good19:58
*** Cybodog has joined #openstack19:58
alekibango+ those limits19:58
dendrobatesalekibango: there is a live migration spec19:58
*** Orman has joined #openstack19:58
alekibangoyes ty19:58
pikenHey Orman19:59
alekibangoOrman: hello. i am not doing security diagrams yet :)  i just have beed drawing some nova arch pictures19:59
devcamcarpiken: you're implementing a VolumeManager for VirtFS and Lustre?19:59
alekibangowhich talk about AMQP centricity19:59
pikendevcamcar: I pulled a branch of Vishy's VolumeManager and I am working out a Driver for VirtFS.20:00
OrmanHey piken.20:00
devcamcarpiken: neat, though i personally feel an urge to rub myself down with steel wool whenever i deal with lustre :)20:00
pikenNot lustre directly as we are mounting Lustre on the physical node and going to virtfs to the directory as Lustre over 40gbps infiniband is faster then lustre over 6.6gbps max with virtio-net20:01
*** neogenix has joined #openstack20:01
alekibangoand who is working on nova limits/throtling? :)20:01
devcamcarpiken: interesting20:01
alekibangopiken: what do you think about ceph?20:02
_0x44alekibango: For Austin it was comstud20:02
devcamcarcreiht: blue print for client side chunks, mainly just a starting point for discussion20:02
alekibango_0x44: ty20:03
devcamcarvery very high level20:03
Ormanalekibango: When will you have your architecture pictures up?20:03
pikenalekibango: it is nice, if you like loosing your data every other day and seeing big red warnings that say "WARNING: THIS IS NOT PRODUCTION READY!!!"20:03
_0x44alekibango: You're welcome20:03
alekibangopiken: :))20:03
alekibangopiken: i didnt have the courage to try20:03
alekibangobut it looks promising20:03
pikenWe have tried a lot here, Ceph + BTRFS, GlusterFS, and Lustre. Lustre is the most promising and stable as long as you have the money to through at top of the line hardware.20:04
alekibangoand glusterfs?20:04
alekibangoits coming to be nice, but i found it slow20:04
pikenIt is slow and if you have more then 2 storage nodes, the data replication becomes a huge bottle neck.20:04
pikenI think a test of Lustre on our SAN and infiniband the other day was showing 50GBps reads.20:05
pikenah, nvm. 50GBps writes at a sustained of 6.3GBps per client.20:06
alekibangoso, what do we need to make live migration real (at least for kvm)?20:06
pikenLots of Prayer?20:06
alekibangobtw lxc containers might make sense even for kvm/qemu/UML instances --> to limit20:07
*** ctennis has quit IRC20:07
alekibangoi agree limits are enough for me if we will get live migration working during winter20:08
Ormandevcamcar: Nice blueprint. ;)20:08
OrmanI am trying to figure out which blueprint I should do.20:09
*** khussein has joined #openstack20:09
OrmanI need to add ore to clarify what I mean in the first paragraph of tje Virtual Guest.20:10
OrmanMore details would work. ;)20:11
alekibangowe need diagrams20:11
alekibangolots of diagrams20:11
OrmanI'll make a Virtual Guest diagrams when I get the chance20:12
OrmanBoth the guest and the host shold be on seperate layers.20:12
alekibangopiken: btw how do you combat  silent data corruption problem ? :)20:13
alekibangomeeting is in 45 minutes?20:14
OrmanWhat meeting?20:14
alekibangoOrman: #openstack-meeting20:14
OrmanAh I see20:14
alekibangosee top of wiki pages20:15
OrmanWell I am going to head out for a bit here in aminute to vote.20:15
pikenalekibango: Never solved it in 1.8. We are trying 2.0 and it solves it via embedded lvm in the partition manager for lustre now to do striping better.20:15
OrmanI might be back in time for the meeting20:15
alekibangopiken: interesting :)20:15
sorenvishy: Same serial port pointed to two places?20:17
sorenvishy: I don't believe it does, no.20:18
sorenvishy: Let me check.20:19
sorenvishy: It doesn't, no.20:21
sorenvishy: It shouldn't be too difficulat to add, though.20:21
*** ctennis has joined #openstack20:21
*** ctennis has joined #openstack20:21
sorenvishy: What does ajaxterm need?20:21
Ormansee ya guys20:22
*** Orman has quit IRC20:22
pikenWho do I have to talk to about joining the Nova and Swift teams on LP?20:24
creihtpiken: I think you just click the "join" button :)20:25
pikenor the openstack team as a whole. I want to be active on the mailing lists and it turns out the reason I cannot access them is that. lol20:25
creihtswift-core and nova-core are a different thing20:25
pikenhmm, don't see join link anywhere on lp20:26
creihtpiken: try https://launchpad.net/~swift20:27
creihtand https://launchpad.net/~nova20:27
dendrobatescreiht: the lp teams are locked while we revamp our CLA policy.20:27
pikenBah, make it hard to join the mailing lists. lol20:28
dendrobatesif anyone wants to join and they have signed the CLA, I'll add them20:28
dendrobatesthey will be unlocked after the summit next week20:28
pikenI can sign it for my personal contributions, but they won't include anything from my company as we are waiting on legal for those.20:29
_0x44dendrobates: I signed the CLA twice and have to addresses in two countries, can my vote count twice?20:29
dendrobates_0x44: I am not involved in the voting20:29
_0x44dendrobates: Should I ask jbryce?20:30
dendrobatesrelease meeting in 30 min20:30
dendrobates_0x44: did you get two emails with links?20:30
*** littleidea has joined #openstack20:30
sorenvishy: So, afaict, ajaxterm just exec()'s something and uses stdio for communication. It shouldn't be much work to make libvirt export the serial port to a unix socket and have a daemon that writes everything to the console log as well as allow ajaxterm to connect through it.20:31
*** metoikos has joined #openstack20:32
*** allsystemsarego has quit IRC20:33
*** Cybodog has quit IRC20:34
*** sparkycollier has joined #openstack20:36
vishysoren: I thought we might have to do something like that.20:36
*** Cybodog has joined #openstack20:37
creihtmtaylor: would it be possible to set up hudson on the swift 1.1 series?20:40
creihtand tarmac20:40
*** sebastianstadil has joined #openstack20:42
*** BK_man has joined #openstack20:43
_0x44dendrobates: I didn't get two emails with links, I'm only in launchpad once :)20:43
*** devcamcar has quit IRC20:45
*** anotherjesse has quit IRC20:45
*** xtoddx has quit IRC20:45
*** vishy has quit IRC20:45
*** anotherjesse has joined #openstack20:46
*** devcamcar has joined #openstack20:46
*** sleepsonthefloor has joined #openstack20:46
*** vishy has joined #openstack20:47
*** xtoddx has joined #openstack20:48
*** sparkycollier has quit IRC20:53
alekibangoi have reworded my blueprint to be smarter, more generic and compatible:  https://blueprints.launchpad.net/nova/+spec/limit-resources-ensure-availibility20:54
alekibangonow i believe it will be acceptable by most :)20:56
*** kevnfx has joined #openstack20:56
*** Orman has joined #openstack20:57
OrmanI'm back.20:57
dendrobatesmeeting in 2 min20:58
OrmanPardon me,but I have never been in on the meeting.20:58
OrmanWhere do Igo?20:59
alekibangoOrman: /join #openstack-meeting20:59
alekibangoouch i have mistake in title :)20:59
alekibangofinally i hope https://blueprints.launchpad.net/nova/+spec/limit-resources-ensure-availability  :)21:00
*** littleidea has quit IRC21:06
*** littleidea has joined #openstack21:07
*** Cybodog has quit IRC21:15
*** Cybodog has joined #openstack21:15
*** westmaas1 has quit IRC21:17
*** littleidea has quit IRC21:23
*** littleidea has joined #openstack21:23
*** cruciform has joined #openstack21:27
*** spectorclan has quit IRC21:30
*** jdmaturen has left #openstack21:31
*** johnpur has quit IRC21:32
*** Orman has quit IRC21:33
*** mdiver has quit IRC21:36
* ttx goes to bed21:38
*** joearnold has quit IRC21:38
mtaylorcreiht: yes!21:41
mtaylorcreiht: but not this instant21:41
*** littleidea_ has joined #openstack21:41
*** littleidea has quit IRC21:45
*** littleidea_ is now known as littleidea21:45
*** HouseAway is now known as AimanA21:51
*** joearnold has joined #openstack21:52
*** jkakar has joined #openstack21:59
*** kevnfx has quit IRC22:00
mtaylorcreiht: so remind me and stuff22:01
creihtmtaylor: k, no worries22:02
*** sebastianstadil has quit IRC22:03
*** khussein has quit IRC22:04
*** ppetraki has quit IRC22:04
*** pvo has quit IRC22:04
*** sparkycollier has joined #openstack22:06
*** theron has quit IRC22:10
*** pvo has joined #openstack22:11
*** ChanServ sets mode: +v pvo22:11
*** Orman has joined #openstack22:13
*** ddumitriu has joined #openstack22:14
*** Orman_ has joined #openstack22:16
*** Orman has quit IRC22:20
Orman_alekibango: That was a great meeting.22:22
*** khussein has joined #openstack22:27
*** gondoi has quit IRC22:32
alekibangoheh :)22:37
Orman_Yep. ;)22:42
alekibangothose conferences... i wish we could do them via inet only22:42
*** littleidea has quit IRC22:43
*** abecc has quit IRC22:46
*** sparkycollier has quit IRC22:46
*** abecc has joined #openstack22:46
Orman_Yeah vidoe chat22:52
alekibangofor me audio+ text +  screen is ok22:52
*** pvo has quit IRC22:59
*** pvo has joined #openstack23:00
*** pvo has quit IRC23:00
*** pvo has joined #openstack23:00
*** ChanServ sets mode: +v pvo23:00
*** littleidea has joined #openstack23:00
*** DubLo7 has joined #openstack23:05
*** mdiver has joined #openstack23:05
*** pvo_ has joined #openstack23:07
*** ChanServ sets mode: +v pvo_23:07
*** hggdh has quit IRC23:08
*** Cybodog has quit IRC23:08
*** blakeyeager has quit IRC23:09
*** pvo has quit IRC23:10
*** metoikos has quit IRC23:10
*** pvo_ has quit IRC23:11
*** hggdh has joined #openstack23:11
*** perestrelka has quit IRC23:12
*** perestrelka has joined #openstack23:15
*** neogenix has quit IRC23:18
*** jkakar has quit IRC23:25
Orman_alekibango: right23:27
Orman_So where were we in our security discussion23:27
*** sebastianstadil has joined #openstack23:28
jc_smithanybody seen this one in nova-compute before?23:35
jc_smithTraceback (most recent call last):23:35
jc_smith  File "/opt/novascript/nova/nova/compute/manager.py", line 92, in run_instance23:35
jc_smith    yield self.driver.spawn(instance_ref)23:35
jc_smithAttributeError: virConnect instance has no attribute 'nwfilterDefineXML'23:35
*** krish has quit IRC23:36
jc_smithhmm, maybe wrong version of libvirt23:37
*** zaitcev has joined #openstack23:42
*** devx has joined #openstack23:43
*** gaveen has quit IRC23:47
*** pvo has joined #openstack23:48
*** ChanServ sets mode: +v pvo23:48
*** ambo has joined #openstack23:52
*** elasticdog has quit IRC23:53
*** littleidea has quit IRC23:54
*** sebastianstadil has quit IRC23:54
*** abecc has quit IRC23:54
*** dysinger has quit IRC23:57

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!