Tuesday, 2010-11-02

*** miclorb has quit IRC		00:00
pvo	Orman: made some changes to your doc	00:02
*** dendro-afk is now known as dendrobates		00:03
*** sebastianstadil_ has joined #openstack		00:05
*** sebastianstadil has quit IRC		00:08
*** sebastianstadil_ is now known as sebastianstadil		00:08
*** miclorb_ has joined #openstack		00:08
*** gustavomzw has quit IRC		00:09
*** dragondm has quit IRC		00:09
*** aliguori has joined #openstack		00:10
*** sparkycollier_ has joined #openstack		00:11
*** sparkycollier has quit IRC		00:13
*** sparkycollier_ is now known as sparkycollier		00:13
*** Orman has joined #openstack		00:20
Orman	Anyone on	00:20
devcamcar	few of us lurkers!	00:20
Orman	:)	00:21
Orman	devcamcar: So which dev are you?	00:21
Orman	Nova or Swift.	00:22
devcamcar	primarily nova, i'm on the nasa nebula dev team	00:22
*** dendrobates is now known as dendro-afk		00:25
Orman	Really?	00:25
*** sparkycollier has quit IRC		00:25
Orman	devcamcar: I would like to work for Nasa one day in Security. ;D	00:26
Orman	We have made a Nova Security Notes doc to outline our plans.	00:26
devcamcar	orman: awesome	00:26
Orman	devcamcar: Would you be interested in collab your knowledge of Nova to the notes?	00:27
devcamcar	orman: what do you have so far?	00:27
Orman	http://etherpad.openstack.org/NovaSecurityNotes	00:28
pvo	Orman: I made some notes.	00:29
pvo	Orman: are you coming to the summit?	00:29
Orman	pvo:Ok awesome	00:29
Orman	pvo: I wish,but I live in Florida. :(	00:29
devcamcar	orman: this is a great start	00:29
devcamcar	i'll be at the summit all next week	00:30
pvo	Orman: its only a few hours from FL.	00:30
pvo	: )	00:30
alekibango	orman: i striked out one line, have really no sense	00:30
Orman	anne said there will be some security info talked about their.	00:30
Orman	alekibango: Ok I'll look.	00:31
Orman	pvo: I know,but I am still in school. ;)	00:31
pvo	Orman: likely so. I'd love to talk more to this in person. Some of it makes perfect sense, but others seem contradictory.	00:31
pvo	Orman: I'm in class right now. :p	00:31
Orman	Cool	00:32
Orman	devcamcar Feelfree to add new notes or code. ;)	00:32
alekibango	pvo: we can all meet using VOIP (mumble)	00:32
pvo	"Users should not be able to listen to packets coming in from the network"	00:32
pvo	this one is a bit confusing	00:32
alekibango	pvo please feel free to edit	00:33
alekibango	its just piece of something	00:33
alekibango	to lure people to actually help	00:33
pvo	well, I dont' mind editing, but I didn't want to go through ripping anything out without notes	00:33
alekibango	:)	00:33
Orman	That one line was mine pvo.	00:33
alekibango	pvo: there is history in worst case, dont be shy, edit	00:33
alekibango	:)	00:33
pvo	Orman: you might want to expand that one a bit more. I'm unsure of the intention.	00:34
alekibango	pvo: he means that user of one virtual guest should not be able to listen to what other VGs are sending over network	00:34
alekibango	iiuc	00:34
Orman	I mean just data being sent too one shouldn't be intercepted.	00:34
alekibango	Orman: you have there different classess of data	00:35
alekibango	you need to list them	00:35
Orman	Alekibango:Right I will do that when I get a sec.	00:35
alekibango	he could listen to public network maybe, but he for sure should not listen to communication with storage center etc	00:35
Orman	What we need is source code. :P	00:35
*** MarkAtwood has quit IRC		00:35
pvo	https://blueprints.launchpad.net/nova/+spec/xs-host-networking-protections <- applies to XenServer, but the -tables can apply to any nix host.	00:35
alekibango	heh, right, and it differs for evry h-vizor	00:36
Orman	Good blueprint	00:36
alekibango	Orman: thats why we need to start with generic rules first	00:36
pvo	alekibango: not really. Unix hosts should have those 3 tools.	00:36
Orman	Of course	00:36
*** dabo has quit IRC		00:36
pvo	Windows, yea, off the reservaation	00:36
Orman	I just excited sometimes. :P	00:36
alekibango	3 tools? uh???	00:37
pvo	ebtables, iptables, tables	00:37
pvo	arptables	00:37
Orman	Ah ok	00:37
Orman	;)	00:37
alekibango	ah, i was not talking about them :)	00:37
alekibango	anyway, they should	00:37
pvo	you need to block at the bridge or just outside	00:37
alekibango	pvo: but thats technical talk	00:37
alekibango	we need to first identify goals and expectations	00:38
alekibango	then technical measures to achieve policy	00:38
*** schisamo has quit IRC		00:38
pvo	alekibango: agreed	00:38
alekibango	great	00:38
alekibango	please help orman, i have still some other work to do now :)	00:38
Orman	Ok	00:38
*** daleolds has quit IRC		00:38
Orman	Hmmm what other goals could we add.	00:39
pvo	secure comm with guest	00:39
Orman	;)	00:39
* pvo wanders over to add it.		00:39
alekibango	go for it! :)	00:40
alekibango	and secure virtual guest groups	00:40
alekibango	:)	00:40
Orman	Orman likes that idea! ;)	00:40
*** kevnfx has joined #openstack		00:40
Orman	Permissions of guest groups	00:42
*** daleolds has joined #openstack		00:43
Orman	Oh ahah I already have that one. ;)	00:43
*** ppetraki has joined #openstack		00:43
Orman	Don't be shy guys edit it!	00:44
Orman	Want to be good. ;)	00:44
*** ppetraki has quit IRC		00:45
*** jc_smith has quit IRC		00:46
*** grizzletooth has left #openstack		00:46
Orman	pvo: Did you add that one? I don't see it.	00:47
*** aliguori has quit IRC		00:47
pvo	I just changed that line we were discussing a few min ago	00:47
pvo	The host should filter traffic to the guest to prevent the guest from spoofing traffic or sniffing traffic	00:47
pvo	sounds more like a "goal"	00:47
Orman	Ok thats I wanted know.	00:47
pvo	or maybe "the system shoudl"	00:48
Orman	Thinking	00:48
Orman	I guess the system should	00:48
pvo	yea, may not be the host doing the filtering	00:49
Orman	Right	00:49
Orman	The host would be protected from any threat of security from the guest.	00:50
Orman	Permissions	00:50
pvo	Orman: agree in principle, but that might fall to some of the hypervisor implementations.	00:51
*** abecc has quit IRC		00:51
Orman	Yeah	00:52
Orman	I would like to make that universal in which the host could be protected no matter the situation.	00:52
pvo	I'm not exactly sure you can do that.	00:52
Orman	Just a thought.	00:52
Orman	We are doing well with outlining the goals and after that's done we can start on detailing them. ;)	00:55
Orman	Diagrams,code,and so forth.	00:55
*** miclorb_ has quit IRC		00:56
*** littleidea has quit IRC		01:01
*** adjohn has joined #openstack		01:02
*** miclorb_ has joined #openstack		01:03
*** miclorb_ has quit IRC		01:05
*** littleidea has joined #openstack		01:05
*** littleidea has quit IRC		01:05
*** jdmaturen has quit IRC		01:09
eday	pvo: it looks like a number of blueprints you added already had blueprints from other folks. we should probably try to consolidate them	01:10
pvo	yep, I figured that would be the case.	01:12
pvo	I was going to dig into that later. easier to throw out dupes.	01:12
pvo	some may be specific to xenserver while others might be more generic.	01:13
*** pvo has quit IRC		01:15
*** adjohn has quit IRC		01:18
*** mdomsch has quit IRC		01:22
Orman	devcamcar: Good point with the Virtual guest one. ;)	01:28
*** metcalfc has quit IRC		01:29
Orman	devcamcar: We will have to add some more things to it.	01:29
*** khussein has joined #openstack		01:29
*** jbryce has quit IRC		01:30
Orman	+eday: Feel free to edit the notes too.	01:32
*** daleolds has quit IRC		01:32
*** Orman has quit IRC		01:34
*** jdmaturen has joined #openstack		01:37
*** MarkAtwood has joined #openstack		01:37
*** Ryan_Lane has quit IRC		01:51
*** Ryan_Lane has joined #openstack		01:56
*** pvo has joined #openstack		01:59
*** pvo has joined #openstack		01:59
*** ChanServ sets mode: +v pvo		01:59
*** jdmaturen has quit IRC		02:05
pvo	eday: to your point about duplicate blueprints, some of them are generic in "inject files" ( i see we both had that one) but some of the ones I added are xenserver specific.	02:07
pvo	not sure if we want to make a distinction somewhere.	02:07
*** ambo has quit IRC		02:13
*** ambo has joined #openstack		02:17
*** Orman has joined #openstack		02:20
Orman	Back online. :)	02:21
*** mmalgeri has quit IRC		02:24
Orman	devcamcar: Thanks for adding some notes to our Nova Security Notes. :D	02:27
*** miclorb has joined #openstack		02:27
eday	pvo: ahh, ok. we should probably try to make them generic (not just xs). Of course there is the qquestion of if a feature is "complete" if it only works for one of the supported hypervisors	02:29
pvo	yea, I was just talking to ewan about that.	02:29
pvo	do we have to implement a 'not implemented' feature in other hypervisors or... ?	02:30
pvo	I dunno	02:30
pvo	I figured that was good summit fodder	02:30
eday	yeah	02:31
* eday sees a feature matrix coming soon		02:31
pvo	yea, I think thats going to be a necessity	02:31
*** schisamo has joined #openstack		02:33
*** schisamo_ has joined #openstack		02:35
*** schisamo has quit IRC		02:38
*** schisamo_ is now known as schisamo		02:38
*** mdomsch has joined #openstack		02:41
*** arthurc has quit IRC		02:44
Orman	Feature matrix ah yes!!! ;)	02:45
*** arthurc has joined #openstack		02:47
*** jdmaturen has joined #openstack		02:48
pvo	http://wiki.openstack.org/NovaFeatureMatrix	02:56
pvo	have at it. : )	02:56
pvo	I'll add what I can later. Tonight I have to finish a paper. : /	02:56
*** jdmaturen has quit IRC		02:57
Orman	Okay pvo	03:01
Orman	Thanks for your help with the security stuff today.	03:02
Orman	;)	03:02
*** jdmaturen has joined #openstack		03:04
*** jdmaturen has quit IRC		03:08
pvo	np. Hope we can finish the doc.	03:08
*** blakeyeager has joined #openstack		03:11
Orman	+pvo: I hope so too.	03:15
*** jdmaturen has joined #openstack		03:16
Orman	I just can't wait to ee alekibango's diagram.	03:16
pvo	Orman: what is he diagramming?	03:16
Orman	He' drawing up a blueprint for the Nova Security Notes I believe.	03:17
Orman	Outlining some things.	03:17
pvo	ah	03:17
*** joearnold has joined #openstack		03:18
Orman	Yep ;)	03:18
Orman	devcamcar made a great point in the notes about the Virtual Guest I wrote about.	03:19
pvo	which note?	03:20
Orman	The Nova Security Notes	03:20
Orman	http://etherpad.openstack.org/NovaSecurityNotes	03:20
pvo	right, I'm there, but I don't see his color. (purple)	03:20
Orman	Under the section Virtual Guest.	03:21
pvo	"Virtual Guest Security Permissions For The User" ?	03:21
Orman	Yeah	03:22
Orman	I messed up on that one.	03:22
pvo	I added the 2 comments in parenthesis	03:22
Orman	Oh ok it was you my bad.	03:22
Orman	lol I thought it was devcamcar.	03:23
Orman	Then I have you to thank.	03:23
pvo	no worries, just trying to see what he added. : )	03:23
Orman	Ok	03:23
Orman	So with what you put in the second parentheses that's what I need to add.	03:25
Orman	They would need to be separate.	03:25
pvo	they don't have to be, but probably should be. Its less of an issue if you're not doing multi-tenent	03:26
Orman	However it makes sense though with what you added.	03:26
Orman	It's probably safer as well. ;)	03:26
Orman	If you can add more about that I'd love that!	03:27
pvo	I will if I have time. : )	03:27
Orman	Ok	03:27
Orman	I don't mean to rush you. I am just glad you're on the doc with us.	03:28
Orman	The more people the better. ;)	03:28
pvo	well, I have a lot more to add, so I'll chop the doc up soonish.	03:28
Orman	Ok that sounds good because I have class tomorrow so I won't be on till later in the afternoon around 4:00ESt.	03:30
Orman	Just thought I'd tell you.	03:30
pvo	ha, won't be before then.	03:30
Orman	I know	03:35
Orman	I just wanted tell you	03:35
*** neogenix has joined #openstack		03:38
*** kashyapc has joined #openstack		03:41
*** Ryan_Lane has quit IRC		03:47
*** Ryan_Lane has joined #openstack		03:47
*** ArdRigh has quit IRC		03:54
*** jc_smith has joined #openstack		04:01
*** gaveen has joined #openstack		04:02
*** littleidea has joined #openstack		04:02
Orman	alekibango:You on	04:03
*** littleidea_ has joined #openstack		04:04
*** littleidea has quit IRC		04:07
*** littleidea_ is now known as littleidea		04:07
*** AimanA is now known as HouseAway		04:16
sebastianstadil	Where in the launchpad interface do you join Swift?	04:16
Orman	alekibango: I added some new things under the Virtual Guest Security Permissions.	04:17
Orman	sebastianstadil: Did you try this https://launchpad.net/~swift	04:20
*** Ryan_Lane has quit IRC		04:21
Orman	+pvo: Check the notes when you get a chance because I elaborated on what you said in the parentheses. ;)	04:26
Orman	+pvo: Ok	04:30
*** ambo has quit IRC		04:30
pvo	watching me type? : P	04:30
Orman	Yes	04:30
Orman	:P	04:30
Orman	You are pointing out some great ones.	04:30
sebastianstadil	Orman: Difference between https://launchpad.net/~swift and https://launchpad.net/swift is user / project? I can't any 'Join' on either.	04:33
*** ambo has joined #openstack		04:33
Orman	Ok	04:34
*** omidhdl has joined #openstack		04:39
*** omidhdl1 has joined #openstack		04:42
*** omidhdl has quit IRC		04:42
*** blakeyeager has quit IRC		04:43
Orman	alekibango: you on?	04:44
Orman	+pvo did added some great pointers.	04:44
*** kashyapc has quit IRC		04:45
sebastianstadil	Seems like the subscription policy is set to closed	04:46
Orman	:(	04:49
Orman	sebstainstadil: Are you a dev?	04:50
sebastianstadil	I am, yes	04:50
Orman	Do you know Nova at all?	04:50
sebastianstadil	But for this instance I am helping someone join	04:51
Orman	Ok	04:51
*** BK_man has joined #openstack		04:51
*** BK_man has joined #openstack		04:51
Orman	I am helping to write the Nova Security Notes if you're interested at all.	04:51
Orman	https://launchpad.net/~swift	04:52
Orman	ooops worng link haha	04:52
Orman	Here: http://etherpad.openstack.org/NovaSecurityNotes	04:52
sebastianstadil	I run a cloud computing group in the Bay area, and encourage members to participate in OpenStack - I was asked how to join and couldn't respond	04:53
Orman	Ok	04:53
Orman	Well if you have any security ideas or goals for Nova then please add them in the notes.	04:54
*** mdomsch has quit IRC		04:55
*** alekibango has quit IRC		04:58
Orman	Have a blessed night guys. I'm going to hit the hay.;)	05:02
Orman	See ya guys tomorrow.	05:02
*** kevnfx has quit IRC		05:02
Orman	God bless and night.	05:02
sebastianstadil	Good night	05:03
Orman	night	05:03
*** Orman has quit IRC		05:03
*** krish has joined #openstack		05:13
*** schisamo has quit IRC		05:16
*** krish has quit IRC		05:20
*** joearnold has quit IRC		05:23
*** krish has joined #openstack		05:24
*** kashyapc has joined #openstack		05:31
*** khussein has quit IRC		05:34
*** kashyapc has quit IRC		05:35
*** kashyapc has joined #openstack		05:35
*** Dweezahr has quit IRC		05:38
*** Dweezahr has joined #openstack		05:39
*** MarkAtwood has quit IRC		05:41
*** metcalfc has joined #openstack		05:47
*** hazmat has quit IRC		05:47
*** littleidea has quit IRC		05:52
*** ramkrsna has joined #openstack		05:54
*** ramkrsna has joined #openstack		05:54
*** dmd17 has quit IRC		05:56
*** dmd17 has joined #openstack		05:56
*** zaitcev has quit IRC		05:59
anticw	redbo: awake?	06:04
*** metcalfc has quit IRC		06:08
*** alekibango has joined #openstack		06:09
*** jc_smith has quit IRC		06:10
*** pvo has quit IRC		06:11
*** al-maisan has joined #openstack		06:23
*** infernix has quit IRC		06:32
*** infernix has joined #openstack		06:33
*** ranjib has joined #openstack		06:33
ranjib	hi all	06:38
*** stewart has quit IRC		06:38
*** stewart has joined #openstack		06:50
*** dmd17 has quit IRC		06:51
*** dmd17 has joined #openstack		06:52
*** stewart has quit IRC		07:01
*** infernix has quit IRC		07:02
*** infernix has joined #openstack		07:11
*** miclorb has quit IRC		07:11
*** alekibango has quit IRC		07:13
*** stewart has joined #openstack		07:14
*** alekibango has joined #openstack		07:18
*** ramkrsna has quit IRC		07:18
*** omidhdl1 has quit IRC		07:22
*** omidhdl has joined #openstack		07:23
*** alekibango has quit IRC		08:04
*** termie has quit IRC		08:12
*** termie has joined #openstack		08:17
*** ramkrsna has joined #openstack		08:18
*** alekibango has joined #openstack		08:22
*** ibarrera has joined #openstack		08:24
*** eldarnugaev has joined #openstack		08:26
*** sebastianstadil has quit IRC		08:28
*** krish has quit IRC		08:33
*** sebastianstadil has joined #openstack		08:41
*** krish has joined #openstack		08:45
*** allsystemsarego has joined #openstack		08:46
*** perestrelka has quit IRC		08:47
*** eldarnugaev has quit IRC		08:50
*** miclorb_ has joined #openstack		08:58
*** dmd17 has quit IRC		09:01
*** perestrelka has joined #openstack		09:11
*** sebastianstadil_ has joined #openstack		09:19
*** openfly has quit IRC		09:20
*** sebastianstadil has quit IRC		09:21
*** sebastianstadil_ is now known as sebastianstadil		09:21
*** irahgel1 has joined #openstack		09:25
*** sebastianstadil has quit IRC		09:26
*** dizz\|away has quit IRC		09:38
*** ptremblett has quit IRC		09:41
*** Ryan_Lane has joined #openstack		09:55
*** f4m8_ is now known as f4m8		09:57
*** omidhdl1 has joined #openstack		09:58
*** omidhdl has quit IRC		09:58
*** ranjib has quit IRC		10:01
*** Ryan_Lane has quit IRC		10:04
*** ranjib has joined #openstack		10:06
*** ambo has left #openstack		10:08
*** ar1 has quit IRC		10:14
*** ar1 has joined #openstack		10:15
*** aimon has quit IRC		10:18
*** aimon has joined #openstack		10:18
*** ar1 has quit IRC		10:20
*** aimon_ has joined #openstack		10:23
*** miclorb_ has quit IRC		10:25
*** aimon has quit IRC		10:26
*** aimon_ is now known as aimon		10:26
*** ptremblett has joined #openstack		10:55
*** openstack_newbie has quit IRC		11:05
*** omidhdl1 has left #openstack		11:09
*** eldarnugaev has joined #openstack		11:17
*** openfly has joined #openstack		11:31
*** dendro-afk is now known as dendrobates		11:35
*** ctennis has quit IRC		11:37
*** ddumitriu has joined #openstack		11:45
*** stewart has quit IRC		11:48
*** ddumitriu has quit IRC		11:50
*** stewart has joined #openstack		11:55
*** dendrobates is now known as dendro-afk		12:04
*** dendro-afk is now known as dendrobates		12:04
*** ramkrsna has quit IRC		12:04
*** dysinger has quit IRC		12:09
*** littleidea has joined #openstack		12:11
*** kashyapc has quit IRC		12:14
*** littleidea has quit IRC		12:19
*** littleidea has joined #openstack		12:22
*** schisamo has joined #openstack		12:23
*** littleidea_ has joined #openstack		12:27
*** mdiver_ has joined #openstack		12:27
*** ctennis has joined #openstack		12:28
*** littleidea has quit IRC		12:28
*** littleidea_ is now known as littleidea		12:28
BK_man	ping	12:31
BK_man	anybody trying to run nova on several hosts?	12:32
BK_man	mine got problems on second host	12:32
BK_man	nova-compute running ok, but euca-describe-instances failed to connect to localhost:8773	12:33
BK_man	any clue?	12:33
piken	BK_man: nova-compute or nova-manager?	12:34
BK_man	piken: nova-compute, according to the http://etherpad.openstack.org/ep/pad/view/NovaMultinodeInstall/latest	12:34
piken	BK_man: If your having connection issues to localhost:8773, you probally have the ec2_url set wrong on the node that is having the error.	12:36
piken	ec2_url needs to point to the cloud controller (nova-manager)	12:37
BK_man	piken: this is what I have: http://paste.openstack.org/show/89/	12:37
BK_man	piken: this is from compute (2nd) node	12:38
piken	BK_man: hmm, something else is going wrong because you have url set right, but your error is stating it is trying to connect to localhost, not to 172.20.102.12	12:39
mdiver_	Trying to start nova-api , I've got an Error, " ImportError : cannot import name pidlockfile "	12:39
mdiver_	any ideas ?	12:39
mdiver_	Running on Centos5.5.	12:39
BK_man	Oh! My bad... nova/novarc was outdated. sorry!	12:39
*** MarkAtwood has joined #openstack		12:40
piken	mdiver: did you install python-daemon?	12:41
*** MarkAtwood has quit IRC		12:42
piken	your failure is from an import.	12:42
piken	from daemon import pidlockfile in server.py	12:42
piken	The docs for centos5.5 install are not that good as all the python libs installed are 2.4.3 not 2.6 that is needed.	12:43
*** westmaas1 has joined #openstack		12:43
piken	you have to use easy-install2.6 to install the 2.6 version after you get 2.6 installed. Easiest to use epel to do that.	12:43
BK_man	Interesting... I can now see an instance running on first node from second node but can't reach it by network. What's wrong with my setup?	12:43
piken	BK_man: not sure there. Might be a routing or iptables issue.	12:44
*** kevnfx has joined #openstack		12:44
*** mmalgeri has joined #openstack		12:45
BK_man	piken: I do not even have a route to my VMs network on second node. What service is responsible for managing host's networking?	12:47
BK_man	(I meant what service in nova)	12:47
mdiver_	piken: I've installed Daemon.	12:47
mdiver_	The pidlockfile.py is there	12:47
piken	mdiver: easy test start an interactive python shell and type `from daemon import pidlockfile`	12:48
piken	BK_man: I am not sure. Let me ask the admin in ops that has been doing the setup while I have been focusing on dev work for it.	12:48
mdiver_	piken: in python2.4 I can import.. not a problem... However, running python2.6 it gives me the error.	12:50
mdiver_	pike: I've noticed that pidlockfile.py on 2.6 is a separated file	12:50
mdiver_	piken: while in 2.4 it is a daemon.py function	12:50
*** Podilarius has joined #openstack		12:52
mdiver_	piken: I was able to import 'import lockfile'	12:53
*** pvo has joined #openstack		12:54
*** ChanServ sets mode: +v pvo		12:54
*** gustavomzw has joined #openstack		12:54
*** pvo has quit IRC		12:59
piken	mdiver_: when you used easy_install-2.6 to install daemon did you install daemon or python-daemon as they are different?	13:00
*** BK_man_ has joined #openstack		13:01
mdiver_	piken: I've installed both.	13:03
*** BK_man has quit IRC		13:04
piken	If you installed both, you would not have the issue.	13:04
*** mdomsch_ has joined #openstack		13:04
piken	from daemon import pidlockfile is an import from python-daemon	13:05
*** BK_man_ has quit IRC		13:05
piken	if you easy_install-2.6 python-daemon, it would work with out a failure on the import.	13:05
mdiver_	piken: I could import pidlockfile issuing => 'from lockfile import pidlockfile'	13:08
mdiver_	I can find the file under /usr/lib/python2.6/site-packages/python_daemon-1.5.5-py2.6.egg/daemon/pidlockfile.py	13:10
*** eldarnugaev has quit IRC		13:15
mdiver_	piken: It is not supposed to be 'from lockfile import pidlockfile' instead of 'from daemon import pidlockfile' ???	13:16
piken	no, it is from daemon	13:16
mdiver_	piken: It can't find pidlockfile on daemon, just on lockfile... spooky..	13:17
ranjib	mdiver: u there?	13:19
ranjib	mdiver_: i have recently documented the centos 5.5 installation .. its working smooth on my end.. i too faced the same issue.	13:20
ranjib	mdiver_: but after issuing easy_install-2.6 daemon, it was resolved	13:20
mdiver_	ranjib: Hi, I'm here	13:20
ranjib	mdiver_:http://wiki.openstack.org/NovaInstall#Nova_installation_on_CentOS_5.5	13:22
mdiver_	ranjib: I can see at least 3 daemon under site-packages ./daemon , ./python_daemon, ./daemon-1.0-py2.6 , should I remove them ?	13:22
mdiver_	ranjib: and re-install daemon only ?	13:22
ranjib	mdiver_:you should have python_daemon 1.5..5 only	13:25
*** mmalgeri has quit IRC		13:26
ranjib	mdiver_:easy_install 2.6 daemon should do the job. but before that clean up rest	13:26
mdiver_	ranjib: Python question... can I just delete them Up ?	13:26
*** theron has joined #openstack		13:28
ranjib	mdiver_:yes	13:28
*** pvo has joined #openstack		13:30
*** ChanServ sets mode: +v pvo		13:30
ranjib	mdiver_:let me know if that fixes the problem	13:32
*** pvo has quit IRC		13:34
mdiver_	ranjib: I will. working on that now.	13:34
*** pvo has joined #openstack		13:34
*** ChanServ sets mode: +v pvo		13:34
mdiver_	ranjib: I've removed all Daemons and removed from the easy-install.pth file all daemon references, issued the command as explained in the guide : easy-install-2.6 daemon	13:39
mdiver_	ranjib: I can see now that under ./site-packages/daemon-1.0-py2.6.egg was installed	13:39
mdiver_	ranjib: However, still not able to resolve pidlockfile	13:40
mdiver_	ranjib: Still having the same error.	13:40
mdiver_	ranjib: running Python prompt I can't either.	13:41
*** abecc has joined #openstack		13:42
*** kevnfx has quit IRC		13:43
*** abecc has joined #openstack		13:43
ranjib	mdiver_: let me kickstart a centos and check things out at my end	13:45
*** mdomsch_ has quit IRC		13:47
*** gaveen has quit IRC		13:48
mdiver_	ok	13:49
piken	the install is not easy-install-2.6 daemon	13:56
piken	It is easy-install-2.6 python-daemon	13:56
piken	They are different pypi packages and python-daemon is the required.	13:57
*** gondoi has joined #openstack		13:57
mdiver_	piken: I've tried this one easy-install-2.6 python-daemon , I didn't work... let me try again...	13:57
piken	you didn't do it if it did not work. I have tested it on 40+ nodes here that are all centos5.5 and it works without an issue.	13:58
*** gaveen has joined #openstack		14:01
ranjib	mdiver_: hey, piken is right, its python-daemon	14:01
*** Ryan_Lane has joined #openstack		14:03
*** irahgel1 has quit IRC		14:04
*** blakeyeager has joined #openstack		14:09
*** littleidea_ has joined #openstack		14:14
*** littleidea has quit IRC		14:17
*** littleidea_ is now known as littleidea		14:17
*** metcalfc has joined #openstack		14:19
*** irahgel1 has joined #openstack		14:25
*** ppetraki has joined #openstack		14:26
soren	anotherjesse:	14:27
soren	whoops	14:27
soren	anotherjesse: Did you see my comment on the whiteboard of https://blueprints.launchpad.net/nova/+spec/austin-puppet-deployment ?	14:27
*** Cybodog has joined #openstack		14:32
*** johnpur has joined #openstack		14:41
*** ChanServ sets mode: +v johnpur		14:41
*** gustavomzw has quit IRC		14:43
*** neogenix has quit IRC		14:43
*** Ryan_Lane has quit IRC		14:44
*** metcalfc has quit IRC		14:44
piken	ranjib: mdiver_ is having issues due to easy_install on the box he was working on. It was importing some weird new version of python-daemon-1.6 when it is missing have the package. Then when using setuptools and building 1.5.5 directly, it would fail when he would do the import for an issue with the lockfile egg.	14:47
piken	Seems that system has something weird happening with pypi	14:47
*** Orman has joined #openstack		14:51
*** kevnfx has joined #openstack		14:53
ranjib	piken: strange .	14:53
*** f4m8 is now known as f4m8_		14:53
Orman	Hello	14:55
*** schisamo has quit IRC		14:55
*** Orman has quit IRC		14:59
*** grizzletooth has joined #openstack		15:00
ranjib	i am forking vishy's nova.sh for centos,,, any contribution is welcome .	15:02
*** iammartian has left #openstack		15:05
*** eldarnugaev has joined #openstack		15:07
piken	I would suggest doing it all as one script with a param of the os to be added that way it can be extended to more in the future.	15:07
piken	./nova.sh centos	15:07
piken	./nova.sh ubuntu	15:07
piken	etc	15:07
dendrobates	yep	15:08
creiht	what about ./nova.sh gentoo? :)	15:08
piken	We might also think of not doing it as bash	15:09
grizzletooth	gentoo-ers wouldn't use it. they would just read the lines in the script and and try to run them each manually.	15:09
piken	Doing it as python using very minor standards. python 2.4 min with no outside modules will give us a little more flexability to the script	15:09
piken	grizzletooth: lol, good one	15:09
ranjib	piken: wont that make the script too long...	15:11
ranjib	piken: currenty i replace the services shebang line with env python2.6 too...	15:11
ranjib	piken:as i cant change the systems's default python 2.4 for its dependance on yum	15:12
*** iammartian has joined #openstack		15:12
piken	ranjib: I think it would be cleaner. Have the script be really basic and know how to install items for each os (and be in the base python installed on the system).	15:13
piken	I would then have it use internals of python to first pull down a manifest from the nova repo that contains the deps for the system noted.	15:14
piken	MANIFEST.centos for example	15:14
ranjib	piken: good idea ..	15:14
piken	It would then loop through that to install rpms via yum, and use easy_install and such as needed.	15:14
piken	ranjib: I think it would make it clean to manage as each os would have a function set in the main on how to install for them, but the package naming and such would be in the manifest	15:15
ranjib	piken: how do we do the manual installations.. stuff like gflags binding? system commans?	15:15
*** Cybodog has quit IRC		15:15
piken	ranjib: I would have a funciton for each as most will be the same on all systems.	15:16
piken	As for system commands, I would have a map in the script that associates commands with the system they are on, and use that map to determine what commands to run.	15:16
piken	I got the idea for this from the fusion-forge installer. https://fusionforge.org/scm/viewvc.php/checkout/trunk/src/fusionforge-install-1-deps.php?root=fusionforge&revision=10070&content-type=text%2Fplain&pathrev=10070	15:21
mdiver_	ranjib: For Centos how did you get the python-nova , nova-api, nova-objectstore, nova-compute ... etc ??	15:21
piken	It does similar but in php except it has all the dependency names for each system internal.	15:21
ranjib	mdiver_: branched it from launchpad only ..	15:22
piken	bzr clone https://launchpad.net/nova or use the dl link on the side of https://launchpad.net/nova	15:23
piken	sry bzr branch https://launchpad.net/nova	15:23
ranjib	had to replace the shebang line.. i used sed for that, dont know if theres a sain way.. wish python has something like rvm	15:23
ranjib	*sane	15:25
*** gaveen has quit IRC		15:25
piken	That is why I prefer writing installers in standards that use the installed version on the system no matter what.	15:25
piken	if you write in code that would work on 2.4 and 2.6 if it runs on /usr/bin/python or /usr/bin/python26 it doesn't matter.	15:26
*** gaveen has joined #openstack		15:26
grizzletooth	use perl for the install script and you won't have to worry about it <grizzletooth ducks and runs for cover>	15:27
piken	LOL	15:28
ranjib	grizzletooth: :-)	15:28
ranjib	leaving aside readability.. even im more comfortable with perl..	15:29
grizzletooth	I aspire to be a python coder, but am still stuck with too much perl experience ;)	15:29
* piken slaps grizzletooth with a peice of trout!		15:30
grizzletooth	ouch - stinky	15:30
piken	lol	15:30
piken	I have done too much perl in my life, and too much php.	15:30
*** rds__ has joined #openstack		15:30
piken	I actually have become fond of python. It is a very clean and very easy language to work with.	15:30
ranjib	i did loads of perl, a bit python, and now ruby ....	15:31
piken	Talk to me about perl when you have had to help recode a huge part of Bugzilla before they had a style guide. lol	15:31
ranjib	piken:python is full of boiler plates	15:31
piken	lol	15:31
piken	I am not a fan of ruby	15:31
ranjib	every time i see method(self) ,, i wonder what was wrong with perl then?	15:32
*** khussein has joined #openstack		15:33
*** schisamo has joined #openstack		15:34
piken	Only thing that pisses me off with python is != is not standard	15:34
piken	Stupid <>	15:34
notmyname	piken: what are you talking about? != is the normal way to do inequality checks in python	15:35
*** hazmat has joined #openstack		15:36
*** comstud has joined #openstack		15:38
*** ChanServ sets mode: +v comstud		15:38
ranjib	i just like python's readability ..	15:40
ranjib	else gic, versions inconsistencies, package management.. everything sucks big time	15:40
piken	notmyname: one of the pep's pushes a standard use of <> over !=	15:40
creiht	piken: http://docs.python.org/library/stdtypes.html#comparisons	15:41
creiht	<> is obsolete	15:42
piken	Hey, sue me. I haven't read the peps in a while. lol. Must have obsoleted it with 3.0	15:42
redbo	also, I hate how python makes you end statements with semicolons	15:43
notmyname	just for fun: http://docs.python.org/release/2.0/ref/comparisons.html	15:44
notmyname	mentions <> is depreciated	15:45
creiht	hah	15:45
notmyname	piken: just giving you a hard time :-)	15:45
eday	vishy: are you guys still seeing any concurrency issues with eventlet?	15:48
*** spectorclan has joined #openstack		15:50
*** metcalfc has joined #openstack		15:51
*** metcalfc has joined #openstack		15:52
*** al-maisan is now known as almaisan-away		16:00
vishy	eday: I haven't been monitoring it recently	16:01
vishy	eday: we put HAProxy in front of 8 nova-apis	16:01
*** sebastianstadil has joined #openstack		16:02
vishy	eday: last time i saw it, it appeared to be connecting to sql that was giving the error. I'm thinking using the thread local session in db/sqlalchemy/session.py might fix it, but i haven't been able to investigate.	16:03
eday	vishy: ahh, ok	16:19
*** mdiver_ has quit IRC		16:29
*** mmalgeri has joined #openstack		16:29
*** neogenix has joined #openstack		16:29
*** eldarnugaev has quit IRC		16:29
*** Dweezahr has quit IRC		16:35
*** infernix has quit IRC		16:36
*** ttx has quit IRC		16:36
*** zykes- has quit IRC		16:36
*** morfeas has quit IRC		16:36
*** Xenith has quit IRC		16:36
*** spike has quit IRC		16:36
*** ttx has joined #openstack		16:36
*** ttx has joined #openstack		16:36
*** Xenith has joined #openstack		16:36
*** morfeas has joined #openstack		16:36
*** infernix has joined #openstack		16:36
*** spike has joined #openstack		16:36
*** joearnold has joined #openstack		16:38
*** mdiver has joined #openstack		16:40
*** joearnold has quit IRC		16:41
ranjib	mdiver: u there>	16:43
ranjib	mdiver: u need to remove daeom and python-daemon, u should install python-daemon -1.5.5	16:46
*** zykes- has joined #openstack		16:46
*** Dweezahr has joined #openstack		16:46
piken	ranjib: he did	16:46
piken	There looks to be a metaclass issue with lockfile currently for him	16:47
piken	he might need to use an older version of lockfile as it looks like the newest lockfile and python-daemon are fubar in pypi at the moment	16:47
piken	0.9.0 and 0.9.1 have issues.	16:48
*** DubLo7 has joined #openstack		16:49
*** dpackard has joined #openstack		16:50
dpackard	hi all	16:50
dpackard	can anyone tell me if installing openstack nova makes changes to /etc/inetd.conf ?	16:51
ranjib	piken: really? how he installed the python_daemon?	16:52
ranjib	piken: i just did it using easy_install-2.6 python-daemon==1.5.5 , and now its working fine	16:52
piken	He installed it from the tarball	16:53
*** jdmaturen has quit IRC		16:53
soren	dpackard: It doesn't.	16:53
piken	http://paste.openstack.org/show/90/	16:53
dpackard	thanks soren	16:54
piken	ranjlib: there is the error the import gives and I have found some ubuntu bugs on google that point it at a lockfile 0.9.0 issue	16:54
*** littleidea has quit IRC		16:58
*** jdmaturen has joined #openstack		17:00
*** sebastianstadil has quit IRC		17:02
*** sebastianstadil has joined #openstack		17:05
*** ranjib has quit IRC		17:06
*** neogenix has quit IRC		17:08
elasticdog	is there not a swift.sh script to help set up the saio environment like the nova.sh script?	17:17
*** jdmaturen has quit IRC		17:20
grizzletooth	elasticdog: not that I have seen - just the SAIO and multiserver docs http://swift.openstack.org/development_saio.html http://etherpad.openstack.org/MultiServerSwift	17:21
elasticdog	grizzletooth: thanks...I've just been going through the development_saio page and thought there might be a quicker way	17:23
*** DubLo7 has quit IRC		17:23
*** joearnold has joined #openstack		17:23
*** jdmaturen has joined #openstack		17:24
notmyname	elasticdog: I think there is a chef script around somewhere that sets up a SAIO	17:28
creiht	I'm not sure if the chef script has been updated with the latest version though	17:30
elasticdog	notmyname: thanks	17:31
*** littleidea has joined #openstack		17:31
*** joearnol_ has joined #openstack		17:32
*** joearnold has quit IRC		17:32
*** joearnold has joined #openstack		17:32
*** sparkycollier has joined #openstack		17:33
*** dendrobates is now known as dendro-afk		17:35
*** grizzletooth has left #openstack		17:36
*** kw1 has joined #openstack		17:36
*** dendro-afk is now known as dendrobates		17:37
mdiver	piken: I've downgrade the lockfile to 0.8.0 it seem to work now..	17:38
*** kw1 has left #openstack		17:39
*** sparkycollier has quit IRC		17:41
piken	ranjib: There you go. you need python-daemon 1.5.5 and lockfile 0.8.0 as daemon 1.6 and lockfile 0.9.x are fubar.	17:48
vishy	soren: any idea if libvirt supports serial console output to two places at once? We're trying to have ajaxterm as well as sending the output to a file.	17:48
mdiver	It is now complaining about ./CA directory, I can see it on the source directory, Should I copy it over, or is there a way of specifying where the nova dir is ? any NOVA_HOME= ? Something like that ?	17:49
*** ibarrera has quit IRC		17:50
*** littleidea has quit IRC		17:50
*** joearnol_ has joined #openstack		17:58
*** joearnold has quit IRC		18:00
*** jc_smith has joined #openstack		18:01
*** kevnfx has quit IRC		18:01
vishy	mdiver: --ca_path=/path/to/ca	18:02
vishy	try running the binaries from inside the source tree	18:02
vishy	and it should find the existing one	18:02
vishy	cd /path/to/nova/	18:03
vishy	./bin/nova-xxxx	18:03
mdiver	vishy: got it. Thanks.	18:03
*** littleidea has joined #openstack		18:04
jk0	vishy: you ever see 'connection refused' when using sqlite and starting nova-compute with your install script?	18:05
jk0	it's almost like the sqlite db is locked	18:06
*** joearnol_ has quit IRC		18:07
*** joearnold has joined #openstack		18:08
vishy	sounds likely	18:08
vishy	sqlite locking is pretty bad for multiple binaries	18:08
vishy	i usually use mysql	18:08
jk0	that's what I figured	18:09
vishy	but i've usually only had to just rerun the command if it is locked	18:09
piken	have the openstack mailing lists been active? I did the signup for them and haven't seen anything come accross. I want to make sure work spamfilter is not eating it.	18:09
jk0	I	18:09
spectorclan	piken which lists?	18:09
vishy	it spews errors on trying to update locked db	18:09
jk0	I'm getting conn refused for compute, network and volume.	18:09
vishy	piken: there hasn't been anything recently	18:09
vishy	jk0 o really?	18:10
jk0	there's no indication of locking but that's what I'm assuming	18:10
jk0	yeah	18:10
vishy	jk0: if you restart them, do they work?	18:10
jk0	nah, no go	18:10
vishy	jk0 sounds like a rabbit issue	18:10
jk0	API and objectstore fire right up	18:10
vishy	connection refused is usually because rabbit isn't running	18:10
vishy	API and objectstore don't connect to rabbit so that would make sense	18:11
jk0	good call, I'll look quick	18:11
*** khussein_ has joined #openstack		18:13
jk0	vishy: good catch - that was exactly it	18:13
vishy	jk0: np	18:13
*** dragondm has joined #openstack		18:15
*** jed has joined #openstack		18:15
*** khussein has quit IRC		18:15
*** khussein_ is now known as khussein		18:15
*** ptremblett has quit IRC		18:24
*** jdmaturen has joined #openstack		18:25
spectorclan	Reminder - Register for Design Summit at http://openstack.org/register	18:25
*** jdmaturen has joined #openstack		18:25
*** Cybodog has joined #openstack		18:28
*** dpackard has quit IRC		18:33
*** jc_smith has quit IRC		18:33
*** miclorb_ has joined #openstack		18:36
*** jc_smith has joined #openstack		18:37
*** dragondm has quit IRC		18:41
vishy	dendrobates: are you here?	18:46
dendrobates	vishy: yep	18:46
zul	is the schedule up yet for the dev side of the summit yet?	18:47
vishy	dendrobates: what is the deal on the voting? Someone was saying that you have to be added to Nova or Swift in order to vote?	18:48
dendrobates	creiht: on this page: code.launchpad.net/nova which do you need sessions for?	18:48
vishy	in addition to signing the cla	18:48
creiht	dendrobates: what does the public want? :)	18:49
dendrobates	vishy: you needed to be on a member of any of the lp teams	18:49
vishy	dendrobates: and how does one get added to the teams?	18:49
dendrobates	vishy: it is too late, jonathon already grabbed the list. You need to ping Jonathon if someone needs to be added to the voting	18:50
creiht	dendrobates: I'm assuming you are asking about blueprints?	18:50
dendrobates	creiht: yes	18:50
vishy	dendrobates: ok	18:50
dendrobates	zul: working on it now	18:50
zul	dendrobates: cool	18:51
dendrobates	creiht: I assume you want to discuss all the ones marked future- at least?	18:51
creiht	It depends on if there is anything to discuss? :)	18:51
creiht	The only thing that I can think of that people would be really interested in discussing is the s3 api compatibility	18:52
dendrobates	if there is nothing, I would just use the time to go over your plans and see if anyone has any comments.	18:52
creiht	That's the problem, we don't have much in the way of "plans"	18:52
dendrobates	then this is the time to make them.	18:53
creiht	most everything for at least a while is going to be incremental improvements	18:53
creiht	but that's the thing, we have no major features to add	18:53
creiht	for the near term	18:53
devcamcar	creiht: how goes? i may have such a feature in mind	18:53
creiht	and nobody else has requested much else :)	18:53
creiht	devcamcar: !!!!	18:53
creiht	how's it going? :)	18:53
devcamcar	creiht: good!	18:53
devcamcar	i'll be in san antonio all next week	18:54
creiht	awesome	18:54
dendrobates	devcamcar: awesome create a blueprint and I'll schedule it.	18:54
devcamcar	one of the big features we've been discussing internally is multi-region support for swift	18:54
creiht	ok	18:54
*** Cybodog has quit IRC		18:54
devcamcar	being able to store a replica in an external swift store	18:54
creiht	right	18:54
devcamcar	big win for us	18:54
creiht	add a blueprint! :)	18:54
devcamcar	i'm going to put a high level blue print up today	18:54
creiht	cool	18:55
creiht	dendrobates: the only other possibly interesting thing to discuss is the large file support, but that is mostly implemented	18:55
devcamcar	creiht: how large is a large file?	18:55
creiht	as large as you want it to be?	18:56
creiht	:)	18:56
devcamcar	one meeeeeeellion TB	18:56
creiht	If you can keep your connection open long enough to upload it, sure :)	18:56
devcamcar	creiht: how are you guys handling that under the cover?	18:56
devcamcar	are you chunking on client side?	18:56
creiht	the current implementation involves creating a manifest, and then chunking across the cluster	18:57
creiht	and it is done server side	18:57
*** dysinger has joined #openstack		18:57
devcamcar	one of the questions we were asked recently is how easy it would be to saturate a 10G connection with a single large file being uploaded	18:57
creiht	heh	18:57
devcamcar	a lot of our potential users have a small number of huge files	18:57
creiht	hrm	18:57
devcamcar	swift is basically bound by spindle speed more than network speed	18:58
creiht	correct	18:58
devcamcar	s3 is same way	18:58
devcamcar	only way around that is chunking client side, it gets messy	18:58
creiht	There is an idea down the road to expose a similar chunking to the client side	18:58
devcamcar	anyway, just curious if you guys are thinking about it from that point of view	18:58
creiht	where the client would upload the manifest, and chunks	18:59
devcamcar	that would have huge value for our customers	18:59
creiht	that way you could upload those in parallel	18:59
creiht	It has its own set of issues :)	18:59
devcamcar	we have 10G everywhere now, though we're already talking about 40G or 100G pipes	18:59
devcamcar	creiht: indeed it does!	18:59
creiht	devcamcar: we can talk about it then next week	18:59
devcamcar	creiht: worth a blueprint?	19:00
creiht	sure, why not? :)	19:00
*** sebastianstadil has quit IRC		19:01
*** khussein has quit IRC		19:05
spectorclan	If anyone needs help with hotels next week, let me know and I can try and find you a roomate	19:06
*** littleidea has quit IRC		19:10
devcamcar	creiht: high level rough of multi region: https://blueprints.launchpad.net/swift/+spec/multi-region	19:15
_0x44	jaypipes: Are you about?	19:15
jaypipes	_0x44: sure am.	19:16
_0x44	Is there a way to make nose report on cyclomatic complexity the way it can report on code coverage?	19:18
jaypipes	_0x44: not that I know of.	19:18
jaypipes	_0x44: but isn't there a way to ask pylint to do that? eday?	19:19
_0x44	Great, thanks :)	19:19
creiht	devcamcar: so what you are talking about in the proposal can already be done client side today	19:20
alekibango	dendrobates: what do you think about my blueprint? https://blueprints.launchpad.net/nova/+spec/reserve-and-limit-resources...	19:20
creiht	a small change to the auth would allow it to return several endpoint urls, to which the client could send data to either (or both)	19:20
devcamcar	creiht: that is a great feature but want to see swift dictate that automatically on the server side if configured to do so	19:21
creiht	ok	19:21
creiht	that wasn't entirely clear from the description	19:21
devcamcar	creiht: ok i will make that more explicit	19:21
creiht	cool... and should be interesting to discuss next week :)	19:22
devcamcar	indeed	19:22
devcamcar	creiht: in short: swift installation A is configured to be aware of B, when data is uploaded to A, N number of copies are also replicated to B	19:24
devcamcar	and vice versa	19:24
creiht	yeah	19:24
devcamcar	creiht: and bonus points for making it configurable by container :)	19:24
creiht	hah	19:25
creiht	container stored procedures! :)	19:25
devcamcar	oo	19:25
_0x44	jaypipes: It doesn't look like there's a way to make pylint do it, I'll have to install another module. Thanks for the help	19:25
jaypipes	_0x44: selenium, then?	19:26
*** khussein has joined #openstack		19:28
jaypipes	_0x44: http://www.traceback.org/2008/03/31/measuring-cyclomatic-complexity-of-python-code/	19:28
dendrobates	alekibango: interesting, there is some overlap with blueprints that pvo is working on.	19:30
alekibango	do you think we can plan that for bxar?	19:30
_0x44	jaypipes: I found that earlier, but I hadn't yet installed it because I was hoping for a nose plugin like complexity.py	19:30
jaypipes	_0x44: ah, gotcha.	19:31
alekibango	pvo: please what is dendrobates talking about, can you tell me more?	19:32
alekibango	dendrobates: not everyone wants to use shared resources :) there are customers who want reserved ones... and there are customers who would like to have mix or reserved and mix of shared	19:33
alekibango	eh, meant mix of reserved and shared :)	19:34
alekibango	ie, 10MBps reserved bandwidth and sharing rest with other users of the host	19:35
dendrobates	alekibango: it seems to me that throttling with hard and soft limits can accomplish what you are asking for.	19:35
alekibango	dendrobates: i know its not exactly easy. bug kvm, lvm or UML can be easily limited by normal means	19:36
dendrobates	few users are willing to pay for resources they are not using currently. That is one of the advantages of utility computing	19:36
piken	I would stress that the limits be very flexable as ip over ib with kvm has seen 6.6GBps through put for our vms and we would not want to limit our selves out of the performance.	19:36
alekibango	s/bug/but/ sorry, myfingers are weak today	19:37
alekibango	dendrobates: yes... do you think we can target this for bexar?	19:37
alekibango	i will help with it	19:37
*** Cybodog has joined #openstack		19:37
dendrobates	alekibango: why reserve resources? why do you care, as long as they are there when you try to use them?	19:38
_0x44	alekibango: Can it wait three months to whatever the C release is?	19:38
alekibango	well, to be able to sell virtual host having certain parameters	19:38
alekibango	certain SLA	19:38
alekibango	predictable	19:38
dendrobates	your electric company does not reserve power for you.	19:38
_0x44	dendrobates: If you ask Blake and Opie they'll tell you lots of customers want explicitly specified hard limits	19:38
alekibango	not more, not less	19:38
dendrobates	alekibango: we can do that without reservations	19:38
alekibango	dendrobates: yes and suddenly power fails when my neigbour uses his tesla inspired tools	19:39
dendrobates	_0x44: I agree with the concept of limits, just not reservations	19:39
*** khussein has quit IRC		19:39
_0x44	dendrobates: pm coming, I'm not sure I'm allowed to talk about what I'm going to say next publicly.	19:39
piken	dendrobates: a pure qouta system would the preferred as you can limit a user, but not restrict them if needed.	19:39
alekibango	dendrobates: i understand this will require reserved hosts...	19:39
alekibango	dendrobates: this comes as request from my customer, a hosting company	19:40
alekibango	and he has tons of customers who need this :)	19:40
alekibango	i know its not using the hardware to the max, but it gives some sort of good feeling to customers	19:41
alekibango	dendrobates: reservation of that is just change in scheduler	19:42
alekibango	limiting is for nova-manage	19:42
alekibango	right?	19:42
alekibango	if someone will guide me a bit, i can work on it	19:43
pvo	alekibango: whats the difference in reservation and provisioning a vm and not using it?	19:43
dendrobates	what gives me a good feeling is that when I flip on a light, it comes on. I don't care if the power company reserved power for me.	19:43
alekibango	reservations means that when other users will abuse resources of the host, you will not be affected	19:43
pvo	alekibango: thats not reservations	19:44
pvo	alekibango: those are resource limits	19:44
alekibango	yes, and planning	19:44
alekibango	pvo: maybe i have wrong terminology :)	19:44
dendrobates	I realize that some people may want this, but I think they are missing the point of the cloud	19:44
piken	alekibango: No hosting company could live at that as the key to the hosting business is over provision.	19:44
pvo	alekibango: thats just how you configure your hypervisor	19:44
piken	I worked for 5 years for one of the worlds largest and know that to be the truth	19:44
alekibango	i want limits and scheduling -- and the scheduler should respect thole limits, so it will not schedule 150% of load on 1 cpu	19:44
*** guynaor has joined #openstack		19:45
pvo	alekibango: scheduler is pluggable. You can write your own to take this into account already	19:45
*** Cybodog has quit IRC		19:45
alekibango	yes	19:45
*** Cybodog has joined #openstack		19:46
piken	alekibango: at that point your not doing any better then buying single core servers that are bare metal. KVM and Xen do a good job of resource swaping for hosts using more resources taking from those that are not for a reason.	19:46
alekibango	pvo: what do you mean - thats just how you configure hypervisor?	19:46
*** ptremblett has joined #openstack		19:46
pvo	you can configure your hypervisor to burst or have hard caps	19:46
piken	alekibango: a quota system is a must, but reserving alotments of resources is against the idea of KVM and Xen.	19:47
piken	pvo: you can set hard caps, but not soft caps.	19:47
alekibango	piken: i understand you, but there is demand for this :)	19:47
alekibango	really	19:47
pvo	piken: hard caps, yes	19:47
alekibango	piken: maybe only partial reservation	19:47
dendrobates	we need to throttle network i/o, disk i/o and CPU. pvo: do your blueprints cover throttling?	19:47
*** Cybodog has quit IRC		19:47
pvo	alekibango: reservation is the same as provisioning, no?	19:48
piken	alekibango: That is a demand that you will kill the performance of the cloud as a whole to meet.	19:48
alekibango	i want to be able to tell hard limits -- not only max, but also MIN	19:48
pvo	dendrobates: isn't there already throttling in openstack api?	19:48
pvo	didn't gundlach put that in?	19:48
*** Cybodog has joined #openstack		19:48
alekibango	piken: i know, but it might give you more money	19:48
alekibango	its about SLA	19:48
dendrobates	pvo: on the hosts, using xs?	19:48
alekibango	and people willing to pay	19:48
pvo	throttling at the pai	19:48
pvo	api	19:48
alekibango	pvo: you are working on throttling?	19:49
alekibango	on limits?	19:49
pvo	there was work done on it.	19:49
piken	alekibango: actually it is not, it is against SLA believe it or not. Ran into this head on at HostWay when doing OpenVZ vps's	19:49
dendrobates	pvo: I'm talking about backend, not API.	19:49
pvo	dendrobates: not sure what you mean then.	19:49
dendrobates	pvo: do your spec cover hard and soft disk i/o limits and network i/o limit to prevent one vm from affecting it's neighbors?	19:50
*** irahgel1 has left #openstack		19:51
pvo	not disk io, but we do cover network io	19:51
alekibango	piken: i want to be able to tell: you will have 30-50 MBps available	19:51
_0x44	piken: OpenVZ lies about virtualization	19:51
alekibango	not only you can be limited to max 50, min 0	19:51
dendrobates	I know, we can do disk i/o with KVM and hopefully soon with xs too.	19:52
piken	_0x44: at the time it was the best you can find. lol	19:52
alekibango	or you will get shared 200	19:52
*** dragondm has joined #openstack		19:52
dendrobates	pvo: but it's in your specs? I'm trying to see if we need another.	19:52
alekibango	piken: again, this is what this hosting company needs, and its one of largests in my country	19:52
alekibango	they have companies waiting to pay for this limited hw :)	19:53
piken	alekibango: I understand what you are saying, but from the idea of a cloud, that would be a step in the wrong direction for the core project. Maybe for an extension for you. But I would highly advise keeping that from the core of nova.	19:53
alekibango	we have also some cheap hosting companies, who use sharing to the max	19:53
alekibango	but thats not the way of my customer	19:53
piken	alekibango: maybe you should focus on vm migration priorities instead of reservations. The best solution would be if a node cannot offer the load a user is using, move them and keep it to hard limits only.	19:54
alekibango	piken: right	19:54
alekibango	that would be the one	19:54
alekibango	sheepdog + live instant migration	19:55
alekibango	or somthing like this	19:55
piken	That is live able, but needs a lot as there is no live migration in nova at the moment.	19:55
piken	That even opens up the option of node load balancing like vsphere.	19:55
alekibango	when do you think we can make migration real?	19:55
alekibango	piken: right...	19:55
*** Cybodog has quit IRC		19:56
piken	Don't look at me. lol. I am still working out some blueprinting info and work for the VolumeManger Vishy started so I can use it internal here for VirtFS + Lustre over infiniband.	19:56
alekibango	my other blueprint might be to move instantions in a way they best use hardware in time (for example shools have different needs than shops or news)	19:56
alekibango	but thats for far future maybe :)	19:57
alekibango	and live migration would solve this also	19:57
alekibango	i think, live migration would be good	19:58
*** Cybodog has joined #openstack		19:58
alekibango	+ those limits	19:58
dendrobates	alekibango: there is a live migration spec	19:58
*** Orman has joined #openstack		19:58
Orman	Hello	19:58
alekibango	yes ty	19:58
piken	Hey Orman	19:59
alekibango	Orman: hello. i am not doing security diagrams yet :) i just have beed drawing some nova arch pictures	19:59
devcamcar	piken: you're implementing a VolumeManager for VirtFS and Lustre?	19:59
alekibango	which talk about AMQP centricity	19:59
piken	devcamcar: I pulled a branch of Vishy's VolumeManager and I am working out a Driver for VirtFS.	20:00
Orman	Ok	20:00
Orman	Hey piken.	20:00
devcamcar	piken: neat, though i personally feel an urge to rub myself down with steel wool whenever i deal with lustre :)	20:00
piken	Not lustre directly as we are mounting Lustre on the physical node and going to virtfs to the directory as Lustre over 40gbps infiniband is faster then lustre over 6.6gbps max with virtio-net	20:01
*** neogenix has joined #openstack		20:01
alekibango	and who is working on nova limits/throtling? :)	20:01
devcamcar	piken: interesting	20:01
alekibango	piken: what do you think about ceph?	20:02
_0x44	alekibango: For Austin it was comstud	20:02
devcamcar	creiht: blue print for client side chunks, mainly just a starting point for discussion	20:02
devcamcar	https://blueprints.launchpad.net/swift/+spec/client-side-chunking	20:03
alekibango	_0x44: ty	20:03
devcamcar	very very high level	20:03
Orman	alekibango: When will you have your architecture pictures up?	20:03
piken	alekibango: it is nice, if you like loosing your data every other day and seeing big red warnings that say "WARNING: THIS IS NOT PRODUCTION READY!!!"	20:03
_0x44	alekibango: You're welcome	20:03
alekibango	piken: :))	20:03
alekibango	piken: i didnt have the courage to try	20:03
alekibango	but it looks promising	20:03
piken	We have tried a lot here, Ceph + BTRFS, GlusterFS, and Lustre. Lustre is the most promising and stable as long as you have the money to through at top of the line hardware.	20:04
alekibango	and glusterfs?	20:04
alekibango	its coming to be nice, but i found it slow	20:04
piken	It is slow and if you have more then 2 storage nodes, the data replication becomes a huge bottle neck.	20:04
piken	I think a test of Lustre on our SAN and infiniband the other day was showing 50GBps reads.	20:05
piken	ah, nvm. 50GBps writes at a sustained of 6.3GBps per client.	20:06
alekibango	so, what do we need to make live migration real (at least for kvm)?	20:06
piken	Lots of Prayer?	20:06
piken	lol	20:06
alekibango	:)	20:06
alekibango	btw lxc containers might make sense even for kvm/qemu/UML instances --> to limit	20:07
*** ctennis has quit IRC		20:07
alekibango	i agree limits are enough for me if we will get live migration working during winter	20:08
Orman	devcamcar: Nice blueprint. ;)	20:08
Orman	I am trying to figure out which blueprint I should do.	20:09
*** khussein has joined #openstack		20:09
Orman	I need to add ore to clarify what I mean in the first paragraph of tje Virtual Guest.	20:10
Orman	More details would work. ;)	20:11
alekibango	we need diagrams	20:11
alekibango	lots of diagrams	20:11
alekibango	:)	20:11
alekibango	pictures	20:11
alekibango	explained	20:11
Orman	Ok	20:11
Orman	I'll make a Virtual Guest diagrams when I get the chance	20:12
Orman	Both the guest and the host shold be on seperate layers.	20:12
alekibango	piken: btw how do you combat silent data corruption problem ? :)	20:13
alekibango	meeting is in 45 minutes?	20:14
Orman	What meeting?	20:14
alekibango	Orman: #openstack-meeting	20:14
Orman	Ah I see	20:14
alekibango	see top of wiki pages	20:15
Orman	Well I am going to head out for a bit here in aminute to vote.	20:15
piken	alekibango: Never solved it in 1.8. We are trying 2.0 and it solves it via embedded lvm in the partition manager for lustre now to do striping better.	20:15
Orman	I might be back in time for the meeting	20:15
alekibango	piken: interesting :)	20:15
soren	vishy: Same serial port pointed to two places?	20:17
soren	vishy: I don't believe it does, no.	20:18
soren	vishy: Let me check.	20:19
soren	vishy: It doesn't, no.	20:21
soren	vishy: It shouldn't be too difficulat to add, though.	20:21
*** ctennis has joined #openstack		20:21
*** ctennis has joined #openstack		20:21
soren	vishy: What does ajaxterm need?	20:21
Orman	see ya guys	20:22
Orman	later	20:22
Orman	gtg	20:22
*** Orman has quit IRC		20:22
piken	Who do I have to talk to about joining the Nova and Swift teams on LP?	20:24
creiht	piken: I think you just click the "join" button :)	20:25
piken	or the openstack team as a whole. I want to be active on the mailing lists and it turns out the reason I cannot access them is that. lol	20:25
creiht	swift-core and nova-core are a different thing	20:25
piken	hmm, don't see join link anywhere on lp	20:26
creiht	hrm	20:26
creiht	piken: try https://launchpad.net/~swift	20:27
creiht	and https://launchpad.net/~nova	20:27
dendrobates	creiht: the lp teams are locked while we revamp our CLA policy.	20:27
creiht	oh	20:28
creiht	heh	20:28
piken	Bah, make it hard to join the mailing lists. lol	20:28
creiht	sorry	20:28
dendrobates	if anyone wants to join and they have signed the CLA, I'll add them	20:28
dendrobates	they will be unlocked after the summit next week	20:28
piken	I can sign it for my personal contributions, but they won't include anything from my company as we are waiting on legal for those.	20:29
_0x44	dendrobates: I signed the CLA twice and have to addresses in two countries, can my vote count twice?	20:29
_0x44	s/to/two/	20:29
dendrobates	_0x44: I am not involved in the voting	20:29
_0x44	dendrobates: Should I ask jbryce?	20:30
dendrobates	release meeting in 30 min	20:30
dendrobates	_0x44: did you get two emails with links?	20:30
*** littleidea has joined #openstack		20:30
soren	vishy: So, afaict, ajaxterm just exec()'s something and uses stdio for communication. It shouldn't be much work to make libvirt export the serial port to a unix socket and have a daemon that writes everything to the console log as well as allow ajaxterm to connect through it.	20:31
*** metoikos has joined #openstack		20:32
*** allsystemsarego has quit IRC		20:33
*** Cybodog has quit IRC		20:34
*** sparkycollier has joined #openstack		20:36
vishy	soren: I thought we might have to do something like that.	20:36
*** Cybodog has joined #openstack		20:37
creiht	mtaylor: would it be possible to set up hudson on the swift 1.1 series?	20:40
creiht	and tarmac	20:40
*** sebastianstadil has joined #openstack		20:42
*** BK_man has joined #openstack		20:43
_0x44	dendrobates: I didn't get two emails with links, I'm only in launchpad once :)	20:43
*** devcamcar has quit IRC		20:45
*** anotherjesse has quit IRC		20:45
*** xtoddx has quit IRC		20:45
*** vishy has quit IRC		20:45
*** anotherjesse has joined #openstack		20:46
*** devcamcar has joined #openstack		20:46
*** sleepsonthefloor has joined #openstack		20:46
*** vishy has joined #openstack		20:47
*** xtoddx has joined #openstack		20:48
*** sparkycollier has quit IRC		20:53
alekibango	i have reworded my blueprint to be smarter, more generic and compatible: https://blueprints.launchpad.net/nova/+spec/limit-resources-ensure-availibility	20:54
alekibango	now i believe it will be acceptable by most :)	20:56
*** kevnfx has joined #openstack		20:56
*** Orman has joined #openstack		20:57
Orman	I'm back.	20:57
dendrobates	meeting in 2 min	20:58
Orman	Pardon me,but I have never been in on the meeting.	20:58
Orman	Where do Igo?	20:59
eday	#openstack-meeting	20:59
alekibango	Orman: /join #openstack-meeting	20:59
alekibango	ouch i have mistake in title :)	20:59
alekibango	finally i hope https://blueprints.launchpad.net/nova/+spec/limit-resources-ensure-availability :)	21:00
*** littleidea has quit IRC		21:06
*** littleidea has joined #openstack		21:07
*** Cybodog has quit IRC		21:15
*** Cybodog has joined #openstack		21:15
*** westmaas1 has quit IRC		21:17
*** littleidea has quit IRC		21:23
*** littleidea has joined #openstack		21:23
*** cruciform has joined #openstack		21:27
*** spectorclan has quit IRC		21:30
*** jdmaturen has left #openstack		21:31
*** johnpur has quit IRC		21:32
*** Orman has quit IRC		21:33
*** mdiver has quit IRC		21:36
* ttx goes to bed		21:38
*** joearnold has quit IRC		21:38
mtaylor	creiht: yes!	21:41
mtaylor	creiht: but not this instant	21:41
*** littleidea_ has joined #openstack		21:41
*** littleidea has quit IRC		21:45
*** littleidea_ is now known as littleidea		21:45
*** HouseAway is now known as AimanA		21:51
*** joearnold has joined #openstack		21:52
*** jkakar has joined #openstack		21:59
*** kevnfx has quit IRC		22:00
mtaylor	creiht: so remind me and stuff	22:01
creiht	mtaylor: k, no worries	22:02
*** sebastianstadil has quit IRC		22:03
*** khussein has quit IRC		22:04
*** ppetraki has quit IRC		22:04
*** pvo has quit IRC		22:04
*** sparkycollier has joined #openstack		22:06
*** theron has quit IRC		22:10
*** pvo has joined #openstack		22:11
*** ChanServ sets mode: +v pvo		22:11
*** Orman has joined #openstack		22:13
*** ddumitriu has joined #openstack		22:14
*** Orman_ has joined #openstack		22:16
*** Orman has quit IRC		22:20
Orman_	alekibango: That was a great meeting.	22:22
*** khussein has joined #openstack		22:27
*** gondoi has quit IRC		22:32
alekibango	heh :)	22:37
Orman_	Yep. ;)	22:42
alekibango	those conferences... i wish we could do them via inet only	22:42
*** littleidea has quit IRC		22:43
*** abecc has quit IRC		22:46
*** sparkycollier has quit IRC		22:46
*** abecc has joined #openstack		22:46
Orman_	Yeah vidoe chat	22:52
Orman_	;)	22:52
alekibango	for me audio+ text + screen is ok	22:52
*** pvo has quit IRC		22:59
*** pvo has joined #openstack		23:00
*** pvo has quit IRC		23:00
*** pvo has joined #openstack		23:00
*** ChanServ sets mode: +v pvo		23:00
*** littleidea has joined #openstack		23:00
*** DubLo7 has joined #openstack		23:05
*** mdiver has joined #openstack		23:05
*** pvo_ has joined #openstack		23:07
*** ChanServ sets mode: +v pvo_		23:07
*** hggdh has quit IRC		23:08
*** Cybodog has quit IRC		23:08
*** blakeyeager has quit IRC		23:09
*** pvo has quit IRC		23:10
*** metoikos has quit IRC		23:10
*** pvo_ has quit IRC		23:11
*** hggdh has joined #openstack		23:11
*** perestrelka has quit IRC		23:12
*** perestrelka has joined #openstack		23:15
*** neogenix has quit IRC		23:18
*** jkakar has quit IRC		23:25
Orman_	alekibango: right	23:27
Orman_	So where were we in our security discussion	23:27
Orman_	;)	23:27
*** sebastianstadil has joined #openstack		23:28
jc_smith	anybody seen this one in nova-compute before?	23:35
jc_smith	Traceback (most recent call last):	23:35
jc_smith	File "/opt/novascript/nova/nova/compute/manager.py", line 92, in run_instance	23:35
jc_smith	yield self.driver.spawn(instance_ref)	23:35
jc_smith	AttributeError: virConnect instance has no attribute 'nwfilterDefineXML'	23:35
*** krish has quit IRC		23:36
jc_smith	hmm, maybe wrong version of libvirt	23:37
*** zaitcev has joined #openstack		23:42
*** devx has joined #openstack		23:43
*** gaveen has quit IRC		23:47
*** pvo has joined #openstack		23:48
*** ChanServ sets mode: +v pvo		23:48
*** ambo has joined #openstack		23:52
*** elasticdog has quit IRC		23:53
*** littleidea has quit IRC		23:54
*** sebastianstadil has quit IRC		23:54
*** abecc has quit IRC		23:54
*** dysinger has quit IRC		23:57

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!