Tuesday, 2011-11-22

vidd_rfz, yes00:00
_rfzhow? :)00:00
_rfzI keep getting server disconnected00:00
_rfzbut if I launch it manually I can connect00:01
coli_rfz, run tcpdump and see what is happening00:01
viddlook at my updated "nova-settings script00:01
*** cereal_bars has quit IRC00:02
rmkvidd: that did it, thanks00:05
viddhappy to help =]00:06
viddwhich of the 3 was it?00:07
*** dachary has quit IRC00:08
viddrmk, which of the 3 suggestions fixed you?00:14
rmkthe flag for keystone_ec2_url00:14
rmkdifferent problem now00:14
_rfzvidd, thanks those 2 options for vnc fixed the problem on the controller node00:17
vidd_rfz, you actually thank Kiall for them =]00:17
*** MarkAt2od has quit IRC00:18
viddrmk, what issue now?00:18
*** rnirmal has quit IRC00:20
*** perestre1ka has joined #openstack00:22
*** MarkAtwood has joined #openstack00:22
*** CaptTofu1 has joined #openstack00:22
*** krow1 has quit IRC00:22
*** deshantm_laptop_ has quit IRC00:23
*** perestrelka has quit IRC00:23
*** CaptTofu has quit IRC00:23
*** Ryan_Lane has quit IRC00:25
*** dirkx_ has quit IRC00:25
*** chomping has joined #openstack00:34
*** RicardoSSP has joined #openstack00:34
*** RicardoSSP has joined #openstack00:34
*** pixelbeat has quit IRC00:34
rmkIOError: [Errno 2] No such file or directory: '/var/lib/nova/CA/server.csr'\00:35
vishyrmk: are you using trunk?00:36
*** deshantm_laptop_ has joined #openstack00:36
rmkvishy: negative, using stable/diablo00:36
vishyrmk: because I think i know the bug if so00:36
rmkHmm if it's been patched maybe I can add it manually..00:36
*** Pr0toc0l has left #openstack00:37
rmkvishy: It should be looking in /var/lib/nova/CA/projects/<id>/..00:39
rmkThat's where it's actually creating said certs00:39
rmkOnly bug I see on the topic is https://bugs.launchpad.net/nova/+bug/75709900:40
vishyrmk: do you have --use_project_ca ?00:40
rmkI do00:40
vishywhen do you get that error?00:40
rmkHmm actually it got removed -- re-adding and trying again00:40
*** abecc has quit IRC00:40
rmkAlright yeah I'm back to my original auth error now.  My config system undid my temporary nova.conf changes.00:41
*** vendemiat has joined #openstack00:42
rmkThe SSL certificate generation and whatnot is fine.00:42
*** dragondm_ has quit IRC00:42
vishyrmk: the image_id is supposed to be int00:43
rmkThat's what I have currently00:43
vishyrmk: I guess the docs need to be updated00:43
rmkGetting an auth error00:43
vishyrmk: are you using deprecated auth?00:43
vishyyeah that won't work00:43
vishyrmk: it tries to get the access and secret from the db00:43
vishyrmk: they aren't in the db00:44
vishyif you have keystone configured with ec2 creds00:44
rmkI do00:44
vishyyou could modify the vpn boot command to accept a secret and access instead of a tenant id00:44
vishyand you might be able to get it to work that way00:44
vishythat's why it has a note about only works with deprecated auth00:44
rmkYeah I was hoping I could work through whatever the issue there was00:45
rmkI would have skipped keystone for now if I could live without the dash00:45
*** MarkAtwood has quit IRC00:46
vishyrmk: well you can create a tool that boots vpn instances from the outside perhaps :)00:46
rmkThis is true00:46
vishyrmk: but i think you will have other problems00:46
vishytrying to modify nova to do it00:46
rmkI'll probably end up creating a vpn appliance which tenants can just launch themselves00:47
vishyrmk: it won't make the keys and cas properly without users and projects00:47
vishyrmk: workaround00:47
vishycreate all of the users and projects from keystone in nova with the same secret and access keys00:47
vishyand it should work.00:47
vishyugly hack though00:48
vishyand you might have issues with tenant_id vs tenant_name00:48
rmkvishy: Would have to insert manually into the db, right?00:48
*** jkyle has quit IRC00:49
*** negronjl has quit IRC00:49
vishyrmk: no you can use nova-manage user create00:51
vishyand nova-manage project create00:51
vishyI think you will have to use the tenant_id as the project name when you create it00:51
*** livemoon has joined #openstack00:51
vishyuser probably username00:51
rmkok I see what you're saying00:52
rmkI'd already created keystone ec2 creds00:52
rmkSounds like this model would have me creating them in nova first, then adding them to keystone00:52
rmkSo both sides match00:52
*** MarkAtwood has joined #openstack00:53
vishyrmk: either way00:53
rmkWell your way means I don't have to do anything manual with nova00:53
vishyrmk: be nice to get the vpn code working again00:53
rmkOtherwise the key/secrets are non deterministic00:53
vishybut it will take some effort00:53
vishyyou can specify access and secret with nova-manage user create00:53
rmkah didn't know that00:53
vishyit gives you a uuid if you don't specify00:54
vishyundocumented ;)00:54
*** negronjl has joined #openstack00:54
rmkActually it's in the help section for user create00:55
WormManI've resorted to adding the user with keystone, logging into the dashboard to make the nova user, exporting the RC, then fixing it with the correct credentials and adding the euca creds to keystone00:56
*** dolphm has joined #openstack00:57
*** RicardoSSP has quit IRC00:58
*** rsampaio has joined #openstack00:59
*** dolphm has quit IRC01:00
*** nerdstein has joined #openstack01:01
*** ejat has quit IRC01:01
*** dolphm has joined #openstack01:01
*** po has quit IRC01:02
*** n0ano has joined #openstack01:03
*** n0ano has quit IRC01:03
*** rsampaio has quit IRC01:03
*** ben_duyujie has joined #openstack01:04
*** n0ano has joined #openstack01:04
rmkvishy: I've got everything matching, still no luck though,.01:06
*** FallenPegasus has joined #openstack01:06
*** bryguy has quit IRC01:07
*** MarkAtwood has quit IRC01:07
*** vendemiat has quit IRC01:08
_rfzI'm having troubles connecting to a VNC on a compute only node - works fine on controller + computr node.  It bombs out just before the server handshake01:09
*** dolphm has quit IRC01:09
*** bryguy has joined #openstack01:10
*** webx has quit IRC01:10
*** FallenPegasus has quit IRC01:13
*** MarkAtwood has joined #openstack01:13
rmkvishy: Disabled keystone auth on glance for the time being and that worked but of course the dashboard doesn't like that at all.01:14
*** stewart has quit IRC01:17
*** andrewbogott has quit IRC01:18
*** deshantm_laptop_ has quit IRC01:21
*** FallenPegasus has joined #openstack01:21
*** stewart has joined #openstack01:21
*** MarkAt2od has joined #openstack01:23
*** rnirmal has joined #openstack01:23
*** MarkAtwood has quit IRC01:24
*** FallenPegasus has quit IRC01:25
*** adjohn has quit IRC01:27
*** jkyle has joined #openstack01:28
*** dotdevops has quit IRC01:28
*** MarkAt2od has quit IRC01:33
*** sdake has quit IRC01:35
*** deshantm_laptop_ has joined #openstack01:35
*** jog0 has quit IRC01:36
*** rustam_ has quit IRC01:37
*** jog0 has joined #openstack01:39
*** jog0 has quit IRC01:39
*** vladimir3p has quit IRC01:39
*** MarkAtwood has joined #openstack01:46
*** troya has joined #openstack01:48
*** russellb has quit IRC01:49
*** CaptTofu1 has quit IRC01:49
*** CrashHD has joined #openstack01:49
*** russellb has joined #openstack01:49
*** CaptTofu has joined #openstack01:50
*** dendro-afk is now known as dendrobates01:51
*** CaptTofu has quit IRC01:51
*** CrashHD has left #openstack01:51
*** dpippenger has quit IRC01:58
*** rnirmal has quit IRC01:59
*** jiva has joined #openstack02:00
*** jiva has left #openstack02:00
*** bengrue has quit IRC02:01
ben_duyujiedid you know TWCOSUG, HugoKuo?02:02
*** maplebed has quit IRC02:03
*** llang629_ has left #openstack02:04
rmkDoes anyone have a patch for this -- https://bugs.launchpad.net/glance/+bug/87695202:08
rmkFound it.02:10
*** adjohn has joined #openstack02:10
lzyevallivemoon: you live in asia?02:11
*** ejat has joined #openstack02:13
*** ejat has joined #openstack02:13
HugoKuo__Ben_duyujie , yes02:14
HugoKuo__Ben_duyujie , will you join the meeting in early December ?02:15
ben_duyujiesorry ,i can't come this time02:17
ben_duyujiesome friends tell me there will be a meeting02:18
troyahi All02:18
HugoKuo__neither nor I ,  been called by the military during the week :>02:19
ben_duyujieExpect to have more information in the meeting:)02:20
*** jdurgin has quit IRC02:21
*** dpippenger has joined #openstack02:21
ben_duyujieanybody have used ubuntu11.10+xen4.1 for openstack?02:22
*** miclorb__ has quit IRC02:23
*** nerdstein has quit IRC02:23
*** miclorb_ has joined #openstack02:23
troyahi hugokuo02:24
troyahi lzyeval02:24
troyai have question about creating images, anyone can help me02:24
*** fysa has quit IRC02:25
uvirtbotNew bug: #893426 in nova "Suspend/Resume Instances do not check instances' power state" [Undecided,New] https://launchpad.net/bugs/89342602:26
lzyevalwuzup troya, I just started also. What problem did you encounter?02:29
*** misheska has quit IRC02:33
*** lorin1 has joined #openstack02:33
*** lorin1 has quit IRC02:33
HugoKuo__troya , more info plz02:35
troyaok HugoKuo, firstly i have problem with dnsmasq of my openstack02:38
*** obino has quit IRC02:38
troyaevery after restart my server, when i running instances no nova-network.log always appear error message >> ndnsmasq: failed to create listening socket for Address already in use02:38
troyaso, service my nova-network is not running02:39
troyawhat should i do ?02:39
troyai must kill process dnsmasq first, and restart other service then nova-network can run again02:42
*** osier has joined #openstack02:42
troyaHugoKuo: any sugesstion, what should  i do to solve this ?02:42
Kialledit /etc/default/dnsmasq and set ENABLED = 002:48
Kiallnova-network, rather than upstart, needs to manage the dnsmasq instance02:49
*** shang has quit IRC02:50
*** shang has joined #openstack02:52
troyahave a nice dream kiAll, in my country now is morning :)02:57
*** jdg_ has joined #openstack02:58
*** jdg_ has quit IRC02:58
*** catbot has joined #openstack03:00
catbotwhen I tried to get a instances list for me with API, but it always returned all instances of the tenant that I belonged to. any ideas?03:03
*** wariola has joined #openstack03:04
*** ben_duyujie has quit IRC03:05
*** ben_duyujie has joined #openstack03:07
*** ejat has quit IRC03:08
*** misheska has joined #openstack03:10
viddcatbot, it will return everything in your tenant....03:11
viddthats what it is supposed to do03:11
viddwhat command are you using to list instances?03:12
catbotI listed the instances from dashboard03:12
catbotand I don't want access the resources of others in a same tenant03:14
viddcatbot,  then each user must be thier own tenant03:14
viddwhat dashboard does is show everything your user has access to03:15
catbotI'm afraid that the amount of tenant will be overkill03:16
*** arrsim has quit IRC03:16
*** jj0hns0n has quit IRC03:16
viddcatbot, say for example you have a user that is a member of 2 tenants, in dashboard, that user will see all resources of both tenants03:17
viddbecause that user has access to all resources of both tenants03:18
*** code_franco has quit IRC03:18
*** arrsim has joined #openstack03:19
catbotI remember in cactus, there was another role called 'project' and in diablo, it turned to 'tenant', that's making me confuse03:21
troyavidd: i cannot access my instances via ssh, ping also.whereas i have configure rule to open port 22,what should i do03:22
troyavidd: but when i access it with vncviewer, i can access it.but when ifconfig exeucte, it's appear no IP address03:23
viddcatbot, "project" != "tenant"03:24
*** jj0hns0n has joined #openstack03:24
viddproject is a nova thing, tenant is a keystone thing03:25
viddtroya, you have keystone enabled?03:25
troyano i havent, what's for ?03:25
viddtroya, it was a possible cause of your issue...but if you dont have keystone and dashboard, then the issue is something else03:26
catbotthat's great, vidd03:26
*** jkyle has quit IRC03:27
viddcatbot, i didnt set it up =]03:27
*** janpychou has joined #openstack03:28
*** ejat has joined #openstack03:29
*** ejat has joined #openstack03:29
troyai get error message on nova-network.log like >> FixedIpNotFoundForInstance: Instance 2 has zero fixed ips.03:30
*** obino has joined #openstack03:31
*** jkyle has joined #openstack03:31
*** deshantm_laptop_ has quit IRC03:31
troyavidd: must i  resetting fixed ip and float ip again ?03:31
troyaany suggestion ?03:31
viddtroya,  how are you accessing the vnc?03:34
troyavncviewar [my_ip]:003:35
troyavncviewer *03:35
viddtroya, no idea03:35
*** nouse has quit IRC03:37
*** wariola has quit IRC03:38
janpychouhi all,now,I want to delete a tenant,dose the keystone have an interrelated api?03:40
*** adjohn has quit IRC03:41
viddjanpychou, you have dashboard also?03:44
*** ldlework has quit IRC03:47
viddyou "should" be able to do it through dashboard03:47
janpychoubu the dashboard cannot delete the tenant03:47
*** deshantm_laptop_ has joined #openstack03:48
janpychoua bug exists03:49
viddthere is always the database =]03:49
*** JesperA has quit IRC03:51
troyavidd: how if i want to reconfigure float ip and fixed ip while instance already running ?03:54
*** jakedahn has quit IRC03:55
troyavidd: how if i want to reconfigure float ip and fixed ip while instance already running ?04:00
viddyou dont04:00
*** miclorb_ has quit IRC04:02
troyaif i terminate instances first ?04:02
viddchanging the IPs will not likely fix your issue04:05
troyaso, what should i do ?04:12
viddi told you befor...i dont know04:13
*** shang has quit IRC04:14
*** hadrian has quit IRC04:14
*** ohnoimdead_ has joined #openstack04:16
*** ohnoimdead_ has quit IRC04:16
*** ohnoimdead has quit IRC04:19
*** shang has joined #openstack04:21
*** jakedahn has joined #openstack04:34
*** deshantm_laptop_ has quit IRC04:34
troyavidd:if on my server i running 2 instances or more, how i access each via vnc ?what is port number which used for each  instances ?04:35
viddi only access vnc via dashboard04:36
*** pradeep has joined #openstack04:37
*** jakedahn has quit IRC04:39
*** mdomsch has joined #openstack04:39
*** jkyle has quit IRC04:39
*** egant has joined #openstack04:40
*** dolphm has joined #openstack04:42
*** jakedahn has joined #openstack04:43
*** jakedahn has quit IRC04:44
*** jakedahn has joined #openstack04:47
*** mdomsch has quit IRC04:50
*** clauden has quit IRC04:52
*** pradeep has quit IRC05:02
*** pradeep1 has joined #openstack05:04
*** ben_duyujie has quit IRC05:11
*** clauden has joined #openstack05:11
*** miclorb_ has joined #openstack05:13
*** ejat has quit IRC05:15
*** livemoon has quit IRC05:18
*** dolphm has quit IRC05:18
*** rsampaio has joined #openstack05:19
*** Ryan_Lane has joined #openstack05:21
troyahi Ryan_Lane :)05:24
*** halfss has joined #openstack05:24
halfsshi how to make siwft proxy node HA?05:26
troyaRyan_Lane: i have write some issue on forum, check it out please05:26
Ryan_Lanetroya: sorry. I haven't tried vnc yet05:27
Ryan_LaneI'm actually not providing console access in my environment at all yet.05:27
Ryan_Laneit's kind of low on my priority list :)05:28
*** rsampaio has quit IRC05:28
* Ryan_Lane doesn't need to support windows05:28
troyaok, is generally i have issue on my network, i cannot access instances via ssh, whereas i have configure rule of instances05:28
troyai have allow port 22, icmp too, but i cannot ping and ssh05:29
Ryan_Lanedid you check you nova-network log?05:29
Ryan_Lanedid you ensure the dhcp server is actually handing out the address?05:29
Ryan_Lanedid you make sure that your bridge and the ethernet device bridged with it have the link set as up?05:30
troyayes, i have check it, when i execute nova list instancces appear get ip from dchp05:30
Ryan_Lanetroya: you should check the log for the dhcp server05:31
troyawhere i can get it ?05:31
troyadhcpbirdge do you mean ?05:31
Ryan_LaneI think on ubuntu it would show up in /var/log/syslog or /var/log/daemon.log05:31
Ryan_Lanelikely the same on rhel05:32
troyaplease wait, i must restart my PC05:32
*** troya has quit IRC05:32
*** livemoon has joined #openstack05:35
*** sdake has joined #openstack05:37
*** haji has quit IRC05:38
*** llang629 has joined #openstack05:40
*** miclorb_ has quit IRC05:44
*** CaptTofu has joined #openstack05:45
*** martine_ has quit IRC05:45
*** pgalbraith has joined #openstack05:49
*** CaptTofu has quit IRC05:50
*** troya has joined #openstack05:58
viddtroya, can you ping the instance via private ip?05:59
troyano i can too06:00
*** localhost has quit IRC06:00
troyais it because wrong on my float and fixed ip ?06:00
viddand you do NOT have keystone installed06:00
troyano i have no keystone installed06:00
troyavidd: my controller ip = then my fixed_ip=
uvirtbotNew bug: #893456 in nova "poll rebooting still passes instance id" [Medium,In progress] https://launchpad.net/bugs/89345606:01
troyai have not configure float ip yet06:01
*** localhost has joined #openstack06:01
troyavidd: is because of  different netmask i cannot access instances ?06:02
viddwhat ip address did your instance get?06:03
troyavidd: this is output off nova list command:  http://pastebin.com/p9x7Xhwm06:04
troyainstances get 10.0.0.x06:04
livemoonI am busy in the morning06:05
*** egant has quit IRC06:05
troyahi livemoon, oh.i;m sory pm you06:05
*** cp16net has quit IRC06:05
*** nerens has joined #openstack06:06
viddwhat does euca-describe-instances give you?06:06
troyalivemoon: i still cannot access my instances.whereas it's image from iso06:06
livemooncan you use vnc06:07
*** adjohn has joined #openstack06:07
troyavidd: this is06:07
troyalivemoon: firstly when installation, i can use vnc.but when i running as instances i cannot06:08
viddand you tried to ping
troyalivemoon: i still confuse what number port which sould i use to connecting instances via vnc06:08
troyavidd: yes, but it's unreachable06:09
livemoonvncviewer host_ip :006:09
livemoonvncviewer host_ip :106:09
livemoonfirst instance is 0 ,the second is 106:09
troyavidd: any idea?06:11
*** cp16net has joined #openstack06:11
*** pradeep1 has quit IRC06:11
troyalivemoon: i can access it via vnc with port 1, i don't knw before that port is sequence as instances which runnng06:12
troyalivemoon: why i cannot ping to instances with private ip ?06:13
viddand you have added the "euca-authorize -P icmp -t -1:-1 default" and "euca-authorize -P tcp -p 22 default" ?06:13
*** teatimer has joined #openstack06:13
*** teatimer has left #openstack06:13
troyavidd: yes, i have add it to rule06:13
*** nerens has quit IRC06:14
livemoonlogin instance and see which ip it get06:15
viddwhat network meathod did you choose?06:16
troyallivemoon: when ifconfig, it's appear don't get IP address06:18
troyavidd: i use flat_dchp06:19
viddhow many eth cards?06:19
troyavidd: only one06:19
viddpatebin me the output of ifconfig06:20
troyavidd: this is output of ifconfig on controller  >> http://pastebin.com/WFEVBcfe06:21
viddthis is showing 3 vm's06:23
*** dolphm has joined #openstack06:23
viddbut no br10006:23
troyabut i use: virbr006:23
troyaon nova.conf i use virbr006:23
viddyou cant do that06:24
troyawhy ?06:24
viddbecause virbro is what nova uses to make the networking work06:25
troyacan you explain me more ?06:25
viddthe reason you are having this issue is because you are using virbr0 instead of br10006:25
*** pradeep1 has joined #openstack06:26
troyavidd: can you tell me more about br100 and virbr006:27
*** dachary has joined #openstack06:27
*** ejat has joined #openstack06:27
*** ejat has joined #openstack06:27
viddyes...you either set it up to use [not virbr0] or it does not work06:28
troyaok ok, i will try use br10006:29
troyaplease wait, i will change it06:30
troyavidd: how i modify my network ? must i delete it first ?06:34
viddfix the setting in nova.conf and restart all services06:34
livemoontroya, sorry , today I am busy in work06:37
halfsshi how can i add user to swift?06:40
*** odyi has joined #openstack06:43
*** odyi has joined #openstack06:43
*** koolhead17 has joined #openstack06:45
troyalivemoon: ok livemoon.nextimes :D06:45
*** llang629 has left #openstack06:45
koolhead17hi all06:47
troyahi koolhead06:48
*** chadh has quit IRC06:49
*** chadh has joined #openstack06:49
troyavidd: service be not enable after i restart them06:50
viddwhich service?06:50
troyafirstly for create fixed ip i use parameter --bridge_interface=vibr006:51
troyamust i remove network first?06:51
viddfor flat dhcp?06:51
troyayes, same use vibr006:52
troyamst i remove network first?06:52
*** ejat has quit IRC06:53
viddto create private network on flat dhcp the command is "nova-manage create private [ip_range] 1 [number_of_ips]06:53
viddthe "br100" is assumed06:54
troyayes, but there is error mssage to add --bridge_interface yesterday06:54
vidd--bridge_interface goes in your nova.conf06:56
*** dolphm has quit IRC06:57
*** odyi has quit IRC06:57
*** rocambol1 has joined #openstack06:58
*** odyi has joined #openstack06:58
*** odyi has joined #openstack06:58
*** yeming has joined #openstack07:00
troyavidd: please wait i will restart my komputer07:00
*** troya has quit IRC07:00
*** crescendo has joined #openstack07:02
*** krow has quit IRC07:03
*** nerens has joined #openstack07:05
*** mindpixel has joined #openstack07:09
*** guigui has joined #openstack07:09
*** cmasseraf has quit IRC07:11
uvirtbotNew bug: #893466 in horizon "Quantum should either be fully optional or not optional" [Undecided,New] https://launchpad.net/bugs/89346607:11
*** Ryan_Lane has quit IRC07:12
*** TheOsprey has joined #openstack07:13
*** etarasov has joined #openstack07:14
*** stewart has quit IRC07:16
*** openpercept has joined #openstack07:17
*** ejat has joined #openstack07:18
*** ejat has joined #openstack07:18
*** troya has joined #openstack07:19
*** stevegjacobs has quit IRC07:19
*** clauden has quit IRC07:20
*** ejat has quit IRC07:22
*** ejat has joined #openstack07:23
*** ejat has joined #openstack07:23
troyavidd: all service have works07:25
viddyou good to go now?07:25
troyabut i check on database, select * from networks, bridge_interface still virbr007:25
troyawhereas i have execute : nova-manage db sync07:26
*** stewart has joined #openstack07:29
troyawhat should i do, must i empty table ? and create nova network again ?07:34
troyaor i can modify?07:34
etarasovtroya: try to modify the table07:36
viddit would be faster to remove and rebuild07:36
etarasovhttp://docs.openstack.org/diablo/openstack-compute/admin/content/creating-certifications.html says that the table could be modified07:36
etarasovprevious link is wrong07:37
*** koolhead17 has quit IRC07:43
troyastil use virbr0 when i execute ifconfig07:50
troyai after update tables networks07:50
*** misheska has quit IRC07:50
viddyes virbr0 is used by libvirt07:51
viddcan you ping instances now?07:54
troyawait, i run instances again, i have terminated previously07:56
troyavidd: it's still failed07:57
*** ejat has quit IRC07:57
vidddoes br100 show up in ifconfig now?07:58
troyayes, br100 is show, i pastebin it >> http://pastebin.com/rXccL5PJ07:59
troyai also have ping br10007:59
vidddid you launch 3 instances?07:59
troyabut why instances can't07:59
troyaabout 4 instances before, but now only one instance08:00
viddthere are 3 instances showing in the your ifconfig08:01
troyamaybe it's previously.now only 1 instances running08:01
*** rustam has joined #openstack08:01
viddyou dont understand....that ifconfig you pasted has 3 registered vm's08:02
viddif you do not have 3 instances at the time you did that ifconfig, then your stuff is messed up (nova database is showing instances that are not actually there)08:03
viddthis will mess up your networking08:03
troyaso, what should i do ?08:04
viddterminate all currently running instances....08:04
*** miclorb_ has joined #openstack08:04
troyai have terminatel all of it,08:05
troyaonly one which runnign now08:05
viddthen edit your nova database manually to kill all active instaces08:05
troyawhat table which i must modify ?08:06
troyayes, i get it.table instnaces08:06
*** pradeep1 has quit IRC08:06
*** lzyeval has quit IRC08:07
troyait have many reference id08:07
viddyou have all the instances terminated?08:08
troyayes, i have terminated all, only one which running08:08
viddterminate the one that is running08:09
*** rustam has quit IRC08:09
viddALL of them08:09
*** dobber has joined #openstack08:09
troyaplease wait vidd, i go out for few times08:09
viddi want to go to bed08:09
viddits after 3 am here08:10
troyaok, see you later vidd08:10
viddare all the instances terminated?08:10
*** cp16net has quit IRC08:11
*** GheAway is now known as GheRivero08:13
viddtroya you there?08:15
livemoongood night08:20
viddyes livemoon08:20
*** javiF has joined #openstack08:20
*** Razique has joined #openstack08:20
*** thickskin has left #openstack08:21
*** rocambol1 has quit IRC08:21
*** reidrac has joined #openstack08:23
*** pradeep has joined #openstack08:24
*** rocambol1 has joined #openstack08:25
*** koolhead17 has joined #openstack08:26
*** rocambol1 has quit IRC08:30
troyavidd: i'm sory. i have go out few times ago08:31
troyavidd: i have terminated all08:32
winston-dRazique : hey, i root-caused and fix the issue found yesterday08:32
Raziquewinston-d: hey08:32
Raziquesorry not to have been that available yesterday :/08:32
Raziquetell me08:32
Raziquehey troya :)08:32
vidddelete all rows troya08:32
troyahi razique08:33
troyavidd: now if config output  >> http://pastebin.com/8va9k2r508:33
troyait's do you mean ?08:33
winston-dRazique : it was caused by wrong 'host' in nova.networks table.  i put ip address in it, but network actually listened on 'network.HOSTNAME' topic08:34
Raziqueoh yah08:34
Raziquenova don't deals with IP appart from the networks08:34
viddtroya, yes...now start an instance08:34
Raziqueon an "admin" plan it deals with host08:34
winston-dRazique : now the instance can boot, but DHCP seems not working.08:35
winston-dRazique : any hint to debug?08:35
Raziquewinston-d: yup 1: check the dnsmasq process08:35
Razique2- is /var/lib/nova/networks/brXXX.conf empty ?08:35
Razique3- check var/log/syslog for dhcp leases08:36
winston-dRazique: yesh, dnsmasq process is there08:36
Raziqueok point 2 ?08:36
troyavidd: after i run instances, when i execute ifconfig output be : http://pastebin.com/kcDypHn308:37
troyathere are more vnet again08:37
winston-dpoint 2, not empty08:38
troyavidd: how about it ?08:39
Raziquecan I see the file and the "euca-describe-instances" output ?08:39
*** adjohn has quit IRC08:41
viddtroya how many instances are showing in nova database?08:41
troyai have not delete rows on tables instances, because it;s have many reference to other tables08:42
*** foexle has joined #openstack08:42
viddtroya, can you ping fe80::fc16:3eff:fe3008:44
*** rocambol1 has joined #openstack08:45
troyavidd: how i can ping it, it's not show their ip address08:45
viddthe ipv6  address listed in ifconfig08:46
*** irahgel has joined #openstack08:46
troyawhich where ?08:46
livemoonvidd: haven't you go to bed?08:47
troyai have try to access my new instances with vncviewer.but eth0 of instances not showing ip address when i execute ifconfig08:47
troyalivemoon: he doesn't go to bed for me... hihihihi08:48
*** jedi4ever has joined #openstack08:48
*** dysinger has joined #openstack08:48
troyalivemoon, may be yo can help me to solve my problem ?08:49
troyaare you still bussy?08:49
troyarazique: may be you can help me to solve my problem, its about instances which don't get IP address from dhcp, but on nova list instance get it08:50
troyaRazique: may be you can help me to solve my problem, its about instances which don't get IP address from dhcp, but on nova list instance get it08:50
livemoontroya: yes, swift made me crazy08:51
*** mnour has joined #openstack08:51
*** kaigan_ has joined #openstack08:51
*** vdo has joined #openstack08:51
livemoontroya, in your instance ,can you use "dhclient" command08:52
livemoonuse dhclient to get ip08:52
troyano i cannot08:52
livemooncannot get ip from dhcp server?08:53
*** nacx has joined #openstack08:53
viddtroya, wait....are you saying that the instance does not show the ip address INSIDE the instance?08:53
livemoonwhat is your instance's os?08:53
livemoonvidd, I think the instance cannot get ip08:53
livemoonlook at your nova-compute and nova-network log08:53
livemoonto find some error in it08:54
troyalivemoon: i use ubuntu 11.04, but it's not tarball. it's i made it yesterday08:54
winston-dlivemoon : same problem here08:54
troyai make it from .iso08:54
troyavidd: yes, it don't show ip address on ifconfig08:54
viddits not going to08:55
livemoonhave you done "sudo rm -rf /etc/udev/rules.d/70-persistent-net.rules" in your image?08:55
troyasure vidd08:55
troyalivemoon: what is it for ?08:55
livemoonin your instances ,is eht0 or eth1?08:55
troyalivemoon: eth008:56
viddcan you ping the ip address that euca gives it?08:56
troyavidd: no, i cannot ping it08:56
viddsounds like either your nova config file is still off or your nova database is off or both09:00
viddcan you paste me your nova.conf [blankout the mysql password]09:00
troyaoke, ths is http://pastebin.com/6XTVjut309:02
troyahow about it vidd?09:03
*** pradeep has quit IRC09:03
viddtroya, my network section: http://dpaste.com/660138/09:06
*** javiF has quit IRC09:07
uvirtbotNew bug: #893494 in nova "20 VM startup using new snapshot = general error mounting filesystems" [Undecided,New] https://launchpad.net/bugs/89349409:17
*** ejat has joined #openstack09:18
*** ejat has joined #openstack09:18
*** pradeep1 has joined #openstack09:18
*** rustam has joined #openstack09:22
viddtroya, i hope that helps...im off to bed09:23
viddfor real this time =]09:23
*** vidd is now known as vidd-away09:23
*** silenti has joined #openstack09:24
*** pixelbeat has joined #openstack09:26
silentican't find anywhere in the documentation, can I have more instances of nova-volume per cloud controller? Or maybe there is another way to scale for I/O?09:27
*** littleidea has joined #openstack09:29
*** tungvs has joined #openstack09:31
tungvsI'm trying to setup openstack in an all-in-one model. I've managed to get the image (ubuntu-local-user, which is noted in the openstack document) bootup. But the error "DataSourceEc2.py[WARNING]: waiting for metadata service at" comes up. Dont know what to do next. Any ideas, guys ?09:33
tungvsbtw, iptables is set:    -A PREROUTING -d -p tcp -m tcp --dport 80 -j DNAT --to-destination
*** zz_bonzay is now known as bonzay09:35
*** openpercept has quit IRC09:36
*** darraghb has joined #openstack09:36
*** tungvs has quit IRC09:38
*** ejat has quit IRC09:40
*** javiF has joined #openstack09:41
etarasovis there full list of nova.conf flags with possible values?09:46
*** dirkx_ has joined #openstack09:46
silentietarasov: yes, "nova-compute --help"09:50
*** ejat has joined #openstack09:51
*** ejat has joined #openstack09:51
foexleit's possible to user security groups without vlan mode ?09:53
*** junaid has joined #openstack09:58
*** ccc1 has quit IRC09:58
*** livemoon has left #openstack09:59
*** nid0 has quit IRC09:59
halfssis there anybody know how to look che capacity of swift?10:04
etarasovare volumes for instances kept in /var/lib/nova/instances/ or in lvm logical volume?10:04
*** nid0 has joined #openstack10:04
reidrachalfss: capacity? do you mean free disk space?10:07
reidrachalfss: get devices free disk space after mkfs and divide it by the number of replicas, and you'll get a good approximation :)10:08
foexleetarasov: volumes = lv10:08
*** Razique has quit IRC10:09
*** Razique has joined #openstack10:09
*** troya has quit IRC10:11
etarasovfoexle: then why it's necessary to mount nfs to /var/lib/nova/instances to perform live migration?10:19
*** morfeas has quit IRC10:19
HugoKuo__halfss , kuras atkisc 是你同事嗎10:19
koolhead17HugoKuo__, pass :D10:19
HugoKuo__koolhead17 , bonjour10:20
koolhead17HugoKuo__,  namaste10:20
koolhead17Razique, around?10:20
foexlein /var/lib/nova/instances will save running instance images10:22
HugoKuo__koolhead17 , did you produce any doc on openstack-manuals10:22
foexleetarasov: so this images are generated if you are run an instance10:23
koolhead17HugoKuo__, am working on it. i need to sit and commit10:23
foexlehi koolhead17 :)10:23
HugoKuo__got it10:23
koolhead17foexle, howdy. :D10:23
*** dachary has quit IRC10:23
koolhead17HugoKuo__,  but whatever bug i found in docs i have commented there along with solution and mentioning doc will soon be updated. :D10:24
koolhead17HugoKuo__,  your using python-novaclient from oneiric repo right?10:24
*** chadh has quit IRC10:24
*** lmh has quit IRC10:25
*** Lumiere has quit IRC10:25
HugoKuo__koolhead17 , nope from latest code10:25
koolhead17and did you tried it from repo by any chance?10:25
*** chadh has joined #openstack10:26
*** lmh has joined #openstack10:26
*** Lumiere has joined #openstack10:27
HugoKuo__koolhead , maybe long time ago ....10:27
koolhead17HugoKuo__, also just saw a question > Would it be possible to use git tags to mark released version?10:27
koolhead17It seems to me that python-novaclient has no tag10:27
HugoKuo__any problems with the repos python-novaclient ?10:27
koolhead17HugoKuo__, i am planning to try it today10:27
HugoKuo__I'm not such expert with this issue :<10:28
HugoKuo__there's a discussion on mailing list10:28
HugoKuo__related to your question10:28
koolhead17HugoKuo__, thats what i said :D10:28
*** troya has joined #openstack10:33
troyahi all10:34
*** ejat has quit IRC10:35
etarasovfoexle: thanks10:38
etarasovso, volume storage should be updated then instance is stopped10:39
foexleif instance terminated10:41
*** mcclurmc has quit IRC10:42
*** mcclurmc has joined #openstack10:42
etarasovso I'm confused about volume/image concept10:43
*** dirkx_ has quit IRC10:45
etarasovcan cloud instances be run without nova-volume service?10:45
foexleyes, you dont neet to attach an iscsi volume10:45
foexlebut an instance should be stateless in a cloud10:45
etarasovwhy iscsi/sheepdog is needed?10:46
etarasovto save instance state after termination?10:46
foexleno not instance state10:46
foexleyou files10:46
foexlepersistent sstorage10:46
foexlelike ebs in ec210:46
etarasovI've set --network-manager=nova.network.manager.FlatManager in /etc/nova/nova.conf, but  nova-manage config list | grep network.manager gives --network_manager=nova.network.manager.VlanManager10:50
etarasovwhat can be wrong?10:50
Raziqueback :d10:51
Raziquetroya: still here ?10:51
foexlehave you reastart all your services?10:51
foexleRazique: hey Razique :)10:51
etarasovalready get it, thanks =)10:51
etarasov--network-manager  vs   --network_manager10:51
*** TheOsprey has quit IRC10:52
*** Razique has quit IRC10:56
*** javiF has quit IRC10:59
*** Razique has joined #openstack11:01
troyarazique:i'm sory i will go out now, may be next time11:03
*** troya has quit IRC11:03
*** dirkx_ has joined #openstack11:05
*** silenti has quit IRC11:07
*** ahasenack has joined #openstack11:08
foexleRazique: if i map a public ip to an instance, how can i use this ip ? so network device in each vm11:08
foexleRazique: or only a alias to lo:0 ?11:09
Raziquethe nova-network does a nat public ip (floating ip)  -> private ip (local ip)11:09
foexleyeah i know11:09
Raziquethe instance eth is configured as DHCP, nova-network serves the IP addr.11:09
*** dachary has joined #openstack11:10
foexleok but how i can tell a service to bind to this public ip ... like apache vhost?11:10
foexleor should this bin to local ip ?11:10
Raziquefoexle: you can bin to local ip =)11:10
foexleah great11:10
Raziquethe only reason you would need multiple IP is if you use SSL11:10
Raziquein that case, you would use the multi nic feature11:11
foexlewhy ? .... not for https11:11
*** nkrinner has joined #openstack11:11
Raziquebecause when u configure Apache it require one IP per SSL configuration11:13
Razique(until the GNUtls implementation)11:13
foexleRazique: nope :D .... not since 1 year11:13
foexleyou can easy use NamevirtualHost xxx.xxx.xx.xx:44311:13
Raziquewhich version of apache implements the multiple SSL per IP ?11:13
*** yeming has quit IRC11:14
foexlei'm looking11:15
*** kaigan_ has quit IRC11:15
*** TheOsprey has joined #openstack11:16
foexlecant find the version -.-11:17
foexleApache 2.2.1211:18
foexleOpenSSL 0.9.8g11:18
foexlebut IE6 can't handle this i think11:18
*** GheRivero has quit IRC11:19
*** miclorb_ has quit IRC11:21
*** littleidea has quit IRC11:22
*** jedi4ever has quit IRC11:22
*** rods has joined #openstack11:26
*** kaigan_ has joined #openstack11:28
*** PotHix has joined #openstack11:29
*** miclorb_ has joined #openstack11:30
*** GheRivero has joined #openstack11:32
*** miclorb_ has quit IRC11:34
Raziquefoexle: good to know :)11:34
Raziquei'll eat, be back later11:35
Raziquewe wisited a new datacenter this morninng for our second cloud11:35
Raziqueand create zones between the two OPS clouds11:35
*** livemoon has joined #openstack11:37
*** javiF has joined #openstack11:46
*** redconnection has quit IRC11:51
*** redconnection has joined #openstack11:51
*** Razique_ has joined #openstack11:54
koolhead17Razique, :)11:54
*** redconnection has quit IRC11:55
*** Razique has quit IRC11:55
*** Razique_ is now known as Razique11:55
*** mgoldmann has joined #openstack11:57
*** dirkx_ has quit IRC11:59
*** jedi4ever has joined #openstack12:05
*** pradeep1 has quit IRC12:05
*** javiF has quit IRC12:07
*** nkrinner has left #openstack12:10
foexleRazique: if i have a instance with and the next one with in the same project, build nova automaticly a correct route ?12:12
*** dirkx_ has joined #openstack12:13
etarasovit seems that storing qcow2 images in glance causes long startup time for instances12:14
etarasovthere is a qemu-img convert process =\12:15
*** agosse has joined #openstack12:15
agossei'm trying to deploy openstack, following the diablo starger guide12:16
*** littleidea has joined #openstack12:17
agossei'm running into a problem where there's a hard coded pathname in python27/dist.packages/swift/obj/auditor.py +3912:17
agosseit's invoking conf.get('devices', '/srv/node');12:18
agosse/srv/node doesn't exist, and the diablo starter guide doesn't tell me to create it12:18
*** [1]halfss has joined #openstack12:19
*** halfss has quit IRC12:19
*** [1]halfss is now known as halfss12:19
agossei think that's what the root of my problem is (which is that the swift API is returning 500 internal server error)12:20
*** osier has quit IRC12:21
*** redconnection has joined #openstack12:21
*** halfss has quit IRC12:21
*** halfss has joined #openstack12:22
*** javiF has joined #openstack12:22
*** dysinger has quit IRC12:22
*** halfss has quit IRC12:25
*** dirkx_ has quit IRC12:33
*** Razique_ has joined #openstack12:33
*** nerdstein has joined #openstack12:33
*** Razique has quit IRC12:34
*** Razique_ is now known as Razique12:34
*** dysinger has joined #openstack12:34
*** cereal_bars has joined #openstack12:36
*** zul has quit IRC12:37
*** jedi4ever has quit IRC12:38
*** jedi4ever has joined #openstack12:38
*** zul has joined #openstack12:38
*** jedi4ever has quit IRC12:43
*** jedi4ever has joined #openstack12:43
*** bsza has joined #openstack12:43
*** Razique has quit IRC12:45
*** littleidea has quit IRC12:45
*** littleidea has joined #openstack12:45
*** dysinger1 has joined #openstack12:46
*** littleidea has quit IRC12:46
*** littleidea has joined #openstack12:46
*** PeteDaGuru has joined #openstack12:47
*** dysinger has quit IRC12:49
chmouelthis is probably a documentation bug then that would be good to filled12:50
*** hadrian has joined #openstack12:51
*** tokge011 has joined #openstack12:51
*** bergerx has joined #openstack12:55
*** martine has joined #openstack12:56
*** zul has quit IRC12:57
*** zul has joined #openstack12:58
*** Razique has joined #openstack13:01
kodapaanyone got dashboard running on ubuntu 11.10?13:02
Raziquefoexle: back13:02
Raziqueyup nova builds a route per network13:02
kodapadiablo and dashboard from git13:02
Raziquethus per tenanty13:02
Raziquetenant *13:02
*** jeremy has quit IRC13:02
koolhead17kodapa, i was not able to until yesterday13:02
kodapaI'm just getting Error: Unable to get service info: This error may be caused by a misconfigured Nova url in keystone's service catalog, or by missing openstackx extensions in Nova. See the Horizon README.13:02
kodapakoolhead17: yeah, I got it running, but it stopped working after a apt-get update13:02
kodapaNo idea why (actually no idea why it worked before either :D)13:03
kodapadashboard is magic13:03
kodapawhen it works, be happy13:03
koolhead17kodapa, you used ubuntu repo for dashboard13:03
koolhead17Razique, sir13:03
kodapakoolhead17: no, nova-compute etc13:03
Raziquehey koolhead1713:03
kodapakoolhead17: dashboard is from git13:03
foexleRazique: ah ok ...thats great :D ...13:03
koolhead17kodapa, i am trying to do the same but till yesterday due to missing egg bug i was not able to use /install dashboard13:04
koolhead17i have keystone and openstack running along side :D13:04
kodapakoolhead17: i can login to dashboard and see stuff, I can see volumes and images13:05
kodapakoolhead17: and configure tenants and users13:05
*** GheRivero is now known as GheAway13:05
kodapakoolhead17: but I'm getting blablabla openstackx missing13:05
*** nerens has quit IRC13:05
*** jeremy has joined #openstack13:05
foexleRazique: so if i have an instance with ip and an other one in the same project with ip on an other compute node its no problem ?!13:05
*** jeremy has quit IRC13:05
*** jeremy has joined #openstack13:05
koolhead17kodapa, https://bugs.launchpad.net/horizon/+bug/88838513:05
kodapakoolhead17: and No route matched for GET /1/admin/services in nova-api.log13:05
*** pfibiger_ has joined #openstack13:06
Raziquefoexle: not at all13:06
kodapakoolhead17: hmmm13:06
koolhead17kodapa, so am still waiting there. :)13:06
Raziquein fact when u create a network per tenant you specify it generally for 254 hosts13:06
kodapakoolhead17: I could install venv13:07
*** willaerk has joined #openstack13:07
foexleRazique: yes but if i have more then 254 vms in this tenant ?13:07
*** perestre1ka has quit IRC13:07
koolhead17kodapa, haha. not in current situation 4 me13:07
Raziquefoexle: in u plan to have more, then don't go for a /2413:07
*** pfibiger_ has quit IRC13:08
foexlei go for /8 atm .... but only for tests13:08
Raziquethat would require the database to be populated with all adresses within that range13:08
*** catintheroof has joined #openstack13:08
foexlei know :> .... yeah it was only for tests13:09
koolhead17Razique, will you be here 5-6 hr from now :d13:10
Raziqueyup i'll be there @ work13:10
kodapakoolhead17: :/13:10
Raziquekoolhead17: it's no pb13:10
Raziquei'll be avialable13:10
*** littleidea has quit IRC13:11
koolhead17Razique, awesome, i will reach home that time. i see 5-6 minor edits in documentation and i want to get done with it tonight13:11
kodapakoolhead17: just cleaned out my env and reinstalled, no fail13:11
koolhead17am also thinking to join the openstack-meeting tonight. although it will be 2.30 am for me13:11
koolhead17kodapa, lemme try again13:11
koolhead17kodapa, did you used tag for diablo while u got the code from github?13:15
*** perestrelka has joined #openstack13:18
*** livemoon has quit IRC13:23
kodapakoolhead17: no13:25
kodapakoolhead17: just git clone https://github.com/openstack/horizon.git13:25
koolhead17kodapa, your supposed to do that i been told because the above clone will get you dashboard 4 essex13:26
kodapakoolhead17: why not use openstack-dashboard from ubuntu repos?13:27
koolhead17kodapa, it takes some time to package/modify changes out of continuously evolving project like dashboard, thats why13:29
kodapakoolhead17: but nova-compute, nova-volume etc from repo is fine?13:33
koolhead17kodapa, indeed because its stable AFAIK :)13:34
kodapaHopefully ;P13:34
foexlekodapa: more or less ;)13:34
koolhead17foexle, +113:35
kodapakoolhead17: Command 'egg' not found13:35
koolhead17 kodapa so the bug still exists. :(13:35
kodapain branch stable/diablo yes13:36
kodapabut bug does not exist in master :S13:36
koolhead17kodapa, wa00 now that is news. :P13:37
*** swill has quit IRC13:37
kodapakoolhead17: Well I could install venv with master13:37
*** kerouac has joined #openstack13:37
kerouaci have no swauth* commands installed, just man pages13:38
kerouachow do i add swift users?13:38
koolhead17kodapa, so i can install dash without any issue via master13:39
kodapakoolhead17: yes13:39
* koolhead17 waiting for the installation :D13:39
kodapakoolhead17: I got dashboard running yesterday13:39
*** lts has joined #openstack13:39
kodapakoolhead17: but the nova parts stopped working after a update for nova-compute13:40
*** dirakx1 has joined #openstack13:40
koolhead17kodapa, i am assuming that because ur using essex at dash :P13:40
*** martine has quit IRC13:41
*** martine has joined #openstack13:41
stevegjacobs_I have a networking issue13:45
stevegjacobs_I have assigned a public ip address to a particular instance  - like 78.xxx.xxx.50.13:47
stevegjacobs_I can ping and ssh to it13:48
*** lzyeval has joined #openstack13:48
stevegjacobs_but I am installing a non-open source application that wants to bind to that ip address for licensing purposes13:49
stevegjacobs_and ipconfig on the server only reveals 192.168.x.xxx - the internal address13:50
*** lucrecius has joined #openstack13:52
stevegjacobs_Is there anyway to get the external ip address to work this way?13:52
stevegjacobs_wget --bind-address=78.xxx.xxx.50 http://www.paidforapp.com13:54
dysinger1the "openstack starter guide" has 2 static interfaces ( and but then in the nova.conf examples it adds a third with "--fixed_range="13:56
dysinger1can anyone explain the for us ?13:56
dysinger1(I'm on nova-core/trunk)13:56
uvirtbotNew bug: #893578 in nova "VM Stays in rebuild state forever" [Undecided,New] https://launchpad.net/bugs/89357813:56
uvirtbotNew bug: #893580 in nova "VM goes to "Build timeout" state if the instance is rebuilded with an image in state "queue"" [Undecided,New] https://launchpad.net/bugs/89358013:56
*** dprince has joined #openstack13:59
*** sloop has quit IRC13:59
*** nerdstein has quit IRC13:59
foexle               vlan: 10014:00
foexleups :D14:00
foexlevlan: 100 in the nova database are the vlan id right ? so its tagged with 100 ?14:01
*** ldlework has joined #openstack14:02
uvirtbotNew bug: #893582 in nova "Terminating VM while the VM state is build fails to terminate the VM and VM stays in build state forever and its not possible to terminate the vm after" [Undecided,New] https://launchpad.net/bugs/89358214:02
*** livemoon has joined #openstack14:03
*** osier has joined #openstack14:03
*** nerens has joined #openstack14:03
*** popux has joined #openstack14:04
*** lorin1 has joined #openstack14:06
lucreciushas anyone had success in running Quantum with the devstack deployment script running in VM?14:07
lucreciusposted a question to Quantum Launchpad page here https://answers.launchpad.net/quantum/+question/17962014:07
uvirtbotNew bug: #893583 in nova "While taking a snapshot deleting the instance makes the snapshot in queue state forever " [Undecided,New] https://launchpad.net/bugs/89358314:08
uvirtbotNew bug: #893586 in nova "snapshot from a vm in build state stays in queue state forever and instance goes to several intermediate states like ERROR and SHUTOFF state" [Undecided,New] https://launchpad.net/bugs/89358614:08
uvirtbotNew bug: #893587 in nova "rebuild instance from a snapshot which is in saving state fails to come to active state" [Undecided,New] https://launchpad.net/bugs/89358714:08
*** chemikadze has joined #openstack14:10
*** lts has quit IRC14:11
*** dirkx_ has joined #openstack14:12
*** livemoon1 has joined #openstack14:12
*** sloop has joined #openstack14:12
uvirtbotNew bug: #893579 in nova "Snapshot from Terminating VM stuck in saving state" [Undecided,New] https://launchpad.net/bugs/89357914:13
*** alekibango has quit IRC14:14
*** alekibango has joined #openstack14:14
*** livemoon has quit IRC14:16
*** swill has joined #openstack14:17
*** lorin1 has quit IRC14:18
*** livemoon1 has left #openstack14:18
*** lorin1 has joined #openstack14:18
*** lorin1 has joined #openstack14:19
*** pradeep has joined #openstack14:20
kerouacswauth-* andf freinds14:21
kerouacare tehy depracated?14:21
kerouacanyone ? beuller?14:21
*** junaid has quit IRC14:22
notmynamekerouac: swauth is not part of swift itself anymore. it's been moved to a separate project https://github.com/gholt/swauth14:23
*** mattray has joined #openstack14:24
kerouacdo i use the proxy now instead?14:24
notmynametempauth is now included in swift14:24
kerouaci'm reading the tempauth docs14:24
kerouacthought it was just 'temporary' until i set up swauth14:24
kerouacok, that makes more sense14:25
notmynametempauth has the same basic features as swauth, but it is much simpler and useful for limited poc or dev work14:25
kerouaci can just add the users to teh proxy conf file?14:25
notmynameya, it is "temporary" until you use a prod auth system14:25
*** lts has joined #openstack14:25
notmynameyes. tempauth is entirely configured in the proxy config14:25
kerouacnotmyname: Dude. Thank you.14:25
foexleits any one a doc how to use swift with keystone with curl commands ? i mean use ! not configure no admin guide ;)14:26
notmynamefoexle: there is nothing special about keystone vs swauth vs anything else when using curl. the process is all the same (roughly)14:27
notmynamefoexle: use curl to make the auth request to keystone14:27
notmynamefoexle: parse out the auth token from the response body14:27
notmynamefoexle: use that auth token as the value for the x-auth-token header for all commands you send to swift14:27
foexlenotmyname: so the first step, auth with username and pw against keystone and then to swift directly ?14:28
*** abecc has joined #openstack14:28
notmynamefoexle: auth to keystone with username/pw. use the resulting auth token for swift14:28
foexleand swift looks in the keystone db for this token ?14:28
foexleso swift dont have this user if i create a user in keystone14:29
*** hggdh has quit IRC14:30
notmynamefoexle: swift users and keystone users are differnet (actually, swift doesn't really have "users")14:31
notmynamefoexle: and yes, swift confirms that the token is valid for the request with keystone (using the keystone-provided middleware in the proxy server)14:32
foexlenotmyname: ok and with the opetion allow_account_management = true14:32
foexlei can use users14:32
foexlein swift right ?14:33
*** gnu111 has joined #openstack14:33
foexleif they are in keystone14:33
notmynamefoexle: that option allows accounts to be created/deleted. you wouldn't want that on a public proxy. set up a private one that your provisioning service can call14:33
notmynamefoexle: if it helps, the swift "account" is called a "tenant id" in the keystone world14:34
foexleah ok14:35
foexlei see ...14:35
swillnotmyname: have you had any trouble getting the non-admin account to work with swift_auth?14:35
*** hggdh has joined #openstack14:36
notmynameswill: swift_auth?14:37
*** tryggvil_ has quit IRC14:37
swillnotmyname: for some reason my admin account works prefectly, but all others dont.  curl works for everything, but swift_auth is bombing in the '_keystone_validate_token' function for non admin accounts.  yes.  swiftauth (part of keystone).14:37
notmynameah ok14:37
notmynamethat sounds like something you should troubleshoot with the keystone devs. if I were having that problem, I'd ask chmouel first14:38
* notmyname doesn't use keystone normally14:38
swillnotmyname: i got the admin account working according to your tips, but i still have not gotten everything else working.  i thought you had a test account setup, so i figured i would check if you had run into the same problem.14:38
swillok no worries.  :)14:39
*** andrewbogott has joined #openstack14:40
*** dubsquared has joined #openstack14:41
*** misheska has joined #openstack14:41
*** misheska has quit IRC14:41
*** gnu111 has quit IRC14:43
*** javiF has quit IRC14:44
*** willaerk has quit IRC14:46
*** AlanClark has joined #openstack14:46
*** afm has joined #openstack14:47
zul10 minutes before the ec2 api team meeting14:50
*** osier has quit IRC14:54
*** nRy has quit IRC14:55
*** DW-10297 has joined #openstack14:56
DW-10297Is there a installable openstack single server 'getting started' distro anywhere that one who is interested can mess with, or is it install ubuntu and apt-get install openstack* ?14:57
DW-10297zul: was that to me?14:59
DW-10297So yes to both or ...15:00
koolhead17Razique, around? did you put some documentation how api-paste.ini < middleware> nova works with keystone?15:02
kodapa(nova.api): TRACE: AttributeError: Values instance has no attribute 'keystone_ec1_url' in nova-api.log15:04
kodapaanyone seen that?15:04
lucreciusDW-10297: have you tried devstack.org?15:06
*** dolphm has joined #openstack15:06
*** nerdstein has joined #openstack15:08
*** lzyeval has quit IRC15:10
*** lzyeval has joined #openstack15:10
agossecan someone tell me what conf.get('blah', '/srv/nodes') is used for?15:15
chmouelagosse: where?15:16
*** lzyeval has quit IRC15:16
*** imsplitbit has joined #openstack15:16
agossein python27/dist.packages/swift/obj/auditor.py15:16
agossemy swift api is giving me 500s15:16
*** dirkx_ has quit IRC15:17
chmouelit has been removed in 1.4.3 as it's not there15:17
agosseand the only errors that i can see by tracing the swift-init rest start command is it trying to open /srv/nodes where /srv/nodes doesn't exist15:17
*** CaptTofu has joined #openstack15:17
agossethis is an install i just started doing this week following the starter guide15:17
chmouelwell it def needs to be created15:18
agosseweirdly, when i set it up on a different box last week it worked perfectly15:18
chmouelwhere is the starter guide?15:18
chmouelprbably need to be added there15:18
agosse1 sec..15:18
chmouelswill: can you recap me your problem with swift+keystone?15:19
DW-10297Is openstack able to efficiently use shared storage yet? I know awhile back someone said it would be coming in diablo15:19
swillchmouel: yep.  i will put together some pastebins15:19
*** dolphm is now known as dolph_15:20
swillchmouel: basically, i have swiftauth working for for my admin account, but every other account fails.  i have narrowed down the issue to the '_keystone_validate_token' function15:20
chmouelagosse: i can't find the install part in there15:20
agossefor swift?15:20
chmouelswill: humm.. i just fixed that function this morning 8-)15:21
chmouelagosse: yes15:21
*** dolph_ is now known as dolphm15:21
swillchmouel: specifically the conn = http_connect(...) fucntion15:21
swillchmouel: oh...  ok15:21
chmouelswill: yep i think it's the same prob15:21
swillchmouel: is the newest code in the github repo?15:21
chmouelswill: can you try to test with https://review.openstack.org/#change,1717 ?15:21
chmouelswill: someone from keystone team need to merge it first15:22
swillchmouel: ok, i will test it now.15:22
chmouelswill: cheers that would be big help, you can install the catch_errors middleware in swift to catch the exception and that would make things easier fro debugging15:22
*** pgalbraith has quit IRC15:22
dolphmchmouel: swill: we were waiting on feedback from someone from swift before merging15:22
*** deshantm_laptop has joined #openstack15:23
notmynamedolphm: oh ya. ziad sent me an email. let me take a look at that15:23
*** javiF has joined #openstack15:23
swillchmouel: dolphm: I will get testing it now.15:23
notmyname(I was traveling all last week)15:23
chmouelagosse: well there is not much in there you you prob want to follow the http://swift.openstack.org/development_saio.html for your testing at first15:24
agossechmouel: ta, an opportunity for improvement on the starter guide then?15:26
chmouelagosse: yep feel free to get in touch annegentle if you want to help with this15:26
chmouelwith annegentle i mean15:27
swillchmouel: does it matter where catch_errors is installed in the pipeline?15:27
notmynamedolphm: what feedback specifically are you looking for from the swift side of things?15:27
swillchmouel: i can just put catch_errors first in the pipeline and it should be good?15:28
chmouelchmouel: not sure where exactly but something like this would work https://review.openstack.org/#patch,unified,1845,1,files/swift/proxy-server.conf15:28
chmouelswill: &&15:28
notmynameswill: chmouel: catch_errors in swift should be the first in the pipeline. it's designed to ensure that no tracebacks go to the client. it actually could hide some info potentially. for debugging, you may want to run without it15:29
notmynamecatch_errors also ensures that the transaction id for the request is set properly15:29
swillnotmyname: hang on.  so should i be using catch_errors or not for debugging?15:30
chmouelwell the exceptions are not coming to the logs without it15:30
swillchmouel: ya, i noticed that too15:30
*** rocambol1 has quit IRC15:30
notmynameswill: I'd start with not using it15:31
swillnotmyname: ok, i will try with both and see what it changes.15:31
dolphmnotmyname: i guess 206-210 -- it looks risky to me15:32
notmynamechmouel: catch_errors is a basic global try/accept. it shouldn't affect the existence of a tranceback one way or the other. just what happens if there is an uncaught exception15:32
*** dirakx1 has quit IRC15:33
chmouelnotmyname: i guess this is a bug then, as without it I don't see the exceptions15:34
notmynamechmouel: perhaps, but I may be confused too15:34
swilli can confirm that I do not see the exceptions (and I was not using it).15:34
*** dillon-w has joined #openstack15:34
notmynameso an exception is raise and you only see the traceback if catch_errors is in the pipeline? where do you see the traceback?15:35
swillnotmyname: i just add catch_errors and now I am getting errors in the proxy.error file (before i never got any errors in that file).15:35
chmouelyep same thing as swill15:35
dillon-wRazique : hi there15:35
swillthis is going to help.  :)15:36
notmynamewhat's the exception?15:36
chmouelnotmyname: was something coming from the swift+keystone middleware not on swift directly15:38
swillchmouel: give me a couple minutes to get the test going.  i am doing a quick uninstall and reinstall of my setup to get a clean setup cause I have been fiddling.15:39
swilli have it all setup in chef, so it will only take a minute.15:39
agossechmouel: looking at the link you sent me, I can't find /srv/node in the page.  all the docs reference /srv/[1-4]/node15:40
agossewhich is consistent with the starter15:41
chmouelagosse: this is because the swift all in one is to allow to have 4 replicas/nodes on the same host15:41
dillon-wRazique : around?15:41
*** PiotrSikora has quit IRC15:41
agossechmouel: starter guide does this now too15:42
chmouelagosse: humm i'll need to read over the starter guide more deeply to see what's has been documented wrongly there15:43
*** PiotrSikora has joined #openstack15:43
*** tryggvil has joined #openstack15:47
chmoueldolphm: I was trying to explain to notmyname by direct message that on the middleware we define the admin of an account/tenant by convention15:49
*** code_franco has joined #openstack15:49
*** vladimir3p has joined #openstack15:50
kodapaomfg pypi is down :(15:50
dolphmchmouel: you mean after your change, correct?15:51
chmoueldolphm: yeah15:51
chmoueldolphm: I was doing on a group before (Admin)15:52
swillchmouel: well the patch applied cleanly.  ;)  testing now.15:52
dolphmchmouel: my only concern is that it could be a dangerous convention to imply admin rights, so I just want to make sure everyone understands the implications :)15:52
*** dragondm has joined #openstack15:53
chmoueldolphm: yep this is definitively need to be documented, I would not mind this to be off by default, but I would assume this is what the user would expect for swift15:53
chmouelat least coming from RAX cloudfiles15:54
*** dragondm has quit IRC15:54
*** dragondm has joined #openstack15:55
dolphmchmouel: i can see it being intuitive, but just because I have a user named 'john' and a tenant named 'john', that doesn't guarantee they're related, much less the same entity... unless *everyone* using swift expects that to be the behavior15:56
*** cp16net has joined #openstack15:56
*** lionel has quit IRC15:57
*** dragondm_ has joined #openstack15:57
*** lucrecius has quit IRC15:57
*** lionel has joined #openstack15:58
*** dragondm_ has left #openstack15:58
*** po has joined #openstack15:58
chmoueldolphm: ok... so how do I think I should implement the ownership of an account? By a Group?15:58
kodapaERROR [root] invalid sha512-crypt hash15:58
kodapaanyone knows why?15:58
*** krow has joined #openstack15:59
notmynamechmouel: dolphm: not knowing much about the details, I think dolphm makes a pretty good argument16:00
chmouelyep that's fair16:00
koolhead17so keystone uses Passlib and Dash uses Pycrypto is it?16:00
*** jkyle has joined #openstack16:00
*** jedi4ever has quit IRC16:00
dolphmchmouel: well, Roles?16:00
dolphmkoolhead17: is one better than the other somehow?16:01
dolphmi think we used passlib because some other project was using it16:01
*** jedi4ever has joined #openstack16:01
koolhead17i donno am kicking my ass figuring out the deps16:01
koolhead17dolphm, dash uses pycrypto16:01
dolphmkoolhead17: i know someone said they couldn't find passlib in ... fedora (?)16:02
*** jedi4ever has quit IRC16:02
*** deshantm_laptop has quit IRC16:02
koolhead17dolphm, they could have easily installed it from PIP/easy_install :P16:02
koolhead17i think that is were kodapa is stuck16:03
swillchmouel: wow, i should have noticed this before (thanks to catch_errors, i see it now).  I know the 500 error I am getting right now is this one: proxy-server Error: http_connect_raw() got an unexpected keyword argument 'timeout'16:03
chmouelswill: that's a heu weird error, what version of swift are you using?16:04
swillchmouel: I was getting that before as well.16:04
swillchmouel: latest checkout from github16:04
swillchmouel: as well as the latest code from keystone (with your patch).16:04
*** bergerx has quit IRC16:05
swillchmouel: that is the same error i was getting before i patched, I saw it as soon as i added catch_errors16:05
*** nyeates has joined #openstack16:05
*** dobber has quit IRC16:05
*** guigui has quit IRC16:06
swillyou can confirm that there is no timeout parameter here: https://github.com/openstack/swift/blob/master/swift/common/bufferedhttp.py16:06
chmouelswill: yep i wonder how come i add that there and it works for me16:07
chmouelgive me2s16:07
swillchmouel: probably because it does not hit that because it is getting it from memcache on your machine16:07
*** adjohn has joined #openstack16:07
*** dysinger1 has quit IRC16:07
swillchmouel:  it only hits it for the non-admin account for me.16:08
koolhead17Razique, ping16:08
*** obino has quit IRC16:08
*** obino has joined #openstack16:09
*** reidrac has quit IRC16:09
chmouelswill: not sure, going to remove it16:09
*** freeflying has joined #openstack16:11
koolhead17will anyone care to share his working keystone table?16:12
*** rnirmal has joined #openstack16:12
swillchmouel: i removed it and now i get the 403 error again (which is good).  now i just need to resolve that issue.16:12
chmouelswill: great, I am going to update it and going to disable if username == tenantName then make swift_owner and make it as an option (off by default)16:13
chmoueldolphm: ^^^16:14
*** ayates83 has joined #openstack16:14
*** freeflyi1g has quit IRC16:14
*** dysinger has joined #openstack16:15
*** tylesmit has joined #openstack16:15
*** mindpixel has quit IRC16:15
uvirtbotNew bug: #893662 in quantum "Cisco CLI needs to work from installed packages" [Undecided,In progress] https://launchpad.net/bugs/89366216:16
*** deshantm_laptop has joined #openstack16:16
swillchmouel: do you know why i am getting a 403 error?  is that part of what you are working on?16:16
dillon-wRazique : never mind, i fixed it. :)16:16
swillchmouel: i can confirm that the correct identity has been returned by keystone.16:16
*** nerdstein has quit IRC16:17
chmouelswill: I am about to change this part of the code16:18
swillchmouel: ok.  let me know when you have a patch and I will test it for you.  :)16:18
*** jdg has joined #openstack16:19
chmoueltks, you will basically need to have your user with right role (specified by keystone_swift_operator_group option) which would give ACL for other users16:19
*** dillon-w has quit IRC16:20
*** TheOsprey has quit IRC16:20
*** guigui has joined #openstack16:21
uvirtbotNew bug: #893663 in quantum "Cisco CLI module does not work with installation" [Medium,In progress] https://launchpad.net/bugs/89366316:21
*** redconnection has quit IRC16:24
kodapa FaultWrapper: Values instance has no attribute 'keystone_ec1_url'16:24
kodapaAnyone? :P16:24
*** cereal_bars has quit IRC16:25
*** guigui has quit IRC16:25
swillchmouel: keystone_swift_operator_group option is added to the swiftauth filter or where?16:25
uvirtbotNew bug: #893665 in quantum "Inconsistencies in the testing section of the Cisco README" [Medium,New] https://launchpad.net/bugs/89366516:26
chmouelswill: not yet, I am going to put that by writting and post it to the mailing list before this is implemented inc ase I am missing something16:26
swillmaybe its just not in the code yet.  i will let you work and you can tell me when you have something for me to test.16:26
swillchmouel: ok cool.16:26
*** vidd-away is now known as vidd16:27
*** lorin1 has quit IRC16:28
*** popux has quit IRC16:28
agossechmouel: any hints as to what the /srv/nodes directory should look like?  or, should some process create it?  or, should it be created automatically by installing something (that in this case I might have missed)?16:29
*** ayates83 has quit IRC16:30
*** nerens has quit IRC16:34
*** dysinger has quit IRC16:34
*** ayates83 has joined #openstack16:34
btorchagosse: In swift the /srv/node is just a directory that you would created (manually) where you will have more directories like sd[a-z] for example where you will mount your devices16:34
*** dobber has joined #openstack16:35
agossebtorch: the starter guide and saio both say to create /srv/[1-4]/node/foo16:37
agossethe cacti version of the starter guide says to create /srv/node16:37
*** nerdstein has joined #openstack16:37
btorchagosse: ok .. I thought you were refering to a regular setup16:37
agossebtorch: i'm a nub, so i have no concept of "regular"16:38
*** dysinger has joined #openstack16:38
*** krow has quit IRC16:38
agossedoes anyone awake here work on atlas-lb?16:39
*** dysinger has quit IRC16:39
agossejust out of curiosity16:39
*** redconnection has joined #openstack16:39
*** kbringard has joined #openstack16:41
btorchagosse: no worries ... I need to check that saio doc since I haven't checked that in a while but the "devices" parameter and rsync configs is what will use the "/srv/node" direcotry16:41
*** chemikadze has quit IRC16:41
*** chemikadze has joined #openstack16:41
*** CaptTofu has quit IRC16:42
btorchagosse: like for example .. on  my saio setups I just have /srv/node/sd[a-d] and then I just mount either a block device or a imagefile on each location ... I don't really use the saio docs literaly :)16:43
*** dobber has quit IRC16:43
btorchagosse: checkout the http://swift.openstack.org/1.4.3/development_saio.html doc16:44
chmouelswill: so about your 403, what group/roles your user you are testing with is in ?16:45
btorchagosse: there is section there for "Using a loopback device for storage" that will help you out16:45
swillchmouel: I am testing with a keystone role of Member (does not have any association with anything else from what I can tell).16:45
swillchmouel: i had a hard time understanding how I should be setting up the roles in keystone in order to give acl permissions.16:46
*** irahgel has left #openstack16:46
swillchmouel: let me test another user in the Admin role16:46
chmoueldo you have anything special in keystone_admin_group setting ?16:47
chmouelswill: ^^16:47
swillchmouel: no, it is the default 'Admin'16:47
chmouelso the user who's owner of that account would be the one that are inside the Admin group16:48
agossebtorch: yea - there's a bit of interesting linking and stuff going on around that part of the instructions.  even funnier is the fact that if you're using the web-based viewer and you hit the next button, it skips right pass both the physical partition and the loop device bits!16:49
chmoueland that user after would give persmissions to other users for different containers readwrit etch16:49
swillchmouel: ok, i just added another user to the Admin role and i just tested with that user and it works.16:49
chmouelswill: cool, so yeah that's what we were talking about16:50
swillchmouel: how do you give permissions?  and when you talk about an 'account' what are your referring to?  a tentant?16:51
*** Ryan_Lane has joined #openstack16:51
chmouelchmouel: yep tenant(keystone)==account(swift)16:51
agossebtorch: simple steps, but when you're working through a 50-step procedure and the problem you introduced in step 13 doesn't manifest until like step 48 it's all a bit hairy.  (at least, my desk an keyboard are after pulling all of my hair out)  ;-)  Thanks for the help!16:51
chmouelchmouel: to give permission you can use the swift tool (see the --help)16:51
swillchmouel: in 'swift --help' i do not see anything about giving users permissions.16:53
swillsorry, my fault16:54
*** andyandy has joined #openstack16:54
swilli did not see everything.16:54
*** andyandy_ has joined #openstack16:54
chmouelno worries16:54
* koolhead17 raises his hand and shouts for help16:55
koolhead17DEBUG:django_openstack.api:auth_api connection created using url ""16:56
chmouelkoolhead17: you want to have a working keystone initial data?16:56
koolhead17chmouel, yes a sql file will help better, because sampledata files seems too old which i imported16:56
koolhead17also DEBUG:django_openstack.api:auth_api connection created using url ""16:56
koolhead17it makes me feel dash is talking to keystone isn`t it?16:57
*** coli has quit IRC16:58
chmouelkoolhead17: I am not sure tbh16:59
swillchmouel: so should anyone outside of the keystone_admin_group be able to do anything with the 'swift' command?  if so, does each user have to be explicitly setup by an admin?17:00
koolhead17but once i add credentials and click the server gets killed :D17:00
*** rnorwood has joined #openstack17:01
*** rsampaio has joined #openstack17:01
chmouelswill: they won't be able to do anything17:01
viddkoolhead17, how did you add dash/horision?17:02
chmouelswill: and yeah it needs to be set explicitely on each container that this other user have those ACL17:02
swillchmouel: ok.  so only the users in the keystone_admin_group will be able to use the 'swift' command.  ok...17:02
chmouelswill: yeah at first until that user give permission to other user on that same account17:02
andyandy_I want to use a flat network and different subnetwork for each project, can I do it with FlatDHCPManager or I have to use the FlatManager mode? thank you17:03
koolhead17vid simple i installed quantum saperately17:03
koolhead17in the virtualenv of dashboard :D17:03
*** guigui1 has joined #openstack17:03
koolhead17thanks to kodapa17:03
swillchmouel: ok, i will play for a bit and see if I can put together a few working examples for me to test.  thanks...17:03
koolhead17vidd, now i need your help17:03
viddso you are still doing "git"17:03
koolhead17vidd, yes17:04
viddwhat OS are you installing on?17:04
chmouelswill: yeah it's a bit confsing but I am stil working on it once this is all working I'll make a nice blog post or something like this to explain17:04
kodapachmouel: I want initial data :D17:05
viddkoolhead17, ubuntu or *something else*17:05
koolhead17ubuntu :D17:05
kodapachmouel: I can login to dashboard17:05
kodapachmouel: But Unable to list users: [Errno 111] ECONNREFUSED in Users list17:05
viddkoolhead17, if you are using ubuntu, why not use Kiall 's ppa?17:05
kodapachmouel: and Unable to get service info: This error may be caused by a misconfigured nova url in keystone's service catalog, or by missing openstackx extensions in nova. See the dashboard README.17:05
koolhead17vidd, because am experimenting :D17:06
viddkoolhead17, anyway..that is unimportant17:06
koolhead17vidd, true17:06
chmouelI am using that https://github.com/openstack/keystone/blob/master/keystone/test/sampledata.py but I am not an expert in horizon/keystone17:07
koolhead17vidd, help needed there --> keystone talking dash :P17:07
koolhead17i wonder WTF my dash gets killed once i pass user credentials :(17:08
*** catintheroof has quit IRC17:08
viddyou set up the horizon database to use mysql or the sqlite default?17:09
*** sandywalsh has joined #openstack17:10
viddis the database populated?17:10
*** dubsquared has quit IRC17:11
*** vladimir3p has quit IRC17:12
koolhead17yes i can see 5 different table17:12
viddanything in the "django_session" table?17:12
koolhead17lemme check17:12
*** pixelbeat has quit IRC17:13
*** foexle has quit IRC17:13
koolhead17vidd, its empty17:13
koolhead17and also i have not added that api-paste.ini with keystone info in nova, i am guessing that could be issue there17:14
viddadd some bogus data there and set it to an expire date that is "in the past"17:14
viddkoolhead17, it will be an issue for nova talking to keystone [and by extention horizon seeing nova] but that is not the issue you are currently having17:15
koolhead17ooh okey17:15
viddwe shall burn that bridge next17:15
viddalso, how are you launching the dashboard?17:17
koolhead17via browser17:18
viddi think you misunderstand the question.....17:19
koolhead17ummo k17:19
vidddid you add horizon manually to apache or are you using the "launch dashboard" script?17:19
koolhead17am using native django server now apache17:19
kodapavidd: I'm having problems with keystone17:20
viddkodapa what issue?17:20
kodapavidd: issue 1: Unable to list users: [Errno 111] ECONNREFUSED in /syspanel/users/17:20
kodapavidd: issue 2: Unable to get service info: This error may be caused by a misconfigured nova url in keystone's service catalog, or by missing openstackx extensions in nova. See the dashboard README.17:20
kodapavidd: I am able to login to dashboard, however17:20
kodapavidd: euca-tools isn't working either17:21
kodapavidd: with the keystone api-paste17:21
viddkoolhead17, so what you have is instead of apache giving you an error message like"unable to read session" django is just crashing =]17:21
*** vdo has quit IRC17:21
kodapakoolhead17: check if you get any python exceptions17:21
viddkoolhead17, did you add that bogus data to the "django_session" field?17:22
kodapavidd: I'm dunning keystone and dashboard from git branch stable/diablo17:22
kodapavidd: also running nova-compute packages from ubuntu 11.10 repos17:22
*** coli has joined #openstack17:22
koolhead17vidd, not yet17:22
viddkodapa pastebin me your endpoint templates from keystone database17:22
kodapavidd: okej17:22
viddkoolhead17, the bogus data should fix you right up17:23
kodapavidd: http://pastebin.com/Uc1bTT9M17:23
*** mdomsch has joined #openstack17:23
viddok ppl...please do not pm me....i cant help 2 ppl at the same time in 3 differnt windows =]17:24
viddi can only do 5 thingsa t once =]17:24
*** maplebed has joined #openstack17:25
viddkodapa your templates look off17:26
uvirtbotNew bug: #893689 in keystone "document-database-schema" [Undecided,New] https://launchpad.net/bugs/89368917:26
kodapavidd: hm17:26
*** ohnoimdead has joined #openstack17:26
viddkodapa check out my keystone database  loader script and fix your endoint templates based on that info https://github.com/vidd/openstack_installer/blob/master/keystone_template.sh17:27
kodapaI think I see the error xD17:28
viddkoolhead17, how did adding the data go?17:28
koolhead17vidd, i have added one with past date and values17:29
viddif you dont know how to add data....open phpmyadmin if you have it17:29
*** nerens has joined #openstack17:29
viddok....do you get in ?17:29
*** pradeep has quit IRC17:29
koolhead17vidd, yes there are fields which i populated there in django_sessions17:30
koolhead17as u mentioned i provided expiry date of past17:30
viddkoolhead17, restart dashboard and see if it will let you in17:30
*** adjohn has quit IRC17:30
*** abecc has quit IRC17:34
kodapavidd: okay now user management works17:35
kodapavidd: but still Unable to get usage info: This error may be caused by a misconfigured nova url in keystone's service catalog, or by missing openstackx extensions in nova. See the dashboard README.17:35
*** llang629 has joined #openstack17:35
*** abecc has joined #openstack17:35
*** helfrez has quit IRC17:36
viddis the user you are logged into part of the "Members" group? ["Members" is a specific role expected by horizon]17:36
*** Razique has quit IRC17:38
*** juddm has joined #openstack17:39
*** catintheroof has joined #openstack17:39
*** javiF has quit IRC17:39
*** llang629 has left #openstack17:40
*** dotdevops has joined #openstack17:40
uvirtbotNew bug: #893692 in devstack "stack.sh fails with ImportError in glance add" [Undecided,New] https://launchpad.net/bugs/89369217:40
*** dotdevops has quit IRC17:41
*** acomisario_ has joined #openstack17:41
*** dotdevops has joined #openstack17:42
kodapavidd: yes17:43
kodapavidd: and admin17:43
*** CaptTofu has joined #openstack17:44
kodapabrb dinner17:44
vidd"Members" [with a capital m]17:44
vidd"members" != "Members"17:45
*** juddm has quit IRC17:45
*** juddm has joined #openstack17:46
*** dotdevops has joined #openstack17:48
*** heckj has joined #openstack17:49
*** nyeates has quit IRC17:51
koolhead17vidd, no luck17:52
*** TheOsprey has joined #openstack17:52
koolhead17yet same thing am not sure if am adding data in correct table17:52
vidddo you get a traceback?17:52
*** dirkx_ has joined #openstack17:53
koolhead17testhi2011-11-20 00:00:0017:53
koolhead17this is what i added in my django_session table17:53
*** jedi4ever has joined #openstack17:54
viddkoolhead17, that should work17:54
*** dachary has quit IRC17:54
koolhead17nopes notthing just django server gets killed after passing message DEBUG:django_openstack.api:auth_api connection created using url ""17:54
viddpastebin me your local_setting.py17:56
kodapavidd: Yes, Members17:56
kodapavidd: In nova-api.log: No route matched for GET /1/admin/services17:57
*** jdurgin has joined #openstack17:57
*** Pr0toc0l has joined #openstack17:59
viddkodapa you made the proper changes to api-paste?17:59
kodapavidd: I'm not sure :P18:00
koolhead17vidd, http://paste.ubuntu.com/746170/18:00
koolhead17vidd, catch u in sometime.18:01
* koolhead17 leaves home18:01
viddkodapa how about your nova api-paste.ini?18:01
*** dolphm has quit IRC18:01
*** guigui1 has quit IRC18:02
*** koolhead17 is now known as koolhead17|away18:03
*** kaigan_ has quit IRC18:03
kodapavidd: http://pastebin.com/0mUXD0Mh18:06
viddkodapa the paste you sent earlier with your endpoints had keystone admin listening on 5001 not 35357 ... dis you fix this already?18:08
kodapavidd: keystone admin is running on port 3535718:12
viddyou updated you endpoint templates?18:13
kodapavidd: yes18:13
*** nerens has quit IRC18:13
kodapavidd: http://pastebin.com/dPg0c8f618:13
*** _rfz has quit IRC18:13
*** dachary has joined #openstack18:15
viddhrm...idk kodapa18:16
*** agosse has quit IRC18:16
kodapavidd: the error in nova-api is No route matched for GET /1/extras/usage from18:16
viddthe error message suggests that horizon is making the call to keystone, keystone is passing the request to nova, and nova is saying it cant verify authentication to send the requesed info back18:17
viddim sure ther is something simple wrong...but i dunno where to look =\18:18
*** scottsanchez has quit IRC18:21
kodapavidd: euca-tools isn't working either :(18:22
kodapavidd: Warning: failed to parse error message from AWS: <unknown>:1:0: syntax error18:22
*** bengrue has joined #openstack18:22
kodapavidd: nova.api [-] 0.5419s POST /services/Cloud/ None:None 400 [Boto/2.0 (linux2)] application/x-www-form-urlencoded text/plain18:22
*** dpippenger has quit IRC18:23
*** dotdevops has quit IRC18:24
kodapavidd: :/18:26
*** nacx has quit IRC18:26
*** dendrobates is now known as dendro-afk18:28
*** mcclurmc has quit IRC18:29
*** Pr0toc0l has quit IRC18:30
*** mcclurmc has joined #openstack18:30
uvirtbotNew bug: #893703 in openstack-integration-tests "Add metadata operations test test_images.py in strorm/tests" [Undecided,New] https://launchpad.net/bugs/89370318:31
*** krow has joined #openstack18:31
*** darraghb has quit IRC18:32
*** koolhead17 has joined #openstack18:33
viddkodapa is the user from env | grep NOVA an Admin user in keystone (with tenant=NULL)18:33
Kiallvidd: Looks like the essex dashboard (mostly) works with diablo BTW18:37
*** bonzay is now known as zz_bonzay18:38
viddKiall, nice18:38
KiallThe only (new) bug I've found so far is on the new instance detail page..18:38
Kiallif a server has a volume attached, it croaks.18:38
viddbut how often does THAT happen =]18:39
*** Ryan_Lane has quit IRC18:39
Kialllol, there is noting that important on the page..18:40
*** mnour has quit IRC18:40
viddany idea how to get the volume manager into the diablo dashboard?18:40
KiallThat would be a PITA18:41
*** reiddraper has joined #openstack18:41
viddso's not being able to add volumes via the GUI =]18:41
*** nRy has joined #openstack18:42
*** chomping has quit IRC18:42
kodapavidd: hmm18:43
kodapavidd: it should be18:43
viddkodapa look at my "convert_keystone" script to see how i get euca to work with keystone: https://github.com/vidd/openstack_installer/blob/master/convert_keystone.sh18:45
kbringardwhere are you adding ec2 credentiald to keystone?18:46
viddkbringard, in my user_add_keystone.sh script =]18:47
kbringardahhhh, nice18:48
koolhead17kbringard: supp18:48
kbringardI have everything setup and working, but I was having trouble getting ec2 creds added to keystone18:48
kbringardmostly because I had only spent 30 seconds looking at it ;-)18:48
koolhead17vidd: you are here for sometime right18:48
*** dendro-afk is now known as dendrobates18:48
* koolhead17 kicks kbringard18:48
kbringardhey koolhead17 :-)18:48
viddyeah...probably the next -12 hours =]18:49
kbringardI'm becoming more impressed with Crowbar the more I use it18:49
koolhead17vidd: awesome.18:49
viddkbringard, are you going to be stealing my script? =]18:50
kbringardperhaps… more than likely I'll use it as the basis for a new script to add users straight into keystone, instead of parsing their novarcs18:51
kodapavidd: hmm I'm missing --keystone_ec2_url in /etc/nova/nova.conf18:51
vidd[all my scripts are "public-domain....therefore cannot be "stolen"]18:51
kodapavidd: what should it be?18:51
kbringardvidd: likewise18:51
kbringardat least the ones I put out there… if I'm not allowed to share something for whatever reason I just don't put it out there :-D18:52
Kiallvidd: essex dashboard packages will be up @ https://launchpad.net/~managedit/+archive/openstack-testing/ in a bit...18:52
viddkodapa --keystone_ec2_url=http://$keystone_server:5000/v2.0/ec2tokens18:52
kbringardvidd: what happens in this case if the tennant is already there?18:53
kbringardspelling is hard18:53
viddthen dont re-add the tenant?18:53
kbringardwell right, I was just curious if you knew how keystone reacted to trying to add an already existing tenant18:54
viddin my scripts, i build a sys-admin account for keystone18:54
viddkbringard, keystone-manage throws an error and keeps chugging alone with the reset of the script18:55
kbringardah, nice18:55
*** nerens has joined #openstack18:55
kbringardand if I don't want this user to be an admin, I just don't grant them the Admin role, correct?18:55
kbringardor KeyStoneServiceAdmin18:56
uvirtbotNew bug: #893710 in quantum "Importing Quantum Tools library is in conflict with Keystone Tools library" [Undecided,In progress] https://launchpad.net/bugs/89371018:56
viddif you dont give him admin, he cant use euca18:56
kbringardorly? interesting18:56
*** anotherjesse has joined #openstack18:56
kbringardso… how do you make someone the equivalent of is_admin = 0?18:56
viddadmin=euca/glance [maybe swift?]18:56
viddmember = horizon/dashboard18:57
viddkeystone-stuff = keystone stuff18:57
Kiallvidd: nope! users can use euca2ools with or without the admin role.18:57
KiallMy account does not have admin rights, yet I can use them...18:58
viddKiall, my experience says differently...but then again, i only JUST got all my stuff to work properly =]18:58
*** lorin1 has joined #openstack18:58
viddKiall, so you can do euca-describe-[blah] without being in the admin tenant?18:59
*** Ryan_Lane has joined #openstack18:59
viddor the admin role18:59
Kiallvidd: yup18:59
*** AlanClark has quit IRC19:00
viddKiall, then perhaps the messed up keypoint templtes was throwing me off b4 =]19:00
KiallI'd bet it was ;)19:00
*** dpippenger has joined #openstack19:00
viddkbringard, Kiall trumps me =]19:00
KiallKeystone is really really simple, so long as you give it the right data!19:00
viddkeystone is evil....reminds me of one of my ex's19:01
kbringardKiall: yea, I figured, the trick is just figuring out what the right data is ;-)19:01
Kiallvidd: once the 2x green cog's on the right change to ticks... those packages are ready '_ https://launchpad.net/~managedit/+archive/openstack-testing19:01
vidddo exactly what she says and everything is fine...slip up one tiny thing and your sleeping on the curb!19:02
Kiallvidd: you had completely wrong stuff in there ;)19:02
viddkodapa whats up?19:04
*** dotdevops has joined #openstack19:04
viddKiall, did you have a change to field-test my scripts?19:04
KiallJust ordered another 24 GB ram for each of nodes... memoryc.com does great deals 72GB server ram for under €500 :)19:05
*** rustam has quit IRC19:06
KiallReally hoping it doesnt turn out to be crap memory.. but for that price, whatever.. I'll bite ;)19:06
viddKiall, when the time comes for migrating windows servers...im going to tell them they have to be re-provisioned....19:07
Kiallvidd: havent had a chance yet...19:07
kbringardwe ordered my compute nodes with 128 to start with19:07
Kiallhave you tried a linux migration yet?19:07
viddno...im still waiting for them to give me servers to handle it19:07
kodapavidd: shits not working :P19:08
viddim wondering how to do a of=>>network-path19:08
Kiallboot from CD, mount NFS or whatever .. easy19:09
viddKiall, TBH im a bit nervous about migrating these old servers19:10
viddetch and older *shiver*19:10
Kialljust dont get the if=/of= backwards and you cant damage them ;)19:10
KiallBTW - Doing it over the network is probably a bad idea..19:11
KiallLets say they have 500GB of HD space.. then.. its going to be 500GB network transfer19:11
vidd"whoops...THAT one needs to be reprovisioned...its OK it just had the billing database...."19:11
Kiallprobably faster going to a USB drive, then compressing it with qemu-img, and then pushing it over the network19:11
vidd"note to self...need to aquire 2 TB+ usb drives"19:12
coliKiall, it seems that you know a lot about keystone :-) by any chance do you know if this statement about keyston regarding swift is still valid ? "Keystone currently allows any valid token to do anything with any account."19:13
coliit's from http://keystone.openstack.org/configuration.html19:13
jdgHey Vidd, getting ready to try out your script19:13
viddjdg good luck...and let me know of anything19:13
viddso much as a typo in an "echo" command =]19:14
jdgvidd: I'll keep you posted, actually I don't think I need to modify anything in noav-settings after giving it my static IP.19:14
viddjdg, my scripts build that file for ya...and all the other data files19:15
Kiallcoli: i dont use swift, but there is a ticket filed to have that either removed or explained...19:15
Kiallmight be more detail in that19:16
Kiallit was filed by dolphm if that helps finding it ;)19:16
colikiall: so what are you using as storage for glance ? (if not swift)19:16
koolhead17Kiall: hello there :)19:16
Kiallcoli: glance can just store images straight to disk.. swift is completely optional19:17
viddKiall, the reason i asked about of=>>network-path is for local testing =]19:18
colikiall: I'm doing this like that right now, however I was thinking that the bigger and more knowledgable people do it differently ;-)19:18
Kiallah .. yea.. save yourself some time and install a test box with like a 5GB root partition ;)19:18
Kialland dont forget to switchout the standard kernels for the virtual equivalents BTW19:19
Kiallcoli: im sure many of them do, but the glance file store works fine for my use case19:19
*** joesavak has joined #openstack19:21
sloopdoes anyone use openstack in a useful, production environment?19:21
Kiallsloop: nope, nobody ;)19:22
Kiall(I'm kidding BTW)19:23
sloopfigured :)19:23
sloopit seems like the cycle is:  1) read great press about openstack  2) try to get it working  3) come on irc  4) try some more  5) give up19:23
*** dendrobates is now known as dendro-afk19:24
kbringardsloop: I don't know who can or can't talk about what, but I can tell you there are people who are using it in a useful, production environment19:24
Kiallsloop: lol .. install ubuntu 11.04 .. clone this repo http://github.com/managedit/openstack-setup .. edit settings file.. type "./all-in-one.sh" .. done19:25
slooplol ok sorry i'm just being cynical19:25
*** JesperA has joined #openstack19:28
*** anotherjesse has quit IRC19:28
kbringardhehe, it's cool, I didn't mean to dis, was just saying, I know there are people who are using it19:28
*** clauden_ has joined #openstack19:29
kbringardI think a lot of what happens is, the people who are allowed to talk about what they've implemented are still in the discovery/proof of concept phase19:29
*** jsavak has joined #openstack19:29
kbringardonce they get past that phase, their employer locks down what they're allowed to discuss about what they're implementing and why19:30
WormManand the rest of us just don't have time to talk any more :)19:30
kbringardat least, that's my theory :shrug:19:30
kbringardWormMan: lol, yes, plus once you're on the hook to deliver a prod environment you don't have time to chat any more19:30
koolhead17kbringard: +1 :P19:31
* vidd is hoping to get to the "dont have time to talk" phase =]19:32
*** imsplitbit has quit IRC19:32
* koolhead17 kicks vidd19:33
* vidd canes koolhead17 19:33
*** joesavak has quit IRC19:33
koolhead17vidd: that would be scary :P19:33
WormManI'm just trying to see how to manage my guest clock19:33
*** pweiss has joined #openstack19:33
WormManI really don't want to run ntp19:33
*** dirkx_ has quit IRC19:35
viddim so looking forward to not having to spen 3 hours on the phone with a customer because others cant program a simple DSL modem =]19:35
Kiallgotta love nova's fondness of the dd command when you delete stuff -_-19:35
*** clauden_ has quit IRC19:38
*** sandywalsh has quit IRC19:41
*** dendro-afk is now known as dendrobates19:42
*** sandywalsh has joined #openstack19:42
*** jdg has quit IRC19:43
*** clauden_ has joined #openstack19:45
koolhead17vidd: does keystone has tag as well on github?19:46
koolhead17vidd: i meant tag for diablo for keystone19:47
*** clauden_ has quit IRC19:47
viddi woul imagine19:47
*** clauden has joined #openstack19:47
viddi dont use git...i use Kiall 's repos19:47
Kiallkoolhead17: if you are getting the code for git, you probably dont want the tag anyway. the stable/diablo branches are .. well .. the stable version of diablo19:48
*** redconnection has quit IRC19:48
koolhead17Kiall: thanks. :)19:48
*** dolphm has joined #openstack19:49
koolhead17Kiall: i just want to get used to this github thing, once am there and done will use your PPA :D19:49
viddkoolhead17, why would you WANT to use the git's?19:52
viddtake it drom me...its like trying to use a crowbar to open a winebottle19:53
*** MarkAtwood has quit IRC19:53
*** redconnection has joined #openstack19:54
vidd[or a spoon to back-the Grand Canyon]19:54
*** hingo has joined #openstack19:55
*** sandywalsh has quit IRC19:55
Kiallyea, end users of openstack really aren't meant to be using the git repos etc.. The git repos are really for developers and packagers..19:55
*** hggdh has quit IRC19:56
kodapavidd: I'm getting this in keystone log in verbose mode: http://pastebin.com/enLxKMP019:57
kodapavidd: that aint right?19:57
kodapaWHERE credentials.type = ? AND credentials."key" = ?19:57
Kiallkodapa: its a prepared statement, they will get filled in..19:57
kodapaKiall: Yeah19:58
kodapaI'm a little bit tired after 55+ hours trying to get openstack up :P19:58
kodapa55+ working hours19:58
kodapastupid shit19:58
kodapagiving up soon19:59
viddkodapa what os are you using?19:59
kodapavidd: ubuntu 11.1019:59
viddkodapa make it easier on yourself...use either Kiall 's or my scripts =]19:59
*** jmckenty has joined #openstack19:59
kodapavidd: It's not a single server setup19:59
Kialldoesnt matter ;)20:00
*** swill has quit IRC20:00
kodapaI had everything running yesterday20:00
kodapaBut then a nova-compute update from apt repos broke everything20:00
viddtotal setup from starting clean install to launching first instance with my script < 3 hours (while making adjustments to botched scripts)20:01
kodapaThey removed some stuff so my api-paste broke20:01
Kiallvidd: lol? really?20:01
kodapavidd: point is, I have deadline tomorrow20:01
KiallI've got it down to under 30 minutes.. including installing the server ;)20:01
kodapaI'm fucked :P20:01
viddkodapa no...use our scripts20:02
viddKiall, my time included formating the hard drives and my connection speed socks20:02
viddKiall, remember...i only have 2 gb of ram here =]20:03
*** swill has joined #openstack20:03
kodapavidd: no time reinstalling now20:04
Kialllol, I have more than that in my desktop ;)20:04
kodapavidd: i still had everything running yesterday20:04
kodapauntil an apt-get upgrade20:04
viddkodapa if you start fresh, we can get you at the bar in time for happy-hour =]20:04
KiallLol .. You can.. I'm out in a few ;)20:04
koolhead17vidd: :P20:05
*** p0 has joined #openstack20:05
kodapavidd: no20:05
kodapait's time to prepare servers for move to the DC20:05
kodapaThat's how we work, no time to finish things20:06
coliaall, what do you think about rackspaces refernce architecture for openstack ? http://www.referencearchitecture.org/20:06
*** cereal_bars has joined #openstack20:07
*** po has quit IRC20:08
*** johnpur has joined #openstack20:08
*** ChanServ sets mode: +v johnpur20:08
Kiallcoli: honestly haven't read it..20:09
*** deshantm_laptop has quit IRC20:09
*** hggdh has joined #openstack20:09
*** praefect has joined #openstack20:11
*** anotherjesse has joined #openstack20:12
coliKiall: just reading your scripts, and in all-in-one.sh there is a message "echo "\n\nAllow root remote access to SSH! Do this in another window!"" then SQL statment granting rights to mysql, shouldn't the statment be "access to MySQL" ?20:12
coliKiall: or somehow later you set nss and pam to use mysql ?20:13
Kiallit should say MySQL ;')20:13
*** swill has quit IRC20:13
colikiall: now... how should I trust the rest ? ;-)20:13
*** anotherjesse has quit IRC20:13
Kiallall-in-one.sh is really a bit of a hack/experiment.. as the commit message says!20:14
viddcoli, maybe you might want to look over mine =]20:14
Ryan_LaneI'm following this upgrade guide: http://docs.openstack.org/diablo/openstack-compute/admin/content/migrating-from-cactus-to-diablo.html20:14
Ryan_Laneand things aren't exactly working smoothly20:14
Ryan_Laneeven at the first step20:14
Ryan_Lanethe glance package errored out because it tried to update the database20:15
Ryan_Lanealso, glance is installed on a node with other openstack packages, so apt-get upgrade is a really, really poor choice of commands to put into the documentation20:16
colikiall: it was just a joke ;-) my sens of humor sometimes is bit twisted ;-)20:16
*** imsplitbit has joined #openstack20:16
colividd: don't worry I will get there ;-)20:16
Kiallcoli: no worries ;)20:16
Ryan_LaneI'm assuming it has an error because I used apt-get install glance  python-glance?20:16
DW-10297coli: I don't think you can really take a cloud seriously if it says: SAN as Storage Option20:17
DW-10297Not available at this time.20:17
Kiallkodapa: password? lol20:17
viddcoli, my scripts do a bit more...like set each app with its own database usre and secure password20:17
kodapaKiall: no, just rage20:17
*** webx has joined #openstack20:17
coliI'm after my two first openstack installs from clean (just nova + glance), now getting ideas how to do it properly with keystone and dashboard20:17
Ryan_Laneanyone here have any idea about upgrading from cactus to diablo?20:17
viddand changes rabbit user and pass to "not the default"20:17
*** anotherjesse has joined #openstack20:18
*** mgius has joined #openstack20:19
koolhead17bloody dash is like a gf with mood swing everyday.........20:19
*** dgags has joined #openstack20:19
kerouackoolhead17: ok... so i don't install it then?20:19
colividd: that very wise from the security pov and says a lot about the author...20:19
viddhehe koolhead17 its keystone that has the attitude =]20:19
kerouaci haven't installed a dashboard yet20:19
*** tylesmit has quit IRC20:20
koolhead17kerouac: don`t worry your not alone :P20:20
coliDW-10297: like it or not they are making big money on cloud. marketing can do wonders to technology :-)20:20
viddcoli, i had the ocupation once of being security enforcment manager =]20:20
koolhead17vidd: haha. i was more concerned about the mood-swing part :P20:20
viddlogin security20:20
koolhead17attitude can b handled20:20
colividd: you mean a bouncer ?20:20
kerouaccan i use a different scheduler with nova?20:20
viddno datacenter that processed online orders20:21
Kiallcoli / vidd: yea.. see I went for as simple as possible.. Just get shit working and them let the sysadmin, ya know, do their job!20:21
*** tylesmit has joined #openstack20:21
kerouaclike, PBS?20:21
*** anotherjesse has quit IRC20:21
kodapavidd: wtf, now I'm getting CRITICAL nova [-] No module named ec2_token20:21
DW-10297coli: Sure they can because they're a managed service your average hosting customer isn't going to know that their data isn't replicated20:21
colikiall: it's good as well from the proof-of-concept pov,everybody has differnt way to approach these projects20:21
viddkoolhead17, you obviously never dated the women I dated =]20:21
koolhead17vidd: i would agree on that. :P20:22
viddkodapa you must have the broken keystone from apt-get20:22
*** paltman_ has quit IRC20:22
koolhead17kodapa your almost there dude :)20:22
kodapavidd: Yeah I'm trying everything now20:23
viddkodapa get Kiall 's ppa20:23
Kiallkodapa: yea the ubuntu packages are broken..20:23
*** cburgess has quit IRC20:23
*** cloudfly has quit IRC20:23
viddim telling you...that and 15 minutes till beer-thirty20:23
*** agy has quit IRC20:23
*** mu574n9 has quit IRC20:23
Kiall(and missing piles and piles of bugfixes that have been released sinec)20:24
viddapt no more "apt-get broke my stuff"20:24
coliDW-10297: they probably use just raid-10 local storage and iSCSI when need to move the compute node... whatever they are doing I would love to know how, as they are making money :-)20:24
Kialldiablo was rushed out the door just in time for oneiric, neither ended up having enough time..20:24
DW-10297coli: the data for the VMs is just stored on the individual nodes, if the node your application is hosted on explodes, the data is gone20:25
kerouaci haven't had opportunity for openstack to screw up on me20:25
*** mu574n9 has joined #openstack20:25
kerouacso far it's been nice20:25
*** agy has joined #openstack20:25
kerouaci'm using the more mature components, tho20:25
Ryan_Lanewait, is the ppa really broken?20:25
kerouacmaybe that's why20:25
viddkerouac, i was about to ask how long you used it...15 seconds =]20:25
*** mu574n9 is now known as Guest7347220:25
kerouacvidd: i'm still a n00b20:25
coliDW-10297: the riskt for it expldoing is low, the sla guarantees just single mrc  if things go bad.20:26
*** hggdh has quit IRC20:26
DW-10297coli: it's basically the same as traditional VPS service20:26
kerouacand the demands/expectations for what i need from it are low at this time20:26
coliDW-10297: if the host breaks then disks usualy are fine, and you can move them to new machine20:26
DW-10297which people have been doing for like a decade20:26
viddRyan_Lane, if you are using straight-up *buntu, yes20:26
Ryan_Lanewhat about this one: https://launchpad.net/~openstack-release/+archive/2011.320:26
Ryan_Lanenot that the upgrade instructions are actually working for me20:26
coliDW-10297: if just one disk fails then you can replace them quickly (had seen a supermarket troleys in leasweb full of disks for changing)20:26
*** cburgess has joined #openstack20:26
*** agy has quit IRC20:27
coliDW-10297: except for automation, how else does cloud really differ from vps ?20:27
viddRyan_Lane, try https://launchpad.net/~managedit/+archive/openstack/20:27
WormMansigh, I'm gonna have to run ntpd in my guests aren't I20:27
*** agy has joined #openstack20:27
Ryan_Laneofficial docs say: https://launchpad.net/~openstack-release/+archive/2011.320:27
viddand how are they working out for you =]20:28
Ryan_Lanei'm not using some random ppa20:28
coliDW-10297: in my opinnion clould is just a new marketing mumbo jumbo, as the technology behind is as old as you saying just made more automated20:28
Ryan_Lanewith typos in the docs20:28
Ryan_Lanethat are for oneric20:28
*** paltman has joined #openstack20:28
DW-10297coli: it's supposed to be highly available, so if one computing node fails the VMs running on that node start up on another node automatically, as far as I know Openstack is the only system that doesn't support shared storage20:28
Ryan_LaneI'm using lucid20:28
coliDW-10297: however as long as it's going to make me money I cannot compalin :-)20:28
*** woleium has joined #openstack20:28
viddKiall, have you tested your stuff for natty?20:28
Kiallvidd: nope20:28
Kiallhence why the PPA only has oneiric packages20:28
viddRyan_Lane, are you intending on adding keystone at this time?20:29
viddthen that ppa should be fine20:29
KiallI'm pretty sure a pile of python packages need backporting for diablo on natty.. hence I havent even tried20:29
coliDW-10297: it seems to be just a matter of time.20:29
viddkeystone/dashboard are what's borked 6 ways to next tuesday20:30
coliDW-10297: I'm just wondering doesn;t really support even iSCSI ?20:30
DW-10297coli: No, it's built in a way that assumes that your applications can be spread out among multiple hw nodes and it's intended that you will then pay for load balancing20:30
*** hggdh has joined #openstack20:30
viddRyan_Lane, as far as typos in the documentation, it was written by razique...hes french =]20:31
* Ryan_Lane dislikes ppas20:31
coliDW-10297: can you recommend other system which is adaptable, "sort of" compatible API with EC2 ?20:31
* vidd hates ppa's as well20:31
KiallDW-10297: openstack supports shared storage...20:31
Ryan_Laneyou never know if someone is sticking nasty crap into them20:31
kodapatrying the ppa now20:31
Kiallboth for nova-voulme and instance live migration20:31
viddtook a month before resigning to using Kiall 's ppa =]20:31
Kiallvidd: lol ;)20:31
WormManI'm of the opinion that people should just learn to write software for the cloud, instead of trying to make the cloud into vmware :)20:32
DW-10297Kiall: really it's made to work with volumes hosted on ISCSI?20:32
kerouacwhat's ppa?20:32
Kiallwoleium: agreed20:32
*** jedi4ever has quit IRC20:32
viddi have the holes in the wall to prove i tried otherwise =]20:32
DW-10297WormMan: the point is if you're asking someone to pay you to host it for them it's not really your place to say20:32
WormMan(yes, I admit, things like databases will still need shared/persistent storage until all the magical cloud dbs work right)20:32
viddppa = "personal Package Archive"20:32
KiallDW-10297: eg https://github.com/openstack/nova/blob/svtable/diablo/nova/volume/san.py#L5320:33
DW-10297that's a 40420:33
viddkerouac, https://launchpad.net/~managedit/+archive/openstack/20:33
WormManif you want vmware live migration and HA, you're gonna pay for that, if you want cheap hosting and can write your app to be resilient, then the cloud it is20:33
KiallDW-10297: uhh.. not its not?20:33
kerouacit's a good link20:33
KiallDW-10297: weird20:34
Kialli just copied that from my browser -_-20:34
KiallDW-10297: https://github.com/openstack/nova/blob/stable/diablo/nova/volume/san.py#L5320:34
Kiallno idea how i messed the link up -_-20:34
WormMan(for our couple db instances we're using NFS mounted to the VM)20:34
DW-10297The reference architecure published by rackspace even says: SAN as Storage Option Not available at this time.20:35
kodapaimages broken20:35
KiallDW-10297: the "reference architecure" is their template doc they send to cloudbuilders clients..20:35
viddkodapa told ya... now for the "15 minutes" part =]20:35
KiallSince they use all DELL HW, and and there is no Dell ISCSI code in nova, its not available via them20:36
viddfix your images and you should be golden20:36
*** exprexxo has joined #openstack20:36
coliDW-10297: in my opinnion cloud is supposed to be used for horizontaly scalling apps, otherwise it's a grid app20:36
DW-10297iscsi is an open protocol why does it need specific dell ISCSI code?20:36
DW-10297or hp/lefthand, etc20:37
KiallDW-10297: because the iscsi protocol does not provide for provisioning.20:37
*** sandywalsh has joined #openstack20:37
*** sandywalsh_ has joined #openstack20:37
KiallHence why there is a HP/Lefthand driver in nova...20:37
*** deshantm_laptop has joined #openstack20:37
DW-10297Sorry if I'm asking too many questions but why does it need to be provisioned, if you just have a large chunk of storage available via ISCSI can't nova simply manipulate the image files directly?20:38
KiallDW-10297: Anyway - The point is, you are confusing "stuff rackspace sell's and support's" vs openstack20:38
coliwormMan: then what a cloud is ? is a grid or is it a automated ha version of vps ?20:38
WormManI consider a cloud to be a an API to launch and terminate instances, what you do with it is up to you :)20:39
KiallWormMan: exactly ;)20:39
DW-10297If I take a stock linux box and use an iscsi initiator to connect to an iscsi target and then create a fs/write files to /dev/sdxxxx there is no provisioning involved there.20:39
KiallDW-10297: except thats not what nova wants..20:40
DW-10297That sounds like a nova problem20:40
* Ryan_Lane groans20:40
Ryan_Laneglance upgrade failed20:40
Ryan_Laneglance-manage db_sync failed with this: (1050, "Table 'images' already exists")20:41
KiallDW-10297: Maybe, but I reckon you don't understand the architecture and are jumping to conclusions over how you would do it...20:41
*** MarkAtwood has joined #openstack20:41
coliwormman: os it's a grid :-) I didn't know then that I was using cloud some 20yrs back :-)20:42
KiallJust think about having thousands of volumes - accessible from thousands of instances - spread over hundreds or more servers.. then let me know how 1 iscsi export is gonna do the trick...20:42
coliKiall: thanks for pointing out the iScsi support, I was sure that I have seen it20:43
koolhead17Ryan_Lane: :)20:44
*** nyeates has joined #openstack20:44
DW-10297So what happens when a user has equallogic, or any SAN that isn't HP or Solaris?20:44
Ryan_Laneglance-manage db_version -> 020:44
Ryan_Lanewhy is it trying to create the images table?20:45
Ryan_Laneinstead of trying to update it?20:45
coliDW-10297: user can write his own drivers ? ;-)20:45
viddRyan_Lane, sorry...dunno =\20:46
*** Ryan_Lane is now known as Ryan_Lane|away20:46
KiallDW-10297: they need to either write some code, or ask their SAN vendor to write some code20:46
Kiallopenstack can't and should not support every single vendor's hardware that has even been in existence.20:47
KiallInstead, they support a small number of reference implementations.20:47
WormManprovide an API!20:47
* WormMan grumbles and goes back to figure out why his previously working dnsmasq overrides don't seem to be working any more20:48
KiallWormMan: they do ;) Its just a python rather than web service API ;)20:48
*** dprince has quit IRC20:49
coliwormman: tcpdump is your friend :-)20:49
*** PotHix has quit IRC20:49
WormMancoli: luckily, it's obvious, the working vlan had dnsmasq restarted, the non-working one didn't20:49
coliwormman: do you use nova-network on each nova-compute node ? or a single nova-compute as gateway or maybe a hardware gateway ? I tend to go towards nova-compute+nova-network on each compute node (like in rackspace ref.arch.)20:51
*** MarkAtwood has quit IRC20:51
WormMancoli: each nova-compute node20:51
Kiallsame here.. why add another bottleneck?20:52
coliwormman: amny nodes ? are you in production or still in proof-of-concept stage ?20:52
WormMan112 nodes, we're 'production' in the sense that we have customers on it, but their prod code won't be running for a few months20:52
colikiall: just asking, been playing with openstack just for few days, have only two clean installs of nova+glance behind me just thinking about a new ideas for new install20:53
WormManalso had to run nova-api on compute as large launches caused nova-api to fall over when they went to grab their ec2 metadata20:53
*** MarkAtwood has joined #openstack20:54
*** swill has joined #openstack20:54
coliwormman: do you use dashboard or in-house management app ?20:55
mdomscheach storage vendor has their own APIs to cause LUNs to be created, destroyed, snapped, replicated, etc.20:55
uvirtbotNew bug: #893757 in nova "xml.etree.ElementTree.ParseError not supported in Python 2.6" [Undecided,New] https://launchpad.net/bugs/89375720:55
Kiallmdomsch: exactly..20:55
WormMancoli: we have dashboard, but our client uses their own custom app to manage their environment20:56
WormMan(it launches instances, deploys code, etc)20:56
mdomschI did a PoC a few years ago, plumbing the EqualLogic CLI into libvirt via ssh.  Ugly as sin, but it worked.20:56
*** JesperA has quit IRC20:56
*** nerdstein has left #openstack20:56
koolhead17jsavak: hey there20:57
*** jedi4ever has joined #openstack20:57
jsavakkoolhead: hi!20:57
coliwormman: it's a big advantage of openstack being compatible with ec2 and s320:58
WormMancoli: yea, their app is presently mostly using ec2, but they're working on it(and fog, the ruby cloud bindings) to use some of the Openstack specific features20:58
colicustomers can swiftly move from amazon to new platform20:58
coliI'm counting on that to move customers from aws to local platform ;-) i hope it works out.20:59
*** johnpur has quit IRC21:03
*** MarkAt2od has joined #openstack21:04
*** Ryan_Lane|away is now known as Ryan_Lane21:05
*** MarkAtwood has quit IRC21:07
coliKiall: out of curiosity why are you using in your scripts private ip ranges for floating and fixed ips ?21:07
coliin mose cases floating ip would be from a public range21:08
*** redconnection has quit IRC21:08
*** primeministerp has joined #openstack21:08
viddcoli, its a "adjust to suit" thing =]21:09
viddmy script asks you for those ranges =]21:09
viddbut i have yet to set up vlan21:09
viddso flatdhcp is oly used [currently]21:10
viddi dont want to break stuff just yet =]21:10
coliI'm asking thse questions 'cause I'm so new to openstack that I'm all the time usure if I'm making the right assumptions, and worried that I will assume some things which are totaly wrong.21:11
viddhe uses the private ips because its a "quick and dirty" install21:11
*** MarkAtwood has joined #openstack21:11
*** primeministerp has quit IRC21:12
coliI started with flatdhcp for my first install, then became more adventurous on my second ;-)21:12
viddonce you are familiar with what its doing, and your ready for a proper production install, you will want to use "live" data =]21:12
viddcoli, i spent 3 weeks getting my scripts to work properly and work all the bugs out =]21:13
*** mattray has quit IRC21:13
viddi need a break before i start introducing more stuff and breaking working stuff =]21:13
*** MarkAt2od has quit IRC21:13
*** primeministerp has joined #openstack21:13
colii'm just playing with it in order to have an idea how all the standard gnu tools interact together to form a magic cloud called openstack ;-)21:13
*** jmckenty has quit IRC21:14
viddits more like an evil witch than a magic cloud =]21:14
colisometimes I'm wondering "what were they smoking" ;-)21:15
coliwhatever it was, it had to be good21:15
viddKiall talks about how easy keystone is to set up...he forgets to mention the pain it is to find out what small typo causes massive breakage in it =]21:15
Ryan_LaneI had to manually update the stupid version until glance-manage db_sync worked21:16
coliit's like sql then ;-)21:16
Ryan_Lanethat's just rediculous21:16
viddno....nothing so simple coli21:16
*** jmckenty has joined #openstack21:16
colividd: let me find out then, I will let you know tomorrow how it went ;-)21:17
*** MarkAtwood has quit IRC21:17
colividd: did I read correctly (some hours ago on this channel) that you cannot have tenant and user (under different tenant) with same "name" as it causes trouble ?21:18
*** Pr0toc0l has joined #openstack21:18
dolphmvidd: something i need to fix? lol21:19
*** jmckenty has quit IRC21:19
Pr0toc0lhello all...quick question on a compute node....can someone tell me what the nova.conf flag is for having the vm's use the compute node's public facing network interface as it's nat versus the cloud controller's?21:19
viddyou can have user "joe" under tenant "smith" then add user "joe" to tenat "McFly"21:19
viddits the same "joe"21:19
vidddolphm, i dont much like the many-to-many relationships21:20
dolphmvidd: one user belonging to many tenants?21:21
viddi want user "joe" in the tenant "smith" to be a different entity then user "joe" in tenant "McFly"21:21
colidolphm: just a matter of a comment in keyston documentation regarding "Keystone currently allows any valid token to do anything with any account." for swift. is it still valid ?21:22
*** sdake has quit IRC21:22
dolphmvidd: ah, that's where id's & names come in... we're just around the corner from supporting that use case21:23
colividd: I was thining about the situation where: user "joe" is under tenant "smith" then you have another tenatn called "joe" with some other users.21:23
WormManand this is why I cheated :)21:23
dolphmcoli: that should be supported soon as well21:23
dolphmvidd: we're going to start issuing uuid's as ID's, and i'd like to drop the requirement that names be unique -- this would apply to users, tenants and roles at first21:24
viddWormMan, i shall use that "cheat" as well21:24
*** jmckenty has joined #openstack21:24
vidddolphm, can you possible force-feed required-by-apps roles21:24
viddfor example, "Members" is a required role to access dashboard21:25
colidolphm: is the comment "Keystone currently allows any valid token to do anything with any account." in the keystone documentation for swift still valid or is already fixed ?21:25
viddwhen keystone builds its database, this role should auto-populate21:25
viddsame with the "in order to modify keystone" roles21:26
*** MarkAtwood has joined #openstack21:26
*** jdg has joined #openstack21:26
jsavakvidd: I'm a bit agianst that because not all openstack implementations would have dashboard. Instead, the service should register the roles is needs within keystone.21:26
colividd: in other words you would assume that all users should be part of "Members" by default ?21:26
dolphmcoli: we have an open bug for that comment21:27
*** peteroplus has joined #openstack21:27
peteroplushi all someone with experience integrating swift with keystone ?21:27
colidolphm: I know, as I have seen you comments there I just though that maybe you have some more info ;-)21:27
viddno...all users should NOT have "Members" as default21:27
dolphmjsavak: but keystone should create it's own roles - Admin and ServiceAdmin -- which we can do in essex w/ migrations21:27
*** kbringard has quit IRC21:27
peteroplusim getting the "object has no attribute find"21:27
dolphmcoli: i think yogi is researching that one21:27
jsavakdolphm: those roles are more associated with keystone functions rather than service functions21:28
viddbut "Members" should be a role keystone reserves and auto-implements21:28
dolphmvidd: there's a migration in review to do exactly that -- but not for Admins21:28
viddyou guys rock =]21:28
*** vladimir3p has joined #openstack21:29
viddit was a typo?21:29
peteroplusanyone :( ?21:29
dolphmpeteroplus: ask your question, several of the guys here can probably help out21:30
vidddolphm, he is getting"object has no attribute find" with keystone/swift integration21:31
peteroplusok, when i finish setting up all my keystone and switf environment , and i try to test it with the swift tool i get : AttributeError: 'NoneType' object has no attribute 'find'21:31
* Ryan_Lane sure hopes nova upgrades easier than glance21:31
peteropluson my keystone table my user is relationed with my tenant21:31
jsavakpeter: any trace in the logs?21:31
dolphmvidd: peteroplus: do you know if that's coming from swift or keystone?21:31
peteroplusand the service for swift asosciated with the tenan too so the endpoint template21:31
viddpeteroplus, paste the endpoint template for your swift in keystone21:32
peteroplusdolphm comes from the swift tool execution21:32
viddthe template...not the endpoint21:33
*** krow has quit IRC21:33
*** jmckenty has quit IRC21:33
peteropluskeystone-manage endpointTemplates add RegionOne swift 1 121:33
dolphmpeteroplus: i don't see anywhere in keystone (or middleware) where we access an attribute called 'find'21:34
dolphmi'll poke at swift too though21:34
viddpeteroplus, your middle endpoint template is malformed....21:34
peteroplusthats from the documentation vidd21:35
peteroplushow should i write it ?21:35
viddat the least it should have the v1/AUTH_%tenant_id%21:36
viddand it should be using whatever port uses for admin stuff21:36
* Ryan_Lane sighs21:36
peteroplusok, but the ip should point to the swift proxys21:36
Ryan_Laneoh. right. nova-manage db sync failed too21:37
dolphmjsavak: isn't keystone-manage awesome? ^^ ;)21:37
Ryan_Laneunknown encoding: binary <- anyone ever seen this?21:37
koolhead17vidd: i am still stuck at same satage21:37
jsavakdolphm: it'll get there21:37
peteroplusor to keystone at port 35375 vidd ?21:37
koolhead17dashboard dies21:37
koolhead17once i submit the details21:37
viddkoolhead17, i was stuck too...then i used ppa's and got unstuck21:37
dolphmpeteroplus: probably not keystone (35357)21:37
peteroplusok so the 8080 proxy ports from swift21:38
koolhead17vidd: :P21:38
peteroplusill try changing the middleware url21:38
viddpeteroplus, you want swifts admin port#21:38
peteroplusok let me check that vidd21:39
koolhead17vidd: no option of getting it working without PPA :D21:39
*** lorin1 has quit IRC21:39
*** dgags has quit IRC21:40
viddkoolhead17, im sure there is...but i dont know what it is...you insist on using venv whereas i refuse to protect something with god rights from security updates21:40
dpippengerin the nova networking db table, what is the difference between the "bridge" field and "bridge_interface" field?21:41
koolhead17vidd: calm down. :)21:41
viddthis IS me being calm =]21:41
* koolhead17 is scared of vidd21:42
viddas you should be =]21:42
peteroplusvidd, changed the middle url , still failing with the same error21:42
viddlittle kids dress up as me for halloween21:42
koolhead17vidd: haha21:42
Ryan_Laneanyone know why my nova db sync might fail due to an improper character set?21:42
*** miclorb_ has joined #openstack21:43
Ryan_Lanedid cactus not set the default, and therefore my database tables now have the wrong character set?21:43
peteroplusvidd seems like a url parsing error , we re debugging the parsing21:43
viddRyan_Lane, dunno...i never used cactus =\21:43
Ryan_Lanethis really is a terrible, terrible upgrade21:44
*** krow has joined #openstack21:44
*** magg has joined #openstack21:44
*** jseutter has joined #openstack21:44
maggim using kiall packages but im getting this error on the compute node21:44
maggplz help21:44
Kiallmagg: it looks like your half using my packages...21:45
*** FallenPegasus has joined #openstack21:45
Kialldpkg -l | grep -E "(openstack|nova|glance|keystone)"21:45
viddKiall, dollars to donutes he dont have your PIN21:45
viddor euros to eclairs if you prefer =]21:46
Kiallvidd: how many eclairs?21:47
viddmagg, did you apt-get install managedit-openstack-pin?21:47
Kiallbrb - making room in the fridge...21:47
Kiallvidd: #1 on his list21:47
viddone eclair per euro21:48
*** MarkAtwood has quit IRC21:48
*** juddm has quit IRC21:48
jdgvidd:  Pretty impressive!!21:49
jdgScript seemed to run without a hitch21:49
maggits says on the pastebin i got it, right21:50
swillchmouel: (just getting back to this) i have successfully written read and write acl strings to a container, but i am still having issues.  is there a reference somewhere that defines the format of the acl string that needs to be passed.  is it '<tenant>:<username>' or must '<username>'.21:50
jdgAlthough I don't seem to know what "user Name/Password" the dashboard is looking for.21:50
*** dirkx_ has joined #openstack21:51
Ryan_Lanedoes anyone know what the character set for the database and table is supposed to be?21:51
*** sdake has joined #openstack21:51
Ryan_Laneapparently I'm going to have to fix this manually too21:51
viddjdg, your server-path file is holding that info [in case you forget what you set]21:51
maggwhat can be the problem21:52
Kiallmagg: they look right..21:52
Kiall1 sec21:52
Kiallaccidently messed up an nginx config..21:52
Kiallevery URL now points to the homepage -_-21:52
*** dysinger has joined #openstack21:52
swillKiall: ouch...21:53
*** MarkAtwood has joined #openstack21:53
*** Vinsh_HP has quit IRC21:53
viddjdg, you good now?21:53
viddRyan_Lane, utf_8 IIRC21:54
Ryan_Lanewith which collation?21:55
*** statik has joined #openstack21:55
vidduhhhh default?21:55
*** Vinsh_HP has joined #openstack21:55
jdgHave some errors in the overview21:55
maggdo i need to install keystone on the compute nodes?21:55
Ryan_Laneugh. I'm going to need to modify all the tables too.21:56
*** FallenPegasus has quit IRC21:56
jdg"Unable to get service info: This server coul dnot verify that you are authroized to access...."21:56
viddRyan_Lane, my phpmyadmin says "utf8_general_ci" if that means anything to you21:56
*** joesavak has joined #openstack21:56
*** jsavak has quit IRC21:56
viddmagg, no...just need it on one node21:57
*** jmckenty has joined #openstack21:59
maggall the services on the compute node get XXX22:00
*** ejat has joined #openstack22:00
maggis because of that error?22:00
jdgvidd:  Exception at /syspanel/images.. looks like my authorization isn't working right.22:00
jdgraise exception.NotAuthorized()22:00
viddjdg, look in your keystone database....22:01
viddunder users22:01
*** joesavak has quit IRC22:02
viddis there a user that matches the "ADMIN_USER" from your server-path file?22:02
*** peteroplus has quit IRC22:02
*** praefect has quit IRC22:02
*** heckj has quit IRC22:03
jseutterI just completed a stackops allinone install.  How do I log into the system or find out how to set up my EC2* variables?22:03
viddjdg, if you used my scripts, you have phpmyadimn installed22:03
*** exprexxo has quit IRC22:03
*** mgoldmann has quit IRC22:03
jdgvidd:  keystone database in mysql you mean?  And yes I used your script22:03
*** coli has quit IRC22:03
viddjdg, yes...in phpmyadmin22:03
jdgHow do I use phpmyadmin?  Sorry, I'm a newb!22:04
*** joesavak has joined #openstack22:04
Ryan_Lanewell, it's not the character set of the tables...22:05
Ryan_Lanewhy is sqlalchemy returning this: LookupError: unknown encoding: binary22:05
*** MarkAt2od has joined #openstack22:05
jdgvidd: got it, thanks.22:06
*** jmckenty_ has joined #openstack22:06
Ryan_LaneI also get that error when I do nova-manage db version22:06
Ryan_Lanethat didn't happen when I was on cactus22:06
*** jmckenty has quit IRC22:06
Kiallmagg: sorry, what was the PB error URL again?22:06
viddjdg, does the user listed as "ADMIN_USER" in your server-path file match the one listed in the keystone database?22:08
jdgvidd:  sorry, stepped away.  Yes, oddly it's there.22:08
*** GheRivero has joined #openstack22:09
*** MarkAtwood has quit IRC22:09
Kiallmagg, try installing the python-keystone package and restarting nova-api?22:09
*** vladimir3p has quit IRC22:09
viddso the "ADMIN_PASSWORD" listed in your server-path file should = the password you need with that user in dashboard22:09
swilldoes anyone know how the options '--read-acl' and '--write-acl' for the 'swift' command are formatted (i am using swift_auth, if that matters).22:09
*** jmckenty_ has quit IRC22:09
viddalso, is the username you gave for your nova project listed there as well?22:09
Kiallmagg: actually.. what sort of install are you doing? just nova?22:09
notmynameswill: http://programmerthoughts.com/openstack/swift-permissions/22:09
jdgYep, that's what I'm using.  I'ts odd becuase it lets me log in, just certain "features" fail22:10
jdgvidd: no my project user isn't in the database22:10
*** mattray has joined #openstack22:10
maggmulti node22:10
viddrun the user_add_keystone script to het that22:11
viddwhat features fail?22:11
Kiallmagg: Well, it looks like you only have nova installed, but have configured nova to use keystone22:11
*** joesavak has quit IRC22:11
viddfailed features=script issues22:11
*** redconnection has joined #openstack22:11
maggno i have installed glance keystone and nova on the controller22:12
maggthis is a compute node22:12
Kialland this is a compute node?22:12
*** coli has joined #openstack22:12
jdgSo in the dashboard:  Overview has an error (the one I described) and if I try to access "images" I get the exception.NotAuthorized()22:12
Kiallmagg: ah okay, then yes. if you want nova-api on the comutes nodes..22:12
Kiallpython-keystone will be needed aswell, if you use keystone22:13
swillnotmyname: thank you...  i should be able to figure out what the equivalent will be for swift_auth.22:13
notmynameswill: cool. the format for the headers should be the same22:13
*** MarkAtwood has joined #openstack22:13
*** JesperA has joined #openstack22:14
viddjdg, do you have pastebinit installed on your system?22:14
jdgvidd: no, but I can install it22:14
Kiallmagg: that fix it anyway?22:14
viddid like you to pastebin me the keystone_template.sh file22:14
swillnotmyname: i think i was thinking that it should be the keystone tentant in place of the account, but I think it needs to actually be the AUTH_# for the account and not the actual tenant.  i was also trying to do a list as a test, so everything I tried was failing.  :)  I will put objects in the container and do test that way.  thanks...22:14
vidd[i may have missed a push]22:14
maggkiall: thanks a lot mate, that fixed it22:15
*** MarkAt2od has quit IRC22:15
viddKiall, what is the likelyhood your ppa's will work with vanilla debian?22:16
*** ahasenack has quit IRC22:17
maggbut i dont get a happy face for the services on the compute node22:17
viddmagg, check the time sync22:18
jdgvidd:  http://paste.openstack.org/show/3509/22:18
*** krow has quit IRC22:18
maggvidd, u mean ntp?22:19
viddmagg, yeah....make sure the time on both servers sync22:19
*** ejat has quit IRC22:20
uvirtbotNew bug: #893795 in horizon "Flavors throws 500 page instead of graceful 401" [Undecided,New] https://launchpad.net/bugs/89379522:20
viddjdg, can you check your /etc/glance/glance-api.cong and your /etc/glance/glance-registry to verify the admin port is 35357 and not 5001?22:21
*** ejat has joined #openstack22:21
*** ejat has joined #openstack22:21
colividd: what do you mean by vanila debian ? squeeze (aka stable)  ?22:21
viddcoli, yes22:21
*** cdub has quit IRC22:22
*** cdub has joined #openstack22:22
*** dolphm has quit IRC22:22
colividd: afaik squeeze doesn't have openstack in its repositories22:22
viddcoli, there are tons of debian flavors [ie ubuntu]22:22
colividd: debian is just one, there offshots likes ubuntu (very good one)22:23
viddheh i dont know about "good" but i use ubuntu =]22:24
maggvidd: will they sync eventually?22:24
colividd: what I don't like about ubuntu is the worry each time i'm using apt-get upgrade that something will go wrong. Except for one time never had a problem with debian since 2002 when upgrading22:24
jdgvidd:  hmmm... no admin_port22:24
maggdoes it take long?22:24
jdgvidd: auth_port = 3535722:25
Kiallvidd: no idea how likely that they are to work on debian..22:25
KiallThey work on ubuntu oneiric - that is all i have, and all I will be testing (until ubuntu precise comes out)22:25
viddjdg, not "admin _port" .... "auth_port" [my bad]22:25
*** jmckenty has joined #openstack22:26
coliKiall: debian doesn't have openstack in its official repositories for stable version22:26
Kiallall i have tested*22:26
*** jakedahn has quit IRC22:26
jdgAhhh.... wait22:26
jdgSo we don't have DNS so it assign auth_uri to could that be a problem?22:26
Kiallcoli: well, I for one never ever every upgrade a server.. No upgrades ever work IMO...22:26
colikiall: never had any problems with debian :-) even between version22:27
*** oubiwann1 has joined #openstack22:27
viddjdg, there should not be anywhere22:27
KiallIf it takes longer to re-install than is does to upgrade, either your documentation or provision system sucks.22:27
jdgvidd:  Ok, so maybe I could just replace any 127 address with my systems static IP.22:28
viddi took great care to make sure all "default" urls get real IPs fron the server-path22:28
maggalright, this is crazy i get happy faces for the services on the compute node and XXX for the services on the controller node... after nova-manage service list on the compute node and vice versa22:28
colikiall: you are lucky that you are working in small env or without customers ;-)22:28
vidd127.0.0.1 will not work =]22:28
Kiallcoli: lol.. no, I just automate the provisioning of everything.22:28
jdgvidd:  Yeah, sorry... I figured I was going to run into trouble not having a name server22:28
*** oubiwann has quit IRC22:28
*** krow has joined #openstack22:28
jdgSo I guess I'll have to do a find/replace on every conf file for 127's22:29
*** oubiwann1 is now known as oubiwann22:29
coliKiall: I would love to see your provisionging system then :-)22:29
viddjdg server-name or ip is fine and "localhost" BAD22:29
Kiallcoli: puppet to start with ;) But it depends on what you actually maintain...22:29
jasonamorning vidd.22:29
jdgAlright, hitting a meeting.  I'll work on changin all of the conf files when I get back.  Then reboot/restart everything and try again.  :)1;2~22:29
colikial: thinking moving to pupper, using cfengine currently22:30
viddjdg, should just ahve to edit the server-path file and re-run convert_keystone22:30
*** ldlework has quit IRC22:30
jdgpheww... that sounds much better!22:30
Ryan_LaneI'm kind of screwed in the middle of a nova upgrade right now, if anyone has a clue of what my problem is22:30
Kiallnever used cfengine, but puppet is great for getting the base servers + software ready, then its down to custom stuff to deploy your actual apps etc22:30
viddand manually update nova.conf22:31
colikiall: we maintain our systems (that not a problem) and a lot of systems for customers with some realy twisted applications (cusome made by some wierd software houses)22:31
Ryan_Lanenova-manage db version (and therefore sync) is giving me sqlalchemy errors22:31
*** GheRivero has quit IRC22:31
sorenRyan_Lane: pastebin?22:31
swillcoli: I feel your pain.  we host some pretty retarded applications.  haha22:31
Ryan_Lanesoren: sec22:31
*** GheRivero has joined #openstack22:31
jdgBummer... * Restarting web server apache2                                                                                                          apache2: Could not reliably determine the server's fully qualified domain name, using for ServerName ... waiting apache2: Could not reliably determine the server's fully qualified domain name, using for ServerName22:32
swilljdg: apache started anyway didn't it?22:32
viddjdg, my script does not touch that =]22:32
swilljdg: in my local setup, that is only a warning (not a related site though).22:33
Ryan_Lanesoren: http://pastebin.com/n0CSmMJz22:33
sorenjdg: That's normal.22:33
sorenRyan_Lane: Which version of sqlalchemy and migrate do you have?22:33
sorenRyan_Lane: And MySQL, I guess.22:34
Ryan_Lanemigrate: 0.6-4~lucid1; sqlalchemy: 0.6.3-1ubuntu0~lucid122:34
*** redconnection has quit IRC22:35
*** bsza has quit IRC22:35
sorenRyan_Lane: I wouldn't be surprised if that's your problem.22:35
Ryan_Lanewhat versions am I supposed to have?22:35
*** GheRivero has quit IRC22:35
Ryan_Lanethat's the versions in the diablo ppa22:36
*** lmh has quit IRC22:37
*** lmh has joined #openstack22:37
viddsoren, once you start the i...i...i... crap....your lying =]22:37
sorenI would have thought sqlalchemy 0.6.8  and migrate 0.7.1 or something.22:37
*** dirkx_ has quit IRC22:37
sorenvidd: I'm always lying.22:38
*** bryguy has quit IRC22:38
sorenvidd: That's not really true, though.22:38
sorenGo figure.22:38
magghelp: http://pastebin.com/5ewmtF4G22:38
sorenmagg: Install ntp everywhere.22:39
viddthe i...i...i... comment or the "youre always lying"?22:39
*** _rfz has joined #openstack22:39
sorenmagg: Then you win.22:39
sorenvidd: The latter.22:39
maggsoren: i have ntp22:39
sorenmagg: It's not working.22:39
*** redconnection has joined #openstack22:39
Kiallmagg: check the servers time.. they are probably out22:40
*** hadrian_ has joined #openstack22:40
jasonathere seem to be a bunch of nova scripts on github, is there any arbiter that says there's a particular one that works well ?22:40
jasona(for simple demo/dev nova installation)22:40
sorenmagg: Check the time on cloudhq1 and cloudhq2. They're probably ~20 seconds apart.22:40
viddjasona, yes...the ones from Kiall 's ppa22:40
*** bryguy has joined #openstack22:41
jasonavidd: looking, thanks.22:41
sorenmagg: Nah, make that 25 seconds.22:41
viddmy scripts do a nice secure - ish install22:41
*** hadrian has quit IRC22:41
*** hadrian_ is now known as hadrian22:41
jasonai started trying to follow the instructions in the documentation on openstack.org and fell over at just the first step with a manual install :)22:42
jasonanow i'm sad that i spent the time being a redhat person rather than debian person..22:42
magglike 25 sec apart22:42
maggso? how do i sync it22:42
jasonastop ntp. run ntpdate <some server. restart ntp22:43
sorenntpdate to sync them once, ntp to make them stay that way.22:43
* Kiall wonders sometimes.. https://lists.launchpad.net/openstack/msg05610.html22:43
jdgSo if that's normal what about the conf files getting 127's?  Is that ok too?22:43
viddjdg, let me know when your back22:43
jdgvidd:  nice timing22:43
Kialleven for a toy production environment, thats going to suck come upgrade time...22:43
viddheh...your back =]22:43
viddyou do any customization to the nova.conf file?22:44
sorenKiall: That's nothing.22:44
jdgNope, not as of yet at least22:44
sorenKiall: A couple of weeks ago, someone stopped by asking how to upgrade the his install that was based on just a git checkout + python setup.py install.22:45
*** hadrian_ has joined #openstack22:45
koolhead17livemoon it was22:45
* koolhead17 remembers22:45
sorenWas it? You're probably right.22:45
maggthanks guys22:45
maggit worked!22:45
Kiallsoren: thats was probably vidd22:45
viddso you can updtae the server-path file with real info, re-run the convert_keystone script, rerun the nova-preload script to rebuild the nova.conf file22:46
Kiallhe spent a month trying to get "git clone +  python setup.py install" production "ready" ;)22:46
jdgvidd: trouble is server-path has real info in it22:46
*** rsampaio has quit IRC22:46
viddthen your config files should all have real ips22:47
jdgI would agree, but they don't  :(22:47
*** hadrian has quit IRC22:48
*** hadrian_ is now known as hadrian22:48
maggone question: whats the user data field on the dashboard for?22:48
jdgis something trying to do a name lookup on the ip address that I supply?22:48
*** Ryan_Lane has quit IRC22:48
jdgThus doing just like apache with assigning the 127 ip maybe?22:48
*** Ryan_Lane has joined #openstack22:48
viddjdg, the convert_keystone scipt is suppose to change the "" in the glance configs to the $KEYSTONE_HOST_IP22:50
jdgoops  :)22:51
*** hadrian_ has joined #openstack22:51
jdgSo what if I just set keystone_host_ip and rerun?  Maybe that will sort it out?22:51
Kiallvidd: sounds like your scripts are trying to be too smart and failing at it ;)22:51
*** pixelbeat has joined #openstack22:51
jdgkiall:  By the way, I tried your script as well :)22:52
Kiallno joy?22:52
jdgJust kidding... yours are next.  Imaging the system and getting rabbit-mq etc now.22:52
maggi get a nbd15 control failed -3222:52
*** redconnection has quit IRC22:53
*** hadrian has quit IRC22:53
*** hadrian_ is now known as hadrian22:53
viddjdg, does the ./obtain_token script give yiu the auth token?22:53
*** ejat has quit IRC22:54
jdgvidd: yes it does22:54
*** jmckenty has quit IRC22:54
*** lvaughn has quit IRC22:54
vidddoes "glance -A `./obtain_token.sh`index return a blank line?22:55
*** dysinger has quit IRC22:55
*** dysinger has joined #openstack22:56
vidddoes "glance -A `./obtain_token.sh` index" return a blank line?22:56
viddis the "./" required?22:56
jdgstacker@sfstack-38:~/openstack_installer$ sudo glance -A './obtain_toke.sh' index22:56
jdgFailed to show index. Got error:22:56
jdgUnable to connect to server. Got error: [Errno 111] ECONNREFUSED22:57
*** jakedahn has joined #openstack22:57
viddok...so there is some issue in the glance-registry and/or glance-api22:57
*** magg has quit IRC22:58
viddmake sure both have real ips in the config files22:58
*** hggdh has quit IRC22:58
viddand the auth port is correct [not 5001]22:58
*** krow has quit IRC22:58
jdgauth_port looks good, I'll replace the 127 ips in the config files22:59
*** dolphm has joined #openstack22:59
viddonce you do, put service glance-api restart23:01
vidd; sleep 223:01
vidd ;service glance-registry restart23:01
*** magg has joined #openstack23:02
*** dysinger has quit IRC23:03
*** dysinger has joined #openstack23:03
*** koolhead17 is now known as koolhead17|zzZZ23:04
*** dysinger has quit IRC23:04
*** dysinger has joined #openstack23:05
*** TheOsprey has quit IRC23:05
jdgvidd:  much closer!23:05
vidddoes "glance -A `./obtain_token.sh` index" return a blank line now?23:06
jdgNow the only place I'm seeing an error in under images "Unable to connect to server. Got err:[Errno 111] ECONNREFUSED"23:06
maggi get a nbd15 control failed -32 when i try to create an instance23:06
*** cp16net has quit IRC23:07
*** imsplitbit has quit IRC23:07
Kiallmagg: its harmless23:07
*** dysinger has quit IRC23:08
*** dysinger has joined #openstack23:08
*** magg has quit IRC23:08
*** sandywalsh_ has quit IRC23:09
*** sandywalsh has quit IRC23:09
*** catintheroof has quit IRC23:09
*** cereal_bars has quit IRC23:10
*** andrewbogott has quit IRC23:10
*** krow has joined #openstack23:11
*** koolhead17|zzZZ has quit IRC23:11
Ryan_Laneah. figured it out23:11
Ryan_Lanethe version of mysql I'm using has a default characterset of binary23:11
*** dysinger has quit IRC23:11
viddRyan_Lane, glad to hear....what did you do?23:11
jdgglance-registry.conf is missing a 'pipeline' setting ???23:12
*** dysinger has joined #openstack23:12
Ryan_LaneI added this to my sql_connection flag: ?charset=latin123:12
*** sg has joined #openstack23:12
Ryan_Lanesince everything else is latin123:12
sgcan someone explain to me -what- openstack is?23:12
*** jakedahn has quit IRC23:12
colisg: "evil witch"23:13
Ryan_Lanethis likely has to do with the fact that I'm using the "facebook" version of mysql23:13
viddRyan_Lane, can you open a bug against the docs to have that but in?23:13
Ryan_Laneand how we have it configured for mediawiki23:13
viddcoli, that is my line23:13
Ryan_LaneI think this is very likely specific to us23:13
colividd: that's why I have quoted it ;-)23:14
Ryan_LaneI'll make sure things are actually working before I bother adding it to the docs ;)23:14
viddRyan_Lane, that "may" be true...but if it affects one, it is likely to affect others23:14
sgcoli: huh?23:14
*** zul has quit IRC23:15
jdgvidd:  Should I have an entry for pipeline:glance-registry ?23:15
swillchmouel: notmyname: I have gotten ACL to work using the keystone 'role' as the --read-acl and --write-acl parameter in the swift call using swift_auth.  Thanks for all the help...  chmouel, let me know when you have patches to test, my setup allows me to test patches easily...23:16
notmynameswill: great to hear23:16
viddthe glance files have the right pipelines...they just need to be enabled23:16
Ryan_Lanehmm. that worked for nova-manage, but doesn't work for some of the nova services :(23:17
swilli should blog some of the things i figure out.  :)23:17
*** jseutter has quit IRC23:18
*** hggdh has joined #openstack23:19
*** zul has joined #openstack23:19
*** _diana_ has quit IRC23:21
viddjdg, how is it going now?23:21
jdgStill getting that ECONNREFUSED error.23:22
viddcan you run that index command?23:23
jdgThat's the command that is giving me the error23:23
jdgIt's in the dashboard and when I run this index command as well.23:23
*** rnirmal has quit IRC23:24
jdgTried restarting glance-api and glance-registry again.  Let me check and make sure there's no 127 IP's hiding around still.23:24
jdgNope... none in /etc/glance/ anyway.23:25
viddok....is you user added to keystone?23:25
Kiallumm .. ECONNREFUSED has nothing to do with users being in keystone IMHO ;)23:26
jdgAhh... no23:26
jdgThe user I'm logging into the dashboard with is not in the DB Keystone/users23:26
jdgNever mind23:27
Kiallanyway - im off.. cyas23:28
*** MarkAtwood has quit IRC23:28
viddlog out of dashboard restatr keystone and apache23:31
viddnow run the index command23:32
jdgDang it.. same thing.23:32
viddi dont understand =\23:33
Kiallvidd: you're clutching at straws ;) the glance command doesnt touch dashboard or apache ;)23:33
jdgThen we're really in trouble23:33
Kiallanyway - as I said .. im off.. cyas23:33
*** hingo has quit IRC23:33
colijdg: tcpdump is your friend at first encounter with ECONNREFUSED, go back to basics.23:33
*** dysinger has quit IRC23:33
colikiall: see you later23:34
*** MarkAtwood has joined #openstack23:34
viddKiall, but dashboard (which is also having issues) does23:34
jdgcoli:  good suggestion, I'll have to google tcpdump and figure out how to use it.  I'm not a networking guy23:35
colijdg: it sysadmin tool :-)23:35
*** code_franco has quit IRC23:35
colitcpdump -n -i <interface>23:35
*** tylesmit has left #openstack23:35
*** lionel has quit IRC23:35
colimost basic use if you have little traffic, if little traffic but connected via ssh then:23:35
*** lionel has joined #openstack23:36
colitcpdump -n -i <interface> not port 2223:36
*** jseutter has joined #openstack23:36
jdgcoli: hmm, not seeing much interesting other than ack/seq entries23:38
colijdg: keystone and glance on two different machines ?23:39
jdgcoli: nope, same machine23:39
colijdg: different ip for each ?23:40
jdgNope, same IP23:40
*** redconnection has joined #openstack23:41
colijdg: what OS ? ubuntu ?23:43
*** fifieldt has joined #openstack23:44
*** MarkAtwood has quit IRC23:44
jdgUbuntu 11.1023:46
jdgvidd: server-path and nova-settings on pastebin:  http://paste.openstack.org/show/3511/23:48
*** rnorwood has quit IRC23:48
*** nyeates has quit IRC23:49
colijdg: then did you try: tcpdump -n -i lo ?23:49
colirun it and then try to make glance connect23:49
jdgYes, I'll try it again.  Didn't see anything interesting though23:49
viddjdg, #--keystone_ec2_url=
viddlooks like the convert_keystone script never ran23:50
*** stanchan has joined #openstack23:50
jdgAhh crap23:50
vidduncomment that line23:50
jdgI checked that in /etc/ files ont the script23:50
jdgvidd: ok, now run keystone_setup.sh again?23:51
viddrestart all services and you should be good23:52
jdgOh.. ok23:52
jdgDoes order matter?23:52
colijdg: if you haven't seen anything interesting then glance is not connecting over lo to keystone ;-)23:53
viddthe restart services23:53
colijdg: so at least you know that the issue is with glance for sure.23:53
jdgOh, thanks!  Didn't notice that handy gem23:53
jdgStill get ECONNREFUSED in Dashboard/Images23:54
viddwe want the CLI to work first23:55
jdgOk, the index command as well23:55
jdgstacker@sfstack-38:~/openstack_installer$ sudo glance -A './obtain_token.sh' index23:55
jdgFailed to show index. Got error:23:55
jdgUnable to connect to server. Got error: [Errno 111] ECONNREFUSED23:55
*** guaqua2` has quit IRC23:56
*** guaqua2` has joined #openstack23:56
viddrun the convert_keystone script23:56
viddwe have to be missing something23:56
jdgOk... hold on, bunch o'stuff to look through23:57
*** MarkAtwood has joined #openstack23:57
*** nerens has quit IRC23:57
jdgERROR: Error trying to load config /etc/glance/glance-registry.conf: The [pipeline:glance-registry] section in /etc/glance/glance-registry.conf is missing a 'pipeline' setting23:57
jdgUh oh, there are a few errors in here23:58
jdg"Duplicate entry 'sfproject' for key 'name'23:58
viddcancel the run23:59
jdgIt already finished23:59
jdgSo I've got a few of these "Duplicate entry" errors listed here23:59

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!