Monday, 2011-02-28

XenithHmm. Has anyone tried getting nova working on FreeBSD yet?00:06
*** zenmatt has quit IRC00:09
*** pvo has joined #openstack00:17
*** azneita has joined #openstack00:23
*** azneita has joined #openstack00:23
vishyXenith: no although the tests all run on Darwin, so the python code should run fine.  If you can install all the cli tools (bridge_utils, etc.), you might be able to get it to work.00:32
vishyDoes libvirt run on FreeBSD?00:32
XenithDon't think so, actually.
tripson_afaik not natively00:36
*** adiantum has quit IRC00:36
*** adiantum has joined #openstack00:42
*** miclorb has quit IRC00:45
*** rchavik has joined #openstack00:46
*** adiantum has quit IRC00:54
*** deshantm_xenorg has quit IRC00:54
*** te has quit IRC00:55
*** zenmatt has joined #openstack00:58
*** mahadev has joined #openstack00:59
*** dubsquared has joined #openstack00:59
dubsquaredcreiht:  around?01:00
*** zul has quit IRC01:00
*** adiantum has joined #openstack01:00
*** rchavik has quit IRC01:02
*** mahadev has quit IRC01:03
*** adiantum has quit IRC01:09
*** mahadev has joined #openstack01:10
*** adiantum has joined #openstack01:15
*** zul has joined #openstack01:21
*** adiantum has quit IRC01:21
*** adiantum has joined #openstack01:22
*** zenmatt has quit IRC01:24
*** adiantum has quit IRC01:31
*** reldan has quit IRC01:34
*** adiantum has joined #openstack01:35
*** adiantum has quit IRC01:43
*** gregp76 has joined #openstack01:44
*** miclorb_ has joined #openstack01:51
*** vvuksan has joined #openstack01:55
*** adiantum has joined #openstack01:55
*** adiantum has quit IRC02:05
*** adiantum has joined #openstack02:10
*** zenmatt has joined #openstack02:11
*** miclorb_ has quit IRC02:11
*** Ryan_Lane has quit IRC02:13
*** Ryan_Lane_ has joined #openstack02:13
*** westmaas has joined #openstack02:19
*** vvuksan has quit IRC02:20
*** adiantum has quit IRC02:21
*** bcwaldon has joined #openstack02:26
*** adiantum has joined #openstack02:27
*** Ryan_Lane_ is now known as Ryan_Lane02:28
*** gregp76 has quit IRC02:28
*** lamar has quit IRC02:33
*** ewindisch has joined #openstack02:33
*** adjohn has quit IRC02:39
*** combo has joined #openstack02:41
*** mahadev has quit IRC02:43
*** combo has quit IRC02:43
*** deshantm has joined #openstack02:44
*** lamar has joined #openstack02:47
*** ppetraki has joined #openstack02:52
*** miclorb has joined #openstack02:57
*** pvo has quit IRC02:59
*** adiantum has quit IRC03:04
*** adjohn has joined #openstack03:05
*** adiantum has joined #openstack03:06
*** mahadev has joined #openstack03:11
*** rchavik has joined #openstack03:14
*** mahadev has quit IRC03:18
*** Vaternz has joined #openstack03:19
Vaternzany documents on how to create an image for openstack?03:21
Vaternzlike i want to create my own centos, ubuntu, etc... images...03:22
Vaternzprocedures and howto's please... btw i'm just an I.T student03:22
deshantmVaternz: there are images available03:25
deshantmVaternz: what hypervisor do you intend to use?03:26
Vaternzi've seen those sir... which i can just download... but i want to know how to create an image for myself... kvm? or xen? which one do you recommend sir?03:27
deshantmVaternz: XCP is a good open source solution based on Xen03:28
VaternzXCP... alright i will take note of that... great.03:29
Vaternzand by the way sir deshantm, i used one of the images available and attach it my openstack, it was successful but i cant connect to it, do know what seems to be the problem?03:30
jeremybVaternz: debian/ubuntu have vmbuilder03:30
jeremybidk how they work or not with nova/xen/kvm (they do work with ec2/eucalyptus aiui)03:31
deshantmanother good tools is the Stacklet bundler03:31
deshantmVaternz: did you set up the SSH keys?03:32
Vaternzsir jeremyb, alright great, i will take note of those details....03:32
deshantmVaternz: what are you trying to accomplish in general with openstack?03:34
deshantmor are you just in learning mode?03:34
jeremybdeshantm: can you build stacklets yourself or just use what they provide?03:34
Vaternzsir deshantm, where using this nova-rc to load the ssh keys? do you see any short-comings on what i'm doing?03:34
deshantmjeremyb: they have open source software03:34
deshantmjeremyb: and
jeremybcool, i'll look some more in a bit03:35
VaternzSir deshantm, i'm mean using this nova-rc to load or the ssh keys.03:36
deshantmVaternz: what howto are you following exactly. I'm not sure what nova-rc you are referring too, but in context I could probably try to explain03:38
*** Vaternz_ has joined #openstack03:42
Vaternz_sorry, got DC03:42
*** Vaternz has quit IRC03:44
deshantmVaternz_: what howto are you following exactly. I'm not sure what nova-rc you are referring too, but in context I could probably try to explain03:44
deshantmneed to reboot this system, bbl03:46
*** deshantm has quit IRC03:46
*** ppetraki has quit IRC03:46
*** Vaternz_ has quit IRC03:47
*** adiantum has quit IRC03:49
*** deshantm has joined #openstack03:51
*** adiantum has joined #openstack03:53
*** Guest22828 is now known as antonym03:56
*** antonym is now known as Guest8757703:56
*** Vaternz has joined #openstack03:56
*** Guest87577 has quit IRC03:57
*** Guest87577 has joined #openstack03:57
*** ChanServ sets mode: +v Guest8757703:57
Vaternzwhy does the image i attached, is still in 'scheduling'? should it be 'up' in just a matter of seconds?03:59
*** paltman has quit IRC04:00
*** ewindisch has quit IRC04:00
*** paltman has joined #openstack04:00
Vaternzi did euca-run-instances, then did euca-describe-instances to check the image, but it is still in 'scheduling'... what seems to be the problem?04:01
*** adiantum has quit IRC04:02
jarrodcheck logs04:05
Vaternzsir jarrod, is that for me? check logs?04:05
*** adiantum has joined #openstack04:07
*** herki has joined #openstack04:09
*** herki_ has quit IRC04:10
Vaternzi did euca-run-instances, then did euca-describe-images to check the image, but it is still in 'scheduling'... and still in 'scheduling'. what am i doing wrong?04:11
*** markwash has quit IRC04:19
*** markwash has joined #openstack04:21
*** Vaternz has quit IRC04:29
*** adiantum has quit IRC04:31
markwashis file injection supposed to show up in the admin api for nova?04:35
*** adiantum has joined #openstack04:36
*** bcwaldon has quit IRC04:42
*** adiantum has quit IRC04:47
*** adiantum has joined #openstack04:59
*** kashyap has joined #openstack05:22
*** Ryan_Lane has quit IRC05:24
*** alekibango has quit IRC05:25
*** adiantum has quit IRC05:44
*** lamar has quit IRC05:48
*** adiantum has joined #openstack05:49
*** f4m8_ is now known as f4m805:49
*** openstack has joined #openstack05:56
*** ChrisAM has quit IRC05:56
*** Guest87577 is now known as antonym05:56
*** larissa has quit IRC05:57
*** larissa has joined #openstack05:58
*** jk0 has quit IRC05:58
*** rdw has quit IRC05:58
*** iRTermite has quit IRC05:59
*** jk0 has joined #openstack05:59
*** jk0 has joined #openstack05:59
*** ChanServ sets mode: +v jk005:59
*** rdw has joined #openstack06:00
*** adiantum has quit IRC06:01
*** iRTermite has joined #openstack06:01
*** ChrisAM1 has joined #openstack06:01
*** adjohn has quit IRC06:04
*** adiantum has joined #openstack06:05
*** adjohn has joined #openstack06:05
*** Mani2 has joined #openstack06:08
Mani2hi all, i have given bzr branch lp:nova06:08
Mani2ssh: connect to host port 22: Connection refused06:08
Mani2bzr: ERROR: Connection closed: Unexpected end of message. Please check connectivity and permissions, and report a bug if problems persist.06:08
*** adjohn has quit IRC06:09
*** adjohn has joined #openstack06:10
*** dubsquared has quit IRC06:22
*** kashyap has quit IRC06:32
*** kashyap has joined #openstack06:32
*** guigui1 has joined #openstack06:42
*** mahadev has joined #openstack06:43
*** adiantum has quit IRC06:44
*** adjohn has quit IRC06:48
*** mahadev has quit IRC06:51
*** hazmat has joined #openstack06:52
*** adiantum has joined #openstack06:56
*** adjohn has joined #openstack06:57
*** mahadev has joined #openstack06:58
*** naehring has joined #openstack07:04
*** gasbakid has joined #openstack07:06
*** miclorb has quit IRC07:07
*** DIgitalFlux has joined #openstack07:08
*** adjohn has quit IRC07:09
*** MarkAtwood has joined #openstack07:15
*** MarkAtwood has left #openstack07:15
Mani2bzr branch lp:nova it show error ssh :connect to connection refeused07:17
*** reldan has joined #openstack07:20
*** gregp76 has joined #openstack07:24
*** ramkrsna has joined #openstack07:24
jeremybMani2: you should talk to #launchpad ... doesn't appear to be anything wrong afaict:07:25
jeremyb$ nc 22 </dev/null | head -n 107:25
jeremyb(they may have you blocked with e.g. fail2ban)07:26
Mani2ok, thank u07:26
*** DigitalFlyx has joined #openstack07:27
*** kashyap has quit IRC07:28
*** kashyap has joined #openstack07:29
*** adiantum has quit IRC07:29
*** DIgitalFlux has quit IRC07:29
*** adiantum has joined #openstack07:35
*** stewart has quit IRC07:35
*** pothos has quit IRC07:40
*** pothos has joined #openstack07:41
*** stewart has joined #openstack07:49
*** mahadev has quit IRC08:05
*** piezo has quit IRC08:07
*** azneita has quit IRC08:08
*** gregp76 has quit IRC08:09
*** adiantum has quit IRC08:29
*** adiantum has joined #openstack08:35
*** DIgitalFlux has joined #openstack08:35
*** reldan has quit IRC08:36
*** DigitalFlyx has quit IRC08:36
*** Nacx has joined #openstack08:41
*** adiantum has quit IRC08:42
*** skiold has joined #openstack08:48
*** mgoldmann has joined #openstack08:48
*** mgoldmann has joined #openstack08:48
sorenttx: It looks like tarmac has "Needs Review" hardcoded as the status for branches that fail the pre commit check.08:50
ttxsoren: yes -- I wanted to make that configurable, post the patch and see if we can apply it to our setup08:50
ttxsoren: had a good time off ?08:51
sorenttx: Cool.08:51
sorenttx: Yeah, Berlin is nice, even this time of year.08:51
ttxsoren: met with some of our common friends ?08:51
sorenYeah, met with dholbach.08:52
ttxsoren: a few things while you catch up:08:52
sorenHe took us to the burger place we also visited when we were sprinting there in 2009.08:52
ttxoh right08:52
ttxsoren: glance builds seem to be broken on PPA08:52
ttxsoren: and is there any way to run the 2011.1.1 candidate build on your magic setup08:53
sorenI can just feed it a bzr branch url, and it'll do its magic.08:53
sorenglance looks easy.08:54
* soren fixes.08:54
ttxsoren: would like to validate bug 716427 + any weird regression (compared to bexar)08:54
uvirtbotLaunchpad bug 716427 in nova/bexar "RPC concurrency problem" [High,Fix committed]
*** photron has joined #openstack08:54
*** adiantum has joined #openstack08:54
*** DIgitalFlux has quit IRC08:54
*** DigitalFlux has joined #openstack08:54
* soren wishes the hudson box would be accessible over https.08:56
*** daveiw has joined #openstack08:58
*** ctennis_ has joined #openstack09:04
*** ctennis has quit IRC09:06
*** ctennis_ is now known as ctennis09:06
*** allsystemsarego has joined #openstack09:09
*** reldan has joined #openstack09:19
uvirtbotNew bug: #726359 in nova "utils.execute uses potentially insecure shell=True" [High,In progress]
*** uksysadmin has joined #openstack09:29
sorenttx: Glance packaging fixed, but needs to land before the build actually works.09:32
*** sateesh has joined #openstack09:33
*** gasbakid has quit IRC09:38
*** sateesh has quit IRC09:40
*** sateesh has joined #openstack09:44
*** MarcMorata has joined #openstack09:51
*** gasbakid has joined #openstack09:52
*** adiantum has quit IRC10:00
*** photron has quit IRC10:02
*** adiantum has joined #openstack10:06
*** adiantum has quit IRC10:30
doudeHi all, I've got a problem with the serial console with libvirt. I copy the Nova XML template of libvirt instances and I set manually the parameters. I create the domain with 'virsh' command but I cannot acces to the serial console through the command 'virsh console mydomain'10:32
doudeIf I remove the part '<serial type="file">' in ht e XML file, the serial console is available10:32
doudeIt works for you ?10:33
*** sateesh has quit IRC10:38
*** adiantum has joined #openstack10:42
*** sateesh has joined #openstack10:45
sateeshttx: when is 2011.1.1 getting released?10:46
ttxsateesh: probably wednesday.10:51
sateeshttx: thanks10:51
ttxsateesh: the go/nogo will be discussed at the weekly meeting tomorrow10:51
sateeshttx: ok10:52
*** vijay_ has joined #openstack10:53
*** shoaib has joined #openstack10:57
shoaibi would like to ask if there is a way to start a service which got stopped due to a restart of host machine?10:57
*** adiantum has quit IRC10:59
*** vijay_ has quit IRC10:59
*** adiantum has joined #openstack11:01
shoaibhelp is needed!!! pls11:04
Mani2hi all, i have given bzr branch lp:nova ssh: connect to host port 22: Connection refused bzr: ERROR: Connection closed: Unexpected end of message. Please check connectivity and permissions, and report a bug if problems persist.11:06
ttxMani2: your issue is not specific to lp:nova... Did you try to ask in #bzr for help ?11:07
ttxshoaib: I don't understand your question.11:07
Mani2no one in #bzr11:08
ttxMani2: there is plenty of people there. Just let them some time to answer.11:09
*** avishay has joined #openstack11:12
avishayHi all. I am trying to set up swift according to development_saio.html. I can connect with curl from the same machine, but not from another machine.11:16
avishayI changed the IP from to the external one in bin/remakerings, /etc/swift/auth-server.conf, and /etc/rsyncd.conf, but no luck.11:16
avishayIs anybody available to help me?11:16
*** jtimberman has quit IRC11:17
*** jtimberman has joined #openstack11:19
*** DigitalFlux has quit IRC11:25
uksysadminshoaib - what service has been stopped?11:25
shoaibthe instance has stopped11:28
shoaibnova and other related services are running11:28
shoaibmy machine rebooted and all instances are down now11:28
*** ahale has joined #openstack11:29
*** adiantum has quit IRC11:30
shoaibanyway to start them? i can see their folder in /var/lib/nova11:31
uksysadminstart nova-{api,compute,objectstore,scheduler,network} etc...11:33
shoaibyes all are running11:33
uksysadminyou mean the instances have stopped, not the services?11:33
uksysadminyour machine rebooted - and the instances live in memory... erm... euca-run-instance again...11:34
shoaiband what about data?11:34
*** DigitalFlux has joined #openstack11:35
shoaibif i euca-run-instance it will create a new instance right?11:35
uksysadminif they didn't have some volume attached (from swift?) then the instances don't have persistent storage11:36
*** bobya has joined #openstack11:36
*** adiantum has joined #openstack11:37
shoaibso what do we hav then in /var/lib/nova/disk?11:38
shoaibi mean /var/lib/nova/instabces/instance folder/disk11:38
*** adiantum has quit IRC11:44
*** hazmat has quit IRC11:45
*** avishay has quit IRC11:47
*** patri0t has joined #openstack11:48
*** adiantum has joined #openstack11:50
zulvishy: ill have some instructions and an image up today for you for lxc11:53
*** markwash has quit IRC11:56
*** hazmat has joined #openstack11:58
*** romain_lenglet_ has joined #openstack11:58
shoaibwhere can i get a centos image i386.tar.gz? anyone?11:58
*** romain_lenglet_ has quit IRC11:59
*** ahmedelgamil has joined #openstack12:00
* uksysadmin renames himself to 'google':
*** DigitalFlux has quit IRC12:04
*** reldan has quit IRC12:10
*** adiantum has quit IRC12:12
*** jaypipes has quit IRC12:12
*** ctennis has quit IRC12:17
*** adiantum has joined #openstack12:18
*** Mani2 has quit IRC12:24
*** shoaib has quit IRC12:25
*** adiantum has quit IRC12:26
*** guigui1 has quit IRC12:29
*** adiantum has joined #openstack12:33
*** ahmedelgamil has quit IRC12:33
*** ctennis has joined #openstack12:35
*** ctennis has joined #openstack12:35
*** DigitalFlux has joined #openstack12:45
*** DigitalFlux has joined #openstack12:45
*** guigui1 has joined #openstack12:50
zulttx: hey i was wondering if libguestfs is required now?12:53
ttxzul: depends on the direction the discussion is going... but it's certainly very welcome12:54
zulttx: ok i think i can squeeze it in12:55
sorenWait, what?12:55
sorenWhere's this discussino?12:55
* soren hates libguestfs12:55
ttxsoren: you prefer NBD ?12:55
sorenIf those are my options, yes.12:55
ttxsoren: see the thread on the RHEL build12:56
ttxsoren: one of the patches they have in is a switch from NBD to libguestfs12:56
ttxsoren: given that there are complains on how difficult it is to interact with qemu-nbd, I was wondering if a switch to libguestfs wasn't appropriate12:56
ttxsoren: you should explain your hatred there :)12:57
* ttx has no opinion on it, but the resulting code in NOva certainly looks better.12:57
sorenWhere's said code?12:58
ttxlet me dig that for you12:59
ttxgets rid of the inframous sleep loop13:00
*** reldan has joined #openstack13:00
sorenI'd much rather throw the 5 needed lines of code at qemu-nbd to fix that.13:01
*** westmaas has quit IRC13:02
*** sateesh has quit IRC13:15
*** kashyap has quit IRC13:15
*** matclayton has joined #openstack13:17
*** fabiand_ has joined #openstack13:19
*** ChrisAM1 is now known as ChrisAM13:21
*** Ryan_Lane has joined #openstack13:23
*** guigui1 has quit IRC13:26
*** Glacee has quit IRC13:41
*** stewart has quit IRC13:42
*** stewart has joined #openstack13:43
*** zul_ has joined #openstack13:48
*** zul has quit IRC13:48
uvirtbotNew bug: #726534 in glance "daemon_options are not loaded by glance bin files" [Undecided,New]
*** vvuksan has joined #openstack13:52
*** fabiand_ has quit IRC13:52
*** Ryan_Lane has quit IRC13:53
*** zul_ is now known as zul13:55
*** zul has joined #openstack13:55
*** bcwaldon has joined #openstack14:00
*** ppetraki has joined #openstack14:03
*** dprince has joined #openstack14:04
*** adiantum has quit IRC14:07
*** pvo has joined #openstack14:13
sorenttx: The stuff you want me to test... Is it in a PPA or is it a particular branch?14:14
ttxsoren: lp:nova/bexar and ppa:ttx/nova-bexar-updates14:15
* soren tires the former first14:15
sorentries, even.14:16
sorenI've just pushed lp:~linux2go/nova/jenkins-config, by the way.14:16
*** bcwaldon has quit IRC14:16
*** westmaas_away is now known as westmaas14:18
*** adiantum has joined #openstack14:19
sorenttx: Hmm... That went less than perfect.14:20
patri0twhich one is right? OR
*** piken_ has quit IRC14:21
sorenpatri0t: Without looking at either, I'm going to guess the answer is "neither".14:23
patri0tsoren: Cool, then do you have any diag for Nova?14:24
* soren doesn't even know what a "cloud controller" is14:24
patri0tsoren: :D, probably should be RabbitMQ14:24
*** bcwaldon has joined #openstack14:24
sorenThat would be a very, very odd.14:25
sorens/ a / /G14:25
* soren fails at typing today14:26
patri0tsoren: even this one:
*** Ryan_Lane has joined #openstack14:28
*** adiantum has quit IRC14:29
sorenpatri0t: I like that last one.14:30
sorenpatri0t: There are so few details that the amount of wrong information is very small.14:30
patri0tsoren: that is also the problem14:30
patri0tsoren: what is between object store and API endpoint in the last one?14:31
sorenpatri0t: What exactly are you trying to find out?14:31
patri0tNova architecture14:31
sorenCan you phrase it as a question?14:32
patri0tI'm looking for design details of Nova, and its architecture14:34
*** adiantum has joined #openstack14:34
patri0tsoren: Do you have any more concrete details about Nova architecture?14:35
*** ramkrsna has quit IRC14:36
patri0tsoren: Can you explain what is wrong in those diags, so I can update them, Or should I start reading the code to find it out?14:36
*** gasbakid has quit IRC14:38
*** GasbaKid has joined #openstack14:39
*** pvo has quit IRC14:40
*** gondoi has joined #openstack14:42
*** hub_cap has joined #openstack14:44
ttxsoren: how so ?14:53
*** m_3 has quit IRC14:54
*** adiantum has quit IRC14:55
*** m_3 has joined #openstack14:55
*** GasbaKid has quit IRC14:56
*** adiantum has joined #openstack14:59
sorenttx: Seems to be an environmental oddity.14:59
*** kashyap has joined #openstack14:59
sorenttx: Or something. I don't quite understand.14:59
* ttx will have a shot at the Nova architecture diagram for a presentation soon. I think I'll make it three-dimensional for clarity.15:01
uvirtbotNew bug: #726569 in nova "gzip content encoding" [Undecided,New]
*** rnirmal has joined #openstack15:01
doudeHi, what's the objectif of the iptables rules in FORWARD table juste after 'nova-local' which authorize flow form/to the bridge of a project ? (source in network/ line 270-271 in bexar release)15:03
sorendoude: It's so that traffic can pass through network nodes to compute nodes.15:04
patri0tttx: good, when will it be?15:04
sorenttx: I can't work out what changed, but for some reason, patches in debian/patches no longer get applied automatically.15:07
ttxpatri0t: end of March15:14
ttxoh, right15:14
ttxsoren: the nova-manage needs to be refreshed. I did that in my local packaging15:14
ttxnova-manage patch*15:14
doudesoren: But the policy of FORWARD table is accept and the policy of the 2 rules are also accept, so what's the interest ?15:16
ttxsoren: current natty/trunk packaging branch probably has the new version of the patch.15:17
*** dendrobates is now known as dendro-afk15:22
*** patcoll has joined #openstack15:23
*** dragondm has joined #openstack15:33
*** adiantum has quit IRC15:37
*** reldan has quit IRC15:42
*** adiantum has joined #openstack15:43
*** hub_cap has quit IRC15:49
*** pvo has joined #openstack15:49
*** sateesh has joined #openstack15:50
*** reldan has joined #openstack15:54
annegentleuksysadmin: are you around? I have a question about your virtualbox instructions. For me, when I run sudo nova-manage service list, the nova-api service is not listed. Is that intentional?15:55
uksysadminyeah I'm here15:55
uksysadminI've never ran that set of commands :-S... where you running it from - the node that has everything on, or a compute node?15:56
*** dprince has quit IRC15:56
annegentleuksysadmin: I'm trying to install all-in-one, maybe that's not the use case?15:57
*** naehring has quit IRC15:57
annegentleuksysadmin: and I run it on thenode that I ran the script on, during the post-config steps15:57
annegentleuksysadmin: could be a nova bug, that service list command was just introduced15:57
annegentleuksysadmin: last release15:58
*** hub_cap has joined #openstack15:58
DigitalFluxannegentle: uksysadmin15:58
DigitalFluxWow, Nova supports VirtualBox now ?!15:58
*** adiantum has quit IRC15:59
uksysadminerm... not really15:59
annegentleDigitalFlux: well it's a nice demo enviornment for installing nova within,
sorendoude: We don't set the default policy.15:59
uksysadmin(as a hypervisor)15:59
DigitalFluxannegentle: Ah this one15:59
sorendoude: So it could be anything.15:59
uksysadminbut for a test environment it works great16:00
DigitalFluxannegentle: I thought that VirtualBox can actually be the Hypervisor16:00
sorendoude: We try pretty hard not to interfere with whatever rules are already set on the system.16:00
uksysadminannegentle: I'll have a play16:00
uksysadminto confirm16:00
uksysadminthe code is waiting for a merge and tlc according to the developer16:00
*** DigitalFlux has quit IRC16:01
annegentleuksysadmin: ok, thank you16:02
sorenttx: I'll get those tests running today. I'll let you know when they're rolling.16:02
* soren wanders off16:02
*** troytoman-away is now known as troytoman16:04
*** blueadept has joined #openstack16:04
*** mgoldmann has quit IRC16:05
annegentleuksysadmin: I'm a junior, deputy, junior sysadmin. Very junior. :) So it's possible I'm missing something. It seems to be working anyhow.16:05
*** hazmat has quit IRC16:05
*** johnpur has joined #openstack16:06
*** ChanServ sets mode: +v johnpur16:06
*** ccustine has joined #openstack16:07
*** mahadev has joined #openstack16:07
*** adiantum has joined #openstack16:11
*** mahadev has quit IRC16:11
*** dprince has joined #openstack16:14
*** mahadev has joined #openstack16:15
*** lvaughn has quit IRC16:15
*** adiantum has quit IRC16:21
*** sateesh has quit IRC16:21
*** clauden_ has joined #openstack16:25
*** adiantum has joined #openstack16:26
*** dprince has quit IRC16:26
*** skiold has quit IRC16:27
*** lamar has joined #openstack16:29
*** dprince has joined #openstack16:29
*** j05h has left #openstack16:32
*** j05h has joined #openstack16:34
*** kashyap has quit IRC16:34
*** adiantum has quit IRC16:36
*** KenD has joined #openstack16:36
*** viirya has quit IRC16:37
*** dendro-afk is now known as dendrobates16:38
*** adiantum has joined #openstack16:42
*** bcwaldon has quit IRC16:44
doudesoren: ok, thanks for the explanation. I forget that's not Nova set the policy16:44
kim0howdy openstack hackers o/ .. I'd like to invite you to register a session at the very first Ubuntu Cloud Days event →
kim0Rocking the Ubuntu cloud scene :)16:48
*** daveiw has quit IRC16:49
*** kashyap has joined #openstack16:50
*** Pentheus has quit IRC16:56
*** adiantum has quit IRC16:57
*** KenD has quit IRC16:57
*** adiantum has joined #openstack16:58
*** hazmat has joined #openstack16:58
*** maplebed has joined #openstack17:00
*** pvo has quit IRC17:02
*** bobya has quit IRC17:03
ttxvishy, berendt: if one of you could post a simple way to reproduce bug 713430 (on the bug), I could use it for 2011.1.1 validation17:05
uvirtbotLaunchpad bug 713430 in nova/bexar "Restart of nova-volume with volumes in wrong state: global name 'volume_ref' is not defined" [High,Fix committed]
*** imsplitbit has joined #openstack17:11
*** uksysadmin has quit IRC17:12
*** hazmat has quit IRC17:14
*** rcc has joined #openstack17:15
*** adiantum has quit IRC17:17
ironcamel2any core devs around? this branch has been approved and is ready to be merged
*** mdomsch has joined #openstack17:19
*** maple_bed has joined #openstack17:21
*** maplebed has quit IRC17:21
justinsbironcamel2: Not a core dev, but I just took a quick look because I wasn't familiar with the patch.  Did you mean "if inst['host']:" or "if inst.get('host'):" ? I've made this mistake too many times myself now!17:21
*** KenD has joined #openstack17:22
ironcamel2justinsb: i believe 'host' should always be available17:23
*** mahadev has quit IRC17:23
ironcamel2justinsb: is that not a safe assumption?17:23
ironcamel2isn't it defined at the data model layer17:23
ironcamel2yeah, it's in models.py17:24
justinsbironcamel2: Just wanted to be sure you were sure!17:24
ironcamel2justinsb: thanks :)17:24
*** KenD has quit IRC17:24
sirp-nova-core: we officially have +2 on; anyone object to me marking it as Approved?17:26
*** rcc has quit IRC17:28
*** maple_bed is now known as maplebed17:28
*** adiantum has joined #openstack17:29
*** gregp76 has joined #openstack17:29
*** bcwaldon has joined #openstack17:35
*** ewindisch has joined #openstack17:37
*** jaypipes has joined #openstack17:39
*** kbringard has joined #openstack17:40
openstackhudsonProject nova build #588: SUCCESS in 1 min 55 sec:
openstackhudsonTarmac: Adds VHD build support for XenServer driver.17:43
openstackhudson* Adds new ImageType DISK_VHD17:43
openstackhudson* Adds determine_disk_image_type which uses Glance `type` to figure out whether an image is a VHD or not17:43
openstackhudson* Adds code to Glance XenServer plugin to handle downloading a VHD and depositing it into the Storage Repository17:43
openstackhudson* Modifies the remove_kernel_ramdisk code to account for RAW and VHD images17:43
openstackhudson* Adds to unit tests for determine_disk_image_type and basic test for spawning a VHD image17:43
openstackhudsonCurrently Nova'a Compute-API makes use of FLAGS.null_kernel ('nokernel') to determine whether an image is "RAW/VHD"-ish.  I've left that requirement in for now; however, I plan on adding a bug to make that optional.17:43
openstackhudsonRequires Glance patch
kbringardspeaking of Glance... if I want to launch a VM with the kernel and ramdisk all in the image, I have to use Glance at this point, correct?17:46
*** adiantum has quit IRC17:48
*** mahadev has joined #openstack17:48
kbringardor, perhaps I have to use the OpenStack API to launch them?17:49
sirp-kbringard: not sure if it's the *only* way at this point, but you can certainly use the OSAPI+Glance to do it17:50
kbringardOK cool... I'm thinking the EC2 api just doesn't support it at this point, since it requires coupling a kernel and image17:51
kbringardor I should say, it *appears* to require coupling them17:52
*** Ryan_Lane has quit IRC17:53
*** joearnold has joined #openstack17:57
*** ramkrsna has joined #openstack17:58
*** ramkrsna has joined #openstack17:58
*** adiantum has joined #openstack18:00
jaypipessirp-: not sure if you noticed, but I proposed a branch for merging into Glance that adds POST/PUT support for the Swift backend.18:04
*** pvo has joined #openstack18:05
sirp-jaypipes: yep saw that, catching up on Glance reviews, should get to that shortly :)18:05
jaypipessirp-: cool, no worries. in jury duty this week, so off and on from IRC... in the jury sequester room right now, even though have yet to be placed into a trial.18:06
uvirtbotNew bug: #726685 in glance "Image_properties 'key' column collides with SQL KEY keyword" [Undecided,New]
*** gondoi_ has joined #openstack18:06
*** piken has joined #openstack18:06
*** h0cin has joined #openstack18:07
*** gondoi has quit IRC18:09
*** gondoi_ is now known as gondoi18:09
*** ewindisch has quit IRC18:11
*** dw_jhake has joined #openstack18:11
*** dragondm has quit IRC18:16
*** dendrobates is now known as dendro-afk18:28
*** mahadev_ has joined #openstack18:33
*** Nacx has quit IRC18:33
*** mahadev has quit IRC18:35
*** gregp76_ has joined #openstack18:36
*** bcwaldon has quit IRC18:36
*** dendro-afk is now known as dendrobates18:36
uvirtbotNew bug: #726700 in glance "glance-manage doesn't use config file" [Undecided,New]
*** bcwaldon has joined #openstack18:37
*** jaypipes has quit IRC18:38
*** etet has joined #openstack18:39
*** dysinger has joined #openstack18:39
*** gregp76 has quit IRC18:39
*** joearnol_ has joined #openstack18:39
*** joearnold has quit IRC18:40
*** rds__ has joined #openstack18:40
*** DigitalFlux has joined #openstack18:42
*** hvaldivia has joined #openstack18:43
hvaldiviaHi everybody.18:43
*** markwash has joined #openstack18:45
*** KenD has joined #openstack18:46
hvaldiviaHow can I set up my cloud for assigning ip from a DHCP Server?. I am not the network administrator and I can't grab a range of IP in my network.18:47
*** iammartian has joined #openstack18:47
*** syah has quit IRC18:47
*** joearnol_ has quit IRC18:48
hvaldiviaFollowing this tutorial , I could create a VM using KVM and I remember that the VM can grab an IP from the DHCP Server.18:49
*** reldan has quit IRC18:49
*** KyleM1 has joined #openstack18:50
hvaldiviaCan I do this using nova?18:50
*** adiantum has quit IRC18:54
*** dw_jhake has quit IRC18:54
*** syah has joined #openstack18:55
*** adiantum has joined #openstack18:56
*** dragondm has joined #openstack18:59
*** dragondm has quit IRC19:01
*** dragondm has joined #openstack19:01
*** hub_cap_ has joined #openstack19:02
*** mahadev_ has quit IRC19:03
openstackhudsonProject nova build #589: SUCCESS in 1 min 49 sec:
openstackhudsonTarmac: Wrapped the instance_types comparison with an int and added a test case for it. Removed the inadvertently added newline19:03
annegentlehvaldivia: yes, you can configure nova networking to be FlatDHCP - let me find a link for you, just a sec19:03
*** mahadev has joined #openstack19:03
*** hub_cap has quit IRC19:04
*** hub_cap_ is now known as hub_cap19:04
*** bcwaldon_ has joined #openstack19:04
annegentlehvaldivia: See
*** hub_cap has joined #openstack19:04
hvaldiviaannegentle: Thanks, I have problems understanding the network configuration, the ranges, etc19:05
annegentlehvaldivia: I know, sorry it's not diagrammed or explained with an image.19:06
hvaldiviaannegentle: What does --flat_network_dhcp_start mean?19:06
*** bcwaldon has quit IRC19:07
*** reldan has joined #openstack19:09
annegentlehvaldivia: that's an entry in the nova.conf flags file - see for all of them19:10
annegentlebasically it's the IP address for starting the list of DHCP IPs19:10
annegentlethat nova hands out? injects? Not sure of the right verb19:10
vishykbringard: no19:11
annegentlehvaldivia: vishy is a great resource19:11
vishykbringard: you can launch whole images through ec2 with objectstore19:11
annegentlehey, there you are :)19:11
kbringardvishy: oh, that is awesome19:12
kbringardwhen I bundle it, I just don't give it a kernel and a ramdisk?19:12
hvaldiviaannegentle: Thank you :)19:12
vishykbringard: I'm not sure exactly how it works using bundling because I usually create mine manually19:12
kbringardah, OK... I looked around a bit and didn't see anything... is there documentation for the preferred way to do it?19:13
vishybut if you launch an instance that has no kernel and ramdisk in the info.json19:13
vishyit will boot as a whole disk19:13
kbringardah, OK, that is good to know19:14
vishyi believe euca-bundle will grab kernel and ramdisk values out of metadata19:14
kbringardI'll play with it then19:14
vishyso you might end up with an image that has them set by accident19:14
vishykbringard: if you pass in --kernel nokernel it will always try to boot without kernel19:15
*** adiantum has quit IRC19:15
kbringardah, perfect19:15
kbringardthis is why vishy is the man :-)19:15
vishykbringargd: imo --kernel nokernel should actually be in euca-upload-bundle to always create without a kernel19:15
vishyand not in run instance but it hasn't been moved yet19:16
vishyhvaldivia: using external dhcp is a little bit tricky19:16
*** reldan has quit IRC19:16
vishyhvaldivia: there isn't really a way for the cloud to know what address was assigned to the instance19:17
vishyhvaldivia: that said, if you come up with some sort of magic dns, you might be able to get it to work19:17
vishyhvaldiva: metadata won't work though, so you'll have to rely on key injection into the image most likely19:18
hvaldiviaVishy. If I understood, OpenStack needs to have a range of ip available for its use.19:21
vishyhvaldivia: it needs a private range of ips19:22
hvaldiviaI want to connect to a VM from outside (through internet)19:22
vishyhvaldivia: and optionally a public range19:22
vishyhvaldivia: yes you need a public range for that19:23
vishyhvaldiva: well actually you need 1 or more public ips, it doesn't have to be a range specifically19:23
*** gregp76 has joined #openstack19:24
*** matclayton has left #openstack19:24
*** nelson has quit IRC19:25
*** nelson has joined #openstack19:26
hvaldiviavishy: interesting. But I need to specify these IPs  in advance. Am I right?19:26
vishyhvaldivia: correct19:26
hvaldiviaOkey. So I should talk with my network admin to reserve ips for my openstack installation. right?19:27
*** adiantum has joined #openstack19:28
vishyhvaldivia: correct19:28
*** MarcMorata has quit IRC19:28
vishyhavldivia: they will be associated with the network host when they are used19:29
vishyhvaldivia: they are natted to the vms through the network host19:29
hvaldiviavishy: thanks, now I can understand a little how nova works.19:30
hvaldiviavishy: I have 4 instances running on my cloud. their ips are: 10.0.0.x. but I can only connect to them from my cloud controller. How can I connect to them from the other machines in my network?19:33
*** joearnold has joined #openstack19:33
vishythere are a few options, but probably the easiest is to add a route to your other boxes19:34
vishyroute add -net gw <ip of your network host>19:34
vishyyou could also use a smaller range, if you need other parts of the 10.x for other services etc.19:35
vishyhvaldivia: one warning though19:35
*** clauden_ has quit IRC19:35
vishyhvaldivia: if you add a route like that, the instance firewall will block traffic19:35
*** joearnold has quit IRC19:36
vishyhvaldivia: so you will need to add specific exceptions for services: euca-authorize -P tcp -p 22 default19:36
hvaldiviavishy: What should I do in that case?19:36
hvaldiviaI did.19:36
vishythe above would authorize ssh for example19:37
vishyyou can also just add rules from your specific range19:37
vishyhvaldivia: a secondary option would be to give all of your hosts an ip in the subnet used by your private ips19:37
vishy(although if you do that, you should mark those ips reserved in your fixed_ips table so that nova doesn't try to give them out19:38
*** hub_cap has quit IRC19:38
hvaldiviavishy: Do You mean that my hosts ips should be set to 10.0.0.x for example19:40
vishyhvaldivia: I mean that you can give your hosts a secondary ip that is that19:42
vishyhvaldivia: which networking mode are you using? Vlan (the default) or FlatDHCP?19:43
*** adiantum has quit IRC19:44
hvaldiviaLast week I used a Flat configuration. Now I am using Vlan (default)19:45
hvaldiviaWhen should I use FlatDHCP? any advangate over Flat?19:46
kbringardit lets OpenStack manage the IPs, so you can get IP info for the VMs straight from the API without having to do weird workarounds19:49
*** adiantum has joined #openstack19:49
*** neckwarmer has joined #openstack19:51
*** mgoldmann has joined #openstack19:51
uvirtbotNew bug: #726742 in glance "Producing useless traceback info" [Undecided,New]
*** reldan has joined #openstack19:55
*** brd_from_italy has joined #openstack19:55
vishyhvaldivia: yes Flat doesn't support a lot of features like metadata out of the box and it requires network injection into the instance19:55
hvaldiviavishy: well I will to FlatDHCP.19:57
hvaldiviaI do not have access to my switch for creating vlans19:58
*** photron has joined #openstack19:58
vishyso in FlatDHCP mode, you will have a bridge (by default it is br100) bridged into your interface19:59
vishyyou can give each host an (additional) ip on that bridge19:59
vishyin the 10.x range19:59
vishyif you want them to talk to vms19:59
vishyto talk from separate L2 networks, you will need to add routes as i mentioned in option 120:00
*** adiantum has quit IRC20:01
hvaldiviavishy: I understand what you say, but I do not how to " give each host an (additional) ip on that bridg". I am feel as a moron20:03
*** Ryan_Lane has joined #openstack20:04
*** DigitalFlux has quit IRC20:07
*** ramkrsna has quit IRC20:07
*** adiantum has joined #openstack20:07
*** DigitalFlux has joined #openstack20:07
vishyip addr add scope global dev br10020:08
vishyactually perhaps depending on how big the network you created20:08
*** gondoi has quit IRC20:09
*** bcwaldon_ has quit IRC20:10
*** joearnold has joined #openstack20:12
*** h0cin has quit IRC20:12
*** MarcMorata has joined #openstack20:15
kbringardvishy: will nova take an "all in one" image that's qcow2?20:18
kbringardby all in one, I mean the kernel, ramdisk, etc20:18
*** hvaldivia has quit IRC20:21
*** bcwaldon has joined #openstack20:22
zulvishy: hey i hope those instructions on the wiki make sense20:22
vishyzul: thanks appreciate it20:24
vishykbringard: I think so20:24
vishykbringard: i20:24
*** reldan has quit IRC20:24
vishy"think" that you can do cow backing to another qcow2, but I'm not totally sure20:25
vishykbringard: it would definitely work with --nouse_cow_images20:25
kbringardcool, I didn't think it would matter, but the docs kept referring to "raw disk images", so I wasn't sure if that meant the actual format, or if it was a misnomer referring to no longer needing a separate kernel and ramdisk20:25
uvirtbotNew bug: #726763 in nova "negative api offsets" [Undecided,In progress]
*** MarcMorata has quit IRC20:26
vishykbringard: misnomer, although raw might be best for compatibility (same images with xen and kvm) although I don't think it would matter for most deployments20:26
*** reldan has joined #openstack20:27
annegentlekbringard: ah good point.20:27
kbringardcool, I'll probably start with raw to get rid of excess complexity, then once I determine everything is working, I'll try other formats20:27
kbringardannegentle: it's not a super big deal, just wanted to make sure I understood what I could and couldn't do :-)20:27
kbringardmore than anything I'm just getting tired of moving 10GB files all over the place20:28
kbringardeven over gig, it still takes awhile ;-)20:28
vishykbringard: yeah it is kinda slow :)20:29
*** bradshaw has joined #openstack20:29
bradshawHappy Monday to all, We are working on expanding out our nova-network servers, but are having a terrible time with SNAT and the address for metadata service. Does anyone have a "reasonable" solution cause right now we are white boarding some stuff that seems way to complex to solve this?20:32
bradshawthe issue we are seeing is that the rewrite that turns into a real IP is happening just fine, but then the NAT rule rewrites the original 10net VM address to the external IP of the nova-network20:37
devcamcarhey all, anyone here have luck using cyberduck with swift?20:41
devcamcari can't get it to validate my credentials20:41
devcamcarcreiht, notmyname, gholt: ^^20:41
* creiht doesn't have a mac or windows, but have heard it works20:42
devcamcaryea it looks like it should work20:42
devcamcarit has only a username field20:42
devcamcarso i'm assuming project:user format20:42
notmynameI think there was a wiki page20:42
devcamcarnotmyname: thanks, i'll do some more digging20:43
annegentledevcamcar: I never could get it to validate either.20:43
notmynameya, username should be account:name20:43
notmyname(in the context of a swift dev auth/swauth account)20:44
devcamcaryea thats what i would think20:44
annegentledevcamcar: I did a write up here:
*** gondoi has joined #openstack20:44
creihtdevcamcar: which instructions are you using to connect?20:44
devcamcarannegentle: thanks20:45
notmynamehmm..I get an SSL error (cause I'm not using SSL)20:45
devcamcarcreiht: just started poking at this, but just using instructs in cyberduck20:45
*** gondoi has quit IRC20:45
devcamcarannegentle: "If you are using swauth for authorization, you want to change the context of the URL from the default /v1.0 by using defaults write ch.sudo.cyberduck cf.authentication.context <string> and substitute /auth/v1.0."20:45
devcamcarthis looks relevant, but does that change it globally?20:45
devcamcarseems like you'd want to set that per connection20:46
*** adiantum has quit IRC20:46
annegentledevcamcar: yeah I think that's part of the problem, why I couldn't get it working20:46
annegentledevcamcar: I haven't dug into a way to do a per-connection context string config20:48
annegentlectennis: any ideas? ^^20:48
devcamcarhah, ouch! official docs say to modify cyberduck's source and recompile :)
creihtheh... that's a bit out dated20:49
*** adiantum has joined #openstack20:51
annegentlegeneral cloudy question: Do people always use the same hypervisor once they get one working? Or would a given cloud provider use multiple hypervisors?20:51
* creiht tries to install under wine20:51
annegentleI suppose if you're a Windows/Linux VM provider, you have to use 2 hypervisors at a minimum, right?20:52
creihtoh... it uses .net :(20:52
vishyttx, soren, mtaylor: looks like we need the new libvirt (from natty) in the ppa to support lxc20:52
devcamcarannegentle: not necessarily20:52
*** paltman has quit IRC20:53
devcamcarcreiht, annegentle: i tried setting the global defaults for the auth prefix, but still didn't work.  my assumption is that cyberduck is built with support for devauth but not swauth, or something like that20:53
devcamcarstill seems like setting that value should have fixed it but who knows20:53
devcamcaranyway not the end of the world, i just wanted to see if it worked20:53
annegentledevcamcar: ok, asking so that I can organize the guide best... networking and hypervisors seem like big decisions, each worthy of their own config chapter20:54
sorenvishy: If mtaylor doesn't beat me to it, I'll get it done tomorrow.20:54
annegentledevcamcar: and I'd like to figure out the Cyberduck config to document it more clearly, so thanks for trying it20:55
devcamcarannegentle: xen supports windows guests, kvm does to with some handholding20:55
annegentledevcamcar: ah, okay.20:55
devcamcarannegentle: i'm going to file a bug with cyberduck20:55
vishysoren: cool thx20:55
devcamcarannegentle: even though the hypervisor supports it, you still have to configure separate zones for windows/linux20:55
annegentledevcamcar: ah, okay20:56
*** hvaldivia has joined #openstack20:56
devcamcarannegentle: ultimately its up to the scheduler to figure that out, and will require zones to define via metadata what guest types they support20:56
*** adiantum has quit IRC20:57
*** paltman has joined #openstack20:59
annegentledevcamcar: is there more than one scheduler_manager option?21:01
devcamcarannegentle: i think there are blueprints for this, the metadata stuff doesn't exist yet21:02
devcamcarcreiht, notmyname: swauth was introduced in swift 1.2, correct?21:02
annegentledevcamcar: ok, got it. thanks for the help21:02
*** mdomsch has quit IRC21:03
*** adiantum has joined #openstack21:03
notmynamedevcamcar: yes21:04
*** gregp76 has quit IRC21:05
*** grapex1 has joined #openstack21:05
devcamcarcreiht, notmyname, annegentle:
devcamcarhopefully we'll get some help on it :)21:07
*** viirya has joined #openstack21:08
*** dfg has joined #openstack21:08
notmynamedevcamcar: thanks. the cyberduck dev is pretty good about being on top of bugs/features21:08
*** hvaldivia has quit IRC21:11
*** grapex1 has left #openstack21:12
notmynameof course, watch this time he'll take weeks to get to it ;-)21:14
*** adiantum has quit IRC21:17
*** miclorb has joined #openstack21:21
*** ctennis has quit IRC21:21
*** adiantum has joined #openstack21:23
*** DigitalFlux has quit IRC21:28
*** DigitalFlux has joined #openstack21:30
*** DigitalFlux has joined #openstack21:30
*** glange has left #openstack21:31
*** adiantum has quit IRC21:31
*** dprince has quit IRC21:32
*** brd_from_italy has quit IRC21:32
*** gregp76 has joined #openstack21:34
*** photron has quit IRC21:35
*** DigitalFlux has quit IRC21:35
*** ctennis has joined #openstack21:36
*** ctennis has joined #openstack21:36
*** adiantum has joined #openstack21:36
*** adiantum has quit IRC21:44
*** adiantum has joined #openstack21:50
*** lvaughn has joined #openstack21:51
*** dirakx has quit IRC21:53
*** allsystemsarego has quit IRC21:57
*** gregp76 has quit IRC21:58
devcamcarcreiht, notmyname: having some odd authentication issues with a swift account i just created21:59
*** bcwaldon has quit IRC22:00
devcamcarthis step works: curl -k -v -H 'X-Storage-User: system:root' -H 'X-Storage-Pass: testpass' https://<AUTH_HOSTNAME>:11000/v1.022:00
devcamcarthis step dies: curl -k -v -H 'X-Auth-Token: <token-from-x-auth-token-above>' <url-from-x-storage-url-above>22:00
devcamcargives a 403 and i can't figure out why22:00
devcamcarany ideas on how i can debug?22:00
creihtdevcamcar: did you create the account as an admin?  otherwise it has no perms until you grant them22:02
notmynamedid you add that user to the auth system with a "-a"?22:02
devcamcarargh yea thats it22:02
devcamcarthanks :)22:02
devcamcarone other strange thing i saw -22:02
devcamcarits storage service was set to http:// instead of https://22:03
notmynamecheck the storage url in the config22:03
*** reldan has quit IRC22:03
devcamcaror something else22:04
devcamcaryea i have both public and private urls set there22:04
devcamcarpublic is https22:04
devcamcarbut they are different hostnames22:04
devcamcarso basically i have https://public and http://private22:05
devcamcarbut it showed up as http://public22:05
devcamcarif that makes sense22:05
notmynamegholt: ^? I'm not an expert in swauth configs yet ;-)22:05
*** hggdh has quit IRC22:05
devcamcarnotmyname: nevermind, i found it22:05
notmynameah ok22:05
notmynamewhat was it?22:05
devcamcardevcamcar: for some reason chef-solo didn't update it properly22:05
devcamcarsomething else to fix now :)22:06
notmynameso what was the config like?22:06
notmynameyou had http in both?22:07
devcamcarit was exactly that - i had http://public in the config instead of https://public, so swift did with that exactly what you'd expect22:07
devcamcaryea, just loser error on my end22:07
notmynameah, ok. makes sense then22:08
devcamcari'm just good enough with swift now to be really, really dangerous22:12
notmynamearen't we all? :-)22:13
edaycreiht: whats the 30-second scoop on swift auth? I know there is the dev and swauth server, are both staying around long term? Any plans to split either into a standalone project for others to use?22:14
notmynamedevcamcar: heh, just re-read what you said and my response. wasn't trying to say you were a loser. quite the opposite. mis-read on my part that made me respond with the wrong thing22:14
edaynotmyname: or perhaps you can answer my q too :)22:15
notmynameeday: dev auth should be removed in diablo, swauth is staying around as a part of swift (middleware)22:15
devcamcarnotmyname: hah, don't worry, that was my own interpretation :)22:15
*** jwalters_ has joined #openstack22:16
*** mgoldmann has quit IRC22:17
jwalters_I'm getting an eventlet backtrace with the most recent version of nova, anyone have any thoughts?:
edaynotmyname: ok, thanks! so no plans to break it into it's own project with other backends? (ie, openstack-common with swauth, sql, ... drivers)22:17
*** zul_ has joined #openstack22:17
sirp-jwalters_: that's related to this:
notmynameheh, swauth was a separate project that was merged into swift. no plans that I know of, but I'll be the first to say that I don't know all the plans22:18
*** zul has quit IRC22:18
sirp-jwalters_:  you can go the ppa route, or like i did, just apply the included patch to eventlet22:18
*** gregp76 has joined #openstack22:20
jwalters_thanks sirp, I'll give that patch a try22:20
*** littleidea has joined #openstack22:20
creihteday: swauth is implemented as middleware backended by a swift cluster22:21
creihtso it kinda requires swift to be used22:21
creihtit could be extended if needed22:22
*** blueadept has quit IRC22:22
creihtnot sure you really want to do that22:22
edaycreiht: yeah, understood. but we could reuse some of that to power other backends as well22:22
creihtahh... possibly22:22 is throwing 500's, anyone know who manages that?22:22
edaycreiht: having a openstack-auth service is starting to make more sense, I don't want to make a one-off auth thing like nova and swift do for the queue service :)22:23
*** bradshaw has left #openstack22:23
edaycreiht: and swauth is the closest thing we have right now, as nova-auth is very nova specific still22:23
creihtthe only problem with that is that it requires a swift install to use22:24
creihtwhich may not be ideal22:24
creihtthough if we can get a simpler (non-redundant) version of swift to use for dev/testing, that might be simpler22:24
edaycreiht: right now, yes, but if we make the backends pluggable, a sqlite is just as easy to use22:24
creihtI'm not sure it is made in a way to be pluggable like that :)22:25
edaysure, certainly work to do22:25
edayany reason why you're removing the devauth server? seems useful for testing22:26
creihteday: well dev auth is basically that :)22:26
creihtdev auth had some issues22:26
creihtmostly scaling22:27
edayheh, yeah :)22:27
edaybut still useful for single-machine dev, no? or do you require swauth setup for dev now?22:27
jk0who runs getting a 50022:27
creihteday: yeah we will require swauth for dev22:28
creihtsince in dev you have swift setup already :)22:28
devcamcarcreiht, notmyname: can you point me to where you guys documented best practices for the amount of workers to run based on number of cores available?22:29
edaycreiht: ahh, ok :)22:29
creihteday: A better idea may be to have a simple reduced redundancy mode that requires only the main services running, and only stores one replica for stuff like that22:30
creihtWe've talked about something like that to replace nova-objectstore22:30
creihtdevcamcar: Not sure we have real hard numbers on that22:30
*** adiantum has quit IRC22:31
creihtdevcamcar: a good starting point is a worker per core, then test and see where the bottle necks are :)22:31
edaycreiht: yeah, perhaps. is there any docs on how reseller code works in swift? I see bits here and there, but not sure where it matters. is it basically a prefix that determines different auth service?22:33
creihteday: more or less, yes22:33
devcamcarcreiht: thanks, though in the past i remember you had more specific suggestions, like 4 workers per core for proxy/object/container, and like 1 for account or something.  when we stood up our first swift test env i remember we went over that22:34
*** vvuksan has quit IRC22:34
*** kbringard has quit IRC22:34
devcamcarcreiht: but i will experiment22:34
edaycreiht: ahh, thanks. I read that, missed the reseller parts :)22:34
creihteday: and
*** adiantum has joined #openstack22:36
*** jwalters_ has quit IRC22:39
*** MarcMorata has joined #openstack22:40
*** imsplitbit has quit IRC22:44
*** MarcMorata has quit IRC22:50
*** mdomsch has joined #openstack22:52
*** ppetraki has quit IRC22:53
*** dubsquared has joined #openstack22:54
*** burris has quit IRC22:57
*** localhost3 has joined #openstack22:57
*** adiantum has quit IRC22:58
*** redbo_ has joined #openstack23:00
*** gdusbabe` has joined #openstack23:00
*** drico_ has joined #openstack23:01
*** magglass2 has joined #openstack23:01
*** flashn has joined #openstack23:01
*** gdusbabe` has quit IRC23:01
*** gdusbabe` has joined #openstack23:02
*** sandywalsh_ has joined #openstack23:02
*** iammartian_ has joined #openstack23:02
*** devcamcar_ has joined #openstack23:02
*** devcamcar has left #openstack23:02
*** devcamcar_ has left #openstack23:02
*** devcamcar has joined #openstack23:02
*** exlt_ has joined #openstack23:02
*** RichiH_ has joined #openstack23:03
*** huismon_ has joined #openstack23:03
*** JordanRi1ke has joined #openstack23:03
vishy+1 for common auth23:04
*** chmouel_ has joined #openstack23:04
vishyauthn and authz23:04
*** soren_ has joined #openstack23:04
*** soren_ has quit IRC23:05
*** soren_ has joined #openstack23:05
*** ChanServ sets mode: +v soren_23:05
*** lvaughn_ has joined #openstack23:06
*** soren has quit IRC23:07
*** soren_ is now known as soren23:07
*** zul_ has quit IRC23:08
*** lvaughn has quit IRC23:08
*** nelson has quit IRC23:08
*** iammartian has quit IRC23:08
*** patcoll has quit IRC23:08
*** deshantm has quit IRC23:08
*** zenmatt has quit IRC23:08
*** localhost2 has quit IRC23:08
*** RobertLaptop has quit IRC23:08
*** exlt has quit IRC23:08
*** arun_ has quit IRC23:08
*** Daviey has quit IRC23:08
*** fysa has quit IRC23:08
*** chmouel has quit IRC23:08
*** drico has quit IRC23:08
*** RichiH has quit IRC23:08
*** sandywalsh has quit IRC23:08
*** husimon has quit IRC23:08
*** ryker has quit IRC23:08
*** flashn_ has quit IRC23:08
*** filler has quit IRC23:08
*** magglass1 has quit IRC23:08
*** rackerhacker has quit IRC23:08
*** redbo has quit IRC23:08
*** dubs has quit IRC23:08
*** JordanRinke has quit IRC23:08
*** gdusbabek has quit IRC23:08
*** openfly has quit IRC23:08
*** iammartian_ is now known as iammartian23:08
*** joearnold has quit IRC23:08
*** markwash has quit IRC23:09
gholtIf any want to promote swauth to be some amazing common auth, I won't complain. But I don't personally have the time to make it all it could be (ldap hooks, oauth, w/e). It was just an idea, and it was just a weekend or so. :)23:09
*** zul__ has joined #openstack23:10
*** hggdh has joined #openstack23:10
*** patcoll has joined #openstack23:10
vishygholt: does it do authz?23:11
* vishy goes to find the code23:11
*** Daviey has joined #openstack23:11
*** adiantum has joined #openstack23:11
*** fysa has joined #openstack23:11
gholtHehe. I does both authentication and authorization yes.23:11
gholtI would give you a link real quick, but launchpad is not real quick.23:11
*** ryker has joined #openstack23:13
*** arun_ has joined #openstack23:13
*** arun_ has joined #openstack23:13
*** rackerhacker has joined #openstack23:13
gholtQuick guide: get_groups is authentication, authorize is authorization. The rest is just management. :)23:13
*** patcoll has quit IRC23:14
*** maplebed has quit IRC23:14
*** nelson has joined #openstack23:14
*** filler has joined #openstack23:14
*** dubs has joined #openstack23:14
*** RobertLaptop has joined #openstack23:14
*** deshantm has joined #openstack23:14
*** zenmatt has joined #openstack23:15
*** hggdh has quit IRC23:15
edayvishy, gholt: One big Q I have is where should authz/access control go? For example, should a generic auth service keep nova-specific controls, or should each service maintain a auth DB as well for their own controls?23:15
*** mdomsch has quit IRC23:15
*** hggdh has joined #openstack23:16
vishyeday: i think a general service is "programmable" by the client service23:16
vishyI've been thinking of objects like a directory hierarchy23:16
openstackhudsonProject swift build #207: SUCCESS in 29 sec:
openstackhudson* Tarmac: small doc fix23:16
openstackhudson* Tarmac: lower memcached error limit duration.23:16
edayvishy: so a flag that says whether account X can create networks should be stored via a generic interface in an auth service?23:17
vishyas in an object is /org/unit/account/project/object/subobject23:17
vishyand the "general account services verifies up to project/"23:17
vishythe service verifies authz to object/subobject23:18
vishybut it could do that by hooking into the generalized auth system23:18
vishyand auth is controlled via subject (user), predicate (action), and object (which has a path like the above)23:19
edayI think we need to drop 'project' and start thinking of accounts. a project can be a shared account. I make want to modify /account1/volume/X, but am logging in with account2 (and account2 has certain perms on account1)23:19
vishyas far as I'm concerned /org/unit/account/project is opaque to the services23:20
vishybut internal to auth system it is arbitrarily nested groups and subgroups23:20
edayvishy: I guess I would say: /account/object..., and let account represent whatever it needs underneath23:20
vishyeday: sure, but the point is some services may have similar concerns (objects subobjects) swift for example23:21
edaythis is basically how swift does it23:21
edayvishy: ok, we may be saying the same thing :)23:21
vishyat least i'm assuming you can have different access control on the bucket hierarchy23:22
vishycan you?23:22
*** adiantum has quit IRC23:22
edayper container, yes23:22
*** gregp76 has quit IRC23:23
edayat least you can have public and private containers23:23
vishyare there subcontainers though?23:23
eday/account/container/object, thats it23:23
edayyour objects can have '/' in the for 'fake' paths23:23
edayvishy: do, getting back to service specific access control, you think we should store that in the generic auth service?23:24
gholtSorry, wandered off for a bit there. The idea with swauth/devauth was that the auth would resolve to a list of groups/roles and that the service would store acls of those groups/roles. You want access to a Swift container, tell that Swift container to allow group 'whatever' and make sure your auth has you in that group.23:29
vishysorry internet died23:29
vishygholt so it only acl's for one action23:29
*** maplebed has joined #openstack23:30
gholtFor now, in Swift we have X-Container-Read and X-Container-Write ACLs.23:30
vishyah so you could in theory pass in any action as a header?23:31
gholtSure, within the limits of what you can support with the service, but the auth[nz] part knows nothing about that.23:32
gholtWe do have a bit of "seepage" to be honest. for instance, authz checks account creation and deletion permissions.23:33
vishydoing it within swift seems fairly useful for containers in swift, but I'm not sure if it would support another service.23:33
vishymeaning, is the idea that the auth data is on the same server as the actual container?23:34
*** westmaas1 has joined #openstack23:34
vishyor is it just arbitrarily using swift for consistency/availability?23:34
gholtWell, ignore what it uses to store account names, user names, passwords. Swauth does not store ACLs. It just stores account, users, passwords, and groups.23:35
gholtThe ACLs are stored on the resource that they control.23:35
gholtSince there can be (and are) millions of containers in the cluster, it doesn't make much sense to replicate all those container names into the auth system just so you can store the acls there.23:36
uvirtbotNew bug: #726864 in glance "Variable `id` shadowing builtin" [Low,New]
vishygholt: sure23:37
vishygholt: so object level ACLs should be in the service23:37
vishystored by whatever means the service deems necessary23:38
gholtYeah, if we ever add that it would be stored in the service.23:38
vishyhow does it find out which "group" the user is in?23:38
*** RichiH_ is now known as RichiH23:38
*** gregp76 has joined #openstack23:38
edaygholt: can you define group? is it just a list of accounts that map to another account?23:40
gholtThat's up to the auth side really.23:40
*** gondoi has joined #openstack23:40
gholtIt can be anything, just opaque strings to the X-Container-Read acl header for instance.23:40
edaygholt: what is it indexed by? account? or just an arbitrary string?23:42
gholtNot really any index. Just, for instance, X-Container-Read: edayacct:eday,otheracct:user,yetanotheracct   It's purposefully a limited list in Swift, as we don't want some crazy 2,000 group resolution stuff going on.23:43
vishygholt: so it makes a request to the auth service saying get_user_groups?23:44
gholtWhat is "it" in that question?23:44
vishythe authz code.23:44
vishyif you have a user, and you are checking acls, how do you check which groups the user is in?23:45
gholtAh, well, let's see. A request comes in with a token, the token is resolved to groups, the service tacks on an acl string if it applies and calls back to authorize, authorize checks if the token's groups and services groups match up.23:47
edayhmm, token resolved to groups? I though the group lookup happened in the auth service, not in swift itself?23:49
* vishy is reading the doc. Starting to make sense23:51
gholtWell, the token being resolved to groups can either be "inlined" when Swauth/Swift are the same cluster, or a call-out can be done if Swauth is somewhere else.23:51
vishyN groups are associated with a given account:password combination23:52
vishyThe first group is a specific "username" group, then a specific "account" group, then followed by an arbitrary number of other groups23:53
* gholt notes that Swauth/Swift *not* being inlined isn't available yet.23:53
gholtI should really do that. :/23:53
vishygholt: so it looks like a command like "list all users in group X" would be impossibly slow?23:53
vishygholt: assuming a large number of accounts, it would have to check all accounts, yes?23:54
gholtWith Swauth, yeah. I tested to 100,000 users and it wasn't too bad really. So "it depends" :)23:54
vishygholt: I'm just trying to understand the data storage, and if it can be mapped to other things.  It would be pretty easy to pull out the account/group/password stuff into an external service, right?23:55
vishyand just leave the container level acls in swauth?23:55
gholtExactly. :)23:55
gholtSwauth was just a fun "what if I stored authentication info in swift?" project. And is good enough for many uses. And scales within that limited use case (no large multi-account groupings).23:56
vishyin that case, the external service would just need to provide something like a user.get_groups() and all of your stuff would work23:57
*** gdusbabe` is now known as gdusbabek23:57
vishyor perhaps get_groups(account, user)23:58

Generated by 2.14.0 by Marius Gedminas - find it at!