From matt at mattfischer.com Wed Jul 1 00:22:35 2015 From: matt at mattfischer.com (Matt Fischer) Date: Tue, 30 Jun 2015 18:22:35 -0600 Subject: [Openstack-operators] Scaling the Ops Meetup In-Reply-To: <5CBE1E1A-FF56-486C-BB8C-EA79C3BF3DA1@workday.com> References: <55921C03.5060303@openstack.org> <5CBE1E1A-FF56-486C-BB8C-EA79C3BF3DA1@workday.com> Message-ID: I strongly disagree with a quota system. If for nothing else then that there's no fair way to do it. But more importantly this is a community, not a Senate meeting and all contributors should be welcome. How would you explain to someone who regularly contributes that they cannot attend due to a quota? On Jun 30, 2015 5:48 PM, "Edgar Magana" wrote: > Tom, > > In my opinion, we should not have booths at all. Actually, we should just > only have Operators attending this meetup with a limit of three attendees > by company. During the Philadelphia one I noticed that many of the > attendees where from the same company and I do not believe those companies > need to send so many people. > > About the vendors, they have their opportunity during the OpenStack > Summit, let?s just keep it that way. > > Operators meetup should be a space were we can share best practices, > issues, concerns and anything that we consider sharable with the rest of > the community. It should not be a space for vendors to collect information > about details of what we are deploying and how we are doing it. Let?s try > to build a safe space to share all this important knowledge. > > I also wanted to bring to your attention that during the summit the > attendance was lower that in the mid-cycle one (Philadelphia). Probably > because there are so many things running in parallel that people just need > to decide between very important sessions. So, does it make sense to have > four Operators meetups along the year? Maybe not! > What about just having the mid-cycle ones? > > Thanks, > > Edgar > > > > > On 6/29/15, 9:33 PM, "Tom Fifield" wrote: > > >Hi all, > > > >Right now, behind-the-scenes, we're working on getting a venue for next > >ops mid-cycle. It's taking a little longer than normal, but rest assured > >it is happening. > > > >Why is it so difficult? As you may have noticed, we're reaching the size > >of event where both physically and financially, only the largest > >organisations can host us. > > > >We thought we might get away with organising this one old-school with a > >single host and sponsor. Then, for the next, start a brainstorming > >discussion with you about how we scale these events into the future - > >since once we get up and beyond a few hundred people, we're looking at > >having to hire a venue as well as make some changes to the format of the > >event. > > > >However, it seems that even this might be too late. We already had a > >company that proposed to host the meetup at a west coast US hotel > >instead of their place, and wanted to scope out other companies to > >sponsor food. > > > >This would be a change in the model, so let's commence the discussion of > >how we want to scale this event :) > > > >So far I've heard things like: > >* "my $CORPORATE_BENEFACTOR would be fine to share sponsorship with > others" > >* "I really don't want to get to the point where we want booths at the > >ops meetup" > > > >Which are promising! It seems like we have a shared understanding of > >what to take this forward with. > > > >So, as the ops meetup grows - what would it look like for you? > > > >How do you think we can manage the venue selection and financial side of > >things? What about the session layout and the scheduling with the > >growing numbers of attendees? > > > >Current data can be found at > >https://wiki.openstack.org/wiki/Operations/Meetups#Venue_Selection . > > > >I would also be interested in your thoughts about how these events have > >only been in a limited geographical area so far, and how we can address > >that issue. > > > > > >Regards, > > > > > >Tom > > > > > > > >_______________________________________________ > >OpenStack-operators mailing list > >OpenStack-operators at lists.openstack.org > >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > -------------- next part -------------- An HTML attachment was scrubbed... URL: From subbu at subbu.org Wed Jul 1 00:34:30 2015 From: subbu at subbu.org (Subbu Allamaraju) Date: Tue, 30 Jun 2015 17:34:30 -0700 Subject: [Openstack-operators] Scaling the Ops Meetup In-Reply-To: <5CBE1E1A-FF56-486C-BB8C-EA79C3BF3DA1@workday.com> References: <55921C03.5060303@openstack.org> <5CBE1E1A-FF56-486C-BB8C-EA79C3BF3DA1@workday.com> Message-ID: Edgar, > I also wanted to bring to your attention that during the summit the attendance was lower that in the mid-cycle one (Philadelphia). Probably because there are so many things running in parallel that people just need to decide between very important sessions. So, does it make sense to have four Operators meetups along the year? Maybe not! > What about just having the mid-cycle ones? Having built and invested several operational products/glue to run OpenStack at scale, my ideal scenario is that operational features become part of OpenStack projects, discussed along side regular non-operational features at the summit. Unfortunately, this style of convergence is not happening yet due to the lag between what dev-side is building and what operators are running (55% operators running >12 months old code). Nonetheless I think such a convergence is extremely important for long-term viability of OpenStack and the operator community. Though not related to the subject of this thread, I just want to leave this thought on how the operators? activities in the community should evolve. Thanks Subbu From klindgren at godaddy.com Wed Jul 1 00:35:37 2015 From: klindgren at godaddy.com (Kris G. Lindgren) Date: Wed, 1 Jul 2015 00:35:37 +0000 Subject: [Openstack-operators] Scaling the Ops Meetup In-Reply-To: References: <55921C03.5060303@openstack.org> <5CBE1E1A-FF56-486C-BB8C-EA79C3BF3DA1@workday.com> Message-ID: +1 (we had 2 people at the mid-cycle last time, so we would not have been impacted by this) When there are multiple 4+ breakout sessions going on at the same time and they are all (hopefully) relevant to you/your company? I would agree that if someone had 20+ people from a single company going, that the return on investment would be diminished, but I am not sure that should be something that should enforced by the foundation. ____________________________________________ Kris Lindgren Senior Linux Systems Engineer GoDaddy, LLC. From: Matt Fischer > Date: Tuesday, June 30, 2015 at 6:22 PM To: Edgar Magana > Cc: OpenStack Operators > Subject: Re: [Openstack-operators] Scaling the Ops Meetup I strongly disagree with a quota system. If for nothing else then that there's no fair way to do it. But more importantly this is a community, not a Senate meeting and all contributors should be welcome. How would you explain to someone who regularly contributes that they cannot attend due to a quota? On Jun 30, 2015 5:48 PM, "Edgar Magana" > wrote: Tom, In my opinion, we should not have booths at all. Actually, we should just only have Operators attending this meetup with a limit of three attendees by company. During the Philadelphia one I noticed that many of the attendees where from the same company and I do not believe those companies need to send so many people. About the vendors, they have their opportunity during the OpenStack Summit, let's just keep it that way. Operators meetup should be a space were we can share best practices, issues, concerns and anything that we consider sharable with the rest of the community. It should not be a space for vendors to collect information about details of what we are deploying and how we are doing it. Let's try to build a safe space to share all this important knowledge. I also wanted to bring to your attention that during the summit the attendance was lower that in the mid-cycle one (Philadelphia). Probably because there are so many things running in parallel that people just need to decide between very important sessions. So, does it make sense to have four Operators meetups along the year? Maybe not! What about just having the mid-cycle ones? Thanks, Edgar On 6/29/15, 9:33 PM, "Tom Fifield" > wrote: >Hi all, > >Right now, behind-the-scenes, we're working on getting a venue for next >ops mid-cycle. It's taking a little longer than normal, but rest assured >it is happening. > >Why is it so difficult? As you may have noticed, we're reaching the size >of event where both physically and financially, only the largest >organisations can host us. > >We thought we might get away with organising this one old-school with a >single host and sponsor. Then, for the next, start a brainstorming >discussion with you about how we scale these events into the future - >since once we get up and beyond a few hundred people, we're looking at >having to hire a venue as well as make some changes to the format of the >event. > >However, it seems that even this might be too late. We already had a >company that proposed to host the meetup at a west coast US hotel >instead of their place, and wanted to scope out other companies to >sponsor food. > >This would be a change in the model, so let's commence the discussion of >how we want to scale this event :) > >So far I've heard things like: >* "my $CORPORATE_BENEFACTOR would be fine to share sponsorship with others" >* "I really don't want to get to the point where we want booths at the >ops meetup" > >Which are promising! It seems like we have a shared understanding of >what to take this forward with. > >So, as the ops meetup grows - what would it look like for you? > >How do you think we can manage the venue selection and financial side of >things? What about the session layout and the scheduling with the >growing numbers of attendees? > >Current data can be found at >https://wiki.openstack.org/wiki/Operations/Meetups#Venue_Selection . > >I would also be interested in your thoughts about how these events have >only been in a limited geographical area so far, and how we can address >that issue. > > >Regards, > > >Tom > > > >_______________________________________________ >OpenStack-operators mailing list >OpenStack-operators at lists.openstack.org >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators _______________________________________________ OpenStack-operators mailing list OpenStack-operators at lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -------------- next part -------------- An HTML attachment was scrubbed... URL: From edgar.magana at workday.com Wed Jul 1 00:45:29 2015 From: edgar.magana at workday.com (Edgar Magana) Date: Wed, 1 Jul 2015 00:45:29 +0000 Subject: [Openstack-operators] Scaling the Ops Meetup In-Reply-To: References: <55921C03.5060303@openstack.org> <5CBE1E1A-FF56-486C-BB8C-EA79C3BF3DA1@workday.com> Message-ID: <922104AA-8B95-4B89-A991-003817587BF1@workday.com> Matt, I do understand your concerns and believe me when I said that by no means I am suggesting to not let people be part of this meet-up. Probably the best way to deal with oversubscription by the same company is at the OpenStack board level. Asking them to spread the word to the OpenStack Community (Operators, Vendors, Users, etc) to not send an army to this meet-ups but just the people that they need in order to cover all sessions and activities. Cheers, Edgar From: > on behalf of Matt Fischer Date: Tuesday, June 30, 2015 at 5:22 PM To: Edgar Magana Cc: Tom Fifield, OpenStack Operators Subject: Re: [Openstack-operators] Scaling the Ops Meetup I strongly disagree with a quota system. If for nothing else then that there's no fair way to do it. But more importantly this is a community, not a Senate meeting and all contributors should be welcome. How would you explain to someone who regularly contributes that they cannot attend due to a quota? On Jun 30, 2015 5:48 PM, "Edgar Magana" > wrote: Tom, In my opinion, we should not have booths at all. Actually, we should just only have Operators attending this meetup with a limit of three attendees by company. During the Philadelphia one I noticed that many of the attendees where from the same company and I do not believe those companies need to send so many people. About the vendors, they have their opportunity during the OpenStack Summit, let?s just keep it that way. Operators meetup should be a space were we can share best practices, issues, concerns and anything that we consider sharable with the rest of the community. It should not be a space for vendors to collect information about details of what we are deploying and how we are doing it. Let?s try to build a safe space to share all this important knowledge. I also wanted to bring to your attention that during the summit the attendance was lower that in the mid-cycle one (Philadelphia). Probably because there are so many things running in parallel that people just need to decide between very important sessions. So, does it make sense to have four Operators meetups along the year? Maybe not! What about just having the mid-cycle ones? Thanks, Edgar On 6/29/15, 9:33 PM, "Tom Fifield" > wrote: >Hi all, > >Right now, behind-the-scenes, we're working on getting a venue for next >ops mid-cycle. It's taking a little longer than normal, but rest assured >it is happening. > >Why is it so difficult? As you may have noticed, we're reaching the size >of event where both physically and financially, only the largest >organisations can host us. > >We thought we might get away with organising this one old-school with a >single host and sponsor. Then, for the next, start a brainstorming >discussion with you about how we scale these events into the future - >since once we get up and beyond a few hundred people, we're looking at >having to hire a venue as well as make some changes to the format of the >event. > >However, it seems that even this might be too late. We already had a >company that proposed to host the meetup at a west coast US hotel >instead of their place, and wanted to scope out other companies to >sponsor food. > >This would be a change in the model, so let's commence the discussion of >how we want to scale this event :) > >So far I've heard things like: >* "my $CORPORATE_BENEFACTOR would be fine to share sponsorship with others" >* "I really don't want to get to the point where we want booths at the >ops meetup" > >Which are promising! It seems like we have a shared understanding of >what to take this forward with. > >So, as the ops meetup grows - what would it look like for you? > >How do you think we can manage the venue selection and financial side of >things? What about the session layout and the scheduling with the >growing numbers of attendees? > >Current data can be found at >https://wiki.openstack.org/wiki/Operations/Meetups#Venue_Selection . > >I would also be interested in your thoughts about how these events have >only been in a limited geographical area so far, and how we can address >that issue. > > >Regards, > > >Tom > > > >_______________________________________________ >OpenStack-operators mailing list >OpenStack-operators at lists.openstack.org >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators _______________________________________________ OpenStack-operators mailing list OpenStack-operators at lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at mattfischer.com Wed Jul 1 03:15:14 2015 From: matt at mattfischer.com (Matt Fischer) Date: Tue, 30 Jun 2015 21:15:14 -0600 Subject: [Openstack-operators] [puppet] OpenStack Puppet Modules Usage Questions In-Reply-To: <5591727A.5090202@raseley.com> References: <557F63CD.8000404@raseley.com> <5591727A.5090202@raseley.com> Message-ID: We've been discussing this for 3 months now, so my vote is "soon". Can we make the Puppet Labs ML have an auto-responder that redirects people? On Mon, Jun 29, 2015 at 10:29 AM, Richard Raseley wrote: > Matt Fischer wrote: > >> This was my action from the puppet meeting this week, so here's my >> follow-up: >> >> I discussed this with Tom Fifield. He has no objections to us using the >> operators list like that and in >> addition he has enabled tags with a new topic called [puppet] so that >> folks could sub/ignore it. >> > > Matt, > > Thank you for taking care of that. > > Thoughts on what the appropriate deprecation period / process is for the > puppet-openstack list (assuming an transition into a RO mode)? > > Regards, > > Richard > > -- > > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-openstack+unsubscribe at puppetlabs.com. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From comnea.dani at gmail.com Wed Jul 1 06:34:58 2015 From: comnea.dani at gmail.com (Daniel Comnea) Date: Wed, 1 Jul 2015 07:34:58 +0100 Subject: [Openstack-operators] [openstack-dev][openstack-operators][neutron[dhcp][dnsmask]: duplicate entries in addn_hosts causing no IP allocation In-Reply-To: References: Message-ID: Hi, sorry for no feedback, i've been doing more and more test and after enabled the dnsmasq log i found the error which i'm not longer sure if is related to having duplicated entries dnsmasq-dhcp[21231]: 0 DHCPRELEASE(tap8ecf66b6-72) 192.168.111.24 fa:16:3e:72:04:82 unknown lease Looking around it seems i'm hitting this bug [1] but not clear from the description what was the problem on dnsmasp 2.59 (which comes wiht Fuel 5.1) Any ideas? Cheers, Dani [1] https://bugs.launchpad.net/neutron/+bug/1271344 On Wed, Jun 10, 2015 at 7:13 AM, Daniel Comnea wrote: > Thanks a bunch Kevin! > > I'll try this patch and report back. > > Dani > > > On Tue, Jun 9, 2015 at 2:50 AM, Kevin Benton wrote: > >> Hi Daniel, >> >> I'm concerned that we are encountered out-of-order port events on the >> DHCP agent side so the delete message is processed before the create >> message. Would you be willing to apply a small patch to your dhcp agent to >> see if it fixes the issue? >> >> If it does fix the issue, you should see occasional warnings in the DHCP >> agent log that show "Received message for port that was already deleted". >> If it doesn't fix the issue, we may be losing the delete event entirely. If >> that's the case, it would be great if you can enable debuging on the agent >> and upload a log of a run when it happens. >> >> Cheers, >> Kevin Benton >> >> Here is the patch: >> >> diff --git a/neutron/agent/dhcp_agent.py b/neutron/agent/dhcp_agent.py >> index 71c9709..9b9b637 100644 >> --- a/neutron/agent/dhcp_agent.py >> +++ b/neutron/agent/dhcp_agent.py >> @@ -71,6 +71,7 @@ class DhcpAgent(manager.Manager): >> self.needs_resync = False >> self.conf = cfg.CONF >> self.cache = NetworkCache() >> + self.deleted_ports = set() >> self.root_helper = config.get_root_helper(self.conf) >> self.dhcp_driver_cls = >> importutils.import_class(self.conf.dhcp_driver) >> ctx = context.get_admin_context_without_session() >> @@ -151,6 +152,7 @@ class DhcpAgent(manager.Manager): >> LOG.info(_('Synchronizing state')) >> pool = eventlet.GreenPool(cfg.CONF.num_sync_threads) >> known_network_ids = set(self.cache.get_network_ids()) >> + self.deleted_ports = set() >> >> try: >> active_networks = self.plugin_rpc.get_active_networks_info() >> @@ -302,6 +304,10 @@ class DhcpAgent(manager.Manager): >> @utils.synchronized('dhcp-agent') >> def port_update_end(self, context, payload): >> """Handle the port.update.end notification event.""" >> + if payload['port']['id'] in self.deleted_ports: >> + LOG.warning(_("Received message for port that was " >> + "already deleted: %s"), payload['port']['id']) >> + return >> updated_port = dhcp.DictModel(payload['port']) >> network = self.cache.get_network_by_id(updated_port.network_id) >> if network: >> @@ -315,6 +321,7 @@ class DhcpAgent(manager.Manager): >> def port_delete_end(self, context, payload): >> """Handle the port.delete.end notification event.""" >> port = self.cache.get_port_by_id(payload['port_id']) >> + self.deleted_ports.add(payload['port_id']) >> if port: >> network = self.cache.get_network_by_id(port.network_id) >> self.cache.remove_port(port) >> >> >> >> >> >> >> >> >> On Mon, Jun 8, 2015 at 8:26 AM, Daniel Comnea >> wrote: >> >>> Any help, ideas please? >>> >>> Thx, >>> Dani >>> >>> On Mon, Jun 8, 2015 at 9:25 AM, Daniel Comnea >>> wrote: >>> >>>> + Operators >>>> >>>> Much thanks in advance, >>>> Dani >>>> >>>> >>>> >>>> >>>> On Sun, Jun 7, 2015 at 6:31 PM, Daniel Comnea >>>> wrote: >>>> >>>>> Hi all, >>>>> >>>>> I'm running IceHouse (build using Fuel 5.1.1) on Ubuntu where dnsmask >>>>> version 2.59-4. >>>>> I have a very basic network layout where i have a private net which >>>>> has 2 subnets >>>>> >>>>> 2fb7de9d-d6df-481f-acca-2f7860cffa60 | private-net >>>>> | e79c3477-d3e5-471c-a728-8d881cf31bee >>>>> 192.168.110.0/24 | >>>>> | >>>>> | | >>>>> f48c3223-8507-455c-9c13-8b727ea5f441 192.168.111.0/24 | >>>>> >>>>> and i'm creating VMs via HEAT. >>>>> What is happening is that sometimes i get duplicated entries in [1] >>>>> and because of that the VM which was spun up doesn't get an ip. >>>>> The Dnsmask processes are running okay [2] and i can't see anything >>>>> special/ wrong in it. >>>>> >>>>> Any idea why this is happening? Or are you aware of any bugs around >>>>> this area? Do you see a problems with having 2 subnets mapped to 1 >>>>> private-net? >>>>> >>>>> >>>>> >>>>> Thanks, >>>>> Dani >>>>> >>>>> [1] >>>>> /var/lib/neutron/dhcp/2fb7de9d-d6df-481f-acca-2f7860cffa60/addn_hosts >>>>> [2] >>>>> >>>>> nobody 5664 1 0 Jun02 ? 00:00:08 dnsmasq --no-hosts >>>>> --no-resolv --strict-order --bind-interfaces --interface=tapc9164734-0c >>>>> --except-interface=lo >>>>> --pid-file=/var/lib/neutron/dhcp/2fb7de9d-d6df-481f-acca-2f7860cffa60/pid >>>>> --dhcp-hostsfile=/var/lib/neutron/dhcp/2fb7de9d-d6df-481f-acca-2f7860cffa60/host >>>>> --addn-hosts=/var/lib/neutron/dhcp/2fb7de9d-d6df-481f-acca-2f7860cffa60/addn_hosts >>>>> --dhcp-optsfile=/var/lib/neutron/dhcp/2fb7de9d-d6df-481f-acca-2f7860cffa60/opts >>>>> --leasefile-ro --dhcp-authoritative >>>>> --dhcp-range=set:tag0,192.168.110.0,static,86400s >>>>> --dhcp-range=set:tag1,192.168.111.0,static,86400s --dhcp-lease-max=512 >>>>> --conf-file= --server=10.0.0.31 --server=10.0.0.32 --domain=openstacklocal >>>>> >>>>> >>>> >>> >>> _______________________________________________ >>> OpenStack-operators mailing list >>> OpenStack-operators at lists.openstack.org >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >>> >>> >> >> >> -- >> Kevin Benton >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tom at openstack.org Wed Jul 1 07:29:09 2015 From: tom at openstack.org (Tom Fifield) Date: Wed, 01 Jul 2015 15:29:09 +0800 Subject: [Openstack-operators] Scaling the Ops Meetup In-Reply-To: <55921C03.5060303@openstack.org> References: <55921C03.5060303@openstack.org> Message-ID: <559396C5.3080104@openstack.org> Team, It's great to see so much passion! :) Here's an attempt at a summary email. I'll wait until a later email to wade into the discussion myself ;) Feel free to jump in on any point. =Things we tend to agree on= "Spirit of the event" * The response most people had in common was that they didn't want to see vendor booths :) Several others noted the importance that the event should remain accessible and ensure there were no barriers to attendance, space for networking with others and sharing information about deployments without fear of vendor harassment. Multiple Sponsors * are OK, but they are more like underwriters who should be OK with only modest acknowledgement (see previous: no booths). Preference for operator sponsors. Several ways to recognise them possible. Current Schedule Format * It appeared like the current format is working well in general, but could do with minor tweaks. =Things still under discussion= Sell Tickets * Many people agreed that some moderate form of ticketing could be OK, but the question remains to what extent this should be priced ("low fee"? $100-200? "cover costs"?). A strong counterpoint was that paid ticketing makes it less accessible (see "spirit"), prevents some local attendance, and is unfair to smaller operators, though others noted that it may be the only practical way to raise funds in the future. Break into Regional Events * A number of viewpoints, ranging from "multiple regional events" to "one event only [maybe with a travel fund]" to "one event that moves around [maybe even outside USA]" to "make it in the centre of USA for easier travel on average". Capping Numbers (inc. Limit Attendees per Company) * A lot of disagreement here. Many argued that any kind of cap or barrier to entry detracts from the accessibility of the event. Others put forth that too few restrictions could dilute the ops-heavy attendee base, and implied that large companies might send too many people. Multiple Tracks * To help deal with room size, we could split into multiple tracks. The ideal number of tracks is not clear at this stage. Evening Event * Several people said they found the PHL evening event uncomfortably packed, and suggested cancelling it on this basis, or on the basis of cost. Suggested alternate was posting a list of nearby venues. Lightening Talks * Have lightening talks, perhaps by renaming "show and tell". More of them? Arranged differently? Unclear. =Ideas= * Video Recording - Might be worth a shot, starting small. * Travel Fund, Scholarship Fund, Slush Fund * Use Universities during the summer break for venues =Open Questions= * How will the number of attendees grow? * What are the costs involved in hosting one of these events? * Stuff about the summit - probably need a different thread for this Regards, Tom On 30/06/15 12:33, Tom Fifield wrote: > Hi all, > > Right now, behind-the-scenes, we're working on getting a venue for next > ops mid-cycle. It's taking a little longer than normal, but rest assured > it is happening. > > Why is it so difficult? As you may have noticed, we're reaching the size > of event where both physically and financially, only the largest > organisations can host us. > > We thought we might get away with organising this one old-school with a > single host and sponsor. Then, for the next, start a brainstorming > discussion with you about how we scale these events into the future - > since once we get up and beyond a few hundred people, we're looking at > having to hire a venue as well as make some changes to the format of the > event. > > However, it seems that even this might be too late. We already had a > company that proposed to host the meetup at a west coast US hotel > instead of their place, and wanted to scope out other companies to > sponsor food. > > This would be a change in the model, so let's commence the discussion of > how we want to scale this event :) > > So far I've heard things like: > * "my $CORPORATE_BENEFACTOR would be fine to share sponsorship with others" > * "I really don't want to get to the point where we want booths at the > ops meetup" > > Which are promising! It seems like we have a shared understanding of > what to take this forward with. > > So, as the ops meetup grows - what would it look like for you? > > How do you think we can manage the venue selection and financial side of > things? What about the session layout and the scheduling with the > growing numbers of attendees? > > Current data can be found at > https://wiki.openstack.org/wiki/Operations/Meetups#Venue_Selection . > > I would also be interested in your thoughts about how these events have > only been in a limited geographical area so far, and how we can address > that issue. > > > Regards, > > > Tom > > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > From Neil.Jerram at metaswitch.com Wed Jul 1 08:23:38 2015 From: Neil.Jerram at metaswitch.com (Neil Jerram) Date: Wed, 1 Jul 2015 09:23:38 +0100 Subject: [Openstack-operators] [openstack-dev] [openstack-operators][neutron[dhcp][dnsmask]: duplicate entries in addn_hosts causing no IP allocation In-Reply-To: References: Message-ID: <5593A38A.7060507@metaswitch.com> Well, the bug discussion seems to point specifically to this dnsmasq fix: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=9380ba70d67db6b69f817d8e318de5ba1e990b12 Neil On 01/07/15 07:34, Daniel Comnea wrote: > Hi, > > sorry for no feedback, i've been doing more and more test and after > enabled the dnsmasq log i found the error which i'm not longer sure if > is related to having duplicated entries > > dnsmasq-dhcp[21231]: 0 DHCPRELEASE(tap8ecf66b6-72) 192.168.111.24 > fa:16:3e:72:04:82 unknown lease > > Looking around it seems i'm hitting this bug [1] but not clear from the > description what was the problem on dnsmasp 2.59 (which comes wiht Fuel 5.1) > > Any ideas? > > Cheers, > Dani > > [1] https://bugs.launchpad.net/neutron/+bug/1271344 > > On Wed, Jun 10, 2015 at 7:13 AM, Daniel Comnea > wrote: > > Thanks a bunch Kevin! > > I'll try this patch and report back. > > Dani > > > On Tue, Jun 9, 2015 at 2:50 AM, Kevin Benton > wrote: > > Hi Daniel, > > I'm concerned that we are encountered out-of-order port events > on the DHCP agent side so the delete message is processed before > the create message. Would you be willing to apply a small patch > to your dhcp agent to see if it fixes the issue? > > If it does fix the issue, you should see occasional warnings in > the DHCP agent log that show "Received message for port that was > already deleted". If it doesn't fix the issue, we may be losing > the delete event entirely. If that's the case, it would be great > if you can enable debuging on the agent and upload a log of a > run when it happens. > > Cheers, > Kevin Benton > > Here is the patch: > > diff --git a/neutron/agent/dhcp_agent.py > b/neutron/agent/dhcp_agent.py > index 71c9709..9b9b637 100644 > --- a/neutron/agent/dhcp_agent.py > +++ b/neutron/agent/dhcp_agent.py > @@ -71,6 +71,7 @@ class DhcpAgent(manager.Manager): > self.needs_resync = False > self.conf = cfg.CONF > self.cache = NetworkCache() > + self.deleted_ports = set() > self.root_helper = config.get_root_helper(self.conf) > self.dhcp_driver_cls = > importutils.import_class(self.conf.dhcp_driver) > ctx = context.get_admin_context_without_session() > @@ -151,6 +152,7 @@ class DhcpAgent(manager.Manager): > LOG.info(_('Synchronizing state')) > pool = eventlet.GreenPool(cfg.CONF.num_sync_threads) > known_network_ids = set(self.cache.get_network_ids()) > + self.deleted_ports = set() > > try: > active_networks = > self.plugin_rpc.get_active_networks_info() > @@ -302,6 +304,10 @@ class DhcpAgent(manager.Manager): > @utils.synchronized('dhcp-agent') > def port_update_end(self, context, payload): > """Handle the port.update.end notification event.""" > + if payload['port']['id'] in self.deleted_ports: > + LOG.warning(_("Received message for port that was " > + "already deleted: %s"), > payload['port']['id']) > + return > updated_port = dhcp.DictModel(payload['port']) > network = > self.cache.get_network_by_id(updated_port.network_id) > if network: > @@ -315,6 +321,7 @@ class DhcpAgent(manager.Manager): > def port_delete_end(self, context, payload): > """Handle the port.delete.end notification event.""" > port = self.cache.get_port_by_id(payload['port_id']) > + self.deleted_ports.add(payload['port_id']) > if port: > network = > self.cache.get_network_by_id(port.network_id) > self.cache.remove_port(port) > > > > > > > > > On Mon, Jun 8, 2015 at 8:26 AM, Daniel Comnea > > wrote: > > Any help, ideas please? > > Thx, > Dani > > On Mon, Jun 8, 2015 at 9:25 AM, Daniel Comnea > > wrote: > > + Operators > > Much thanks in advance, > Dani > > > > > On Sun, Jun 7, 2015 at 6:31 PM, Daniel Comnea > > > wrote: > > Hi all, > > I'm running IceHouse (build using Fuel 5.1.1) on > Ubuntu where dnsmask version 2.59-4. > I have a very basic network layout where i have a > private net which has 2 subnets > > 2fb7de9d-d6df-481f-acca-2f7860cffa60 | > private-net | > e79c3477-d3e5-471c-a728-8d881cf31bee > 192.168.110.0/24 | > | > | > | > f48c3223-8507-455c-9c13-8b727ea5f441 > 192.168.111.0/24 | > > and i'm creating VMs via HEAT. > What is happening is that sometimes i get duplicated > entries in [1] and because of that the VM which was > spun up doesn't get an ip. > The Dnsmask processes are running okay [2] and i > can't see anything special/ wrong in it. > > Any idea why this is happening? Or are you aware of > any bugs around this area? Do you see a problems > with having 2 subnets mapped to 1 private-net? > > > > Thanks, > Dani > > [1] > /var/lib/neutron/dhcp/2fb7de9d-d6df-481f-acca-2f7860cffa60/addn_hosts > > [2] > > nobody 5664 1 0 Jun02 ? 00:00:08 > dnsmasq --no-hosts --no-resolv --strict-order > --bind-interfaces --interface=tapc9164734-0c > --except-interface=lo > --pid-file=/var/lib/neutron/dhcp/2fb7de9d-d6df-481f-acca-2f7860cffa60/pid > --dhcp-hostsfile=/var/lib/neutron/dhcp/2fb7de9d-d6df-481f-acca-2f7860cffa60/host > --addn-hosts=/var/lib/neutron/dhcp/2fb7de9d-d6df-481f-acca-2f7860cffa60/addn_hosts > --dhcp-optsfile=/var/lib/neutron/dhcp/2fb7de9d-d6df-481f-acca-2f7860cffa60/opts > --leasefile-ro --dhcp-authoritative > --dhcp-range=set:tag0,192.168.110.0,static,86400s > --dhcp-range=set:tag1,192.168.111.0,static,86400s > --dhcp-lease-max=512 --conf-file= --server=10.0.0.31 > --server=10.0.0.32 --domain=openstacklocal > > > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > > > > -- > Kevin Benton > > > > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > From comnea.dani at gmail.com Wed Jul 1 09:24:11 2015 From: comnea.dani at gmail.com (Daniel Comnea) Date: Wed, 1 Jul 2015 10:24:11 +0100 Subject: [Openstack-operators] [openstack-dev] [openstack-operators][neutron[dhcp][dnsmask]: duplicate entries in addn_hosts causing no IP allocation In-Reply-To: <5593A38A.7060507@metaswitch.com> References: <5593A38A.7060507@metaswitch.com> Message-ID: Neil, much thanks !!! Any idea if i can go and only run apt-get --only-upgrade install or that will be too crazy? Cheers, Dani On Wed, Jul 1, 2015 at 9:23 AM, Neil Jerram wrote: > Well, the bug discussion seems to point specifically to this dnsmasq fix: > > > http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=9380ba70d67db6b69f817d8e318de5ba1e990b12 > > Neil > > > On 01/07/15 07:34, Daniel Comnea wrote: > >> Hi, >> >> sorry for no feedback, i've been doing more and more test and after >> enabled the dnsmasq log i found the error which i'm not longer sure if >> is related to having duplicated entries >> >> dnsmasq-dhcp[21231]: 0 DHCPRELEASE(tap8ecf66b6-72) 192.168.111.24 >> fa:16:3e:72:04:82 unknown lease >> >> Looking around it seems i'm hitting this bug [1] but not clear from the >> description what was the problem on dnsmasp 2.59 (which comes wiht Fuel >> 5.1) >> >> Any ideas? >> >> Cheers, >> Dani >> >> [1] https://bugs.launchpad.net/neutron/+bug/1271344 >> >> On Wed, Jun 10, 2015 at 7:13 AM, Daniel Comnea > > wrote: >> >> Thanks a bunch Kevin! >> >> I'll try this patch and report back. >> >> Dani >> >> >> On Tue, Jun 9, 2015 at 2:50 AM, Kevin Benton > > wrote: >> >> Hi Daniel, >> >> I'm concerned that we are encountered out-of-order port events >> on the DHCP agent side so the delete message is processed before >> the create message. Would you be willing to apply a small patch >> to your dhcp agent to see if it fixes the issue? >> >> If it does fix the issue, you should see occasional warnings in >> the DHCP agent log that show "Received message for port that was >> already deleted". If it doesn't fix the issue, we may be losing >> the delete event entirely. If that's the case, it would be great >> if you can enable debuging on the agent and upload a log of a >> run when it happens. >> >> Cheers, >> Kevin Benton >> >> Here is the patch: >> >> diff --git a/neutron/agent/dhcp_agent.py >> b/neutron/agent/dhcp_agent.py >> index 71c9709..9b9b637 100644 >> --- a/neutron/agent/dhcp_agent.py >> +++ b/neutron/agent/dhcp_agent.py >> @@ -71,6 +71,7 @@ class DhcpAgent(manager.Manager): >> self.needs_resync = False >> self.conf = cfg.CONF >> self.cache = NetworkCache() >> + self.deleted_ports = set() >> self.root_helper = config.get_root_helper(self.conf) >> self.dhcp_driver_cls = >> importutils.import_class(self.conf.dhcp_driver) >> ctx = context.get_admin_context_without_session() >> @@ -151,6 +152,7 @@ class DhcpAgent(manager.Manager): >> LOG.info(_('Synchronizing state')) >> pool = eventlet.GreenPool(cfg.CONF.num_sync_threads) >> known_network_ids = set(self.cache.get_network_ids()) >> + self.deleted_ports = set() >> >> try: >> active_networks = >> self.plugin_rpc.get_active_networks_info() >> @@ -302,6 +304,10 @@ class DhcpAgent(manager.Manager): >> @utils.synchronized('dhcp-agent') >> def port_update_end(self, context, payload): >> """Handle the port.update.end notification event.""" >> + if payload['port']['id'] in self.deleted_ports: >> + LOG.warning(_("Received message for port that was " >> + "already deleted: %s"), >> payload['port']['id']) >> + return >> updated_port = dhcp.DictModel(payload['port']) >> network = >> self.cache.get_network_by_id(updated_port.network_id) >> if network: >> @@ -315,6 +321,7 @@ class DhcpAgent(manager.Manager): >> def port_delete_end(self, context, payload): >> """Handle the port.delete.end notification event.""" >> port = self.cache.get_port_by_id(payload['port_id']) >> + self.deleted_ports.add(payload['port_id']) >> if port: >> network = >> self.cache.get_network_by_id(port.network_id) >> self.cache.remove_port(port) >> >> >> >> >> >> >> >> >> On Mon, Jun 8, 2015 at 8:26 AM, Daniel Comnea >> > wrote: >> >> Any help, ideas please? >> >> Thx, >> Dani >> >> On Mon, Jun 8, 2015 at 9:25 AM, Daniel Comnea >> > wrote: >> >> + Operators >> >> Much thanks in advance, >> Dani >> >> >> >> >> On Sun, Jun 7, 2015 at 6:31 PM, Daniel Comnea >> > >> wrote: >> >> Hi all, >> >> I'm running IceHouse (build using Fuel 5.1.1) on >> Ubuntu where dnsmask version 2.59-4. >> I have a very basic network layout where i have a >> private net which has 2 subnets >> >> 2fb7de9d-d6df-481f-acca-2f7860cffa60 | >> private-net | >> e79c3477-d3e5-471c-a728-8d881cf31bee >> 192.168.110.0/24 | >> | >> | >> | >> f48c3223-8507-455c-9c13-8b727ea5f441 >> 192.168.111.0/24 | >> >> and i'm creating VMs via HEAT. >> What is happening is that sometimes i get duplicated >> entries in [1] and because of that the VM which was >> spun up doesn't get an ip. >> The Dnsmask processes are running okay [2] and i >> can't see anything special/ wrong in it. >> >> Any idea why this is happening? Or are you aware of >> any bugs around this area? Do you see a problems >> with having 2 subnets mapped to 1 private-net? >> >> >> >> Thanks, >> Dani >> >> [1] >> >> /var/lib/neutron/dhcp/2fb7de9d-d6df-481f-acca-2f7860cffa60/addn_hosts >> >> [2] >> >> nobody 5664 1 0 Jun02 ? 00:00:08 >> dnsmasq --no-hosts --no-resolv --strict-order >> --bind-interfaces --interface=tapc9164734-0c >> --except-interface=lo >> >> --pid-file=/var/lib/neutron/dhcp/2fb7de9d-d6df-481f-acca-2f7860cffa60/pid >> >> --dhcp-hostsfile=/var/lib/neutron/dhcp/2fb7de9d-d6df-481f-acca-2f7860cffa60/host >> >> --addn-hosts=/var/lib/neutron/dhcp/2fb7de9d-d6df-481f-acca-2f7860cffa60/addn_hosts >> >> --dhcp-optsfile=/var/lib/neutron/dhcp/2fb7de9d-d6df-481f-acca-2f7860cffa60/opts >> --leasefile-ro --dhcp-authoritative >> --dhcp-range=set:tag0,192.168.110.0,static,86400s >> --dhcp-range=set:tag1,192.168.111.0,static,86400s >> --dhcp-lease-max=512 --conf-file= --server=10.0.0.31 >> --server=10.0.0.32 --domain=openstacklocal >> >> >> >> >> _______________________________________________ >> OpenStack-operators mailing list >> OpenStack-operators at lists.openstack.org >> >> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> >> >> >> >> -- >> Kevin Benton >> >> >> >> >> >> __________________________________________________________________________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: >> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> -------------- next part -------------- An HTML attachment was scrubbed... URL: From aishwarya.adyanthaya at accenture.com Wed Jul 1 09:44:59 2015 From: aishwarya.adyanthaya at accenture.com (aishwarya.adyanthaya at accenture.com) Date: Wed, 1 Jul 2015 09:44:59 +0000 Subject: [Openstack-operators] Accessing outside network from instance Message-ID: <1249824884bc4ef79722d35eefd36667@CO2PR42MB188.048d.mgd.msft.net> Hi, I have created a three nodes architecture for my openstack setup with the Kilo version. I am able to create an instance from the dashboard but when I try to access the outside network for instance running an 'apt-get' command gives me an error 'sh: apt-get command not found'. What am I supposed to do to work it out? I haven't attached the floating Ip yet. Thank you, Aishwarya Adyanthaya ________________________________ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. ______________________________________________________________________________________ www.accenture.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From Neil.Jerram at metaswitch.com Wed Jul 1 10:53:28 2015 From: Neil.Jerram at metaswitch.com (Neil Jerram) Date: Wed, 1 Jul 2015 11:53:28 +0100 Subject: [Openstack-operators] Accessing outside network from instance In-Reply-To: <1249824884bc4ef79722d35eefd36667@CO2PR42MB188.048d.mgd.msft.net> References: <1249824884bc4ef79722d35eefd36667@CO2PR42MB188.048d.mgd.msft.net> Message-ID: <5593C6A8.3020402@metaswitch.com> Hi Aishwarya, On 01/07/15 10:44, aishwarya.adyanthaya at accenture.com wrote: > Hi, > > I have created a three nodes architecture for my openstack setup with > the Kilo version. I am able to create an instance from the dashboard but > when I try to access the outside network for instance running an > ?apt-get? command gives me an error ?sh: apt-get command not found?. > What am I supposed to do to work it out? That error is not related to any network access. It means that the apt-get command is not installed on your instance, or perhaps not in your PATH. Regards, Neil From Neil.Jerram at metaswitch.com Wed Jul 1 11:01:23 2015 From: Neil.Jerram at metaswitch.com (Neil Jerram) Date: Wed, 1 Jul 2015 12:01:23 +0100 Subject: [Openstack-operators] [openstack-dev] [openstack-operators][neutron[dhcp][dnsmask]: duplicate entries in addn_hosts causing no IP allocation In-Reply-To: References: <5593A38A.7060507@metaswitch.com> Message-ID: <5593C883.8050101@metaswitch.com> Hi Dani, I think that would be fine, if it worked. The that you want is dnsmasq-base, I believe. However, I would not expect it to work, on a Fuel 5.1 node, because I believe such nodes are set up to use the Fuel master as their package repository, and I don't think that a Fuel 5.1 master will have any newer dnsmasq packages that what you already have installed. I hope that makes sense - happy to explain further if not. Neil On 01/07/15 10:24, Daniel Comnea wrote: > Neil, much thanks !!! > > Any idea if i can go and only run apt-get --only-upgrade install > or that will be too crazy? > > Cheers, > Dani > > > On Wed, Jul 1, 2015 at 9:23 AM, Neil Jerram > wrote: > > Well, the bug discussion seems to point specifically to this dnsmasq > fix: > > http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=9380ba70d67db6b69f817d8e318de5ba1e990b12 > > Neil > > > On 01/07/15 07:34, Daniel Comnea wrote: > > Hi, > > sorry for no feedback, i've been doing more and more test and after > enabled the dnsmasq log i found the error which i'm not longer > sure if > is related to having duplicated entries > > dnsmasq-dhcp[21231]: 0 DHCPRELEASE(tap8ecf66b6-72) 192.168.111.24 > fa:16:3e:72:04:82 unknown lease > > Looking around it seems i'm hitting this bug [1] but not clear > from the > description what was the problem on dnsmasp 2.59 (which comes > wiht Fuel 5.1) > > Any ideas? > > Cheers, > Dani > > [1] https://bugs.launchpad.net/neutron/+bug/1271344 > > On Wed, Jun 10, 2015 at 7:13 AM, Daniel Comnea > > >> > wrote: > > Thanks a bunch Kevin! > > I'll try this patch and report back. > > Dani > > > On Tue, Jun 9, 2015 at 2:50 AM, Kevin Benton > > >> wrote: > > Hi Daniel, > > I'm concerned that we are encountered out-of-order port > events > on the DHCP agent side so the delete message is > processed before > the create message. Would you be willing to apply a > small patch > to your dhcp agent to see if it fixes the issue? > > If it does fix the issue, you should see occasional > warnings in > the DHCP agent log that show "Received message for port > that was > already deleted". If it doesn't fix the issue, we may > be losing > the delete event entirely. If that's the case, it would > be great > if you can enable debuging on the agent and upload a > log of a > run when it happens. > > Cheers, > Kevin Benton > > Here is the patch: > > diff --git a/neutron/agent/dhcp_agent.py > b/neutron/agent/dhcp_agent.py > index 71c9709..9b9b637 100644 > --- a/neutron/agent/dhcp_agent.py > +++ b/neutron/agent/dhcp_agent.py > @@ -71,6 +71,7 @@ class DhcpAgent(manager.Manager): > self.needs_resync = False > self.conf = cfg.CONF > self.cache = NetworkCache() > + self.deleted_ports = set() > self.root_helper = > config.get_root_helper(self.conf) > self.dhcp_driver_cls = > importutils.import_class(self.conf.dhcp_driver) > ctx = context.get_admin_context_without_session() > @@ -151,6 +152,7 @@ class DhcpAgent(manager.Manager): > LOG.info(_('Synchronizing state')) > pool = > eventlet.GreenPool(cfg.CONF.num_sync_threads) > known_network_ids = > set(self.cache.get_network_ids()) > + self.deleted_ports = set() > > try: > active_networks = > self.plugin_rpc.get_active_networks_info() > @@ -302,6 +304,10 @@ class DhcpAgent(manager.Manager): > @utils.synchronized('dhcp-agent') > def port_update_end(self, context, payload): > """Handle the port.update.end notification > event.""" > + if payload['port']['id'] in self.deleted_ports: > + LOG.warning(_("Received message for port > that was " > + "already deleted: %s"), > payload['port']['id']) > + return > updated_port = dhcp.DictModel(payload['port']) > network = > self.cache.get_network_by_id(updated_port.network_id) > if network: > @@ -315,6 +321,7 @@ class DhcpAgent(manager.Manager): > def port_delete_end(self, context, payload): > """Handle the port.delete.end notification > event.""" > port = > self.cache.get_port_by_id(payload['port_id']) > + self.deleted_ports.add(payload['port_id']) > if port: > network = > self.cache.get_network_by_id(port.network_id) > self.cache.remove_port(port) > > > > > > > > > On Mon, Jun 8, 2015 at 8:26 AM, Daniel Comnea > > >> > wrote: > > Any help, ideas please? > > Thx, > Dani > > On Mon, Jun 8, 2015 at 9:25 AM, Daniel Comnea > >> wrote: > > + Operators > > Much thanks in advance, > Dani > > > > > On Sun, Jun 7, 2015 at 6:31 PM, Daniel Comnea > >> > wrote: > > Hi all, > > I'm running IceHouse (build using Fuel > 5.1.1) on > Ubuntu where dnsmask version 2.59-4. > I have a very basic network layout where i > have a > private net which has 2 subnets > > 2fb7de9d-d6df-481f-acca-2f7860cffa60 | > private-net > | > e79c3477-d3e5-471c-a728-8d881cf31bee > 192.168.110.0/24 > | > | > | > | > f48c3223-8507-455c-9c13-8b727ea5f441 > 192.168.111.0/24 > | > > and i'm creating VMs via HEAT. > What is happening is that sometimes i get > duplicated > entries in [1] and because of that the VM > which was > spun up doesn't get an ip. > The Dnsmask processes are running okay [2] > and i > can't see anything special/ wrong in it. > > Any idea why this is happening? Or are you > aware of > any bugs around this area? Do you see a > problems > with having 2 subnets mapped to 1 private-net? > > > > Thanks, > Dani > > [1] > > /var/lib/neutron/dhcp/2fb7de9d-d6df-481f-acca-2f7860cffa60/addn_hosts > > [2] > > nobody 5664 1 0 Jun02 ? 00:00:08 > dnsmasq --no-hosts --no-resolv --strict-order > --bind-interfaces --interface=tapc9164734-0c > --except-interface=lo > > --pid-file=/var/lib/neutron/dhcp/2fb7de9d-d6df-481f-acca-2f7860cffa60/pid > > --dhcp-hostsfile=/var/lib/neutron/dhcp/2fb7de9d-d6df-481f-acca-2f7860cffa60/host > > --addn-hosts=/var/lib/neutron/dhcp/2fb7de9d-d6df-481f-acca-2f7860cffa60/addn_hosts > > --dhcp-optsfile=/var/lib/neutron/dhcp/2fb7de9d-d6df-481f-acca-2f7860cffa60/opts > --leasefile-ro --dhcp-authoritative > > --dhcp-range=set:tag0,192.168.110.0,static,86400s > > --dhcp-range=set:tag1,192.168.111.0,static,86400s > --dhcp-lease-max=512 --conf-file= > --server=10.0.0.31 > --server=10.0.0.32 --domain=openstacklocal > > > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > > > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > > > > -- > Kevin Benton > > > > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: > OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > From aishwarya.adyanthaya at accenture.com Wed Jul 1 11:30:38 2015 From: aishwarya.adyanthaya at accenture.com (aishwarya.adyanthaya at accenture.com) Date: Wed, 1 Jul 2015 11:30:38 +0000 Subject: [Openstack-operators] Accessing outside network from instance In-Reply-To: <5593C6A8.3020402@metaswitch.com> References: <1249824884bc4ef79722d35eefd36667@CO2PR42MB188.048d.mgd.msft.net> <5593C6A8.3020402@metaswitch.com> Message-ID: Hi Neil, Thanks for replying. The problem here is it's not just apt-get, I'm unable to access or use wget command to install anything. The instance is having only internal ip and is able to ping to internal networks that were created in the openstack dashboard. It's unable to ping to any of the openstack nodes. -----Original Message----- From: Neil Jerram [mailto:Neil.Jerram at metaswitch.com] Sent: Wednesday, July 01, 2015 4:23 PM To: Adyanthaya, Aishwarya; openstack-operators at lists.openstack.org Subject: Re: [Openstack-operators] Accessing outside network from instance Hi Aishwarya, On 01/07/15 10:44, aishwarya.adyanthaya at accenture.com wrote: > Hi, > > I have created a three nodes architecture for my openstack setup with > the Kilo version. I am able to create an instance from the dashboard > but when I try to access the outside network for instance running an > 'apt-get' command gives me an error 'sh: apt-get command not found'. > What am I supposed to do to work it out? That error is not related to any network access. It means that the apt-get command is not installed on your instance, or perhaps not in your PATH. Regards, Neil ________________________________ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. ______________________________________________________________________________________ www.accenture.com From comnea.dani at gmail.com Wed Jul 1 12:41:41 2015 From: comnea.dani at gmail.com (Daniel Comnea) Date: Wed, 1 Jul 2015 13:41:41 +0100 Subject: [Openstack-operators] [openstack-dev] [openstack-operators][neutron[dhcp][dnsmask]: duplicate entries in addn_hosts causing no IP allocation In-Reply-To: <5593C883.8050101@metaswitch.com> References: <5593A38A.7060507@metaswitch.com> <5593C883.8050101@metaswitch.com> Message-ID: Indeed Neil that is the case. Pasting below some info in case someone will face the same issue. root at node-9:~# apt-cache madison dnsmasq-base dnsmasq-base | 2.59-4ubuntu0.1 | http://1.1.1.1/ubuntu/fuelweb/x86_64/ precise/main amd64 Packages root at node-9:~# dpkg -I dnsmasq-base dpkg-deb: error: failed to read archive `dnsmasq-base': No such file or directory root at node-94:~# dpkg -l | grep dnsmas ii dnsmasq-base 2.59-4ubuntu0.1 Small caching DNS proxy and DHCP/TFTP server ii dnsmasq-utils 2.59-4ubuntu0.1 Utilities for manipulating DHCP leases root at node-9:~# apt-cache showpkg dnsmasq-base Package: dnsmasq-base Versions: 2.59-4ubuntu0.1 (/var/lib/apt/lists/1.1.1.1:8080_ubuntu_fuelweb_x86%5f64_dists_precise_main_binary-amd64_Packages) (/var/lib/dpkg/status) Description Language: File: /var/lib/apt/lists/211.210.0.9:8080 _ubuntu_fuelweb_x86%5f64_dists_precise_main_binary-amd64_Packages MD5: 1f9c3f0c557ca377bcc6c659e4694437 Reverse Depends: neutron-dhcp-agent,dnsmasq-base nova-network,dnsmasq-base libvirt-bin,dnsmasq-base 2.46-1 Dependencies: 2.59-4ubuntu0.1 - libc6 (2 2.15) libdbus-1-3 (2 1.1.1) libidn11 (2 1.13) libnetfilter-conntrack3 (2 0.9.1) dnsmasq (3 2.59-4ubuntu0) dnsmasq:i386 (3 2.59-4ubuntu0) dnsmasq (3 2.59-4ubuntu0) dnsmasq:i386 (3 2.59-4ubuntu0) Provides: 2.59-4ubuntu0.1 - Reverse Provides: root at node-9:~# Will keep you updated on how i solved it (hopefully will help others) Dani On Wed, Jul 1, 2015 at 12:01 PM, Neil Jerram wrote: > Hi Dani, > > I think that would be fine, if it worked. The that you want > is dnsmasq-base, I believe. > > However, I would not expect it to work, on a Fuel 5.1 node, because I > believe such nodes are set up to use the Fuel master as their package > repository, and I don't think that a Fuel 5.1 master will have any newer > dnsmasq packages that what you already have installed. > > I hope that makes sense - happy to explain further if not. > > Neil > > > On 01/07/15 10:24, Daniel Comnea wrote: > >> Neil, much thanks !!! >> >> Any idea if i can go and only run apt-get --only-upgrade install >> or that will be too crazy? >> >> Cheers, >> Dani >> >> >> On Wed, Jul 1, 2015 at 9:23 AM, Neil Jerram > > wrote: >> >> Well, the bug discussion seems to point specifically to this dnsmasq >> fix: >> >> >> http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=9380ba70d67db6b69f817d8e318de5ba1e990b12 >> >> Neil >> >> >> On 01/07/15 07:34, Daniel Comnea wrote: >> >> Hi, >> >> sorry for no feedback, i've been doing more and more test and >> after >> enabled the dnsmasq log i found the error which i'm not longer >> sure if >> is related to having duplicated entries >> >> dnsmasq-dhcp[21231]: 0 DHCPRELEASE(tap8ecf66b6-72) 192.168.111.24 >> fa:16:3e:72:04:82 unknown lease >> >> Looking around it seems i'm hitting this bug [1] but not clear >> from the >> description what was the problem on dnsmasp 2.59 (which comes >> wiht Fuel 5.1) >> >> Any ideas? >> >> Cheers, >> Dani >> >> [1] https://bugs.launchpad.net/neutron/+bug/1271344 >> >> On Wed, Jun 10, 2015 at 7:13 AM, Daniel Comnea >> >> >> >> wrote: >> >> Thanks a bunch Kevin! >> >> I'll try this patch and report back. >> >> Dani >> >> >> On Tue, Jun 9, 2015 at 2:50 AM, Kevin Benton >> >> >> >> wrote: >> >> Hi Daniel, >> >> I'm concerned that we are encountered out-of-order port >> events >> on the DHCP agent side so the delete message is >> processed before >> the create message. Would you be willing to apply a >> small patch >> to your dhcp agent to see if it fixes the issue? >> >> If it does fix the issue, you should see occasional >> warnings in >> the DHCP agent log that show "Received message for port >> that was >> already deleted". If it doesn't fix the issue, we may >> be losing >> the delete event entirely. If that's the case, it would >> be great >> if you can enable debuging on the agent and upload a >> log of a >> run when it happens. >> >> Cheers, >> Kevin Benton >> >> Here is the patch: >> >> diff --git a/neutron/agent/dhcp_agent.py >> b/neutron/agent/dhcp_agent.py >> index 71c9709..9b9b637 100644 >> --- a/neutron/agent/dhcp_agent.py >> +++ b/neutron/agent/dhcp_agent.py >> @@ -71,6 +71,7 @@ class DhcpAgent(manager.Manager): >> self.needs_resync = False >> self.conf = cfg.CONF >> self.cache = NetworkCache() >> + self.deleted_ports = set() >> self.root_helper = >> config.get_root_helper(self.conf) >> self.dhcp_driver_cls = >> importutils.import_class(self.conf.dhcp_driver) >> ctx = >> context.get_admin_context_without_session() >> @@ -151,6 +152,7 @@ class DhcpAgent(manager.Manager): >> LOG.info(_('Synchronizing state')) >> pool = >> eventlet.GreenPool(cfg.CONF.num_sync_threads) >> known_network_ids = >> set(self.cache.get_network_ids()) >> + self.deleted_ports = set() >> >> try: >> active_networks = >> self.plugin_rpc.get_active_networks_info() >> @@ -302,6 +304,10 @@ class DhcpAgent(manager.Manager): >> @utils.synchronized('dhcp-agent') >> def port_update_end(self, context, payload): >> """Handle the port.update.end notification >> event.""" >> + if payload['port']['id'] in self.deleted_ports: >> + LOG.warning(_("Received message for port >> that was " >> + "already deleted: %s"), >> payload['port']['id']) >> + return >> updated_port = dhcp.DictModel(payload['port']) >> network = >> self.cache.get_network_by_id(updated_port.network_id) >> if network: >> @@ -315,6 +321,7 @@ class DhcpAgent(manager.Manager): >> def port_delete_end(self, context, payload): >> """Handle the port.delete.end notification >> event.""" >> port = >> self.cache.get_port_by_id(payload['port_id']) >> + self.deleted_ports.add(payload['port_id']) >> if port: >> network = >> self.cache.get_network_by_id(port.network_id) >> self.cache.remove_port(port) >> >> >> >> >> >> >> >> >> On Mon, Jun 8, 2015 at 8:26 AM, Daniel Comnea >> >> >> >> wrote: >> >> Any help, ideas please? >> >> Thx, >> Dani >> >> On Mon, Jun 8, 2015 at 9:25 AM, Daniel Comnea >> > > >> wrote: >> >> + Operators >> >> Much thanks in advance, >> Dani >> >> >> >> >> On Sun, Jun 7, 2015 at 6:31 PM, Daniel Comnea >> > > >> >> >> wrote: >> >> Hi all, >> >> I'm running IceHouse (build using Fuel >> 5.1.1) on >> Ubuntu where dnsmask version 2.59-4. >> I have a very basic network layout where i >> have a >> private net which has 2 subnets >> >> 2fb7de9d-d6df-481f-acca-2f7860cffa60 | >> private-net >> | >> e79c3477-d3e5-471c-a728-8d881cf31bee >> 192.168.110.0/24 >> | >> | >> | >> | >> f48c3223-8507-455c-9c13-8b727ea5f441 >> 192.168.111.0/24 >> | >> >> and i'm creating VMs via HEAT. >> What is happening is that sometimes i get >> duplicated >> entries in [1] and because of that the VM >> which was >> spun up doesn't get an ip. >> The Dnsmask processes are running okay [2] >> and i >> can't see anything special/ wrong in it. >> >> Any idea why this is happening? Or are you >> aware of >> any bugs around this area? Do you see a >> problems >> with having 2 subnets mapped to 1 >> private-net? >> >> >> >> Thanks, >> Dani >> >> [1] >> >> >> /var/lib/neutron/dhcp/2fb7de9d-d6df-481f-acca-2f7860cffa60/addn_hosts >> >> [2] >> >> nobody 5664 1 0 Jun02 ? >> 00:00:08 >> dnsmasq --no-hosts --no-resolv --strict-order >> --bind-interfaces --interface=tapc9164734-0c >> --except-interface=lo >> >> >> --pid-file=/var/lib/neutron/dhcp/2fb7de9d-d6df-481f-acca-2f7860cffa60/pid >> >> >> --dhcp-hostsfile=/var/lib/neutron/dhcp/2fb7de9d-d6df-481f-acca-2f7860cffa60/host >> >> >> --addn-hosts=/var/lib/neutron/dhcp/2fb7de9d-d6df-481f-acca-2f7860cffa60/addn_hosts >> >> >> --dhcp-optsfile=/var/lib/neutron/dhcp/2fb7de9d-d6df-481f-acca-2f7860cffa60/opts >> --leasefile-ro --dhcp-authoritative >> >> --dhcp-range=set:tag0,192.168.110.0,static,86400s >> >> --dhcp-range=set:tag1,192.168.111.0,static,86400s >> --dhcp-lease-max=512 --conf-file= >> --server=10.0.0.31 >> --server=10.0.0.32 --domain=openstacklocal >> >> >> >> >> _______________________________________________ >> OpenStack-operators mailing list >> OpenStack-operators at lists.openstack.org >> >> > > >> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> >> >> >> >> -- >> Kevin Benton >> >> >> >> >> >> >> __________________________________________________________________________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: >> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe >> < >> http://OpenStack-dev-request at lists.openstack.org?subject:unsubscribe> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> >> -------------- next part -------------- An HTML attachment was scrubbed... URL: From alexandrelevine at gmail.com Wed Jul 1 12:54:23 2015 From: alexandrelevine at gmail.com (Alexandre Levine) Date: Wed, 01 Jul 2015 15:54:23 +0300 Subject: [Openstack-operators] EC2 API - users wanted Message-ID: <5593E2FF.50306@gmail.com> Hi all, I wanted to remind everybody that the existing nova's EC2 API was deprecated in Kilo and the replacement-to-be (stackforge/ec2-api) stays virtually untouched by customers. It means that without real beta and production testing it's not going to get accepted into OpenStack. Since nova's EC2 API being deprecated doesn't get any good support, let alone development, at some point situation might become even more pitiful than it was before the Kilo release, when nova's EC2 API had some critical bugs and there was a risk to loose support of this protocol in OpenStack altogether. I'd like to urge everybody on the op's side to start using or testing the replacement EC2 API project. The Kilo-compatible release can be found here: https://github.com/stackforge/ec2-api/tree/0.1.0/ec2api We'll be more than glad to help with any usage or testing effort and fix whatever issues arise ASAP. Thanks in advance. Best regards, Alex Levine From edgar.magana at workday.com Wed Jul 1 19:50:38 2015 From: edgar.magana at workday.com (Edgar Magana) Date: Wed, 1 Jul 2015 19:50:38 +0000 Subject: [Openstack-operators] VM in spawning mode forever when assigned 4GB or higher Message-ID: Folks, In Icehouse when I fire up a VM with a 4096 MB or higher, it's stuck forever on "Spawning". Smaller flavors (for ram memory) works fine. Any idea why this is happening? I have plenty of memory in my compute nodes! Thanks, Edgar -------------- next part -------------- An HTML attachment was scrubbed... URL: From richard at raseley.com Wed Jul 1 20:23:25 2015 From: richard at raseley.com (Richard Raseley) Date: Wed, 01 Jul 2015 13:23:25 -0700 Subject: [Openstack-operators] [puppet] OpenStack Puppet Modules Usage Questions In-Reply-To: References: <557F63CD.8000404@raseley.com> <5591727A.5090202@raseley.com> Message-ID: <55944C3D.5060009@raseley.com> Matt Fischer wrote: > We've been discussing this for 3 months now, so my vote is "soon". Can > we make the Puppet Labs ML have an auto-responder that redirects people? Yes we can. I propose the following: 1) Put up an auto-responder ASAP with the following text: --- Thank you for your message to the puppet-openstack mailing list. As part of our move under the OpenStack 'big tent'[0] we have transitioned to use of the official OpenStack mailing lists[1]. Please resend your message with the following considerations: 1) If your question or comment is related to the development, structure, or processes surrounding the OpenStack Puppet Modules, please send it to 'openstack-dev at lists.openstack.org' with the tag '[puppet]' as the first component of the subject. 2) if your question or comment is related to the operational application or usage of the OpenStack Puppet Modules, please send it to 'openstack-operators at lists.openstack.org' with the tag '[puppet]' as the first component of the subject. Please note that in order to successfully post a message to one of the lists above, you must first subscribe to it. To do this, please follow the instructions found on the OpenStack wiki[1]. If you have any questions or concerns, please drop by our #puppet-openstack channel on Freenode IRC. [0] - http://ttx.re/the-way-forward.html [1] - https://wiki.openstack.org/wiki/Mailing_Lists --- 2) Configure the setting to prevent outside emails to the list. The list will remain public to serve as an historical archive. Regards, Richard From mdorman at godaddy.com Wed Jul 1 21:39:01 2015 From: mdorman at godaddy.com (Mike Dorman) Date: Wed, 1 Jul 2015 21:39:01 +0000 Subject: [Openstack-operators] [puppet] OpenStack Puppet Modules Usage Questions In-Reply-To: <55944C3D.5060009@raseley.com> References: <557F63CD.8000404@raseley.com> <5591727A.5090202@raseley.com> <55944C3D.5060009@raseley.com> Message-ID: <536861F2-8218-4B13-B063-6DD0B496F776@godaddy.com> +1, I think we should just go ahead and do this. On 7/1/15, 3:23 PM, "Richard Raseley" wrote: >Matt Fischer wrote: >> We've been discussing this for 3 months now, so my vote is "soon". Can >> we make the Puppet Labs ML have an auto-responder that redirects people? > >Yes we can. I propose the following: > >1) Put up an auto-responder ASAP with the following text: > >--- > >Thank you for your message to the puppet-openstack mailing list. As part >of our move under the OpenStack 'big tent'[0] we have transitioned to >use of the official OpenStack mailing lists[1]. Please resend your >message with the following considerations: > >1) If your question or comment is related to the development, structure, >or processes surrounding the OpenStack Puppet Modules, please send it to >'openstack-dev at lists.openstack.org' with the tag '[puppet]' as the first >component of the subject. > >2) if your question or comment is related to the operational application >or usage of the OpenStack Puppet Modules, please send it to >'openstack-operators at lists.openstack.org' with the tag '[puppet]' as the >first component of the subject. > >Please note that in order to successfully post a message to one of the >lists above, you must first subscribe to it. To do this, please follow >the instructions found on the OpenStack wiki[1]. > >If you have any questions or concerns, please drop by our >#puppet-openstack channel on Freenode IRC. > >[0] - http://ttx.re/the-way-forward.html >[1] - https://wiki.openstack.org/wiki/Mailing_Lists > >--- > >2) Configure the setting to prevent outside emails to the list. The list >will remain public to serve as an historical archive. > >Regards, > >Richard > >-- > >To unsubscribe from this group and stop receiving emails from it, send an >email to puppet-openstack+unsubscribe at puppetlabs.com. From doc at aedo.net Wed Jul 1 23:19:51 2015 From: doc at aedo.net (Christopher Aedo) Date: Wed, 1 Jul 2015 16:19:51 -0700 Subject: [Openstack-operators] [app-catalog] Meeting Thursday July 2nd at 17:00UTC Message-ID: Hello! Our next OpenStack App Catalog meeting will take place this Thursday July 2nd at 17:00 UTC in #openstack-meeting-3 The agenda can be found here: https://wiki.openstack.org/wiki/Meetings/app-catalog Please add agenda items if there's anything you would like to discuss. We'll touch on the work we're doing to create a Horizon plugin and the preliminary steps to support more asset types among other things. Please join us if you can! -Christopher From rajat.nagpal at sjsu.edu Thu Jul 2 00:08:37 2015 From: rajat.nagpal at sjsu.edu (Rajat Nagpal) Date: Wed, 1 Jul 2015 17:08:37 -0700 Subject: [Openstack-operators] Mapping of routers and urls in Neutron API Message-ID: Hi guys, I want to add a new method i.e add some extension method in the neutron service and want to call this method from the command line interface.The method would actually show the quota usage(absolute limits) just like it shows in nova usage. Now I created a new command but I am not able to call the required method.I am entangled in how the request is being converted to routes and how the controller and the specific action is being called and how the mapping is being done.In the following logs, the request url is being converted to some actions and controllers I am specifically interested in how this is happening. 2015-07-01 05:05:42.997 12028 DEBUG routes.middleware [-] Matched GET /quotas/af6f77cb6304491fbe7f20b4959b2b4e.json __call__ /usr/local/lib/python2.7/dist-packages/routes/middleware.py:106 2015-07-01 05:05:42.998 12028 DEBUG routes.middleware [-] Route path: '/quotas/:(id).:(format)', defaults: {'action': u'show', 'controller': >} __call__ /usr/local/lib/python2.7/dist-packages/routes/middleware.py:108 -- Thanks, Rajat Nagpal rajat.nagpal at sjsu.edu +1 4082075248 -------------- next part -------------- An HTML attachment was scrubbed... URL: From angeloudy at gmail.com Thu Jul 2 01:59:00 2015 From: angeloudy at gmail.com (TAO ZHOU) Date: Thu, 2 Jul 2015 09:59:00 +0800 Subject: [Openstack-operators] [puppet] OpenStack Puppet Modules Usage Questions In-Reply-To: <557F63CD.8000404@raseley.com> References: <557F63CD.8000404@raseley.com> Message-ID: Hi, I have an icehouse openstack setup. I have the following lines in nova.conf: force_config_drive = always config_drive_cdrom = True Whenever I launch an instance, I can see a content directory in the config drive openstack/content/0000 contains all network interfaces. I can simply configure the static IP address from openstack/content/0000. Now I have a new openstack cluster setup and I cannot see this content directory when I launch a VM. I checked my configuration files and I can't find any difference with my old cluster. Any ideas? Thanks On Tue, Jun 16, 2015 at 7:46 AM, Richard Raseley wrote: > As part of wrapping up the few remaining 'loose ends' in moving the Puppet > modules under the big tent, we are pressing forward with deprecating the > previously used 'puppet-openstack at puppetlabs.com' mailing list in favor > of both the openstack-dev and openstack-operators lists with the '[puppet]' > tag. > > Usage of the openstack-dev list seems pretty straight forward, but we > wanted to confirm with the broader community that this list > (openstack-operators) was the appropriate venue for Puppet and OpenStack > related usage questions. > > Any objections to this model? > > Regards, > > Richard Raseley > > Systems Operations Engineer @ Puppet Labs > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > -------------- next part -------------- An HTML attachment was scrubbed... URL: From angeloudy at gmail.com Thu Jul 2 01:59:39 2015 From: angeloudy at gmail.com (TAO ZHOU) Date: Thu, 2 Jul 2015 09:59:39 +0800 Subject: [Openstack-operators] Config Drive has no content/0000 Message-ID: Hi, I have an icehouse openstack setup. I have the following lines in nova.conf: force_config_drive = always config_drive_cdrom = True Whenever I launch an instance, I can see a content directory in the config drive openstack/content/0000 contains all network interfaces. I can simply configure the static IP address from openstack/content/0000. Now I have a new openstack cluster setup and I cannot see this content directory when I launch a VM. I checked my configuration files and I can't find any difference with my old cluster. Any ideas? Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From sriram at clouddon.com Thu Jul 2 02:40:03 2015 From: sriram at clouddon.com (Sriram Subramanian) Date: Wed, 1 Jul 2015 19:40:03 -0700 Subject: [Openstack-operators] [CFP] OpenStack Day Seattle 2015 Message-ID: Dear Operators, I am organizing OpenStack Day Seattle 2015[1], which is to be held on Aug 20 2015, co-located with LinuxCon North America [2]. CFP [3] for the event is open for two tracks - Enterprise and Telcos. Submissions highlighting OpenStack use cases, challenges (particularly from Telcos) would be of great interest. I request you to kindly submit your stories. Please let me know if you need more details. [1] - http://www.openstackseattle.com/ [2] - http://events.linuxfoundation.org/events/linuxcon-north-america [3] - http://www.openstackseattle.com/cfp/ -- Thanks, -Sriram 425-463-8386 www.clouddon.com embrace the cloud -------------- next part -------------- An HTML attachment was scrubbed... URL: From gfa at zumbi.com.ar Thu Jul 2 02:40:28 2015 From: gfa at zumbi.com.ar (gustavo panizzo (gfa)) Date: Thu, 2 Jul 2015 10:40:28 +0800 Subject: [Openstack-operators] OT?: problems with IRQ-TLB on computes (network interruptions) Message-ID: <5594A49C.8050204@zumbi.com.ar> Hello we are having a problem were our compute nodes, and the vm running on them, suddenly and for some seconds lost network connectivity. the root cause appears to be the increase of irb-tlb from low values (less than 20) to more than >100k, that spike only last for some seconds then everything goes back to normal we have computes running precise (qemu 1.5, ovs 2.0.2, libvirt 1.2.2 and kernel 3.13) where the issue is frequent. also we have an small % of our fleet running trusty (qemu 2.0.0 ovs 2.0.2 libvirt 1.2.2 and kernel 3.16) where the problem seemed to be nonexistent until today :( issue seems to be isolated to < 10% of our hypervisors, some hypervisors had this problem every few days, others only once or twice. our vm are a black box to us we don't know what users run on them, but mostly cpu and network bound workload as anyone seen this before? as anyone fixed it? PS: we run libvirt+kvm hypervisor, neutron ovs agent, icehouse (but i don't think is a control plane issue) thanks! -- 1AE0 322E B8F7 4717 BDEA BF1D 44BB 1BA7 9F6C 6333 keybase: http://keybase.io/gfa From gfa at zumbi.com.ar Thu Jul 2 02:44:29 2015 From: gfa at zumbi.com.ar (gustavo panizzo (gfa)) Date: Thu, 2 Jul 2015 10:44:29 +0800 Subject: [Openstack-operators] OT?: problems with IRQ-TLB on computes (network interruptions) In-Reply-To: <5594A49C.8050204@zumbi.com.ar> References: <5594A49C.8050204@zumbi.com.ar> Message-ID: <5594A58D.6010508@zumbi.com.ar> an screenshot of collectd from the affected hypervisor http://zumbi.com.ar/tmp/irq-tlb.png On 2015-07-02 10:40, gustavo panizzo (gfa) wrote: > Hello > we are having a problem were our compute nodes, and the vm running > on them, suddenly and for some seconds lost network connectivity. > the root cause appears to be the increase of irb-tlb from low values > (less than 20) to more than >100k, that spike only last for some seconds > then everything goes back to normal > > we have computes running precise (qemu 1.5, ovs 2.0.2, libvirt 1.2.2 and > kernel 3.13) where the issue is frequent. also we have an small % of our > fleet running trusty (qemu 2.0.0 ovs 2.0.2 libvirt 1.2.2 and kernel > 3.16) where the problem seemed to be nonexistent until today :( > > issue seems to be isolated to < 10% of our hypervisors, some hypervisors > had this problem every few days, others only once or twice. our vm are a > black box to us we don't know what users run on them, but mostly cpu and > network bound workload > > as anyone seen this before? as anyone fixed it? > > > PS: we run libvirt+kvm hypervisor, neutron ovs agent, icehouse (but i > don't think is a control plane issue) > > thanks! > -- 1AE0 322E B8F7 4717 BDEA BF1D 44BB 1BA7 9F6C 6333 keybase: http://keybase.io/gfa From aishwarya.adyanthaya at accenture.com Thu Jul 2 05:00:37 2015 From: aishwarya.adyanthaya at accenture.com (aishwarya.adyanthaya at accenture.com) Date: Thu, 2 Jul 2015 05:00:37 +0000 Subject: [Openstack-operators] Snapshots in dashboard. Message-ID: <58da0afb5ecf44e6bfc3897e59110464@BLUPR42MB178.048d.mgd.msft.net> Hi, I created a snapshot from the instance I configured through the dashboard. When I go the images in the compute tab, I can see my snapshot has being created but the public tab there reads 'No'. Is there a way byb which I can change it to a 'Yes'. Thank you in advance! Aishwarya Adyanthaya ________________________________ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. ______________________________________________________________________________________ www.accenture.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From alopgeek at gmail.com Thu Jul 2 05:25:24 2015 From: alopgeek at gmail.com (Abel Lopez) Date: Wed, 1 Jul 2015 22:25:24 -0700 Subject: [Openstack-operators] Snapshots in dashboard. In-Reply-To: <58da0afb5ecf44e6bfc3897e59110464@BLUPR42MB178.048d.mgd.msft.net> References: <58da0afb5ecf44e6bfc3897e59110464@BLUPR42MB178.048d.mgd.msft.net> Message-ID: You probably could via the glance cli, but do you really want to? A public image is bootable by all tenants, which is fine, but an instance snapshot is more intended for like backups or scaling. Are you trying to make public images for all your tenants? On Wednesday, July 1, 2015, wrote: > Hi, > > > > I created a snapshot from the instance I configured through the dashboard. > When I go the images in the compute tab, I can see my snapshot has being > created but the public tab there reads ?No?. Is there a way byb which I can > change it to a ?Yes?. > > > > Thank you in advance! > > > > Aishwarya Adyanthaya > > ------------------------------ > > This message is for the designated recipient only and may contain > privileged, proprietary, or otherwise confidential information. If you have > received it in error, please notify the sender immediately and delete the > original. Any other use of the e-mail by you is prohibited. Where allowed > by local law, electronic communications with Accenture and its affiliates, > including e-mail and instant messaging (including content), may be scanned > by our systems for the purposes of information security and assessment of > internal compliance with Accenture policy. > > ______________________________________________________________________________________ > > www.accenture.com > -------------- next part -------------- An HTML attachment was scrubbed... URL: From aishwarya.adyanthaya at accenture.com Thu Jul 2 05:38:44 2015 From: aishwarya.adyanthaya at accenture.com (aishwarya.adyanthaya at accenture.com) Date: Thu, 2 Jul 2015 05:38:44 +0000 Subject: [Openstack-operators] Snapshots in dashboard. In-Reply-To: References: <58da0afb5ecf44e6bfc3897e59110464@BLUPR42MB178.048d.mgd.msft.net> Message-ID: Yes, that?s right. I used the glance image-update command and got it to public ?Yes?. The thing here is that, when I launch a cirros image I?m able to access it through the putty session but while using the Ubuntu image it prompts me as ?Disconnected: No supported authentications available.? I don?t mind using cirros but when I try to run apt-get update command, it gives me ?command not found?. From: Abel Lopez [mailto:alopgeek at gmail.com] Sent: Thursday, July 02, 2015 10:55 AM To: Adyanthaya, Aishwarya Cc: openstack-operators at lists.openstack.org Subject: Re: [Openstack-operators] Snapshots in dashboard. You probably could via the glance cli, but do you really want to? A public image is bootable by all tenants, which is fine, but an instance snapshot is more intended for like backups or scaling. Are you trying to make public images for all your tenants? On Wednesday, July 1, 2015, > wrote: Hi, I created a snapshot from the instance I configured through the dashboard. When I go the images in the compute tab, I can see my snapshot has being created but the public tab there reads ?No?. Is there a way byb which I can change it to a ?Yes?. Thank you in advance! Aishwarya Adyanthaya ________________________________ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. ______________________________________________________________________________________ www.accenture.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From alopgeek at gmail.com Thu Jul 2 05:47:00 2015 From: alopgeek at gmail.com (Abel Lopez) Date: Wed, 1 Jul 2015 22:47:00 -0700 Subject: [Openstack-operators] Snapshots in dashboard. In-Reply-To: References: <58da0afb5ecf44e6bfc3897e59110464@BLUPR42MB178.048d.mgd.msft.net> Message-ID: Ah, perhaps your public key isn't being installed. Are you using the official Ubuntu cloud images (or something based off that)? Or are you using a desktop/VMware image? Reason I ask is that cloud-init is an integral part of getting things like user-data and ssh keys setup at the initial build, and that might be missing from your image. AFAIK, Cirros isn't meant for any real use, not sure if it's dpkg based. On Wednesday, July 1, 2015, wrote: > > > Yes, that?s right. I used the glance image-update command and got it to > public ?Yes?. > > > > The thing here is that, when I launch a cirros image I?m able to access it > through the putty session but while using the Ubuntu image it prompts me as > ?Disconnected: No supported authentications available.? > > > > I don?t mind using cirros but when I try to run apt-get update command, it > gives me ?command not found?. > > > > *From:* Abel Lopez [mailto:alopgeek at gmail.com > ] > *Sent:* Thursday, July 02, 2015 10:55 AM > *To:* Adyanthaya, Aishwarya > *Cc:* openstack-operators at lists.openstack.org > > *Subject:* Re: [Openstack-operators] Snapshots in dashboard. > > > > You probably could via the glance cli, but do you really want to? > > A public image is bootable by all tenants, which is fine, but an instance > snapshot is more intended for like backups or scaling. > > Are you trying to make public images for all your tenants? > > On Wednesday, July 1, 2015, > > wrote: > > Hi, > > > > I created a snapshot from the instance I configured through the dashboard. > When I go the images in the compute tab, I can see my snapshot has being > created but the public tab there reads ?No?. Is there a way byb which I can > change it to a ?Yes?. > > > > Thank you in advance! > > > > Aishwarya Adyanthaya > > > ------------------------------ > > > This message is for the designated recipient only and may contain > privileged, proprietary, or otherwise confidential information. If you have > received it in error, please notify the sender immediately and delete the > original. Any other use of the e-mail by you is prohibited. Where allowed > by local law, electronic communications with Accenture and its affiliates, > including e-mail and instant messaging (including content), may be scanned > by our systems for the purposes of information security and assessment of > internal compliance with Accenture policy. > > ______________________________________________________________________________________ > > www.accenture.com > -------------- next part -------------- An HTML attachment was scrubbed... URL: From aishwarya.adyanthaya at accenture.com Thu Jul 2 05:49:59 2015 From: aishwarya.adyanthaya at accenture.com (aishwarya.adyanthaya at accenture.com) Date: Thu, 2 Jul 2015 05:49:59 +0000 Subject: [Openstack-operators] Snapshots in dashboard. In-Reply-To: References: <58da0afb5ecf44e6bfc3897e59110464@BLUPR42MB178.048d.mgd.msft.net> Message-ID: <9c8c5f4ad13c4b1cbbe0e29fefc3f22d@BLUPR42MB178.048d.mgd.msft.net> This is the image I downloaded on my machine from the Ubuntu cloud images: wget -P /tmp/images http://uec-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img From: Abel Lopez [mailto:alopgeek at gmail.com] Sent: Thursday, July 02, 2015 11:17 AM To: Adyanthaya, Aishwarya Cc: openstack-operators at lists.openstack.org Subject: Re: [Openstack-operators] Snapshots in dashboard. Ah, perhaps your public key isn't being installed. Are you using the official Ubuntu cloud images (or something based off that)? Or are you using a desktop/VMware image? Reason I ask is that cloud-init is an integral part of getting things like user-data and ssh keys setup at the initial build, and that might be missing from your image. AFAIK, Cirros isn't meant for any real use, not sure if it's dpkg based. On Wednesday, July 1, 2015, > wrote: Yes, that?s right. I used the glance image-update command and got it to public ?Yes?. The thing here is that, when I launch a cirros image I?m able to access it through the putty session but while using the Ubuntu image it prompts me as ?Disconnected: No supported authentications available.? I don?t mind using cirros but when I try to run apt-get update command, it gives me ?command not found?. From: Abel Lopez [mailto:alopgeek at gmail.com] Sent: Thursday, July 02, 2015 10:55 AM To: Adyanthaya, Aishwarya Cc: openstack-operators at lists.openstack.org Subject: Re: [Openstack-operators] Snapshots in dashboard. You probably could via the glance cli, but do you really want to? A public image is bootable by all tenants, which is fine, but an instance snapshot is more intended for like backups or scaling. Are you trying to make public images for all your tenants? On Wednesday, July 1, 2015, > wrote: Hi, I created a snapshot from the instance I configured through the dashboard. When I go the images in the compute tab, I can see my snapshot has being created but the public tab there reads ?No?. Is there a way byb which I can change it to a ?Yes?. Thank you in advance! Aishwarya Adyanthaya ________________________________ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. ______________________________________________________________________________________ www.accenture.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From alopgeek at gmail.com Thu Jul 2 06:05:42 2015 From: alopgeek at gmail.com (Abel Lopez) Date: Wed, 1 Jul 2015 23:05:42 -0700 Subject: [Openstack-operators] Snapshots in dashboard. In-Reply-To: <9c8c5f4ad13c4b1cbbe0e29fefc3f22d@BLUPR42MB178.048d.mgd.msft.net> References: <58da0afb5ecf44e6bfc3897e59110464@BLUPR42MB178.048d.mgd.msft.net> <9c8c5f4ad13c4b1cbbe0e29fefc3f22d@BLUPR42MB178.048d.mgd.msft.net> Message-ID: Ok, good, make sure you're selecting a public key when you launch it, and ssh as the "ubuntu" user. On Wednesday, July 1, 2015, wrote: > This is the image I downloaded on my machine from the Ubuntu cloud > images: > > > > wget -P /tmp/images > http://uec-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img > > > > > > *From:* Abel Lopez [mailto:alopgeek at gmail.com > ] > *Sent:* Thursday, July 02, 2015 11:17 AM > *To:* Adyanthaya, Aishwarya > *Cc:* openstack-operators at lists.openstack.org > > *Subject:* Re: [Openstack-operators] Snapshots in dashboard. > > > > Ah, perhaps your public key isn't being installed. Are you using the > official Ubuntu cloud images (or something based off that)? Or are you > using a desktop/VMware image? > > Reason I ask is that cloud-init is an integral part of getting things like > user-data and ssh keys setup at the initial build, and that might be > missing from your image. > > AFAIK, Cirros isn't meant for any real use, not sure if it's dpkg based. > > On Wednesday, July 1, 2015, > > wrote: > > > > Yes, that?s right. I used the glance image-update command and got it to > public ?Yes?. > > > > The thing here is that, when I launch a cirros image I?m able to access it > through the putty session but while using the Ubuntu image it prompts me as > ?Disconnected: No supported authentications available.? > > > > I don?t mind using cirros but when I try to run apt-get update command, it > gives me ?command not found?. > > > > *From:* Abel Lopez [mailto:alopgeek at gmail.com] > *Sent:* Thursday, July 02, 2015 10:55 AM > *To:* Adyanthaya, Aishwarya > *Cc:* openstack-operators at lists.openstack.org > *Subject:* Re: [Openstack-operators] Snapshots in dashboard. > > > > You probably could via the glance cli, but do you really want to? > > A public image is bootable by all tenants, which is fine, but an instance > snapshot is more intended for like backups or scaling. > > Are you trying to make public images for all your tenants? > > On Wednesday, July 1, 2015, wrote: > > Hi, > > > > I created a snapshot from the instance I configured through the dashboard. > When I go the images in the compute tab, I can see my snapshot has being > created but the public tab there reads ?No?. Is there a way byb which I can > change it to a ?Yes?. > > > > Thank you in advance! > > > > Aishwarya Adyanthaya > > > ------------------------------ > > > This message is for the designated recipient only and may contain > privileged, proprietary, or otherwise confidential information. If you have > received it in error, please notify the sender immediately and delete the > original. Any other use of the e-mail by you is prohibited. Where allowed > by local law, electronic communications with Accenture and its affiliates, > including e-mail and instant messaging (including content), may be scanned > by our systems for the purposes of information security and assessment of > internal compliance with Accenture policy. > > ______________________________________________________________________________________ > > www.accenture.com > -------------- next part -------------- An HTML attachment was scrubbed... URL: From aishwarya.adyanthaya at accenture.com Thu Jul 2 06:11:38 2015 From: aishwarya.adyanthaya at accenture.com (aishwarya.adyanthaya at accenture.com) Date: Thu, 2 Jul 2015 06:11:38 +0000 Subject: [Openstack-operators] Snapshots in dashboard. In-Reply-To: References: <58da0afb5ecf44e6bfc3897e59110464@BLUPR42MB178.048d.mgd.msft.net> <9c8c5f4ad13c4b1cbbe0e29fefc3f22d@BLUPR42MB178.048d.mgd.msft.net> Message-ID: <2f2477cbf07d405685a9a901f19384fd@BLUPR42MB178.048d.mgd.msft.net> I?m able to ssh with the key I have created and saved in one of the nodes by: # ssh ?I key Ubuntu at floating_ip But I want to be able to use it from the putty directly. I don?t understand why it works for the cirros instance but not the instance that was launched by Ubuntu instance. From: Abel Lopez [mailto:alopgeek at gmail.com] Sent: Thursday, July 02, 2015 11:36 AM To: Adyanthaya, Aishwarya Cc: openstack-operators at lists.openstack.org Subject: Re: [Openstack-operators] Snapshots in dashboard. Ok, good, make sure you're selecting a public key when you launch it, and ssh as the "ubuntu" user. On Wednesday, July 1, 2015, > wrote: This is the image I downloaded on my machine from the Ubuntu cloud images: wget -P /tmp/images http://uec-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img From: Abel Lopez [mailto:alopgeek at gmail.com] Sent: Thursday, July 02, 2015 11:17 AM To: Adyanthaya, Aishwarya Cc: openstack-operators at lists.openstack.org Subject: Re: [Openstack-operators] Snapshots in dashboard. Ah, perhaps your public key isn't being installed. Are you using the official Ubuntu cloud images (or something based off that)? Or are you using a desktop/VMware image? Reason I ask is that cloud-init is an integral part of getting things like user-data and ssh keys setup at the initial build, and that might be missing from your image. AFAIK, Cirros isn't meant for any real use, not sure if it's dpkg based. On Wednesday, July 1, 2015, > wrote: Yes, that?s right. I used the glance image-update command and got it to public ?Yes?. The thing here is that, when I launch a cirros image I?m able to access it through the putty session but while using the Ubuntu image it prompts me as ?Disconnected: No supported authentications available.? I don?t mind using cirros but when I try to run apt-get update command, it gives me ?command not found?. From: Abel Lopez [mailto:alopgeek at gmail.com] Sent: Thursday, July 02, 2015 10:55 AM To: Adyanthaya, Aishwarya Cc: openstack-operators at lists.openstack.org Subject: Re: [Openstack-operators] Snapshots in dashboard. You probably could via the glance cli, but do you really want to? A public image is bootable by all tenants, which is fine, but an instance snapshot is more intended for like backups or scaling. Are you trying to make public images for all your tenants? On Wednesday, July 1, 2015, > wrote: Hi, I created a snapshot from the instance I configured through the dashboard. When I go the images in the compute tab, I can see my snapshot has being created but the public tab there reads ?No?. Is there a way byb which I can change it to a ?Yes?. Thank you in advance! Aishwarya Adyanthaya ________________________________ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. ______________________________________________________________________________________ www.accenture.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From mrunge at redhat.com Thu Jul 2 06:48:11 2015 From: mrunge at redhat.com (Matthias Runge) Date: Thu, 2 Jul 2015 08:48:11 +0200 Subject: [Openstack-operators] Snapshots in dashboard. In-Reply-To: <2f2477cbf07d405685a9a901f19384fd@BLUPR42MB178.048d.mgd.msft.net> References: <58da0afb5ecf44e6bfc3897e59110464@BLUPR42MB178.048d.mgd.msft.net> <9c8c5f4ad13c4b1cbbe0e29fefc3f22d@BLUPR42MB178.048d.mgd.msft.net> <2f2477cbf07d405685a9a901f19384fd@BLUPR42MB178.048d.mgd.msft.net> Message-ID: <5594DEAB.4050605@redhat.com> On 02/07/15 08:11, aishwarya.adyanthaya at accenture.com wrote: > I?m able to ssh with the key I have created and saved in one of the > nodes by: > > # ssh ?I key Ubuntu at floating_ip > > But I want to be able to use it from the putty directly. I don?t > understand why it works for the cirros instance but not the instance > that was launched by Ubuntu instance. > So, the way it works is: create a ssh-key, if you haven't already done: ssh-keygen -t rsa -b 4096 (generate rsa key with 4096 bits), your preferences may vary. You'd be prompted where to store this, you get 2 pieces, a public and a private key. You'll need to add (copy&paste) the public key to key pairs section in Access and security panel in the dashboard. During bootup, this key will be injected in your instance. When ssh'ing to the instance, make sure your ssh uses the corresponding private key and also uses the right user name (I have no idea, which one is that for ubuntu, that needs to be documented there). usually, one would configure such things in .ssh/config If you're using putty, there is an option to set the username and the private key to be used. All dirty details here here[1]. Matthias [1] http://docs.openstack.org/user-guide/dashboard_launch_instances.html From vlad at s10.in Thu Jul 2 08:07:51 2015 From: vlad at s10.in (Vladislav Gusev) Date: Thu, 2 Jul 2015 11:07:51 +0300 Subject: [Openstack-operators] Config Drive has no content/0000 In-Reply-To: References: Message-ID: > I have the following lines in nova.conf: > > force_config_drive = always > config_drive_cdrom = True > > Whenever I launch an instance, I can see a content directory in the config > drive > > openstack/content/0000 contains all network interfaces. > > I can simply configure the static IP address from openstack/content/0000. > > Now I have a new openstack cluster setup and I cannot see this content > directory when I launch a VM. > > I checked my configuration files and I can't find any difference with my > old cluster. > Hello, You may also check option flat_injected in nova.conf. It should be true on nova-compute hosts. And injected_network_template option should point to existing template file. -- Vlad -------------- next part -------------- An HTML attachment was scrubbed... URL: From chdent at redhat.com Thu Jul 2 10:36:06 2015 From: chdent at redhat.com (Chris Dent) Date: Thu, 2 Jul 2015 11:36:06 +0100 (BST) Subject: [Openstack-operators] [openstack-dev] [ceilometer] virtual mid-cycle planning In-Reply-To: References: Message-ID: The voting related to the ceilometer mid-cylce is now closed. Prad and I will work to come up with a proposed schedule. Some general comments: As there is limited time not all topics proposed will be addressed. To maximize value for the sessions that got an above average number of votes, we will be cutting off the topics that did not with some severity. For those topics for which was a small number of votes it may be worthwhile for people to arrange their own small meetings with other interested parties. Just because a topic isn't going to be on the schedule that doesn't mean it is not important, it simply means that the right people weren't paying attention in the past few days. They may be later. Unfortunately when building the schedule we will be unable to accomodate concurrent sessions because of the small number of participants (everyone wants to go to the same stuff). It's looking like, based on the voting, we should go for 3 days, with the third day being an optional sprint day. Some topics are broad enough that having a session on day 1 (to figure out what matters) and day 2 (do something about it) probably makes sense. The primary zone of time overlap is the Euro-afternoon, followed by the Euro-morning. Thank you to those of you who are not local to Europe who were willing to stretch a bit to make the scheduling a bit easier. Topics will need leaders. Visit the relevant etherpads to find the summary information and links to a planning spreadsheet and volunteer to lead if you like. -- Chris Dent tw:@anticdent freenode:cdent https://tank.peermore.com/tanks/cdent From chdent at redhat.com Thu Jul 2 11:01:32 2015 From: chdent at redhat.com (Chris Dent) Date: Thu, 2 Jul 2015 12:01:32 +0100 (BST) Subject: [Openstack-operators] [openstack-dev] [ceilometer] virtual mid-cycle planning In-Reply-To: References: Message-ID: On Thu, 2 Jul 2015, Chris Dent wrote: > The voting related to the ceilometer mid-cylce is now closed. Prad and I > will work to come up with a proposed schedule. Can interested participants please make sure they are up to date on http://doodle.com/6vfksdu38wcwqqd3 with two consecutive days where they can be present (obviously ignore the dates that have already passed). If you can't do two consecutive days, that's okay, we'll try to put the stuff you care about on the day you can be around. Thanks. -- Chris Dent tw:@anticdent freenode:cdent https://tank.peermore.com/tanks/cdent From gfa at zumbi.com.ar Thu Jul 2 11:26:19 2015 From: gfa at zumbi.com.ar (gustavo panizzo (gfa)) Date: Thu, 2 Jul 2015 19:26:19 +0800 Subject: [Openstack-operators] openstack and xen Message-ID: <55951FDB.9050203@zumbi.com.ar> Hello has anybody moved from kvm to xen? i see the support for xen on nova's hypervisor support matrix got better on latest releases. we found hard to isolate noisy vm on kvm, and the network problem (i sent on another email) is killing us besides, xen being used by rackspace and aws is not bad publicity at all so, is anybody using xen? what are they using? xenserver from citrix, xen4centos, xen on ubuntu, xen+libvirt? what are the results? I used xen all the time before start to use openstack, i remember it being great, but i never managed workload/fleet the same size as i do today with openstack/kvm so i'm not sure thanks! -- 1AE0 322E B8F7 4717 BDEA BF1D 44BB 1BA7 9F6C 6333 keybase: http://keybase.io/gfa From tom at openstack.org Thu Jul 2 12:57:25 2015 From: tom at openstack.org (Tom Fifield) Date: Thu, 02 Jul 2015 20:57:25 +0800 Subject: [Openstack-operators] [tags] Meeting this week - in an hour :) In-Reply-To: <5590CC1D.1010809@openstack.org> References: <5590CC1D.1010809@openstack.org> Message-ID: <55953535.3090509@openstack.org> Hi taggers, Reminder - we have a meeting in about an hour (1400 UTC) Hope to see you in #openstack-meeting on freenode IRC. Regards, Tom On 29/06/15 12:39, Tom Fifield wrote: > Hi, > > As noted last meeting, we didn't get even half way through out agenda, > so we will meet this week as well. > > So, join us this Thursday Jul 2nd 1400 UTC in #openstack-meeting on > freenode > (http://www.timeanddate.com/worldclock/fixedtime.html?iso=20150702T1400 ) > > To kick off with agenda item #4: > https://etherpad.openstack.org/p/ops-tags-June-2015 > > Previous meeting notes can be found at: > http://eavesdrop.openstack.org/meetings/ops_tags/2015/ > > > Regards, > > > Tom > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > From henriquecostatruta at gmail.com Thu Jul 2 14:12:22 2015 From: henriquecostatruta at gmail.com (Henrique Truta) Date: Thu, 02 Jul 2015 14:12:22 +0000 Subject: [Openstack-operators] [keystone][all] Deprecating slash ('/') in project names Message-ID: Hi everyone, In Kilo, keystone introduced the concept of Hierarchical Multitenancy[1], which allows cloud operators to organize projects in hierarchies. This concept is evolving in Liberty, with the addition of the Reseller use case[2], where among other features, it?ll have hierarchies of domains by making the domain concept a feature of projects and not a different entity: from now on, every domain will be treated as a project that has the ?is_domain? property set to True. Currently, getting a project scoped token can be made by only passing the project name and the domain it belongs to, once project names are unique between domains. However with those hierarchies of projects, in M we intend to remove this constraint in order to make a project name unique only in its level in the hierarchy (project parent). In other words, it won?t be possible to have sibling projects with the same name. For example. the following hierarchy will be valid: A - project with the domain feature / \ B C - ?pure? projects, children of A | | A B - ?pure? projects, children of B and C respectively Therefore, the cloud user faces some problems when getting a project scoped token by name to projects A or B, since keystone won?t be able to distinguish them only by their names. The best way to solve this problem is providing the full hierarchy, like ?A/B/A?, ?A/B?, ?A/C/B? and so on. To achieve this, we intend to deprecate the ?/? character in project names in Liberty and prohibit it in M, removing/replacing this character in a database migration**. Do you have some strong reason to keep using this character in project names? How bad would it be for existing deploys? We?d like to hear from you. Best regards, Henrique ** LDAP as assignment backend does not support Hierarchical Multitenancy. This change will be only applied to SQL backends. [1] http://specs.openstack.org/openstack/keystone-specs/specs/juno/hierarchical_multitenancy.html [2] http://specs.openstack.org/openstack/keystone-specs/specs/kilo/reseller.html -------------- next part -------------- An HTML attachment was scrubbed... URL: From tom at openstack.org Thu Jul 2 15:23:31 2015 From: tom at openstack.org (Tom Fifield) Date: Thu, 02 Jul 2015 23:23:31 +0800 Subject: [Openstack-operators] Scaling the Ops Meetup In-Reply-To: <559396C5.3080104@openstack.org> References: <55921C03.5060303@openstack.org> <559396C5.3080104@openstack.org> Message-ID: <55955773.3050000@openstack.org> OK, so I'm just going to throw this one out there to re-stoke the discussion ... Venue selection process. At the moment, there's a few of us who work hard in the shadows to make the best choice we can from a range of generous offers :) In our brave new world, I think this should be a bit more open, what do you think? What kind of structure do we need to make the best decision? Regards, Tom On 01/07/15 15:29, Tom Fifield wrote: > Team, > > It's great to see so much passion! :) > > Here's an attempt at a summary email. I'll wait until a later email to > wade into the discussion myself ;) Feel free to jump in on any point. > > =Things we tend to agree on= > "Spirit of the event" > * The response most people had in common was that they didn't want to > see vendor booths :) Several others noted the importance that the event > should remain accessible and ensure there were no barriers to > attendance, space for networking with others and sharing information > about deployments without fear of vendor harassment. > > Multiple Sponsors > * are OK, but they are more like underwriters who should be OK with only > modest acknowledgement (see previous: no booths). Preference for > operator sponsors. Several ways to recognise them possible. > > Current Schedule Format > * It appeared like the current format is working well in general, but > could do with minor tweaks. > > > =Things still under discussion= > Sell Tickets > * Many people agreed that some moderate form of ticketing could be OK, > but the question remains to what extent this should be priced ("low > fee"? $100-200? "cover costs"?). A strong counterpoint was that paid > ticketing makes it less accessible (see "spirit"), prevents some local > attendance, and is unfair to smaller operators, though others noted that > it may be the only practical way to raise funds in the future. > > Break into Regional Events > * A number of viewpoints, ranging from "multiple regional events" to > "one event only [maybe with a travel fund]" to "one event that moves > around [maybe even outside USA]" to "make it in the centre of USA for > easier travel on average". > > > Capping Numbers (inc. Limit Attendees per Company) > * A lot of disagreement here. Many argued that any kind of cap or > barrier to entry detracts from the accessibility of the event. Others > put forth that too few restrictions could dilute the ops-heavy attendee > base, and implied that large companies might send too many people. > > > Multiple Tracks > * To help deal with room size, we could split into multiple tracks. The > ideal number of tracks is not clear at this stage. > > Evening Event > * Several people said they found the PHL evening event uncomfortably > packed, and suggested cancelling it on this basis, or on the basis of > cost. Suggested alternate was posting a list of nearby venues. > > Lightening Talks > * Have lightening talks, perhaps by renaming "show and tell". More of > them? Arranged differently? Unclear. > > =Ideas= > * Video Recording - Might be worth a shot, starting small. > * Travel Fund, Scholarship Fund, Slush Fund > * Use Universities during the summer break for venues > > =Open Questions= > * How will the number of attendees grow? > * What are the costs involved in hosting one of these events? > * Stuff about the summit - probably need a different thread for this > > > Regards, > > > Tom > > > > > On 30/06/15 12:33, Tom Fifield wrote: >> Hi all, >> >> Right now, behind-the-scenes, we're working on getting a venue for next >> ops mid-cycle. It's taking a little longer than normal, but rest assured >> it is happening. >> >> Why is it so difficult? As you may have noticed, we're reaching the size >> of event where both physically and financially, only the largest >> organisations can host us. >> >> We thought we might get away with organising this one old-school with a >> single host and sponsor. Then, for the next, start a brainstorming >> discussion with you about how we scale these events into the future - >> since once we get up and beyond a few hundred people, we're looking at >> having to hire a venue as well as make some changes to the format of the >> event. >> >> However, it seems that even this might be too late. We already had a >> company that proposed to host the meetup at a west coast US hotel >> instead of their place, and wanted to scope out other companies to >> sponsor food. >> >> This would be a change in the model, so let's commence the discussion of >> how we want to scale this event :) >> >> So far I've heard things like: >> * "my $CORPORATE_BENEFACTOR would be fine to share sponsorship with others" >> * "I really don't want to get to the point where we want booths at the >> ops meetup" >> >> Which are promising! It seems like we have a shared understanding of >> what to take this forward with. >> >> So, as the ops meetup grows - what would it look like for you? >> >> How do you think we can manage the venue selection and financial side of >> things? What about the session layout and the scheduling with the >> growing numbers of attendees? >> >> Current data can be found at >> https://wiki.openstack.org/wiki/Operations/Meetups#Venue_Selection . >> >> I would also be interested in your thoughts about how these events have >> only been in a limited geographical area so far, and how we can address >> that issue. >> >> >> Regards, >> >> >> Tom >> >> >> >> _______________________________________________ >> OpenStack-operators mailing list >> OpenStack-operators at lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > From alopgeek at gmail.com Thu Jul 2 16:19:42 2015 From: alopgeek at gmail.com (Abel Lopez) Date: Thu, 2 Jul 2015 09:19:42 -0700 Subject: [Openstack-operators] Snapshots in dashboard. In-Reply-To: <2f2477cbf07d405685a9a901f19384fd@BLUPR42MB178.048d.mgd.msft.net> References: <58da0afb5ecf44e6bfc3897e59110464@BLUPR42MB178.048d.mgd.msft.net> <9c8c5f4ad13c4b1cbbe0e29fefc3f22d@BLUPR42MB178.048d.mgd.msft.net> <2f2477cbf07d405685a9a901f19384fd@BLUPR42MB178.048d.mgd.msft.net> Message-ID: <8D3315B6-BB44-427B-AA90-25380189A12A@gmail.com> You may have to configure Putty to use the key you created. I'm not a windows user, so I don't remember exactly the steps required, but I don't think it "by default" tries your keys. OpenSSH, for example, will look in .ssh/ for id_rsa/id_dsa/id_ecdsa and try all those behind the scenes (you can see this if you use -v) I think maybe this link might help: https://community.hpcloud.com/question/201/how-use-putty-connect-my-cloud-ubuntu-image-how-provide-my-private-key-putty > On Jul 1, 2015, at 11:11 PM, aishwarya.adyanthaya at accenture.com wrote: > > I?m able to ssh with the key I have created and saved in one of the nodes by: > > # ssh ?I key Ubuntu at floating_ip > > But I want to be able to use it from the putty directly. I don?t understand why it works for the cirros instance but not the instance that was launched by Ubuntu instance. > > From: Abel Lopez [mailto:alopgeek at gmail.com] > Sent: Thursday, July 02, 2015 11:36 AM > To: Adyanthaya, Aishwarya > Cc: openstack-operators at lists.openstack.org > Subject: Re: [Openstack-operators] Snapshots in dashboard. > > Ok, good, make sure you're selecting a public key when you launch it, and ssh as the "ubuntu" user. > > On Wednesday, July 1, 2015, > wrote: > This is the image I downloaded on my machine from the Ubuntu cloud images: > > wget -P /tmp/images http://uec-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img > > > From: Abel Lopez [mailto:alopgeek at gmail.com <>] > Sent: Thursday, July 02, 2015 11:17 AM > To: Adyanthaya, Aishwarya > Cc: openstack-operators at lists.openstack.org <> > Subject: Re: [Openstack-operators] Snapshots in dashboard. > > Ah, perhaps your public key isn't being installed. Are you using the official Ubuntu cloud images (or something based off that)? Or are you using a desktop/VMware image? > Reason I ask is that cloud-init is an integral part of getting things like user-data and ssh keys setup at the initial build, and that might be missing from your image. > AFAIK, Cirros isn't meant for any real use, not sure if it's dpkg based. > > On Wednesday, July 1, 2015, > wrote: > > Yes, that?s right. I used the glance image-update command and got it to public ?Yes?. > > The thing here is that, when I launch a cirros image I?m able to access it through the putty session but while using the Ubuntu image it prompts me as ?Disconnected: No supported authentications available.? > > I don?t mind using cirros but when I try to run apt-get update command, it gives me ?command not found?. > > From: Abel Lopez [mailto:alopgeek at gmail.com ] > Sent: Thursday, July 02, 2015 10:55 AM > To: Adyanthaya, Aishwarya > Cc: openstack-operators at lists.openstack.org > Subject: Re: [Openstack-operators] Snapshots in dashboard. > > You probably could via the glance cli, but do you really want to? > A public image is bootable by all tenants, which is fine, but an instance snapshot is more intended for like backups or scaling. > Are you trying to make public images for all your tenants? > > On Wednesday, July 1, 2015, > wrote: > Hi, > > I created a snapshot from the instance I configured through the dashboard. When I go the images in the compute tab, I can see my snapshot has being created but the public tab there reads ?No?. Is there a way byb which I can change it to a ?Yes?. > > Thank you in advance! > > Aishwarya Adyanthaya > > > This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. > ______________________________________________________________________________________ > > www.accenture.com -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 496 bytes Desc: Message signed with OpenPGP using GPGMail URL: From jlk at bluebox.net Thu Jul 2 18:15:02 2015 From: jlk at bluebox.net (Jesse Keating) Date: Thu, 2 Jul 2015 11:15:02 -0700 Subject: [Openstack-operators] Scaling the Ops Meetup In-Reply-To: <55955773.3050000@openstack.org> References: <55921C03.5060303@openstack.org> <559396C5.3080104@openstack.org> <55955773.3050000@openstack.org> Message-ID: Honestly I'm fine with the elected board helping to make this decision. Folks that want to underwrite the event can submit a proposal to host, board picks from the submissions? Having a wide vote on it seems overkill to me. Open call for submissions, board votes. Is that unreasonable? - jlk On Thu, Jul 2, 2015 at 8:23 AM, Tom Fifield wrote: > OK, so I'm just going to throw this one out there to re-stoke the > discussion ... > > Venue selection process. > > At the moment, there's a few of us who work hard in the shadows to make > the best choice we can from a range of generous offers :) > > In our brave new world, I think this should be a bit more open, what do > you think? > > What kind of structure do we need to make the best decision? > > > Regards, > > > Tom > > > On 01/07/15 15:29, Tom Fifield wrote: > > Team, > > > > It's great to see so much passion! :) > > > > Here's an attempt at a summary email. I'll wait until a later email to > > wade into the discussion myself ;) Feel free to jump in on any point. > > > > =Things we tend to agree on= > > "Spirit of the event" > > * The response most people had in common was that they didn't want to > > see vendor booths :) Several others noted the importance that the event > > should remain accessible and ensure there were no barriers to > > attendance, space for networking with others and sharing information > > about deployments without fear of vendor harassment. > > > > Multiple Sponsors > > * are OK, but they are more like underwriters who should be OK with only > > modest acknowledgement (see previous: no booths). Preference for > > operator sponsors. Several ways to recognise them possible. > > > > Current Schedule Format > > * It appeared like the current format is working well in general, but > > could do with minor tweaks. > > > > > > =Things still under discussion= > > Sell Tickets > > * Many people agreed that some moderate form of ticketing could be OK, > > but the question remains to what extent this should be priced ("low > > fee"? $100-200? "cover costs"?). A strong counterpoint was that paid > > ticketing makes it less accessible (see "spirit"), prevents some local > > attendance, and is unfair to smaller operators, though others noted that > > it may be the only practical way to raise funds in the future. > > > > Break into Regional Events > > * A number of viewpoints, ranging from "multiple regional events" to > > "one event only [maybe with a travel fund]" to "one event that moves > > around [maybe even outside USA]" to "make it in the centre of USA for > > easier travel on average". > > > > > > Capping Numbers (inc. Limit Attendees per Company) > > * A lot of disagreement here. Many argued that any kind of cap or > > barrier to entry detracts from the accessibility of the event. Others > > put forth that too few restrictions could dilute the ops-heavy attendee > > base, and implied that large companies might send too many people. > > > > > > Multiple Tracks > > * To help deal with room size, we could split into multiple tracks. The > > ideal number of tracks is not clear at this stage. > > > > Evening Event > > * Several people said they found the PHL evening event uncomfortably > > packed, and suggested cancelling it on this basis, or on the basis of > > cost. Suggested alternate was posting a list of nearby venues. > > > > Lightening Talks > > * Have lightening talks, perhaps by renaming "show and tell". More of > > them? Arranged differently? Unclear. > > > > =Ideas= > > * Video Recording - Might be worth a shot, starting small. > > * Travel Fund, Scholarship Fund, Slush Fund > > * Use Universities during the summer break for venues > > > > =Open Questions= > > * How will the number of attendees grow? > > * What are the costs involved in hosting one of these events? > > * Stuff about the summit - probably need a different thread for this > > > > > > Regards, > > > > > > Tom > > > > > > > > > > On 30/06/15 12:33, Tom Fifield wrote: > >> Hi all, > >> > >> Right now, behind-the-scenes, we're working on getting a venue for next > >> ops mid-cycle. It's taking a little longer than normal, but rest assured > >> it is happening. > >> > >> Why is it so difficult? As you may have noticed, we're reaching the size > >> of event where both physically and financially, only the largest > >> organisations can host us. > >> > >> We thought we might get away with organising this one old-school with a > >> single host and sponsor. Then, for the next, start a brainstorming > >> discussion with you about how we scale these events into the future - > >> since once we get up and beyond a few hundred people, we're looking at > >> having to hire a venue as well as make some changes to the format of the > >> event. > >> > >> However, it seems that even this might be too late. We already had a > >> company that proposed to host the meetup at a west coast US hotel > >> instead of their place, and wanted to scope out other companies to > >> sponsor food. > >> > >> This would be a change in the model, so let's commence the discussion of > >> how we want to scale this event :) > >> > >> So far I've heard things like: > >> * "my $CORPORATE_BENEFACTOR would be fine to share sponsorship with > others" > >> * "I really don't want to get to the point where we want booths at the > >> ops meetup" > >> > >> Which are promising! It seems like we have a shared understanding of > >> what to take this forward with. > >> > >> So, as the ops meetup grows - what would it look like for you? > >> > >> How do you think we can manage the venue selection and financial side of > >> things? What about the session layout and the scheduling with the > >> growing numbers of attendees? > >> > >> Current data can be found at > >> https://wiki.openstack.org/wiki/Operations/Meetups#Venue_Selection . > >> > >> I would also be interested in your thoughts about how these events have > >> only been in a limited geographical area so far, and how we can address > >> that issue. > >> > >> > >> Regards, > >> > >> > >> Tom > >> > >> > >> > >> _______________________________________________ > >> OpenStack-operators mailing list > >> OpenStack-operators at lists.openstack.org > >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > >> > > > > > > _______________________________________________ > > OpenStack-operators mailing list > > OpenStack-operators at lists.openstack.org > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at nycresistor.com Thu Jul 2 18:21:59 2015 From: matt at nycresistor.com (Matt Joyce) Date: Thu, 02 Jul 2015 18:21:59 +0000 Subject: [Openstack-operators] Scaling the Ops Meetup In-Reply-To: References: <55921C03.5060303@openstack.org> <559396C5.3080104@openstack.org> <55955773.3050000@openstack.org> Message-ID: <37D93D8F-AF47-417F-8B02-D6BB1938EDB9@nycresistor.com> +1 On July 2, 2015 2:15:02 PM EDT, Jesse Keating wrote: >Honestly I'm fine with the elected board helping to make this decision. >Folks that want to underwrite the event can submit a proposal to host, >board picks from the submissions? Having a wide vote on it seems >overkill >to me. > >Open call for submissions, board votes. Is that unreasonable? > > >- jlk > >On Thu, Jul 2, 2015 at 8:23 AM, Tom Fifield wrote: > >> OK, so I'm just going to throw this one out there to re-stoke the >> discussion ... >> >> Venue selection process. >> >> At the moment, there's a few of us who work hard in the shadows to >make >> the best choice we can from a range of generous offers :) >> >> In our brave new world, I think this should be a bit more open, what >do >> you think? >> >> What kind of structure do we need to make the best decision? >> >> >> Regards, >> >> >> Tom >> >> >> On 01/07/15 15:29, Tom Fifield wrote: >> > Team, >> > >> > It's great to see so much passion! :) >> > >> > Here's an attempt at a summary email. I'll wait until a later email >to >> > wade into the discussion myself ;) Feel free to jump in on any >point. >> > >> > =Things we tend to agree on= >> > "Spirit of the event" >> > * The response most people had in common was that they didn't want >to >> > see vendor booths :) Several others noted the importance that the >event >> > should remain accessible and ensure there were no barriers to >> > attendance, space for networking with others and sharing >information >> > about deployments without fear of vendor harassment. >> > >> > Multiple Sponsors >> > * are OK, but they are more like underwriters who should be OK with >only >> > modest acknowledgement (see previous: no booths). Preference for >> > operator sponsors. Several ways to recognise them possible. >> > >> > Current Schedule Format >> > * It appeared like the current format is working well in general, >but >> > could do with minor tweaks. >> > >> > >> > =Things still under discussion= >> > Sell Tickets >> > * Many people agreed that some moderate form of ticketing could be >OK, >> > but the question remains to what extent this should be priced ("low >> > fee"? $100-200? "cover costs"?). A strong counterpoint was that >paid >> > ticketing makes it less accessible (see "spirit"), prevents some >local >> > attendance, and is unfair to smaller operators, though others noted >that >> > it may be the only practical way to raise funds in the future. >> > >> > Break into Regional Events >> > * A number of viewpoints, ranging from "multiple regional events" >to >> > "one event only [maybe with a travel fund]" to "one event that >moves >> > around [maybe even outside USA]" to "make it in the centre of USA >for >> > easier travel on average". >> > >> > >> > Capping Numbers (inc. Limit Attendees per Company) >> > * A lot of disagreement here. Many argued that any kind of cap or >> > barrier to entry detracts from the accessibility of the event. >Others >> > put forth that too few restrictions could dilute the ops-heavy >attendee >> > base, and implied that large companies might send too many people. >> > >> > >> > Multiple Tracks >> > * To help deal with room size, we could split into multiple tracks. >The >> > ideal number of tracks is not clear at this stage. >> > >> > Evening Event >> > * Several people said they found the PHL evening event >uncomfortably >> > packed, and suggested cancelling it on this basis, or on the basis >of >> > cost. Suggested alternate was posting a list of nearby venues. >> > >> > Lightening Talks >> > * Have lightening talks, perhaps by renaming "show and tell". More >of >> > them? Arranged differently? Unclear. >> > >> > =Ideas= >> > * Video Recording - Might be worth a shot, starting small. >> > * Travel Fund, Scholarship Fund, Slush Fund >> > * Use Universities during the summer break for venues >> > >> > =Open Questions= >> > * How will the number of attendees grow? >> > * What are the costs involved in hosting one of these events? >> > * Stuff about the summit - probably need a different thread for >this >> > >> > >> > Regards, >> > >> > >> > Tom >> > >> > >> > >> > >> > On 30/06/15 12:33, Tom Fifield wrote: >> >> Hi all, >> >> >> >> Right now, behind-the-scenes, we're working on getting a venue for >next >> >> ops mid-cycle. It's taking a little longer than normal, but rest >assured >> >> it is happening. >> >> >> >> Why is it so difficult? As you may have noticed, we're reaching >the size >> >> of event where both physically and financially, only the largest >> >> organisations can host us. >> >> >> >> We thought we might get away with organising this one old-school >with a >> >> single host and sponsor. Then, for the next, start a brainstorming >> >> discussion with you about how we scale these events into the >future - >> >> since once we get up and beyond a few hundred people, we're >looking at >> >> having to hire a venue as well as make some changes to the format >of the >> >> event. >> >> >> >> However, it seems that even this might be too late. We already had >a >> >> company that proposed to host the meetup at a west coast US hotel >> >> instead of their place, and wanted to scope out other companies to >> >> sponsor food. >> >> >> >> This would be a change in the model, so let's commence the >discussion of >> >> how we want to scale this event :) >> >> >> >> So far I've heard things like: >> >> * "my $CORPORATE_BENEFACTOR would be fine to share sponsorship >with >> others" >> >> * "I really don't want to get to the point where we want booths at >the >> >> ops meetup" >> >> >> >> Which are promising! It seems like we have a shared understanding >of >> >> what to take this forward with. >> >> >> >> So, as the ops meetup grows - what would it look like for you? >> >> >> >> How do you think we can manage the venue selection and financial >side of >> >> things? What about the session layout and the scheduling with the >> >> growing numbers of attendees? >> >> >> >> Current data can be found at >> >> https://wiki.openstack.org/wiki/Operations/Meetups#Venue_Selection >. >> >> >> >> I would also be interested in your thoughts about how these events >have >> >> only been in a limited geographical area so far, and how we can >address >> >> that issue. >> >> >> >> >> >> Regards, >> >> >> >> >> >> Tom >> >> >> >> >> >> >> >> _______________________________________________ >> >> OpenStack-operators mailing list >> >> OpenStack-operators at lists.openstack.org >> >> >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> >> >> > >> > >> > _______________________________________________ >> > OpenStack-operators mailing list >> > OpenStack-operators at lists.openstack.org >> > >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> > >> >> >> _______________________________________________ >> OpenStack-operators mailing list >> OpenStack-operators at lists.openstack.org >> >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> > > >------------------------------------------------------------------------ > >_______________________________________________ >OpenStack-operators mailing list >OpenStack-operators at lists.openstack.org >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at mattfischer.com Thu Jul 2 18:23:24 2015 From: matt at mattfischer.com (Matt Fischer) Date: Thu, 2 Jul 2015 12:23:24 -0600 Subject: [Openstack-operators] Scaling the Ops Meetup In-Reply-To: References: <55921C03.5060303@openstack.org> <559396C5.3080104@openstack.org> <55955773.3050000@openstack.org> Message-ID: Are you proposing an Operators committee or do you mean the OpenStack BoD? On Thu, Jul 2, 2015 at 12:15 PM, Jesse Keating wrote: > Honestly I'm fine with the elected board helping to make this decision. > Folks that want to underwrite the event can submit a proposal to host, > board picks from the submissions? Having a wide vote on it seems overkill > to me. > > Open call for submissions, board votes. Is that unreasonable? > > > - jlk > > On Thu, Jul 2, 2015 at 8:23 AM, Tom Fifield wrote: > >> OK, so I'm just going to throw this one out there to re-stoke the >> discussion ... >> >> Venue selection process. >> >> At the moment, there's a few of us who work hard in the shadows to make >> the best choice we can from a range of generous offers :) >> >> In our brave new world, I think this should be a bit more open, what do >> you think? >> >> What kind of structure do we need to make the best decision? >> >> >> Regards, >> >> >> Tom >> >> >> On 01/07/15 15:29, Tom Fifield wrote: >> > Team, >> > >> > It's great to see so much passion! :) >> > >> > Here's an attempt at a summary email. I'll wait until a later email to >> > wade into the discussion myself ;) Feel free to jump in on any point. >> > >> > =Things we tend to agree on= >> > "Spirit of the event" >> > * The response most people had in common was that they didn't want to >> > see vendor booths :) Several others noted the importance that the event >> > should remain accessible and ensure there were no barriers to >> > attendance, space for networking with others and sharing information >> > about deployments without fear of vendor harassment. >> > >> > Multiple Sponsors >> > * are OK, but they are more like underwriters who should be OK with only >> > modest acknowledgement (see previous: no booths). Preference for >> > operator sponsors. Several ways to recognise them possible. >> > >> > Current Schedule Format >> > * It appeared like the current format is working well in general, but >> > could do with minor tweaks. >> > >> > >> > =Things still under discussion= >> > Sell Tickets >> > * Many people agreed that some moderate form of ticketing could be OK, >> > but the question remains to what extent this should be priced ("low >> > fee"? $100-200? "cover costs"?). A strong counterpoint was that paid >> > ticketing makes it less accessible (see "spirit"), prevents some local >> > attendance, and is unfair to smaller operators, though others noted that >> > it may be the only practical way to raise funds in the future. >> > >> > Break into Regional Events >> > * A number of viewpoints, ranging from "multiple regional events" to >> > "one event only [maybe with a travel fund]" to "one event that moves >> > around [maybe even outside USA]" to "make it in the centre of USA for >> > easier travel on average". >> > >> > >> > Capping Numbers (inc. Limit Attendees per Company) >> > * A lot of disagreement here. Many argued that any kind of cap or >> > barrier to entry detracts from the accessibility of the event. Others >> > put forth that too few restrictions could dilute the ops-heavy attendee >> > base, and implied that large companies might send too many people. >> > >> > >> > Multiple Tracks >> > * To help deal with room size, we could split into multiple tracks. The >> > ideal number of tracks is not clear at this stage. >> > >> > Evening Event >> > * Several people said they found the PHL evening event uncomfortably >> > packed, and suggested cancelling it on this basis, or on the basis of >> > cost. Suggested alternate was posting a list of nearby venues. >> > >> > Lightening Talks >> > * Have lightening talks, perhaps by renaming "show and tell". More of >> > them? Arranged differently? Unclear. >> > >> > =Ideas= >> > * Video Recording - Might be worth a shot, starting small. >> > * Travel Fund, Scholarship Fund, Slush Fund >> > * Use Universities during the summer break for venues >> > >> > =Open Questions= >> > * How will the number of attendees grow? >> > * What are the costs involved in hosting one of these events? >> > * Stuff about the summit - probably need a different thread for this >> > >> > >> > Regards, >> > >> > >> > Tom >> > >> > >> > >> > >> > On 30/06/15 12:33, Tom Fifield wrote: >> >> Hi all, >> >> >> >> Right now, behind-the-scenes, we're working on getting a venue for next >> >> ops mid-cycle. It's taking a little longer than normal, but rest >> assured >> >> it is happening. >> >> >> >> Why is it so difficult? As you may have noticed, we're reaching the >> size >> >> of event where both physically and financially, only the largest >> >> organisations can host us. >> >> >> >> We thought we might get away with organising this one old-school with a >> >> single host and sponsor. Then, for the next, start a brainstorming >> >> discussion with you about how we scale these events into the future - >> >> since once we get up and beyond a few hundred people, we're looking at >> >> having to hire a venue as well as make some changes to the format of >> the >> >> event. >> >> >> >> However, it seems that even this might be too late. We already had a >> >> company that proposed to host the meetup at a west coast US hotel >> >> instead of their place, and wanted to scope out other companies to >> >> sponsor food. >> >> >> >> This would be a change in the model, so let's commence the discussion >> of >> >> how we want to scale this event :) >> >> >> >> So far I've heard things like: >> >> * "my $CORPORATE_BENEFACTOR would be fine to share sponsorship with >> others" >> >> * "I really don't want to get to the point where we want booths at the >> >> ops meetup" >> >> >> >> Which are promising! It seems like we have a shared understanding of >> >> what to take this forward with. >> >> >> >> So, as the ops meetup grows - what would it look like for you? >> >> >> >> How do you think we can manage the venue selection and financial side >> of >> >> things? What about the session layout and the scheduling with the >> >> growing numbers of attendees? >> >> >> >> Current data can be found at >> >> https://wiki.openstack.org/wiki/Operations/Meetups#Venue_Selection . >> >> >> >> I would also be interested in your thoughts about how these events have >> >> only been in a limited geographical area so far, and how we can address >> >> that issue. >> >> >> >> >> >> Regards, >> >> >> >> >> >> Tom >> >> >> >> >> >> >> >> _______________________________________________ >> >> OpenStack-operators mailing list >> >> OpenStack-operators at lists.openstack.org >> >> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> >> >> > >> > >> > _______________________________________________ >> > OpenStack-operators mailing list >> > OpenStack-operators at lists.openstack.org >> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> > >> >> >> _______________________________________________ >> OpenStack-operators mailing list >> OpenStack-operators at lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jlk at bluebox.net Thu Jul 2 18:26:47 2015 From: jlk at bluebox.net (Jesse Keating) Date: Thu, 2 Jul 2015 11:26:47 -0700 Subject: [Openstack-operators] Scaling the Ops Meetup In-Reply-To: References: <55921C03.5060303@openstack.org> <559396C5.3080104@openstack.org> <55955773.3050000@openstack.org> Message-ID: BoD, unless they feel the need to delegate, at which point then maybe an Operators committee. But I'd hate to see more committees created. - jlk On Thu, Jul 2, 2015 at 11:23 AM, Matt Fischer wrote: > Are you proposing an Operators committee or do you mean the OpenStack BoD? > > On Thu, Jul 2, 2015 at 12:15 PM, Jesse Keating wrote: > >> Honestly I'm fine with the elected board helping to make this decision. >> Folks that want to underwrite the event can submit a proposal to host, >> board picks from the submissions? Having a wide vote on it seems overkill >> to me. >> >> Open call for submissions, board votes. Is that unreasonable? >> >> >> - jlk >> >> On Thu, Jul 2, 2015 at 8:23 AM, Tom Fifield wrote: >> >>> OK, so I'm just going to throw this one out there to re-stoke the >>> discussion ... >>> >>> Venue selection process. >>> >>> At the moment, there's a few of us who work hard in the shadows to make >>> the best choice we can from a range of generous offers :) >>> >>> In our brave new world, I think this should be a bit more open, what do >>> you think? >>> >>> What kind of structure do we need to make the best decision? >>> >>> >>> Regards, >>> >>> >>> Tom >>> >>> >>> On 01/07/15 15:29, Tom Fifield wrote: >>> > Team, >>> > >>> > It's great to see so much passion! :) >>> > >>> > Here's an attempt at a summary email. I'll wait until a later email to >>> > wade into the discussion myself ;) Feel free to jump in on any point. >>> > >>> > =Things we tend to agree on= >>> > "Spirit of the event" >>> > * The response most people had in common was that they didn't want to >>> > see vendor booths :) Several others noted the importance that the event >>> > should remain accessible and ensure there were no barriers to >>> > attendance, space for networking with others and sharing information >>> > about deployments without fear of vendor harassment. >>> > >>> > Multiple Sponsors >>> > * are OK, but they are more like underwriters who should be OK with >>> only >>> > modest acknowledgement (see previous: no booths). Preference for >>> > operator sponsors. Several ways to recognise them possible. >>> > >>> > Current Schedule Format >>> > * It appeared like the current format is working well in general, but >>> > could do with minor tweaks. >>> > >>> > >>> > =Things still under discussion= >>> > Sell Tickets >>> > * Many people agreed that some moderate form of ticketing could be OK, >>> > but the question remains to what extent this should be priced ("low >>> > fee"? $100-200? "cover costs"?). A strong counterpoint was that paid >>> > ticketing makes it less accessible (see "spirit"), prevents some local >>> > attendance, and is unfair to smaller operators, though others noted >>> that >>> > it may be the only practical way to raise funds in the future. >>> > >>> > Break into Regional Events >>> > * A number of viewpoints, ranging from "multiple regional events" to >>> > "one event only [maybe with a travel fund]" to "one event that moves >>> > around [maybe even outside USA]" to "make it in the centre of USA for >>> > easier travel on average". >>> > >>> > >>> > Capping Numbers (inc. Limit Attendees per Company) >>> > * A lot of disagreement here. Many argued that any kind of cap or >>> > barrier to entry detracts from the accessibility of the event. Others >>> > put forth that too few restrictions could dilute the ops-heavy attendee >>> > base, and implied that large companies might send too many people. >>> > >>> > >>> > Multiple Tracks >>> > * To help deal with room size, we could split into multiple tracks. The >>> > ideal number of tracks is not clear at this stage. >>> > >>> > Evening Event >>> > * Several people said they found the PHL evening event uncomfortably >>> > packed, and suggested cancelling it on this basis, or on the basis of >>> > cost. Suggested alternate was posting a list of nearby venues. >>> > >>> > Lightening Talks >>> > * Have lightening talks, perhaps by renaming "show and tell". More of >>> > them? Arranged differently? Unclear. >>> > >>> > =Ideas= >>> > * Video Recording - Might be worth a shot, starting small. >>> > * Travel Fund, Scholarship Fund, Slush Fund >>> > * Use Universities during the summer break for venues >>> > >>> > =Open Questions= >>> > * How will the number of attendees grow? >>> > * What are the costs involved in hosting one of these events? >>> > * Stuff about the summit - probably need a different thread for this >>> > >>> > >>> > Regards, >>> > >>> > >>> > Tom >>> > >>> > >>> > >>> > >>> > On 30/06/15 12:33, Tom Fifield wrote: >>> >> Hi all, >>> >> >>> >> Right now, behind-the-scenes, we're working on getting a venue for >>> next >>> >> ops mid-cycle. It's taking a little longer than normal, but rest >>> assured >>> >> it is happening. >>> >> >>> >> Why is it so difficult? As you may have noticed, we're reaching the >>> size >>> >> of event where both physically and financially, only the largest >>> >> organisations can host us. >>> >> >>> >> We thought we might get away with organising this one old-school with >>> a >>> >> single host and sponsor. Then, for the next, start a brainstorming >>> >> discussion with you about how we scale these events into the future - >>> >> since once we get up and beyond a few hundred people, we're looking at >>> >> having to hire a venue as well as make some changes to the format of >>> the >>> >> event. >>> >> >>> >> However, it seems that even this might be too late. We already had a >>> >> company that proposed to host the meetup at a west coast US hotel >>> >> instead of their place, and wanted to scope out other companies to >>> >> sponsor food. >>> >> >>> >> This would be a change in the model, so let's commence the discussion >>> of >>> >> how we want to scale this event :) >>> >> >>> >> So far I've heard things like: >>> >> * "my $CORPORATE_BENEFACTOR would be fine to share sponsorship with >>> others" >>> >> * "I really don't want to get to the point where we want booths at the >>> >> ops meetup" >>> >> >>> >> Which are promising! It seems like we have a shared understanding of >>> >> what to take this forward with. >>> >> >>> >> So, as the ops meetup grows - what would it look like for you? >>> >> >>> >> How do you think we can manage the venue selection and financial side >>> of >>> >> things? What about the session layout and the scheduling with the >>> >> growing numbers of attendees? >>> >> >>> >> Current data can be found at >>> >> https://wiki.openstack.org/wiki/Operations/Meetups#Venue_Selection . >>> >> >>> >> I would also be interested in your thoughts about how these events >>> have >>> >> only been in a limited geographical area so far, and how we can >>> address >>> >> that issue. >>> >> >>> >> >>> >> Regards, >>> >> >>> >> >>> >> Tom >>> >> >>> >> >>> >> >>> >> _______________________________________________ >>> >> OpenStack-operators mailing list >>> >> OpenStack-operators at lists.openstack.org >>> >> >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >>> >> >>> > >>> > >>> > _______________________________________________ >>> > OpenStack-operators mailing list >>> > OpenStack-operators at lists.openstack.org >>> > >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >>> > >>> >>> >>> _______________________________________________ >>> OpenStack-operators mailing list >>> OpenStack-operators at lists.openstack.org >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >>> >> >> >> _______________________________________________ >> OpenStack-operators mailing list >> OpenStack-operators at lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From openstack at medberry.net Thu Jul 2 18:32:15 2015 From: openstack at medberry.net (David Medberry) Date: Thu, 2 Jul 2015 12:32:15 -0600 Subject: [Openstack-operators] Scaling the Ops Meetup In-Reply-To: <55955773.3050000@openstack.org> References: <55921C03.5060303@openstack.org> <559396C5.3080104@openstack.org> <55955773.3050000@openstack.org> Message-ID: On Thu, Jul 2, 2015 at 9:23 AM, Tom Fifield wrote: > Venue selection process. > > At the moment, there's a few of us who work hard in the shadows to make > the best choice we can from a range of generous offers :) > > Many thanks. I know this is a bit of a PITA. > In our brave new world, I think this should be a bit more open, what do > you think? > Don't care if it is more open. I wish it would be more timely. If making it more open makes the decision and locale &c more timely, all for open. > > What kind of structure do we need to make the best decision? > The perfect is the enemy of the good (or something like malapropically paraphrased.) We like to say, JFDI. Name a spot, name a limit, make a reservation tool (or use an existing one like eventbrite), consider having "pocket" overflow amount you / someone judicially administers. -d -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at nycresistor.com Thu Jul 2 18:45:03 2015 From: matt at nycresistor.com (Matt Joyce) Date: Thu, 02 Jul 2015 18:45:03 +0000 Subject: [Openstack-operators] Scaling the Ops Meetup In-Reply-To: References: <55921C03.5060303@openstack.org> <559396C5.3080104@openstack.org> <55955773.3050000@openstack.org> Message-ID: I just assumed this whole outfit was ran by some shadowy kabal. I feel very disillusioned now. -Matt On July 2, 2015 2:26:47 PM EDT, Jesse Keating wrote: >BoD, unless they feel the need to delegate, at which point then maybe >an >Operators committee. But I'd hate to see more committees created. > > >- jlk > >On Thu, Jul 2, 2015 at 11:23 AM, Matt Fischer >wrote: > >> Are you proposing an Operators committee or do you mean the OpenStack >BoD? >> >> On Thu, Jul 2, 2015 at 12:15 PM, Jesse Keating >wrote: >> >>> Honestly I'm fine with the elected board helping to make this >decision. >>> Folks that want to underwrite the event can submit a proposal to >host, >>> board picks from the submissions? Having a wide vote on it seems >overkill >>> to me. >>> >>> Open call for submissions, board votes. Is that unreasonable? >>> >>> >>> - jlk >>> >>> On Thu, Jul 2, 2015 at 8:23 AM, Tom Fifield >wrote: >>> >>>> OK, so I'm just going to throw this one out there to re-stoke the >>>> discussion ... >>>> >>>> Venue selection process. >>>> >>>> At the moment, there's a few of us who work hard in the shadows to >make >>>> the best choice we can from a range of generous offers :) >>>> >>>> In our brave new world, I think this should be a bit more open, >what do >>>> you think? >>>> >>>> What kind of structure do we need to make the best decision? >>>> >>>> >>>> Regards, >>>> >>>> >>>> Tom >>>> >>>> >>>> On 01/07/15 15:29, Tom Fifield wrote: >>>> > Team, >>>> > >>>> > It's great to see so much passion! :) >>>> > >>>> > Here's an attempt at a summary email. I'll wait until a later >email to >>>> > wade into the discussion myself ;) Feel free to jump in on any >point. >>>> > >>>> > =Things we tend to agree on= >>>> > "Spirit of the event" >>>> > * The response most people had in common was that they didn't >want to >>>> > see vendor booths :) Several others noted the importance that the >event >>>> > should remain accessible and ensure there were no barriers to >>>> > attendance, space for networking with others and sharing >information >>>> > about deployments without fear of vendor harassment. >>>> > >>>> > Multiple Sponsors >>>> > * are OK, but they are more like underwriters who should be OK >with >>>> only >>>> > modest acknowledgement (see previous: no booths). Preference for >>>> > operator sponsors. Several ways to recognise them possible. >>>> > >>>> > Current Schedule Format >>>> > * It appeared like the current format is working well in general, >but >>>> > could do with minor tweaks. >>>> > >>>> > >>>> > =Things still under discussion= >>>> > Sell Tickets >>>> > * Many people agreed that some moderate form of ticketing could >be OK, >>>> > but the question remains to what extent this should be priced >("low >>>> > fee"? $100-200? "cover costs"?). A strong counterpoint was that >paid >>>> > ticketing makes it less accessible (see "spirit"), prevents some >local >>>> > attendance, and is unfair to smaller operators, though others >noted >>>> that >>>> > it may be the only practical way to raise funds in the future. >>>> > >>>> > Break into Regional Events >>>> > * A number of viewpoints, ranging from "multiple regional events" >to >>>> > "one event only [maybe with a travel fund]" to "one event that >moves >>>> > around [maybe even outside USA]" to "make it in the centre of USA >for >>>> > easier travel on average". >>>> > >>>> > >>>> > Capping Numbers (inc. Limit Attendees per Company) >>>> > * A lot of disagreement here. Many argued that any kind of cap or >>>> > barrier to entry detracts from the accessibility of the event. >Others >>>> > put forth that too few restrictions could dilute the ops-heavy >attendee >>>> > base, and implied that large companies might send too many >people. >>>> > >>>> > >>>> > Multiple Tracks >>>> > * To help deal with room size, we could split into multiple >tracks. The >>>> > ideal number of tracks is not clear at this stage. >>>> > >>>> > Evening Event >>>> > * Several people said they found the PHL evening event >uncomfortably >>>> > packed, and suggested cancelling it on this basis, or on the >basis of >>>> > cost. Suggested alternate was posting a list of nearby venues. >>>> > >>>> > Lightening Talks >>>> > * Have lightening talks, perhaps by renaming "show and tell". >More of >>>> > them? Arranged differently? Unclear. >>>> > >>>> > =Ideas= >>>> > * Video Recording - Might be worth a shot, starting small. >>>> > * Travel Fund, Scholarship Fund, Slush Fund >>>> > * Use Universities during the summer break for venues >>>> > >>>> > =Open Questions= >>>> > * How will the number of attendees grow? >>>> > * What are the costs involved in hosting one of these events? >>>> > * Stuff about the summit - probably need a different thread for >this >>>> > >>>> > >>>> > Regards, >>>> > >>>> > >>>> > Tom >>>> > >>>> > >>>> > >>>> > >>>> > On 30/06/15 12:33, Tom Fifield wrote: >>>> >> Hi all, >>>> >> >>>> >> Right now, behind-the-scenes, we're working on getting a venue >for >>>> next >>>> >> ops mid-cycle. It's taking a little longer than normal, but rest >>>> assured >>>> >> it is happening. >>>> >> >>>> >> Why is it so difficult? As you may have noticed, we're reaching >the >>>> size >>>> >> of event where both physically and financially, only the largest >>>> >> organisations can host us. >>>> >> >>>> >> We thought we might get away with organising this one old-school >with >>>> a >>>> >> single host and sponsor. Then, for the next, start a >brainstorming >>>> >> discussion with you about how we scale these events into the >future - >>>> >> since once we get up and beyond a few hundred people, we're >looking at >>>> >> having to hire a venue as well as make some changes to the >format of >>>> the >>>> >> event. >>>> >> >>>> >> However, it seems that even this might be too late. We already >had a >>>> >> company that proposed to host the meetup at a west coast US >hotel >>>> >> instead of their place, and wanted to scope out other companies >to >>>> >> sponsor food. >>>> >> >>>> >> This would be a change in the model, so let's commence the >discussion >>>> of >>>> >> how we want to scale this event :) >>>> >> >>>> >> So far I've heard things like: >>>> >> * "my $CORPORATE_BENEFACTOR would be fine to share sponsorship >with >>>> others" >>>> >> * "I really don't want to get to the point where we want booths >at the >>>> >> ops meetup" >>>> >> >>>> >> Which are promising! It seems like we have a shared >understanding of >>>> >> what to take this forward with. >>>> >> >>>> >> So, as the ops meetup grows - what would it look like for you? >>>> >> >>>> >> How do you think we can manage the venue selection and financial >side >>>> of >>>> >> things? What about the session layout and the scheduling with >the >>>> >> growing numbers of attendees? >>>> >> >>>> >> Current data can be found at >>>> >> >https://wiki.openstack.org/wiki/Operations/Meetups#Venue_Selection . >>>> >> >>>> >> I would also be interested in your thoughts about how these >events >>>> have >>>> >> only been in a limited geographical area so far, and how we can >>>> address >>>> >> that issue. >>>> >> >>>> >> >>>> >> Regards, >>>> >> >>>> >> >>>> >> Tom >>>> >> >>>> >> >>>> >> >>>> >> _______________________________________________ >>>> >> OpenStack-operators mailing list >>>> >> OpenStack-operators at lists.openstack.org >>>> >> >>>> >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >>>> >> >>>> > >>>> > >>>> > _______________________________________________ >>>> > OpenStack-operators mailing list >>>> > OpenStack-operators at lists.openstack.org >>>> > >>>> >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >>>> > >>>> >>>> >>>> _______________________________________________ >>>> OpenStack-operators mailing list >>>> OpenStack-operators at lists.openstack.org >>>> >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >>>> >>> >>> >>> _______________________________________________ >>> OpenStack-operators mailing list >>> OpenStack-operators at lists.openstack.org >>> >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >>> >>> >> > > >------------------------------------------------------------------------ > >_______________________________________________ >OpenStack-operators mailing list >OpenStack-operators at lists.openstack.org >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- An HTML attachment was scrubbed... URL: From hillad at gmail.com Thu Jul 2 20:29:23 2015 From: hillad at gmail.com (Andy Hill) Date: Thu, 2 Jul 2015 16:29:23 -0400 Subject: [Openstack-operators] Live Migration issues In-Reply-To: <96EC5A4F3149B74492D2D9B9B1602C27461C2E37@ORSMSX105.amr.corp.intel.com> References: <96EC5A4F3149B74492D2D9B9B1602C27461C2E37@ORSMSX105.amr.corp.intel.com> Message-ID: HP Gave a good talk on Live Migration in Vancouver: https://www.youtube.com/watch?v=Ule9V29Juww The talk has lots of details about failure scenarios and patches/workarounds. -AH On Tue, Jun 30, 2015 at 1:50 PM, Auld, Will wrote: > We?d like to get a better handle on issues around live migration and I > thought that all of you may be the most knowledgeable people. > > > > 1. In your own work do you see issues with live migration? What > issues and how critical are they? > > 2. How frequently do these issues occur? > > 3. What fixes or workarounds have you employed for these issues? > > > > Thanks, > > > > Will > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From openstack at medberry.net Thu Jul 2 21:25:21 2015 From: openstack at medberry.net (David Medberry) Date: Thu, 2 Jul 2015 15:25:21 -0600 Subject: [Openstack-operators] Live Migration issues In-Reply-To: References: <96EC5A4F3149B74492D2D9B9B1602C27461C2E37@ORSMSX105.amr.corp.intel.com> Message-ID: Yep Andy. I was double booked at this time, but thanks for the replay reminder. On Thu, Jul 2, 2015 at 2:29 PM, Andy Hill wrote: > HP Gave a good talk on Live Migration in Vancouver: > https://www.youtube.com/watch?v=Ule9V29Juww > > The talk has lots of details about failure scenarios and > patches/workarounds. > > -AH > > On Tue, Jun 30, 2015 at 1:50 PM, Auld, Will wrote: > >> We?d like to get a better handle on issues around live migration and I >> thought that all of you may be the most knowledgeable people. >> >> >> >> 1. In your own work do you see issues with live migration? What >> issues and how critical are they? >> >> 2. How frequently do these issues occur? >> >> 3. What fixes or workarounds have you employed for these issues? >> >> >> >> Thanks, >> >> >> >> Will >> >> _______________________________________________ >> OpenStack-operators mailing list >> OpenStack-operators at lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> >> > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From blair.bethwaite at gmail.com Fri Jul 3 08:19:09 2015 From: blair.bethwaite at gmail.com (Blair Bethwaite) Date: Fri, 3 Jul 2015 18:19:09 +1000 Subject: [Openstack-operators] KVM memory overcommit with fast swap In-Reply-To: References: Message-ID: Damnit! So no-one has done this or has a feel for it? I was really hoping for the lazy option here. So next question. Ideas for convoluting a reasonable test case? Assuming I've got a compute node with 256GB RAM and 350GB of PCIe SSD for swap, what next? We've got Rally going so could potentially use that, but I'm not sure whether it can do different tasks in parallel in order to simulate a set of varied workloads... Ideally we'd want at least these workloads happening in parallel: - web servers - db servers - idle servers - batch processing On 30 June 2015 at 03:24, Warren Wang wrote: > I'm gonna forward this to my co-workers :) I've been kicking this idea > around for some time now, and it hasn't caught traction. I think it could > work for a modest overcommit, depending on the memory workload. We decided > that it should be possible to do this sanely, but that it needed testing. > I'm happy to help test this out. Sounds like the results could be part of a > Tokyo talk :P > > Warren > > Warren > > On Mon, Jun 29, 2015 at 9:36 AM, Blair Bethwaite > wrote: >> >> Hi all, >> >> Question up-front: >> >> Do the performance characteristics of modern PCIe attached SSDs >> invalidate/challenge the old "don't overcommit memory" with KVM wisdom >> (recently discussed on this list and at meetups and summits)? Has >> anyone out there tried & tested this? >> >> Long-form: >> >> I'm currently looking at possible options for increasing virtual >> capacity in a public/community KVM based cloud. We started very >> conservatively at a 1:1 cpu allocation ratio, so perhaps predictably >> we have boatloads of CPU headroom to work with. We also see maybe 50% >> memory actually in-use on a host that is, from Nova's perspective, >> more-or-less full. >> >> The most obvious thing to do here is increase available memory. There >> are at least three ways to achieve that: >> 1/ physically add RAM >> 2/ reduce RAM per vcore (i.e., introduce lower RAM flavors) >> 3/ increase virtual memory capacity (i.e., add swap) and make >> ram_allocation_ratio > 1 >> >> We're already doing a bit of #2, but at the end of the day, taking >> away flavors and trying to change user behaviour is actually harder >> than just upgrading hardware. #1 is ideal but I do wonder whether we'd >> be better to spend that same money on some PCIe SSD and use it for #3 >> (at least for our 'standard' flavor classes), the advantage being that >> SSD is cheaper per GB (and it might also help alleviate IOPs >> starvation for local storage based hosts)... >> >> The question is whether the performance characteristics of modern PCIe >> attached SSDs invalidate the old "don't overcommit memory" with KVM >> wisdom (recently discussed on this list: >> http://www.gossamer-threads.com/lists/openstack/operators/46104 and >> also apparently at the Kilo mid-cycle: >> https://etherpad.openstack.org/p/PHL-ops-capacity-mgmt where there was >> an action to update the default from 1.5 to 1.0, though that doesn't >> seem to have happened). Has anyone out there tried this? >> >> I'm also curious if anyone has any recent info re. the state of >> automated memory ballooning and/or memory hotplug? Ideally a RAM >> overcommitted host would try to inflate guest balloons before >> swapping. >> >> -- >> Cheers, >> ~Blairo >> >> _______________________________________________ >> OpenStack-operators mailing list >> OpenStack-operators at lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > -- Cheers, ~Blairo From chdent at redhat.com Fri Jul 3 09:07:05 2015 From: chdent at redhat.com (Chris Dent) Date: Fri, 3 Jul 2015 10:07:05 +0100 (BST) Subject: [Openstack-operators] [openstack-dev] [ceilometer] virtual mid-cycle planning In-Reply-To: References: Message-ID: On Fri, 26 Jun 2015, Chris Dent wrote: > Ceilometer contributors and other interested parties, To keep people in the loop: The Ceilometer virtual mid-cycle will be held next week, the 9th and 10th of July. The schedule is being worked out. The topics that will be covered include: * Getting Gnocchi to a state of ProductionReady? * Schematisation of notifications * Requirements to make the split of alarming into own repo effective * Requirements to make the split of collecting into own repo effective * Plans for handling deletion or deprecation of old from repo splits * Event-based alarming * Exploring what an APIv3 will mean * Getting a move on with in-tree functional testing The timetable will be available early next week but the overall picture is that the window of events will be in the range of early morning to late evening Euro-time. Some topics will have two sessions, one on each day. The hosting technology plan is to start with Hangouts and then fall back to Bluejeans and then IRC as each inevitably fails... Everyone is welcome. More details early next week. -- Chris Dent tw:@anticdent freenode:cdent https://tank.peermore.com/tanks/cdent From nicole at openstack.org Fri Jul 3 15:47:04 2015 From: nicole at openstack.org (Nicole Martinelli) Date: Fri, 03 Jul 2015 08:47:04 -0700 Subject: [Openstack-operators] OpenStack Community Weekly Newsletter (June 26 - July 3) Message-ID: <5596AE78.7060006@openstack.org> Writing Your First OpenStack Application Ever thought about what it takes to write a scalable cloud application using an OpenStack SDK? Thanks to a small team?s heroic effort, there?s now a guide for that ! Dive into Zuul ? Gated commit system Zuul is software developed by the OpenStack community . It was developed as an efficient gated commit system, allowing projects to merge patches only after they pass a series of tests. It reduces the probability of breaking the master branch, for instance when unit tests or functional tests no longer pass on the tip of master. Fabien Boucher explains how Zuul works and clarifies some concepts through simple examples. 5 years of OpenStack ? it?s time to celebrate the community! OpenStack celebrates its 5th birthday July 19, and we?re celebrating with the entire OpenStack community during July! Cloud interoperability and support for developer productivity have been focuses for the OpenStack project this year, and none of it would be possible without the quickly growing OpenStack community. The Road to Tokyo * Interested in being a Tokyo Summit Sponsor? * How to craft a successful OpenStack Summit proposal * Tips for getting a travel grant to the next OpenStack Summit * Need a visa for the Tokyo Summit? Here?s what you need to know * Accepting presentation submissions until July 15th, 2015, 11:59 pm PDT Reports from Previous Events * Somewhat related: Downloading all sessions from the #OpenStack Summit Relevant Conversations * [Openstack-operators] Scaling the Ops Meetup * openstack-announce gets in Junk/SPAM mail @outlook.com * [neutron] Third Party CI Voting * The sorry state of our spec process Deadlines and Contributors Notifications * Full list of mid-cycle sprints (meetups) * [cinder] Need help from folks working on Dell, Storpool and Infortrend drivers * EC2 API - users wanted * End of life for managed stable/icehouse branches * Product WG Liberty Meetup: August 11-12, 2015 @Cisco, Richardson, TX Security Advisories and Notices * None this week Tips ?n Tricks * By Walter Bentley: OpenStack OSAD and Nagios, against the world * By Kyle Mestery : Running Docker Machine on HP Helion Public Cloud * By Craige McWhirter : How To Delete a Cinder Snapshot with a Status of error or error_deleting With Ceph Block Storage * By Shannon McFarland : Using OpenStack Heat to Deploy an IPv6-enabled Instance * By Lo?c Dachary : Public OpenStack providers useable within the hour * By David Moreau Simard : Openstackclient is better than I thought * By Nir Yechiel : Neutron networking with Red Hat Enterprise Linux OpenStack Platform Open Call for Proposals * OpenStack Summit Tokyo, open until July 15 Recently Merged Specs Subject Owner Project Implement server instance tagging Sergey Nikitin openstack/nova-specs New ZeroMQ driver implementation details Oleksii Zamiatin openstack/oslo-specs Add user-identity-format-flexibility for oslo.log Doug Hellmann openstack/oslo-specs Enable optional dependencies in OpenStack projects lifeless openstack/oslo-specs Specification for Adding Kafka Driver Komei Shimamura openstack/oslo-specs Add flavor tables to API database Vineet Menon openstack/nova-specs Servicegroup foundational refactoring for Control Plane Vilobh Meshram openstack/nova-specs Add working items to consistent-service-method-names Ken'ichi Ohmichi openstack/qa-specs Cleanup the specs repo Matthew Treinish openstack/qa-specs Add devstack external plugin spec Chmouel Boudjnah openstack/qa-specs Graduate fileutils to oslo.utils and oslo.policy Steve Martinelli openstack/oslo-specs Move email spec to backlog Flavio Percoco openstack/zaqar-specs Add spec for email notification Fei Long Wang openstack/zaqar-specs Enable listing of role assignments in a project hierarchy henry-nash openstack/keystone-specs Configure most important hadoop configs automatically Vitaly Gridnev openstack/sahara-specs Add scheduling edp jobs in sahara lu huichun openstack/sahara-specs Persistent transport Victoria Martinez de la Cruz openstack/zaqar-specs Change QoS API to be consistent Eran Gampel openstack/neutron-specs Nova API Microversions support in NovaClient Andrey Kurilin openstack/nova-specs Propose VMware limits, reservation and shares garyk openstack/nova-specs Spec to Add 'macvtap' as vif type to novas libvirt driver. Andreas Scheuring openstack/nova-specs Add spec for more-gettext-support Peng Wu openstack/oslo-specs Moving not implemented specs to backlog Flavio Percoco openstack/zaqar-specs Implement force_detach for safe cleanup Scott DAngelo openstack/cinder-specs Update to CORS specification. Michael Krotscheck openstack/openstack-specs Add requirements management specification. lifeless openstack/openstack-specs Enabling Python 3 for Application Integration Tests Doug Hellmann openstack/openstack-specs Cleanup and removal of StrictABC requirement Morgan Fainberg openstack/keystone-specs Fix resource tracking for operations that move instances between hosts Nikola Dipanov openstack/nova-specs "Get me a network" spec Sean M. Collins openstack/neutron-specs Add spec for tempest plugin interface Matthew Treinish openstack/qa-specs mandatory api limits gordon chung openstack/ceilometer-specs Moved driver interface from backlog to liberty Ajaya Agrawal openstack/keystone-specs Adopt Oslo Guru Meditation Reports zhangtralon openstack/ceilometer-specs Spec for DBaaS(Trove) notification consumption Rohit Jaiswal openstack/ceilometer-specs Declarative snmp metric pollster Lianhao Lu openstack/ceilometer-specs Add is_domain to tokens for projects acting as a domain henry-nash openstack/keystone-specs Clean up tenant resources when one is deleted Assaf Muller openstack/neutron-specs Fixes for generic RAID interface Devananda van der Veen openstack/ironic-specs Upcoming Events Celebrating 5 Years of OpenStack at OSCON on Wednesday, July 22nd: RSVP * Jul 03, 2015 South Bay OpenStack Meetup, Beginner track * Jul 04, 2015 5th Meetup - Dev Conf * Jul 04, 2015 7/4 Meetup w/ You in Zhang Jiang Innovation Park Shanghai, CN * Jul 07, 2015 July Sydney Meetup - OpenStack 5th Birthday * Jul 07 - 08, 2015 OpenStack's 5th Birthday Celebration! * Jul 08 - 09, 2015 OpenStack's 5th Birthday Celebration * Jul 09, 2015 OpenStack Monitoring Lessons Sunnyvale, California, US * Jul 09, 2015 Kilo to Liberty: The Vancouver Summit * Jul 09, 2015 IV Encontro de usu?rios do Openstack Brasil no FISL Porto Alegre, BR * Jul 09 - 10, 2015 Upstream Training in Japan #3 Tokyo, JP * Jul 10, 2015 Celebrating 5 years of OpenStack: A birthday reception! * Jul 16, 2015 OpenStack L.A. 5th Birthday Meetup Los Angeles, CA, US * Jul 17 - 18, 2015 OpenStack Thailand 2015 Bangkok, TH * Jul 20 - 24, 2015 OSCON 2015 Portland, OR, US * Jul 22, 2015 5 Years of OpenStack Portland, Oregon, US * Jul 22, 2015 OpenStack 5th Birthday Russia Moscow, Moscow, RU * Jul 28, 2015 OpenStack 5th Birthday ? Austin Austin, Texas, US * Jul 30 - 31, 2015 DCD INTERNET San Francisco, CA, US * Jul 31 2015 OpenStack Mini Conference Pycon, Brisbane, AU * Aug 10 - 13, 2015 Gartner Catalyst Conference San Diego, CA, US * Aug 11, 2015 OpenStack Day Taiwan 2015 Taipei, TW * Aug 13 - 14, 2015 OpenStack Collective Austin, TX, US * Aug 19 - 21, 2015 China Liberty Hackathon Xian, Shanxi, CN * Aug 20, 2015 OpenStack Day Seattle 2015 Seattle, WA, US * Aug 25, 2015 OpenStack Trove Day 2015 San Jose, CA, US * Aug 26 - 27, 2015 OpenStack Silicon Valley Mountain View, California, US * Aug 27, 2015 OpenStack Nova Deep Dive Meetup Cluj-Napoca, Cluj, RO * Sep 19, 2015 OpenStack Benelux Conference 2015 Bussum, NL * Sep 21 - 24, 2015 Storage Developer Conference Santa Clara, CA, CA, US * Oct 04 - 08, 2015 Gartner SymposiumITxpo Orlando, FL, US * Nov 05, 2015 #CloudBeerStockholm Stockholm, SE * Nov 15 - 20, 2015 Supercomputing 15 Austin, TX, US Other News * Blazing the trail for OpenStack in South Korea * OpenStack Essentials: a book to get you grounded in the fundamentals * OpenStack miniconf at PyCon AU Ticket giveaway /The weekly newsletter is a way for the community to learn about all the various activities occurring on a weekly basis. If you would like to add content to a weekly update or have an idea about this newsletter, please leave a comment./ -------------- next part -------------- An HTML attachment was scrubbed... URL: From george.shuklin at gmail.com Fri Jul 3 21:22:04 2015 From: george.shuklin at gmail.com (George Shuklin) Date: Sat, 04 Jul 2015 00:22:04 +0300 Subject: [Openstack-operators] KVM memory overcommit with fast swap In-Reply-To: References: Message-ID: <5596FCFC.3000209@gmail.com> One notice: Even on the super-super-fast SSD, there is a huge overhead on IO. Basically, you can't go lower than 50 us on IO, and this is 50000 ns, almost eternity for the modern processors. And you get minor page fault, which is not the fastest thing in the world. Few context switching, filesystem/block device level... And 50us - is the best possible. Normally you will have something like 150us, which is very slow. It's ok to push to swap some unused or rarely used part of the guests memory, but do not expect it to be silver bullet. Borderline between 'normal swap operations' and 'thrashed system' is very blurry, and main symptom your guests will experience during overswapping is extreme raise of latency (everything: IO, networking...). And when this happens you will have no knobs to fix things... Even if you kill some of the guests, it will take up to 10 minutes to finish thrashing part of the swap and reduce congestion on IO. In my experience, for average compute node no more than 20% of memory may be pushed to swap without significant consequences. ... And swap in the guests is better. Because guest may throw away few pages from cache, if needed. But host will swap guest page cache as well, as actual process memory. Allocate that SSD as ephemeral drive to guests and let them swap. On 07/03/2015 11:19 AM, Blair Bethwaite wrote: > Damnit! So no-one has done this or has a feel for it? > I was really hoping for the lazy option here. > > So next question. Ideas for convoluting a reasonable test case? > Assuming I've got a compute node with 256GB RAM and 350GB of PCIe SSD > for swap, what next? We've got Rally going so could potentially use > that, but I'm not sure whether it can do different tasks in parallel > in order to simulate a set of varied workloads... Ideally we'd want at > least these workloads happening in parallel: > - web servers > - db servers > - idle servers > - batch processing > > On 30 June 2015 at 03:24, Warren Wang wrote: >> I'm gonna forward this to my co-workers :) I've been kicking this idea >> around for some time now, and it hasn't caught traction. I think it could >> work for a modest overcommit, depending on the memory workload. We decided >> that it should be possible to do this sanely, but that it needed testing. >> I'm happy to help test this out. Sounds like the results could be part of a >> Tokyo talk :P >> >> Warren >> >> Warren >> >> On Mon, Jun 29, 2015 at 9:36 AM, Blair Bethwaite >> wrote: >>> Hi all, >>> >>> Question up-front: >>> >>> Do the performance characteristics of modern PCIe attached SSDs >>> invalidate/challenge the old "don't overcommit memory" with KVM wisdom >>> (recently discussed on this list and at meetups and summits)? Has >>> anyone out there tried & tested this? >>> >>> Long-form: >>> >>> I'm currently looking at possible options for increasing virtual >>> capacity in a public/community KVM based cloud. We started very >>> conservatively at a 1:1 cpu allocation ratio, so perhaps predictably >>> we have boatloads of CPU headroom to work with. We also see maybe 50% >>> memory actually in-use on a host that is, from Nova's perspective, >>> more-or-less full. >>> >>> The most obvious thing to do here is increase available memory. There >>> are at least three ways to achieve that: >>> 1/ physically add RAM >>> 2/ reduce RAM per vcore (i.e., introduce lower RAM flavors) >>> 3/ increase virtual memory capacity (i.e., add swap) and make >>> ram_allocation_ratio > 1 >>> >>> We're already doing a bit of #2, but at the end of the day, taking >>> away flavors and trying to change user behaviour is actually harder >>> than just upgrading hardware. #1 is ideal but I do wonder whether we'd >>> be better to spend that same money on some PCIe SSD and use it for #3 >>> (at least for our 'standard' flavor classes), the advantage being that >>> SSD is cheaper per GB (and it might also help alleviate IOPs >>> starvation for local storage based hosts)... >>> >>> The question is whether the performance characteristics of modern PCIe >>> attached SSDs invalidate the old "don't overcommit memory" with KVM >>> wisdom (recently discussed on this list: >>> http://www.gossamer-threads.com/lists/openstack/operators/46104 and >>> also apparently at the Kilo mid-cycle: >>> https://etherpad.openstack.org/p/PHL-ops-capacity-mgmt where there was >>> an action to update the default from 1.5 to 1.0, though that doesn't >>> seem to have happened). Has anyone out there tried this? >>> >>> I'm also curious if anyone has any recent info re. the state of >>> automated memory ballooning and/or memory hotplug? Ideally a RAM >>> overcommitted host would try to inflate guest balloons before >>> swapping. >>> >>> -- >>> Cheers, >>> ~Blairo >>> >>> _______________________________________________ >>> OpenStack-operators mailing list >>> OpenStack-operators at lists.openstack.org >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> > > From stdake at cisco.com Fri Jul 3 22:03:21 2015 From: stdake at cisco.com (Steven Dake (stdake)) Date: Fri, 3 Jul 2015 22:03:21 +0000 Subject: [Openstack-operators] [kolla][midcycle] Please register for the Kolla-Palooza Midcycle event by July 9th, 2015 Message-ID: Hey operators! The Kolla team is having a mid-cycle event in San Jose, CA. Coffee is provided throughout the day (I believe, but not certain on this point), and lunch, soda, water are provided at lunch time. An RSVP dinner is provided the night of July 28th at 7 PM so food costs should be minimal. If you plan to attend in person, please book your hotel and flight reservations quickly. Silicon Valley prices are quickly increasing and many companies have a 14 day window (July 13th) for booking travel arrangements. We can handle folks that walk in at the last moment, but for the RSVP dinner, please RSVP by July 9th so we can get an accurate count for organizing a dinner. The eventbrite information is at the bottom of this web page: https://wiki.openstack.org/wiki/Sprints/KollaLibertySprint -------------- next part -------------- An HTML attachment was scrubbed... URL: From gfa at zumbi.com.ar Sat Jul 4 09:24:43 2015 From: gfa at zumbi.com.ar (gustavo panizzo (gfa)) Date: Sat, 04 Jul 2015 17:24:43 +0800 Subject: [Openstack-operators] [openstack-operators]: anyone using SaltStack for deployment? In-Reply-To: References: <556813F5.8020207@zumbi.com.ar> Message-ID: <5597A65B.4090805@zumbi.com.ar> i've published my salt stack repo here http://github.com/gfa/salt-for-openstack On 2015-05-30 17:49, Daniel Comnea wrote: > Thanks Gustavo! > > I like how you structured your stuff, if you decide to publish it and > send a link that will be much appreciated. > > Thanks! > > On Fri, May 29, 2015 at 8:23 AM, gustavo panizzo (gfa) > wrote: > > > > On 2015-05-29 05:16, Daniel Comnea wrote: > > Hi folks, > > Is anyone using SaltStack to deploy Openstack ? I haven't seen much > discussion around this tech hence my question and maybe point of > inspiration. > > > we do > > there is a repo in github by CSScorp and other projects (i don't > remember right now but i can check next week). most of them build > modules (puppet like) and consume them. > > i don't use them as i found them hard to explain or follow. > i use simple state files where pkgs are installed, config files are > generated and services are enabled/started/restarted/reload > > i have multiple openstack clouds and multiple salt environments. > each environment has it's own pillar and state files, many of the > state files are (almost) the same. for example each environment has > a nova state. > also i have a base environment shared by all clouds where i keep > common states (libvirt, repos, monitoring, logging, etc) > > > ideally i would have only one set of state files and pillar should > make the differences but in practice that was difficult to achieve. > i run havana and icehouse (and different icehouse releases), keep > only one set of state files would make them full of `if`statements > > the top file applies the same states to all servers in the same > environment, states (using custom grains configured on the minions) > decide how/what to configure each individual server > > > i have another salt state groups which i use for test environments. > they support both debian and ubuntu and icehouse, juno and kilo. > > i plan to publish the second group of states before the end of june, > after some cleanup. > > > -- > 1AE0 322E B8F7 4717 BDEA BF1D 44BB 1BA7 9F6C 6333 > > -- 1AE0 322E B8F7 4717 BDEA BF1D 44BB 1BA7 9F6C 6333 keybase: http://keybase.io/gfa From h16mara at gmail.com Sat Jul 4 22:40:16 2015 From: h16mara at gmail.com (achi hara) Date: Sat, 4 Jul 2015 23:40:16 +0100 Subject: [Openstack-operators] Ansible Playbook for OpenStack (juno) Message-ID: Hi everyone, I would like to deploy OpenStack (*Juno* release) using Ansible. could you please provide me with the playbooks for this purpose ? Your assistance is greatly appreciated. Sincerely Hamza -------------- next part -------------- An HTML attachment was scrubbed... URL: From contact at ladenis.fr Sat Jul 4 22:57:14 2015 From: contact at ladenis.fr (Leslie-Alexandre DENIS) Date: Sun, 5 Jul 2015 00:57:14 +0200 Subject: [Openstack-operators] Ansible Playbook for OpenStack (juno) In-Reply-To: References: Message-ID: <559864CA.9090001@ladenis.fr> Hello, The best sources for that would be : - https://github.com/stackforge/os-ansible-deployment - https://github.com/blueboxgroup/ursula Actually these are well written and very modular, you probably don't really need all of the complexity for a standard deployment but at least you can start from that. Regards, Le 05/07/2015 00:40, achi hara a ?crit : > > Hi everyone, > > I would like to deploy OpenStack (*Juno*release) using Ansible. > > could you please provide me with the playbooks for this purpose ? > > Your assistance is greatly appreciated. > > Sincerely > > Hamza > > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark.atwood at hp.com Sun Jul 5 06:56:59 2015 From: mark.atwood at hp.com (Mark Atwood) Date: Sat, 04 Jul 2015 23:56:59 -0700 Subject: [Openstack-operators] Free vs Paid ticket to the Operators Midcycle. In-Reply-To: References: <55921C03.5060303@openstack.org> Message-ID: <1436079419.3042490.315434257.62F1DD74@webmail.messagingengine.com> As a suggestion re free / paid registration: have tiered tickets, like the Community Leadership Summit does. Having a free ticket vs a paid ticket would not grant more or less access or privileges at the event, but gives the opportunity for people who can expense a ticket to do so. -- Mark Atwood Director of Open Source Engagement, Hewlett-Packard +1-206-473-7118 On Tue, Jun 30, 2015, at 09:04, matt wrote: > +1 on the no booths rule. > -1 on paid registration, I think we need to be mindful of the smaller openstack deployers, their voice is an important one, and their access to the larger operations teams is invaluable to them.? I like the idea of local teams showing up because it's in the neighborhood and they don't need to hassle their budgeting managers too much for travel approval / expenses.? This is more accessible currently than the summits for many operators.? Let's keep it that way. > -matt -------------- next part -------------- An HTML attachment was scrubbed... URL: From email at daviey.com Sun Jul 5 08:36:52 2015 From: email at daviey.com (Dave Walker) Date: Sun, 5 Jul 2015 09:36:52 +0100 Subject: [Openstack-operators] Free vs Paid ticket to the Operators Midcycle. In-Reply-To: <1436079419.3042490.315434257.62F1DD74@webmail.messagingengine.com> References: <55921C03.5060303@openstack.org> <1436079419.3042490.315434257.62F1DD74@webmail.messagingengine.com> Message-ID: I've never worked with an organisation that would willingly pay for a ticket if there were free ones on the table, the ones often included in sponsorship deals are even used first. Just the idea of splitting by those that 'can' expense it seems odd to me. There must surely be some sort of other recognition? -- Kind Regards, Dave Walker On 5 Jul 2015 7:57 am, "Mark Atwood" wrote: > As a suggestion re free / paid registration: have tiered tickets, like > the Community Leadership Summit does. > > Having a free ticket vs a paid ticket would not grant more or less access > or privileges at the event, but gives the opportunity for people who can > expense a ticket to do so. > > -- > Mark Atwood > Director of Open Source Engagement, Hewlett-Packard > +1-206-473-7118 > > > On Tue, Jun 30, 2015, at 09:04, matt wrote: > > +1 on the no booths rule. > -1 on paid registration, I think we need to be mindful of the smaller > openstack deployers, their voice is an important one, and their access to > the larger operations teams is invaluable to them. I like the idea of > local teams showing up because it's in the neighborhood and they don't need > to hassle their budgeting managers too much for travel approval / > expenses. This is more accessible currently than the summits for many > operators. Let's keep it that way. > -matt > > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From h16mara at gmail.com Sun Jul 5 15:14:26 2015 From: h16mara at gmail.com (achi hara) Date: Sun, 5 Jul 2015 16:14:26 +0100 Subject: [Openstack-operators] Ansible Playbook for OpenStack (juno) In-Reply-To: <559864CA.9090001@ladenis.fr> References: <559864CA.9090001@ladenis.fr> Message-ID: Hi Leslie Alexandre Thank you for providing me with the two links. i will try to use the second one. Regards, Hamza 2015-07-04 23:57 GMT+01:00 Leslie-Alexandre DENIS : > Hello, > > The best sources for that would be : > - https://github.com/stackforge/os-ansible-deployment > - https://github.com/blueboxgroup/ursula > > Actually these are well written and very modular, you probably don't > really need all of the complexity for a standard deployment but at least > you can start from that. > > Regards, > > > Le 05/07/2015 00:40, achi hara a ?crit : > > Hi everyone, > > > > I would like to deploy OpenStack (*Juno* release) using Ansible. > > > > could you please provide me with the playbooks for this purpose ? > > > > Your assistance is greatly appreciated. > > > > > > Sincerely > > Hamza > > > _______________________________________________ > OpenStack-operators mailing listOpenStack-operators at lists.openstack.orghttp://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ulf.baumann at hp.com Sun Jul 5 15:36:50 2015 From: ulf.baumann at hp.com (Baumann, Ulf) Date: Sun, 5 Jul 2015 15:36:50 +0000 Subject: [Openstack-operators] Free vs Paid ticket to the Operators Midcycle. In-Reply-To: References: <55921C03.5060303@openstack.org> <1436079419.3042490.315434257.62F1DD74@webmail.messagingengine.com>, Message-ID: The operator summit is about hearing from the operators and allowing them to exchange information (solutions, observations, complaints...) and provide input to the devs. I feel it is best to hear from as many operators as possible. Therefore the size of the summit should not be limited. A venue should be selected that's big enough to accommodate 2x of the participation in Philadelphia (might need 3x). The registration process needs to start asap so that we can get an idea how big the interest will be and to allow for participants to make travel arrangements. +1 for no booths etc. +1 for free admission or very small fee Best, Ulf -------------------- VP, Cloud Operations, HP Cloud Tel +1-510-599-9890 On Jul 5, 2015, at 1:41 AM, Dave Walker > wrote: I've never worked with an organisation that would willingly pay for a ticket if there were free ones on the table, the ones often included in sponsorship deals are even used first. Just the idea of splitting by those that 'can' expense it seems odd to me. There must surely be some sort of other recognition? -- Kind Regards, Dave Walker On 5 Jul 2015 7:57 am, "Mark Atwood" > wrote: As a suggestion re free / paid registration: have tiered tickets, like the Community Leadership Summit does. Having a free ticket vs a paid ticket would not grant more or less access or privileges at the event, but gives the opportunity for people who can expense a ticket to do so. -- Mark Atwood > Director of Open Source Engagement, Hewlett-Packard +1-206-473-7118 On Tue, Jun 30, 2015, at 09:04, matt wrote: +1 on the no booths rule. -1 on paid registration, I think we need to be mindful of the smaller openstack deployers, their voice is an important one, and their access to the larger operations teams is invaluable to them. I like the idea of local teams showing up because it's in the neighborhood and they don't need to hassle their budgeting managers too much for travel approval / expenses. This is more accessible currently than the summits for many operators. Let's keep it that way. -matt _______________________________________________ OpenStack-operators mailing list OpenStack-operators at lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators _______________________________________________ OpenStack-operators mailing list OpenStack-operators at lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators From kevin.carter at RACKSPACE.COM Mon Jul 6 05:42:50 2015 From: kevin.carter at RACKSPACE.COM (Kevin Carter) Date: Mon, 6 Jul 2015 05:42:50 +0000 Subject: [Openstack-operators] Ansible Playbook for OpenStack (juno) In-Reply-To: References: <559864CA.9090001@ladenis.fr>, Message-ID: <1436161369933.30865@RACKSPACE.COM> @Hamza if you get around to looking into the os-ansible-deployment project ?please consider joining our IRC channel on freenode at #openstack-ansible there almost always someone online and we'd be happy help you get started with the project. If you're just browsing, we have some installation documentation online that you have read through here: http://osad.readthedocs.org/en/latest/ Take care. -- Kevin Carter ________________________________ From: achi hara Sent: Sunday, July 5, 2015 10:14 AM To: Leslie-Alexandre DENIS Cc: openstack-operators at lists.openstack.org Subject: Re: [Openstack-operators] Ansible Playbook for OpenStack (juno) Hi Leslie Alexandre Thank you for providing me with the two links. i will try to use the second one. Regards, Hamza 2015-07-04 23:57 GMT+01:00 Leslie-Alexandre DENIS >: Hello, The best sources for that would be : - https://github.com/stackforge/os-ansible-deployment - https://github.com/blueboxgroup/ursula Actually these are well written and very modular, you probably don't really need all of the complexity for a standard deployment but at least you can start from that. Regards, Le 05/07/2015 00:40, achi hara a ?crit : Hi everyone, I would like to deploy OpenStack (Juno release) using Ansible. could you please provide me with the playbooks for this purpose ? Your assistance is greatly appreciated. Sincerely Hamza _______________________________________________ OpenStack-operators mailing list OpenStack-operators at lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators _______________________________________________ OpenStack-operators mailing list OpenStack-operators at lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -------------- next part -------------- An HTML attachment was scrubbed... URL: From sorrison at gmail.com Mon Jul 6 06:56:25 2015 From: sorrison at gmail.com (Sam Morrison) Date: Mon, 6 Jul 2015 16:56:25 +1000 Subject: [Openstack-operators] [keystone][all] Deprecating slash ('/') in project names In-Reply-To: References: Message-ID: <00EAAB3D-5EF9-4CEB-A69A-2A3BA4D5BAB8@gmail.com> Do you mean project names or project IDs? Sam > On 3 Jul 2015, at 12:12 am, Henrique Truta wrote: > > Hi everyone, > > In Kilo, keystone introduced the concept of Hierarchical Multitenancy[1], which allows cloud operators to organize projects in hierarchies. This concept is evolving in Liberty, with the addition of the Reseller use case[2], where among other features, it?ll have hierarchies of domains by making the domain concept a feature of projects and not a different entity: from now on, every domain will be treated as a project that has the ?is_domain? property set to True. > > Currently, getting a project scoped token can be made by only passing the project name and the domain it belongs to, once project names are unique between domains. However with those hierarchies of projects, in M we intend to remove this constraint in order to make a project name unique only in its level in the hierarchy (project parent). In other words, it won?t be possible to have sibling projects with the same name. For example. the following hierarchy will be valid: > > A - project with the domain feature > / \ > B C - ?pure? projects, children of A > | | > A B - ?pure? projects, children of B and C respectively > > Therefore, the cloud user faces some problems when getting a project scoped token by name to projects A or B, since keystone won?t be able to distinguish them only by their names. The best way to solve this problem is providing the full hierarchy, like ?A/B/A?, ?A/B?, ?A/C/B? and so on. > > To achieve this, we intend to deprecate the ?/? character in project names in Liberty and prohibit it in M, removing/replacing this character in a database migration**. > > Do you have some strong reason to keep using this character in project names? How bad would it be for existing deploys? We?d like to hear from you. > > Best regards, > Henrique > > ** LDAP as assignment backend does not support Hierarchical Multitenancy. This change will be only applied to SQL backends. > [1] http://specs.openstack.org/openstack/keystone-specs/specs/juno/hierarchical_multitenancy.html > [2] http://specs.openstack.org/openstack/keystone-specs/specs/kilo/reseller.html > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -------------- next part -------------- An HTML attachment was scrubbed... URL: From aloga at ifca.unican.es Mon Jul 6 07:43:07 2015 From: aloga at ifca.unican.es (=?iso-8859-1?Q?=C1lvaro_L=F3pez_Garc=EDa?=) Date: Mon, 6 Jul 2015 09:43:07 +0200 Subject: [Openstack-operators] openstack and xen In-Reply-To: <55951FDB.9050203@zumbi.com.ar> References: <55951FDB.9050203@zumbi.com.ar> Message-ID: <20150706074307.GA14325@torio> On 02 Jul 2015 (19:26), gustavo panizzo (gfa) wrote: > Hello Hi, > has anybody moved from kvm to xen? > i see the support for xen on nova's hypervisor support matrix got better on > latest releases. We're using Xen from the beginning, back in Cactus IIRC. In the past we had to patch several things, but support has improved a lot. > we found hard to isolate noisy vm on kvm, and the network problem (i sent on > another email) is killing us > > besides, xen being used by rackspace and aws is not bad publicity at all > > so, is anybody using xen? what are they using? xenserver from citrix, > xen4centos, xen on ubuntu, xen+libvirt? what are the results? We are using Ubuntu + Libvirt + Xen, and we're happy with it. The only thing that you have to take into account is that if you plan to use PyGrub you cannot use CoW, mainly because PyGrub cannot read qcow2 images. Cheers, -- ?lvaro L?pez Garc?a aloga at ifca.unican.es Instituto de F?sica de Cantabria http://alvarolopez.github.io Ed. Juan Jord?, Campus UC tel: (+34) 942 200 969 Avda. de los Castros s/n skype: aloga.csic 39005 Santander (SPAIN) From aishwarya.adyanthaya at accenture.com Mon Jul 6 10:08:40 2015 From: aishwarya.adyanthaya at accenture.com (aishwarya.adyanthaya at accenture.com) Date: Mon, 6 Jul 2015 10:08:40 +0000 Subject: [Openstack-operators] ubuntu-14.04 unable to ssh Message-ID: Hi, I'm working on creating instances inside the openstack dashboard. I have two images of Ubuntu 12.04 and Ubuntu 14.04. What I'm noticing here is when I upgrade my instance of Ubuntu 12.04 to 14.04, I'm unable to ssh to that machine. I tried bringing up the instance through the image of Ubuntu 14.04 but I'm experiencing the same issue. Could someone point out how to rectify this situation. Thank you, Aishwarya ________________________________ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. ______________________________________________________________________________________ www.accenture.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From henriquecostatruta at gmail.com Mon Jul 6 11:59:38 2015 From: henriquecostatruta at gmail.com (Henrique Truta) Date: Mon, 06 Jul 2015 11:59:38 +0000 Subject: [Openstack-operators] [keystone][all] Deprecating slash ('/') in project names In-Reply-To: <00EAAB3D-5EF9-4CEB-A69A-2A3BA4D5BAB8@gmail.com> References: <00EAAB3D-5EF9-4CEB-A69A-2A3BA4D5BAB8@gmail.com> Message-ID: I mean project names. You can, for example, create a project today with a name like "dev/tests". Em seg, 6 de jul de 2015 ?s 03:56, Sam Morrison escreveu: > Do you mean project names or project IDs? > > Sam > > > On 3 Jul 2015, at 12:12 am, Henrique Truta > wrote: > > Hi everyone, > > In Kilo, keystone introduced the concept of Hierarchical Multitenancy[1], > which allows cloud operators to organize projects in hierarchies. This > concept is evolving in Liberty, with the addition of the Reseller use > case[2], where among other features, it?ll have hierarchies of domains by > making the domain concept a feature of projects and not a different entity: > from now on, every domain will be treated as a project that has the > ?is_domain? property set to True. > > Currently, getting a project scoped token can be made by only passing the > project name and the domain it belongs to, once project names are unique > between domains. However with those hierarchies of projects, in M we intend > to remove this constraint in order to make a project name unique only in > its level in the hierarchy (project parent). In other words, it won?t be > possible to have sibling projects with the same name. For example. the > following hierarchy will be valid: > > A - project with the domain feature > / \ > B C - ?pure? projects, children of A > | | > A B - ?pure? projects, children of B and C respectively > > Therefore, the cloud user faces some problems when getting a project > scoped token by name to projects A or B, since keystone won?t be able to > distinguish them only by their names. The best way to solve this problem is > providing the full hierarchy, like ?A/B/A?, ?A/B?, ?A/C/B? and so on. > > To achieve this, we intend to deprecate the ?/? character in project > names in Liberty and prohibit it in M, removing/replacing this character in > a database migration**. > > Do you have some strong reason to keep using this character in project > names? How bad would it be for existing deploys? We?d like to hear from > you. > > Best regards, > Henrique > > ** LDAP as assignment backend does not support Hierarchical Multitenancy. > This change will be only applied to SQL backends. > [1] > http://specs.openstack.org/openstack/keystone-specs/specs/juno/hierarchical_multitenancy.html > [2] > http://specs.openstack.org/openstack/keystone-specs/specs/kilo/reseller.html > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From alopgeek at gmail.com Mon Jul 6 15:53:49 2015 From: alopgeek at gmail.com (Abel Lopez) Date: Mon, 6 Jul 2015 08:53:49 -0700 Subject: [Openstack-operators] ubuntu-14.04 unable to ssh In-Reply-To: References: Message-ID: <59676F75-5BFD-42E6-A52F-16E62481043A@gmail.com> I would recommend that you don't do a 'dist-upgrade' of a cloud instance. In theory it *should* work, but it feels like an anti-pattern. You have images for 12.04, you have images for 14.04. If you need to use 12.04, choose that for your instances, if you need 14.04, choose that for your instances. Remember that the intention is for "Cattle", not "Pets". > On Jul 6, 2015, at 3:08 AM, aishwarya.adyanthaya at accenture.com wrote: > > Hi, > > I?m working on creating instances inside the openstack dashboard. I have two images of Ubuntu 12.04 and Ubuntu 14.04. What I?m noticing here is when I upgrade my instance of Ubuntu 12.04 to 14.04, I?m unable to ssh to that machine. I tried bringing up the instance through the image of Ubuntu 14.04 but I?m experiencing the same issue. Could someone point out how to rectify this situation. > > Thank you, > Aishwarya > > > This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. > ______________________________________________________________________________________ > > www.accenture.com > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 496 bytes Desc: Message signed with OpenPGP using GPGMail URL: From h16mara at gmail.com Mon Jul 6 16:55:34 2015 From: h16mara at gmail.com (achi hara) Date: Mon, 6 Jul 2015 17:55:34 +0100 Subject: [Openstack-operators] Ansible Playbook for OpenStack (juno) In-Reply-To: <1436161369933.30865@RACKSPACE.COM> References: <559864CA.9090001@ladenis.fr> <1436161369933.30865@RACKSPACE.COM> Message-ID: Hi Kevin Carter, Thank you very much for the useful input. Actually i am very interested in deploying OpenStack using Ansible. The os-ansible-deployment project seems perfect,with some complexity though. Hopefully i will find some help on the IRC channel when the need arises. thank you and regards, Hamza On 6 July 2015 at 06:42, Kevin Carter wrote: > @Hamza if you get around to looking into the os-ansible-deployment > project ?please consider joining our IRC channel on freenode at > #openstack-ansible there almost always someone online and we'd be happy > help you get started with the project. If you're just browsing, we have > some installation documentation online that you have read through here: > http://osad.readthedocs.org/en/latest/ > > Take care. > > -- > > Kevin Carter > > ------------------------------ > *From:* achi hara > *Sent:* Sunday, July 5, 2015 10:14 AM > *To:* Leslie-Alexandre DENIS > *Cc:* openstack-operators at lists.openstack.org > *Subject:* Re: [Openstack-operators] Ansible Playbook for OpenStack (juno) > > Hi Leslie Alexandre > > Thank you for providing me with the two links. i will try to use the > second one. > > Regards, > Hamza > > 2015-07-04 23:57 GMT+01:00 Leslie-Alexandre DENIS : > >> Hello, >> >> The best sources for that would be : >> - https://github.com/stackforge/os-ansible-deployment >> - https://github.com/blueboxgroup/ursula >> >> Actually these are well written and very modular, you probably don't >> really need all of the complexity for a standard deployment but at least >> you can start from that. >> >> Regards, >> >> >> Le 05/07/2015 00:40, achi hara a ?crit : >> >> Hi everyone, >> >> >> >> I would like to deploy OpenStack (*Juno* release) using Ansible. >> >> >> >> could you please provide me with the playbooks for this purpose ? >> >> >> >> Your assistance is greatly appreciated. >> >> >> >> >> >> Sincerely >> >> Hamza >> >> >> _______________________________________________ >> OpenStack-operators mailing listOpenStack-operators at lists.openstack.orghttp://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> >> >> _______________________________________________ >> OpenStack-operators mailing list >> OpenStack-operators at lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jon at jonproulx.com Mon Jul 6 17:03:54 2015 From: jon at jonproulx.com (Jonathan Proulx) Date: Mon, 6 Jul 2015 13:03:54 -0400 Subject: [Openstack-operators] Scaling the Ops Meetup In-Reply-To: References: <55921C03.5060303@openstack.org> <559396C5.3080104@openstack.org> <55955773.3050000@openstack.org> Message-ID: On Thu, Jul 2, 2015 at 2:26 PM, Jesse Keating wrote: > BoD, unless they feel the need to delegate, at which point then maybe an > Operators committee. But I'd hate to see more committees created. I feel like this may be a User Committee thing, which is an existing committee and sort-of-kind-of how this started I think. Granted that's a bit of a shadowy cabal at this point but hopefully we're on a path to a better place with that... -Jon > > - jlk > > On Thu, Jul 2, 2015 at 11:23 AM, Matt Fischer wrote: >> >> Are you proposing an Operators committee or do you mean the OpenStack BoD? >> >> On Thu, Jul 2, 2015 at 12:15 PM, Jesse Keating wrote: >>> >>> Honestly I'm fine with the elected board helping to make this decision. >>> Folks that want to underwrite the event can submit a proposal to host, board >>> picks from the submissions? Having a wide vote on it seems overkill to me. >>> >>> Open call for submissions, board votes. Is that unreasonable? >>> >>> >>> - jlk >>> >>> On Thu, Jul 2, 2015 at 8:23 AM, Tom Fifield wrote: >>>> >>>> OK, so I'm just going to throw this one out there to re-stoke the >>>> discussion ... >>>> >>>> Venue selection process. >>>> >>>> At the moment, there's a few of us who work hard in the shadows to make >>>> the best choice we can from a range of generous offers :) >>>> >>>> In our brave new world, I think this should be a bit more open, what do >>>> you think? >>>> >>>> What kind of structure do we need to make the best decision? >>>> >>>> >>>> Regards, >>>> >>>> >>>> Tom >>>> >>>> >>>> On 01/07/15 15:29, Tom Fifield wrote: >>>> > Team, >>>> > >>>> > It's great to see so much passion! :) >>>> > >>>> > Here's an attempt at a summary email. I'll wait until a later email to >>>> > wade into the discussion myself ;) Feel free to jump in on any point. >>>> > >>>> > =Things we tend to agree on= >>>> > "Spirit of the event" >>>> > * The response most people had in common was that they didn't want to >>>> > see vendor booths :) Several others noted the importance that the >>>> > event >>>> > should remain accessible and ensure there were no barriers to >>>> > attendance, space for networking with others and sharing information >>>> > about deployments without fear of vendor harassment. >>>> > >>>> > Multiple Sponsors >>>> > * are OK, but they are more like underwriters who should be OK with >>>> > only >>>> > modest acknowledgement (see previous: no booths). Preference for >>>> > operator sponsors. Several ways to recognise them possible. >>>> > >>>> > Current Schedule Format >>>> > * It appeared like the current format is working well in general, but >>>> > could do with minor tweaks. >>>> > >>>> > >>>> > =Things still under discussion= >>>> > Sell Tickets >>>> > * Many people agreed that some moderate form of ticketing could be OK, >>>> > but the question remains to what extent this should be priced ("low >>>> > fee"? $100-200? "cover costs"?). A strong counterpoint was that paid >>>> > ticketing makes it less accessible (see "spirit"), prevents some local >>>> > attendance, and is unfair to smaller operators, though others noted >>>> > that >>>> > it may be the only practical way to raise funds in the future. >>>> > >>>> > Break into Regional Events >>>> > * A number of viewpoints, ranging from "multiple regional events" to >>>> > "one event only [maybe with a travel fund]" to "one event that moves >>>> > around [maybe even outside USA]" to "make it in the centre of USA for >>>> > easier travel on average". >>>> > >>>> > >>>> > Capping Numbers (inc. Limit Attendees per Company) >>>> > * A lot of disagreement here. Many argued that any kind of cap or >>>> > barrier to entry detracts from the accessibility of the event. Others >>>> > put forth that too few restrictions could dilute the ops-heavy >>>> > attendee >>>> > base, and implied that large companies might send too many people. >>>> > >>>> > >>>> > Multiple Tracks >>>> > * To help deal with room size, we could split into multiple tracks. >>>> > The >>>> > ideal number of tracks is not clear at this stage. >>>> > >>>> > Evening Event >>>> > * Several people said they found the PHL evening event uncomfortably >>>> > packed, and suggested cancelling it on this basis, or on the basis of >>>> > cost. Suggested alternate was posting a list of nearby venues. >>>> > >>>> > Lightening Talks >>>> > * Have lightening talks, perhaps by renaming "show and tell". More of >>>> > them? Arranged differently? Unclear. >>>> > >>>> > =Ideas= >>>> > * Video Recording - Might be worth a shot, starting small. >>>> > * Travel Fund, Scholarship Fund, Slush Fund >>>> > * Use Universities during the summer break for venues >>>> > >>>> > =Open Questions= >>>> > * How will the number of attendees grow? >>>> > * What are the costs involved in hosting one of these events? >>>> > * Stuff about the summit - probably need a different thread for this >>>> > >>>> > >>>> > Regards, >>>> > >>>> > >>>> > Tom >>>> > >>>> > >>>> > >>>> > >>>> > On 30/06/15 12:33, Tom Fifield wrote: >>>> >> Hi all, >>>> >> >>>> >> Right now, behind-the-scenes, we're working on getting a venue for >>>> >> next >>>> >> ops mid-cycle. It's taking a little longer than normal, but rest >>>> >> assured >>>> >> it is happening. >>>> >> >>>> >> Why is it so difficult? As you may have noticed, we're reaching the >>>> >> size >>>> >> of event where both physically and financially, only the largest >>>> >> organisations can host us. >>>> >> >>>> >> We thought we might get away with organising this one old-school with >>>> >> a >>>> >> single host and sponsor. Then, for the next, start a brainstorming >>>> >> discussion with you about how we scale these events into the future - >>>> >> since once we get up and beyond a few hundred people, we're looking >>>> >> at >>>> >> having to hire a venue as well as make some changes to the format of >>>> >> the >>>> >> event. >>>> >> >>>> >> However, it seems that even this might be too late. We already had a >>>> >> company that proposed to host the meetup at a west coast US hotel >>>> >> instead of their place, and wanted to scope out other companies to >>>> >> sponsor food. >>>> >> >>>> >> This would be a change in the model, so let's commence the discussion >>>> >> of >>>> >> how we want to scale this event :) >>>> >> >>>> >> So far I've heard things like: >>>> >> * "my $CORPORATE_BENEFACTOR would be fine to share sponsorship with >>>> >> others" >>>> >> * "I really don't want to get to the point where we want booths at >>>> >> the >>>> >> ops meetup" >>>> >> >>>> >> Which are promising! It seems like we have a shared understanding of >>>> >> what to take this forward with. >>>> >> >>>> >> So, as the ops meetup grows - what would it look like for you? >>>> >> >>>> >> How do you think we can manage the venue selection and financial side >>>> >> of >>>> >> things? What about the session layout and the scheduling with the >>>> >> growing numbers of attendees? >>>> >> >>>> >> Current data can be found at >>>> >> https://wiki.openstack.org/wiki/Operations/Meetups#Venue_Selection . >>>> >> >>>> >> I would also be interested in your thoughts about how these events >>>> >> have >>>> >> only been in a limited geographical area so far, and how we can >>>> >> address >>>> >> that issue. >>>> >> >>>> >> >>>> >> Regards, >>>> >> >>>> >> >>>> >> Tom >>>> >> >>>> >> >>>> >> >>>> >> _______________________________________________ >>>> >> OpenStack-operators mailing list >>>> >> OpenStack-operators at lists.openstack.org >>>> >> >>>> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >>>> >> >>>> > >>>> > >>>> > _______________________________________________ >>>> > OpenStack-operators mailing list >>>> > OpenStack-operators at lists.openstack.org >>>> > >>>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >>>> > >>>> >>>> >>>> _______________________________________________ >>>> OpenStack-operators mailing list >>>> OpenStack-operators at lists.openstack.org >>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >>> >>> >>> >>> _______________________________________________ >>> OpenStack-operators mailing list >>> OpenStack-operators at lists.openstack.org >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >>> >> > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > From jon at jonproulx.com Mon Jul 6 17:28:53 2015 From: jon at jonproulx.com (Jonathan Proulx) Date: Mon, 6 Jul 2015 13:28:53 -0400 Subject: [Openstack-operators] Scaling the Ops Meetup In-Reply-To: <559396C5.3080104@openstack.org> References: <55921C03.5060303@openstack.org> <559396C5.3080104@openstack.org> Message-ID: On Wed, Jul 1, 2015 at 3:29 AM, Tom Fifield wrote: > Team, > > It's great to see so much passion! :) > > Here's an attempt at a summary email. I'll wait until a later email to > wade into the discussion myself ;) Feel free to jump in on any point. > > =Things we tend to agree on= I agree on all those too. > =Things still under discussion= > Sell Tickets > * Many people agreed that some moderate form of ticketing could be OK, > but the question remains to what extent this should be priced ("low > fee"? $100-200? "cover costs"?). A strong counterpoint was that paid > ticketing makes it less accessible (see "spirit"), prevents some local > attendance, and is unfair to smaller operators, though others noted that > it may be the only practical way to raise funds in the future. I think everyone agrees this is best kept as low a barrier as possible. It would be interesting to know per attendee costs to help assess what kind of barrier it would be. Obviously if we get some corporate underwriting that meets the 'we all agree' low impact desires that would help minimize this and if it can be zero it should be. > Break into Regional Events > * A number of viewpoints, ranging from "multiple regional events" to > "one event only [maybe with a travel fund]" to "one event that moves > around [maybe even outside USA]" to "make it in the centre of USA for > easier travel on average". I think breaking into regional events would seriously undermine the utility of the event unless someone has a really clever idea how to run 3 or 4 locations as a single distributed event so we can actually gather and share ideas among all of them (I don't see how that would work). I am uncomfortable with the US-centric nature of the ops events even though it's been terribly convenient for me. I would suggest if we so start rotating continents (which I'm in favor of) we try and keep it opposite the summit locations so those least likely to make the summit are most likely to make the mid cycle that way no region gets left too far behind. > > Capping Numbers (inc. Limit Attendees per Company) > * A lot of disagreement here. Many argued that any kind of cap or > barrier to entry detracts from the accessibility of the event. Others > put forth that too few restrictions could dilute the ops-heavy attendee > base, and implied that large companies might send too many people. I think it's best to try addressing this socially at first. Make it clear space is at a premium and encourage attendees to send the minimum number of people necessary to cover the sessions. Setting a hard limit is hard because I can imagine larger and more complex sites may have a legitimate need to send more people due to greater role specialization or other reasons. > > Multiple Tracks > * To help deal with room size, we could split into multiple tracks. The > ideal number of tracks is not clear at this stage. I'm not even sure what I think is best here, but these are my thoughts: More tracks makes it harder for small to medium size sites to cover. Not saying we shouldn't expand parallelism but we should be cautious. My site is a private university cloud with order of 100 hypervisors, we're more or less happy to send 2 people to summits and one to mid cycles, at least that's what I've gotten them to pay for in the past. Obviously we don't come close to covering summits. The dual track (for one attendee) in PHL was OK and conflicts weren't too bad. The obvious alternative if we need more sessions would be to go longer and honestly I'm not keen on that either and would probably prefer wider over longer. -Jon From openstack at medberry.net Mon Jul 6 17:58:39 2015 From: openstack at medberry.net (David Medberry) Date: Mon, 6 Jul 2015 11:58:39 -0600 Subject: [Openstack-operators] Scaling the Ops Meetup In-Reply-To: References: <55921C03.5060303@openstack.org> <559396C5.3080104@openstack.org> Message-ID: On Mon, Jul 6, 2015 at 11:28 AM, Jonathan Proulx wrote: > More tracks makes it harder for small to medium size sites to cover. > Not saying we shouldn't expand parallelism but we should be cautious. > > My site is a private university cloud with order of 100 hypervisors, > we're more or less happy to send 2 people to summits and one to mid > cycles, at least that's what I've gotten them to pay for in the past. > Obviously we don't come close to covering summits. The dual track > (for one attendee) in PHL was OK and conflicts weren't too bad. > > The obvious alternative if we need more sessions would be to go longer > and honestly I'm not keen on that either and would probably prefer > wider over longer. > +1 on wider vs longer. if we do go longer, let's limit it to half-day expansion (so folks can fly in or out that half day.) Of course if it is in Timbuktu, that 1/2 day won't buy much in terms of maximizing commute time. https://en.wikipedia.org/wiki/Timbuktu -------------- next part -------------- An HTML attachment was scrubbed... URL: From anteaya at anteaya.info Mon Jul 6 18:14:57 2015 From: anteaya at anteaya.info (Anita Kuno) Date: Mon, 06 Jul 2015 14:14:57 -0400 Subject: [Openstack-operators] Scaling the Ops Meetup In-Reply-To: <55921C03.5060303@openstack.org> References: <55921C03.5060303@openstack.org> Message-ID: <559AC5A1.4060100@anteaya.info> On 06/30/2015 12:33 AM, Tom Fifield wrote: > Hi all, > > Right now, behind-the-scenes, we're working on getting a venue for next > ops mid-cycle. It's taking a little longer than normal, but rest assured > it is happening. > > Why is it so difficult? As you may have noticed, we're reaching the size > of event where both physically and financially, only the largest > organisations can host us. > > We thought we might get away with organising this one old-school with a > single host and sponsor. Then, for the next, start a brainstorming > discussion with you about how we scale these events into the future - > since once we get up and beyond a few hundred people, we're looking at > having to hire a venue as well as make some changes to the format of the > event. > > However, it seems that even this might be too late. We already had a > company that proposed to host the meetup at a west coast US hotel > instead of their place, and wanted to scope out other companies to > sponsor food. > > This would be a change in the model, so let's commence the discussion of > how we want to scale this event :) > > So far I've heard things like: > * "my $CORPORATE_BENEFACTOR would be fine to share sponsorship with others" > * "I really don't want to get to the point where we want booths at the > ops meetup" > > Which are promising! It seems like we have a shared understanding of > what to take this forward with. > > So, as the ops meetup grows - what would it look like for you? > > How do you think we can manage the venue selection and financial side of > things? What about the session layout and the scheduling with the > growing numbers of attendees? > > Current data can be found at > https://wiki.openstack.org/wiki/Operations/Meetups#Venue_Selection . > > I would also be interested in your thoughts about how these events have > only been in a limited geographical area so far, and how we can address > that issue. > > > Regards, > > > Tom > > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > Hi: Right now developers are asking for details so they can decide/plan on attending the next event. Are you close to deciding a location and/or perhaps some dates? Thanks, Anita. From openstack at medberry.net Mon Jul 6 18:16:13 2015 From: openstack at medberry.net (David Medberry) Date: Mon, 6 Jul 2015 12:16:13 -0600 Subject: [Openstack-operators] Scaling the Ops Meetup In-Reply-To: <55955773.3050000@openstack.org> References: <55921C03.5060303@openstack.org> <559396C5.3080104@openstack.org> <55955773.3050000@openstack.org> Message-ID: On Thu, Jul 2, 2015 at 9:23 AM, Tom Fifield wrote: > Venue selection process. > > At the moment, there's a few of us who work hard in the shadows to make > the best choice we can from a range of generous offers :) > Maybe you could host in Taiwan Tom or Tim could host in Geneva/CERN? -------------- next part -------------- An HTML attachment was scrubbed... URL: From openstack at medberry.net Mon Jul 6 18:16:48 2015 From: openstack at medberry.net (David Medberry) Date: Mon, 6 Jul 2015 12:16:48 -0600 Subject: [Openstack-operators] Scaling the Ops Meetup In-Reply-To: <559AC5A1.4060100@anteaya.info> References: <55921C03.5060303@openstack.org> <559AC5A1.4060100@anteaya.info> Message-ID: On Mon, Jul 6, 2015 at 12:14 PM, Anita Kuno wrote: > Right now developers are asking for details so they can decide/plan on > attending the next event. > > Are you close to deciding a location and/or perhaps some dates? > Yep, this is becoming a big issue. Several others are just going to stomp all over August as they schedule their meetups. -------------- next part -------------- An HTML attachment was scrubbed... URL: From doc at aedo.net Mon Jul 6 20:25:25 2015 From: doc at aedo.net (Christopher Aedo) Date: Mon, 6 Jul 2015 13:25:25 -0700 Subject: [Openstack-operators] App Catalog IRC meeting minutes - 7/2/2015 Message-ID: Thanks as always to those of you joining in the conversation regarding the App Catalog. We are working on building a Horizon plugin right now which will allow operators to include a browsable/searchable pane of catalog contents (fetched from http://apps.openstack.org, or your own local version of the App Catalog.) In order to support that quickly, I'm also working on extending the catalog to support additional asset types [1]. If you're interested in helping this work from the Horizon team please join us here on the mailing list or on IRC. In fact, same goes for any other project interested in promoting their "things that run on OpenStack". Please join us on #openstack-app-catalog during the week, or next Thursday for our next weekly meeting! [1]: https://blueprints.launchpad.net/app-catalog/+spec/expand-asset-types ================================= #openstack-meeting-3: app-catalog ================================= Meeting started by docaedo at 17:01:05 UTC. The full logs are available at http://eavesdrop.openstack.org/meetings/app_catalog/2015/app_catalog.2015-07-02-17.01.log.html . Meeting summary --------------- * rollcall (docaedo, 17:01:17) * Single YAML file switch status update (docaedo) (docaedo, 17:02:35) * Horizon panel status update (kfox1111) (docaedo, 17:07:05) * Stale URL checker (gosha) (docaedo, 17:27:48) * Heat template env (kfox1111) (docaedo, 17:29:57) * Open discussion (docaedo, 17:42:18) Meeting ended at 17:45:20 UTC. People present (lines said) --------------------------- * docaedo (61) * kfox1111 (57) * openstack (3) * sgordon (1) * elmiko (1) Generated by `MeetBot`_ 0.1.4 From bjohnson at paragusit.com Mon Jul 6 20:32:21 2015 From: bjohnson at paragusit.com (Brendan Johnson) Date: Mon, 6 Jul 2015 20:32:21 +0000 Subject: [Openstack-operators] Enable Qemu Agent When Booting from a Volume (rather than directly from an image) Message-ID: <2B45AAEC00B93743B5FC830C355CE4EF7695FE89@SBS2011.paragusit.local> I have a Windows 2012 r2 images with the qemu agent installed and the image property hw_qemu_guest_agent=yes set. When I boot a new instances directly from the image Libvirt launches the instance with -chardev and -device switches that create qemu agent socket. However if I create a volume from the Windows 2012 R2 image and then boot from the volume libvirt doesn't create the the qemu agent socket. Is anyone aware of a way to enable the qemu agent when booting from a volume? I want to use the qemu agent to ensure volumes are in a consistent state when performing a snapshot. Brendan Johnson Director of Engineering and Product Research ParagusIT ?? From allison at openstack.org Mon Jul 6 21:38:30 2015 From: allison at openstack.org (Allison Price) Date: Mon, 6 Jul 2015 16:38:30 -0500 Subject: [Openstack-operators] Scaling the Ops Meetup In-Reply-To: References: <55921C03.5060303@openstack.org> <559AC5A1.4060100@anteaya.info> Message-ID: <1642D97C-AC80-48E4-82B9-5A74CE7EE349@openstack.org> Hi everyone, We are currently finalizing the exact date and location for the ops meetup. We have two strong options that Tom will share more details on shortly, but we are aiming to hold the meetup the week of August 17 -21, leaning towards the beginning of the week so it does not conflict with OpenStack Day Seattle. We will be sharing more information shortly, but I wanted to put this on everyone?s radar as you plan travel and other meetups in August. Thanks, Allison Allison Price OpenStack Marketing allison at openstack.org > On Jul 6, 2015, at 1:16 PM, David Medberry wrote: > > > On Mon, Jul 6, 2015 at 12:14 PM, Anita Kuno > wrote: > Right now developers are asking for details so they can decide/plan on > attending the next event. > > Are you close to deciding a location and/or perhaps some dates? > > Yep, this is becoming a big issue. Several others are just going to stomp all over August as they schedule their meetups. > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -------------- next part -------------- An HTML attachment was scrubbed... URL: From anteaya at anteaya.info Mon Jul 6 22:51:04 2015 From: anteaya at anteaya.info (Anita Kuno) Date: Mon, 06 Jul 2015 18:51:04 -0400 Subject: [Openstack-operators] Scaling the Ops Meetup In-Reply-To: <1642D97C-AC80-48E4-82B9-5A74CE7EE349@openstack.org> References: <55921C03.5060303@openstack.org> <559AC5A1.4060100@anteaya.info> <1642D97C-AC80-48E4-82B9-5A74CE7EE349@openstack.org> Message-ID: <559B0658.3010607@anteaya.info> On 07/06/2015 05:38 PM, Allison Price wrote: > Hi everyone, > > We are currently finalizing the exact date and location for the ops meetup. We have two strong options that Tom will share more details on shortly, but we are aiming to hold the meetup the week of August 17 -21, leaning towards the beginning of the week so it does not conflict with OpenStack Day Seattle. > > We will be sharing more information shortly, but I wanted to put this on everyone?s radar as you plan travel and other meetups in August. > > Thanks, > Allison > > Allison Price > OpenStack Marketing > allison at openstack.org Thank you, Allison, having the dates help. (Or at least the range of dates.) Thank you, Anita. > > >> On Jul 6, 2015, at 1:16 PM, David Medberry wrote: >> >> >> On Mon, Jul 6, 2015 at 12:14 PM, Anita Kuno > wrote: >> Right now developers are asking for details so they can decide/plan on >> attending the next event. >> >> Are you close to deciding a location and/or perhaps some dates? >> >> Yep, this is becoming a big issue. Several others are just going to stomp all over August as they schedule their meetups. >> _______________________________________________ >> OpenStack-operators mailing list >> OpenStack-operators at lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > From sriram at clouddon.com Tue Jul 7 02:08:03 2015 From: sriram at clouddon.com (Sriram Subramanian) Date: Tue, 07 Jul 2015 02:08:03 +0000 Subject: [Openstack-operators] Scaling the Ops Meetup In-Reply-To: <1642D97C-AC80-48E4-82B9-5A74CE7EE349@openstack.org> References: <55921C03.5060303@openstack.org> <559AC5A1.4060100@anteaya.info> <1642D97C-AC80-48E4-82B9-5A74CE7EE349@openstack.org> Message-ID: Allison, Thanks for not conflicting with OpenStack Day Seattle :) If we are still in planning stage, how about we colocate Ops meet up with OpenStack Day Seattle? I can try getting the same venue as OpenStack Day Seattle, which can easily accommodate 200 attendees or more. Thanks, Sriram. On Mon, 6 Jul 2015 2:45 pm Allison Price wrote: > Hi everyone, > > We are currently finalizing the exact date and location for the ops > meetup. We have two strong options that Tom will share more details on > shortly, but we are aiming to hold the meetup the week of *August 17 -21*, > leaning towards the beginning of the week so it does not conflict with > OpenStack Day Seattle. > > We will be sharing more information shortly, but I wanted to put this on > everyone?s radar as you plan travel and other meetups in August. > > Thanks, > Allison > > Allison Price > OpenStack Marketing > allison at openstack.org > > > On Jul 6, 2015, at 1:16 PM, David Medberry wrote: > > > On Mon, Jul 6, 2015 at 12:14 PM, Anita Kuno wrote: > >> Right now developers are asking for details so they can decide/plan on >> attending the next event. >> >> Are you close to deciding a location and/or perhaps some dates? >> > > Yep, this is becoming a big issue. Several others are just going to stomp > all over August as they schedule their meetups. > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tom at openstack.org Tue Jul 7 07:15:35 2015 From: tom at openstack.org (Tom Fifield) Date: Tue, 07 Jul 2015 15:15:35 +0800 Subject: [Openstack-operators] Free vs Paid ticket to the Operators Midcycle. In-Reply-To: References: <55921C03.5060303@openstack.org> <1436079419.3042490.315434257.62F1DD74@webmail.messagingengine.com> Message-ID: <559B7C97.8080303@openstack.org> Mark's faster than me as usual - I was going to suggest the same :) There's one other subtly to throw in which is the fact that the paid ticket price need not be static - instead "name your price". To me, this is a great way to get some opportunistic income, without affecting the accessibility. To Dave's point - I have actually had the opposite experience. Some organisations really struggled with the concept of a free event (TNSTAAFL style) :) There's also a lot of individuals within organisations who do also make the case for payment, given the choice, or just neglect to tell their managers it is free. There really is no other sort of recognition, but people still do it anyway. The important note I picked up is, if you do have a revenue raising option, it can't be called "sponsorship" - since that implies corporate approval of the organising body, or "donation" - which results in various worlds of pain. So, I think we should do something that looks like: Ticket Information ========================================================== Type Cost Quantity Attendance Free _________ Attendance $____ _________ ========================================================== and just see what it gets us. If it nets us $100, probably not worth doing again in the same way. If it's $1000 or more, it becomes quite interesting. Regards, Tom On 05/07/15 16:36, Dave Walker wrote: > I've never worked with an organisation that would willingly pay for a > ticket if there were free ones on the table, the ones often included in > sponsorship deals are even used first. > > Just the idea of splitting by those that 'can' expense it seems odd to me. > > There must surely be some sort of other recognition? > > -- > Kind Regards, > Dave Walker > > On 5 Jul 2015 7:57 am, "Mark Atwood" > wrote: > > __ > As a suggestion re free / paid registration: have tiered tickets, > like the Community Leadership Summit does. > > Having a free ticket vs a paid ticket would not grant more or less > access or privileges at the event, but gives the opportunity for > people who can expense a ticket to do so. > > -- > Mark Atwood > > Director of Open Source Engagement, Hewlett-Packard > +1-206-473-7118 > > > On Tue, Jun 30, 2015, at 09:04, matt wrote: >> +1 on the no booths rule. >> -1 on paid registration, I think we need to be mindful of the >> smaller openstack deployers, their voice is an important one, and >> their access to the larger operations teams is invaluable to >> them. I like the idea of local teams showing up because it's in >> the neighborhood and they don't need to hassle their budgeting >> managers too much for travel approval / expenses. This is more >> accessible currently than the summits for many operators. Let's >> keep it that way. >> -matt > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > From richard at raseley.com Tue Jul 7 13:54:21 2015 From: richard at raseley.com (Richard Raseley) Date: Tue, 07 Jul 2015 06:54:21 -0700 Subject: [Openstack-operators] [puppet] OpenStack Puppet Modules Usage Questions In-Reply-To: References: <557F63CD.8000404@raseley.com> <5591727A.5090202@raseley.com> <55944C3D.5060009@raseley.com> <536861F2-8218-4B13-B063-6DD0B496F776@godaddy.com> Message-ID: <559BDA0D.6000702@raseley.com> Matt Fischer wrote: > Agreed, I'm pretty sure we've already discussed it enough. The auto-responder is up. From fungi at yuggoth.org Tue Jul 7 14:22:43 2015 From: fungi at yuggoth.org (Jeremy Stanley) Date: Tue, 7 Jul 2015 14:22:43 +0000 Subject: [Openstack-operators] Free vs Paid ticket to the Operators Midcycle. In-Reply-To: <559B7C97.8080303@openstack.org> References: <55921C03.5060303@openstack.org> <1436079419.3042490.315434257.62F1DD74@webmail.messagingengine.com> <559B7C97.8080303@openstack.org> Message-ID: <20150707142242.GX2731@yuggoth.org> On 2015-07-07 15:15:35 +0800 (+0800), Tom Fifield wrote: [...] > There's one other subtly to throw in which is the fact that the paid > ticket price need not be static - instead "name your price". [...] This is sort of what DebConf does, except they provide some suggested registration fees for non-gratis participants: http://debconf15.debconf.org/registration.xhtml#registration But basically if you want to go and you or your employer can't/won't cough up enough ? for professional or corporate registration, then you attend as a private participant for free. -- Jeremy Stanley From email at daviey.com Tue Jul 7 14:26:46 2015 From: email at daviey.com (Dave Walker) Date: Tue, 7 Jul 2015 15:26:46 +0100 Subject: [Openstack-operators] Free vs Paid ticket to the Operators Midcycle. In-Reply-To: <20150707142242.GX2731@yuggoth.org> References: <55921C03.5060303@openstack.org> <1436079419.3042490.315434257.62F1DD74@webmail.messagingengine.com> <559B7C97.8080303@openstack.org> <20150707142242.GX2731@yuggoth.org> Message-ID: On 7 July 2015 at 15:22, Jeremy Stanley wrote: > On 2015-07-07 15:15:35 +0800 (+0800), Tom Fifield wrote: > [...] >> There's one other subtly to throw in which is the fact that the paid >> ticket price need not be static - instead "name your price". > [...] > > This is sort of what DebConf does, except they provide some > suggested registration fees for non-gratis participants: > > http://debconf15.debconf.org/registration.xhtml#registration > > But basically if you want to go and you or your employer can't/won't > cough up enough ? for professional or corporate registration, then > you attend as a private participant for free. Professional / Corporate ticket vs Individual ticket, does have slightly different semantics compared to optional fee and does sound more reasonable. -- Kind Regards, Dave Walker From alopgeek at gmail.com Tue Jul 7 21:38:11 2015 From: alopgeek at gmail.com (Abel Lopez) Date: Tue, 7 Jul 2015 14:38:11 -0700 Subject: [Openstack-operators] OSAD for RHEL Message-ID: <7A20AC6B-28B1-405E-975E-2455AD23260F@gmail.com> Hey everyone, I've started looking at osad, and I like much of the direction it takes. I'm pretty interested in developing it to run on RHEL, I just wanted to check if anyone would be -2 opposed to that before I spend cycles on it. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 496 bytes Desc: Message signed with OpenPGP using GPGMail URL: From prometheanfire at gentoo.org Tue Jul 7 21:52:47 2015 From: prometheanfire at gentoo.org (Matthew Thode) Date: Tue, 7 Jul 2015 16:52:47 -0500 Subject: [Openstack-operators] OSAD for RHEL In-Reply-To: <7A20AC6B-28B1-405E-975E-2455AD23260F@gmail.com> References: <7A20AC6B-28B1-405E-975E-2455AD23260F@gmail.com> Message-ID: <559C4A2F.7040403@gentoo.org> On 07/07/2015 04:38 PM, Abel Lopez wrote: > Hey everyone, > I've started looking at osad, and I like much of the direction it takes. > I'm pretty interested in developing it to run on RHEL, I just wanted to check if anyone would be -2 opposed to that before I spend cycles on it. > > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > I have a change out there for adding support for alternate operating systems. (along with a blueprint). It's extreemly basic right now, but here are the links. It's on hold on my side (gentoo) for lack of manpower. https://blueprints.launchpad.net/openstack-ansible/+spec/os-ansible-for-gentoo-hosts https://review.openstack.org/#/c/199316/ -- -- Matthew Thode (prometheanfire) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From klindgren at godaddy.com Tue Jul 7 21:55:27 2015 From: klindgren at godaddy.com (Kris G. Lindgren) Date: Tue, 7 Jul 2015 21:55:27 +0000 Subject: [Openstack-operators] OSAD for RHEL In-Reply-To: <7A20AC6B-28B1-405E-975E-2455AD23260F@gmail.com> References: <7A20AC6B-28B1-405E-975E-2455AD23260F@gmail.com> Message-ID: +1 on RHEL support. I have some interest in moving away from packages and am interested in the OSAD tooling as well. ____________________________________________ Kris Lindgren Senior Linux Systems Engineer GoDaddy, LLC. On 7/7/15, 3:38 PM, "Abel Lopez" wrote: >Hey everyone, >I've started looking at osad, and I like much of the direction it takes. >I'm pretty interested in developing it to run on RHEL, I just wanted to >check if anyone would be -2 opposed to that before I spend cycles on it. From aishwarya.adyanthaya at accenture.com Wed Jul 8 05:55:09 2015 From: aishwarya.adyanthaya at accenture.com (aishwarya.adyanthaya at accenture.com) Date: Wed, 8 Jul 2015 05:55:09 +0000 Subject: [Openstack-operators] No route to host Message-ID: <3a6945cd78f542e5b91b575feb1254c0@CO2PR42MB188.048d.mgd.msft.net> Hi, I'm having trouble while trying to deploy a package from 'machine-A' outside openstack to the 'machine-B'(instance) inside openstack which is created through the dashboard. This is the error I get when I try to deploy it: ssh: connect to host 10.x.x.x port 22: No route to host Could anyone point out what I have to do to fix it. Thank you, Aishwarya Adyanthaya ________________________________ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. ______________________________________________________________________________________ www.accenture.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From ichi.sara at gmail.com Wed Jul 8 06:51:52 2015 From: ichi.sara at gmail.com (ICHIBA Sara) Date: Wed, 8 Jul 2015 08:51:52 +0200 Subject: [Openstack-operators] No route to host In-Reply-To: <3a6945cd78f542e5b91b575feb1254c0@CO2PR42MB188.048d.mgd.msft.net> References: <3a6945cd78f542e5b91b575feb1254c0@CO2PR42MB188.048d.mgd.msft.net> Message-ID: hey, It's probably because you forgot to open the port 22 of your instance using the security groups. your ssh command says that it couldn't reach the host 10.x.x.x . are you trying to ssh into your machine B using its private IP ? if so try to assign a floating IP to your machine B and then try again with this FIP instead. Cheers, Sara 2015-07-08 7:55 GMT+02:00 : > Hi, > > > > I?m having trouble while trying to deploy a package from ?machine-A? > outside openstack to the ?machine-B?(instance) inside openstack which is > created through the dashboard. > > > > This is the error I get when I try to deploy it: > > ssh: connect to host 10.x.x.x port 22: No route to host > > > > Could anyone point out what I have to do to fix it. > > > > Thank you, > > Aishwarya Adyanthaya > > ------------------------------ > > This message is for the designated recipient only and may contain > privileged, proprietary, or otherwise confidential information. If you have > received it in error, please notify the sender immediately and delete the > original. Any other use of the e-mail by you is prohibited. Where allowed > by local law, electronic communications with Accenture and its affiliates, > including e-mail and instant messaging (including content), may be scanned > by our systems for the purposes of information security and assessment of > internal compliance with Accenture policy. > > ______________________________________________________________________________________ > > www.accenture.com > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From alopgeek at gmail.com Wed Jul 8 06:55:52 2015 From: alopgeek at gmail.com (Abel Lopez) Date: Tue, 7 Jul 2015 23:55:52 -0700 Subject: [Openstack-operators] No route to host In-Reply-To: <3a6945cd78f542e5b91b575feb1254c0@CO2PR42MB188.048d.mgd.msft.net> References: <3a6945cd78f542e5b91b575feb1254c0@CO2PR42MB188.048d.mgd.msft.net> Message-ID: Sounds like you're trying to connect to the internal RFC 1918 address. You need to look at Floating IP, or try pulling from your instance instead of pushing to it. On Tuesday, July 7, 2015, wrote: > Hi, > > > > I?m having trouble while trying to deploy a package from ?machine-A? > outside openstack to the ?machine-B?(instance) inside openstack which is > created through the dashboard. > > > > This is the error I get when I try to deploy it: > > ssh: connect to host 10.x.x.x port 22: No route to host > > > > Could anyone point out what I have to do to fix it. > > > > Thank you, > > Aishwarya Adyanthaya > > ------------------------------ > > This message is for the designated recipient only and may contain > privileged, proprietary, or otherwise confidential information. If you have > received it in error, please notify the sender immediately and delete the > original. Any other use of the e-mail by you is prohibited. Where allowed > by local law, electronic communications with Accenture and its affiliates, > including e-mail and instant messaging (including content), may be scanned > by our systems for the purposes of information security and assessment of > internal compliance with Accenture policy. > > ______________________________________________________________________________________ > > www.accenture.com > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From aishwarya.adyanthaya at accenture.com Wed Jul 8 07:02:19 2015 From: aishwarya.adyanthaya at accenture.com (aishwarya.adyanthaya at accenture.com) Date: Wed, 8 Jul 2015 07:02:19 +0000 Subject: [Openstack-operators] No route to host In-Reply-To: References: <3a6945cd78f542e5b91b575feb1254c0@CO2PR42MB188.048d.mgd.msft.net> Message-ID: <6fbc57cbc5b644c8be1571ffc0dc624e@CO2PR42MB188.048d.mgd.msft.net> Hey, Thanks for the quick reply. I did attach a floating Ip to the instance. To test, I took the instance created inside the Openstack and tried deploying the machine with the services: Starting cluster using provider: ubuntu ... calling verify-prereqs Deploying on machine 10.x.x.x ubuntu at 10.x.x.x?s password: ubuntu at 10.x.x.x?s password: config-default.sh 100% 2447 2.4KB/s 00:00 broken pipe lost connection. and that is it. It breaks the connection. I did add the port 22 through the manage rules in the security groups. From: ICHIBA Sara [mailto:ichi.sara at gmail.com] Sent: Wednesday, July 08, 2015 12:22 PM To: Adyanthaya, Aishwarya Cc: openstack-operators at lists.openstack.org Subject: Re: [Openstack-operators] No route to host hey, It's probably because you forgot to open the port 22 of your instance using the security groups. your ssh command says that it couldn't reach the host 10.x.x.x . are you trying to ssh into your machine B using its private IP ? if so try to assign a floating IP to your machine B and then try again with this FIP instead. Cheers, Sara 2015-07-08 7:55 GMT+02:00 >: Hi, I?m having trouble while trying to deploy a package from ?machine-A? outside openstack to the ?machine-B?(instance) inside openstack which is created through the dashboard. This is the error I get when I try to deploy it: ssh: connect to host 10.x.x.x port 22: No route to host Could anyone point out what I have to do to fix it. Thank you, Aishwarya Adyanthaya ________________________________ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. ______________________________________________________________________________________ www.accenture.com _______________________________________________ OpenStack-operators mailing list OpenStack-operators at lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -------------- next part -------------- An HTML attachment was scrubbed... URL: From durrani.anwar at gmail.com Wed Jul 8 08:43:15 2015 From: durrani.anwar at gmail.com (Anwar Durrani) Date: Wed, 8 Jul 2015 14:13:15 +0530 Subject: [Openstack-operators] Getting ERROE on compute node Message-ID: Hello Team, I am trying to implement JUNO version, I have configured controller node and trying to configure compute node, however controller node seems working fine but when i try to start following services on controller node i am getting error as below : [root at compute ~]# systemctl start openstack-nova-compute.service Job for openstack-nova-compute.service failed. See 'systemctl status openstack-nova-compute.service' and 'journalctl -xn' for details. [root at compute ~]# tail /var/log/nova/nova-compute.log 2015-07-08 01:21:20.462 49721 INFO nova.openstack.common.periodic_task [-] Skipping periodic task _periodic_update_dns because its interval is negative 2015-07-08 01:21:20.501 49721 INFO oslo.messaging._drivers.impl_rabbit [req-6f67f40a-53cc-4c95-a431-f98ab296c0c5 ] Connecting to AMQP server on controller.example.com:5672 2015-07-08 01:21:20.516 49721 INFO oslo.messaging._drivers.impl_rabbit [req-6f67f40a-53cc-4c95-a431-f98ab296c0c5 ] Connected to AMQP server on controller.example.com:5672 2015-07-08 01:21:20.519 49721 INFO oslo.messaging._drivers.impl_rabbit [req-6f67f40a-53cc-4c95-a431-f98ab296c0c5 ] Connecting to AMQP server on controller.example.com:5672 2015-07-08 01:21:20.528 49721 INFO oslo.messaging._drivers.impl_rabbit [req-6f67f40a-53cc-4c95-a431-f98ab296c0c5 ] Connected to AMQP server on controller.example.com:5672 2015-07-08 01:21:30.538 49721 WARNING nova.conductor.api [req-6f67f40a-53cc-4c95-a431-f98ab296c0c5 None] Timed out waiting for nova-conductor. Is it running? Or did this service start before nova-conductor? Reattempting establishment of nova-conductor connection... 2015-07-08 01:21:40.572 49721 WARNING nova.conductor.api [req-6f67f40a-53cc-4c95-a431-f98ab296c0c5 None] Timed out waiting for nova-conductor. Is it running? Or did this service start before nova-conductor? Reattempting establishment of nova-conductor connection... 2015-07-08 01:21:50.582 49721 WARNING nova.conductor.api [req-6f67f40a-53cc-4c95-a431-f98ab296c0c5 None] Timed out waiting for nova-conductor. Is it running? Or did this service start before nova-conductor? Reattempting establishment of nova-conductor connection... 2015-07-08 01:22:00.591 49721 WARNING nova.conductor.api [req-6f67f40a-53cc-4c95-a431-f98ab296c0c5 None] Timed out waiting for nova-conductor. Is it running? Or did this service start before nova-conductor? Reattempting establishment of nova-conductor connection... 2015-07-08 01:22:10.606 49721 WARNING nova.conductor.api [req-6f67f40a-53cc-4c95-a431-f98ab296c0c5 None] Timed out waiting for nova-conductor. Is it running? Or did this service start before nova-conductor? Reattempting establishment of nova-conductor connection... ?ny? -- Thanks & regards, -------------- next part -------------- An HTML attachment was scrubbed... URL: From gstepanov at mirantis.com Wed Jul 8 10:58:35 2015 From: gstepanov at mirantis.com (Gleb Stepanov) Date: Wed, 8 Jul 2015 13:58:35 +0300 Subject: [Openstack-operators] [nova] disk I/O perfomance Message-ID: Hello, all. We have measured disk I/O performance on openstack virtual machines with aid of FIO tool. We've tested performance on root dist drive device, test consists of write operationby 4kb blocks to file with size 90Gb (prefilled in advance). We use qcow2 image for vm, ephemeral drive and virtio driver. All configuration goes in attachment. There are some results: test 1 threads 1, 5, 10, 15, 20, 40 iops 72,58,49,60,94,72 test 2 threads 1, 5, 10, 15, 20, 40 iops 71,60,54,88,52,52 test 3 threads 1, 5, 10, 15, 20, 40 iops 71,49,58,51,128,130 test 4 threads 1, 5, 10, 15, 20, 40 iops 65,49,60,56,52,63 As it is shown performance degraded during increasing amount of threads, also deviation of results on 40 threads is very big. Have you any ideas how to explain performance behaviour? Kind regards, Gleb Stepanov. -------------- next part -------------- A non-text attachment was scrubbed... Name: instance.xml Type: text/xml Size: 4735 bytes Desc: not available URL: From chdent at redhat.com Wed Jul 8 12:02:22 2015 From: chdent at redhat.com (Chris Dent) Date: Wed, 8 Jul 2015 13:02:22 +0100 (BST) Subject: [Openstack-operators] [ceilometer] virtual mid-cycle tomorrow (9th) and Friday (10th) Message-ID: The ceilometer mid-cycle is virtual and starts tomorrow (Thursday 9th of July) at 0700 UTC. The topical agenda is here: https://wiki.openstack.org/wiki/Meetings/Ceilometer/Liberty_Virtual_Mid-Cycle and the daily schedule is here: https://www.google.com/calendar/embed?src=cXZqcTY2ZXJjcnYxbG9kaGtoMHZwNmxrNDRAZ3JvdXAuY2FsZW5kYXIuZ29vZ2xlLmNvbQ If you're planning to attend, show up in the #openstack-ceilometer IRC channel around the appointed time and ask for the URL for the video. Active participants should make a point of reading and adding to the etherpads associated with each session _in advance_ of the sessions. This will help make sure we focus on the stuff that people actually care about. Some sessions currently have neither leader nor etherpad. We need to fix that. See you there. -- Chris Dent tw:@anticdent freenode:cdent https://tank.peermore.com/tanks/cdent From mailinglists at expresswebsystems.com Wed Jul 8 14:07:18 2015 From: mailinglists at expresswebsystems.com (MailingLists - EWS) Date: Wed, 8 Jul 2015 10:07:18 -0400 Subject: [Openstack-operators] Getting ERROE on compute node In-Reply-To: References: Message-ID: <1b79301d0b987$66bcd800$34368800$@expresswebsystems.com> Anwar, It looks like your RabbitMQ isn?t running or isn?t reachable. There were some issues that we ran into when doing this. Make sure RabbitMQ is running. Double check your IPtables rules to make sure the ports are open. I also seem to recall some problem with a certain version of RabbitMQ that was installed that was just broken and we had to roll back to a previous version but that was several months ago and my recollection is a bit hazy as to the details. Tom Walsh Express Web Systems, Inc. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at nycresistor.com Wed Jul 8 14:15:17 2015 From: matt at nycresistor.com (Matt Joyce) Date: Wed, 08 Jul 2015 14:15:17 +0000 Subject: [Openstack-operators] Getting ERROE on compute node In-Reply-To: <1b79301d0b987$66bcd800$34368800$@expresswebsystems.com> References: <1b79301d0b987$66bcd800$34368800$@expresswebsystems.com> Message-ID: <2B644495-24CA-42E4-A165-B91CD3754BA1@nycresistor.com> On newer rabbitmq the guest account is disabled for remote access by default. Try not to use it. -Matt On July 8, 2015 10:07:18 AM EDT, MailingLists - EWS wrote: >Anwar, > > > >It looks like your RabbitMQ isn?t running or isn?t reachable. > > > >There were some issues that we ran into when doing this. Make sure >RabbitMQ is running. Double check your IPtables rules to make sure the >ports are open. I also seem to recall some problem with a certain >version of RabbitMQ that was installed that was just broken and we had >to roll back to a previous version but that was several months ago and >my recollection is a bit hazy as to the details. > > > >Tom Walsh > >Express Web Systems, Inc. > > > >------------------------------------------------------------------------ > >_______________________________________________ >OpenStack-operators mailing list >OpenStack-operators at lists.openstack.org >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- An HTML attachment was scrubbed... URL: From kevinbri at cisco.com Wed Jul 8 14:19:28 2015 From: kevinbri at cisco.com (Kevin Bringard (kevinbri)) Date: Wed, 8 Jul 2015 14:19:28 +0000 Subject: [Openstack-operators] Getting ERROE on compute node In-Reply-To: <1b79301d0b987$66bcd800$34368800$@expresswebsystems.com> References: <1b79301d0b987$66bcd800$34368800$@expresswebsystems.com> Message-ID: I think more than that, conductor may not be running. If you look at the original error messages, we can see that it's able to connect to the rabbit server: 2015-07-08 01:21:20.501 49721 INFO oslo.messaging._drivers.impl_rabbit [req-6f67f40a-53cc-4c95-a431-f98ab296c0c5 ] Connecting to AMQP server on controller.example.com:5672 2015-07-08 01:21:20.516 49721 INFO oslo.messaging._drivers.impl_rabbit [req-6f67f40a-53cc-4c95-a431-f98ab296c0c5 ] Connected to AMQP server oncontroller.example.com:5672 But then it times out waiting for conductor. 2015-07-08 01:21:30.538 49721 WARNING nova.conductor.api [req-6f67f40a-53cc-4c95-a431-f98ab296c0c5 None] Timed out waiting for nova-conductor. Is it running? Or did this service start before nova-conductor? Reattempting establishment of nova-conductor connection... I'd look on your controller node and make sure the nova-conductor service is running, and also make sure *it* is able to connect to the message bus. On 7/8/15, 8:07 AM, "MailingLists - EWS" wrote: >Anwar, > >It looks like your RabbitMQ isn?t running or isn?t reachable. > >There were some issues that we ran into when doing this. Make sure >RabbitMQ is running. Double check your IPtables rules to make sure the >ports are open. I > also seem to recall some problem with a certain version of RabbitMQ that >was installed that was just broken and we had to roll back to a previous >version but that was several months ago and my recollection is a bit hazy >as to the details. > >Tom Walsh >Express Web Systems, Inc. > > > > > From warren at wangspeed.com Wed Jul 8 14:33:18 2015 From: warren at wangspeed.com (Warren Wang) Date: Wed, 8 Jul 2015 10:33:18 -0400 Subject: [Openstack-operators] [nova] disk I/O perfomance In-Reply-To: References: Message-ID: The only time we saw major performance issues with ephemeral (we're using SSDs in RAID 0) was when we ran fio against a sparse file. It sounds like you ran it against a properly filled file though, and it looks like you're on a single spinning drive, based on the fio numbers. Can you confirm? Also, what version of qemu are you running, and can you check if you have iothread enabled? "qemu-system-x86_64 -device virtio-blk-device,help" should show iothread somewhere. One other thing I can think of, did you specify directIO in your fio run? I notice you have the balloon driver on. Have you had used it in a production environment that neared full? Curious what the feedback is here. Warren Warren On Wed, Jul 8, 2015 at 6:58 AM, Gleb Stepanov wrote: > Hello, all. > > We have measured disk I/O performance on openstack virtual machines > with aid of > FIO tool. We've tested performance on root dist drive device, test > consists of write operationby 4kb > blocks to file with size 90Gb (prefilled in advance). > We use qcow2 image for vm, ephemeral drive and virtio driver. > All configuration goes in attachment. > > There are some results: > > test 1 > > threads 1, 5, 10, 15, 20, 40 > iops 72,58,49,60,94,72 > > test 2 > threads 1, 5, 10, 15, 20, 40 > iops 71,60,54,88,52,52 > > test 3 > threads 1, 5, 10, 15, 20, 40 > iops 71,49,58,51,128,130 > > test 4 > threads 1, 5, 10, 15, 20, 40 > iops 65,49,60,56,52,63 > > As it is shown performance degraded during increasing amount of > threads, also deviation of results on 40 threads is very big. > Have you any ideas how to explain performance behaviour? > > Kind regards, Gleb Stepanov. > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From sgordon at redhat.com Wed Jul 8 20:19:11 2015 From: sgordon at redhat.com (Steve Gordon) Date: Wed, 8 Jul 2015 16:19:11 -0400 (EDT) Subject: [Openstack-operators] [nfv][telco] On-going management of telcowg-usecases repository In-Reply-To: <848723949.33691967.1436385417756.JavaMail.zimbra@redhat.com> Message-ID: <1974199276.33699950.1436386751859.JavaMail.zimbra@redhat.com> Hi all, There are a couple of lingering issues with the on-going management of the telcowg-usecases [1] repository that I would like to give visibility to and ultimately resolve one way or another: 1) Presence in the Stackforge namespace There is currently a proposal to retire stackforge [2] and while it's not clear this will be accepted (and even if it is there is likely to be quite a generous timeline before retirement) it did remind me that we primarily created the repository on stackforge because we fell into the group Thierry characterizes in the comments as: "Things that just wanted a place to live and don't have enough energy to propose it to TC" As such I'm asking if members of the working group would be for/against a proposal to move telcowg-usecases into the OpenStack namespace. 2) Core review group The current core review group, as created for the purposes of bootstrapping things, is: - Anthony Veiga - Marc Koderer - Steve Gordon (me) I think we could bare to add 1-2 people from within the working group to the core group outright even though the number of patch sets and reviews for that matter to handle is relatively minor [4]. I would like to nominate Daniel Schabarum and Yuriy Babenko at this point. Again I am asking though if members of the working group are for/against this. Thanks, Steve [1] http://git.openstack.org/cgit/stackforge/telcowg-usecases/ [2] https://review.openstack.org/#/c/192016/ [3] https://review.openstack.org/#/c/178347/9/doc/source/workflow.rst [4] http://stackalytics.com/?project_type=stackforge&module=telcowg-usecases&release=all From doc at aedo.net Wed Jul 8 21:49:38 2015 From: doc at aedo.net (Christopher Aedo) Date: Wed, 8 Jul 2015 14:49:38 -0700 Subject: [Openstack-operators] [app-catalog] July 9 meeting cancelled Message-ID: Unless there are any specific agenda items anyone else wishes to discuss tomorrow during the weekly App Catalog IRC meeting, I propose we push this off until next week. Please do speak up here on the mailing list or on the IRC channel (#openstack-app-catalog) if there is anything you would like covered. Thanks! From siv.devops at gmail.com Wed Jul 8 21:59:06 2015 From: siv.devops at gmail.com (pra devOPS) Date: Wed, 8 Jul 2015 14:59:06 -0700 Subject: [Openstack-operators] seperate subnet for VMs in with nova network Message-ID: All: I wanted to do the below using openstack (Icehouse). with the following network connections on CenOS I have two NICs on the machine and mine will be all in one installation. one NIC (say NIC1) on my lab vLAN 192.168.5.x and second NIC not configured on anything. Now I wanted to have Openstack Installed on NIC1. Assign an IP to second interface like (172.168.2.5) And give that range in nova-network say like nova network-create demo-net --bridge br100 --multi-host T --fixed-range-v4 172.168.2.0/24 , Assign gateway as 172.168.2.1 ( I assume that openstack will create a interface with that br100 with ip 172.168.2.1) configure nova.conf like below: openstack-config --set /etc/nova/nova.conf DEFAULT flat_network_bridge br100 openstack-config --set /etc/nova/nova.conf DEFAULT flat_interface NIC2 openstack-config --set /etc/nova/nova.conf DEFAULT public_interface NIC2 Now my questions are : Will i be able to create something like that? I am able to do ssh and connect using private IPs as well, But my private IP is not talking to outside world. Can some body suggest? What is that I am doing wrong ? Thanks Dev -------------- next part -------------- An HTML attachment was scrubbed... URL: From kevin.carter at RACKSPACE.COM Wed Jul 8 23:57:42 2015 From: kevin.carter at RACKSPACE.COM (Kevin Carter) Date: Wed, 8 Jul 2015 23:57:42 +0000 Subject: [Openstack-operators] OSAD for RHEL In-Reply-To: <7A20AC6B-28B1-405E-975E-2455AD23260F@gmail.com> References: <7A20AC6B-28B1-405E-975E-2455AD23260F@gmail.com> Message-ID: <1436399862353.78620@RACKSPACE.COM> No opposition at all for adding in additional OS support. IMO it would be great in terms of support-ability and deployment perspectives. If you've not already checkout the #openstack-ansible channel and ping us if you have any questions. -- Kevin Carter IRC: cloudnull ________________________________________ From: Abel Lopez Sent: Tuesday, July 7, 2015 4:38 PM To: openstack-oper. Subject: [Openstack-operators] OSAD for RHEL Hey everyone, I've started looking at osad, and I like much of the direction it takes. I'm pretty interested in developing it to run on RHEL, I just wanted to check if anyone would be -2 opposed to that before I spend cycles on it. From ayoung at redhat.com Thu Jul 9 04:33:28 2015 From: ayoung at redhat.com (Adam Young) Date: Thu, 09 Jul 2015 00:33:28 -0400 Subject: [Openstack-operators] OSAD for RHEL In-Reply-To: References: <7A20AC6B-28B1-405E-975E-2455AD23260F@gmail.com> Message-ID: <559DF998.8080605@redhat.com> On 07/07/2015 05:55 PM, Kris G. Lindgren wrote: > +1 on RHEL support. I have some interest in moving away from packages and > am interested in the OSAD tooling as well. I would not recommend an approach targetting RHEL that does not use packages. OSAD support for RHEL using packages would be an outstanding tool. Which way are you planning on taking it? > ____________________________________________ > > Kris Lindgren > Senior Linux Systems Engineer > GoDaddy, LLC. > > > > > > > > On 7/7/15, 3:38 PM, "Abel Lopez" wrote: > >> Hey everyone, >> I've started looking at osad, and I like much of the direction it takes. >> I'm pretty interested in developing it to run on RHEL, I just wanted to >> check if anyone would be -2 opposed to that before I spend cycles on it. > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators From john at dewey.ws Thu Jul 9 04:54:16 2015 From: john at dewey.ws (John Dewey) Date: Wed, 8 Jul 2015 21:54:16 -0700 Subject: [Openstack-operators] OSAD for RHEL In-Reply-To: <559DF998.8080605@redhat.com> References: <7A20AC6B-28B1-405E-975E-2455AD23260F@gmail.com> <559DF998.8080605@redhat.com> Message-ID: On Wednesday, July 8, 2015 at 9:33 PM, Adam Young wrote: > On 07/07/2015 05:55 PM, Kris G. Lindgren wrote: > > +1 on RHEL support. I have some interest in moving away from packages and > > am interested in the OSAD tooling as well. > > > > > I would not recommend an approach targetting RHEL that does not use > packages. > > OSAD support for RHEL using packages would be an outstanding tool. > > Which way are you planning on taking it? IMO - registering the systems with subscription manager or pointing to in house yum repos should be included as part of system bootstrapping, and not a part of OSAD. OSAD should simply install the specific packages for the alternate distro. Might also be a good time to abstract the system packaging module into a higher level one which handles `yum` or `apt` behind the scenes. We can then manage the list of packages per distro[1]. Throwing this out as an idea vs copy-paste every apt with a yum section. [1] https://gist.github.com/retr0h/dd4cbd27829a3095f37a > > ____________________________________________ > > > > Kris Lindgren > > Senior Linux Systems Engineer > > GoDaddy, LLC. > > > > > > > > > > > > > > > > On 7/7/15, 3:38 PM, "Abel Lopez" wrote: > > > > > Hey everyone, > > > I've started looking at osad, and I like much of the direction it takes. > > > I'm pretty interested in developing it to run on RHEL, I just wanted to > > > check if anyone would be -2 opposed to that before I spend cycles on it. > > > > > > > > > _______________________________________________ > > OpenStack-operators mailing list > > OpenStack-operators at lists.openstack.org (mailto:OpenStack-operators at lists.openstack.org) > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > > > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org (mailto:OpenStack-operators at lists.openstack.org) > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From klindgren at godaddy.com Thu Jul 9 05:12:00 2015 From: klindgren at godaddy.com (Kris G. Lindgren) Date: Thu, 9 Jul 2015 05:12:00 +0000 Subject: [Openstack-operators] OSAD for RHEL In-Reply-To: <559DF998.8080605@redhat.com> References: <7A20AC6B-28B1-405E-975E-2455AD23260F@gmail.com> <559DF998.8080605@redhat.com> Message-ID: I should be more clear. My current thought is to have a venv packaged inside an rpm - so the rpm includes the needed init scripts, ensures the required system level binaries are installed, adds the users - ect ect. But would be a single deployable autonomous unit. Also, have a versioning schema to roll forward and back between venvs for quick update/rollback. We are already working on doing something similar to this to run kilo on cent6 boxen, until we can finish revving the remaining parts of the fleet to cent7. My desire is to move away from using system level python & openstack packages, so that I can possibly run mismatched versions if I need to. We had a need to run kilo ceilometer and juno neutron/nova on a single server. The conflicting python requirements between those made that task impossible. In general I want to get away from treating Openstack as a single system that everything needs to be upgraded in lock step (packages force you into this). I want to move to being able to upgrade say oslo.messaging to a newer version on just say nova on my control plane servers. Or upgrade nova to kilo while keeping the rest of the system (neutron) on juno. Unless I run each service in a vm/container or on a physical piece of hardware that is pretty much impossible to do with packages - outside of placing everything inside venv's. However, it is my understanding that OSAD already builds its own python-wheels and runs those inside lxc containers. So I don?t really follow what good throwing those into an rpm would really do? ____________________________________________ Kris Lindgren Senior Linux Systems Engineer GoDaddy, LLC. On 7/8/15, 10:33 PM, "Adam Young" wrote: >On 07/07/2015 05:55 PM, Kris G. Lindgren wrote: >> +1 on RHEL support. I have some interest in moving away from packages >>and >> am interested in the OSAD tooling as well. > >I would not recommend an approach targetting RHEL that does not use >packages. > >OSAD support for RHEL using packages would be an outstanding tool. > >Which way are you planning on taking it? > >> ____________________________________________ >> >> Kris Lindgren >> Senior Linux Systems Engineer >> GoDaddy, LLC. >> >> >> >> >> >> >> >> On 7/7/15, 3:38 PM, "Abel Lopez" wrote: >> >>> Hey everyone, >>> I've started looking at osad, and I like much of the direction it >>>takes. >>> I'm pretty interested in developing it to run on RHEL, I just wanted to >>> check if anyone would be -2 opposed to that before I spend cycles on >>>it. >> >> _______________________________________________ >> OpenStack-operators mailing list >> OpenStack-operators at lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > >_______________________________________________ >OpenStack-operators mailing list >OpenStack-operators at lists.openstack.org >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators From john at dewey.ws Thu Jul 9 05:43:46 2015 From: john at dewey.ws (John Dewey) Date: Wed, 8 Jul 2015 22:43:46 -0700 Subject: [Openstack-operators] OSAD for RHEL In-Reply-To: References: <7A20AC6B-28B1-405E-975E-2455AD23260F@gmail.com> <559DF998.8080605@redhat.com> Message-ID: <44CC9E4900D54CCABFC4E9B2F4CD13BD@dewey.ws> This would not be acceptable for those running OSP. On Wednesday, July 8, 2015 at 10:12 PM, Kris G. Lindgren wrote: > I should be more clear. My current thought is to have a venv packaged > inside an rpm - so the rpm includes the needed init scripts, ensures the > required system level binaries are installed, adds the users - ect ect. > But would be a single deployable autonomous unit. Also, have a versioning > schema to roll forward and back between venvs for quick update/rollback. > We are already working on doing something similar to this to run kilo on > cent6 boxen, until we can finish revving the remaining parts of the fleet > to cent7. > > My desire is to move away from using system level python & openstack > packages, so that I can possibly run mismatched versions if I need to. We > had a need to run kilo ceilometer and juno neutron/nova on a single > server. The conflicting python requirements between those made that task > impossible. In general I want to get away from treating Openstack as a > single system that everything needs to be upgraded in lock step (packages > force you into this). I want to move to being able to upgrade say > oslo.messaging to a newer version on just say nova on my control plane > servers. Or upgrade nova to kilo while keeping the rest of the system > (neutron) on juno. Unless I run each service in a vm/container or on a > physical piece of hardware that is pretty much impossible to do with > packages - outside of placing everything inside venv's. > > However, it is my understanding that OSAD already builds its own > python-wheels and runs those inside lxc containers. So I don?t really > follow what good throwing those into an rpm would really do? > ____________________________________________ > > Kris Lindgren > Senior Linux Systems Engineer > GoDaddy, LLC. > > > On 7/8/15, 10:33 PM, "Adam Young" wrote: > > > On 07/07/2015 05:55 PM, Kris G. Lindgren wrote: > > > +1 on RHEL support. I have some interest in moving away from packages > > > and > > > am interested in the OSAD tooling as well. > > > > > > > > > I would not recommend an approach targetting RHEL that does not use > > packages. > > > > OSAD support for RHEL using packages would be an outstanding tool. > > > > Which way are you planning on taking it? > > > > > ____________________________________________ > > > > > > Kris Lindgren > > > Senior Linux Systems Engineer > > > GoDaddy, LLC. > > > > > > > > > > > > > > > > > > > > > > > > On 7/7/15, 3:38 PM, "Abel Lopez" wrote: > > > > > > > Hey everyone, > > > > I've started looking at osad, and I like much of the direction it > > > > takes. > > > > I'm pretty interested in developing it to run on RHEL, I just wanted to > > > > check if anyone would be -2 opposed to that before I spend cycles on > > > > it. > > > > > > > > > > > > > _______________________________________________ > > > OpenStack-operators mailing list > > > OpenStack-operators at lists.openstack.org (mailto:OpenStack-operators at lists.openstack.org) > > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > > > > > > > > > > _______________________________________________ > > OpenStack-operators mailing list > > OpenStack-operators at lists.openstack.org (mailto:OpenStack-operators at lists.openstack.org) > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > > > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org (mailto:OpenStack-operators at lists.openstack.org) > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From klindgren at godaddy.com Thu Jul 9 06:16:09 2015 From: klindgren at godaddy.com (Kris G. Lindgren) Date: Thu, 9 Jul 2015 06:16:09 +0000 Subject: [Openstack-operators] OSAD for RHEL In-Reply-To: <44CC9E4900D54CCABFC4E9B2F4CD13BD@dewey.ws> References: <7A20AC6B-28B1-405E-975E-2455AD23260F@gmail.com> <559DF998.8080605@redhat.com> <44CC9E4900D54CCABFC4E9B2F4CD13BD@dewey.ws> Message-ID: Does OSP support running each service in an LXC container as well? What about nova-cells? How does it handle people who need to carry local changes? What is the upgrade path like with OSP? Asking, because in Philly the general consensus, I fel,t was people want to move away from the current system level package stuff and move towards: venv's, "lightweight packages", containers. The only reason that was brought up to keep packages around was to solve the non-python lib stuff and using a depsolver (yum/apt) that doesn't suck (pip). So I am pretty sure my wants are inline with what other people in the community are either already doing or moving towards. ___________________________________________ Kris Lindgren Senior Linux Systems Engineer GoDaddy, LLC. From: John Dewey > Date: Wednesday, July 8, 2015 at 11:43 PM To: "Kris G. Lindgren" > Cc: Adam Young >, "openstack-operators at lists.openstack.org" > Subject: Re: [Openstack-operators] OSAD for RHEL This would not be acceptable for those running OSP. On Wednesday, July 8, 2015 at 10:12 PM, Kris G. Lindgren wrote: I should be more clear. My current thought is to have a venv packaged inside an rpm - so the rpm includes the needed init scripts, ensures the required system level binaries are installed, adds the users - ect ect. But would be a single deployable autonomous unit. Also, have a versioning schema to roll forward and back between venvs for quick update/rollback. We are already working on doing something similar to this to run kilo on cent6 boxen, until we can finish revving the remaining parts of the fleet to cent7. My desire is to move away from using system level python & openstack packages, so that I can possibly run mismatched versions if I need to. We had a need to run kilo ceilometer and juno neutron/nova on a single server. The conflicting python requirements between those made that task impossible. In general I want to get away from treating Openstack as a single system that everything needs to be upgraded in lock step (packages force you into this). I want to move to being able to upgrade say oslo.messaging to a newer version on just say nova on my control plane servers. Or upgrade nova to kilo while keeping the rest of the system (neutron) on juno. Unless I run each service in a vm/container or on a physical piece of hardware that is pretty much impossible to do with packages - outside of placing everything inside venv's. However, it is my understanding that OSAD already builds its own python-wheels and runs those inside lxc containers. So I don?t really follow what good throwing those into an rpm would really do? ____________________________________________ Kris Lindgren Senior Linux Systems Engineer GoDaddy, LLC. On 7/8/15, 10:33 PM, "Adam Young" > wrote: On 07/07/2015 05:55 PM, Kris G. Lindgren wrote: +1 on RHEL support. I have some interest in moving away from packages and am interested in the OSAD tooling as well. I would not recommend an approach targetting RHEL that does not use packages. OSAD support for RHEL using packages would be an outstanding tool. Which way are you planning on taking it? ____________________________________________ Kris Lindgren Senior Linux Systems Engineer GoDaddy, LLC. On 7/7/15, 3:38 PM, "Abel Lopez" > wrote: Hey everyone, I've started looking at osad, and I like much of the direction it takes. I'm pretty interested in developing it to run on RHEL, I just wanted to check if anyone would be -2 opposed to that before I spend cycles on it. _______________________________________________ OpenStack-operators mailing list OpenStack-operators at lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators _______________________________________________ OpenStack-operators mailing list OpenStack-operators at lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators _______________________________________________ OpenStack-operators mailing list OpenStack-operators at lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -------------- next part -------------- An HTML attachment was scrubbed... URL: From durrani.anwar at gmail.com Thu Jul 9 06:33:07 2015 From: durrani.anwar at gmail.com (Anwar Durrani) Date: Thu, 9 Jul 2015 12:03:07 +0530 Subject: [Openstack-operators] Getting ERROE on compute node In-Reply-To: References: <1b79301d0b987$66bcd800$34368800$@expresswebsystems.com> Message-ID: Hi Kevin, I have confirmed that nova-conductor service is running on controller node [root at controller ~]# systemctl status openstack-nova-conductor.service openstack-nova-conductor.service - OpenStack Nova Conductor Server Loaded: loaded (/usr/lib/systemd/system/openstack-nova-conductor.service; enabled) Active: active (running) since Wed 2015-07-08 23:24:53 PDT; 4min 53s ago Main PID: 12171 (nova-conductor) CGroup: /system.slice/openstack-nova-conductor.service ??12171 /usr/bin/python /usr/bin/nova-conductor Jul 08 23:24:53 controller.example.com systemd[1]: Starting OpenStack Nova Conductor Server... Jul 08 23:24:53 controller.example.com systemd[1]: Started OpenStack Nova Conductor Server. Although i have restarted all nova services on controller node as systemctl start openstack-nova-conductor.service systemctl start openstack-nova-api.service systemctl start openstack-nova-cert.service systemctl start openstack-nova-consoleauth.service systemctl start openstack-nova-scheduler.service systemctl start openstack-nova-novncproxy.service also verified that firewall is disabled on both systems. checked configuration files once again, all seems ok, getting same status as above. On Wed, Jul 8, 2015 at 7:49 PM, Kevin Bringard (kevinbri) < kevinbri at cisco.com> wrote: > I think more than that, conductor may not be running. If you look at the > original error messages, we can see that it's able to connect to the > rabbit server: > > 2015-07-08 01:21:20.501 49721 INFO oslo.messaging._drivers.impl_rabbit > [req-6f67f40a-53cc-4c95-a431-f98ab296c0c5 ] Connecting to AMQP server on > controller.example.com:5672 > 2015-07-08 01:21:20.516 49721 INFO oslo.messaging._drivers.impl_rabbit > [req-6f67f40a-53cc-4c95-a431-f98ab296c0c5 ] Connected to AMQP server > oncontroller.example.com:5672 > > > But then it times out waiting for conductor. > > 2015-07-08 01:21:30.538 49721 WARNING nova.conductor.api > [req-6f67f40a-53cc-4c95-a431-f98ab296c0c5 None] Timed out waiting for > nova-conductor. Is it running? Or did this service start before > nova-conductor? Reattempting establishment of nova-conductor connection... > > > I'd look on your controller node and make sure the nova-conductor service > is running, and also make sure *it* is able to connect to the message bus. > > > > On 7/8/15, 8:07 AM, "MailingLists - EWS" > wrote: > > >Anwar, > > > >It looks like your RabbitMQ isn?t running or isn?t reachable. > > > >There were some issues that we ran into when doing this. Make sure > >RabbitMQ is running. Double check your IPtables rules to make sure the > >ports are open. I > > also seem to recall some problem with a certain version of RabbitMQ that > >was installed that was just broken and we had to roll back to a previous > >version but that was several months ago and my recollection is a bit hazy > >as to the details. > > > >Tom Walsh > >Express Web Systems, Inc. > > > > > > > > > > > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > -- Thanks & regards, Anwar M. Durrani +91-8605010721 -------------- next part -------------- An HTML attachment was scrubbed... URL: From gfa at zumbi.com.ar Thu Jul 9 08:24:27 2015 From: gfa at zumbi.com.ar (gustavo panizzo (gfa)) Date: Thu, 9 Jul 2015 16:24:27 +0800 Subject: [Openstack-operators] openstack and xen In-Reply-To: <20150706074307.GA14325@torio> References: <55951FDB.9050203@zumbi.com.ar> <20150706074307.GA14325@torio> Message-ID: <559E2FBB.7080609@zumbi.com.ar> On 2015-07-06 15:43, ?lvaro L?pez Garc?a wrote: > On 02 Jul 2015 (19:26), gustavo panizzo (gfa) wrote: >> Hello > > Hi, > >> has anybody moved from kvm to xen? >> i see the support for xen on nova's hypervisor support matrix got better on >> latest releases. > > We're using Xen from the beginning, back in Cactus IIRC. In the past we > had to patch several things, but support has improved a lot. do you still need to patch? > >> we found hard to isolate noisy vm on kvm, and the network problem (i sent on >> another email) is killing us >> >> besides, xen being used by rackspace and aws is not bad publicity at all >> >> so, is anybody using xen? what are they using? xenserver from citrix, >> xen4centos, xen on ubuntu, xen+libvirt? what are the results? > > We are using Ubuntu + Libvirt + Xen, and we're happy with it. The only > thing that you have to take into account is that if you plan to use > PyGrub you cannot use CoW, mainly because PyGrub cannot read qcow2 > images. does live migration without shared storage works? if yes, which percentage of failure do you have? which neutron agent (ovs, linuxbridge) do you use? > > Cheers, > thanks -- 1AE0 322E B8F7 4717 BDEA BF1D 44BB 1BA7 9F6C 6333 keybase: http://keybase.io/gfa From abhishek.talwar at tcs.com Thu Jul 9 09:38:51 2015 From: abhishek.talwar at tcs.com (Abhishek Talwar) Date: Thu, 9 Jul 2015 15:08:51 +0530 Subject: [Openstack-operators] Cant ping or SSH Cirros VM #Kilo-Multinode# Message-ID: An HTML attachment was scrubbed... URL: From ihrachys at redhat.com Thu Jul 9 11:30:23 2015 From: ihrachys at redhat.com (Ihar Hrachyshka) Date: Thu, 9 Jul 2015 13:30:23 +0200 Subject: [Openstack-operators] Mapping of routers and urls in Neutron API In-Reply-To: References: Message-ID: <559E5B4F.30402@redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Sounds like a question for openstack-dev@ actually... On 07/02/2015 02:08 AM, Rajat Nagpal wrote: > Hi guys, > > I want to add a new method i.e add some extension method in the > neutron service and want to call this method from the command line > interface.The method would actually show the quota usage(absolute > limits) just like it shows in nova usage. > > Now I created a new command but I am not able to call the required > method.I am entangled in how the request is being converted to > routes and how the controller and the specific action is being > called and how the mapping is being done.In the following logs, the > request url is being converted to some actions and controllers I am > specifically interested in how this is happening. You may be interested in checking: https://github.com/openstack/neutron/blob/master/neutron/api/v2/base.py# L106 And overall the whole file. That's where API requests map to plugin methods. Ihar -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJVnltMAAoJEC5aWaUY1u573sUIANjrKCt8fDJ6iICl9gUdmHoY IBnowofIpD5E6Y2ekFvEBKoZYZNEFVjc+7P/95KUEIEGlBh98u7HB9NtsFMFcUv4 Ux+s+FipIEooa0lVK1Jo0LQb6XktTlVyoOl03D0ASkJYMQqcg2Oin2+C/r54L1/1 x16nI+EtVg4/dv2TJQ/qCxEvPT3l7NVZgElw+TbQ4Z8iHQTY6vC0umP0tKbLtwut CbvJhYmEvHiF2j84r+3yrL1mZCBXRYUDJpHYbqpr0e+PZXmZsi1H/7y4qokYS7Lq 7XELOnPnORK+7Yhk4itUo5821BGEGsSSDSdcSv2Su2aJb1bSXNL4cm0/QmWV1dY= =UX/k -----END PGP SIGNATURE----- From chdent at redhat.com Thu Jul 9 12:53:43 2015 From: chdent at redhat.com (Chris Dent) Date: Thu, 9 Jul 2015 13:53:43 +0100 (BST) Subject: [Openstack-operators] [openstack-dev] [ceilometer] virtual mid-cycle tomorrow (9th) and Friday (10th) In-Reply-To: References: Message-ID: On Wed, 8 Jul 2015, Chris Dent wrote: > The ceilometer mid-cycle is virtual and starts tomorrow (Thursday > 9th of July) at 0700 UTC. The topical agenda is here: > > https://wiki.openstack.org/wiki/Meetings/Ceilometer/Liberty_Virtual_Mid-Cycle > > and the daily schedule is here: > > https://www.google.com/calendar/embed?src=cXZqcTY2ZXJjcnYxbG9kaGtoMHZwNmxrNDRAZ3JvdXAuY2FsZW5kYXIuZ29vZ2xlLmNvbQ The sessions are going so well that some of them won't need a second session tomorrow, so the schedule has been adjusted to allow for a later start. Please see the calendar for the latest schedule (times are UTC): https://www.google.com/calendar/embed?src=cXZqcTY2ZXJjcnYxbG9kaGtoMHZwNmxrNDRAZ3JvdXAuY2FsZW5kYXIuZ29vZ2xlLmNvbQ If other sessions change, we will update the schedule accordingly. -- Chris Dent tw:@anticdent freenode:cdent https://tank.peermore.com/tanks/cdent From h16mara at gmail.com Thu Jul 9 14:38:13 2015 From: h16mara at gmail.com (Achi Hamza) Date: Thu, 9 Jul 2015 15:38:13 +0100 Subject: [Openstack-operators] docker-juno installation failed Message-ID: Hi guys, I've tried to installed Docker with juno release on Ubuntu but all the attempts failed. here how i installed the nova-docker driver: *sudo apt-get install python-pip* *sudo apt-get install python-dev* *git clone https://github.com/stackforge/nova-docker * *cd nova-docker* *git checkout stable/juno* *sudo python setup.py install* After configuring novadocker.virt.docker.DockerDriver driver and restarting the compute service i got nova DOWN with the following error messages in the log file: 2015-07-09 23:12:44.557 17688 INFO nova.virt.driver [-] Loading compute driver 'novadocker.virt.docker.DockerDriver' 2015-07-09 23:12:44.565 17688 *ERROR nova.virt.driver [-] Unable to load the virtualization driver* 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver Traceback (most recent call last): 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver File "/usr/lib/python2.7/dist-packages/nova/virt/driver.py", line 1402, in load_compute_driver 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver virtapi) 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver File "/usr/lib/python2.7/dist-packages/nova/openstack/common/importutils.py", line 52, in import_object_ns 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver return import_class(import_str)(*args, **kwargs) 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver File "/usr/lib/python2.7/dist-packages/nova/openstack/common/importutils.py", line 27, in import_class 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver __import__(mod_str) 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver File "/usr/local/lib/python2.7/dist-packages/novadocker/virt/docker/__init__.py", line 20, in 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver from novadocker.virt.docker import driver 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver File "/usr/local/lib/python2.7/dist-packages/novadocker/virt/docker/driver.py", line 46, in 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver from novadocker.virt.docker import network 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver File "/usr/local/lib/python2.7/dist-packages/novadocker/virt/docker/network.py", line 16, in 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver from oslo.concurrency import processutils 2015-07-09 23:12:44.565 17688 TRACE *nova.virt.driver ImportError: No module named concurrency* 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver Any help is greatly appreciated. Thank you, Hamza -------------- next part -------------- An HTML attachment was scrubbed... URL: From pczarkowski+openstackops at bluebox.net Thu Jul 9 14:45:49 2015 From: pczarkowski+openstackops at bluebox.net (Paul Czarkowski) Date: Thu, 9 Jul 2015 09:45:49 -0500 Subject: [Openstack-operators] docker-juno installation failed In-Reply-To: References: Message-ID: It looks like the pip dependencies didn't get installed. I often have better luck with `pip install .` inside the nova-docker directory. if that doesn't work you can try doing `pip install -r requirements.txt` ... of course it could also be that the package isn't actually listed in requirements ... in which case keep launching it and manuall installing the missing pips `pip install concurrency` until it starts correctly. you may then want to do push a review to the project with any updated changes. You can also hit up the #nova-docker irc channel on freenode for further help. On Thu, Jul 9, 2015 at 9:38 AM, Achi Hamza wrote: > Hi guys, > > I've tried to installed Docker with juno release on Ubuntu but all the > attempts failed. > here how i installed the nova-docker driver: > > *sudo apt-get install python-pip* > *sudo apt-get install python-dev* > *git clone https://github.com/stackforge/nova-docker > * > *cd nova-docker* > *git checkout stable/juno* > *sudo python setup.py install* > > After configuring novadocker.virt.docker.DockerDriver driver and > restarting the compute service i got nova DOWN with the following error > messages in the log file: > > > 2015-07-09 23:12:44.557 17688 INFO nova.virt.driver [-] Loading compute > driver 'novadocker.virt.docker.DockerDriver' > 2015-07-09 23:12:44.565 17688 *ERROR nova.virt.driver [-] Unable to load > the virtualization driver* > 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver Traceback (most > recent call last): > 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver File > "/usr/lib/python2.7/dist-packages/nova/virt/driver.py", line 1402, in > load_compute_driver > 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver virtapi) > 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver File > "/usr/lib/python2.7/dist-packages/nova/openstack/common/importutils.py", > line 52, in import_object_ns > 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver return > import_class(import_str)(*args, **kwargs) > 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver File > "/usr/lib/python2.7/dist-packages/nova/openstack/common/importutils.py", > line 27, in import_class > 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver > __import__(mod_str) > 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver File > "/usr/local/lib/python2.7/dist-packages/novadocker/virt/docker/__init__.py", > line 20, in > 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver from > novadocker.virt.docker import driver > 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver File > "/usr/local/lib/python2.7/dist-packages/novadocker/virt/docker/driver.py", > line 46, in > 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver from > novadocker.virt.docker import network > 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver File > "/usr/local/lib/python2.7/dist-packages/novadocker/virt/docker/network.py", > line 16, in > 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver from > oslo.concurrency import processutils > 2015-07-09 23:12:44.565 17688 TRACE *nova.virt.driver ImportError: No > module named concurrency* > 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver > > > Any help is greatly appreciated. > > Thank you, > > Hamza > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayoung at redhat.com Thu Jul 9 16:32:27 2015 From: ayoung at redhat.com (Adam Young) Date: Thu, 09 Jul 2015 12:32:27 -0400 Subject: [Openstack-operators] OSAD for RHEL In-Reply-To: References: <7A20AC6B-28B1-405E-975E-2455AD23260F@gmail.com> <559DF998.8080605@redhat.com> <44CC9E4900D54CCABFC4E9B2F4CD13BD@dewey.ws> Message-ID: <559EA21B.6090407@redhat.com> On 07/09/2015 02:16 AM, Kris G. Lindgren wrote: > Does OSP support running each service in an LXC container as well? > What about nova-cells? How does it handle people who need to carry > local changes? What is the upgrade path like with OSP? So, ignoring the Hypervisor for the moment, there is no reason that the rest of the controllers can't run in separate Containers. I think a container based deployment would be fantastic. venv is not really sufficient, as the system level binaries can still conflict (MysQL and LDAP both require system libraries for Keystone, for example) From an Ansible perspective; we need to be able to share the HTTPD instance for Keystone and Apache, and getting that right will solve most of the issues deploying in a secure manner. Putting Them on separate hosts or containers should be a degenerate case, and thus be supported, too. > > Asking, because in Philly the general consensus, I fel,t was people > want to move away from the current system level package stuff and move > towards: venv's, "lightweight packages", containers. The only reason > that was brought up to keep packages around was to solve the > non-python lib stuff and using a depsolver (yum/apt) that doesn't suck > (pip). So I am pretty sure my wants are inline with what other people > in the community are either already doing or moving towards. > ___________________________________________ > Kris Lindgren > Senior Linux Systems Engineer > GoDaddy, LLC. > > > From: John Dewey > > Date: Wednesday, July 8, 2015 at 11:43 PM > To: "Kris G. Lindgren" > > Cc: Adam Young >, > "openstack-operators at lists.openstack.org > " > > > Subject: Re: [Openstack-operators] OSAD for RHEL > > This would not be acceptable for those running OSP. > > On Wednesday, July 8, 2015 at 10:12 PM, Kris G. Lindgren wrote: > >> I should be more clear. My current thought is to have a venv packaged >> inside an rpm - so the rpm includes the needed init scripts, ensures the >> required system level binaries are installed, adds the users - ect ect. >> But would be a single deployable autonomous unit. Also, have a versioning >> schema to roll forward and back between venvs for quick update/rollback. >> We are already working on doing something similar to this to run kilo on >> cent6 boxen, until we can finish revving the remaining parts of the fleet >> to cent7. >> >> My desire is to move away from using system level python & openstack >> packages, so that I can possibly run mismatched versions if I need to. We >> had a need to run kilo ceilometer and juno neutron/nova on a single >> server. The conflicting python requirements between those made that task >> impossible. In general I want to get away from treating Openstack as a >> single system that everything needs to be upgraded in lock step (packages >> force you into this). I want to move to being able to upgrade say >> oslo.messaging to a newer version on just say nova on my control plane >> servers. Or upgrade nova to kilo while keeping the rest of the system >> (neutron) on juno. Unless I run each service in a vm/container or on a >> physical piece of hardware that is pretty much impossible to do with >> packages - outside of placing everything inside venv's. >> >> However, it is my understanding that OSAD already builds its own >> python-wheels and runs those inside lxc containers. So I don?t really >> follow what good throwing those into an rpm would really do? >> ____________________________________________ >> Kris Lindgren >> Senior Linux Systems Engineer >> GoDaddy, LLC. >> >> >> On 7/8/15, 10:33 PM, "Adam Young" > > wrote: >> >>> On 07/07/2015 05:55 PM, Kris G. Lindgren wrote: >>>> +1 on RHEL support. I have some interest in moving away from packages >>>> and >>>> am interested in the OSAD tooling as well. >>> >>> I would not recommend an approach targetting RHEL that does not use >>> packages. >>> >>> OSAD support for RHEL using packages would be an outstanding tool. >>> >>> Which way are you planning on taking it? >>> >>>> ____________________________________________ >>>> Kris Lindgren >>>> Senior Linux Systems Engineer >>>> GoDaddy, LLC. >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> On 7/7/15, 3:38 PM, "Abel Lopez" >>> > wrote: >>>> >>>>> Hey everyone, >>>>> I've started looking at osad, and I like much of the direction it >>>>> takes. >>>>> I'm pretty interested in developing it to run on RHEL, I just >>>>> wanted to >>>>> check if anyone would be -2 opposed to that before I spend cycles on >>>>> it. >>>> >>>> _______________________________________________ >>>> OpenStack-operators mailing list >>>> OpenStack-operators at lists.openstack.org >>>> >>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >>> >>> >>> _______________________________________________ >>> OpenStack-operators mailing list >>> OpenStack-operators at lists.openstack.org >>> >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> >> >> _______________________________________________ >> OpenStack-operators mailing list >> OpenStack-operators at lists.openstack.org >> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > -------------- next part -------------- An HTML attachment was scrubbed... URL: From arunadiththan at gmail.com Thu Jul 9 17:48:18 2015 From: arunadiththan at gmail.com (Arun Adiththan) Date: Thu, 9 Jul 2015 10:48:18 -0700 Subject: [Openstack-operators] docker-juno installation failed In-Reply-To: References: Message-ID: Hello Hamza, I faced the same issue with Devstack Juno. The error indicates that *concurrency *module isn't installed under */usr/lib/python-*/dist-packages/oslo*. You can fix the problem as follows: 1. Create a directory called concurrency inside */usr/lib/python-*/dist-packages/oslo * 2. Copy the contents of */usr/lib/python-*/dist-packages/oslo_concurrency * to */usr/lib/python-*/dist-packages/oslo/concurrency* Hope this helps. ?Thanks , Arun Adiththan On Thu, Jul 9, 2015 at 7:38 AM, Achi Hamza wrote: > Hi guys, > > I've tried to installed Docker with juno release on Ubuntu but all the > attempts failed. > here how i installed the nova-docker driver: > > *sudo apt-get install python-pip* > *sudo apt-get install python-dev* > *git clone https://github.com/stackforge/nova-docker > * > *cd nova-docker* > *git checkout stable/juno* > *sudo python setup.py install* > > After configuring novadocker.virt.docker.DockerDriver driver and > restarting the compute service i got nova DOWN with the following error > messages in the log file: > > > 2015-07-09 23:12:44.557 17688 INFO nova.virt.driver [-] Loading compute > driver 'novadocker.virt.docker.DockerDriver' > 2015-07-09 23:12:44.565 17688 *ERROR nova.virt.driver [-] Unable to load > the virtualization driver* > 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver Traceback (most > recent call last): > 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver File > "/usr/lib/python2.7/dist-packages/nova/virt/driver.py", line 1402, in > load_compute_driver > 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver virtapi) > 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver File > "/usr/lib/python2.7/dist-packages/nova/openstack/common/importutils.py", > line 52, in import_object_ns > 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver return > import_class(import_str)(*args, **kwargs) > 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver File > "/usr/lib/python2.7/dist-packages/nova/openstack/common/importutils.py", > line 27, in import_class > 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver > __import__(mod_str) > 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver File > "/usr/local/lib/python2.7/dist-packages/novadocker/virt/docker/__init__.py", > line 20, in > 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver from > novadocker.virt.docker import driver > 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver File > "/usr/local/lib/python2.7/dist-packages/novadocker/virt/docker/driver.py", > line 46, in > 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver from > novadocker.virt.docker import network > 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver File > "/usr/local/lib/python2.7/dist-packages/novadocker/virt/docker/network.py", > line 16, in > 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver from > oslo.concurrency import processutils > 2015-07-09 23:12:44.565 17688 TRACE *nova.virt.driver ImportError: No > module named concurrency* > 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver > > > Any help is greatly appreciated. > > Thank you, > > Hamza > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailinglists at expresswebsystems.com Thu Jul 9 18:17:44 2015 From: mailinglists at expresswebsystems.com (MailingLists - EWS) Date: Thu, 9 Jul 2015 14:17:44 -0400 Subject: [Openstack-operators] Getting ERROE on compute node In-Reply-To: References: <1b79301d0b987$66bcd800$34368800$@expresswebsystems.com> Message-ID: <016501d0ba73$8d15b5c0$a7412140$@expresswebsystems.com> Anwar, Rabbit is a separate service outside of Openstack. Make sure it is running as well [root at controller01 ~]# systemctl | grep rabbitmq rabbitmq-server.service loaded active running RabbitMQ broker -------------- next part -------------- An HTML attachment was scrubbed... URL: From siv.devops at gmail.com Thu Jul 9 18:26:11 2015 From: siv.devops at gmail.com (pra devOPS) Date: Thu, 9 Jul 2015 11:26:11 -0700 Subject: [Openstack-operators] seperate subnet for VMs in with nova network In-Reply-To: References: Message-ID: Can soembody give input on the above problem? Thanks, Siva On Wed, Jul 8, 2015 at 2:59 PM, pra devOPS wrote: > All: > > I wanted to do the below using openstack (Icehouse). with the following > network connections on CenOS > > I have two NICs on the machine and mine will be all in one installation. > > one NIC (say NIC1) on my lab vLAN 192.168.5.x and second NIC not > configured on anything. > > Now I wanted to have Openstack Installed on NIC1. > > Assign an IP to second interface like (172.168.2.5) > > And give that range in nova-network say like > > nova network-create demo-net --bridge br100 --multi-host T > --fixed-range-v4 172.168.2.0/24 > > > , Assign gateway as 172.168.2.1 ( I assume that openstack will create a > interface with that br100 with ip 172.168.2.1) > > > configure nova.conf like below: > > openstack-config --set /etc/nova/nova.conf DEFAULT flat_network_bridge > br100 > openstack-config --set /etc/nova/nova.conf DEFAULT flat_interface NIC2 > openstack-config --set /etc/nova/nova.conf DEFAULT public_interface NIC2 > > Now my questions are : > > Will i be able to create something like that? > > I am able to do ssh and connect using private IPs as well, But my private > IP is not talking to outside world. > > > > Can some body suggest? What is that I am doing wrong ? > > Thanks > Dev > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Tim.Bell at cern.ch Thu Jul 9 19:18:37 2015 From: Tim.Bell at cern.ch (Tim Bell) Date: Thu, 9 Jul 2015 19:18:37 +0000 Subject: [Openstack-operators] [openstack-dev] [Openstack] Rescinding the M name decision In-Reply-To: <37CF409B-F4B5-4B13-ADFF-F6460D471238@jbryce.com> References: <559D365B.8020506@inaugust.com> <559E74FB.2040305@metaswitch.com> <559E8699.8030203@redhat.com> <37CF409B-F4B5-4B13-ADFF-F6460D471238@jbryce.com> Message-ID: <5D7F9996EA547448BC6C54C8C5AAF4E5010A2CC386@CERNXCHG44.cern.ch> Feel free to give input on the Mitaka proposal. Tim > -----Original Message----- > From: Jonathan Bryce [mailto:jbryce at jbryce.com] > Sent: 09 July 2015 20:52 > To: OpenStack Development Mailing List (not for usage questions) > Subject: Re: [openstack-dev] [Openstack] Rescinding the M name decision > > > On Jul 9, 2015, at 9:35 AM, Russell Bryant wrote: > > > > On 07/09/2015 09:19 AM, Neil Jerram wrote: > >> In the hope of forestalling an unnecessary sub-thread... > >> > >> Mita was #1 in the vote, so has presumably already been ruled out by > >> OpenStack's legal review. > > > > That is correct. > > > Hi everyone, > > I?ve really loved seeing everyone?s understanding and engagement on this > thread as we worked through the release cycle naming for ?M?. This was the > first attempt to follow a new process, so not surprisingly, we found some > improvements in the algorithm for the future. Still it?s awesome to see how > constructive and positive the whole conversation has been. > > I wanted to provide a quick update on the status of the Foundation?s > reviews of the names. First, as Russell mentioned above, after the voting > was completed, we asked our trademark counsel to do checks on the top 3 > names. The first two both had significant trademark issues with existing > trademark holders in the same space that would have prevented us from > using the names in most jurisdictions where we have our largest > communities (US, Europe and Asia). The 3rd choice was relatively low risk > and so we passed word back to Monty who announced it. Once we realized > there were other issues with Meiji, we asked for an expedited check of the > next 3 names: Mitaka, Musashi, and Meguro. The preliminary check shows > that Mitaka and Meguro both present an acceptable level of risk, while > Musashi is higher on the risk scale and would probably create problems for > usage. > > At this time, we?re going to do a deeper check on Mitaka, which was the #4 > candidate in voting and would be next in line after Meiji. I know Itoh-san > mentioned the Mitaka locale has the potential to be associated with certain > corporations in Japan, but my personal feeling is that may not be significant > enough to override it?s position in the voting and it?s availability for use. > > I?d encourage anyone with other concerns about Mitaka to post those > within the next 24 hours so we can appropriately consider and discuss > them. We should have results on the deeper trademark check by next week > as well and can hopefully settle on a final name. > > Thanks again for all the discussion and participation and especially to > Monty who?s been on the front lines of helping us navigate this. Feel free to > let me know if you have any other questions, > > Jonathan > 210-317-2438 > > > __________________________________________________________ > ________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev- > request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev From openstack at medberry.net Thu Jul 9 19:23:45 2015 From: openstack at medberry.net (David Medberry) Date: Thu, 9 Jul 2015 13:23:45 -0600 Subject: [Openstack-operators] Move to Inbox More 1 of 5, 707 Collapse all Print all In new window Puzzling issue: Unacceptable CPU info: CPU doesn't have compatibility Message-ID: Hi, When trying to live-migrate between two distinct CPUs, I kind of expect there to be issues. Which is why openstack supports the "cpu_mode=custom", "cpu_model=MODELNAME" flags for libvirt. When I set those to some Lowest Common Denominator (and restart everything), I still git the issue. I've set both systems to SandyBridge and tested as well as Conroe. The actual CPUs are Ivy Bridge and Haswell (newer than SandyBridge and supersets thereof.) The Older->Newer migration works fine (even without setting a cpu_model) but the newer to older never works. Specfics: OpenStack Juno.2 LibVirt: 1.2.2 Older: model name : Intel(R) Xeon(R) CPU E5-2650 v2 @ 2.60GHz (Ivy Bridge) Newer: model name : Intel(R) Xeon(R) CPU E5-2650 v3 @ 2.30GHz (Haswell) And to clarify: the nova-compute error is the subject line: 2015-07-09 17:55:02.485 8651 ERROR oslo.messaging._drivers.common [req-48a16da3-41e0-43ee-99c8-43d178273101 ] ['Traceback (most recent call last):\n', ' File "/usr/lib/python2.7/dist-packages/oslo/messaging/rpc/dispatcher.py", line 134, in _dispatch_and_reply\n incoming.message))\n', ' File "/usr/lib/python2.7/dist-packages/oslo/messaging/rpc/dispatcher.py", line 177, in _dispatch\n return self._do_dispatch(endpoint, method, ctxt, args)\n', ' File "/usr/lib/python2.7/dist-packages/oslo/messaging/rpc/dispatcher.py", line 123, in _do_dispatch\n result = getattr(endpoint, method)(ctxt, **new_args)\n', ' File "/usr/lib/python2.7/dist-packages/nova/exception.py", line 88, in wrapped\n payload)\n', ' File "/usr/lib/python2.7/dist-packages/nova/openstack/common/excutils.py", line 82, in __exit__\n six.reraise(self.type_, self.value, self.tb)\n', ' File "/usr/lib/python2.7/dist-packages/nova/exception.py", line 71, in wrapped\n return f(self, context, *args, **kw)\n', ' File "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 331, in decorated_function\n kwargs[\'instance\'], e, sys.exc_info())\n', ' File "/usr/lib/python2.7/dist-packages/nova/openstack/common/excutils.py", line 82, in __exit__\n six.reraise(self.type_, self.value, self.tb)\n', ' File "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 319, in decorated_function\n return function(self, context, *args, **kwargs)\n', ' File "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 4860, in check_can_live_migrate_destination\n block_migration, disk_over_commit)\n', ' File "/usr/lib/python2.7/dist-packages/nova/virt/libvirt/driver.py", line 4999, in check_can_live_migrate_destination\n self._compare_cpu(source_cpu_info)\n', ' File "/usr/lib/python2.7/dist-packages/nova/virt/libvirt/driver.py", line 5177, in _compare_cpu\n raise exception.InvalidCPUInfo(reason=m % {\'ret\': ret, \'u\': u})\n', "InvalidCPUInfo: Unacceptable CPU info: CPU doesn't have compatibility.\n\n0\n\nRefer to http://libvirt.org/html/libvirt-libvirt.html#virCPUCompareResult\n"] The nova client reports: dmbp:~ dmedberry$ nova live-migration 7181cea1-ebbf-4f05-9316-80eef0216648 ERROR (BadRequest): No valid host was found. (HTTP 400) (Request-ID: req-48a16da3-41e0-43ee-99c8-43d178273101) Daniel, Operators? Ring any bells? Any ideas? -d -------------- next part -------------- An HTML attachment was scrubbed... URL: From openstack at medberry.net Thu Jul 9 19:28:15 2015 From: openstack at medberry.net (David Medberry) Date: Thu, 9 Jul 2015 13:28:15 -0600 Subject: [Openstack-operators] Move to Inbox More 1 of 5, 707 Collapse all Print all In new window Puzzling issue: Unacceptable CPU info: CPU doesn't have compatibility In-Reply-To: References: Message-ID: and apologies for the spurious title. I initially sent this email from the wrong gmail account and it bounced. Cut & Paste resend made a mess. Should read: Subject: Puzzling Issue: Unacceptable CPU info: CPU doesn't have compatibility On Thu, Jul 9, 2015 at 1:23 PM, David Medberry wrote: > Hi, > > When trying to live-migrate between two distinct CPUs, I kind of expect > there to be issues. Which is why openstack supports the "cpu_mode=custom", > "cpu_model=MODELNAME" flags for libvirt. > > When I set those to some Lowest Common Denominator (and restart > everything), I still git the issue. I've set both systems to SandyBridge > and tested as well as Conroe. The actual CPUs are Ivy Bridge and Haswell > (newer than SandyBridge and supersets thereof.) > > The Older->Newer migration works fine (even without setting a cpu_model) > but the newer to older never works. > > Specfics: > OpenStack Juno.2 > LibVirt: 1.2.2 > > Older: model name : Intel(R) Xeon(R) CPU E5-2650 v2 @ 2.60GHz (Ivy Bridge) > Newer: model name : Intel(R) Xeon(R) CPU E5-2650 v3 @ 2.30GHz (Haswell) > > And to clarify: the nova-compute error is the subject line: > > 2015-07-09 17:55:02.485 8651 ERROR oslo.messaging._drivers.common > [req-48a16da3-41e0-43ee-99c8-43d178273101 ] ['Traceback (most recent call > last):\n', ' File > "/usr/lib/python2.7/dist-packages/oslo/messaging/rpc/dispatcher.py", line > 134, in _dispatch_and_reply\n incoming.message))\n', ' File > "/usr/lib/python2.7/dist-packages/oslo/messaging/rpc/dispatcher.py", line > 177, in _dispatch\n return self._do_dispatch(endpoint, method, ctxt, > args)\n', ' File > "/usr/lib/python2.7/dist-packages/oslo/messaging/rpc/dispatcher.py", line > 123, in _do_dispatch\n result = getattr(endpoint, method)(ctxt, > **new_args)\n', ' File > "/usr/lib/python2.7/dist-packages/nova/exception.py", line 88, in wrapped\n > payload)\n', ' File > "/usr/lib/python2.7/dist-packages/nova/openstack/common/excutils.py", line > 82, in __exit__\n six.reraise(self.type_, self.value, self.tb)\n', ' > File "/usr/lib/python2.7/dist-packages/nova/exception.py", line 71, in > wrapped\n return f(self, context, *args, **kw)\n', ' File > "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 331, in > decorated_function\n kwargs[\'instance\'], e, sys.exc_info())\n', ' > File "/usr/lib/python2.7/dist-packages/nova/openstack/common/excutils.py", > line 82, in __exit__\n six.reraise(self.type_, self.value, self.tb)\n', > ' File "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line > 319, in decorated_function\n return function(self, context, *args, > **kwargs)\n', ' File > "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 4860, in > check_can_live_migrate_destination\n block_migration, > disk_over_commit)\n', ' File > "/usr/lib/python2.7/dist-packages/nova/virt/libvirt/driver.py", line 4999, > in check_can_live_migrate_destination\n > self._compare_cpu(source_cpu_info)\n', ' File > "/usr/lib/python2.7/dist-packages/nova/virt/libvirt/driver.py", line 5177, > in _compare_cpu\n raise exception.InvalidCPUInfo(reason=m % {\'ret\': > ret, \'u\': u})\n', "InvalidCPUInfo: Unacceptable CPU info: CPU doesn't > have compatibility.\n\n0\n\nRefer to > http://libvirt.org/html/libvirt-libvirt.html#virCPUCompareResult\n"] > > The nova client reports: > dmbp:~ dmedberry$ nova live-migration 7181cea1-ebbf-4f05-9316-80eef0216648 > ERROR (BadRequest): No valid host was found. (HTTP 400) (Request-ID: > req-48a16da3-41e0-43ee-99c8-43d178273101) > > Daniel, Operators? Ring any bells? Any ideas? > > -d > -------------- next part -------------- An HTML attachment was scrubbed... URL: From allison at openstack.org Thu Jul 9 19:35:29 2015 From: allison at openstack.org (Allison Price) Date: Thu, 9 Jul 2015 14:35:29 -0500 Subject: [Openstack-operators] Ops Mid-Cycle Meetup Details Message-ID: <43C8F3FA-B658-4DAA-B097-C127C3900D1E@openstack.org> Hi everyone, Thank you for your patience as we finalized the dates and location of the Ops mid-cycle meetup. First, we want to say thank you to all of the organizations who offered to help out or host the event. Due to timing and the size of our growing event, the best option to accommodate 300 people (if needed) will be: Crowne Plaza Hotel Palo Alto, CA August 18-19, 2015 The cloud ops team at HP helped research and secure the space and will graciously help underwrite the event. If your organization might still be interested in contributing to the costs, it would be greatly appreciated. Like we discussed on the mailing list, there will not be any booths at the event, but we would of course give a nod to sponsors in the event communications and signage. If your organization might be interested, please respond to this email or feel free to contact me directly by Friday, July 17th. We are finalizing the budget now and can determine the appropriate sponsorship levels based on initial reg numbers, as well as the number of organizations in addition to HP who would like to contribute. More information will be shared soon on the agenda, and per feedback from the mailing list, we are not planning to host or organize an evening event. We also decided to forgo registration costs this time, because it seems like there were mixed opinions, but it?s certainly something we could revisit in the future. Stay tuned for discussion on the mailing list regarding the agenda, as well as any additional updates for the event. In the meantime, you can now register here . Cheers, Allison Allison Price OpenStack Marketing allison at openstack.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From h16mara at gmail.com Thu Jul 9 20:12:10 2015 From: h16mara at gmail.com (Achi Hamza) Date: Thu, 9 Jul 2015 21:12:10 +0100 Subject: [Openstack-operators] docker-juno installation failed In-Reply-To: References: Message-ID: Hi Arun Adiththan and Paul Czarkowski, Thank you both for your response. Arun@ your suggest did actually solve my problem, however i encountered another issue which is, nova is UP and running with DISABLE status! :) Disabled *Reason: AUTO: Failed to connect to libvirt* nova compute service didn't output any critical error on the log file : *2015-07-10 03:45:44.923 15256 AUDIT nova.compute.resource_tracker [-] Total usable vcpus: 1, total allocated vcpus: 0* * 2015-07-10 03:45:44.924 15256 AUDIT nova.compute.resource_tracker [-] PCI stats: []* * 2015-07-10 03:45:44.925 15256 INFO nova.compute.resource_tracker [-] Compute_service record updated for compute:compute* * 2015-07-10 03:45:48.079 15256 INFO nova.openstack.common.service [-] Caught SIGTERM, exiting* * 2015-07-10 03:45:48.553 15616 INFO nova.openstack.common.periodic_task [-] Skipping periodic task _periodic_update_dns because its interval is negative* * 2015-07-10 03:45:48.570 15616 INFO nova.virt.driver [-] Loading compute driver 'novadocker.virt.docker.DockerDriver'* * 2015-07-10 03:45:48.587 15616 INFO oslo.messaging._drivers.impl_rabbit [req-852752ae-d04b-422e-9d66-2129b6d7dd0c ] Connecting to AMQP server on 10.10.10.51:5672 * * 2015-07-10 03:45:48.599 15616 INFO oslo.messaging._drivers.impl_rabbit [req-852752ae-d04b-422e-9d66-2129b6d7dd0c ] Connected to AMQP server on 10.10.10.51:5672 * * 2015-07-10 03:45:48.604 15616 INFO oslo.messaging._drivers.impl_rabbit [req-852752ae-d04b-422e-9d66-2129b6d7dd0c ] Connecting to AMQP server on 10.10.10.51:5672 * * 2015-07-10 03:45:48.620 15616 INFO oslo.messaging._drivers.impl_rabbit [req-852752ae-d04b-422e-9d66-2129b6d7dd0c ] Connected to AMQP server on 10.10.10.51:5672 * * 2015-07-10 03:45:48.649 15616 AUDIT nova.service [-] Starting compute node (version 2014.2.2)* * 2015-07-10 03:45:48.725 15616 AUDIT nova.compute.resource_tracker [-] Auditing locally available compute resources* * 2015-07-10 03:45:48.766 15616 AUDIT nova.compute.resource_tracker [-] Total physical ram (MB): 2001, total allocated virtual ram (MB): 512* * 2015-07-10 03:45:48.767 15616 AUDIT nova.compute.resource_tracker [-] Free disk (GB): 60* * 2015-07-10 03:45:48.767 15616 AUDIT nova.compute.resource_tracker [-] Total usable vcpus: 1, total allocated vcpus: 0* * 2015-07-10 03:45:48.767 15616 AUDIT nova.compute.resource_tracker [-] PCI stats: []* * 2015-07-10 03:45:48.826 15616 INFO nova.scheduler.client.report [-] Compute_service record updated for ('compute', 'compute')* * 2015-07-10 03:45:48.827 15616 INFO nova.compute.resource_tracker [-] Compute_service record updated for compute:compute* * 2015-07-10 03:45:48.877 15616 INFO oslo.messaging._drivers.impl_rabbit [-] Connecting to AMQP server on 10.10.10.51:5672 * * 2015-07-10 03:45:48.888 15616 INFO oslo.messaging._drivers.impl_rabbit [-] Connected to AMQP server on 10.10.10.51:5672 * Arun can you please provide me with the installation steps that you did to get Docker up and running on juno release ? Thank you Hamza On 9 July 2015 at 18:48, Arun Adiththan wrote: > Hello Hamza, > > I faced the same issue with Devstack Juno. The error indicates that *concurrency > *module isn't installed under */usr/lib/python-*/dist-packages/oslo*. You > can fix the problem as follows: > > 1. Create a directory called concurrency inside > */usr/lib/python-*/dist-packages/oslo * > 2. Copy the contents of */usr/lib/python-*/dist-packages/oslo_concurrency > *to */usr/lib/python-*/dist-packages/oslo/concurrency* > > Hope this helps. > > > ?Thanks > , > Arun Adiththan > > > > On Thu, Jul 9, 2015 at 7:38 AM, Achi Hamza wrote: > >> Hi guys, >> >> I've tried to installed Docker with juno release on Ubuntu but all the >> attempts failed. >> here how i installed the nova-docker driver: >> >> *sudo apt-get install python-pip* >> *sudo apt-get install python-dev* >> *git clone https://github.com/stackforge/nova-docker >> * >> *cd nova-docker* >> *git checkout stable/juno* >> *sudo python setup.py install* >> >> After configuring novadocker.virt.docker.DockerDriver driver and >> restarting the compute service i got nova DOWN with the following error >> messages in the log file: >> >> >> 2015-07-09 23:12:44.557 17688 INFO nova.virt.driver [-] Loading compute >> driver 'novadocker.virt.docker.DockerDriver' >> 2015-07-09 23:12:44.565 17688 *ERROR nova.virt.driver [-] Unable to load >> the virtualization driver* >> 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver Traceback (most >> recent call last): >> 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver File >> "/usr/lib/python2.7/dist-packages/nova/virt/driver.py", line 1402, in >> load_compute_driver >> 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver virtapi) >> 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver File >> "/usr/lib/python2.7/dist-packages/nova/openstack/common/importutils.py", >> line 52, in import_object_ns >> 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver return >> import_class(import_str)(*args, **kwargs) >> 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver File >> "/usr/lib/python2.7/dist-packages/nova/openstack/common/importutils.py", >> line 27, in import_class >> 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver >> __import__(mod_str) >> 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver File >> "/usr/local/lib/python2.7/dist-packages/novadocker/virt/docker/__init__.py", >> line 20, in >> 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver from >> novadocker.virt.docker import driver >> 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver File >> "/usr/local/lib/python2.7/dist-packages/novadocker/virt/docker/driver.py", >> line 46, in >> 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver from >> novadocker.virt.docker import network >> 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver File >> "/usr/local/lib/python2.7/dist-packages/novadocker/virt/docker/network.py", >> line 16, in >> 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver from >> oslo.concurrency import processutils >> 2015-07-09 23:12:44.565 17688 TRACE *nova.virt.driver ImportError: No >> module named concurrency* >> 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver >> >> >> Any help is greatly appreciated. >> >> Thank you, >> >> Hamza >> >> _______________________________________________ >> OpenStack-operators mailing list >> OpenStack-operators at lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From arunadiththan at gmail.com Thu Jul 9 20:38:30 2015 From: arunadiththan at gmail.com (Arun Adiththan) Date: Thu, 9 Jul 2015 13:38:30 -0700 Subject: [Openstack-operators] docker-juno installation failed In-Reply-To: References: Message-ID: Hello Hamza, I referred to the installation steps in this blog post: https://sreeninet.wordpress.com/2015/06/14/openstack-and-docker-part-1/ (I just replaced kilo with juno in the commands). I had no issues but for the "concurrency module" error you encountered. Thanks, Arun Adiththan ? On Thu, Jul 9, 2015 at 1:12 PM, Achi Hamza wrote: > Hi Arun Adiththan and Paul Czarkowski, > > Thank you both for your response. > > Arun@ your suggest did actually solve my problem, however i encountered > another issue which is, nova is UP and running with DISABLE status! :) > > Disabled > *Reason: AUTO: Failed to connect to libvirt* > > nova compute service didn't output any critical error on the log file : > > > > *2015-07-10 03:45:44.923 15256 AUDIT nova.compute.resource_tracker [-] > Total usable vcpus: 1, total allocated vcpus: 0* > * 2015-07-10 03:45:44.924 15256 AUDIT nova.compute.resource_tracker [-] > PCI stats: []* > * 2015-07-10 03:45:44.925 15256 INFO nova.compute.resource_tracker [-] > Compute_service record updated for compute:compute* > * 2015-07-10 03:45:48.079 15256 INFO nova.openstack.common.service [-] > Caught SIGTERM, exiting* > * 2015-07-10 03:45:48.553 15616 INFO nova.openstack.common.periodic_task > [-] Skipping periodic task _periodic_update_dns because its interval is > negative* > * 2015-07-10 03:45:48.570 15616 INFO nova.virt.driver [-] Loading compute > driver 'novadocker.virt.docker.DockerDriver'* > * 2015-07-10 03:45:48.587 15616 INFO oslo.messaging._drivers.impl_rabbit > [req-852752ae-d04b-422e-9d66-2129b6d7dd0c ] Connecting to AMQP server on > 10.10.10.51:5672 * > * 2015-07-10 03:45:48.599 15616 INFO oslo.messaging._drivers.impl_rabbit > [req-852752ae-d04b-422e-9d66-2129b6d7dd0c ] Connected to AMQP server on > 10.10.10.51:5672 * > * 2015-07-10 03:45:48.604 15616 INFO oslo.messaging._drivers.impl_rabbit > [req-852752ae-d04b-422e-9d66-2129b6d7dd0c ] Connecting to AMQP server on > 10.10.10.51:5672 * > * 2015-07-10 03:45:48.620 15616 INFO oslo.messaging._drivers.impl_rabbit > [req-852752ae-d04b-422e-9d66-2129b6d7dd0c ] Connected to AMQP server on > 10.10.10.51:5672 * > * 2015-07-10 03:45:48.649 15616 AUDIT nova.service [-] Starting compute > node (version 2014.2.2)* > * 2015-07-10 03:45:48.725 15616 AUDIT nova.compute.resource_tracker [-] > Auditing locally available compute resources* > * 2015-07-10 03:45:48.766 15616 AUDIT nova.compute.resource_tracker [-] > Total physical ram (MB): 2001, total allocated virtual ram (MB): 512* > * 2015-07-10 03:45:48.767 15616 AUDIT nova.compute.resource_tracker [-] > Free disk (GB): 60* > * 2015-07-10 03:45:48.767 15616 AUDIT nova.compute.resource_tracker [-] > Total usable vcpus: 1, total allocated vcpus: 0* > * 2015-07-10 03:45:48.767 15616 AUDIT nova.compute.resource_tracker [-] > PCI stats: []* > * 2015-07-10 03:45:48.826 15616 INFO nova.scheduler.client.report [-] > Compute_service record updated for ('compute', 'compute')* > * 2015-07-10 03:45:48.827 15616 INFO nova.compute.resource_tracker [-] > Compute_service record updated for compute:compute* > * 2015-07-10 03:45:48.877 15616 INFO oslo.messaging._drivers.impl_rabbit > [-] Connecting to AMQP server on 10.10.10.51:5672 * > * 2015-07-10 03:45:48.888 15616 INFO oslo.messaging._drivers.impl_rabbit > [-] Connected to AMQP server on 10.10.10.51:5672 * > > > > > Arun can you please provide me with the installation steps that you did to > get Docker up and running on juno release ? > > > Thank you > > Hamza > > > > On 9 July 2015 at 18:48, Arun Adiththan wrote: > >> Hello Hamza, >> >> I faced the same issue with Devstack Juno. The error indicates that *concurrency >> *module isn't installed under */usr/lib/python-*/dist-packages/oslo*. >> You can fix the problem as follows: >> >> 1. Create a directory called concurrency inside >> */usr/lib/python-*/dist-packages/oslo * >> 2. Copy the contents of */usr/lib/python-*/dist-packages/oslo_concurrency >> *to */usr/lib/python-*/dist-packages/oslo/concurrency* >> >> Hope this helps. >> >> >> ?Thanks >> , >> Arun Adiththan >> >> >> >> On Thu, Jul 9, 2015 at 7:38 AM, Achi Hamza wrote: >> >>> Hi guys, >>> >>> I've tried to installed Docker with juno release on Ubuntu but all the >>> attempts failed. >>> here how i installed the nova-docker driver: >>> >>> *sudo apt-get install python-pip* >>> *sudo apt-get install python-dev* >>> *git clone https://github.com/stackforge/nova-docker >>> * >>> *cd nova-docker* >>> *git checkout stable/juno* >>> *sudo python setup.py install* >>> >>> After configuring novadocker.virt.docker.DockerDriver driver and >>> restarting the compute service i got nova DOWN with the following error >>> messages in the log file: >>> >>> >>> 2015-07-09 23:12:44.557 17688 INFO nova.virt.driver [-] Loading compute >>> driver 'novadocker.virt.docker.DockerDriver' >>> 2015-07-09 23:12:44.565 17688 *ERROR nova.virt.driver [-] Unable to >>> load the virtualization driver* >>> 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver Traceback (most >>> recent call last): >>> 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver File >>> "/usr/lib/python2.7/dist-packages/nova/virt/driver.py", line 1402, in >>> load_compute_driver >>> 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver virtapi) >>> 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver File >>> "/usr/lib/python2.7/dist-packages/nova/openstack/common/importutils.py", >>> line 52, in import_object_ns >>> 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver return >>> import_class(import_str)(*args, **kwargs) >>> 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver File >>> "/usr/lib/python2.7/dist-packages/nova/openstack/common/importutils.py", >>> line 27, in import_class >>> 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver >>> __import__(mod_str) >>> 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver File >>> "/usr/local/lib/python2.7/dist-packages/novadocker/virt/docker/__init__.py", >>> line 20, in >>> 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver from >>> novadocker.virt.docker import driver >>> 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver File >>> "/usr/local/lib/python2.7/dist-packages/novadocker/virt/docker/driver.py", >>> line 46, in >>> 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver from >>> novadocker.virt.docker import network >>> 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver File >>> "/usr/local/lib/python2.7/dist-packages/novadocker/virt/docker/network.py", >>> line 16, in >>> 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver from >>> oslo.concurrency import processutils >>> 2015-07-09 23:12:44.565 17688 TRACE *nova.virt.driver ImportError: No >>> module named concurrency* >>> 2015-07-09 23:12:44.565 17688 TRACE nova.virt.driver >>> >>> >>> Any help is greatly appreciated. >>> >>> Thank you, >>> >>> Hamza >>> >>> _______________________________________________ >>> OpenStack-operators mailing list >>> OpenStack-operators at lists.openstack.org >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From openstack at medberry.net Thu Jul 9 21:36:03 2015 From: openstack at medberry.net (David Medberry) Date: Thu, 9 Jul 2015 15:36:03 -0600 Subject: [Openstack-operators] Move to Inbox More 1 of 5, 707 Collapse all Print all In new window Puzzling issue: Unacceptable CPU info: CPU doesn't have compatibility In-Reply-To: References: Message-ID: Ah, this has been fixed in Kilo. Sorry for the spurious noise. Ref: https://bugs.launchpad.net/nova/+bug/1082414 https://bugs.launchpad.net/nova/+bug/1433933 and https://git.openstack.org/cgit/openstack/nova/commit/?id=79a0755597f4983367eb0caf4669ffb881b4f720 https://git.openstack.org/cgit/openstack/nova/commit/?id=5653bd291665bcdecad46ed6654a04c49e4b1dda On Thu, Jul 9, 2015 at 1:23 PM, David Medberry wrote: > Hi, > > When trying to live-migrate between two distinct CPUs, I kind of expect > there to be issues. Which is why openstack supports the "cpu_mode=custom", > "cpu_model=MODELNAME" flags for libvirt. > > When I set those to some Lowest Common Denominator (and restart > everything), I still git the issue. I've set both systems to SandyBridge > and tested as well as Conroe. The actual CPUs are Ivy Bridge and Haswell > (newer than SandyBridge and supersets thereof.) > > The Older->Newer migration works fine (even without setting a cpu_model) > but the newer to older never works. > > Specfics: > OpenStack Juno.2 > LibVirt: 1.2.2 > > Older: model name : Intel(R) Xeon(R) CPU E5-2650 v2 @ 2.60GHz (Ivy Bridge) > Newer: model name : Intel(R) Xeon(R) CPU E5-2650 v3 @ 2.30GHz (Haswell) > > And to clarify: the nova-compute error is the subject line: > > 2015-07-09 17:55:02.485 8651 ERROR oslo.messaging._drivers.common > [req-48a16da3-41e0-43ee-99c8-43d178273101 ] ['Traceback (most recent call > last):\n', ' File > "/usr/lib/python2.7/dist-packages/oslo/messaging/rpc/dispatcher.py", line > 134, in _dispatch_and_reply\n incoming.message))\n', ' File > "/usr/lib/python2.7/dist-packages/oslo/messaging/rpc/dispatcher.py", line > 177, in _dispatch\n return self._do_dispatch(endpoint, method, ctxt, > args)\n', ' File > "/usr/lib/python2.7/dist-packages/oslo/messaging/rpc/dispatcher.py", line > 123, in _do_dispatch\n result = getattr(endpoint, method)(ctxt, > **new_args)\n', ' File > "/usr/lib/python2.7/dist-packages/nova/exception.py", line 88, in wrapped\n > payload)\n', ' File > "/usr/lib/python2.7/dist-packages/nova/openstack/common/excutils.py", line > 82, in __exit__\n six.reraise(self.type_, self.value, self.tb)\n', ' > File "/usr/lib/python2.7/dist-packages/nova/exception.py", line 71, in > wrapped\n return f(self, context, *args, **kw)\n', ' File > "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 331, in > decorated_function\n kwargs[\'instance\'], e, sys.exc_info())\n', ' > File "/usr/lib/python2.7/dist-packages/nova/openstack/common/excutils.py", > line 82, in __exit__\n six.reraise(self.type_, self.value, self.tb)\n', > ' File "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line > 319, in decorated_function\n return function(self, context, *args, > **kwargs)\n', ' File > "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 4860, in > check_can_live_migrate_destination\n block_migration, > disk_over_commit)\n', ' File > "/usr/lib/python2.7/dist-packages/nova/virt/libvirt/driver.py", line 4999, > in check_can_live_migrate_destination\n > self._compare_cpu(source_cpu_info)\n', ' File > "/usr/lib/python2.7/dist-packages/nova/virt/libvirt/driver.py", line 5177, > in _compare_cpu\n raise exception.InvalidCPUInfo(reason=m % {\'ret\': > ret, \'u\': u})\n', "InvalidCPUInfo: Unacceptable CPU info: CPU doesn't > have compatibility.\n\n0\n\nRefer to > http://libvirt.org/html/libvirt-libvirt.html#virCPUCompareResult\n"] > > The nova client reports: > dmbp:~ dmedberry$ nova live-migration 7181cea1-ebbf-4f05-9316-80eef0216648 > ERROR (BadRequest): No valid host was found. (HTTP 400) (Request-ID: > req-48a16da3-41e0-43ee-99c8-43d178273101) > > Daniel, Operators? Ring any bells? Any ideas? > > -d > -------------- next part -------------- An HTML attachment was scrubbed... URL: From alawson at aqorn.com Thu Jul 9 23:16:27 2015 From: alawson at aqorn.com (Adam Lawson) Date: Thu, 9 Jul 2015 16:16:27 -0700 Subject: [Openstack-operators] [openstack-dev] [Openstack] Rescinding the M name decision In-Reply-To: <5D7F9996EA547448BC6C54C8C5AAF4E5010A2CC386@CERNXCHG44.cern.ch> References: <559D365B.8020506@inaugust.com> <559E74FB.2040305@metaswitch.com> <559E8699.8030203@redhat.com> <37CF409B-F4B5-4B13-ADFF-F6460D471238@jbryce.com> <5D7F9996EA547448BC6C54C8C5AAF4E5010A2CC386@CERNXCHG44.cern.ch> Message-ID: It seems we have a golden opportunity here to improve efficiency by vetting names before we vote on them. Seems that voting for a bunch of names then eliminating all of the top votes because they won't work doesn't strike me as very efficient (i.e. why vote on names that MIGHT be valid). The alternative of course is to just number the releases since names ultimately don't mean anything but it seems there are problems with that level of simplicity. I personally prefer Tristan's suggestion to keep it as simple as possible. In a few years we'll run out of letters anyway. Just my two cents. Adam *Adam Lawson* AQORN, Inc. 427 North Tatnall Street Ste. 58461 Wilmington, Delaware 19801-2230 Toll-free: (844) 4-AQORN-NOW ext. 101 International: +1 302-387-4660 Direct: +1 916-246-2072 On Thu, Jul 9, 2015 at 12:18 PM, Tim Bell wrote: > Feel free to give input on the Mitaka proposal. > > Tim > > > -----Original Message----- > > From: Jonathan Bryce [mailto:jbryce at jbryce.com] > > Sent: 09 July 2015 20:52 > > To: OpenStack Development Mailing List (not for usage questions) > > Subject: Re: [openstack-dev] [Openstack] Rescinding the M name decision > > > > > On Jul 9, 2015, at 9:35 AM, Russell Bryant wrote: > > > > > > On 07/09/2015 09:19 AM, Neil Jerram wrote: > > >> In the hope of forestalling an unnecessary sub-thread... > > >> > > >> Mita was #1 in the vote, so has presumably already been ruled out by > > >> OpenStack's legal review. > > > > > > That is correct. > > > > > > Hi everyone, > > > > I?ve really loved seeing everyone?s understanding and engagement on this > > thread as we worked through the release cycle naming for ?M?. This was > the > > first attempt to follow a new process, so not surprisingly, we found some > > improvements in the algorithm for the future. Still it?s awesome to see > how > > constructive and positive the whole conversation has been. > > > > I wanted to provide a quick update on the status of the Foundation?s > > reviews of the names. First, as Russell mentioned above, after the voting > > was completed, we asked our trademark counsel to do checks on the top 3 > > names. The first two both had significant trademark issues with existing > > trademark holders in the same space that would have prevented us from > > using the names in most jurisdictions where we have our largest > > communities (US, Europe and Asia). The 3rd choice was relatively low risk > > and so we passed word back to Monty who announced it. Once we realized > > there were other issues with Meiji, we asked for an expedited check of > the > > next 3 names: Mitaka, Musashi, and Meguro. The preliminary check shows > > that Mitaka and Meguro both present an acceptable level of risk, while > > Musashi is higher on the risk scale and would probably create problems > for > > usage. > > > > At this time, we?re going to do a deeper check on Mitaka, which was the > #4 > > candidate in voting and would be next in line after Meiji. I know > Itoh-san > > mentioned the Mitaka locale has the potential to be associated with > certain > > corporations in Japan, but my personal feeling is that may not be > significant > > enough to override it?s position in the voting and it?s availability for > use. > > > > I?d encourage anyone with other concerns about Mitaka to post those > > within the next 24 hours so we can appropriately consider and discuss > > them. We should have results on the deeper trademark check by next week > > as well and can hopefully settle on a final name. > > > > Thanks again for all the discussion and participation and especially to > > Monty who?s been on the front lines of helping us navigate this. Feel > free to > > let me know if you have any other questions, > > > > Jonathan > > 210-317-2438 > > > > > > __________________________________________________________ > > ________________ > > OpenStack Development Mailing List (not for usage questions) > > Unsubscribe: OpenStack-dev- > > request at lists.openstack.org?subject:unsubscribe > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tom at openstack.org Fri Jul 10 04:28:48 2015 From: tom at openstack.org (Tom Fifield) Date: Fri, 10 Jul 2015 12:28:48 +0800 Subject: [Openstack-operators] Palo Alto Midcycle - agenda brainstorming Message-ID: <559F4A00.2060606@openstack.org> Hi all, As you've seen - the Ops mid-cycle will be in Palo Alto, August 18&19, and we need your help to work out what should be on the agenda. If you're new: note this is aimed at giving us a design-summit-style place to congregate, swap best practices, ideas and give feedback, and is not a good place to learn about the basics of OpenStack. As usual, we're working to act on the feedback from all past events to make this one better than ever. One that we continue to work on is the need to see action happen as a result of this event, so please - when you are suggesting sessions in the below etherpad please try and phrase them in a way that will probably result in things happening afterward. ********************************************************************** Please propose session ideas on: https://etherpad.openstack.org/p/PAO-ops-meetup ensuring you read the new instructions to make sessions 'actionable'. ********************************************************************** The room allocations are still being worked out (all hail Allison!), but the current thinking is that the general sessions will all be in the morning of both days, and the working groups will be in the afternoon - similar to Philadelphia. We probably have a lot more space for smaller working groups this time. More as it comes, and as always, further information about ops meetups and notes from the past can be found on the wiki @: https://wiki.openstack.org/wiki/Operations/Meetups Finally, don't forget to register ASAP: http://www.eventbrite.com/e/openstack-ops-mid-cycle-meetup-tickets-17703258924 ! Regards, Tom From thierry at openstack.org Fri Jul 10 09:19:13 2015 From: thierry at openstack.org (Thierry Carrez) Date: Fri, 10 Jul 2015 11:19:13 +0200 Subject: [Openstack-operators] [openstack-dev] [Openstack] Rescinding the M name decision In-Reply-To: References: <559D365B.8020506@inaugust.com> <559E74FB.2040305@metaswitch.com> <559E8699.8030203@redhat.com> <37CF409B-F4B5-4B13-ADFF-F6460D471238@jbryce.com> <5D7F9996EA547448BC6C54C8C5AAF4E5010A2CC386@CERNXCHG44.cern.ch> Message-ID: <559F8E11.5020005@openstack.org> Adam Lawson wrote: > The alternative of course is to just number the releases since names > ultimately don't mean anything but it seems there are problems with that > level of simplicity. I personally prefer Tristan's suggestion to keep it > as simple as possible. In a few years we'll run out of letters anyway. Part of the confusion here is that we are not naming "releases". We are naming release *cycles*. We are giving a name to a period of time, basically. In that period of time, various version numbers for various components will be released. Saying "Glance 12.0.0 was released in OpenStack 13 cycle" is not really helping. We won't run out of letters, because the names can cycle back to A (potentially using a new theme, away from "geographic features near where the corresponding design summit happened"). So while we could technically name a release cycle "14", I feel it's a bit more difficult to rally around a number than a name. Also, numbers wouldn't really solve the perceived issues with names: numbers happen to also be culturally meaningful. You don't have a 13th floor in many US buildings. In China, building miss the 4th floor instead. 9 is feared in Japan. And don't talk about 39 to Afghans. I think "growing up" is accepting the pain that comes with picking a good name, rather than sidestepping the issue. -- Thierry Carrez (ttx) From Neil.Jerram at metaswitch.com Fri Jul 10 09:25:39 2015 From: Neil.Jerram at metaswitch.com (Neil Jerram) Date: Fri, 10 Jul 2015 10:25:39 +0100 Subject: [Openstack-operators] [openstack-dev] [Openstack] Rescinding the M name decision In-Reply-To: <559F8E11.5020005@openstack.org> References: <559D365B.8020506@inaugust.com> <559E74FB.2040305@metaswitch.com> <559E8699.8030203@redhat.com> <37CF409B-F4B5-4B13-ADFF-F6460D471238@jbryce.com> <5D7F9996EA547448BC6C54C8C5AAF4E5010A2CC386@CERNXCHG44.cern.ch> <559F8E11.5020005@openstack.org> Message-ID: <559F8F93.5050902@metaswitch.com> On 10/07/15 10:19, Thierry Carrez wrote: > > Part of the confusion here is that we are not naming "releases". We are > naming release *cycles*. We are giving a name to a period of time, > basically. In that period of time, various version numbers for various > components will be released. Saying "Glance 12.0.0 was released in > OpenStack 13 cycle" is not really helping. > > We won't run out of letters, because the names can cycle back to A > (potentially using a new theme, away from "geographic features near > where the corresponding design summit happened"). > > So while we could technically name a release cycle "14", I feel it's a > bit more difficult to rally around a number than a name. Also, numbers > wouldn't really solve the perceived issues with names: numbers happen to > also be culturally meaningful. You don't have a 13th floor in many US > buildings. In China, building miss the 4th floor instead. 9 is feared in > Japan. And don't talk about 39 to Afghans. > > I think "growing up" is accepting the pain that comes with picking a > good name, rather than sidestepping the issue. +1 to all that. Nicely put. Neil From mvanwink at rackspace.com Fri Jul 10 12:14:50 2015 From: mvanwink at rackspace.com (Matt Van Winkle) Date: Fri, 10 Jul 2015 12:14:50 +0000 Subject: [Openstack-operators] [Large Deployments Team] A few Housekeeping items Message-ID: Hey folks, Following our discussions in YVR, and in the last monthly meeting, we have a few things related to meetings to work on. 1. Because the new gerrit based meeting scheuler doesn't handle monthly meetings, we made the move in June to #openstack-operators. This seemed to work quite we'll, and unless anyone has any objections, we'll keep it that way going forward. 2. We need to pick and official time for the APAC friendly meeting time on the alternating months - January, March, May, July, Sepetember and November. I've set up the following poll for that - http://doodle.com/cpug2c3xypnk5aep 3. For this month, I posted two options - next Thursday (we normally target the 3rd Thursday) or the following since there are 5 Thursdays in July. I'll pick the most popular vote by Monday for this months and the most popular time slot between both options for the official time going forward. I'll make sure the later is reflected here - https://wiki.openstack.org/wiki/Meetings/LDT Overall, things are going quite well. We are actually seeing an active feedback loop that started with our discussion of network segmentation in YVR, led to combined LDT and Neutron dev interaction in the last meeting, involved gathering use cases following that and ultimately, had members of the LDT form GoDaddy in the Neutron mid-cycle. This is exactly what we wanted to see happen with the creation of this team. Great work all! A good portion of this month's meeting will be getting caught up on where we are with this particular feedback loop. As always, please let me know if you have any questions or concerns. Thanks! Matt -------------- next part -------------- An HTML attachment was scrubbed... URL: From uckey.1067 at gmail.com Fri Jul 10 13:50:41 2015 From: uckey.1067 at gmail.com (Yuki Nishiwaki) Date: Fri, 10 Jul 2015 22:50:41 +0900 Subject: [Openstack-operators] Cant ping or SSH Cirros VM #Kilo-Multinode# In-Reply-To: References: Message-ID: Hello Abhishek. I will answer about two problem - controller can?t ping any external network - vm can?t access internet First , about the problem controller can?t ping any external network > I am able to boot a VM and it goes to active state but cannot ping it from Controller or any external network. > If you want to ping vm which connected to external network from controller , you need to create nic belong to segment the same as external network in controller. As described bellow, your controller don?t have the nic belong to external network. > **#Controller Node** > > # The primary network interface - NAT connection > auto eth0 > iface eth0 inet dhcp > > # vboxnet0 - OpenStack management network > auto eth1 > iface eth1 inet static > address 10.0.0.11 > netmask 255.255.255.0 Second, about the problem vm can?t access internet > Moreover, as per the install guide the VM should be able to ping ?openstack.org? to verify ext-net connectivity it is not doing that. The VM is able to ping the tenant router gateway of the external network interface ?192.168.56.105?. > the reason of this problem is that your network node don?t routing or the next router of network node don?t know external network ( 192.168.56.0/24 ). this problem can be solved by following - Set NAT to NIC belong to segment which can access internet in network node I?m grad if this information help you. Yuki Nishiwaki 2015/07/09 18:38?Abhishek Talwar ????? > HI Folks, > > > > I have a multinode OpenStack kilo setup with a controller node, network node and 2 compute nodes. I followed all the steps (http://docs.openstack.org/kilo/instal...) given in the OpenStack kilo install guide. I am able to boot a VM and it goes to active state but cannot ping it from Controller or any external network. > > The external network interface (eth3) has a gateway of 192.168.56.105 and we can ping it from any external network. > > I have assigned a floting ip to the VM, and added the icmp and tcp rules to allow the ping and SSH but we can't ping to the VM. > > Moreover, as per the install guide the VM should be able to ping ?openstack.org? to verify ext-net connectivity it is not doing that. The VM is able to ping the tenant router gateway of the external network interface ?192.168.56.105?. > > How should we proceed further to enable the ping and SSH functionality. > > The setup details are listed as follows: > > > > > **#Controller Node** > > # The primary network interface - NAT connection > auto eth0 > iface eth0 inet dhcp > > # vboxnet0 - OpenStack management network > auto eth1 > iface eth1 inet static > address 10.0.0.11 > netmask 255.255.255.0 > > **#Network Node** > > # vboxnet0 - OpenStack management network > auto eth1 > iface eth1 inet static > address 10.0.0.21 > netmask 255.255.255.0 > > # vboxnet2 - OpenStack data/communication network > auto eth2 > iface eth2 inet static > address 10.0.1.21 > netmask 255.255.255.0 > > #vboxnet0 - For exposing external network > auto eth3 > iface eth3 inet manual > up ip link set dev $IFACE up > down ip link set dev $IFACE down > > > > **#Compute Node** > > # The primary network interface - NAT connection > auto eth0 > iface eth0 inet dhcp > > # vboxnet0 - OpenStack management network > auto eth1 > iface eth1 inet static > address 10.0.0.31 > netmask 255.255.255.0 > > # vboxnet2 - OpenStack VM data/communication network > auto eth2 > iface eth2 inet static > address 10.0.1.31 > netmask 255.255.255.0 > > > **#Compute1 Node** > > # The primary network interface - NAT connection > auto eth0 > iface eth0 inet dhcp > > # vboxnet0 - OpenStack management network > auto eth1 > iface eth1 inet static > address 10.0.0.32 > netmask 255.255.255.0 > > # vboxnet2 - OpenStack VM data/communication network > auto eth2 > iface eth2 inet static > address 10.0.1.32 > netmask 255.255.255.0 > > **#neutron net-list** > > ------------------------------------------+ > | id | name | subnets | > +--------------------------------------+-----------+-----------------------------------------------------+ > | > | 6c91a7e8-4182-4fb7-8d42-b83ca6775e57 | ext-net | c4dac528-3fa9-47db-a5c4-50590ed8edf5 | > | 314323cd-cbd1-43e9-a5f5-58213a6afdee | demo-net1 | 7412369e-a91f-4228-af55-2792fde85d3d 192.168.1.0/24 | > +--------------------------------------+-----------+-----------------------------------------------------+ > > > **# neutron floatingip-list** > -----------------+--------------------------------------+ > | id | fixed_ip_address | floating_ip_address | port_id | > +--------------------------------------+------------------+---------------------+--------------------------------------+ > | 65872868-6318-4eb3-bce4-6bd8922b90e1 | 192.168.1.3 | 192.168.56.109 | 3a2f47f7-cbc4-4558-b91c-2886de545cd7 | > +--------------------------------------+------------------+---------------------+--------------------------------------+ > > **# nova list** > ------+-------------+---------------------------------------+ > | ID | Name | Status | Task State | Power State | Networks | > +--------------------------------------+-------+--------+------------+-------------+---------------------------------------+ > | 1ebf21e7-3073-4d68-ae59-ec168c3e51c7 | vm786 | ACTIVE | - | Running | demo-net1=192.168.1.3, 192.168.56.109 | > > > > > > > > **Added the rules to the default security group:** > > a. Permit ICMP (ping): > $ nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0 > +-------------+-----------+---------+-----------+--------------+ > | IP Protocol | From Port | To Port | IP Range | Source Group | > +-------------+-----------+---------+-----------+--------------+ > | icmp | -1 | -1 | 0.0.0.0/0 | | > +-------------+-----------+---------+-----------+--------------+ > > b. Permit secure shell (SSH) access: > $ nova secgroup-add-rule default tcp 22 22 0.0.0.0/0 > +-------------+-----------+---------+-----------+--------------+ > | IP Protocol | From Port | To Port | IP Range | Source Group | > +-------------+-----------+---------+-----------+--------------+ > | tcp | 22 | 22 | 0.0.0.0/0 | | > +-------------+-----------+---------+-----------+--------------+ > > > # ovs-vsctl show > ebc068e7-0b6d-45c7-9408-87e2af9af64a > Bridge br-tun > fail_mode: secure > Port patch-int > Interface patch-int > type: patch > options: {peer=patch-tun} > Port "gre-0a00011f" > Interface "gre-0a00011f" > type: gre > options: {df_default="true", in_key=flow, local_ip="10.0.1.21", out_key=flow, remote_ip="10.0.1.31"} > Port "gre-0a000120" > Interface "gre-0a000120" > type: gre > options: {df_default="true", in_key=flow, local_ip="10.0.1.21", out_key=flow, remote_ip="10.0.1.32"} > Port br-tun > Interface br-tun > type: internal > Bridge br-int > fail_mode: secure > Port "qr-b1bbd942-2e" > tag: 3 > Interface "qr-b1bbd942-2e" > type: internal > Port "qg-d104c0f4-62" > tag: 2 > Interface "qg-d104c0f4-62" > type: internal > Port "qr-f5934280-24" > tag: 1 > Interface "qr-f5934280-24" > type: internal > Port patch-tun > Interface patch-tun > type: patch > options: {peer=patch-int} > Port "tap5cc41425-9c" > tag: 1 > Interface "tap5cc41425-9c" > type: internal > Port "qr-565908b5-18" > tag: 1 > Interface "qr-565908b5-18" > type: internal > Port "qg-1ac2537b-9d" > tag: 2 > Interface "qg-1ac2537b-9d" > type: internal > Port "qg-a0ff0263-ca" > tag: 2 > Interface "qg-a0ff0263-ca" > type: internal > Port br-int > Interface br-int > type: internal > Port "tap333dbc90-e6" > tag: 3 > Interface "tap333dbc90-e6" > type: internal > Port int-br-ex > Interface int-br-ex > type: patch > options: {peer=phy-br-ex} > Bridge br-ex > Port "eth3" > Interface "eth3" > Port br-ex > Interface br-ex > type: internal > Port phy-br-ex > Interface phy-br-ex > type: patch > options: {peer=int-br-ex} > ovs_version: "2.3.1" > > > Kindly check my setup and please provide some inputs how can I proceed further. > > > Thanks and Regards > Abhishek Talwar > =====-----=====-----===== > Notice: The information contained in this e-mail > message and/or attachments to it may contain > confidential or privileged information. If you are > not the intended recipient, any dissemination, use, > review, distribution, printing or copying of the > information contained in this e-mail message > and/or attachments to it are strictly prohibited. If > you have received this communication in error, > please notify us by reply e-mail or telephone and > immediately and permanently delete the message > and any attachments. Thank you > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -------------- next part -------------- An HTML attachment was scrubbed... URL: From kevin.carter at RACKSPACE.COM Fri Jul 10 18:25:50 2015 From: kevin.carter at RACKSPACE.COM (Kevin Carter) Date: Fri, 10 Jul 2015 18:25:50 +0000 Subject: [Openstack-operators] OSAD for RHEL In-Reply-To: <559EA21B.6090407@redhat.com> References: <7A20AC6B-28B1-405E-975E-2455AD23260F@gmail.com> <559DF998.8080605@redhat.com> <44CC9E4900D54CCABFC4E9B2F4CD13BD@dewey.ws> ,<559EA21B.6090407@redhat.com> Message-ID: <1436552750102.45275@RACKSPACE.COM> To be clear the present OSAD project really has no intention to bring package based installations of OpenStack. We'd certainly not reject the idea and wouldn't mind having an implementation spec for it but all of our current tooling and design principles have been based on the fact that we've move away from distro packages and on to upstream source as it pertains to OpenStack. The system as it stands today creates an internal repository of built wheels for your environment and all of the OpenStack services are installed within LXC containers, where possible and it makes sense. The installation of these bits comes from the internal wheel repository and uses pip and all of the pre / post config happens within the Ansible playbooks. One issue that will become a problem, for users of RedHat specifically, is the fact that RedHat has no LXC container templates (at least none that are publicly available) and even if someone were to make an official RedHat container template there'd be issues with the containers being able to connect to the satellite servers as well as other potential license problems. I've done some experimenting with a RedHat 7.1 hosts and CentOS 7 containers and things seem to work OK but I'd not say that I have really put a lot of effort into it. That said, if its something that you'd all like to work on I'd be happy to help out to make it all go. -- Kevin Carter ________________________________ From: Adam Young Sent: Thursday, July 9, 2015 11:32 AM To: Kris G. Lindgren; John Dewey Cc: openstack-operators at lists.openstack.org Subject: Re: [Openstack-operators] OSAD for RHEL On 07/09/2015 02:16 AM, Kris G. Lindgren wrote: Does OSP support running each service in an LXC container as well? What about nova-cells? How does it handle people who need to carry local changes? What is the upgrade path like with OSP? So, ignoring the Hypervisor for the moment, there is no reason that the rest of the controllers can't run in separate Containers. I think a container based deployment would be fantastic. venv is not really sufficient, as the system level binaries can still conflict (MysQL and LDAP both require system libraries for Keystone, for example) >From an Ansible perspective; we need to be able to share the HTTPD instance for Keystone and Apache, and getting that right will solve most of the issues deploying in a secure manner. Putting Them on separate hosts or containers should be a degenerate case, and thus be supported, too. Asking, because in Philly the general consensus, I fel,t was people want to move away from the current system level package stuff and move towards: venv's, "lightweight packages", containers. The only reason that was brought up to keep packages around was to solve the non-python lib stuff and using a depsolver (yum/apt) that doesn't suck (pip). So I am pretty sure my wants are inline with what other people in the community are either already doing or moving towards. ___________________________________________ Kris Lindgren Senior Linux Systems Engineer GoDaddy, LLC. From: John Dewey > Date: Wednesday, July 8, 2015 at 11:43 PM To: "Kris G. Lindgren" > Cc: Adam Young >, "openstack-operators at lists.openstack.org" > Subject: Re: [Openstack-operators] OSAD for RHEL This would not be acceptable for those running OSP. On Wednesday, July 8, 2015 at 10:12 PM, Kris G. Lindgren wrote: I should be more clear. My current thought is to have a venv packaged inside an rpm - so the rpm includes the needed init scripts, ensures the required system level binaries are installed, adds the users - ect ect. But would be a single deployable autonomous unit. Also, have a versioning schema to roll forward and back between venvs for quick update/rollback. We are already working on doing something similar to this to run kilo on cent6 boxen, until we can finish revving the remaining parts of the fleet to cent7. My desire is to move away from using system level python & openstack packages, so that I can possibly run mismatched versions if I need to. We had a need to run kilo ceilometer and juno neutron/nova on a single server. The conflicting python requirements between those made that task impossible. In general I want to get away from treating Openstack as a single system that everything needs to be upgraded in lock step (packages force you into this). I want to move to being able to upgrade say oslo.messaging to a newer version on just say nova on my control plane servers. Or upgrade nova to kilo while keeping the rest of the system (neutron) on juno. Unless I run each service in a vm/container or on a physical piece of hardware that is pretty much impossible to do with packages - outside of placing everything inside venv's. However, it is my understanding that OSAD already builds its own python-wheels and runs those inside lxc containers. So I don?t really follow what good throwing those into an rpm would really do? ____________________________________________ Kris Lindgren Senior Linux Systems Engineer GoDaddy, LLC. On 7/8/15, 10:33 PM, "Adam Young" > wrote: On 07/07/2015 05:55 PM, Kris G. Lindgren wrote: +1 on RHEL support. I have some interest in moving away from packages and am interested in the OSAD tooling as well. I would not recommend an approach targetting RHEL that does not use packages. OSAD support for RHEL using packages would be an outstanding tool. Which way are you planning on taking it? ____________________________________________ Kris Lindgren Senior Linux Systems Engineer GoDaddy, LLC. On 7/7/15, 3:38 PM, "Abel Lopez" > wrote: Hey everyone, I've started looking at osad, and I like much of the direction it takes. I'm pretty interested in developing it to run on RHEL, I just wanted to check if anyone would be -2 opposed to that before I spend cycles on it. _______________________________________________ OpenStack-operators mailing list OpenStack-operators at lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators _______________________________________________ OpenStack-operators mailing list OpenStack-operators at lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators _______________________________________________ OpenStack-operators mailing list OpenStack-operators at lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -------------- next part -------------- An HTML attachment was scrubbed... URL: From nicole at openstack.org Fri Jul 10 18:49:32 2015 From: nicole at openstack.org (Nicole Martinelli) Date: Fri, 10 Jul 2015 11:49:32 -0700 Subject: [Openstack-operators] OpenStack Community Weekly Newsletter (July 3 - 10) Message-ID: <55A013BC.8030202@openstack.org> Seven habits of highly effective OpenStack contributors If you want to be an awesome OpenStack contributor, there?s a formula for that. So says Adrian Otto, who should know. Otto is a distinguished architect at Rackspace, chairman of the OpenStack containers team, current project team lead (PTL) for Magnum and launched the Solum project back in 2013. Ops Mid-Cycle Meetup in Palo Alto, Aug 18-19 We finalized the dates and location of the Ops mid-cycle meetup. Due to timing and the size of our growing event, the best option to accommodate 300 people (if needed) will be Crowne Plaza Hotel in Palo Alto, CA, August 18-19, 2015. Register now and join the brainstorming to define the agenda. The Road to Tokyo * *IMPORTANT AND TIME SENSITIVE*:Need a visa for the Tokyo Summit? Here?s what you need to know * Interested in being a Tokyo Summit Sponsor? * How to craft a successful OpenStack Summit proposal * Tips for getting a travel grant to the next OpenStack Summit * Accepting presentation submissions until July 15th, 2015, 11:59 pm PDT Reports from Previous Events * Third OpenStack CEE Day grows by 35 percent Relevant Conversations * Strategy to port Swift to Python 3 * [Neutron] Linux Bridge CI status report * Thoughts on ReleaseNoteImpact git commit message tag Deadlines and Contributors Notifications * Full list of mid-cycle sprints (meetups) * CHANGED TIME AND VENUE: Product WG Liberty Meetup: August 20-21-12, 2015 @Cisco, San Jose, CA Security Advisories and Notices * [OSSN 0049] Nova ironic driver logs sensitive information while operating in debug mode Tips ?n Tricks * By Jake Girouard : Mirantis Training Blog: User Deletion and User VMs * By Gorka Eguileor : Inside Cinder?s Incremental Backup * By Spencer Smith : Up and running with Docker Machine and OpenStack * By Dan Smith : Upgrading Nova to Kilo with minimal downtime * By Steve Martinelli : Viewing Keystone CADF notifications with Ceilometer and RabbitMQ * By Craige McWhirter : How To Delete a Cinder Snapshot with a Status of error or error_deleting With Ceph Block Storage Open Call for Proposals * OpenStack Summit Tokyo, open until July 15 Recently Merged Specs Subject Owner Project Change release model to independent releases Jim Rollenhagen openstack/ironic-specs Add service-version-number spec Dan Smith openstack/nova-specs Cleanup tempest-library spec Ken'ichi Ohmichi openstack/qa-specs Add simulation mode spec Ekaterina Chernova openstack/murano-specs Make ilo drivers standalone work without swift Nisha Agarwal openstack/ironic-specs Add spec for migrating service client to lib Ghanshyam Mann openstack/qa-specs Database connection switching for cells melanie witt openstack/nova-specs Add get_attr form to return all attributes Peter Razumovsky openstack/heat-specs Add root-disable api Duk Loi openstack/trove-specs Add REJECT into action rule of FWaaS. Toshiaki Higuchi openstack/neutron-specs Support Keystone v3 API in openstack puppet modules Richard Megginson openstack/puppet-openstack-specs Updated attributes in blueprint to match the code Madhusudhan Kandadai openstack/neutron-specs Properly capitalize OpenStack Andreas Jaeger openstack/openstack-chef-specs Support data driven test plans for role assignment testing henry-nash openstack/keystone-specs Add a spec for in tree upgrade tests Sirushti Murugesan openstack/heat-specs Use Templates for Scenario Tests Configuration Luigi Toscano openstack/sahara-specs Volume migration improvement for Liberty version Vincent Hou openstack/cinder-specs Setup Security Specs Repo Priti Desai openstack/security-specs get-me-a-network: Really get a network Kyle Mestery openstack/neutron-specs Added spec for add-cas Ade Lee openstack/barbican-specs Spec for sending polled meters to notification agent Chris Dent openstack/ceilometer-specs Integrate DNS resolution with an external DNS service Carl Baldwin openstack/neutron-specs Fix diagram representation in rst Alexander Makarov openstack/keystone-specs API changes for Reseller Raildo Mascena de Sousa Filho openstack/keystone-specs Add OS::Heat::None resource spec Steven Hardy openstack/heat-specs Remove name field from fields in dynamic UI Ekaterina Chernova openstack/murano-specs Add heat template-function-list command Oleksii Chuprykov openstack/heat-specs Move devstack-external-plugins spec into implemented Matthew Treinish openstack/qa-specs Support Keystone v3 API in openstack puppet modules Richard Megginson openstack/puppet-openstack-specs Implement server instance tagging Sergey Nikitin openstack/nova-specs Keystone Lightweight Tokens (KLWT) Lance Bragstad openstack/keystone-specs Use underscores instead of dashes as word separators in API resource names Dave McCowan openstack/barbican-specs console: convert consoles code to use objects framework sahid openstack/nova-specs Adds Hyper-V vNUMA enable spec Claudiu Belu openstack/nova-specs Adds Hyper-V vTPM devices spec Claudiu Belu openstack/nova-specs RPC and versionobject compatibility Thang Pham openstack/cinder-specs Don't put subnet pools in a scope by default Carl Baldwin openstack/neutron-specs New ZeroMQ driver implementation details Oleksii Zamiatin openstack/oslo-specs Add user-identity-format-flexibility for oslo.log Doug Hellmann openstack/oslo-specs Enable optional dependencies in OpenStack projects lifeless openstack/oslo-specs Specification for Adding Kafka Driver Komei Shimamura openstack/oslo-specs Add flavor tables to API database Vineet Menon openstack/nova-specs Servicegroup foundational refactoring for Control Plane Vilobh Meshram openstack/nova-specs Upcoming Events Celebrating 5 Years of OpenStack at OSCON on Wednesday, July 22nd: RSVP * Jul 11, 2015 OpenStack's 5th Birthday Party "Bangalore Chapter" Bangalore, IN * Jul 11, 2015 OpenStack 5th B-Day ? Nairobi Nairobi, KE * Jul 11, 2015 ? ? openstack meetup???? Xian, CN * Jul 11, 2015 OpenStack's 5th Birthday Party "New Delhi Chapter" New Delhi, IN * Jul 12, 2015 OpenStack 5th Birthday Party Shenzhen, CN * Jul 12, 2015 OpenStack Translators Meet Up Beijing, CN * Jul 13, 2015 5?????? OpenStack Summit???? Tokyo, JP * Jul 13, 2015 OpenStack 5th Birthday Celebration! Tel Aviv-Yafo, IL * Jul 14, 2015 Openstack V Birthday * Jul 16, 2015 OpenStack L.A. 5th Birthday Meetup Los Angeles, CA, US * Jul 17 - 18, 2015 OpenStack Thailand 2015 Bangkok, TH * Jul 20 - 24, 2015 OSCON 2015 Portland, OR, US * Jul 22, 2015 5 Years of OpenStack Portland, Oregon, US * Jul 22, 2015 OpenStack 5th Birthday Russia Moscow, Moscow, RU * Jul 28, 2015 OpenStack 5th Birthday ? Austin Austin, Texas, US * Jul 30 - 31, 2015 DCD INTERNET San Francisco, CA, US * Jul 31 2015 OpenStack Mini Conference Pycon, Brisbane, AU * Aug 07 - 08, 2015 OpenStack Day India 2015 Bangalore, Karnataka, IN * Aug 10 - 13, 2015 Gartner Catalyst Conference San Diego, CA, US * Aug 11, 2015 OpenStack Day Taiwan 2015 Taipei, TW * Aug 13 - 14, 2015 OpenStack Collective Austin, TX, US * Aug 19 - 21, 2015 China Liberty Hackathon Xian, Shanxi, CN * Aug 20, 2015 OpenStack Day Seattle 2015 Seattle, WA, US * Aug 25, 2015 OpenStack Trove Day 2015 San Jose, CA, US * Aug 26 - 27, 2015 OpenStack Silicon Valley Mountain View, California, US * Aug 27, 2015 OpenStack Nova Deep Dive Meetup Cluj-Napoca, Cluj, RO * Sep 19, 2015 OpenStack Benelux Conference 2015 Bussum, NL * Sep 21 - 24, 2015 Storage Developer Conference Santa Clara, CA, CA, US * Oct 04 - 08, 2015 Gartner SymposiumITxpo Orlando, FL, US * Nov 05, 2015 #CloudBeerStockholm Stockholm, SE * Nov 15 - 20, 2015 Supercomputing 15 Austin, TX, US Other News * What's Up, Doc? 10 July 2015 * Officially forming project under User committee and repo /The weekly newsletter is a way for the community to learn about all the various activities occurring on a weekly basis. If you would like to add content to a weekly update or have an idea about this newsletter, please leave a comment./ -------------- next part -------------- An HTML attachment was scrubbed... URL: From siv.devops at gmail.com Fri Jul 10 19:25:57 2015 From: siv.devops at gmail.com (pra devOPS) Date: Fri, 10 Jul 2015 12:25:57 -0700 Subject: [Openstack-operators] FAiled to create instance wiht openstack nova network Message-ID: All: I get the following error when trying to create an instance in openstack icehouse centOS 7 on nova network. nova network logs and UI logs are pasted at: *http://paste.openstack.org/show/362706/ * Can somebdody give susggestiong? Thanks,Siva -------------- next part -------------- An HTML attachment was scrubbed... URL: From mriedem at linux.vnet.ibm.com Fri Jul 10 19:54:26 2015 From: mriedem at linux.vnet.ibm.com (Matt Riedemann) Date: Fri, 10 Jul 2015 14:54:26 -0500 Subject: [Openstack-operators] DB archive deleted rows In-Reply-To: References: Message-ID: <55A022F2.6000701@linux.vnet.ibm.com> On 10/2/2014 9:51 AM, Simon McCartney wrote: > We're using the exceptionally crude scripts > here: https://gist.github.com/8b90b0b913df9f679d16 > & https://gist.github.com/efbb3b55bffd5bd41a42 (this is on a Grizzly > environment) > > if you try the archive script & it fails, it should tell you what record > in what table failed (we had to clean up a few fixed_ip table entries by > hand to clear some dangling FKs) > > Simon. > -- > Simon McCartney > "If not me, who? If not now, when?" > +447710836915 > > On 2 October 2014 at 15:18:32, Belmiro Moreira > (moreira.belmiro.email.lists at gmail.com > ) wrote: > >> Hi, >> our nova DBs are growing rapidly and it's time to start pruning them... >> >> I'm trying the "archive deleted rows" however is not working and I'm >> getting the following >> warning in the logs: "IntegrityError detected when archiving table" >> Searching about this problem I found the bug >> "https://bugs.launchpad.net/nova/+bug/1183523" >> which, if I understood correctly, means this functionality is broken >> for a while... >> >> How are other deployments dealing with growing DBs? >> >> thanks, >> Belmiro >> _______________________________________________ >> OpenStack-operators mailing list >> OpenStack-operators at lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > Heh, very timely comment on dangling FKeys in the fixed_ips table, we're discussing that in a spec which proposes adding a script in the nova tree to do the deleted instance purge work [1]. I didn't have fixed_ips in the whitelist of tables to purge because technically when deleting an instance and using nova-network, we should be disassociating the instance from the fixed_ip in the database which removes the FKey constraint issue, but if there are bugs in that teardown path in nova-network and the disassociation didn't happen, but the instance is marked as deleted, we'll have problems during archive/purge. Can you comment on which version of nova you were hitting this issue with? Grizzly? Is it still an issue? [1] https://review.openstack.org/#/c/200224/ -- Thanks, Matt Riedemann From matt at nycresistor.com Fri Jul 10 20:30:08 2015 From: matt at nycresistor.com (matt) Date: Fri, 10 Jul 2015 16:30:08 -0400 Subject: [Openstack-operators] FAiled to create instance wiht openstack nova network In-Reply-To: References: Message-ID: root-wrap failed probably a config error. might want to post your nova configs with commenting out of passwords / service tokens. dnsmasq --strict-order --bind-interfaces --conf-file= --pid-file=/var/lib/nova/networks/nova-br100.pid --listen-address=192.168.22.1 --except-interface=lo --dhcp-range=set:demo-net,192.168.22.2,static,255.255.255.0,120s --dhcp-lease-max=256 --dhcp-hostsfile=/var/lib/nova/networks/nova-br100.conf --dhcp-script=/usr/bin/nova-dhcpbridge --leasefile-ro --domain=novalocal --no-hosts --addn-hosts=/var/lib/nova/networks/nova-br100.hosts 2015-07-10 15:30:29.753 3044 TRACE oslo.messaging.rpc.dispatcher Exit code: 2 needs to run as root. exit code 2 is obviously pretty bad. so that NEEDs to be fixed. On Fri, Jul 10, 2015 at 3:25 PM, pra devOPS wrote: > All: > > I get the following error when trying to create an instance in openstack > icehouse centOS 7 on nova network. > > nova network logs and UI logs are pasted at: > *http://paste.openstack.org/show/362706/ > * > > > > Can somebdody give susggestiong? > Thanks,Siva > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From bluejay.ahn at gmail.com Sat Jul 11 07:30:17 2015 From: bluejay.ahn at gmail.com (Jaesuk Ahn) Date: Sat, 11 Jul 2015 07:30:17 +0000 Subject: [Openstack-operators] [openstack-dev] [Openstack] Rescinding the M name decision In-Reply-To: <559F8F93.5050902@metaswitch.com> References: <559D365B.8020506@inaugust.com> <559E74FB.2040305@metaswitch.com> <559E8699.8030203@redhat.com> <37CF409B-F4B5-4B13-ADFF-F6460D471238@jbryce.com> <5D7F9996EA547448BC6C54C8C5AAF4E5010A2CC386@CERNXCHG44.cern.ch> <559F8E11.5020005@openstack.org> <559F8F93.5050902@metaswitch.com> Message-ID: +1 from me as well. 2015? 7? 10? (?) 18:27, Neil Jerram ?? ??: > On 10/07/15 10:19, Thierry Carrez wrote: > > > > Part of the confusion here is that we are not naming "releases". We are > > naming release *cycles*. We are giving a name to a period of time, > > basically. In that period of time, various version numbers for various > > components will be released. Saying "Glance 12.0.0 was released in > > OpenStack 13 cycle" is not really helping. > > > > We won't run out of letters, because the names can cycle back to A > > (potentially using a new theme, away from "geographic features near > > where the corresponding design summit happened"). > > > > So while we could technically name a release cycle "14", I feel it's a > > bit more difficult to rally around a number than a name. Also, numbers > > wouldn't really solve the perceived issues with names: numbers happen to > > also be culturally meaningful. You don't have a 13th floor in many US > > buildings. In China, building miss the 4th floor instead. 9 is feared in > > Japan. And don't talk about 39 to Afghans. > > > > I think "growing up" is accepting the pain that comes with picking a > > good name, rather than sidestepping the issue. > > +1 to all that. Nicely put. > > Neil > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > -------------- next part -------------- An HTML attachment was scrubbed... URL: From gang.sungjin at gmail.com Sun Jul 12 14:29:09 2015 From: gang.sungjin at gmail.com (SungJin Kang) Date: Sun, 12 Jul 2015 23:29:09 +0900 Subject: [Openstack-operators] [Openstack] [openstack-dev] Rescinding the M name decision In-Reply-To: <559F8E11.5020005@openstack.org> References: <559D365B.8020506@inaugust.com> <559E74FB.2040305@metaswitch.com> <559E8699.8030203@redhat.com> <37CF409B-F4B5-4B13-ADFF-F6460D471238@jbryce.com> <5D7F9996EA547448BC6C54C8C5AAF4E5010A2CC386@CERNXCHG44.cern.ch> <559F8E11.5020005@openstack.org> Message-ID: +1 for this 2015-07-10 18:19 GMT+09:00 Thierry Carrez : > Adam Lawson wrote: > > The alternative of course is to just number the releases since names > > ultimately don't mean anything but it seems there are problems with that > > level of simplicity. I personally prefer Tristan's suggestion to keep it > > as simple as possible. In a few years we'll run out of letters anyway. > > Part of the confusion here is that we are not naming "releases". We are > naming release *cycles*. We are giving a name to a period of time, > basically. In that period of time, various version numbers for various > components will be released. Saying "Glance 12.0.0 was released in > OpenStack 13 cycle" is not really helping. > > We won't run out of letters, because the names can cycle back to A > (potentially using a new theme, away from "geographic features near > where the corresponding design summit happened"). > > So while we could technically name a release cycle "14", I feel it's a > bit more difficult to rally around a number than a name. Also, numbers > wouldn't really solve the perceived issues with names: numbers happen to > also be culturally meaningful. You don't have a 13th floor in many US > buildings. In China, building miss the 4th floor instead. 9 is feared in > Japan. And don't talk about 39 to Afghans. > > I think "growing up" is accepting the pain that comes with picking a > good name, rather than sidestepping the issue. > > -- > Thierry Carrez (ttx) > > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack at lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > -------------- next part -------------- An HTML attachment was scrubbed... URL: From gstepanov at mirantis.com Mon Jul 13 11:26:42 2015 From: gstepanov at mirantis.com (Gleb Stepanov) Date: Mon, 13 Jul 2015 14:26:42 +0300 Subject: [Openstack-operators] [nova] disk I/O perfomance In-Reply-To: References: Message-ID: Hello, Warren. Yes, we use properly filled file on a single splining drive. All tests are done with fio, here is a link on full test report - http://koder-ua.github.io/6.1GA/ephemeral_drive.html. Here is a link on report for same test, executed directly on HDD, used for ephemeral storage - http://koder-ua.github.io/6.1GA/compute_node_HDD.html. We are using QEMU Debian 2.0.0+dfsg-2ubuntu1.13. Your command has following output: virtio-blk-device.drive=drive virtio-blk-device.logical_block_size=blocksize virtio-blk-device.physical_block_size=blocksize virtio-blk-device.min_io_size=uint16 virtio-blk-device.opt_io_size=uint32 virtio-blk-device.bootindex=int32 virtio-blk-device.discard_granularity=uint32 virtio-blk-device.cyls=uint32 virtio-blk-device.heads=uint32 virtio-blk-device.secs=uint32 virtio-blk-device.serial=str virtio-blk-device.config-wce=on/off virtio-blk-device.scsi=on/off virtio-blk-device.x-iothread=iothread There only one vm on this compute node, and there a lot of free resources. Ballooning driver should not influence performance(FUEL 6.1). Kind regards, Gleb Stepanov. On Fri, Jul 10, 2015 at 11:10 PM, Konstantin Danilov wrote: >> ...spinning drive based on fio. > splining drive. All tests are done with fio, here is a link on full test > report - http://koder-ua.github.io/6.1GA/ephemeral_drive.html. > Here is a link on report for same test, executed directly on HDD, used for > ephemeral storage - > http://koder-ua.github.io/6.1GA/compute_node_HDD.html. > >> We use following version of QEMU emulator version 2.0.0 (Debian >> 2.0.0+dfsg-2ubuntu1.13). > We are using QEMU Debian 2.0.0+dfsg-2ubuntu1.13. > >> We have not used enviroment fully, so i guess there is not affection of >> balloning. > There only one vm on this compute node, and there a lot of free resources. > Ballooning driver should not influence performance(FUEL 6.1). > > > On Fri, Jul 10, 2015 at 11:00 PM, Gleb Stepanov > wrote: >> >> Hello, Warren. >> >> Yes, we use properly filled file on a single spinning drive based on >> fio. We use following version of QEMU emulator version 2.0.0 (Debian >> 2.0.0+dfsg-2ubuntu1.13). >> Your command has following output: >> >> virtio-blk-device.drive=drive >> virtio-blk-device.logical_block_size=blocksize >> virtio-blk-device.physical_block_size=blocksize >> virtio-blk-device.min_io_size=uint16 >> virtio-blk-device.opt_io_size=uint32 >> virtio-blk-device.bootindex=int32 >> virtio-blk-device.discard_granularity=uint32 >> virtio-blk-device.cyls=uint32 >> virtio-blk-device.heads=uint32 >> virtio-blk-device.secs=uint32 >> virtio-blk-device.serial=str >> virtio-blk-device.config-wce=on/off >> virtio-blk-device.scsi=on/off >> virtio-blk-device.x-iothread=iothread >> >> We have not used enviroment fully, so i guess there is not affection >> of balloning. >> >> Kind regards, Gleb Stepanov. >> >> On Fri, Jul 10, 2015 at 6:01 PM, Gleb Stepanov >> wrote: >> > ---------- Forwarded message ---------- >> > From: Gleb Stepanov >> > Date: Wed, Jul 8, 2015 at 1:58 PM >> > Subject: [nova] disk I/O perfomance >> > To: openstack-operators at lists.openstack.org, >> > openstack-dev at lists.openstack.org >> > >> > >> > Hello, all. >> > >> > We have measured disk I/O performance on openstack virtual machines >> > with aid of >> > FIO tool. We've tested performance on root dist drive device, test >> > consists of write operationby 4kb >> > blocks to file with size 90Gb (prefilled in advance). >> > We use qcow2 image for vm, ephemeral drive and virtio driver. >> > All configuration goes in attachment. >> > >> > There are some results: >> > >> > test 1 >> > >> > threads 1, 5, 10, 15, 20, 40 >> > iops 72,58,49,60,94,72 >> > >> > test 2 >> > threads 1, 5, 10, 15, 20, 40 >> > iops 71,60,54,88,52,52 >> > >> > test 3 >> > threads 1, 5, 10, 15, 20, 40 >> > iops 71,49,58,51,128,130 >> > >> > test 4 >> > threads 1, 5, 10, 15, 20, 40 >> > iops 65,49,60,56,52,63 >> > >> > As it is shown performance degraded during increasing amount of >> > threads, also deviation of results on 40 threads is very big. >> > Have you any ideas how to explain performance behaviour? >> > >> > Kind regards, Gleb Stepanov. > > > > > -- > Kostiantyn Danilov aka koder.ua > Principal software engineer, Mirantis > > skype:koder.ua > http://koder-ua.blogspot.com/ > http://mirantis.com From brad at shub-internet.org Mon Jul 13 15:00:07 2015 From: brad at shub-internet.org (Brad Knowles) Date: Mon, 13 Jul 2015 10:00:07 -0500 Subject: [Openstack-operators] [openstack-dev] [Openstack] Rescinding the M name decision In-Reply-To: <559F8E11.5020005@openstack.org> References: <559D365B.8020506@inaugust.com> <559E74FB.2040305@metaswitch.com> <559E8699.8030203@redhat.com> <37CF409B-F4B5-4B13-ADFF-F6460D471238@jbryce.com> <5D7F9996EA547448BC6C54C8C5AAF4E5010A2CC386@CERNXCHG44.cern.ch> <559F8E11.5020005@openstack.org> Message-ID: <671F65A1-FAF1-4F32-823D-792D9F01A095@shub-internet.org> On Jul 10, 2015, at 4:19 AM, Thierry Carrez wrote: > I think "growing up" is accepting the pain that comes with picking a > good name, rather than sidestepping the issue. I?ve heard the phrase that there are only two hard problems in computer science, and naming is one of them. Just because it is hard is not a reason to avoid doing it. Sometimes the fact that it is hard is the biggest reason why we should do it, and make sure we do it right. We have a naming scheme, based on letters and the location. IMO, we should stick with that, we just need to go further down the list on due diligence, both from a copyright/trademark/legal perspective as well as cultural and other sensitivities that might not have been obvious from the beginning. YMMV. -- Brad Knowles LinkedIn Profile: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 832 bytes Desc: Message signed with OpenPGP using GPGMail URL: From siv.devops at gmail.com Mon Jul 13 19:07:55 2015 From: siv.devops at gmail.com (pra devOPS) Date: Mon, 13 Jul 2015 12:07:55 -0700 Subject: [Openstack-operators] FAiled to create instance wiht openstack nova network In-Reply-To: References: Message-ID: Can somebody suggest me on the below? Thanks, Dev On Fri, Jul 10, 2015 at 4:32 PM, pra devOPS wrote: > Hi > > I am running as root, Please find below the nova config file. ( I am using > nova network) > > http://paste.openstack.org/show/363300/ > > Thanks, > Dev > > On Fri, Jul 10, 2015 at 1:30 PM, matt wrote: > >> root-wrap failed probably a config error. might want to post your nova >> configs with commenting out of passwords / service tokens. >> >> dnsmasq --strict-order --bind-interfaces --conf-file= --pid-file=/var/lib/nova/networks/nova-br100.pid --listen-address=192.168.22.1 --except-interface=lo --dhcp-range=set:demo-net,192.168.22.2,static,255.255.255.0,120s --dhcp-lease-max=256 --dhcp-hostsfile=/var/lib/nova/networks/nova-br100.conf --dhcp-script=/usr/bin/nova-dhcpbridge --leasefile-ro --domain=novalocal --no-hosts --addn-hosts=/var/lib/nova/networks/nova-br100.hosts >> 2015-07-10 15:30:29.753 3044 TRACE oslo.messaging.rpc.dispatcher Exit code: 2 >> >> needs to run as root. exit code 2 is obviously pretty bad. so that NEEDs to be fixed. >> >> >> >> On Fri, Jul 10, 2015 at 3:25 PM, pra devOPS wrote: >> >>> All: >>> >>> I get the following error when trying to create an instance in openstack >>> icehouse centOS 7 on nova network. >>> >>> nova network logs and UI logs are pasted at: >>> *http://paste.openstack.org/show/362706/ >>> * >>> >>> >>> >>> Can somebdody give susggestiong? >>> Thanks,Siva >>> >>> >>> _______________________________________________ >>> OpenStack-operators mailing list >>> OpenStack-operators at lists.openstack.org >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From joe at topjian.net Mon Jul 13 19:46:12 2015 From: joe at topjian.net (Joe Topjian) Date: Mon, 13 Jul 2015 13:46:12 -0600 Subject: [Openstack-operators] FAiled to create instance wiht openstack nova network In-Reply-To: References: Message-ID: Hello, According to nova.conf, you're running nova-network in multi-host mode. Just to be verbose: if your OpenStack installation is an all-in-one or if you intend for all network traffic to go through the cloud controller, this setting should be changed to false. The error message is reporting: dnsmasq: failed to create listening socket for 192.168.22.1: Cannot assign requested address Off of the top of my head, I would check to see if 192.168.22.1 exists on the server that dnsmasq is trying to run on (ip a | grep 192.168.22.1). As well, check and see if anything else is listening on 53 or 67 on that server (perhaps another instance of dnsmasq that has bound itself to all interfaces?) Hope that helps, Joe On Mon, Jul 13, 2015 at 1:07 PM, pra devOPS wrote: > > Can somebody suggest me on the below? > > Thanks, > Dev > > On Fri, Jul 10, 2015 at 4:32 PM, pra devOPS wrote: > >> Hi >> >> I am running as root, Please find below the nova config file. ( I am >> using nova network) >> >> http://paste.openstack.org/show/363300/ >> >> Thanks, >> Dev >> >> On Fri, Jul 10, 2015 at 1:30 PM, matt wrote: >> >>> root-wrap failed probably a config error. might want to post your nova >>> configs with commenting out of passwords / service tokens. >>> >>> dnsmasq --strict-order --bind-interfaces --conf-file= --pid-file=/var/lib/nova/networks/nova-br100.pid --listen-address=192.168.22.1 --except-interface=lo --dhcp-range=set:demo-net,192.168.22.2,static,255.255.255.0,120s --dhcp-lease-max=256 --dhcp-hostsfile=/var/lib/nova/networks/nova-br100.conf --dhcp-script=/usr/bin/nova-dhcpbridge --leasefile-ro --domain=novalocal --no-hosts --addn-hosts=/var/lib/nova/networks/nova-br100.hosts >>> 2015-07-10 15:30:29.753 3044 TRACE oslo.messaging.rpc.dispatcher Exit code: 2 >>> >>> needs to run as root. exit code 2 is obviously pretty bad. so that NEEDs to be fixed. >>> >>> >>> >>> On Fri, Jul 10, 2015 at 3:25 PM, pra devOPS >>> wrote: >>> >>>> All: >>>> >>>> I get the following error when trying to create an instance in >>>> openstack icehouse centOS 7 on nova network. >>>> >>>> nova network logs and UI logs are pasted at: >>>> *http://paste.openstack.org/show/362706/ >>>> * >>>> >>>> >>>> >>>> Can somebdody give susggestiong? >>>> Thanks,Siva >>>> >>>> >>>> _______________________________________________ >>>> OpenStack-operators mailing list >>>> OpenStack-operators at lists.openstack.org >>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >>>> >>>> >>> >> > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From maishsk at maishsk.com Mon Jul 13 19:47:24 2015 From: maishsk at maishsk.com (Maish Saidel-Keesing) Date: Mon, 13 Jul 2015 22:47:24 +0300 Subject: [Openstack-operators] [tags] ops:ha tag request for feedback Message-ID: <55A415CC.6020003@maishsk.com> I would appreciate if you could all leave your comments and thoughts on the following patch [1]. Please be advised this is an initial version and your feedback is very much appreciated. [1] https://review.openstack.org/#/c/200128/1 -- Best Regards, Maish Saidel-Keesing From 16189455 at qq.com Tue Jul 14 05:17:04 2015 From: 16189455 at qq.com (16189455 at qq.com) Date: Tue, 14 Jul 2015 13:17:04 +0800 Subject: [Openstack-operators] How to configure security-port feature in Kilo ? Message-ID: <201507141317034698535@qq.com> Hi all, Recently I want to have a try of the feature security-port, but these is very few introduction. Could you give some help? Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From james.denton at rackspace.com Tue Jul 14 10:52:59 2015 From: james.denton at rackspace.com (James Denton) Date: Tue, 14 Jul 2015 10:52:59 +0000 Subject: [Openstack-operators] How to configure security-port feature in Kilo ? In-Reply-To: <201507141317034698535@qq.com> References: <201507141317034698535@qq.com> Message-ID: <1436871179089.38268@rackspace.com> In the /etc/neutron/plugins/ml2/ml2_conf.ini file, add the following under [ml2] and restart the neutron-server service: extension_drivers = port_security You may experience the following bugs upon enabling port security: https://bugs.launchpad.net/neutron/+bug/1461519 https://bugs.launchpad.net/neutron/+bug/1454148? If you can, remove all existing Neutron networks prior to enabling port security. Otherwise, you may be looking at some DB changes to get things working again. James ________________________________ From: 16189455 at qq.com <16189455 at qq.com> Sent: Tuesday, July 14, 2015 12:17 AM To: openstack-operators Subject: [Openstack-operators] How to configure security-port feature in Kilo ? Hi all, Recently I want to have a try of the feature security-port, but these is very few introduction. Could you give some help? Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From aishwarya.adyanthaya at accenture.com Tue Jul 14 11:43:57 2015 From: aishwarya.adyanthaya at accenture.com (aishwarya.adyanthaya at accenture.com) Date: Tue, 14 Jul 2015 11:43:57 +0000 Subject: [Openstack-operators] ubuntu instance upgrade and update Message-ID: Hi, I have come across a issue where I'm unable to do 'apt-get update && apt-get upgrade'. I tried pinging the openstack.org site but it gives me unknown host. So basically I'm unable to install anything from the outside world though I'm able to ping my openstack nodes. Previously I have been making use of the same Ubuntu images from my openstack and it didn't face the issue. I checked the /etc/resolv.conf file for the nameserver and the right one has been specified. Please point out on what to do to resolv this issue. Thank you, Aishwarya Adyanthaya ________________________________ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. ______________________________________________________________________________________ www.accenture.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From clayton at oneill.net Tue Jul 14 13:28:59 2015 From: clayton at oneill.net (Clayton O'Neill) Date: Tue, 14 Jul 2015 08:28:59 -0500 Subject: [Openstack-operators] How to configure security-port feature in Kilo ? In-Reply-To: <1436871179089.38268@rackspace.com> References: <201507141317034698535@qq.com> <1436871179089.38268@rackspace.com> Message-ID: Note that if you enable port-security when you upgrade to kilo you can avoid these issues. If you enable port-security after upgrading, it's a few pretty simple SQL commands to work around the bug below? described below. You can find them in the associated kilo upgrade db migration here: https://github.com/openstack/neutron/blob/master/neutron/db/migration/alembic_migrations/versions/35a0f3365720_add_port_security_in_ml2.py That said, I'd be glad to hear more about how to actually *use* the port security extension. It seems as if it can be used to turn off port security on a per port or per network basis. Is there any UI for this, or do you have to use the API? On Tue, Jul 14, 2015 at 5:52 AM, James Denton wrote: > In the /etc/neutron/plugins/ml2/ml2_conf.ini file, add the following > under [ml2] and restart the neutron-server service: > > > extension_drivers = port_security > > > You may experience the following bugs upon enabling port security: > > > https://bugs.launchpad.net/neutron/+bug/1461519 > > https://bugs.launchpad.net/neutron/+bug/1454148? > > > If you can, remove all existing Neutron networks prior to enabling port > security. Otherwise, you may be looking at some DB changes to get things > working again. > > > James > ------------------------------ > *From:* 16189455 at qq.com <16189455 at qq.com> > *Sent:* Tuesday, July 14, 2015 12:17 AM > *To:* openstack-operators > *Subject:* [Openstack-operators] How to configure security-port feature > in Kilo ? > > Hi all, > Recently I want to have a try of the feature security-port, but these > is very few introduction. Could you give some help? > Thank you. > > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From alvise.dorigo at pd.infn.it Tue Jul 14 14:38:02 2015 From: alvise.dorigo at pd.infn.it (Alvise Dorigo) Date: Tue, 14 Jul 2015 16:38:02 +0200 Subject: [Openstack-operators] Ceilometer client uses the wrong URL when contacting service Message-ID: <55A51ECA.3090204@pd.infn.it> Hi, I've setup an OpenStack IceHouse deployment with SSL. The Ceilometer service is registered in Keystone with the https endpoints: [root at controller-01 ~]# keystone endpoint-list|grep 8777 | 8c12e36a75454c5da92ac146630a7022 | regionOne | https://cloud-areapd-test.pd.infn.it:8777 | https://cloud-areapd-test.pd.infn.it:8777 | https://cloud-areapd-test.pd.infn.it:8777 | 8f765dc84a884786b0e95076a20f1c4c | When I select on the dashboard the menu "Resource usage", it hungs, and in the horizon.log file I see this error: 2015-07-14 14:27:03,899 9751 DEBUG ceilometerclient.common.http curl -i -X GET -H 'X-Auth-Token: 46778be5fbe2c753766b501314e6effa' -H 'Content-Type: application/json' -H 'Accept: application/json' -H 'User-Agent: python-ceilometerclient' http://90.147.77.250:8777/v2/meters Why ( and from where) the ceilometerclient is getting the wrong non-SSL endpoint http://90.147.77.250:8777/v2/meters ? I thought it would take that URL from the Keystone's endpoint catalog (which contains the correct https URLs); but it seems that it is not true. Could someone explain and help me to set it up correctly ? thanks, Alvise From ayoung at redhat.com Tue Jul 14 15:59:20 2015 From: ayoung at redhat.com (Adam Young) Date: Tue, 14 Jul 2015 11:59:20 -0400 Subject: [Openstack-operators] OSAD for RHEL In-Reply-To: <1436552750102.45275@RACKSPACE.COM> References: <7A20AC6B-28B1-405E-975E-2455AD23260F@gmail.com> <559DF998.8080605@redhat.com> <44CC9E4900D54CCABFC4E9B2F4CD13BD@dewey.ws> , <559EA21B.6090407@redhat.com> <1436552750102.45275@RACKSPACE.COM> Message-ID: <55A531D8.2040507@redhat.com> On 07/10/2015 02:25 PM, Kevin Carter wrote: > > To be clear the present OSAD project really has no intention to bring > package based installations of OpenStack. We'd certainly not reject > the idea and wouldn't mind having an implementation spec for it > but all of our current tooling and design principles have been based > on the fact that we've move away from distro packages and on to > upstream source as it pertains to OpenStack. The system as it stands > today creates an internal repository of built wheels for your > environment and all of the OpenStack services are installed within LXC > containers, where possible and it makes sense. The installation of > these bits comes from the internal wheel repository and uses pip and > all of the pre / post config happens within the Ansible playbooks. > I understand your frustration with the packaging approach. For a first approximation, getting the code for OpenStack/Python operations out of Pip makes sense. Ideally, we would be able to support both approaches. Red Hat would not support a pip based install, but I am sure some Centos base users would be happy with pip. We had the same general discussion around devstack. > > One issue that will become a problem, for users of RedHat > specifically, is the fact that RedHat has no LXC container templates > (at least none that are publicly available) and even if someone were > to make an official RedHat container template there'd be issues with > the containers being able to connect to the satellite servers as well > as other potential license problems. > I'd leave the issues with getting blessed RHEL LXC support to Red Hat. Making something that works for CentOS with publically available LXC containers there would be more what I expect from OSAD upstream. What about Fedora support? It seems to me that we would be far more likely to have something supportable with Fedora that could then be backported to CentOS? > > I've done some experimenting with a RedHat 7.1 hosts and CentOS 7 > containers and things seem to work OK but I'd not say that I have > really put a lot of effort into it. That said, if its something that > you'd all like to work on I'd be happy to help out to make it all go. > Sounds good. I'll give it a try after the Keystone Midcycle. > > -- > > Kevin Carter > ------------------------------------------------------------------------ > *From:* Adam Young > *Sent:* Thursday, July 9, 2015 11:32 AM > *To:* Kris G. Lindgren; John Dewey > *Cc:* openstack-operators at lists.openstack.org > *Subject:* Re: [Openstack-operators] OSAD for RHEL > On 07/09/2015 02:16 AM, Kris G. Lindgren wrote: >> Does OSP support running each service in an LXC container as well? >> What about nova-cells? How does it handle people who need to carry >> local changes? What is the upgrade path like with OSP? > > So, ignoring the Hypervisor for the moment, there is no reason that > the rest of the controllers can't run in separate Containers. I think > a container based deployment would be fantastic. > > venv is not really sufficient, as the system level binaries can still > conflict (MysQL and LDAP both require system libraries for Keystone, > for example) > > From an Ansible perspective; we need to be able to share the HTTPD > instance for Keystone and Apache, and getting that right will solve > most of the issues deploying in a secure manner. Putting Them on > separate hosts or containers should be a degenerate case, and thus be > supported, too. > > > > > > >> >> Asking, because in Philly the general consensus, I fel,t was people >> want to move away from the current system level package stuff and >> move towards: venv's, "lightweight packages", containers. The only >> reason that was brought up to keep packages around was to solve the >> non-python lib stuff and using a depsolver (yum/apt) that doesn't >> suck (pip). So I am pretty sure my wants are inline with what other >> people in the community are either already doing or moving towards. >> ___________________________________________ >> Kris Lindgren >> Senior Linux Systems Engineer >> GoDaddy, LLC. >> >> >> From: John Dewey > >> Date: Wednesday, July 8, 2015 at 11:43 PM >> To: "Kris G. Lindgren" > > >> Cc: Adam Young >, >> "openstack-operators at lists.openstack.org >> " >> > > >> Subject: Re: [Openstack-operators] OSAD for RHEL >> >> This would not be acceptable for those running OSP. >> >> On Wednesday, July 8, 2015 at 10:12 PM, Kris G. Lindgren wrote: >> >>> I should be more clear. My current thought is to have a venv packaged >>> inside an rpm - so the rpm includes the needed init scripts, ensures the >>> required system level binaries are installed, adds the users - ect ect. >>> But would be a single deployable autonomous unit. Also, have a >>> versioning >>> schema to roll forward and back between venvs for quick update/rollback. >>> We are already working on doing something similar to this to run kilo on >>> cent6 boxen, until we can finish revving the remaining parts of the >>> fleet >>> to cent7. >>> >>> My desire is to move away from using system level python & openstack >>> packages, so that I can possibly run mismatched versions if I need >>> to. We >>> had a need to run kilo ceilometer and juno neutron/nova on a single >>> server. The conflicting python requirements between those made that task >>> impossible. In general I want to get away from treating Openstack as a >>> single system that everything needs to be upgraded in lock step >>> (packages >>> force you into this). I want to move to being able to upgrade say >>> oslo.messaging to a newer version on just say nova on my control plane >>> servers. Or upgrade nova to kilo while keeping the rest of the system >>> (neutron) on juno. Unless I run each service in a vm/container or on a >>> physical piece of hardware that is pretty much impossible to do with >>> packages - outside of placing everything inside venv's. >>> >>> However, it is my understanding that OSAD already builds its own >>> python-wheels and runs those inside lxc containers. So I don?t really >>> follow what good throwing those into an rpm would really do? >>> ____________________________________________ >>> Kris Lindgren >>> Senior Linux Systems Engineer >>> GoDaddy, LLC. >>> >>> >>> On 7/8/15, 10:33 PM, "Adam Young" >> > wrote: >>> >>>> On 07/07/2015 05:55 PM, Kris G. Lindgren wrote: >>>>> +1 on RHEL support. I have some interest in moving away from packages >>>>> and >>>>> am interested in the OSAD tooling as well. >>>> >>>> I would not recommend an approach targetting RHEL that does not use >>>> packages. >>>> >>>> OSAD support for RHEL using packages would be an outstanding tool. >>>> >>>> Which way are you planning on taking it? >>>> >>>>> ____________________________________________ >>>>> Kris Lindgren >>>>> Senior Linux Systems Engineer >>>>> GoDaddy, LLC. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On 7/7/15, 3:38 PM, "Abel Lopez" >>>> > wrote: >>>>> >>>>>> Hey everyone, >>>>>> I've started looking at osad, and I like much of the direction it >>>>>> takes. >>>>>> I'm pretty interested in developing it to run on RHEL, I just >>>>>> wanted to >>>>>> check if anyone would be -2 opposed to that before I spend cycles on >>>>>> it. >>>>> >>>>> _______________________________________________ >>>>> OpenStack-operators mailing list >>>>> OpenStack-operators at lists.openstack.org >>>>> >>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >>>> >>>> >>>> _______________________________________________ >>>> OpenStack-operators mailing list >>>> OpenStack-operators at lists.openstack.org >>>> >>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >>> >>> >>> _______________________________________________ >>> OpenStack-operators mailing list >>> OpenStack-operators at lists.openstack.org >>> >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From doc at aedo.net Tue Jul 14 17:02:36 2015 From: doc at aedo.net (Christopher Aedo) Date: Tue, 14 Jul 2015 10:02:36 -0700 Subject: [Openstack-operators] Meeting Thursday July 16th at 17:00UTC Message-ID: Hello! Our next OpenStack App Catalog meeting will take place this Thursday July 16th at 17:00 UTC in #openstack-meeting-3 The agenda can be found here: https://wiki.openstack.org/wiki/Meetings/app-catalog Please add agenda items if there's anything specific you would like to discuss. For this weeks meeting my primary intention is to discuss the roadmap, everything we'd like to accomplish before the next summit, and determine who all will be helping get it done. Please join us if you can! From doc at aedo.net Tue Jul 14 17:14:40 2015 From: doc at aedo.net (Christopher Aedo) Date: Tue, 14 Jul 2015 10:14:40 -0700 Subject: [Openstack-operators] [app-catalog] IRC Meeting Thursday July 16th at 17:00UTC Message-ID: (Apologies for the re-send, missed the appropriate tag on the subject line!) Hello! Our next OpenStack App Catalog meeting will take place this Thursday July 16th at 17:00 UTC in #openstack-meeting-3 The agenda can be found here: https://wiki.openstack.org/wiki/Meetings/app-catalog Please add agenda items if there's anything specific you would like to discuss. For this weeks meeting my primary intention is to discuss the roadmap, everything we'd like to accomplish before the next summit, and determine who all will be helping get it done. Please join us if you can! From kevin.carter at RACKSPACE.COM Tue Jul 14 18:41:21 2015 From: kevin.carter at RACKSPACE.COM (Kevin Carter) Date: Tue, 14 Jul 2015 18:41:21 +0000 Subject: [Openstack-operators] OSAD for RHEL In-Reply-To: <55A531D8.2040507@redhat.com> References: <7A20AC6B-28B1-405E-975E-2455AD23260F@gmail.com> <559DF998.8080605@redhat.com> <44CC9E4900D54CCABFC4E9B2F4CD13BD@dewey.ws> ,<559EA21B.6090407@redhat.com> <1436552750102.45275@RACKSPACE.COM>,<55A531D8.2040507@redhat.com> Message-ID: <1436899281115.85866@RACKSPACE.COM> ? -- Kevin Carter Racker, Developer, Hacker @ The Rackspace Private Cloud. ________________________________ From: Adam Young Sent: Tuesday, July 14, 2015 10:59 AM To: Kevin Carter; Kris G. Lindgren; John Dewey Cc: openstack-operators at lists.openstack.org Subject: Re: [Openstack-operators] OSAD for RHEL On 07/10/2015 02:25 PM, Kevin Carter wrote: To be clear the present OSAD project really has no intention to bring package based installations of OpenStack. We'd certainly not reject the idea and wouldn't mind having an implementation spec for it but all of our current tooling and design principles have been based on the fact that we've move away from distro packages and on to upstream source as it pertains to OpenStack. The system as it stands today creates an internal repository of built wheels for your environment and all of the OpenStack services are installed within LXC containers, where possible and it makes sense. The installation of these bits comes from the internal wheel repository and uses pip and all of the pre / post config happens within the Ansible playbooks. I understand your frustration with the packaging approach. For a first approximation, getting the code for OpenStack/Python operations out of Pip makes sense. Ideally, we would be able to support both approaches. Red Hat would not support a pip based install, but I am sure some Centos base users would be happy with pip. We had the same general discussion around devstack. One issue that will become a problem, for users of RedHat specifically, is the fact that RedHat has no LXC container templates (at least none that are publicly available) and even if someone were to make an official RedHat container template there'd be issues with the containers being able to connect to the satellite servers as well as other potential license problems. I'd leave the issues with getting blessed RHEL LXC support to Red Hat. Making something that works for CentOS with publically available LXC containers there would be more what I expect from OSAD upstream. What about Fedora support? It seems to me that we would be far more likely to have something supportable with Fedora that could then be backported to CentOS? I've done some experimenting with a RedHat 7.1 hosts and CentOS 7 containers and things seem to work OK but I'd not say that I have really put a lot of effort into it. That said, if its something that you'd all like to work on I'd be happy to help out to make it all go. Sounds good. I'll give it a try after the Keystone Midcycle. -- Kevin Carter ________________________________ From: Adam Young Sent: Thursday, July 9, 2015 11:32 AM To: Kris G. Lindgren; John Dewey Cc: openstack-operators at lists.openstack.org Subject: Re: [Openstack-operators] OSAD for RHEL On 07/09/2015 02:16 AM, Kris G. Lindgren wrote: Does OSP support running each service in an LXC container as well? What about nova-cells? How does it handle people who need to carry local changes? What is the upgrade path like with OSP? So, ignoring the Hypervisor for the moment, there is no reason that the rest of the controllers can't run in separate Containers. I think a container based deployment would be fantastic. venv is not really sufficient, as the system level binaries can still conflict (MysQL and LDAP both require system libraries for Keystone, for example) From an Ansible perspective; we need to be able to share the HTTPD instance for Keystone and Apache, and getting that right will solve most of the issues deploying in a secure manner. Putting Them on separate hosts or containers should be a degenerate case, and thus be supported, too. Asking, because in Philly the general consensus, I fel,t was people want to move away from the current system level package stuff and move towards: venv's, "lightweight packages", containers. The only reason that was brought up to keep packages around was to solve the non-python lib stuff and using a depsolver (yum/apt) that doesn't suck (pip). So I am pretty sure my wants are inline with what other people in the community are either already doing or moving towards. ___________________________________________ Kris Lindgren Senior Linux Systems Engineer GoDaddy, LLC. From: John Dewey > Date: Wednesday, July 8, 2015 at 11:43 PM To: "Kris G. Lindgren" > Cc: Adam Young >, "openstack-operators at lists.openstack.org" > Subject: Re: [Openstack-operators] OSAD for RHEL This would not be acceptable for those running OSP. On Wednesday, July 8, 2015 at 10:12 PM, Kris G. Lindgren wrote: I should be more clear. My current thought is to have a venv packaged inside an rpm - so the rpm includes the needed init scripts, ensures the required system level binaries are installed, adds the users - ect ect. But would be a single deployable autonomous unit. Also, have a versioning schema to roll forward and back between venvs for quick update/rollback. We are already working on doing something similar to this to run kilo on cent6 boxen, until we can finish revving the remaining parts of the fleet to cent7. My desire is to move away from using system level python & openstack packages, so that I can possibly run mismatched versions if I need to. We had a need to run kilo ceilometer and juno neutron/nova on a single server. The conflicting python requirements between those made that task impossible. In general I want to get away from treating Openstack as a single system that everything needs to be upgraded in lock step (packages force you into this). I want to move to being able to upgrade say oslo.messaging to a newer version on just say nova on my control plane servers. Or upgrade nova to kilo while keeping the rest of the system (neutron) on juno. Unless I run each service in a vm/container or on a physical piece of hardware that is pretty much impossible to do with packages - outside of placing everything inside venv's. However, it is my understanding that OSAD already builds its own python-wheels and runs those inside lxc containers. So I don?t really follow what good throwing those into an rpm would really do? ____________________________________________ Kris Lindgren Senior Linux Systems Engineer GoDaddy, LLC. On 7/8/15, 10:33 PM, "Adam Young" > wrote: On 07/07/2015 05:55 PM, Kris G. Lindgren wrote: +1 on RHEL support. I have some interest in moving away from packages and am interested in the OSAD tooling as well. I would not recommend an approach targetting RHEL that does not use packages. OSAD support for RHEL using packages would be an outstanding tool. Which way are you planning on taking it? ____________________________________________ Kris Lindgren Senior Linux Systems Engineer GoDaddy, LLC. On 7/7/15, 3:38 PM, "Abel Lopez" > wrote: Hey everyone, I've started looking at osad, and I like much of the direction it takes. I'm pretty interested in developing it to run on RHEL, I just wanted to check if anyone would be -2 opposed to that before I spend cycles on it. _______________________________________________ OpenStack-operators mailing list OpenStack-operators at lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators _______________________________________________ OpenStack-operators mailing list OpenStack-operators at lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators _______________________________________________ OpenStack-operators mailing list OpenStack-operators at lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmoats at us.ibm.com Tue Jul 14 18:46:51 2015 From: rmoats at us.ibm.com (Ryan Moats) Date: Tue, 14 Jul 2015 13:46:51 -0500 Subject: [Openstack-operators] [Neutron] New etherpad for collecting Neutron instrumentation requirements Message-ID: <201507141847.t6EIlrxh029018@d01av01.pok.ibm.com> All- There is an effort getting underway to generate an RFE (request for enhancement), BPs and code changes to add instrumentation to neutron. An etherpad has been set up at https://etherpad.openstack.org/p/neutron-instrumentation to collect the type of information that would be useful to OpenStack operators. Please visit the page and add items that your organization feels would be useful to have instrumented in Neutron or +1 items that are already there. Feel free to fill in information on parts II (What to do with this instrumentation once we have it) and part III (How should Ceilometer talk to legacy systems) as well... Thanks in advance, Ryan Moats -------------- next part -------------- An HTML attachment was scrubbed... URL: From lauren at openstack.org Tue Jul 14 18:53:19 2015 From: lauren at openstack.org (Lauren Sell) Date: Tue, 14 Jul 2015 13:53:19 -0500 Subject: [Openstack-operators] [openstack-dev] [Openstack] Rescinding the M name decision In-Reply-To: <5D7F9996EA547448BC6C54C8C5AAF4E5010A2CC386@CERNXCHG44.cern.ch> References: <559D365B.8020506@inaugust.com> <559E74FB.2040305@metaswitch.com> <559E8699.8030203@redhat.com> <37CF409B-F4B5-4B13-ADFF-F6460D471238@jbryce.com> <5D7F9996EA547448BC6C54C8C5AAF4E5010A2CC386@CERNXCHG44.cern.ch> Message-ID: <93B396BC-E9FC-443C-8E9D-D13B26B50BAC@openstack.org> Good news. After finalizing the trademark checks and giving the community time to weigh in, Mitaka will be the name of the M release. Thanks again for the great discussion around this topic, and for the willingness to be responsive to the concerns of fellow community members. > On Jul 9, 2015, at 2:18 PM, Tim Bell wrote: > > Feel free to give input on the Mitaka proposal. > > Tim > >> -----Original Message----- >> From: Jonathan Bryce [mailto:jbryce at jbryce.com] >> Sent: 09 July 2015 20:52 >> To: OpenStack Development Mailing List (not for usage questions) >> Subject: Re: [openstack-dev] [Openstack] Rescinding the M name decision >> >>> On Jul 9, 2015, at 9:35 AM, Russell Bryant wrote: >>> >>> On 07/09/2015 09:19 AM, Neil Jerram wrote: >>>> In the hope of forestalling an unnecessary sub-thread... >>>> >>>> Mita was #1 in the vote, so has presumably already been ruled out by >>>> OpenStack's legal review. >>> >>> That is correct. >> >> >> Hi everyone, >> >> I?ve really loved seeing everyone?s understanding and engagement on this >> thread as we worked through the release cycle naming for ?M?. This was the >> first attempt to follow a new process, so not surprisingly, we found some >> improvements in the algorithm for the future. Still it?s awesome to see how >> constructive and positive the whole conversation has been. >> >> I wanted to provide a quick update on the status of the Foundation?s >> reviews of the names. First, as Russell mentioned above, after the voting >> was completed, we asked our trademark counsel to do checks on the top 3 >> names. The first two both had significant trademark issues with existing >> trademark holders in the same space that would have prevented us from >> using the names in most jurisdictions where we have our largest >> communities (US, Europe and Asia). The 3rd choice was relatively low risk >> and so we passed word back to Monty who announced it. Once we realized >> there were other issues with Meiji, we asked for an expedited check of the >> next 3 names: Mitaka, Musashi, and Meguro. The preliminary check shows >> that Mitaka and Meguro both present an acceptable level of risk, while >> Musashi is higher on the risk scale and would probably create problems for >> usage. >> >> At this time, we?re going to do a deeper check on Mitaka, which was the #4 >> candidate in voting and would be next in line after Meiji. I know Itoh-san >> mentioned the Mitaka locale has the potential to be associated with certain >> corporations in Japan, but my personal feeling is that may not be significant >> enough to override it?s position in the voting and it?s availability for use. >> >> I?d encourage anyone with other concerns about Mitaka to post those >> within the next 24 hours so we can appropriately consider and discuss >> them. We should have results on the deeper trademark check by next week >> as well and can hopefully settle on a final name. >> >> Thanks again for all the discussion and participation and especially to >> Monty who?s been on the front lines of helping us navigate this. Feel free to >> let me know if you have any other questions, >> >> Jonathan >> 210-317-2438 >> >> >> __________________________________________________________ >> ________________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: OpenStack-dev- >> request at lists.openstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev From kevin.carter at RACKSPACE.COM Tue Jul 14 19:01:41 2015 From: kevin.carter at RACKSPACE.COM (Kevin Carter) Date: Tue, 14 Jul 2015 19:01:41 +0000 Subject: [Openstack-operators] OSAD for RHEL In-Reply-To: <55A531D8.2040507@redhat.com> References: <7A20AC6B-28B1-405E-975E-2455AD23260F@gmail.com> <559DF998.8080605@redhat.com> <44CC9E4900D54CCABFC4E9B2F4CD13BD@dewey.ws> ,<559EA21B.6090407@redhat.com> <1436552750102.45275@RACKSPACE.COM>,<55A531D8.2040507@redhat.com> Message-ID: <1436900500710.26115@RACKSPACE.COM> ?Sorry for the blank reply, hot keys got the better of me :) @Adam Are there any plans to create a publicly available LXC template that we could used by others and when you say "I'd leave the issues with getting blessed RHEL LXC support to Red Hat?" do you imaging RedHat providing images/templates to deployers wanting to deploy on RHEL?? I noticed that the LXC tooling that RedHat provides is old and while functional its not using the lxc python 3 clients or libraries. Are there any plans to repack LXC using the available py3m packages that are in RHEL7.1? In terms of pip vs rpm/deb packages are there things that RedHat will not specifically support when using pip? Is it that any use of pip would invalidate general RHEL host support? I ask because we already have all of the tooling to support a source based deployment which has the ability to do rolling upgrades and while I've only experimented with adding RedHat as base host OS (tested using RHEL 7/7.1) it shouldn't be a huge forklift to get that work done though adding in distinct code paths for deployments powered by packages would be a lot more work. As for Fedora support, I dont think thats far off once we have a base RHEL/CentOS7 system running. -- Kevin ________________________________ From: Adam Young Sent: Tuesday, July 14, 2015 10:59 AM To: Kevin Carter; Kris G. Lindgren; John Dewey Cc: openstack-operators at lists.openstack.org Subject: Re: [Openstack-operators] OSAD for RHEL On 07/10/2015 02:25 PM, Kevin Carter wrote: To be clear the present OSAD project really has no intention to bring package based installations of OpenStack. We'd certainly not reject the idea and wouldn't mind having an implementation spec for it but all of our current tooling and design principles have been based on the fact that we've move away from distro packages and on to upstream source as it pertains to OpenStack. The system as it stands today creates an internal repository of built wheels for your environment and all of the OpenStack services are installed within LXC containers, where possible and it makes sense. The installation of these bits comes from the internal wheel repository and uses pip and all of the pre / post config happens within the Ansible playbooks. I understand your frustration with the packaging approach. For a first approximation, getting the code for OpenStack/Python operations out of Pip makes sense. Ideally, we would be able to support both approaches. Red Hat would not support a pip based install, but I am sure some Centos base users would be happy with pip. We had the same general discussion around devstack. One issue that will become a problem, for users of RedHat specifically, is the fact that RedHat has no LXC container templates (at least none that are publicly available) and even if someone were to make an official RedHat container template there'd be issues with the containers being able to connect to the satellite servers as well as other potential license problems. I'd leave the issues with getting blessed RHEL LXC support to Red Hat. Making something that works for CentOS with publically available LXC containers there would be more what I expect from OSAD upstream. What about Fedora support? It seems to me that we would be far more likely to have something supportable with Fedora that could then be backported to CentOS? I've done some experimenting with a RedHat 7.1 hosts and CentOS 7 containers and things seem to work OK but I'd not say that I have really put a lot of effort into it. That said, if its something that you'd all like to work on I'd be happy to help out to make it all go. Sounds good. I'll give it a try after the Keystone Midcycle. -- Kevin Carter ________________________________ From: Adam Young Sent: Thursday, July 9, 2015 11:32 AM To: Kris G. Lindgren; John Dewey Cc: openstack-operators at lists.openstack.org Subject: Re: [Openstack-operators] OSAD for RHEL On 07/09/2015 02:16 AM, Kris G. Lindgren wrote: Does OSP support running each service in an LXC container as well? What about nova-cells? How does it handle people who need to carry local changes? What is the upgrade path like with OSP? So, ignoring the Hypervisor for the moment, there is no reason that the rest of the controllers can't run in separate Containers. I think a container based deployment would be fantastic. venv is not really sufficient, as the system level binaries can still conflict (MysQL and LDAP both require system libraries for Keystone, for example) From an Ansible perspective; we need to be able to share the HTTPD instance for Keystone and Apache, and getting that right will solve most of the issues deploying in a secure manner. Putting Them on separate hosts or containers should be a degenerate case, and thus be supported, too. Asking, because in Philly the general consensus, I fel,t was people want to move away from the current system level package stuff and move towards: venv's, "lightweight packages", containers. The only reason that was brought up to keep packages around was to solve the non-python lib stuff and using a depsolver (yum/apt) that doesn't suck (pip). So I am pretty sure my wants are inline with what other people in the community are either already doing or moving towards. ___________________________________________ Kris Lindgren Senior Linux Systems Engineer GoDaddy, LLC. From: John Dewey > Date: Wednesday, July 8, 2015 at 11:43 PM To: "Kris G. Lindgren" > Cc: Adam Young >, "openstack-operators at lists.openstack.org" > Subject: Re: [Openstack-operators] OSAD for RHEL This would not be acceptable for those running OSP. On Wednesday, July 8, 2015 at 10:12 PM, Kris G. Lindgren wrote: I should be more clear. My current thought is to have a venv packaged inside an rpm - so the rpm includes the needed init scripts, ensures the required system level binaries are installed, adds the users - ect ect. But would be a single deployable autonomous unit. Also, have a versioning schema to roll forward and back between venvs for quick update/rollback. We are already working on doing something similar to this to run kilo on cent6 boxen, until we can finish revving the remaining parts of the fleet to cent7. My desire is to move away from using system level python & openstack packages, so that I can possibly run mismatched versions if I need to. We had a need to run kilo ceilometer and juno neutron/nova on a single server. The conflicting python requirements between those made that task impossible. In general I want to get away from treating Openstack as a single system that everything needs to be upgraded in lock step (packages force you into this). I want to move to being able to upgrade say oslo.messaging to a newer version on just say nova on my control plane servers. Or upgrade nova to kilo while keeping the rest of the system (neutron) on juno. Unless I run each service in a vm/container or on a physical piece of hardware that is pretty much impossible to do with packages - outside of placing everything inside venv's. However, it is my understanding that OSAD already builds its own python-wheels and runs those inside lxc containers. So I don?t really follow what good throwing those into an rpm would really do? ____________________________________________ Kris Lindgren Senior Linux Systems Engineer GoDaddy, LLC. On 7/8/15, 10:33 PM, "Adam Young" > wrote: On 07/07/2015 05:55 PM, Kris G. Lindgren wrote: +1 on RHEL support. I have some interest in moving away from packages and am interested in the OSAD tooling as well. I would not recommend an approach targetting RHEL that does not use packages. OSAD support for RHEL using packages would be an outstanding tool. Which way are you planning on taking it? ____________________________________________ Kris Lindgren Senior Linux Systems Engineer GoDaddy, LLC. On 7/7/15, 3:38 PM, "Abel Lopez" > wrote: Hey everyone, I've started looking at osad, and I like much of the direction it takes. I'm pretty interested in developing it to run on RHEL, I just wanted to check if anyone would be -2 opposed to that before I spend cycles on it. _______________________________________________ OpenStack-operators mailing list OpenStack-operators at lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators _______________________________________________ OpenStack-operators mailing list OpenStack-operators at lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators _______________________________________________ OpenStack-operators mailing list OpenStack-operators at lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -------------- next part -------------- An HTML attachment was scrubbed... URL: From siv.devops at gmail.com Tue Jul 14 23:46:33 2015 From: siv.devops at gmail.com (pra devOPS) Date: Tue, 14 Jul 2015 16:46:33 -0700 Subject: [Openstack-operators] FAiled to create instance wiht openstack nova network In-Reply-To: References: Message-ID: Hi All: I was able to spin up instances on openstack (all in one , Icehouse). Got the ips able to connect it to the ips with floating ips. from the floating ip network i am able to connect to the machines. Now I want this vms talk outside the host on which they are hosted? How can I do that? Thanks, Dev On Mon, Jul 13, 2015 at 12:07 PM, pra devOPS wrote: > > Can somebody suggest me on the below? > > Thanks, > Dev > > On Fri, Jul 10, 2015 at 4:32 PM, pra devOPS wrote: > >> Hi >> >> I am running as root, Please find below the nova config file. ( I am >> using nova network) >> >> http://paste.openstack.org/show/363300/ >> >> Thanks, >> Dev >> >> On Fri, Jul 10, 2015 at 1:30 PM, matt wrote: >> >>> root-wrap failed probably a config error. might want to post your nova >>> configs with commenting out of passwords / service tokens. >>> >>> dnsmasq --strict-order --bind-interfaces --conf-file= --pid-file=/var/lib/nova/networks/nova-br100.pid --listen-address=192.168.22.1 --except-interface=lo --dhcp-range=set:demo-net,192.168.22.2,static,255.255.255.0,120s --dhcp-lease-max=256 --dhcp-hostsfile=/var/lib/nova/networks/nova-br100.conf --dhcp-script=/usr/bin/nova-dhcpbridge --leasefile-ro --domain=novalocal --no-hosts --addn-hosts=/var/lib/nova/networks/nova-br100.hosts >>> 2015-07-10 15:30:29.753 3044 TRACE oslo.messaging.rpc.dispatcher Exit code: 2 >>> >>> needs to run as root. exit code 2 is obviously pretty bad. so that NEEDs to be fixed. >>> >>> >>> >>> On Fri, Jul 10, 2015 at 3:25 PM, pra devOPS >>> wrote: >>> >>>> All: >>>> >>>> I get the following error when trying to create an instance in >>>> openstack icehouse centOS 7 on nova network. >>>> >>>> nova network logs and UI logs are pasted at: >>>> *http://paste.openstack.org/show/362706/ >>>> * >>>> >>>> >>>> >>>> Can somebdody give susggestiong? >>>> Thanks,Siva >>>> >>>> >>>> _______________________________________________ >>>> OpenStack-operators mailing list >>>> OpenStack-operators at lists.openstack.org >>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >>>> >>>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tom at openstack.org Wed Jul 15 08:13:06 2015 From: tom at openstack.org (Tom Fifield) Date: Wed, 15 Jul 2015 16:13:06 +0800 Subject: [Openstack-operators] Scaling the Ops Meetup In-Reply-To: <559396C5.3080104@openstack.org> References: <55921C03.5060303@openstack.org> <559396C5.3080104@openstack.org> Message-ID: <55A61612.10905@openstack.org> Hi all, On 01/07/15 15:29, Tom Fifield wrote: > =Open Questions= ... > * What are the costs involved in hosting one of these events? Thanks to our wonderful sponsors (any inaccuracies or estimates are mine), I got permission to post some rough cost information for the past events, as requested: =1. San Jose= San Jose was hosted by eBay/Paypal who catered breakfast and brought in pizza for lunch. # Attendees: 40-50 Venue cost: $0 Food cost: $1000 Signage/misc: $0 Total per head: ~$20/head Evening Event: $1000 =2. San Antonio= San Antonio was hosted by Rackspace over two days who brought in breakfast and pizza/food trucks for lunch. # Attendees: 80-100 Venue cost: $1100 (security, AV) Food cost: $2000 Signage/misc: $300 Total per head: ~$33/head Evening Event: $1500 =3. Philadelphia= Philadelphia was our first meetup held in a commercial venue, after we ran out of space to host it at Comcast and had to move it at the last minute. Two day event. # Attendees: 125 Venue cost: $20,569 venue+food Food cost: - Signage/misc: $320 Total per head: ~$165/head Evening Event: $3000 Regards, Tom > > > Regards, > > > Tom > > > > > On 30/06/15 12:33, Tom Fifield wrote: >> Hi all, >> >> Right now, behind-the-scenes, we're working on getting a venue for next >> ops mid-cycle. It's taking a little longer than normal, but rest assured >> it is happening. >> >> Why is it so difficult? As you may have noticed, we're reaching the size >> of event where both physically and financially, only the largest >> organisations can host us. >> >> We thought we might get away with organising this one old-school with a >> single host and sponsor. Then, for the next, start a brainstorming >> discussion with you about how we scale these events into the future - >> since once we get up and beyond a few hundred people, we're looking at >> having to hire a venue as well as make some changes to the format of the >> event. >> >> However, it seems that even this might be too late. We already had a >> company that proposed to host the meetup at a west coast US hotel >> instead of their place, and wanted to scope out other companies to >> sponsor food. >> >> This would be a change in the model, so let's commence the discussion of >> how we want to scale this event :) >> >> So far I've heard things like: >> * "my $CORPORATE_BENEFACTOR would be fine to share sponsorship with others" >> * "I really don't want to get to the point where we want booths at the >> ops meetup" >> >> Which are promising! It seems like we have a shared understanding of >> what to take this forward with. >> >> So, as the ops meetup grows - what would it look like for you? >> >> How do you think we can manage the venue selection and financial side of >> things? What about the session layout and the scheduling with the >> growing numbers of attendees? >> >> Current data can be found at >> https://wiki.openstack.org/wiki/Operations/Meetups#Venue_Selection . >> >> I would also be interested in your thoughts about how these events have >> only been in a limited geographical area so far, and how we can address >> that issue. >> >> >> Regards, >> >> >> Tom >> >> >> >> _______________________________________________ >> OpenStack-operators mailing list >> OpenStack-operators at lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > From pgsousa at gmail.com Wed Jul 15 09:41:24 2015 From: pgsousa at gmail.com (Pedro Sousa) Date: Wed, 15 Jul 2015 10:41:24 +0100 Subject: [Openstack-operators] Neutron LBaaS HA in KIlo? Message-ID: Hi all, can anybody clarify if Neutron LBaaS Agent has HA support in Kilo? Regards, Pedro Sousa -------------- next part -------------- An HTML attachment was scrubbed... URL: From sgordon at redhat.com Wed Jul 15 11:35:40 2015 From: sgordon at redhat.com (Steve Gordon) Date: Wed, 15 Jul 2015 07:35:40 -0400 (EDT) Subject: [Openstack-operators] [NFV][Telco] July 15th meeting cancelled In-Reply-To: <1359242925.36667811.1436960055894.JavaMail.zimbra@redhat.com> Message-ID: <956518221.36668628.1436960140566.JavaMail.zimbra@redhat.com> Hi all, I'm unable to make the meeting today and was unable to get an alternative facilitator to run the meeting, as such it is canceled. Please note that I am still seeking comment on: [Openstack-operators] [nfv][telco] On-going management of telcowg-usecases repository http://lists.openstack.org/pipermail/openstack-operators/2015-July/007611.html As always outstanding reviews are here: https://review.openstack.org/#/q/status:open+project:stackforge/telcowg-usecases,n,z Thanks, Steve From mvanwink at rackspace.com Wed Jul 15 14:06:55 2015 From: mvanwink at rackspace.com (Matt Van Winkle) Date: Wed, 15 Jul 2015 14:06:55 +0000 Subject: [Openstack-operators] [Large Deployments Team] A few Housekeeping items In-Reply-To: References: Message-ID: Looks like the winner is next Friday (late Thursday US, Friday UTC) the 24th at 03:00 UTC. I'll update wiki's and such. See you all in #openstack-operators on the 23rd/24th. Thanks! Matt From: Matt Van Winkle > Date: Friday, July 10, 2015 7:14 AM To: "openstack-operators at lists.openstack.org" > Subject: [Openstack-operators] [Large Deployments Team] A few Housekeeping items Hey folks, Following our discussions in YVR, and in the last monthly meeting, we have a few things related to meetings to work on. 1. Because the new gerrit based meeting scheuler doesn't handle monthly meetings, we made the move in June to #openstack-operators. This seemed to work quite we'll, and unless anyone has any objections, we'll keep it that way going forward. 2. We need to pick and official time for the APAC friendly meeting time on the alternating months - January, March, May, July, Sepetember and November. I've set up the following poll for that - http://doodle.com/cpug2c3xypnk5aep 3. For this month, I posted two options - next Thursday (we normally target the 3rd Thursday) or the following since there are 5 Thursdays in July. I'll pick the most popular vote by Monday for this months and the most popular time slot between both options for the official time going forward. I'll make sure the later is reflected here - https://wiki.openstack.org/wiki/Meetings/LDT Overall, things are going quite well. We are actually seeing an active feedback loop that started with our discussion of network segmentation in YVR, led to combined LDT and Neutron dev interaction in the last meeting, involved gathering use cases following that and ultimately, had members of the LDT form GoDaddy in the Neutron mid-cycle. This is exactly what we wanted to see happen with the creation of this team. Great work all! A good portion of this month's meeting will be getting caught up on where we are with this particular feedback loop. As always, please let me know if you have any questions or concerns. Thanks! Matt -------------- next part -------------- An HTML attachment was scrubbed... URL: From adam.huffman at gmail.com Wed Jul 15 15:24:02 2015 From: adam.huffman at gmail.com (Adam Huffman) Date: Wed, 15 Jul 2015 16:24:02 +0100 Subject: [Openstack-operators] Outbound and inbound external access for projects Message-ID: Hello We're at the stage of working out how to integrate our Icehouse system with the external network, using Neutron. We have a limited set of public IPs available for inbound access, and we'd also like to make outbound access optional, in case some projects want to be completely isolated. One suggestion is as follows: - each project is allocated a single /24 VLAN - within this VLAN, there are 2 subnets - the first subnet (/25) would be for outbound access, using floating IPs - the second (/25) subnet would be for inbound access, drawing from the limited public pool, also with floating IPs Does that sound sensible/feasible? The Cisco hardware that's providing the route to the external network has constraints in the numbers of VLANs it will support, so we prefer this approach to having separate per-project VLANs for outbound and inbound access. If there's a different way of achieving this, I'd be interested to hear that too. Cheers, Adam From kevinbri at cisco.com Wed Jul 15 15:42:59 2015 From: kevinbri at cisco.com (Kevin Bringard (kevinbri)) Date: Wed, 15 Jul 2015 15:42:59 +0000 Subject: [Openstack-operators] Outbound and inbound external access for projects In-Reply-To: References: Message-ID: You don't need "per project vlans" for inbound and outbound access. Public Ips only need a single VLAN between the logical routers (net-hosts/l3-agent hosts) and their next hop... It's the internal networks which require multiple VLANs if you wish to do such a thing, and those VLANs are only necessary on your internal switches. Alternatively you can use GRE or STT or some other segregation method and avoid the VLAN cap altogether (on internal networks). Basically, the flow looks like so: Internet -> Floating IP (hosted on your logical router host... All a single "public VLAN") -> NAT translation to internal tenant subnet (and tagged with the "internal OVS VLAN" -> VLAN translation flow (if it needs to go to the wire) tags the packet with the VLAN assigned to the tenant's subnet (or goes over the requisite GRE tunnel) -> ... It's kind of complicated, I know, but hopefully that helps some? Or perhaps I just misunderstood your scenario/question, which is also entirely possible :-D On 7/15/15, 9:24 AM, "Adam Huffman" wrote: >Hello > >We're at the stage of working out how to integrate our Icehouse system >with the external network, using Neutron. > >We have a limited set of public IPs available for inbound access, and >we'd also like to make outbound access optional, in case some projects >want to be completely isolated. > >One suggestion is as follows: > >- each project is allocated a single /24 VLAN > >- within this VLAN, there are 2 subnets > >- the first subnet (/25) would be for outbound access, using floating IPs > >- the second (/25) subnet would be for inbound access, drawing from >the limited public pool, also with floating IPs > >Does that sound sensible/feasible? The Cisco hardware that's providing >the route to the external network has constraints in the numbers of >VLANs it will support, so we prefer this approach to having separate >per-project VLANs for outbound and inbound access. > >If there's a different way of achieving this, I'd be interested to >hear that too. > > >Cheers, >Adam > >_______________________________________________ >OpenStack-operators mailing list >OpenStack-operators at lists.openstack.org >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators From siv.devops at gmail.com Wed Jul 15 17:29:57 2015 From: siv.devops at gmail.com (pra devOPS) Date: Wed, 15 Jul 2015 10:29:57 -0700 Subject: [Openstack-operators] FAiled to create instance wiht openstack nova network In-Reply-To: References: Message-ID: Solved this i am able to ping the outside world now. by defualt openstack is adding a bridge br100 on physical interface that is configured in flat_interface directive , But that interface is blocking at the switch, I manually removed that interface from the bridge br100 but vnet0 ( is stil lthere which openstack ) uses to communicate with the instances. All things seems to be working fine now. Thanks, Dev On Tue, Jul 14, 2015 at 4:46 PM, pra devOPS wrote: > Hi All: > > I was able to spin up instances on openstack (all in one , Icehouse). Got > the ips able to connect it to the ips with floating ips. > > from the floating ip network i am able to connect to the machines. Now I > want this vms talk outside the host on which they are hosted? > > How can I do that? > > Thanks, > Dev > > On Mon, Jul 13, 2015 at 12:07 PM, pra devOPS wrote: > >> >> Can somebody suggest me on the below? >> >> Thanks, >> Dev >> >> On Fri, Jul 10, 2015 at 4:32 PM, pra devOPS wrote: >> >>> Hi >>> >>> I am running as root, Please find below the nova config file. ( I am >>> using nova network) >>> >>> http://paste.openstack.org/show/363300/ >>> >>> Thanks, >>> Dev >>> >>> On Fri, Jul 10, 2015 at 1:30 PM, matt wrote: >>> >>>> root-wrap failed probably a config error. might want to post your nova >>>> configs with commenting out of passwords / service tokens. >>>> >>>> dnsmasq --strict-order --bind-interfaces --conf-file= --pid-file=/var/lib/nova/networks/nova-br100.pid --listen-address=192.168.22.1 --except-interface=lo --dhcp-range=set:demo-net,192.168.22.2,static,255.255.255.0,120s --dhcp-lease-max=256 --dhcp-hostsfile=/var/lib/nova/networks/nova-br100.conf --dhcp-script=/usr/bin/nova-dhcpbridge --leasefile-ro --domain=novalocal --no-hosts --addn-hosts=/var/lib/nova/networks/nova-br100.hosts >>>> 2015-07-10 15:30:29.753 3044 TRACE oslo.messaging.rpc.dispatcher Exit code: 2 >>>> >>>> needs to run as root. exit code 2 is obviously pretty bad. so that NEEDs to be fixed. >>>> >>>> >>>> >>>> On Fri, Jul 10, 2015 at 3:25 PM, pra devOPS >>>> wrote: >>>> >>>>> All: >>>>> >>>>> I get the following error when trying to create an instance in >>>>> openstack icehouse centOS 7 on nova network. >>>>> >>>>> nova network logs and UI logs are pasted at: >>>>> *http://paste.openstack.org/show/362706/ >>>>> * >>>>> >>>>> >>>>> >>>>> Can somebdody give susggestiong? >>>>> Thanks,Siva >>>>> >>>>> >>>>> _______________________________________________ >>>>> OpenStack-operators mailing list >>>>> OpenStack-operators at lists.openstack.org >>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >>>>> >>>>> >>>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at nycresistor.com Wed Jul 15 17:49:35 2015 From: matt at nycresistor.com (matt) Date: Wed, 15 Jul 2015 13:49:35 -0400 Subject: [Openstack-operators] FAiled to create instance wiht openstack nova network In-Reply-To: References: Message-ID: That doesn't seem like a good solution. On Wed, Jul 15, 2015 at 1:29 PM, pra devOPS wrote: > Solved this i am able to ping the outside world now. > > by defualt openstack is adding a bridge br100 on physical interface that > is configured in flat_interface directive , But that interface is blocking > at the switch, I manually removed that interface from the bridge br100 but > vnet0 ( is stil lthere which openstack ) uses to communicate with the > instances. > > All things seems to be working fine now. > > > Thanks, > Dev > > On Tue, Jul 14, 2015 at 4:46 PM, pra devOPS wrote: > >> Hi All: >> >> I was able to spin up instances on openstack (all in one , Icehouse). Got >> the ips able to connect it to the ips with floating ips. >> >> from the floating ip network i am able to connect to the machines. Now I >> want this vms talk outside the host on which they are hosted? >> >> How can I do that? >> >> Thanks, >> Dev >> >> On Mon, Jul 13, 2015 at 12:07 PM, pra devOPS >> wrote: >> >>> >>> Can somebody suggest me on the below? >>> >>> Thanks, >>> Dev >>> >>> On Fri, Jul 10, 2015 at 4:32 PM, pra devOPS >>> wrote: >>> >>>> Hi >>>> >>>> I am running as root, Please find below the nova config file. ( I am >>>> using nova network) >>>> >>>> http://paste.openstack.org/show/363300/ >>>> >>>> Thanks, >>>> Dev >>>> >>>> On Fri, Jul 10, 2015 at 1:30 PM, matt wrote: >>>> >>>>> root-wrap failed probably a config error. might want to post your >>>>> nova configs with commenting out of passwords / service tokens. >>>>> >>>>> dnsmasq --strict-order --bind-interfaces --conf-file= --pid-file=/var/lib/nova/networks/nova-br100.pid --listen-address=192.168.22.1 --except-interface=lo --dhcp-range=set:demo-net,192.168.22.2,static,255.255.255.0,120s --dhcp-lease-max=256 --dhcp-hostsfile=/var/lib/nova/networks/nova-br100.conf --dhcp-script=/usr/bin/nova-dhcpbridge --leasefile-ro --domain=novalocal --no-hosts --addn-hosts=/var/lib/nova/networks/nova-br100.hosts >>>>> 2015-07-10 15:30:29.753 3044 TRACE oslo.messaging.rpc.dispatcher Exit code: 2 >>>>> >>>>> needs to run as root. exit code 2 is obviously pretty bad. so that NEEDs to be fixed. >>>>> >>>>> >>>>> >>>>> On Fri, Jul 10, 2015 at 3:25 PM, pra devOPS >>>>> wrote: >>>>> >>>>>> All: >>>>>> >>>>>> I get the following error when trying to create an instance in >>>>>> openstack icehouse centOS 7 on nova network. >>>>>> >>>>>> nova network logs and UI logs are pasted at: >>>>>> *http://paste.openstack.org/show/362706/ >>>>>> * >>>>>> >>>>>> >>>>>> >>>>>> Can somebdody give susggestiong? >>>>>> Thanks,Siva >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> OpenStack-operators mailing list >>>>>> OpenStack-operators at lists.openstack.org >>>>>> >>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >>>>>> >>>>>> >>>>> >>>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From sgordon at redhat.com Thu Jul 16 02:22:18 2015 From: sgordon at redhat.com (Steve Gordon) Date: Wed, 15 Jul 2015 22:22:18 -0400 (EDT) Subject: [Openstack-operators] [openstack-dev] July 15th meeting cancelled In-Reply-To: References: <1359242925.36667811.1436960055894.JavaMail.zimbra@redhat.com> <956518221.36668628.1436960140566.JavaMail.zimbra@redhat.com> Message-ID: <1210274983.37067126.1437013338694.JavaMail.zimbra@redhat.com> ----- Original Message ----- > From: "Calum Loudon" > To: "OpenStack Development Mailing List (not for usage questions)" > > Hi Steve > > I missed the linked mail as it was sent to the openstack-operators list, not > openstack-dev - was that intentional? Sort of, in that the use case definition work is primarily an operators activity rather than a development one as such. The other issue with cross-posting is that we end up with a split thread across the two (or more lists), though in this case I did not get any on list responses though I did get several off list responses suggesting variations of: 1) Move focus away from the telcowg-usecases repository in favor of the productwg user stories repository currently being created. 2) Move focus away from the telcowg-usecases repository in favor of backlog spec and/or RFE processes for projects that support them. 3) Move the telcowg-usecases repository into the openstack namespace as proposed but do so under the governance of the user committee rather than the TC. I record these here simply for the purposes of transparency, obviously we need to discuss as a team which if any of these is appropriate in addition to or instead of the actions I proposed in the previous email. > On the substance of the mail, +1 to adding Daniel and Yuriy to the core > reviewers list. Thanks for the feedback on this. -Steve > cheers > > Calum > > -----Original Message----- > From: Steve Gordon [mailto:sgordon at redhat.com] > Sent: 15 July 2015 12:36 > To: openstack-operators; OpenStack Development Mailing List (not for usage > questions) > Subject: [openstack-dev] [NFV][Telco] July 15th meeting cancelled > > Hi all, > > I'm unable to make the meeting today and was unable to get an alternative > facilitator to run the meeting, as such it is canceled. Please note that I > am still seeking comment on: > > [Openstack-operators] [nfv][telco] On-going management of > telcowg-usecases repository > http://lists.openstack.org/pipermail/openstack-operators/2015-July/007611.html > > As always outstanding reviews are here: > > https://review.openstack.org/#/q/status:open+project:stackforge/telcowg-usecases,n,z > > Thanks,Steve > > Steve > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- Steve Gordon, RHCE Sr. Technical Product Manager, Red Hat Enterprise Linux OpenStack Platform From 16189455 at qq.com Thu Jul 16 03:14:10 2015 From: 16189455 at qq.com (=?gb18030?B?09q94A==?=) Date: Thu, 16 Jul 2015 11:14:10 +0800 Subject: [Openstack-operators] How to configure security-port feature in Kilo ? Message-ID: Hi Clayton, Thank you for your reply. Recently our team used a VM as LVS, the rule in iptables will DROP the invalid message which makes the LVS could not work successfully. So we want to use security-port to complete it. The API requirement is not clear. And BTW, dose icehouse support security-port? Thanks. ------------------ Original ------------------ From: "openstack-operators-request";; Date: Wed, Jul 15, 2015 05:41 PM To: "openstack-operators"; Subject: OpenStack-operators Digest, Vol 57, Issue 19 Send OpenStack-operators mailing list submissions to openstack-operators at lists.openstack.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators or, via email, send a message with subject or body 'help' to openstack-operators-request at lists.openstack.org You can reach the person managing the list at openstack-operators-owner at lists.openstack.org When replying, please edit your Subject line so it is more specific than "Re: Contents of OpenStack-operators digest..." Today's Topics: 1. Re: How to configure security-port feature in Kilo ? (Clayton O'Neill) 2. Ceilometer client uses the wrong URL when contacting service (Alvise Dorigo) 3. Re: OSAD for RHEL (Adam Young) 4. Meeting Thursday July 16th at 17:00UTC (Christopher Aedo) 5. [app-catalog] IRC Meeting Thursday July 16th at 17:00UTC (Christopher Aedo) 6. Re: OSAD for RHEL (Kevin Carter) 7. [Neutron] New etherpad for collecting Neutron instrumentation requirements (Ryan Moats) 8. Re: [openstack-dev] [Openstack] Rescinding the M name decision (Lauren Sell) 9. Re: OSAD for RHEL (Kevin Carter) 10. Re: FAiled to create instance wiht openstack nova network (pra devOPS) 11. Re: Scaling the Ops Meetup (Tom Fifield) 12. Neutron LBaaS HA in KIlo? (Pedro Sousa) ---------------------------------------------------------------------- Message: 1 Date: Tue, 14 Jul 2015 08:28:59 -0500 From: "Clayton O'Neill" To: openstack-operators Subject: Re: [Openstack-operators] How to configure security-port feature in Kilo ? Message-ID: Content-Type: text/plain; charset="utf-8" Note that if you enable port-security when you upgrade to kilo you can avoid these issues. If you enable port-security after upgrading, it's a few pretty simple SQL commands to work around the bug below? described below. You can find them in the associated kilo upgrade db migration here: https://github.com/openstack/neutron/blob/master/neutron/db/migration/alembic_migrations/versions/35a0f3365720_add_port_security_in_ml2.py That said, I'd be glad to hear more about how to actually *use* the port security extension. It seems as if it can be used to turn off port security on a per port or per network basis. Is there any UI for this, or do you have to use the API? On Tue, Jul 14, 2015 at 5:52 AM, James Denton wrote: > In the /etc/neutron/plugins/ml2/ml2_conf.ini file, add the following > under [ml2] and restart the neutron-server service: > > > extension_drivers = port_security > > > You may experience the following bugs upon enabling port security: > > > https://bugs.launchpad.net/neutron/+bug/1461519 > > https://bugs.launchpad.net/neutron/+bug/1454148? > > > If you can, remove all existing Neutron networks prior to enabling port > security. Otherwise, you may be looking at some DB changes to get things > working again. > > > James > ------------------------------ > *From:* 16189455 at qq.com <16189455 at qq.com> > *Sent:* Tuesday, July 14, 2015 12:17 AM > *To:* openstack-operators > *Subject:* [Openstack-operators] How to configure security-port feature > in Kilo ? > > Hi all, > Recently I want to have a try of the feature security-port, but these > is very few introduction. Could you give some help? > Thank you. > > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 2 Date: Tue, 14 Jul 2015 16:38:02 +0200 From: Alvise Dorigo To: "openstack-operators at lists.openstack.org" Subject: [Openstack-operators] Ceilometer client uses the wrong URL when contacting service Message-ID: <55A51ECA.3090204 at pd.infn.it> Content-Type: text/plain; charset=utf-8; format=flowed Hi, I've setup an OpenStack IceHouse deployment with SSL. The Ceilometer service is registered in Keystone with the https endpoints: [root at controller-01 ~]# keystone endpoint-list|grep 8777 | 8c12e36a75454c5da92ac146630a7022 | regionOne | https://cloud-areapd-test.pd.infn.it:8777 | https://cloud-areapd-test.pd.infn.it:8777 | https://cloud-areapd-test.pd.infn.it:8777 | 8f765dc84a884786b0e95076a20f1c4c | When I select on the dashboard the menu "Resource usage", it hungs, and in the horizon.log file I see this error: 2015-07-14 14:27:03,899 9751 DEBUG ceilometerclient.common.http curl -i -X GET -H 'X-Auth-Token: 46778be5fbe2c753766b501314e6effa' -H 'Content-Type: application/json' -H 'Accept: application/json' -H 'User-Agent: python-ceilometerclient' http://90.147.77.250:8777/v2/meters Why ( and from where) the ceilometerclient is getting the wrong non-SSL endpoint http://90.147.77.250:8777/v2/meters ? I thought it would take that URL from the Keystone's endpoint catalog (which contains the correct https URLs); but it seems that it is not true. Could someone explain and help me to set it up correctly ? thanks, Alvise ------------------------------ Message: 3 Date: Tue, 14 Jul 2015 11:59:20 -0400 From: Adam Young To: Kevin Carter , "Kris G. Lindgren" , John Dewey Cc: "openstack-operators at lists.openstack.org" Subject: Re: [Openstack-operators] OSAD for RHEL Message-ID: <55A531D8.2040507 at redhat.com> Content-Type: text/plain; charset="windows-1252"; Format="flowed" On 07/10/2015 02:25 PM, Kevin Carter wrote: > > To be clear the present OSAD project really has no intention to bring > package based installations of OpenStack. We'd certainly not reject > the idea and wouldn't mind having an implementation spec for it > but all of our current tooling and design principles have been based > on the fact that we've move away from distro packages and on to > upstream source as it pertains to OpenStack. The system as it stands > today creates an internal repository of built wheels for your > environment and all of the OpenStack services are installed within LXC > containers, where possible and it makes sense. The installation of > these bits comes from the internal wheel repository and uses pip and > all of the pre / post config happens within the Ansible playbooks. > I understand your frustration with the packaging approach. For a first approximation, getting the code for OpenStack/Python operations out of Pip makes sense. Ideally, we would be able to support both approaches. Red Hat would not support a pip based install, but I am sure some Centos base users would be happy with pip. We had the same general discussion around devstack. > > One issue that will become a problem, for users of RedHat > specifically, is the fact that RedHat has no LXC container templates > (at least none that are publicly available) and even if someone were > to make an official RedHat container template there'd be issues with > the containers being able to connect to the satellite servers as well > as other potential license problems. > I'd leave the issues with getting blessed RHEL LXC support to Red Hat. Making something that works for CentOS with publically available LXC containers there would be more what I expect from OSAD upstream. What about Fedora support? It seems to me that we would be far more likely to have something supportable with Fedora that could then be backported to CentOS? > > I've done some experimenting with a RedHat 7.1 hosts and CentOS 7 > containers and things seem to work OK but I'd not say that I have > really put a lot of effort into it. That said, if its something that > you'd all like to work on I'd be happy to help out to make it all go. > Sounds good. I'll give it a try after the Keystone Midcycle. > > -- > > Kevin Carter > ------------------------------------------------------------------------ > *From:* Adam Young > *Sent:* Thursday, July 9, 2015 11:32 AM > *To:* Kris G. Lindgren; John Dewey > *Cc:* openstack-operators at lists.openstack.org > *Subject:* Re: [Openstack-operators] OSAD for RHEL > On 07/09/2015 02:16 AM, Kris G. Lindgren wrote: >> Does OSP support running each service in an LXC container as well? >> What about nova-cells? How does it handle people who need to carry >> local changes? What is the upgrade path like with OSP? > > So, ignoring the Hypervisor for the moment, there is no reason that > the rest of the controllers can't run in separate Containers. I think > a container based deployment would be fantastic. > > venv is not really sufficient, as the system level binaries can still > conflict (MysQL and LDAP both require system libraries for Keystone, > for example) > > From an Ansible perspective; we need to be able to share the HTTPD > instance for Keystone and Apache, and getting that right will solve > most of the issues deploying in a secure manner. Putting Them on > separate hosts or containers should be a degenerate case, and thus be > supported, too. > > > > > > >> >> Asking, because in Philly the general consensus, I fel,t was people >> want to move away from the current system level package stuff and >> move towards: venv's, "lightweight packages", containers. The only >> reason that was brought up to keep packages around was to solve the >> non-python lib stuff and using a depsolver (yum/apt) that doesn't >> suck (pip). So I am pretty sure my wants are inline with what other >> people in the community are either already doing or moving towards. >> ___________________________________________ >> Kris Lindgren >> Senior Linux Systems Engineer >> GoDaddy, LLC. >> >> >> From: John Dewey > >> Date: Wednesday, July 8, 2015 at 11:43 PM >> To: "Kris G. Lindgren" > > >> Cc: Adam Young >, >> "openstack-operators at lists.openstack.org >> " >> > > >> Subject: Re: [Openstack-operators] OSAD for RHEL >> >> This would not be acceptable for those running OSP. >> >> On Wednesday, July 8, 2015 at 10:12 PM, Kris G. Lindgren wrote: >> >>> I should be more clear. My current thought is to have a venv packaged >>> inside an rpm - so the rpm includes the needed init scripts, ensures the >>> required system level binaries are installed, adds the users - ect ect. >>> But would be a single deployable autonomous unit. Also, have a >>> versioning >>> schema to roll forward and back between venvs for quick update/rollback. >>> We are already working on doing something similar to this to run kilo on >>> cent6 boxen, until we can finish revving the remaining parts of the >>> fleet >>> to cent7. >>> >>> My desire is to move away from using system level python & openstack >>> packages, so that I can possibly run mismatched versions if I need >>> to. We >>> had a need to run kilo ceilometer and juno neutron/nova on a single >>> server. The conflicting python requirements between those made that task >>> impossible. In general I want to get away from treating Openstack as a >>> single system that everything needs to be upgraded in lock step >>> (packages >>> force you into this). I want to move to being able to upgrade say >>> oslo.messaging to a newer version on just say nova on my control plane >>> servers. Or upgrade nova to kilo while keeping the rest of the system >>> (neutron) on juno. Unless I run each service in a vm/container or on a >>> physical piece of hardware that is pretty much impossible to do with >>> packages - outside of placing everything inside venv's. >>> >>> However, it is my understanding that OSAD already builds its own >>> python-wheels and runs those inside lxc containers. So I don?t really >>> follow what good throwing those into an rpm would really do? >>> ____________________________________________ >>> Kris Lindgren >>> Senior Linux Systems Engineer >>> GoDaddy, LLC. >>> >>> >>> On 7/8/15, 10:33 PM, "Adam Young" >> > wrote: >>> >>>> On 07/07/2015 05:55 PM, Kris G. Lindgren wrote: >>>>> +1 on RHEL support. I have some interest in moving away from packages >>>>> and >>>>> am interested in the OSAD tooling as well. >>>> >>>> I would not recommend an approach targetting RHEL that does not use >>>> packages. >>>> >>>> OSAD support for RHEL using packages would be an outstanding tool. >>>> >>>> Which way are you planning on taking it? >>>> >>>>> ____________________________________________ >>>>> Kris Lindgren >>>>> Senior Linux Systems Engineer >>>>> GoDaddy, LLC. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On 7/7/15, 3:38 PM, "Abel Lopez" >>>> > wrote: >>>>> >>>>>> Hey everyone, >>>>>> I've started looking at osad, and I like much of the direction it >>>>>> takes. >>>>>> I'm pretty interested in developing it to run on RHEL, I just >>>>>> wanted to >>>>>> check if anyone would be -2 opposed to that before I spend cycles on >>>>>> it. >>>>> >>>>> _______________________________________________ >>>>> OpenStack-operators mailing list >>>>> OpenStack-operators at lists.openstack.org >>>>> >>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >>>> >>>> >>>> _______________________________________________ >>>> OpenStack-operators mailing list >>>> OpenStack-operators at lists.openstack.org >>>> >>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >>> >>> >>> _______________________________________________ >>> OpenStack-operators mailing list >>> OpenStack-operators at lists.openstack.org >>> >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 4 Date: Tue, 14 Jul 2015 10:02:36 -0700 From: Christopher Aedo To: "OpenStack Development Mailing List (not for usage questions)" , openstack-operators at lists.openstack.org Subject: [Openstack-operators] Meeting Thursday July 16th at 17:00UTC Message-ID: Content-Type: text/plain; charset=UTF-8 Hello! Our next OpenStack App Catalog meeting will take place this Thursday July 16th at 17:00 UTC in #openstack-meeting-3 The agenda can be found here: https://wiki.openstack.org/wiki/Meetings/app-catalog Please add agenda items if there's anything specific you would like to discuss. For this weeks meeting my primary intention is to discuss the roadmap, everything we'd like to accomplish before the next summit, and determine who all will be helping get it done. Please join us if you can! ------------------------------ Message: 5 Date: Tue, 14 Jul 2015 10:14:40 -0700 From: Christopher Aedo To: "OpenStack Development Mailing List (not for usage questions)" , openstack-operators at lists.openstack.org Subject: [Openstack-operators] [app-catalog] IRC Meeting Thursday July 16th at 17:00UTC Message-ID: Content-Type: text/plain; charset=UTF-8 (Apologies for the re-send, missed the appropriate tag on the subject line!) Hello! Our next OpenStack App Catalog meeting will take place this Thursday July 16th at 17:00 UTC in #openstack-meeting-3 The agenda can be found here: https://wiki.openstack.org/wiki/Meetings/app-catalog Please add agenda items if there's anything specific you would like to discuss. For this weeks meeting my primary intention is to discuss the roadmap, everything we'd like to accomplish before the next summit, and determine who all will be helping get it done. Please join us if you can! ------------------------------ Message: 6 Date: Tue, 14 Jul 2015 18:41:21 +0000 From: Kevin Carter To: Adam Young , "Kris G. Lindgren" , John Dewey Cc: "openstack-operators at lists.openstack.org" Subject: Re: [Openstack-operators] OSAD for RHEL Message-ID: <1436899281115.85866 at RACKSPACE.COM> Content-Type: text/plain; charset="utf-8" ? -- Kevin Carter Racker, Developer, Hacker @ The Rackspace Private Cloud. ________________________________ From: Adam Young Sent: Tuesday, July 14, 2015 10:59 AM To: Kevin Carter; Kris G. Lindgren; John Dewey Cc: openstack-operators at lists.openstack.org Subject: Re: [Openstack-operators] OSAD for RHEL On 07/10/2015 02:25 PM, Kevin Carter wrote: To be clear the present OSAD project really has no intention to bring package based installations of OpenStack. We'd certainly not reject the idea and wouldn't mind having an implementation spec for it but all of our current tooling and design principles have been based on the fact that we've move away from distro packages and on to upstream source as it pertains to OpenStack. The system as it stands today creates an internal repository of built wheels for your environment and all of the OpenStack services are installed within LXC containers, where possible and it makes sense. The installation of these bits comes from the internal wheel repository and uses pip and all of the pre / post config happens within the Ansible playbooks. I understand your frustration with the packaging approach. For a first approximation, getting the code for OpenStack/Python operations out of Pip makes sense. Ideally, we would be able to support both approaches. Red Hat would not support a pip based install, but I am sure some Centos base users would be happy with pip. We had the same general discussion around devstack. One issue that will become a problem, for users of RedHat specifically, is the fact that RedHat has no LXC container templates (at least none that are publicly available) and even if someone were to make an official RedHat container template there'd be issues with the containers being able to connect to the satellite servers as well as other potential license problems. I'd leave the issues with getting blessed RHEL LXC support to Red Hat. Making something that works for CentOS with publically available LXC containers there would be more what I expect from OSAD upstream. What about Fedora support? It seems to me that we would be far more likely to have something supportable with Fedora that could then be backported to CentOS? I've done some experimenting with a RedHat 7.1 hosts and CentOS 7 containers and things seem to work OK but I'd not say that I have really put a lot of effort into it. That said, if its something that you'd all like to work on I'd be happy to help out to make it all go. Sounds good. I'll give it a try after the Keystone Midcycle. -- Kevin Carter ________________________________ From: Adam Young Sent: Thursday, July 9, 2015 11:32 AM To: Kris G. Lindgren; John Dewey Cc: openstack-operators at lists.openstack.org Subject: Re: [Openstack-operators] OSAD for RHEL On 07/09/2015 02:16 AM, Kris G. Lindgren wrote: Does OSP support running each service in an LXC container as well? What about nova-cells? How does it handle people who need to carry local changes? What is the upgrade path like with OSP? So, ignoring the Hypervisor for the moment, there is no reason that the rest of the controllers can't run in separate Containers. I think a container based deployment would be fantastic. venv is not really sufficient, as the system level binaries can still conflict (MysQL and LDAP both require system libraries for Keystone, for example) From an Ansible perspective; we need to be able to share the HTTPD instance for Keystone and Apache, and getting that right will solve most of the issues deploying in a secure manner. Putting Them on separate hosts or containers should be a degenerate case, and thus be supported, too. Asking, because in Philly the general consensus, I fel,t was people want to move away from the current system level package stuff and move towards: venv's, "lightweight packages", containers. The only reason that was brought up to keep packages around was to solve the non-python lib stuff and using a depsolver (yum/apt) that doesn't suck (pip). So I am pretty sure my wants are inline with what other people in the community are either already doing or moving towards. ___________________________________________ Kris Lindgren Senior Linux Systems Engineer GoDaddy, LLC. From: John Dewey > Date: Wednesday, July 8, 2015 at 11:43 PM To: "Kris G. Lindgren" > Cc: Adam Young >, "openstack-operators at lists.openstack.org" > Subject: Re: [Openstack-operators] OSAD for RHEL This would not be acceptable for those running OSP. On Wednesday, July 8, 2015 at 10:12 PM, Kris G. Lindgren wrote: I should be more clear. My current thought is to have a venv packaged inside an rpm - so the rpm includes the needed init scripts, ensures the required system level binaries are installed, adds the users - ect ect. But would be a single deployable autonomous unit. Also, have a versioning schema to roll forward and back between venvs for quick update/rollback. We are already working on doing something similar to this to run kilo on cent6 boxen, until we can finish revving the remaining parts of the fleet to cent7. My desire is to move away from using system level python & openstack packages, so that I can possibly run mismatched versions if I need to. We had a need to run kilo ceilometer and juno neutron/nova on a single server. The conflicting python requirements between those made that task impossible. In general I want to get away from treating Openstack as a single system that everything needs to be upgraded in lock step (packages force you into this). I want to move to being able to upgrade say oslo.messaging to a newer version on just say nova on my control plane servers. Or upgrade nova to kilo while keeping the rest of the system (neutron) on juno. Unless I run each service in a vm/container or on a physical piece of hardware that is pretty much impossible to do with packages - outside of placing everything inside venv's. However, it is my understanding that OSAD already builds its own python-wheels and runs those inside lxc containers. So I don?t really follow what good throwing those into an rpm would really do? ____________________________________________ Kris Lindgren Senior Linux Systems Engineer GoDaddy, LLC. On 7/8/15, 10:33 PM, "Adam Young" > wrote: On 07/07/2015 05:55 PM, Kris G. Lindgren wrote: +1 on RHEL support. I have some interest in moving away from packages and am interested in the OSAD tooling as well. I would not recommend an approach targetting RHEL that does not use packages. OSAD support for RHEL using packages would be an outstanding tool. Which way are you planning on taking it? ____________________________________________ Kris Lindgren Senior Linux Systems Engineer GoDaddy, LLC. On 7/7/15, 3:38 PM, "Abel Lopez" > wrote: Hey everyone, I've started looking at osad, and I like much of the direction it takes. I'm pretty interested in developing it to run on RHEL, I just wanted to check if anyone would be -2 opposed to that before I spend cycles on it. _______________________________________________ OpenStack-operators mailing list OpenStack-operators at lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators _______________________________________________ OpenStack-operators mailing list OpenStack-operators at lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators _______________________________________________ OpenStack-operators mailing list OpenStack-operators at lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 7 Date: Tue, 14 Jul 2015 13:46:51 -0500 From: "Ryan Moats" To: openstack-operators at lists.openstack.org Subject: [Openstack-operators] [Neutron] New etherpad for collecting Neutron instrumentation requirements Message-ID: <201507141847.t6EIlrxh029018 at d01av01.pok.ibm.com> Content-Type: text/plain; charset="us-ascii" All- There is an effort getting underway to generate an RFE (request for enhancement), BPs and code changes to add instrumentation to neutron. An etherpad has been set up at https://etherpad.openstack.org/p/neutron-instrumentation to collect the type of information that would be useful to OpenStack operators. Please visit the page and add items that your organization feels would be useful to have instrumented in Neutron or +1 items that are already there. Feel free to fill in information on parts II (What to do with this instrumentation once we have it) and part III (How should Ceilometer talk to legacy systems) as well... Thanks in advance, Ryan Moats -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 8 Date: Tue, 14 Jul 2015 13:53:19 -0500 From: Lauren Sell To: "OpenStack Development Mailing List (not for usage questions)" Cc: "openstack-operators at lists.openstack.org" , "openstack at lists.openstack.org" , "Jonathan Bryce \(jonathan at openstack.org\)" Subject: Re: [Openstack-operators] [openstack-dev] [Openstack] Rescinding the M name decision Message-ID: <93B396BC-E9FC-443C-8E9D-D13B26B50BAC at openstack.org> Content-Type: text/plain; charset=utf-8 Good news. After finalizing the trademark checks and giving the community time to weigh in, Mitaka will be the name of the M release. Thanks again for the great discussion around this topic, and for the willingness to be responsive to the concerns of fellow community members. > On Jul 9, 2015, at 2:18 PM, Tim Bell wrote: > > Feel free to give input on the Mitaka proposal. > > Tim > >> -----Original Message----- >> From: Jonathan Bryce [mailto:jbryce at jbryce.com] >> Sent: 09 July 2015 20:52 >> To: OpenStack Development Mailing List (not for usage questions) >> Subject: Re: [openstack-dev] [Openstack] Rescinding the M name decision >> >>> On Jul 9, 2015, at 9:35 AM, Russell Bryant wrote: >>> >>> On 07/09/2015 09:19 AM, Neil Jerram wrote: >>>> In the hope of forestalling an unnecessary sub-thread... >>>> >>>> Mita was #1 in the vote, so has presumably already been ruled out by >>>> OpenStack's legal review. >>> >>> That is correct. >> >> >> Hi everyone, >> >> I?ve really loved seeing everyone?s understanding and engagement on this >> thread as we worked through the release cycle naming for ?M?. This was the >> first attempt to follow a new process, so not surprisingly, we found some >> improvements in the algorithm for the future. Still it?s awesome to see how >> constructive and positive the whole conversation has been. >> >> I wanted to provide a quick update on the status of the Foundation?s >> reviews of the names. First, as Russell mentioned above, after the voting >> was completed, we asked our trademark counsel to do checks on the top 3 >> names. The first two both had significant trademark issues with existing >> trademark holders in the same space that would have prevented us from >> using the names in most jurisdictions where we have our largest >> communities (US, Europe and Asia). The 3rd choice was relatively low risk >> and so we passed word back to Monty who announced it. Once we realized >> there were other issues with Meiji, we asked for an expedited check of the >> next 3 names: Mitaka, Musashi, and Meguro. The preliminary check shows >> that Mitaka and Meguro both present an acceptable level of risk, while >> Musashi is higher on the risk scale and would probably create problems for >> usage. >> >> At this time, we?re going to do a deeper check on Mitaka, which was the #4 >> candidate in voting and would be next in line after Meiji. I know Itoh-san >> mentioned the Mitaka locale has the potential to be associated with certain >> corporations in Japan, but my personal feeling is that may not be significant >> enough to override it?s position in the voting and it?s availability for use. >> >> I?d encourage anyone with other concerns about Mitaka to post those >> within the next 24 hours so we can appropriately consider and discuss >> them. We should have results on the deeper trademark check by next week >> as well and can hopefully settle on a final name. >> >> Thanks again for all the discussion and participation and especially to >> Monty who?s been on the front lines of helping us navigate this. Feel free to >> let me know if you have any other questions, >> >> Jonathan >> 210-317-2438 >> >> >> __________________________________________________________ >> ________________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: OpenStack-dev- >> request at lists.openstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ------------------------------ Message: 9 Date: Tue, 14 Jul 2015 19:01:41 +0000 From: Kevin Carter To: Adam Young , "Kris G. Lindgren" , John Dewey Cc: "openstack-operators at lists.openstack.org" Subject: Re: [Openstack-operators] OSAD for RHEL Message-ID: <1436900500710.26115 at RACKSPACE.COM> Content-Type: text/plain; charset="utf-8" ?Sorry for the blank reply, hot keys got the better of me :) @Adam Are there any plans to create a publicly available LXC template that we could used by others and when you say "I'd leave the issues with getting blessed RHEL LXC support to Red Hat?" do you imaging RedHat providing images/templates to deployers wanting to deploy on RHEL?? I noticed that the LXC tooling that RedHat provides is old and while functional its not using the lxc python 3 clients or libraries. Are there any plans to repack LXC using the available py3m packages that are in RHEL7.1? In terms of pip vs rpm/deb packages are there things that RedHat will not specifically support when using pip? Is it that any use of pip would invalidate general RHEL host support? I ask because we already have all of the tooling to support a source based deployment which has the ability to do rolling upgrades and while I've only experimented with adding RedHat as base host OS (tested using RHEL 7/7.1) it shouldn't be a huge forklift to get that work done though adding in distinct code paths for deployments powered by packages would be a lot more work. As for Fedora support, I dont think thats far off once we have a base RHEL/CentOS7 system running. -- Kevin ________________________________ From: Adam Young Sent: Tuesday, July 14, 2015 10:59 AM To: Kevin Carter; Kris G. Lindgren; John Dewey Cc: openstack-operators at lists.openstack.org Subject: Re: [Openstack-operators] OSAD for RHEL On 07/10/2015 02:25 PM, Kevin Carter wrote: To be clear the present OSAD project really has no intention to bring package based installations of OpenStack. We'd certainly not reject the idea and wouldn't mind having an implementation spec for it but all of our current tooling and design principles have been based on the fact that we've move away from distro packages and on to upstream source as it pertains to OpenStack. The system as it stands today creates an internal repository of built wheels for your environment and all of the OpenStack services are installed within LXC containers, where possible and it makes sense. The installation of these bits comes from the internal wheel repository and uses pip and all of the pre / post config happens within the Ansible playbooks. I understand your frustration with the packaging approach. For a first approximation, getting the code for OpenStack/Python operations out of Pip makes sense. Ideally, we would be able to support both approaches. Red Hat would not support a pip based install, but I am sure some Centos base users would be happy with pip. We had the same general discussion around devstack. One issue that will become a problem, for users of RedHat specifically, is the fact that RedHat has no LXC container templates (at least none that are publicly available) and even if someone were to make an official RedHat container template there'd be issues with the containers being able to connect to the satellite servers as well as other potential license problems. I'd leave the issues with getting blessed RHEL LXC support to Red Hat. Making something that works for CentOS with publically available LXC containers there would be more what I expect from OSAD upstream. What about Fedora support? It seems to me that we would be far more likely to have something supportable with Fedora that could then be backported to CentOS? I've done some experimenting with a RedHat 7.1 hosts and CentOS 7 containers and things seem to work OK but I'd not say that I have really put a lot of effort into it. That said, if its something that you'd all like to work on I'd be happy to help out to make it all go. Sounds good. I'll give it a try after the Keystone Midcycle. -- Kevin Carter ________________________________ From: Adam Young Sent: Thursday, July 9, 2015 11:32 AM To: Kris G. Lindgren; John Dewey Cc: openstack-operators at lists.openstack.org Subject: Re: [Openstack-operators] OSAD for RHEL On 07/09/2015 02:16 AM, Kris G. Lindgren wrote: Does OSP support running each service in an LXC container as well? What about nova-cells? How does it handle people who need to carry local changes? What is the upgrade path like with OSP? So, ignoring the Hypervisor for the moment, there is no reason that the rest of the controllers can't run in separate Containers. I think a container based deployment would be fantastic. venv is not really sufficient, as the system level binaries can still conflict (MysQL and LDAP both require system libraries for Keystone, for example) From an Ansible perspective; we need to be able to share the HTTPD instance for Keystone and Apache, and getting that right will solve most of the issues deploying in a secure manner. Putting Them on separate hosts or containers should be a degenerate case, and thus be supported, too. Asking, because in Philly the general consensus, I fel,t was people want to move away from the current system level package stuff and move towards: venv's, "lightweight packages", containers. The only reason that was brought up to keep packages around was to solve the non-python lib stuff and using a depsolver (yum/apt) that doesn't suck (pip). So I am pretty sure my wants are inline with what other people in the community are either already doing or moving towards. ___________________________________________ Kris Lindgren Senior Linux Systems Engineer GoDaddy, LLC. From: John Dewey > Date: Wednesday, July 8, 2015 at 11:43 PM To: "Kris G. Lindgren" > Cc: Adam Young >, "openstack-operators at lists.openstack.org" > Subject: Re: [Openstack-operators] OSAD for RHEL This would not be acceptable for those running OSP. On Wednesday, July 8, 2015 at 10:12 PM, Kris G. Lindgren wrote: I should be more clear. My current thought is to have a venv packaged inside an rpm - so the rpm includes the needed init scripts, ensures the required system level binaries are installed, adds the users - ect ect. But would be a single deployable autonomous unit. Also, have a versioning schema to roll forward and back between venvs for quick update/rollback. We are already working on doing something similar to this to run kilo on cent6 boxen, until we can finish revving the remaining parts of the fleet to cent7. My desire is to move away from using system level python & openstack packages, so that I can possibly run mismatched versions if I need to. We had a need to run kilo ceilometer and juno neutron/nova on a single server. The conflicting python requirements between those made that task impossible. In general I want to get away from treating Openstack as a single system that everything needs to be upgraded in lock step (packages force you into this). I want to move to being able to upgrade say oslo.messaging to a newer version on just say nova on my control plane servers. Or upgrade nova to kilo while keeping the rest of the system (neutron) on juno. Unless I run each service in a vm/container or on a physical piece of hardware that is pretty much impossible to do with packages - outside of placing everything inside venv's. However, it is my understanding that OSAD already builds its own python-wheels and runs those inside lxc containers. So I don?t really follow what good throwing those into an rpm would really do? ____________________________________________ Kris Lindgren Senior Linux Systems Engineer GoDaddy, LLC. On 7/8/15, 10:33 PM, "Adam Young" > wrote: On 07/07/2015 05:55 PM, Kris G. Lindgren wrote: +1 on RHEL support. I have some interest in moving away from packages and am interested in the OSAD tooling as well. I would not recommend an approach targetting RHEL that does not use packages. OSAD support for RHEL using packages would be an outstanding tool. Which way are you planning on taking it? ____________________________________________ Kris Lindgren Senior Linux Systems Engineer GoDaddy, LLC. On 7/7/15, 3:38 PM, "Abel Lopez" > wrote: Hey everyone, I've started looking at osad, and I like much of the direction it takes. I'm pretty interested in developing it to run on RHEL, I just wanted to check if anyone would be -2 opposed to that before I spend cycles on it. _______________________________________________ OpenStack-operators mailing list OpenStack-operators at lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators _______________________________________________ OpenStack-operators mailing list OpenStack-operators at lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators _______________________________________________ OpenStack-operators mailing list OpenStack-operators at lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 10 Date: Tue, 14 Jul 2015 16:46:33 -0700 From: pra devOPS To: matt , openstack-operators at lists.openstack.org Subject: Re: [Openstack-operators] FAiled to create instance wiht openstack nova network Message-ID: Content-Type: text/plain; charset="utf-8" Hi All: I was able to spin up instances on openstack (all in one , Icehouse). Got the ips able to connect it to the ips with floating ips. from the floating ip network i am able to connect to the machines. Now I want this vms talk outside the host on which they are hosted? How can I do that? Thanks, Dev On Mon, Jul 13, 2015 at 12:07 PM, pra devOPS wrote: > > Can somebody suggest me on the below? > > Thanks, > Dev > > On Fri, Jul 10, 2015 at 4:32 PM, pra devOPS wrote: > >> Hi >> >> I am running as root, Please find below the nova config file. ( I am >> using nova network) >> >> http://paste.openstack.org/show/363300/ >> >> Thanks, >> Dev >> >> On Fri, Jul 10, 2015 at 1:30 PM, matt wrote: >> >>> root-wrap failed probably a config error. might want to post your nova >>> configs with commenting out of passwords / service tokens. >>> >>> dnsmasq --strict-order --bind-interfaces --conf-file= --pid-file=/var/lib/nova/networks/nova-br100.pid --listen-address=192.168.22.1 --except-interface=lo --dhcp-range=set:demo-net,192.168.22.2,static,255.255.255.0,120s --dhcp-lease-max=256 --dhcp-hostsfile=/var/lib/nova/networks/nova-br100.conf --dhcp-script=/usr/bin/nova-dhcpbridge --leasefile-ro --domain=novalocal --no-hosts --addn-hosts=/var/lib/nova/networks/nova-br100.hosts >>> 2015-07-10 15:30:29.753 3044 TRACE oslo.messaging.rpc.dispatcher Exit code: 2 >>> >>> needs to run as root. exit code 2 is obviously pretty bad. so that NEEDs to be fixed. >>> >>> >>> >>> On Fri, Jul 10, 2015 at 3:25 PM, pra devOPS >>> wrote: >>> >>>> All: >>>> >>>> I get the following error when trying to create an instance in >>>> openstack icehouse centOS 7 on nova network. >>>> >>>> nova network logs and UI logs are pasted at: >>>> *http://paste.openstack.org/show/362706/ >>>> * >>>> >>>> >>>> >>>> Can somebdody give susggestiong? >>>> Thanks,Siva >>>> >>>> >>>> _______________________________________________ >>>> OpenStack-operators mailing list >>>> OpenStack-operators at lists.openstack.org >>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >>>> >>>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 11 Date: Wed, 15 Jul 2015 16:13:06 +0800 From: Tom Fifield To: openstack-operators at lists.openstack.org Subject: Re: [Openstack-operators] Scaling the Ops Meetup Message-ID: <55A61612.10905 at openstack.org> Content-Type: text/plain; charset=utf-8 Hi all, On 01/07/15 15:29, Tom Fifield wrote: > =Open Questions= ... > * What are the costs involved in hosting one of these events? Thanks to our wonderful sponsors (any inaccuracies or estimates are mine), I got permission to post some rough cost information for the past events, as requested: =1. San Jose= San Jose was hosted by eBay/Paypal who catered breakfast and brought in pizza for lunch. # Attendees: 40-50 Venue cost: $0 Food cost: $1000 Signage/misc: $0 Total per head: ~$20/head Evening Event: $1000 =2. San Antonio= San Antonio was hosted by Rackspace over two days who brought in breakfast and pizza/food trucks for lunch. # Attendees: 80-100 Venue cost: $1100 (security, AV) Food cost: $2000 Signage/misc: $300 Total per head: ~$33/head Evening Event: $1500 =3. Philadelphia= Philadelphia was our first meetup held in a commercial venue, after we ran out of space to host it at Comcast and had to move it at the last minute. Two day event. # Attendees: 125 Venue cost: $20,569 venue+food Food cost: - Signage/misc: $320 Total per head: ~$165/head Evening Event: $3000 Regards, Tom > > > Regards, > > > Tom > > > > > On 30/06/15 12:33, Tom Fifield wrote: >> Hi all, >> >> Right now, behind-the-scenes, we're working on getting a venue for next >> ops mid-cycle. It's taking a little longer than normal, but rest assured >> it is happening. >> >> Why is it so difficult? As you may have noticed, we're reaching the size >> of event where both physically and financially, only the largest >> organisations can host us. >> >> We thought we might get away with organising this one old-school with a >> single host and sponsor. Then, for the next, start a brainstorming >> discussion with you about how we scale these events into the future - >> since once we get up and beyond a few hundred people, we're looking at >> having to hire a venue as well as make some changes to the format of the >> event. >> >> However, it seems that even this might be too late. We already had a >> company that proposed to host the meetup at a west coast US hotel >> instead of their place, and wanted to scope out other companies to >> sponsor food. >> >> This would be a change in the model, so let's commence the discussion of >> how we want to scale this event :) >> >> So far I've heard things like: >> * "my $CORPORATE_BENEFACTOR would be fine to share sponsorship with others" >> * "I really don't want to get to the point where we want booths at the >> ops meetup" >> >> Which are promising! It seems like we have a shared understanding of >> what to take this forward with. >> >> So, as the ops meetup grows - what would it look like for you? >> >> How do you think we can manage the venue selection and financial side of >> things? What about the session layout and the scheduling with the >> growing numbers of attendees? >> >> Current data can be found at >> https://wiki.openstack.org/wiki/Operations/Meetups#Venue_Selection . >> >> I would also be interested in your thoughts about how these events have >> only been in a limited geographical area so far, and how we can address >> that issue. >> >> >> Regards, >> >> >> Tom >> >> >> >> _______________________________________________ >> OpenStack-operators mailing list >> OpenStack-operators at lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > ------------------------------ Message: 12 Date: Wed, 15 Jul 2015 10:41:24 +0100 From: Pedro Sousa To: "OpenStack-operators at lists.openstack.org" Subject: [Openstack-operators] Neutron LBaaS HA in KIlo? Message-ID: Content-Type: text/plain; charset="utf-8" Hi all, can anybody clarify if Neutron LBaaS Agent has HA support in Kilo? Regards, Pedro Sousa -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ _______________________________________________ OpenStack-operators mailing list OpenStack-operators at lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators End of OpenStack-operators Digest, Vol 57, Issue 19 *************************************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: From aishwarya.adyanthaya at accenture.com Thu Jul 16 05:09:47 2015 From: aishwarya.adyanthaya at accenture.com (aishwarya.adyanthaya at accenture.com) Date: Thu, 16 Jul 2015 05:09:47 +0000 Subject: [Openstack-operators] Unable to connect to internet from Openstack instance Message-ID: <992b05f5a4f74140b96dc152502ab72d@CO2PR42MB188.048d.mgd.msft.net> Hi, I created an instance in my dashboard and attached a floating IP to it. I'm able to ssh to node (which has Ubuntu 14.04 image) but when I try to do an 'apt-get update && apt-get upgrade' I'm facing issue there. Below is what I'm facing: root at node:/home/ubuntu# apt-get update && apt-get upgrade Err http://archive.ubuntu.com trusty InRelease Err http://archive.ubuntu.com trusty-updates InRelease Err http://security.ubuntu.com trusty-security InRelease Err http://archive.ubuntu.com trusty Release.gpg Could not resolve 'archive.ubuntu.com' Err http://security.ubuntu.com trusty-security Release.gpg Could not resolve 'security.ubuntu.com' Err http://archive.ubuntu.com trusty-updates Release.gpg Could not resolve 'archive.ubuntu.com' Reading package lists... Done W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty/InRelease W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-updates/InRelease W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/trusty-security/InRelease W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty/Release.gpg Could not resolve 'archive.ubuntu.com' W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-updates/Release.gpg Could not resolve 'archive.ubuntu.com' W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/trusty-security/Release.gpg Could not resolve 'security.ubuntu.com' W: Some index files failed to download. They have been ignored, or old ones used instead. Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Thank you, Aishwarya Adyanthaya ________________________________ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. ______________________________________________________________________________________ www.accenture.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From scheuran at linux.vnet.ibm.com Thu Jul 16 07:52:06 2015 From: scheuran at linux.vnet.ibm.com (Andreas Scheuring) Date: Thu, 16 Jul 2015 09:52:06 +0200 Subject: [Openstack-operators] Unable to connect to internet from Openstack instance In-Reply-To: <992b05f5a4f74140b96dc152502ab72d@CO2PR42MB188.048d.mgd.msft.net> References: <992b05f5a4f74140b96dc152502ab72d@CO2PR42MB188.048d.mgd.msft.net> Message-ID: <1437033126.2802.3.camel@scheuran-ThinkPad-W530> Looks like name resolution does not work properly. You need to add an dns entry to your instance. You can try that by hand first (/etc/resolv.conf) or you could try to add the dns info to your neutron subnet. The dns server usually lives somewhere outside your openstack installation, so you should provide the external one Andreas (IRC: scheuran) On Do, 2015-07-16 at 05:09 +0000, aishwarya.adyanthaya at accenture.com wrote: > Hi, > > > > I created an instance in my dashboard and attached a floating IP to > it. I?m able to ssh to node (which has Ubuntu 14.04 image) but when I > try to do an ?apt-get update && apt-get upgrade? I?m facing issue > there. Below is what I?m facing: > > > > root at node:/home/ubuntu# apt-get update && apt-get upgrade > > Err http://archive.ubuntu.com trusty InRelease > > > > Err http://archive.ubuntu.com trusty-updates InRelease > > > > Err http://security.ubuntu.com trusty-security InRelease > > > > Err http://archive.ubuntu.com trusty Release.gpg > > Could not resolve 'archive.ubuntu.com' > > Err http://security.ubuntu.com trusty-security Release.gpg > > Could not resolve 'security.ubuntu.com' > > Err http://archive.ubuntu.com trusty-updates Release.gpg > > Could not resolve 'archive.ubuntu.com' > > Reading package lists... Done > > W: Failed to fetch > http://archive.ubuntu.com/ubuntu/dists/trusty/InRelease > > > > W: Failed to fetch > http://archive.ubuntu.com/ubuntu/dists/trusty-updates/InRelease > > > > W: Failed to fetch > http://security.ubuntu.com/ubuntu/dists/trusty-security/InRelease > > > > W: Failed to fetch > http://archive.ubuntu.com/ubuntu/dists/trusty/Release.gpg Could not > resolve 'archive.ubuntu.com' > > > > W: Failed to fetch > http://archive.ubuntu.com/ubuntu/dists/trusty-updates/Release.gpg > Could not resolve 'archive.ubuntu.com' > > > > W: Failed to fetch > http://security.ubuntu.com/ubuntu/dists/trusty-security/Release.gpg > Could not resolve 'security.ubuntu.com' > > > > W: Some index files failed to download. They have been ignored, or old > ones used instead. > > Reading package lists... Done > > Building dependency tree > > Reading state information... Done > > Calculating upgrade... Done > > 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. > > > > Thank you, > > Aishwarya Adyanthaya > > > > > ______________________________________________________________________ > > This message is for the designated recipient only and may contain > privileged, proprietary, or otherwise confidential information. If you > have received it in error, please notify the sender immediately and > delete the original. Any other use of the e-mail by you is prohibited. > Where allowed by local law, electronic communications with Accenture > and its affiliates, including e-mail and instant messaging (including > content), may be scanned by our systems for the purposes of > information security and assessment of internal compliance with > Accenture policy. > ______________________________________________________________________________________ > > www.accenture.com > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -- Andreas (IRC: scheuran) From maishsk at maishsk.com Thu Jul 16 08:10:47 2015 From: maishsk at maishsk.com (Maish Saidel-Keesing) Date: Thu, 16 Jul 2015 11:10:47 +0300 Subject: [Openstack-operators] [tags] Meeting this week In-Reply-To: <5590CC1D.1010809@openstack.org> References: <5590CC1D.1010809@openstack.org> Message-ID: <55A76707.1050008@maishsk.com> Are we having a meeting today at 14:00 UTC? On 06/29/15 07:39, Tom Fifield wrote: > Hi, > > As noted last meeting, we didn't get even half way through out agenda, > so we will meet this week as well. > > So, join us this Thursday Jul 2nd 1400 UTC in #openstack-meeting on > freenode > (http://www.timeanddate.com/worldclock/fixedtime.html?iso=20150702T1400 ) > > To kick off with agenda item #4: > https://etherpad.openstack.org/p/ops-tags-June-2015 > > Previous meeting notes can be found at: > http://eavesdrop.openstack.org/meetings/ops_tags/2015/ > > > Regards, > > > Tom > -- Best Regards, Maish Saidel-Keesing From tom at openstack.org Thu Jul 16 08:17:46 2015 From: tom at openstack.org (Tom Fifield) Date: Thu, 16 Jul 2015 16:17:46 +0800 Subject: [Openstack-operators] [tags] Meeting this week In-Reply-To: <55A76707.1050008@maishsk.com> References: <5590CC1D.1010809@openstack.org> <55A76707.1050008@maishsk.com> Message-ID: <55A768AA.2040005@openstack.org> Hi, According to the logs from last week, which are sadly in yet another directory: http://eavesdrop.openstack.org/meetings/_operator_tags/ , we do have a meeting this week, but the only agenda item (Jamespage & markbaker - thoughts on packaging) didn't pan out since markbaker wasn't available. Is there interest for a meeting, and any proposed topics? ops:ha? Regards, Tom On 16/07/15 16:10, Maish Saidel-Keesing wrote: > Are we having a meeting today at 14:00 UTC? > > On 06/29/15 07:39, Tom Fifield wrote: >> Hi, >> >> As noted last meeting, we didn't get even half way through out agenda, >> so we will meet this week as well. >> >> So, join us this Thursday Jul 2nd 1400 UTC in #openstack-meeting on >> freenode >> (http://www.timeanddate.com/worldclock/fixedtime.html?iso=20150702T1400 ) >> >> To kick off with agenda item #4: >> https://etherpad.openstack.org/p/ops-tags-June-2015 >> >> Previous meeting notes can be found at: >> http://eavesdrop.openstack.org/meetings/ops_tags/2015/ >> >> >> Regards, >> >> >> Tom >> > From 16189455 at qq.com Thu Jul 16 08:23:20 2015 From: 16189455 at qq.com (=?gb18030?B?09q94A==?=) Date: Thu, 16 Jul 2015 16:23:20 +0800 Subject: [Openstack-operators] [neutron][port-security]Could not create vm in network with the port-security-enabled=False Message-ID: Hi all, I could use the feature port-security-enabled on port. When I create net and subnet neutron net-create net2 --port-security-enabled=False neutron subnet-create net2 6.6.6.0/24 --enable-dhcp=False --name subnet2 it works well. Then i create a vm in dashboard choosing net2, it returns "No valid host was found. There are not enough hosts available." The log in nova-conductor.log says : ERROR nova.scheduler.utils [req-a0cf72f9-2887-4d60-80f5-e515b72d64be 6acf7be037184d2eaa6db168056a154a 6e95e4dfcb624c1fb4c14ed0ab1464a2 - - -] [instance: 29b7e973-eda1-43e7-a1d8-fd7d171a9c28] Error from last host: dvr-compute1.novalocal (node dvr-compute1.novalocal): [u'Traceback (most recent call last):\n', u' File "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 2219, in _do_build_and_run_instance\n filter_properties)\n', u' File "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 2362, in _build_and_run_instance\n instance_uuid=instance.uuid, reason=six.text_type(e))\n', u'RescheduledException: Build of instance 29b7e973-eda1-43e7-a1d8-fd7d171a9c28 was re-scheduled: Network requires port_security_enabled and subnet associated in order to apply security groups.\n'] But when I create vm in dashboard, I don't choose any security-group. BTW, does icehouse support port-security? I configure extension_drivers in devstack, but the neutron ext-list does not show port-security. Do anyone could help? Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From aishwarya.adyanthaya at accenture.com Thu Jul 16 09:25:32 2015 From: aishwarya.adyanthaya at accenture.com (aishwarya.adyanthaya at accenture.com) Date: Thu, 16 Jul 2015 09:25:32 +0000 Subject: [Openstack-operators] Unable to connect to internet from Openstack instance In-Reply-To: <1437033126.2802.3.camel@scheuran-ThinkPad-W530> References: <992b05f5a4f74140b96dc152502ab72d@CO2PR42MB188.048d.mgd.msft.net> <1437033126.2802.3.camel@scheuran-ThinkPad-W530> Message-ID: <1e2b4051237d422ea67842dfc07d1ac1@CO2PR42MB188.048d.mgd.msft.net> Hi, I did add a dns nameserver in the /etc/resolv.conf file. The problem I'm facing here it at times I'm able to download packages or ping any internet site but then I loose connection from accessing internet. I checked my Openstack services and they are up and in running state. -----Original Message----- From: Andreas Scheuring [mailto:scheuran at linux.vnet.ibm.com] Sent: Thursday, July 16, 2015 1:22 PM To: Adyanthaya, Aishwarya Cc: openstack-operators at lists.openstack.org Subject: Re: [Openstack-operators] Unable to connect to internet from Openstack instance Looks like name resolution does not work properly. You need to add an dns entry to your instance. You can try that by hand first (/etc/resolv.conf) or you could try to add the dns info to your neutron subnet. The dns server usually lives somewhere outside your openstack installation, so you should provide the external one Andreas (IRC: scheuran) On Do, 2015-07-16 at 05:09 +0000, aishwarya.adyanthaya at accenture.com wrote: > Hi, > > > > I created an instance in my dashboard and attached a floating IP to > it. I?m able to ssh to node (which has Ubuntu 14.04 image) but when I > try to do an ?apt-get update && apt-get upgrade? I?m facing issue > there. Below is what I?m facing: > > > > root at node:/home/ubuntu# apt-get update && apt-get upgrade > > Err http://archive.ubuntu.com trusty InRelease > > > > Err http://archive.ubuntu.com trusty-updates InRelease > > > > Err http://security.ubuntu.com trusty-security InRelease > > > > Err http://archive.ubuntu.com trusty Release.gpg > > Could not resolve 'archive.ubuntu.com' > > Err http://security.ubuntu.com trusty-security Release.gpg > > Could not resolve 'security.ubuntu.com' > > Err http://archive.ubuntu.com trusty-updates Release.gpg > > Could not resolve 'archive.ubuntu.com' > > Reading package lists... Done > > W: Failed to fetch > http://archive.ubuntu.com/ubuntu/dists/trusty/InRelease > > > > W: Failed to fetch > http://archive.ubuntu.com/ubuntu/dists/trusty-updates/InRelease > > > > W: Failed to fetch > http://security.ubuntu.com/ubuntu/dists/trusty-security/InRelease > > > > W: Failed to fetch > http://archive.ubuntu.com/ubuntu/dists/trusty/Release.gpg Could not > resolve 'archive.ubuntu.com' > > > > W: Failed to fetch > http://archive.ubuntu.com/ubuntu/dists/trusty-updates/Release.gpg > Could not resolve 'archive.ubuntu.com' > > > > W: Failed to fetch > http://security.ubuntu.com/ubuntu/dists/trusty-security/Release.gpg > Could not resolve 'security.ubuntu.com' > > > > W: Some index files failed to download. They have been ignored, or old > ones used instead. > > Reading package lists... Done > > Building dependency tree > > Reading state information... Done > > Calculating upgrade... Done > > 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. > > > > Thank you, > > Aishwarya Adyanthaya > > > > > ______________________________________________________________________ > > This message is for the designated recipient only and may contain > privileged, proprietary, or otherwise confidential information. If you > have received it in error, please notify the sender immediately and > delete the original. Any other use of the e-mail by you is prohibited. > Where allowed by local law, electronic communications with Accenture > and its affiliates, including e-mail and instant messaging (including > content), may be scanned by our systems for the purposes of > information security and assessment of internal compliance with > Accenture policy. > ______________________________________________________________________ > ________________ > > www.accenture.com > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operator > s -- Andreas (IRC: scheuran) ________________________________ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. ______________________________________________________________________________________ www.accenture.com From maishsk at maishsk.com Thu Jul 16 10:37:08 2015 From: maishsk at maishsk.com (Maish Saidel-Keesing) Date: Thu, 16 Jul 2015 13:37:08 +0300 Subject: [Openstack-operators] [tags] Meeting this week In-Reply-To: <55A768AA.2040005@openstack.org> References: <5590CC1D.1010809@openstack.org> <55A76707.1050008@maishsk.com> <55A768AA.2040005@openstack.org> Message-ID: <55A78954.5070707@maishsk.com> I would prefer to defer today's meeting On 07/16/15 11:17, Tom Fifield wrote: > Hi, > > According to the logs from last week, which are sadly in yet another > directory: http://eavesdrop.openstack.org/meetings/_operator_tags/ , we > do have a meeting this week, but the only agenda item (Jamespage & > markbaker - thoughts on packaging) didn't pan out since markbaker wasn't > available. > > Is there interest for a meeting, and any proposed topics? ops:ha? > > Regards, > > > Tom > > > > On 16/07/15 16:10, Maish Saidel-Keesing wrote: >> Are we having a meeting today at 14:00 UTC? >> >> On 06/29/15 07:39, Tom Fifield wrote: >>> Hi, >>> >>> As noted last meeting, we didn't get even half way through out agenda, >>> so we will meet this week as well. >>> >>> So, join us this Thursday Jul 2nd 1400 UTC in #openstack-meeting on >>> freenode >>> (http://www.timeanddate.com/worldclock/fixedtime.html?iso=20150702T1400 ) >>> >>> To kick off with agenda item #4: >>> https://etherpad.openstack.org/p/ops-tags-June-2015 >>> >>> Previous meeting notes can be found at: >>> http://eavesdrop.openstack.org/meetings/ops_tags/2015/ >>> >>> >>> Regards, >>> >>> >>> Tom >>> -- Best Regards, Maish Saidel-Keesing From antonio.s.messina at gmail.com Thu Jul 16 11:21:32 2015 From: antonio.s.messina at gmail.com (Antonio Messina) Date: Thu, 16 Jul 2015 13:21:32 +0200 Subject: [Openstack-operators] RabbitMQ in cluster mode - high cpu usage Message-ID: Hi all, We are deploying Kilo on Ubuntu Trusty. We run all services on 5 controller nodes, including RabbitMQ in cluster with HA queues. We configure "rabbit_hosts" on all services to point to the 5 rabbitmq nodes. On each controller node the beam.smp process is taking ~150-250% of CPU and around 2GB of resident memory, even when no VM is running. Also note that this is all CPU time, no waiting time due to intensive IO. We can't figure out why. One of the (probably unrelated) things we found is that although the "heartbeat" option for rabbitmq in nova is marked as EXPERIMENTAL, it's enabled by default. Indeed, we found on the logs many errors like: <11>Jul 15 20:19:27 node-k5-01-10 2015-07-15 20:19:27.625 128786 ERROR oslo_messaging._drivers.impl_rabbit [-] AMQP server on cloud-l2-41.os.s3it.uzh.ch:5672 is unreachable: Too many heartbeats missed. Trying again in 1 seconds. Note that the rabbitmq servers were all up&running. On the rabbitmq server, the error was something like: =ERROR REPORT==== 15-Jul-2015::13:13:29 === closing AMQP connection <0.18550.0> (10.129.16.173:55330 -> 10.129.31.229:5672): {heartbeat_timeout,running} We disabled heartbeat for nova, in section [oslo_messaging_rabbit]. We don't see these errors on the compute node anymore, but the CPU usage for RabbitMQ is still high, so it's probably unrelated. I wonder if anyone can answer to our questions: * is anyone is experiencing the same behavior? Do you have a solution? * why is heartbeat option in nova enabled, and if can be safely disabled? * is anyone experiencing similar issues with qpid? (we are not especially attached to any amqp implementation) * are the default values for timeout/backoff/retry in nova.conf sane, even in a not-so-small installation? (64 compute nodes right now for "testing", 128 soon) Thank you in advance for your help, Antonio Messina Package versions: rabbitmq-server 3.4.3-2~cloud0 python-amqp 1.4.6-0ubuntu1~cloud0 python-amqplib 1.0.2-1 python-kombu 3.0.24-0ubuntu2~cloud0 -- antonio.s.messina at gmail.com antonio.messina at uzh.ch +41 (0)44 635 42 22 S3IT: Service and Support for Science IT http://www.s3it.uzh.ch/ University of Zurich Winterthurerstrasse 190 CH-8057 Zurich Switzerland From scheuran at linux.vnet.ibm.com Thu Jul 16 12:37:22 2015 From: scheuran at linux.vnet.ibm.com (Andreas Scheuring) Date: Thu, 16 Jul 2015 14:37:22 +0200 Subject: [Openstack-operators] Unable to connect to internet from Openstack instance In-Reply-To: <1e2b4051237d422ea67842dfc07d1ac1@CO2PR42MB188.048d.mgd.msft.net> References: <992b05f5a4f74140b96dc152502ab72d@CO2PR42MB188.048d.mgd.msft.net> <1437033126.2802.3.camel@scheuran-ThinkPad-W530> <1e2b4051237d422ea67842dfc07d1ac1@CO2PR42MB188.048d.mgd.msft.net> Message-ID: <1437050242.2802.7.camel@scheuran-ThinkPad-W530> How does your setup look like? Are you using a multinode with tunneling (vxlan or gre) configured? If so maybe your packets get dropped due to wrong MTU configuration. You could try with ping -s and tcpdump how far you can get and if there's some point where packets get dropped or fragmented. Andreas On Do, 2015-07-16 at 09:25 +0000, aishwarya.adyanthaya at accenture.com wrote: > Hi, > > I did add a dns nameserver in the /etc/resolv.conf file. The problem I'm facing here it at times I'm able to download packages or ping any internet site but then I loose connection from accessing internet. I checked my Openstack services and they are up and in running state. > > > > -----Original Message----- > From: Andreas Scheuring [mailto:scheuran at linux.vnet.ibm.com] > Sent: Thursday, July 16, 2015 1:22 PM > To: Adyanthaya, Aishwarya > Cc: openstack-operators at lists.openstack.org > Subject: Re: [Openstack-operators] Unable to connect to internet from Openstack instance > > Looks like name resolution does not work properly. You need to add an dns entry to your instance. You can try that by hand first > (/etc/resolv.conf) or you could try to add the dns info to your neutron subnet. > > The dns server usually lives somewhere outside your openstack installation, so you should provide the external one > > Andreas (IRC: scheuran) > > > On Do, 2015-07-16 at 05:09 +0000, aishwarya.adyanthaya at accenture.com > wrote: > > Hi, > > > > > > > > I created an instance in my dashboard and attached a floating IP to > > it. I?m able to ssh to node (which has Ubuntu 14.04 image) but when I > > try to do an ?apt-get update && apt-get upgrade? I?m facing issue > > there. Below is what I?m facing: > > > > > > > > root at node:/home/ubuntu# apt-get update && apt-get upgrade > > > > Err http://archive.ubuntu.com trusty InRelease > > > > > > > > Err http://archive.ubuntu.com trusty-updates InRelease > > > > > > > > Err http://security.ubuntu.com trusty-security InRelease > > > > > > > > Err http://archive.ubuntu.com trusty Release.gpg > > > > Could not resolve 'archive.ubuntu.com' > > > > Err http://security.ubuntu.com trusty-security Release.gpg > > > > Could not resolve 'security.ubuntu.com' > > > > Err http://archive.ubuntu.com trusty-updates Release.gpg > > > > Could not resolve 'archive.ubuntu.com' > > > > Reading package lists... Done > > > > W: Failed to fetch > > http://archive.ubuntu.com/ubuntu/dists/trusty/InRelease > > > > > > > > W: Failed to fetch > > http://archive.ubuntu.com/ubuntu/dists/trusty-updates/InRelease > > > > > > > > W: Failed to fetch > > http://security.ubuntu.com/ubuntu/dists/trusty-security/InRelease > > > > > > > > W: Failed to fetch > > http://archive.ubuntu.com/ubuntu/dists/trusty/Release.gpg Could not > > resolve 'archive.ubuntu.com' > > > > > > > > W: Failed to fetch > > http://archive.ubuntu.com/ubuntu/dists/trusty-updates/Release.gpg > > Could not resolve 'archive.ubuntu.com' > > > > > > > > W: Failed to fetch > > http://security.ubuntu.com/ubuntu/dists/trusty-security/Release.gpg > > Could not resolve 'security.ubuntu.com' > > > > > > > > W: Some index files failed to download. They have been ignored, or old > > ones used instead. > > > > Reading package lists... Done > > > > Building dependency tree > > > > Reading state information... Done > > > > Calculating upgrade... Done > > > > 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. > > > > > > > > Thank you, > > > > Aishwarya Adyanthaya > > > > > > > > > > ______________________________________________________________________ > > > > This message is for the designated recipient only and may contain > > privileged, proprietary, or otherwise confidential information. If you > > have received it in error, please notify the sender immediately and > > delete the original. Any other use of the e-mail by you is prohibited. > > Where allowed by local law, electronic communications with Accenture > > and its affiliates, including e-mail and instant messaging (including > > content), may be scanned by our systems for the purposes of > > information security and assessment of internal compliance with > > Accenture policy. > > ______________________________________________________________________ > > ________________ > > > > www.accenture.com > > _______________________________________________ > > OpenStack-operators mailing list > > OpenStack-operators at lists.openstack.org > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operator > > s > > -- > Andreas > (IRC: scheuran) > > > > ________________________________ > > This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. > ______________________________________________________________________________________ > > www.accenture.com -- Andreas (IRC: scheuran) From tom at openstack.org Thu Jul 16 13:11:26 2015 From: tom at openstack.org (Tom Fifield) Date: Thu, 16 Jul 2015 21:11:26 +0800 Subject: [Openstack-operators] [tags] Meeting this week In-Reply-To: <55A78954.5070707@maishsk.com> References: <5590CC1D.1010809@openstack.org> <55A76707.1050008@maishsk.com> <55A768AA.2040005@openstack.org> <55A78954.5070707@maishsk.com> Message-ID: <55A7AD7E.7030201@openstack.org> OK, if there isn't soon an outpouring of support for this meeting, I think it's best cancelled :) On 16/07/15 18:37, Maish Saidel-Keesing wrote: > I would prefer to defer today's meeting > > On 07/16/15 11:17, Tom Fifield wrote: >> Hi, >> >> According to the logs from last week, which are sadly in yet another >> directory: http://eavesdrop.openstack.org/meetings/_operator_tags/ , we >> do have a meeting this week, but the only agenda item (Jamespage & >> markbaker - thoughts on packaging) didn't pan out since markbaker wasn't >> available. >> >> Is there interest for a meeting, and any proposed topics? ops:ha? >> >> Regards, >> >> >> Tom >> >> >> >> On 16/07/15 16:10, Maish Saidel-Keesing wrote: >>> Are we having a meeting today at 14:00 UTC? >>> >>> On 06/29/15 07:39, Tom Fifield wrote: >>>> Hi, >>>> >>>> As noted last meeting, we didn't get even half way through out agenda, >>>> so we will meet this week as well. >>>> >>>> So, join us this Thursday Jul 2nd 1400 UTC in #openstack-meeting on >>>> freenode >>>> (http://www.timeanddate.com/worldclock/fixedtime.html?iso=20150702T1400 >>>> ) >>>> >>>> To kick off with agenda item #4: >>>> https://etherpad.openstack.org/p/ops-tags-June-2015 >>>> >>>> Previous meeting notes can be found at: >>>> http://eavesdrop.openstack.org/meetings/ops_tags/2015/ >>>> >>>> >>>> Regards, >>>> >>>> >>>> Tom >>>> > From adam.huffman at gmail.com Thu Jul 16 15:59:28 2015 From: adam.huffman at gmail.com (Adam Huffman) Date: Thu, 16 Jul 2015 16:59:28 +0100 Subject: [Openstack-operators] Outbound and inbound external access for projects In-Reply-To: References: Message-ID: Hi Kevin, On Wed, Jul 15, 2015 at 4:42 PM, Kevin Bringard (kevinbri) wrote: > You don't need "per project vlans" for inbound and outbound access. Public > Ips only need a single VLAN between the logical routers > (net-hosts/l3-agent hosts) and their next hop... It's the internal > networks which require multiple VLANs if you wish to do such a thing, and > those VLANs are only necessary on your internal switches. Alternatively > you can use GRE or STT or some other segregation method and avoid the VLAN > cap altogether (on internal networks). > It's all VLAN-based, with an allocation for provider and project networks already configured on the switches, so it makes sense to continue that approach. Let's see if I can translate my original message into English. It's an Icehouse setup with Neutron and heavy use of VLANs. Each project network has its own VLAN. We also have a VLAN range designated on the switches for provider networks, more than sufficient for the number of projects we're expecting over the lifetime of this system. At the moment there's a single provider network, which is used for floating IP access to instances via SSH. We have received a small allocation of public IPs (32) and some Cisco firewall/VPN hardware that connects to the upstream internet router. We would like to provide outbound access to all projects, but we don't want instances within a project to be able to see instances within another project, which rules out having a single provider network for all projects (unless there's a way of adding restrictions within Neutron and/or OVS that I've missed?). For outbound access, the default idea is to create a new provider network for each project, on its own VLAN. Then we create PAT rules on the external firewall to pass through outbound traffic coming from each of these VLANs. For inbound access, the two main ideas are 1:1 NAT rules, mapping from the public IPs to project RFC1918 IPs, or adding another external network that connects directly to these public IPs, using the firewall as the external router. I've read some of the discussions that have taken here about related topics, and everyone seems to be doing it differently, or heavily patching Neutron, which isn't particularly appealing. Does this approach make sense? I'm quite happy to accept a derisive response, so long as a better alternative is provided... Cheers, Adam > Basically, the flow looks like so: > > Internet -> Floating IP (hosted on your logical router host... All a > single "public VLAN") -> NAT translation to internal tenant subnet (and > tagged with the "internal OVS VLAN" -> VLAN translation flow (if it needs > to go to the wire) tags the packet with the VLAN assigned to the tenant's > subnet (or goes over the requisite GRE tunnel) -> ... > > It's kind of complicated, I know, but hopefully that helps some? Or > perhaps I just misunderstood your scenario/question, which is also > entirely possible :-D > > > On 7/15/15, 9:24 AM, "Adam Huffman" wrote: > >>Hello >> >>We're at the stage of working out how to integrate our Icehouse system >>with the external network, using Neutron. >> >>We have a limited set of public IPs available for inbound access, and >>we'd also like to make outbound access optional, in case some projects >>want to be completely isolated. >> >>One suggestion is as follows: >> >>- each project is allocated a single /24 VLAN >> >>- within this VLAN, there are 2 subnets >> >>- the first subnet (/25) would be for outbound access, using floating IPs >> >>- the second (/25) subnet would be for inbound access, drawing from >>the limited public pool, also with floating IPs >> >>Does that sound sensible/feasible? The Cisco hardware that's providing >>the route to the external network has constraints in the numbers of >>VLANs it will support, so we prefer this approach to having separate >>per-project VLANs for outbound and inbound access. >> >>If there's a different way of achieving this, I'd be interested to >>hear that too. >> >> >>Cheers, >>Adam >> >>_______________________________________________ >>OpenStack-operators mailing list >>OpenStack-operators at lists.openstack.org >>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > From berrange at redhat.com Fri Jul 17 12:07:56 2015 From: berrange at redhat.com (Daniel P. Berrange) Date: Fri, 17 Jul 2015 13:07:56 +0100 Subject: [Openstack-operators] Puzzling issue: Unacceptable CPU info: CPU doesn't have compatibility In-Reply-To: References: Message-ID: <20150717120755.GJ4835@redhat.com> On Thu, Jul 09, 2015 at 12:00:15PM -0600, David Medberry wrote: > Hi, > > When trying to live-migrate between two distinct CPUs, I kind of expect > there to be issues. Which is why openstack supports the "cpu_mode=custom", > "cpu_model=MODELNAME" flags for libvirt. > > When I set those to some Lowest Common Denominator (and restart > everything), I still git the issue. I've set both systems to SandyBridge > and tested as well as Conroe. The actual CPUs are Ivy Bridge and Haswell > (newer than SandyBridge and supersets thereof.) > > The Older->Newer migration works fine (even without setting a cpu_model) > but the newer to older never works. > > Specfics: > OpenStack Juno.2 > LibVirt: 1.2.2 > > Older: model name : Intel(R) Xeon(R) CPU E5-2650 v2 @ 2.60GHz (Ivy Bridge) > Newer: model name : Intel(R) Xeon(R) CPU E5-2650 v3 @ 2.30GHz (Haswell) > > Daniel, Operators: Any ideas? In versions of Nova prior to Liberty, nova did an incorrect CPU model comparison. It checks the source *host* CPU model against the dest host CPU model, instead of checking the *guest* CPU model against the dest host CPU model. This is fixed in Liberty, provided you have the cpu_mode=custom and cpu_modelk=MODELNAME parameters set. Unfortunately the fix will only work for guests that are launched under Liberty codebase as it needed a database addition. So if you have existing running guests from Juno those need restarting after upgrade. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| From berrange at redhat.com Fri Jul 17 12:10:00 2015 From: berrange at redhat.com (Daniel P. Berrange) Date: Fri, 17 Jul 2015 13:10:00 +0100 Subject: [Openstack-operators] Puzzling issue: Unacceptable CPU info: CPU doesn't have compatibility In-Reply-To: <20150717120755.GJ4835@redhat.com> References: <20150717120755.GJ4835@redhat.com> Message-ID: <20150717121000.GK4835@redhat.com> On Fri, Jul 17, 2015 at 01:07:56PM +0100, Daniel P. Berrange wrote: > On Thu, Jul 09, 2015 at 12:00:15PM -0600, David Medberry wrote: > > Hi, > > > > When trying to live-migrate between two distinct CPUs, I kind of expect > > there to be issues. Which is why openstack supports the "cpu_mode=custom", > > "cpu_model=MODELNAME" flags for libvirt. > > > > When I set those to some Lowest Common Denominator (and restart > > everything), I still git the issue. I've set both systems to SandyBridge > > and tested as well as Conroe. The actual CPUs are Ivy Bridge and Haswell > > (newer than SandyBridge and supersets thereof.) > > > > The Older->Newer migration works fine (even without setting a cpu_model) > > but the newer to older never works. > > > > Specfics: > > OpenStack Juno.2 > > LibVirt: 1.2.2 > > > > Older: model name : Intel(R) Xeon(R) CPU E5-2650 v2 @ 2.60GHz (Ivy Bridge) > > Newer: model name : Intel(R) Xeon(R) CPU E5-2650 v3 @ 2.30GHz (Haswell) > > > > Daniel, Operators: Any ideas? > > In versions of Nova prior to Liberty, nova did an incorrect CPU model > comparison. It checks the source *host* CPU model against the dest > host CPU model, instead of checking the *guest* CPU model against the > dest host CPU model. > > This is fixed in Liberty, provided you have the cpu_mode=custom and > cpu_modelk=MODELNAME parameters set. Unfortunately the fix will only > work for guests that are launched under Liberty codebase as it needed > a database addition. So if you have existing running guests from Juno > those need restarting after upgrade. Sigh, s/Liberty/Kilo/ in everything I wrote here Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| From openstack at medberry.net Fri Jul 17 12:58:46 2015 From: openstack at medberry.net (David Medberry) Date: Fri, 17 Jul 2015 06:58:46 -0600 Subject: [Openstack-operators] Puzzling issue: Unacceptable CPU info: CPU doesn't have compatibility In-Reply-To: <20150717121000.GK4835@redhat.com> References: <20150717120755.GJ4835@redhat.com> <20150717121000.GK4835@redhat.com> Message-ID: HI Daniel, Yep found that all out. Now I'm struggling through the NUMA mismatch. NUMA as there are two cpus. The old CPU was a 10 core 20 thread thus 40 "cpus", {0-9,20-29} and then {10-19,30-39} on the other cell. The new CPU is a 12 core 24 thread. Apparently even in kilo, this results in a mismatch if I'm running a 2 VCPU guest and trying to migrate from new to old. I suspect I have to disable NUMA somehow (filter, etc) but it is entirely non-obvious. And of course I'm doing this again in OpenStack nova (not direct libvirt) so I'm going to do a bit more research and then file a new bug. This also may be fixed in Kilo but I"m not finding it (and it may be fixed in Liberty already and just need a backport.) My apologies for not following up to the list once I found the Kilo solution to the original problem. On Fri, Jul 17, 2015 at 6:10 AM, Daniel P. Berrange wrote: > On Fri, Jul 17, 2015 at 01:07:56PM +0100, Daniel P. Berrange wrote: > > On Thu, Jul 09, 2015 at 12:00:15PM -0600, David Medberry wrote: > > > Hi, > > > > > > When trying to live-migrate between two distinct CPUs, I kind of expect > > > there to be issues. Which is why openstack supports the > "cpu_mode=custom", > > > "cpu_model=MODELNAME" flags for libvirt. > > > > > > When I set those to some Lowest Common Denominator (and restart > > > everything), I still git the issue. I've set both systems to > SandyBridge > > > and tested as well as Conroe. The actual CPUs are Ivy Bridge and > Haswell > > > (newer than SandyBridge and supersets thereof.) > > > > > > The Older->Newer migration works fine (even without setting a > cpu_model) > > > but the newer to older never works. > > > > > > Specfics: > > > OpenStack Juno.2 > > > LibVirt: 1.2.2 > > > > > > Older: model name : Intel(R) Xeon(R) CPU E5-2650 v2 @ 2.60GHz (Ivy > Bridge) > > > Newer: model name : Intel(R) Xeon(R) CPU E5-2650 v3 @ 2.30GHz (Haswell) > > > > > > Daniel, Operators: Any ideas? > > > > In versions of Nova prior to Liberty, nova did an incorrect CPU model > > comparison. It checks the source *host* CPU model against the dest > > host CPU model, instead of checking the *guest* CPU model against the > > dest host CPU model. > > > > This is fixed in Liberty, provided you have the cpu_mode=custom and > > cpu_modelk=MODELNAME parameters set. Unfortunately the fix will only > > work for guests that are launched under Liberty codebase as it needed > > a database addition. So if you have existing running guests from Juno > > those need restarting after upgrade. > > Sigh, s/Liberty/Kilo/ in everything I wrote here > > Regards, > Daniel > -- > |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ > :| > |: http://libvirt.org -o- http://virt-manager.org > :| > |: http://autobuild.org -o- http://search.cpan.org/~danberr/ > :| > |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc > :| > -------------- next part -------------- An HTML attachment was scrubbed... URL: From awells at digiumcloud.com Fri Jul 17 13:10:15 2015 From: awells at digiumcloud.com (Aubrey Wells) Date: Fri, 17 Jul 2015 09:10:15 -0400 Subject: [Openstack-operators] Puzzling issue: Unacceptable CPU info: CPU doesn't have compatibility In-Reply-To: References: <20150717120755.GJ4835@redhat.com> <20150717121000.GK4835@redhat.com> Message-ID: I ran into the different core count thing a while back too and its not fixed in Kilo (that's where I discovered it). I posted to the mailing list and didn't get any feedback on it, but as I was just looking in the archives to send you the link to the hack I found to fix it, I noticed that it silently failed to post to the mailing list. I'll add the text of my email below, maybe someone will have some ideas. Original message follows. ======= Greetings, Trying to decide if this is a bug or just a config option that I can't find. The setup I'm currently testing in my lab with is two compute nodes running Kilo, one has 40 cores (2x 10c with HT) and one has 16 cores (2x 4c + HT). I don't have any CPU pinning enabled in my nova config, which seems to have the effect of setting in libvirt.xml a vcpu cpuset element like (if created on the 40c node): 1 And then if I migrate that instance to the 16c node, it will bomb out with an exception: Live Migration failure: Invalid value '0,2,4,6,8,10,12,14,16,18,20,22,24,26,28,30,32,34,36,38' for 'cpuset.cpus': Invalid argument Which makes sense, since that node doesn't have any vcpus after 15 (0-15). I can fix the symptom by commenting out a line in nova/virt/libvirt/config.py (circa line 1831) so it always has an empty cpuset and thus doesn't write that line to libvirt.xml: # vcpu.set("cpuset", hardware.format_cpu_spec(self.cpuset)) And the instance will happily migrate to the host with less CPUs, but this loses some of the benefit of openstack trying to evenly spread out the core usage on the host, at least that's what I think the purpose of that is. I'd rather fix it the right way if there's a config option I don't see or file a bug if its a bug. What I think should be happening is that when it creates the libvirt definition on the destination compute node, it write out the correct cpuset per the specs of the hardware its going on to. If it matters, in my nova-compute.conf file, I also have cpu mode and model defined to allow me to migrate between the two different architectures to begin with (the 40c is Sandybridge and the 16c is Westmere so I set it to the lowest common denominator of Westmere): cpu_mode=custom cpu_model=Westmere Any help is appreciated. On Fri, Jul 17, 2015 at 8:58 AM, David Medberry wrote: > HI Daniel, > > Yep found that all out. > > Now I'm struggling through the NUMA mismatch. NUMA as there are two cpus. > The old CPU was a 10 core 20 thread thus 40 "cpus", {0-9,20-29} and then > {10-19,30-39} on the other cell. The new CPU is a 12 core 24 thread. > Apparently even in kilo, this results in a mismatch if I'm running a 2 VCPU > guest and trying to migrate from new to old. I suspect I have to disable > NUMA somehow (filter, etc) but it is entirely non-obvious. And of course > I'm doing this again in OpenStack nova (not direct libvirt) so I'm going to > do a bit more research and then file a new bug. This also may be fixed in > Kilo but I"m not finding it (and it may be fixed in Liberty already and > just need a backport.) > > My apologies for not following up to the list once I found the Kilo > solution to the original problem. > > On Fri, Jul 17, 2015 at 6:10 AM, Daniel P. Berrange > wrote: > >> On Fri, Jul 17, 2015 at 01:07:56PM +0100, Daniel P. Berrange wrote: >> > On Thu, Jul 09, 2015 at 12:00:15PM -0600, David Medberry wrote: >> > > Hi, >> > > >> > > When trying to live-migrate between two distinct CPUs, I kind of >> expect >> > > there to be issues. Which is why openstack supports the >> "cpu_mode=custom", >> > > "cpu_model=MODELNAME" flags for libvirt. >> > > >> > > When I set those to some Lowest Common Denominator (and restart >> > > everything), I still git the issue. I've set both systems to >> SandyBridge >> > > and tested as well as Conroe. The actual CPUs are Ivy Bridge and >> Haswell >> > > (newer than SandyBridge and supersets thereof.) >> > > >> > > The Older->Newer migration works fine (even without setting a >> cpu_model) >> > > but the newer to older never works. >> > > >> > > Specfics: >> > > OpenStack Juno.2 >> > > LibVirt: 1.2.2 >> > > >> > > Older: model name : Intel(R) Xeon(R) CPU E5-2650 v2 @ 2.60GHz (Ivy >> Bridge) >> > > Newer: model name : Intel(R) Xeon(R) CPU E5-2650 v3 @ 2.30GHz >> (Haswell) >> > > >> > > Daniel, Operators: Any ideas? >> > >> > In versions of Nova prior to Liberty, nova did an incorrect CPU model >> > comparison. It checks the source *host* CPU model against the dest >> > host CPU model, instead of checking the *guest* CPU model against the >> > dest host CPU model. >> > >> > This is fixed in Liberty, provided you have the cpu_mode=custom and >> > cpu_modelk=MODELNAME parameters set. Unfortunately the fix will only >> > work for guests that are launched under Liberty codebase as it needed >> > a database addition. So if you have existing running guests from Juno >> > those need restarting after upgrade. >> >> Sigh, s/Liberty/Kilo/ in everything I wrote here >> >> Regards, >> Daniel >> -- >> |: http://berrange.com -o- >> http://www.flickr.com/photos/dberrange/ :| >> |: http://libvirt.org -o- >> http://virt-manager.org :| >> |: http://autobuild.org -o- >> http://search.cpan.org/~danberr/ :| >> |: http://entangle-photo.org -o- >> http://live.gnome.org/gtk-vnc :| >> > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From openstack at medberry.net Fri Jul 17 13:21:16 2015 From: openstack at medberry.net (David Medberry) Date: Fri, 17 Jul 2015 07:21:16 -0600 Subject: [Openstack-operators] Puzzling issue: Unacceptable CPU info: CPU doesn't have compatibility In-Reply-To: References: <20150717120755.GJ4835@redhat.com> <20150717121000.GK4835@redhat.com> Message-ID: Hi Aubrey, I'm actually wondering if this is a new regression bug INTRODUCED in Kilo (as part of the NUMA work). I'll be testing that a bit too by altering my Juno architecture a bit (monkeying with kernel MAXCPUS to see if I can get into a similar situation in Juno but with identical hardware.) The best info I have found so far is Daniel's howto (in the openstack docs) for creating a test scenario for numa: http://docs.openstack.org/developer/nova/devref/testing/libvirt-numa.html (and related pages) On Fri, Jul 17, 2015 at 7:10 AM, Aubrey Wells wrote: > I ran into the different core count thing a while back too and its not > fixed in Kilo (that's where I discovered it). I posted to the mailing list > and didn't get any feedback on it, but as I was just looking in the > archives to send you the link to the hack I found to fix it, I noticed that > it silently failed to post to the mailing list. I'll add the text of my > email below, maybe someone will have some ideas. Original message follows. > > ======= > > Greetings, > Trying to decide if this is a bug or just a config option that I can't > find. The setup I'm currently testing in my lab with is two compute nodes > running Kilo, one has 40 cores (2x 10c with HT) and one has 16 cores (2x 4c > + HT). I don't have any CPU pinning enabled in my nova config, which seems > to have the effect of setting in libvirt.xml a vcpu cpuset element like (if > created on the 40c node): > > cpuset="1,3,5,7,9,11,13,15,17,19,21,23,25,27,29,31,33,35,37,39">1 > > And then if I migrate that instance to the 16c node, it will bomb out with > an exception: > > Live Migration failure: Invalid value > '0,2,4,6,8,10,12,14,16,18,20,22,24,26,28,30,32,34,36,38' for 'cpuset.cpus': > Invalid argument > > Which makes sense, since that node doesn't have any vcpus after 15 (0-15). > > I can fix the symptom by commenting out a line in > nova/virt/libvirt/config.py (circa line 1831) so it always has an empty > cpuset and thus doesn't write that line to libvirt.xml: > # vcpu.set("cpuset", hardware.format_cpu_spec(self.cpuset)) > > And the instance will happily migrate to the host with less CPUs, but this > loses some of the benefit of openstack trying to evenly spread out the > core usage on the host, at least that's what I think the purpose of that > is. > > I'd rather fix it the right way if there's a config option I don't see or > file a bug if its a bug. > > What I think should be happening is that when it creates the libvirt > definition on the destination compute node, it write out the correct cpuset > per the specs of the hardware its going on to. > > If it matters, in my nova-compute.conf file, I also have cpu mode and > model defined to allow me to migrate between the two different > architectures to begin with (the 40c is Sandybridge and the 16c is Westmere > so I set it to the lowest common denominator of Westmere): > > cpu_mode=custom > cpu_model=Westmere > > Any help is appreciated. > > > > On Fri, Jul 17, 2015 at 8:58 AM, David Medberry > wrote: > >> HI Daniel, >> >> Yep found that all out. >> >> Now I'm struggling through the NUMA mismatch. NUMA as there are two cpus. >> The old CPU was a 10 core 20 thread thus 40 "cpus", {0-9,20-29} and then >> {10-19,30-39} on the other cell. The new CPU is a 12 core 24 thread. >> Apparently even in kilo, this results in a mismatch if I'm running a 2 VCPU >> guest and trying to migrate from new to old. I suspect I have to disable >> NUMA somehow (filter, etc) but it is entirely non-obvious. And of course >> I'm doing this again in OpenStack nova (not direct libvirt) so I'm going to >> do a bit more research and then file a new bug. This also may be fixed in >> Kilo but I"m not finding it (and it may be fixed in Liberty already and >> just need a backport.) >> >> My apologies for not following up to the list once I found the Kilo >> solution to the original problem. >> >> On Fri, Jul 17, 2015 at 6:10 AM, Daniel P. Berrange >> wrote: >> >>> On Fri, Jul 17, 2015 at 01:07:56PM +0100, Daniel P. Berrange wrote: >>> > On Thu, Jul 09, 2015 at 12:00:15PM -0600, David Medberry wrote: >>> > > Hi, >>> > > >>> > > When trying to live-migrate between two distinct CPUs, I kind of >>> expect >>> > > there to be issues. Which is why openstack supports the >>> "cpu_mode=custom", >>> > > "cpu_model=MODELNAME" flags for libvirt. >>> > > >>> > > When I set those to some Lowest Common Denominator (and restart >>> > > everything), I still git the issue. I've set both systems to >>> SandyBridge >>> > > and tested as well as Conroe. The actual CPUs are Ivy Bridge and >>> Haswell >>> > > (newer than SandyBridge and supersets thereof.) >>> > > >>> > > The Older->Newer migration works fine (even without setting a >>> cpu_model) >>> > > but the newer to older never works. >>> > > >>> > > Specfics: >>> > > OpenStack Juno.2 >>> > > LibVirt: 1.2.2 >>> > > >>> > > Older: model name : Intel(R) Xeon(R) CPU E5-2650 v2 @ 2.60GHz (Ivy >>> Bridge) >>> > > Newer: model name : Intel(R) Xeon(R) CPU E5-2650 v3 @ 2.30GHz >>> (Haswell) >>> > > >>> > > Daniel, Operators: Any ideas? >>> > >>> > In versions of Nova prior to Liberty, nova did an incorrect CPU model >>> > comparison. It checks the source *host* CPU model against the dest >>> > host CPU model, instead of checking the *guest* CPU model against the >>> > dest host CPU model. >>> > >>> > This is fixed in Liberty, provided you have the cpu_mode=custom and >>> > cpu_modelk=MODELNAME parameters set. Unfortunately the fix will only >>> > work for guests that are launched under Liberty codebase as it needed >>> > a database addition. So if you have existing running guests from Juno >>> > those need restarting after upgrade. >>> >>> Sigh, s/Liberty/Kilo/ in everything I wrote here >>> >>> Regards, >>> Daniel >>> -- >>> |: http://berrange.com -o- >>> http://www.flickr.com/photos/dberrange/ :| >>> |: http://libvirt.org -o- >>> http://virt-manager.org :| >>> |: http://autobuild.org -o- >>> http://search.cpan.org/~danberr/ :| >>> |: http://entangle-photo.org -o- >>> http://live.gnome.org/gtk-vnc :| >>> >> >> >> _______________________________________________ >> OpenStack-operators mailing list >> OpenStack-operators at lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From berrange at redhat.com Fri Jul 17 13:28:25 2015 From: berrange at redhat.com (Daniel P. Berrange) Date: Fri, 17 Jul 2015 14:28:25 +0100 Subject: [Openstack-operators] Puzzling issue: Unacceptable CPU info: CPU doesn't have compatibility In-Reply-To: References: <20150717120755.GJ4835@redhat.com> <20150717121000.GK4835@redhat.com> Message-ID: <20150717132825.GM4835@redhat.com> On Fri, Jul 17, 2015 at 06:58:46AM -0600, David Medberry wrote: > HI Daniel, > > Yep found that all out. > > Now I'm struggling through the NUMA mismatch. NUMA as there are two cpus. > The old CPU was a 10 core 20 thread thus 40 "cpus", {0-9,20-29} and then > {10-19,30-39} on the other cell. The new CPU is a 12 core 24 thread. > Apparently even in kilo, this results in a mismatch if I'm running a 2 VCPU > guest and trying to migrate from new to old. I suspect I have to disable > NUMA somehow (filter, etc) but it is entirely non-obvious. And of course > I'm doing this again in OpenStack nova (not direct libvirt) so I'm going to > do a bit more research and then file a new bug. This also may be fixed in > Kilo but I"m not finding it (and it may be fixed in Liberty already and > just need a backport.) > > My apologies for not following up to the list once I found the Kilo > solution to the original problem. The fact that Nova doesn't rewrite numa topology on migrate is a known bug which Nikola is working on fixing in Liberty. IIRC, you ought to be able to avoid it by just disabling the NUMA schedular filter. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| From openstack at medberry.net Fri Jul 17 13:31:29 2015 From: openstack at medberry.net (David Medberry) Date: Fri, 17 Jul 2015 07:31:29 -0600 Subject: [Openstack-operators] Puzzling issue: Unacceptable CPU info: CPU doesn't have compatibility In-Reply-To: <20150717132825.GM4835@redhat.com> References: <20150717120755.GJ4835@redhat.com> <20150717121000.GK4835@redhat.com> <20150717132825.GM4835@redhat.com> Message-ID: Thanks Daniel. Oddly, pretty sure we're not using the numa scheduler but I'll triple check. Thanks for the info on the "known bug" part, that's even better. On Fri, Jul 17, 2015 at 7:28 AM, Daniel P. Berrange wrote: > On Fri, Jul 17, 2015 at 06:58:46AM -0600, David Medberry wrote: > > HI Daniel, > > > > Yep found that all out. > > > > Now I'm struggling through the NUMA mismatch. NUMA as there are two cpus. > > The old CPU was a 10 core 20 thread thus 40 "cpus", {0-9,20-29} and then > > {10-19,30-39} on the other cell. The new CPU is a 12 core 24 thread. > > Apparently even in kilo, this results in a mismatch if I'm running a 2 > VCPU > > guest and trying to migrate from new to old. I suspect I have to disable > > NUMA somehow (filter, etc) but it is entirely non-obvious. And of course > > I'm doing this again in OpenStack nova (not direct libvirt) so I'm going > to > > do a bit more research and then file a new bug. This also may be fixed in > > Kilo but I"m not finding it (and it may be fixed in Liberty already and > > just need a backport.) > > > > My apologies for not following up to the list once I found the Kilo > > solution to the original problem. > > The fact that Nova doesn't rewrite numa topology on migrate is a known > bug which Nikola is working on fixing in Liberty. IIRC, you ought to be > able to avoid it by just disabling the NUMA schedular filter. > > > Regards, > Daniel > -- > |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ > :| > |: http://libvirt.org -o- http://virt-manager.org > :| > |: http://autobuild.org -o- http://search.cpan.org/~danberr/ > :| > |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc > :| > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ignaziocassano at gmail.com Fri Jul 17 17:38:59 2015 From: ignaziocassano at gmail.com (Ignazio Cassano) Date: Fri, 17 Jul 2015 19:38:59 +0200 Subject: [Openstack-operators] openstack kilo storage network separation Message-ID: Hi guys, I followed openstack kilo documentaion for installin it on centos 7. In the block storage installation sections it is not explained how use a separate network for storage. My compute and storage nodes have a nic on a storage network but following the documentation I was not able to use this network, so all storage traffic runs over management network M storage node is configured with cinder lvm2 with iscsi tgtd driver. Can anyone help me ? Regards Ignazio -------------- next part -------------- An HTML attachment was scrubbed... URL: From antonio.s.messina at gmail.com Fri Jul 17 17:47:43 2015 From: antonio.s.messina at gmail.com (Antonio Messina) Date: Fri, 17 Jul 2015 19:47:43 +0200 Subject: [Openstack-operators] openstack kilo storage network separation In-Reply-To: References: Message-ID: I think you have to set iscsi_ip_address option in cinder.conf. .a. From ignaziocassano at gmail.com Fri Jul 17 18:30:57 2015 From: ignaziocassano at gmail.com (Ignazio Cassano) Date: Fri, 17 Jul 2015 20:30:57 +0200 Subject: [Openstack-operators] openstack kilo storage network separation In-Reply-To: References: Message-ID: I have already tried to insert what you suggested but looking at /var/lib/iscsi directory on computing note I saw its iscsi initiator is still using the target on management network. Must I modify it either on storage nod or controller node ? Does controller node pass the configuratin to computing node ? Many thanks Il giorno 17/lug/2015 19:48, "Antonio Messina" ha scritto: > I think you have to set iscsi_ip_address option in cinder.conf. > > .a. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From kfj at puppetlabs.com Fri Jul 17 18:49:56 2015 From: kfj at puppetlabs.com (Ken Johnson) Date: Fri, 17 Jul 2015 11:49:56 -0700 Subject: [Openstack-operators] [puppet] Automating multi-domain Keystone configuration & user list command failure Message-ID: Hey all, hoping that someone else might be running into this too... Right now I'm in the process of trying to get Keystone deployed, set up for v3 API usage, with multiple identity backends (specifically, a SQL backed default domain for service accounts, and another backed by LDAP for users). I've had luck so far using the Keystone module to get as far as I can and then doing the not yet supported multi-domain bits with lower level resources... But I'm running into one snag that I've not yet been able to find a workaround for yet. During runs, after the multi-domain config has been laid down, I'm seeing output like this where an attempt is made to see if the admin user exists, then create the user if not. Polling of existing users fails due to an authentication failure for the user list command, which causes an attempt to create the already extant admin user, which results in the resource failing and following actions being abandoned. -- Debug: Executing '/usr/bin/openstack user list --quiet --format csv --long' Error: Could not prefetch keystone_user provider 'openstack': Could not authenticate. Debug: Executing '/usr/bin/openstack user create --format shell username --enable --password password --email username at domain --domain domain' Error: Execution of '/usr/bin/openstack user create --format shell username --enable --password password --email username at domain --domain domain' returned 1: ERROR: openstack Conflict occurred attempting to store user - Duplicate Entry (HTTP 409) (Request-ID: req-1ae18aaf-8a2c-42bd-a456-83303ec668b1) Error: /Stage[main]/Keystone::Roles::Admin/Keystone_user[openstack-keystone]/ensure: change from absent to present failed: Execution of '/usr/bin/openstack user create --format shell username --enable --password password --email username at domain --domain domain' returned 1: ERROR: openstack Conflict occurred attempting to store user - Duplicate Entry (HTTP 409) (Request-ID: req-1ae18aaf-8a2c-42bd-a456-83303ec668b1) Notice: /Stage[main]/Keystone::Roles::Admin/Keystone_user_role[openstack-keystone at openstack]: Dependency Keystone_user[openstack-keystone] has failures: true Warning: /Stage[main]/Keystone::Roles::Admin/Keystone_user_role[openstack-keystone at openstack]: Skipping because of failed dependencies -- If I look in the Keystone logs I can see the authorization failure. -- 2015-07-17 10:40:52.922 5155 INFO keystone.common.wsgi [-] GET /users? 2015-07-17 10:40:52.922 5155 WARNING keystone.common.controller [-] RBAC: Bypassing authorization 2015-07-17 10:40:52.924 5155 WARNING keystone.common.controller [-] Invalid token found while getting domain ID for list request 2015-07-17 10:40:52.925 5155 WARNING keystone.common.wsgi [-] Authorization failed. The request you have made requires authentication. from 127.0.0.1 -- This only happens with multi-domain configuration in place. Checking out the internals of Keystone, it looks like this happens because when a list request is made in a multi-domain context the token used must have a domain associated with it. Because the provider is using the built in admin token, this domain association doesn't exist. At least, I think that's what's going on, based on what I've read and explored so far. Was wondering if anyone else had encountered this and come up with a way around it. So far I'm not seeing any satisfying way of dealing with this, but still poking around... -------------- next part -------------- An HTML attachment was scrubbed... URL: From louis at kragniz.eu Fri Jul 17 18:50:55 2015 From: louis at kragniz.eu (Louis Taylor) Date: Fri, 17 Jul 2015 19:50:55 +0100 Subject: [Openstack-operators] Removal of Catalog Index Service from Glance Message-ID: <20150717185053.GA31373@gmail.com> Hi operators, In Kilo, we added the Catalog Index Service as an experimental API in Glance. It soon became apparent this would be better suited as a separate project, so it was split into the Searchlight project: https://wiki.openstack.org/wiki/Searchlight We've now started the process of removing the service from Glance for the Liberty release. Since the service was originally had the status of being experimental, we felt it would be okay to remove it without a cycle of deprecation. Is this something that would cause issues for any existing deployments? If you have any feelings about this one way or the other, feel free to share your thoughts on this mailing list or in the review to remove the code: https://review.openstack.org/#/c/197043/ Cheers, Louis -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: Digital signature URL: From antonio.s.messina at gmail.com Fri Jul 17 18:59:59 2015 From: antonio.s.messina at gmail.com (Antonio Messina) Date: Fri, 17 Jul 2015 20:59:59 +0200 Subject: [Openstack-operators] openstack kilo storage network separation In-Reply-To: References: Message-ID: It might only work for new volumes, created after you restart the cinder service. We don't have a separate network for srorage, but i had to use it while preparing this tutorial: https://github.com/gc3-uzh-ch/gridka-school/blob/master/tutorial/overview.rst and as far as i remember that option was the only thing needed. In our case we only had a controller node, but i guess the option must be defined where cinder-volume is running .a. Il 17/lug/2015 08:30 PM, "Ignazio Cassano" ha scritto: > I have already tried to insert what you suggested but looking at > /var/lib/iscsi directory on computing note I saw its iscsi initiator is > still using the target on management network. > Must I modify it either on storage nod or controller node ? > Does controller node pass the configuratin to computing node ? > Many thanks > Il giorno 17/lug/2015 19:48, "Antonio Messina" < > antonio.s.messina at gmail.com> ha scritto: > >> I think you have to set iscsi_ip_address option in cinder.conf. >> >> .a. >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ignaziocassano at gmail.com Fri Jul 17 19:28:29 2015 From: ignaziocassano at gmail.com (Ignazio Cassano) Date: Fri, 17 Jul 2015 21:28:29 +0200 Subject: [Openstack-operators] openstack kilo storage network separation In-Reply-To: References: Message-ID: I'll try on monday. Many thanks Il giorno 17/lug/2015 20:59, "Antonio Messina" ha scritto: > It might only work for new volumes, created after you restart the cinder > service. We don't have a separate network for srorage, but i had to use it > while preparing this tutorial: > https://github.com/gc3-uzh-ch/gridka-school/blob/master/tutorial/overview.rst > and as far as i remember that option was the only thing needed. > > In our case we only had a controller node, but i guess the option must be > defined where cinder-volume is running > > .a. > Il 17/lug/2015 08:30 PM, "Ignazio Cassano" ha > scritto: > >> I have already tried to insert what you suggested but looking at >> /var/lib/iscsi directory on computing note I saw its iscsi initiator is >> still using the target on management network. >> Must I modify it either on storage nod or controller node ? >> Does controller node pass the configuratin to computing node ? >> Many thanks >> Il giorno 17/lug/2015 19:48, "Antonio Messina" < >> antonio.s.messina at gmail.com> ha scritto: >> >>> I think you have to set iscsi_ip_address option in cinder.conf. >>> >>> .a. >>> >> -------------- next part -------------- An HTML attachment was scrubbed... URL: From chris.friesen at windriver.com Fri Jul 17 22:57:52 2015 From: chris.friesen at windriver.com (Chris Friesen) Date: Fri, 17 Jul 2015 16:57:52 -0600 Subject: [Openstack-operators] Puzzling issue: Unacceptable CPU info: CPU doesn't have compatibility In-Reply-To: <20150717132825.GM4835@redhat.com> References: <20150717120755.GJ4835@redhat.com> <20150717121000.GK4835@redhat.com> <20150717132825.GM4835@redhat.com> Message-ID: <55A98870.3020708@windriver.com> On 07/17/2015 07:28 AM, Daniel P. Berrange wrote: > On Fri, Jul 17, 2015 at 06:58:46AM -0600, David Medberry wrote: >> HI Daniel, >> >> Yep found that all out. >> >> Now I'm struggling through the NUMA mismatch. NUMA as there are two cpus. >> The old CPU was a 10 core 20 thread thus 40 "cpus", {0-9,20-29} and then >> {10-19,30-39} on the other cell. The new CPU is a 12 core 24 thread. >> Apparently even in kilo, this results in a mismatch if I'm running a 2 VCPU >> guest and trying to migrate from new to old. I suspect I have to disable >> NUMA somehow (filter, etc) but it is entirely non-obvious. And of course >> I'm doing this again in OpenStack nova (not direct libvirt) so I'm going to >> do a bit more research and then file a new bug. This also may be fixed in >> Kilo but I"m not finding it (and it may be fixed in Liberty already and >> just need a backport.) >> >> My apologies for not following up to the list once I found the Kilo >> solution to the original problem. > > The fact that Nova doesn't rewrite numa topology on migrate is a known > bug which Nikola is working on fixing in Liberty. IIRC, you ought to be > able to avoid it by just disabling the NUMA schedular filter. I wonder if this is due to the "isolate an instance on a numa node" work combined with the fact that numa topology doesn't get rewritten. If so, it might be "fixed" by commit 41ba203 on stable/kilo. If the guest is using dedicated CPUs then there's no fix, it's just broken for live/cold migration, resize, and evacuate. Chris From tom at openstack.org Sat Jul 18 14:42:59 2015 From: tom at openstack.org (Tom Fifield) Date: Sat, 18 Jul 2015 07:42:59 -0700 Subject: [Openstack-operators] Palo Alto Midcycle - agenda brainstorming In-Reply-To: <559F4A00.2060606@openstack.org> References: <559F4A00.2060606@openstack.org> Message-ID: <55AA65F3.9070607@openstack.org> Hi all, If you have some time in the next few days, please contribute to the agenda planning. So far it's looking a bit light, and we need to lock in moderators soon! > ********************************************************************** > > Please propose session ideas on: > > https://etherpad.openstack.org/p/PAO-ops-meetup > > ensuring you read the new instructions to make sessions 'actionable'. > > > ********************************************************************** Regards, Tom On 09/07/15 21:28, Tom Fifield wrote: > Hi all, > > As you've seen - the Ops mid-cycle will be in Palo Alto, August 18&19, > and we need your help to work out what should be on the agenda. > > If you're new: note this is aimed at giving us a design-summit-style > place to congregate, swap best practices, ideas and give feedback, and > is not a good place to learn about the basics of OpenStack. > > As usual, we're working to act on the feedback from all past events to > make this one better than ever. One that we continue to work on is the > need to see action happen as a result of this event, so please - when > you are suggesting sessions in the below etherpad please try and phrase > them in a way that will probably result in things happening afterward. > > > ********************************************************************** > > Please propose session ideas on: > > https://etherpad.openstack.org/p/PAO-ops-meetup > > ensuring you read the new instructions to make sessions 'actionable'. > > > ********************************************************************** > > > The room allocations are still being worked out (all hail Allison!), but > the current thinking is that the general sessions will all be in the > morning of both days, and the working groups will be in the afternoon - > similar to Philadelphia. We probably have a lot more space for smaller > working groups this time. > > > More as it comes, and as always, further information about ops meetups > and notes from the past can be found on the wiki @: > > https://wiki.openstack.org/wiki/Operations/Meetups > > Finally, don't forget to register ASAP: > http://www.eventbrite.com/e/openstack-ops-mid-cycle-meetup-tickets-17703258924 > ! > > > Regards, > > > Tom > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > From ignaziocassano at gmail.com Sat Jul 18 17:05:17 2015 From: ignaziocassano at gmail.com (Ignazio Cassano) Date: Sat, 18 Jul 2015 19:05:17 +0200 Subject: [Openstack-operators] openstack kilo storage network separation In-Reply-To: References: Message-ID: Hi Antonio I verified your suggestion is fine and now iscsi volumes runs over storage network. On yesterday it did not work fike because iscsi_ip_address was in DEFAULT section. I created a lvm section like the followinf and now it works: [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver iscsi_helper = tgtadm # volume group name just created # IP address of Storage Node iscsi_ip_address = 192.168.1.62 volumes_dir = $state_path/volumes iscsi_protocol = iscsi Many Many thanks for your help 2015-07-17 20:59 GMT+02:00 Antonio Messina : > It might only work for new volumes, created after you restart the cinder > service. We don't have a separate network for srorage, but i had to use it > while preparing this tutorial: > https://github.com/gc3-uzh-ch/gridka-school/blob/master/tutorial/overview.rst > and as far as i remember that option was the only thing needed. > > In our case we only had a controller node, but i guess the option must be > defined where cinder-volume is running > > .a. > Il 17/lug/2015 08:30 PM, "Ignazio Cassano" ha > scritto: > >> I have already tried to insert what you suggested but looking at >> /var/lib/iscsi directory on computing note I saw its iscsi initiator is >> still using the target on management network. >> Must I modify it either on storage nod or controller node ? >> Does controller node pass the configuratin to computing node ? >> Many thanks >> Il giorno 17/lug/2015 19:48, "Antonio Messina" < >> antonio.s.messina at gmail.com> ha scritto: >> >>> I think you have to set iscsi_ip_address option in cinder.conf. >>> >>> .a. >>> >> -------------- next part -------------- An HTML attachment was scrubbed... URL: From joe at topjian.net Sat Jul 18 17:11:51 2015 From: joe at topjian.net (Joe Topjian) Date: Sat, 18 Jul 2015 11:11:51 -0600 Subject: [Openstack-operators] Palo Alto Midcycle - agenda brainstorming In-Reply-To: <55AA65F3.9070607@openstack.org> References: <559F4A00.2060606@openstack.org> <55AA65F3.9070607@openstack.org> Message-ID: Hi Tom, The list of General Session ideas is definitely shorter than past meetups, but maybe that's a good sign! It could be that past burning topics have been acknowledged and handled. If that's the case, does anyone have thoughts about extending the length of Working Group sessions so there's more time to collaborate face-to-face as a group? Joe On Sat, Jul 18, 2015 at 8:42 AM, Tom Fifield wrote: > Hi all, > > If you have some time in the next few days, please contribute to the > agenda planning. So far it's looking a bit light, and we need to lock in > moderators soon! > > > > ********************************************************************** > > > > Please propose session ideas on: > > > > https://etherpad.openstack.org/p/PAO-ops-meetup > > > > ensuring you read the new instructions to make sessions 'actionable'. > > > > > > ********************************************************************** > > > > Regards, > > > Tom > > On 09/07/15 21:28, Tom Fifield wrote: > >> Hi all, >> >> As you've seen - the Ops mid-cycle will be in Palo Alto, August 18&19, >> and we need your help to work out what should be on the agenda. >> >> If you're new: note this is aimed at giving us a design-summit-style >> place to congregate, swap best practices, ideas and give feedback, and >> is not a good place to learn about the basics of OpenStack. >> >> As usual, we're working to act on the feedback from all past events to >> make this one better than ever. One that we continue to work on is the >> need to see action happen as a result of this event, so please - when >> you are suggesting sessions in the below etherpad please try and phrase >> them in a way that will probably result in things happening afterward. >> >> >> ********************************************************************** >> >> Please propose session ideas on: >> >> https://etherpad.openstack.org/p/PAO-ops-meetup >> >> ensuring you read the new instructions to make sessions 'actionable'. >> >> >> ********************************************************************** >> >> >> The room allocations are still being worked out (all hail Allison!), but >> the current thinking is that the general sessions will all be in the >> morning of both days, and the working groups will be in the afternoon - >> similar to Philadelphia. We probably have a lot more space for smaller >> working groups this time. >> >> >> More as it comes, and as always, further information about ops meetups >> and notes from the past can be found on the wiki @: >> >> https://wiki.openstack.org/wiki/Operations/Meetups >> >> Finally, don't forget to register ASAP: >> >> http://www.eventbrite.com/e/openstack-ops-mid-cycle-meetup-tickets-17703258924 >> ! >> >> >> Regards, >> >> >> Tom >> >> _______________________________________________ >> OpenStack-operators mailing list >> OpenStack-operators at lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> >> > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nathan at robotics.net Sun Jul 19 17:31:59 2015 From: nathan at robotics.net (Nathan Stratton) Date: Sun, 19 Jul 2015 13:31:59 -0400 Subject: [Openstack-operators] Paid OpenStack / Ceph consulting Message-ID: I have a small 24 server RDO OpenStack Juno / Ceph Firefly cluster on Centos 7 that is for the most part working well. I have run into a few problems tho that I have not been able to resolve myself so I am looking for a consultant to help. Most of the consulting groups I have run into ONLY support a specific distribution (aka theirs). That is great, but I would like to stick with Open Source projects I am currently using. Does anyone know of consulting resources that will work with Open Source components already installed rather then forcing a specific commercial distribution? ><> nathan stratton | vp technology | broadsoft, inc | +1-240-404-6580 | www.broadsoft.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From openstack at medberry.net Sun Jul 19 23:19:48 2015 From: openstack at medberry.net (David Medberry) Date: Sun, 19 Jul 2015 17:19:48 -0600 Subject: [Openstack-operators] Paid OpenStack / Ceph consulting In-Reply-To: References: Message-ID: Nathan, >From the description, RDO Juno and Ceph, it sounds like you should just hire Red Hat consultants as that is their stack. Alternatively, you could just ask your questions here and or in ask Openstack and maybe skip the whole consultancy step. On Jul 19, 2015 11:34 AM, "Nathan Stratton" wrote: > I have a small 24 server RDO OpenStack Juno / Ceph Firefly cluster on > Centos 7 that is for the most part working well. I have run into a few > problems tho that I have not been able to resolve myself so I am looking > for a consultant to help. Most of the consulting groups I have run into > ONLY support a specific distribution (aka theirs). That is great, but I > would like to stick with Open Source projects I am currently using. > > Does anyone know of consulting resources that will work with Open Source > components already installed rather then forcing a specific commercial > distribution? > > ><> > nathan stratton | vp technology | broadsoft, inc | +1-240-404-6580 | > www.broadsoft.com > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nicole at openstack.org Mon Jul 20 02:55:32 2015 From: nicole at openstack.org (Nicole Martinelli) Date: Sun, 19 Jul 2015 19:55:32 -0700 Subject: [Openstack-operators] OpenStack Community Weekly Newsletter (July 10 - 17) Message-ID: <55AC6324.6040802@openstack.org> What you need to know about Google joining OpenStack In the search for the next big thing, Google has joined the OpenStack Foundation. The Mountain View, California-based colossus announced July 16 that it has become a corporate sponsor of the Foundation. OpenStack pins down next release name: Mitaka OpenStack?s next release will be called Mitaka (??). It?s named after the town located in the Tokyo metro area, known for Inokashira park (pictured above) and the Ghibli museum, which showcases the work of the animation studio of the same name. The Road to Tokyo * Registration is open * Tips for getting a travel grant to the next OpenStack Summit * Need a visa for the Tokyo Summit? Here?s what you need to know * Interested in being a Tokyo Summit Sponsor? Reports from Previous Events * None this week Relevant Conversations * OpenStack.NET 1.4 and Beyond * Technical Committee Highlights July 10, 2015 * [nova] Proposal for an Experiment * Upstream repositories for OpenStack deb ?server? packages * OpenStack OperatorsMidcycle - agenda brainstorming Deadlines and Contributors Notifications * [all][ptl][release] need to pick release models * Full list of mid-cycle sprints (meetups) * Product WG Liberty Meetup: August 20-21-12, 2015 @Cisco, San Jose, CA * OpenStack Ops Mid-Cycle Meetup August 18, 2015, Palo Alto, CA Security Advisories and Notices * None this week Tips ?n Tricks * By David Moreau Simard : Migrating Glance images to a different backend * By Lo?c Dachary : restoring an OpenStack ssh public key and oneliner to deploy teuthology on OpenStack and Running your own Ceph integration tests with OpenStack * By Marten Hauville : Newbie Corner ? OpenStack Contribution * By Ryan Hallisey: Containerize OpenStack with Docker * By Alvin Heib : Deploy your service Hadoop-As-A-Service (HaaS) through a HEAT Stack * By Evgeniya Shumakher: Accessing NFS from OpenStack: How to build a Fuel plugin Upcoming Events Celebrating 5 Years of OpenStack at OSCON on Wednesday, July 22nd: RSVP * Jul 19, 2015 Openstack Neutron Latest SDN Trends Hod Hasharon, IL * Jul 20 - 24, 2015 OSCON 2015 Portland, OR, US * Jul 22, 2015 5 Years of OpenStack Portland, Oregon, US * Jul 22, 2015 OpenStack 5th Birthday Russia Moscow, Moscow, RU * Jul 28, 2015 OpenStack 5th Birthday ? Austin Austin, Texas, US * Jul 30 - 31, 2015 DCD INTERNET San Francisco, CA, US * Jul 31 2015 OpenStack Mini Conference Pycon, Brisbane, AU * Aug 07 - 08, 2015 OpenStack Day India 2015 Bangalore, Karnataka, IN * Aug 10 - 13, 2015 Gartner Catalyst Conference San Diego, CA, US * Aug 11, 2015 OpenStack Day Taiwan 2015 Taipei, TW * Aug 13 - 14, 2015 OpenStack Collective Austin, TX, US * Aug 19 - 21, 2015 China Liberty Hackathon Xian, Shanxi, CN * Aug 20, 2015 OpenStack Day Seattle 2015 Seattle, WA, US * Aug 25, 2015 OpenStack Trove Day 2015 San Jose, CA, US * Aug 26 - 27, 2015 OpenStack Silicon Valley Mountain View, California, US * Aug 27, 2015 OpenStack Nova Deep Dive Meetup Cluj-Napoca, Cluj, RO * Sep 19, 2015 OpenStack Benelux Conference 2015 Bussum, NL * Sep 21 - 24, 2015 Storage Developer Conference Santa Clara, CA, CA, US * Oct 04 - 08, 2015 Gartner SymposiumITxpo Orlando, FL, US * Nov 05, 2015 #CloudBeerStockholm Stockholm, SE * Nov 15 - 20, 2015 Supercomputing 15 Austin, TX, US Other News * Addressing Telco Service Providers? Requirements with Open Source * The hard life of OpenStack application developers * Rising from the ashes: Ceilometer redefines its mission * python-swiftclient 2.5.0 released /The weekly newsletter is a way for the community to learn about all the various activities occurring on a weekly basis. If you would like to add content to a weekly update or have an idea about this newsletter, please leave a comment./ -------------- next part -------------- An HTML attachment was scrubbed... URL: From aishwarya.adyanthaya at accenture.com Mon Jul 20 09:09:46 2015 From: aishwarya.adyanthaya at accenture.com (aishwarya.adyanthaya at accenture.com) Date: Mon, 20 Jul 2015 09:09:46 +0000 Subject: [Openstack-operators] Snappy-ubuntu Message-ID: <5c527b0d49764ae6b69d0fa1f5c7beeb@CO2PR42MB188.048d.mgd.msft.net> Hi, Recently I have downloaded the Snappy Ubuntu image. While downloading the docker package I'm facing errors. # sudo snappy install docker docker 8MB [=======================================] OK ERROR: Could not generate AppArmor profile for 'docker_docker_1.5.0.002.json'. Skipping Traceback (most recent call last): File "/usr/lib/snappy-systemd/systemd-snappyhook", line 198, in update_systemd_units() . . . . Glib.Error: click_hooks_error-quark: Hook command '/usr/lib/snappy-system/systemd-snappyhook' failed: child process exited with code 1 (6) Is the image in development and isn't fully tested? Or am I supposed to do install and configure prerequisites? Thank you for the reply in advance! Aishwarya Adyanthaya ________________________________ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. ______________________________________________________________________________________ www.accenture.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From jharley at redmind.ca Mon Jul 20 20:11:54 2015 From: jharley at redmind.ca (Jason Harley) Date: Mon, 20 Jul 2015 16:11:54 -0400 Subject: [Openstack-operators] nova-network and "site-to-cloud" VPNs Message-ID: <084AB6B7-0F29-4F39-8158-A0DC056811D9@redmind.ca> Howdy ? I have an Icehouse OpenStack cloud with nova-network with VLANManager in multi-host mode. I have a need to make all instances in one particular project available to part of the core network without any sort of NAT translation in sort of a ?hybrid infrastructure? setup. A ?site-to-cloud? VPN router seemed to be the best option to set this up, so I used OpenVPN to setup the site to site and setup the appropriate routing within the project instances and the core network. Traffic traverses the tunnel, but it looks like because this traffic isn?t NAT?d there?s a nova-network iptables rule which assures that only local subnet traffic is accepted and the packet is dropped. I assume this is by design to ensure the ?walled garden? without the use of network namespaces, but is there a workaround to this solution? ?cloudpipe? seems like abandonware, and after reading the docs I?m not sure it would solve my problem. Any insight/help appreciated! ./JRH From rovanleeuwen at ebay.com Tue Jul 21 09:07:38 2015 From: rovanleeuwen at ebay.com (Van Leeuwen, Robert) Date: Tue, 21 Jul 2015 09:07:38 +0000 Subject: [Openstack-operators] [puppet][keystone] Creating Keystone users with a password in the puppet module (Kilo) throws error at second puppetrun Message-ID: Hi, I am using the Kilo puppet recipes to setup Kilo on Ubuntu 14.04 to test the latest Puppet recipes with Vagrant. I am creating an keystone admin user from within the puppet recipe. Creating the keystone user works fine but the second puppetrun gives an error whenever you set a password for the user you want to create. Error: /Stage[main]/Keystone::Roles::Admin/Keystone_user[admin]: Could not evaluate: Execution of '/usr/bin/openstack token issue --format value' returned 1: ERROR: openstack The resource could not be found. * When you do not pass the password in the keystone_user native type it does not throw an error. * The first run will create the user successfully and set the password * After sourcing the credentials file and running manually "/usr/bin/openstack token issue --format value? also does not give an error. ( I could not immediately find where puppet decides this command is run and with which credentials. ) Anyone hitting the same issue or knows what could be going wrong? Example puppet keystone user config which breaks after the second run: keystone_user { 'admin': password => $::openstack::config::keystone_admin_password, #Removing this line fixes the issue email => 'admin at openstack', ensure => present, enabled => True, } Thx, Robert van Leeuwen -------------- next part -------------- An HTML attachment was scrubbed... URL: From jesse.pretorius at gmail.com Tue Jul 21 13:38:45 2015 From: jesse.pretorius at gmail.com (Jesse Pretorius) Date: Tue, 21 Jul 2015 14:38:45 +0100 Subject: [Openstack-operators] OSAD for RHEL In-Reply-To: References: <7A20AC6B-28B1-405E-975E-2455AD23260F@gmail.com> <559DF998.8080605@redhat.com> Message-ID: On 9 July 2015 at 05:54, John Dewey wrote: > IMO - registering the systems with subscription manager or pointing to in > house yum repos should be included as part of system bootstrapping, and not > a part of OSAD. OSAD should simply install the specific packages for the > alternate distro. > Agreed, trying to cater for all things that everyone wants in their bootstrapping is a rabbit hole best not ventured into as it'll bloat the project considerably. > Might also be a good time to abstract the system packaging module into a > higher level one which handles `yum` or `apt` behind the scenes. We can > then manage the list of packages per distro[1]. Throwing this out as an > idea vs copy-paste every apt with a yum section. > Ansible appears to be building this abstraction already for v2 [1], but has a means to do this in an alternative way [2]. [1] https://github.com/ansible/ansible-modules-core/blob/devel/packaging/os/package.py [2] http://serverfault.com/a/697736 -------------- next part -------------- An HTML attachment was scrubbed... URL: From mikal at stillhq.com Tue Jul 21 14:45:20 2015 From: mikal at stillhq.com (Michael Still) Date: Wed, 22 Jul 2015 00:45:20 +1000 Subject: [Openstack-operators] Nova cells v2 and operational impacts Message-ID: Heya, the nova developer mid-cycle meetup is happening this week. We've been talking through the operational impacts of cells v2, and thought it would be a good idea to mention them here and get your thoughts. First off, what is cells v2? The plan is that _every_ nova deployment will be running a new version of cells. The default will be a deployment of a single cell, which will have the impact that existing single cell deployments will end up having another mysql database that is required by cells. However, you wont be required to bring up any additional nova services at this point [1], as cells v2 lives inside the nova-api service. The advantage of this approach is that cells stops being a weird special case run by big deployments. We're forced to implement everything in cells, instead of the bits that a couple of bigger players cared enough about, and we're also forced to test it better. It also means that smaller deployments can grow into big deployments much more easily. Finally, it also simplifies the nova code, which will reduce our tech debt. This is a large block of work, so cells v2 wont be fully complete in Liberty. Cells v1 deployments will effective run both cells v2 and cells v1 for this release, with the cells v2 code thinking that there is a single very large cell. We'll continue the transition for cells v1 deployments to pure cells v2 in the M release. So what's the actual question? We're introducing an additional mysql database that every nova deployment will need to possess in Liberty. We talked through having this data be in the existing database, but that wasn't a plan that made us comfortable for various reasons. This means that operators would need to do two db_syncs instead of one during upgrades. We worry that this will be annoying to single cell deployments. We therefore propose the following: - all operators when they hit Liberty will need to add a new connection string to their nova.conf which configures this new mysql database, there will be a release note to remind you to do this. - we will add a flag which indicates if a db_sync should imply a sync of the cells database as well. The default for this flag will be true. This means that you can still do these syncs separately if you want, but we're not forcing you to remember to do it if you just want it to always happen at the same time. Does this sound acceptable? Or are we over thinking this? We'd appreciate your thoughts. Cheers, Michael 1: there is some talk about having a separate pool of conductors to handle the cells database, but this wont be implemented in Liberty. -- Rackspace Australia From robertc at robertcollins.net Tue Jul 21 14:48:42 2015 From: robertc at robertcollins.net (Robert Collins) Date: Wed, 22 Jul 2015 02:48:42 +1200 Subject: [Openstack-operators] Nova cells v2 and operational impacts In-Reply-To: References: Message-ID: On 22 July 2015 at 02:45, Michael Still wrote: > Heya, > ... > So what's the actual question? We're introducing an additional mysql > database that every nova deployment will need to possess in Liberty. > We talked through having this data be in the existing database, but > that wasn't a plan that made us comfortable for various reasons. This > means that operators would need to do two db_syncs instead of one > during upgrades. We worry that this will be annoying to single cell > deployments. > > We therefore propose the following: > > - all operators when they hit Liberty will need to add a new > connection string to their nova.conf which configures this new mysql > database, there will be a release note to remind you to do this. > - we will add a flag which indicates if a db_sync should imply a sync > of the cells database as well. The default for this flag will be true. > ... Will sites need to do some syncing or something to populate the new DB [data, not schema], or will the v2 code automatically do this itself? -Rob -- Robert Collins Distinguished Technologist HP Converged Cloud From mikal at stillhq.com Tue Jul 21 14:51:01 2015 From: mikal at stillhq.com (Michael Still) Date: Wed, 22 Jul 2015 00:51:01 +1000 Subject: [Openstack-operators] Nova cells v2 and operational impacts In-Reply-To: References: Message-ID: On Wed, Jul 22, 2015 at 12:48 AM, Robert Collins wrote: > On 22 July 2015 at 02:45, Michael Still wrote: >> Heya, >> > ... >> So what's the actual question? We're introducing an additional mysql >> database that every nova deployment will need to possess in Liberty. >> We talked through having this data be in the existing database, but >> that wasn't a plan that made us comfortable for various reasons. This >> means that operators would need to do two db_syncs instead of one >> during upgrades. We worry that this will be annoying to single cell >> deployments. >> >> We therefore propose the following: >> >> - all operators when they hit Liberty will need to add a new >> connection string to their nova.conf which configures this new mysql >> database, there will be a release note to remind you to do this. >> - we will add a flag which indicates if a db_sync should imply a sync >> of the cells database as well. The default for this flag will be true. >> > ... > > Will sites need to do some syncing or something to populate the new DB > [data, not schema], or will the v2 code automatically do this itself? Good question. My reading of http://specs.openstack.org/openstack/nova-specs/specs/liberty/approved/cells-instance-migration.html is that there will be a nova manage command which will need to be run as part of the upgrade. That's once off though like the database connection string configuration though. Cheers, Michael -- Rackspace Australia From openstack at medberry.net Tue Jul 21 14:51:50 2015 From: openstack at medberry.net (David Medberry) Date: Tue, 21 Jul 2015 09:51:50 -0500 Subject: [Openstack-operators] Nova cells v2 and operational impacts In-Reply-To: References: Message-ID: Also, if there is feedback, getting it in today or tomorrow would be most effective. Michael, this plan works for me/us. TWC. -d On Tue, Jul 21, 2015 at 9:45 AM, Michael Still wrote: > Heya, > > the nova developer mid-cycle meetup is happening this week. We've been > talking through the operational impacts of cells v2, and thought it > would be a good idea to mention them here and get your thoughts. > > First off, what is cells v2? The plan is that _every_ nova deployment > will be running a new version of cells. The default will be a > deployment of a single cell, which will have the impact that existing > single cell deployments will end up having another mysql database that > is required by cells. However, you wont be required to bring up any > additional nova services at this point [1], as cells v2 lives inside > the nova-api service. > > The advantage of this approach is that cells stops being a weird > special case run by big deployments. We're forced to implement > everything in cells, instead of the bits that a couple of bigger > players cared enough about, and we're also forced to test it better. > It also means that smaller deployments can grow into big deployments > much more easily. Finally, it also simplifies the nova code, which > will reduce our tech debt. > > This is a large block of work, so cells v2 wont be fully complete in > Liberty. Cells v1 deployments will effective run both cells v2 and > cells v1 for this release, with the cells v2 code thinking that there > is a single very large cell. We'll continue the transition for cells > v1 deployments to pure cells v2 in the M release. > > So what's the actual question? We're introducing an additional mysql > database that every nova deployment will need to possess in Liberty. > We talked through having this data be in the existing database, but > that wasn't a plan that made us comfortable for various reasons. This > means that operators would need to do two db_syncs instead of one > during upgrades. We worry that this will be annoying to single cell > deployments. > > We therefore propose the following: > > - all operators when they hit Liberty will need to add a new > connection string to their nova.conf which configures this new mysql > database, there will be a release note to remind you to do this. > - we will add a flag which indicates if a db_sync should imply a sync > of the cells database as well. The default for this flag will be true. > > This means that you can still do these syncs separately if you want, > but we're not forcing you to remember to do it if you just want it to > always happen at the same time. > > Does this sound acceptable? Or are we over thinking this? We'd > appreciate your thoughts. > > Cheers, > Michael > > 1: there is some talk about having a separate pool of conductors to > handle the cells database, but this wont be implemented in Liberty. > > -- > Rackspace Australia > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > -------------- next part -------------- An HTML attachment was scrubbed... URL: From gfa at zumbi.com.ar Tue Jul 21 15:14:06 2015 From: gfa at zumbi.com.ar (gustavo panizzo (gfa)) Date: Tue, 21 Jul 2015 23:14:06 +0800 Subject: [Openstack-operators] Nova cells v2 and operational impacts In-Reply-To: References: Message-ID: <55AE61BE.9080104@zumbi.com.ar> On 2015-07-21 22:45, Michael Still wrote: > We therefore propose the following: > > - all operators when they hit Liberty will need to add a new > connection string to their nova.conf which configures this new mysql > database, there will be a release note to remind you to do this. > - we will add a flag which indicates if a db_sync should imply a sync > of the cells database as well. The default for this flag will be true. > > This means that you can still do these syncs separately if you want, > but we're not forcing you to remember to do it if you just want it to > always happen at the same time. > > Does this sound acceptable? Or are we over thinking this? We'd > appreciate your thoughts. as an op I would like to know if nova can work with the db at different shema level nova api = N nova db = N nova cell db = M nova compute = M & N I have no problem doing the db updates in certain order (example: nova db before nova cell db) but I want to be able to keep running if the second db upgrade fails and I need more time to fix it. a grenade job in the gate testing that would be great -- 1AE0 322E B8F7 4717 BDEA BF1D 44BB 1BA7 9F6C 6333 keybase: http://keybase.io/gfa From mikal at stillhq.com Tue Jul 21 15:45:59 2015 From: mikal at stillhq.com (Michael Still) Date: Wed, 22 Jul 2015 01:45:59 +1000 Subject: [Openstack-operators] Nova cells v2 and operational impacts In-Reply-To: <55AE61BE.9080104@zumbi.com.ar> References: <55AE61BE.9080104@zumbi.com.ar> Message-ID: On Wed, Jul 22, 2015 at 1:14 AM, gustavo panizzo (gfa) wrote: > > > On 2015-07-21 22:45, Michael Still wrote: >> We therefore propose the following: >> >> - all operators when they hit Liberty will need to add a new >> connection string to their nova.conf which configures this new mysql >> database, there will be a release note to remind you to do this. >> - we will add a flag which indicates if a db_sync should imply a sync >> of the cells database as well. The default for this flag will be true. >> >> This means that you can still do these syncs separately if you want, >> but we're not forcing you to remember to do it if you just want it to >> always happen at the same time. >> >> Does this sound acceptable? Or are we over thinking this? We'd >> appreciate your thoughts. > > as an op I would like to know if nova can work with the db at different > shema level > > nova api = N > nova db = N > nova cell db = M > nova compute = M & N > > I have no problem doing the db updates in certain order (example: nova > db before nova cell db) but I want to be able to keep running if the > second db upgrade fails and I need more time to fix it. > a grenade job in the gate testing that would be great So, first off the schema numbers will be separate for each database, so if the numbers are ever the same in both that will be entirely by accident. That said, I see that you're saying about schema upgrades. Unfortunately nova-api needs to talk to both databases, so the databases need to be upgraded at the same time. However, I think that our expand and contract support might help you here, in that you should be able to alter the database schema before upgrading the binaries. That would should you time to resolve migration issues. Hope this helps, Michael -- Rackspace Australia From Kevin.Fox at pnnl.gov Tue Jul 21 16:03:52 2015 From: Kevin.Fox at pnnl.gov (Fox, Kevin M) Date: Tue, 21 Jul 2015 16:03:52 +0000 Subject: [Openstack-operators] Nova cells v2 and operational impacts In-Reply-To: References: , Message-ID: <1A3C52DFCD06494D8528644858247BF01A2A679D@EX10MBOX03.pnnl.gov> Sounds like a good plan to me. Thanks, Kevin ________________________________ From: David Medberry Sent: Tuesday, July 21, 2015 7:51:50 AM To: Michael Still Cc: openstack-operators at lists.openstack.org; Andrew Laski Subject: Re: [Openstack-operators] Nova cells v2 and operational impacts Also, if there is feedback, getting it in today or tomorrow would be most effective. Michael, this plan works for me/us. TWC. -d On Tue, Jul 21, 2015 at 9:45 AM, Michael Still > wrote: Heya, the nova developer mid-cycle meetup is happening this week. We've been talking through the operational impacts of cells v2, and thought it would be a good idea to mention them here and get your thoughts. First off, what is cells v2? The plan is that _every_ nova deployment will be running a new version of cells. The default will be a deployment of a single cell, which will have the impact that existing single cell deployments will end up having another mysql database that is required by cells. However, you wont be required to bring up any additional nova services at this point [1], as cells v2 lives inside the nova-api service. The advantage of this approach is that cells stops being a weird special case run by big deployments. We're forced to implement everything in cells, instead of the bits that a couple of bigger players cared enough about, and we're also forced to test it better. It also means that smaller deployments can grow into big deployments much more easily. Finally, it also simplifies the nova code, which will reduce our tech debt. This is a large block of work, so cells v2 wont be fully complete in Liberty. Cells v1 deployments will effective run both cells v2 and cells v1 for this release, with the cells v2 code thinking that there is a single very large cell. We'll continue the transition for cells v1 deployments to pure cells v2 in the M release. So what's the actual question? We're introducing an additional mysql database that every nova deployment will need to possess in Liberty. We talked through having this data be in the existing database, but that wasn't a plan that made us comfortable for various reasons. This means that operators would need to do two db_syncs instead of one during upgrades. We worry that this will be annoying to single cell deployments. We therefore propose the following: - all operators when they hit Liberty will need to add a new connection string to their nova.conf which configures this new mysql database, there will be a release note to remind you to do this. - we will add a flag which indicates if a db_sync should imply a sync of the cells database as well. The default for this flag will be true. This means that you can still do these syncs separately if you want, but we're not forcing you to remember to do it if you just want it to always happen at the same time. Does this sound acceptable? Or are we over thinking this? We'd appreciate your thoughts. Cheers, Michael 1: there is some talk about having a separate pool of conductors to handle the cells database, but this wont be implemented in Liberty. -- Rackspace Australia _______________________________________________ OpenStack-operators mailing list OpenStack-operators at lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdorman at godaddy.com Tue Jul 21 23:21:18 2015 From: mdorman at godaddy.com (Mike Dorman) Date: Tue, 21 Jul 2015 23:21:18 +0000 Subject: [Openstack-operators] Nova cells v2 and operational impacts In-Reply-To: References: Message-ID: <89157602-7D85-4DA5-A9EA-542F327B0816@godaddy.com> Seems reasonable. For us already running v1, will we be creating another new cell database for v2? Or will our existing v1 cell database become that second database under v2? Somewhat beyond the scope of this thread, but my main concern is the acrobatics going from v1 in Kilo to the hybrid v1/v2 in Liberty, to full v2 in Mitaka. I think we all realize there will be some amount of pain to get to v2, but as long as that case for us existing cells users can be handled in a somewhat sane way, I?m happy. Mike On 7/21/15, 8:45 AM, "Michael Still" wrote: >Heya, > >the nova developer mid-cycle meetup is happening this week. We've been >talking through the operational impacts of cells v2, and thought it >would be a good idea to mention them here and get your thoughts. > >First off, what is cells v2? The plan is that _every_ nova deployment >will be running a new version of cells. The default will be a >deployment of a single cell, which will have the impact that existing >single cell deployments will end up having another mysql database that >is required by cells. However, you wont be required to bring up any >additional nova services at this point [1], as cells v2 lives inside >the nova-api service. > >The advantage of this approach is that cells stops being a weird >special case run by big deployments. We're forced to implement >everything in cells, instead of the bits that a couple of bigger >players cared enough about, and we're also forced to test it better. >It also means that smaller deployments can grow into big deployments >much more easily. Finally, it also simplifies the nova code, which >will reduce our tech debt. > >This is a large block of work, so cells v2 wont be fully complete in >Liberty. Cells v1 deployments will effective run both cells v2 and >cells v1 for this release, with the cells v2 code thinking that there >is a single very large cell. We'll continue the transition for cells >v1 deployments to pure cells v2 in the M release. > >So what's the actual question? We're introducing an additional mysql >database that every nova deployment will need to possess in Liberty. >We talked through having this data be in the existing database, but >that wasn't a plan that made us comfortable for various reasons. This >means that operators would need to do two db_syncs instead of one >during upgrades. We worry that this will be annoying to single cell >deployments. > >We therefore propose the following: > > - all operators when they hit Liberty will need to add a new >connection string to their nova.conf which configures this new mysql >database, there will be a release note to remind you to do this. > - we will add a flag which indicates if a db_sync should imply a sync >of the cells database as well. The default for this flag will be true. > >This means that you can still do these syncs separately if you want, >but we're not forcing you to remember to do it if you just want it to >always happen at the same time. > >Does this sound acceptable? Or are we over thinking this? We'd >appreciate your thoughts. > >Cheers, >Michael > >1: there is some talk about having a separate pool of conductors to >handle the cells database, but this wont be implemented in Liberty. > >-- >Rackspace Australia > >_______________________________________________ >OpenStack-operators mailing list >OpenStack-operators at lists.openstack.org >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators From siv.devops at gmail.com Wed Jul 22 01:07:11 2015 From: siv.devops at gmail.com (pra devOPS) Date: Tue, 21 Jul 2015 18:07:11 -0700 Subject: [Openstack-operators] Network boot openstack instances Message-ID: Hi ALL: I wnated to network boot Openstack Instances, Some where I have read about ipxe. Can somebody provide steps of how to go about doing it. We have to give the instance booting details in the dhcp, Any special confguration needed in the nova dhcp? what would be my base openstack intances, How would it fetch the OS version I it has boot? etc. Thanks, Dev -------------- next part -------------- An HTML attachment was scrubbed... URL: From comnea.dani at gmail.com Wed Jul 22 07:12:01 2015 From: comnea.dani at gmail.com (Daniel Comnea) Date: Wed, 22 Jul 2015 08:12:01 +0100 Subject: [Openstack-operators] Nova cells v2 and operational impacts In-Reply-To: <89157602-7D85-4DA5-A9EA-542F327B0816@godaddy.com> References: <89157602-7D85-4DA5-A9EA-542F327B0816@godaddy.com> Message-ID: Michael, Just to clear an assumption on my head: by new mysql database you mean a new mysql instance? If is the latter one, how do you see the deployment to be with 2 mysql instances (possible in different clusters)? Cheers, Dani On Wed, Jul 22, 2015 at 12:21 AM, Mike Dorman wrote: > Seems reasonable. > > For us already running v1, will we be creating another new cell database > for v2? Or will our existing v1 cell database become that second database > under v2? > > Somewhat beyond the scope of this thread, but my main concern is the > acrobatics going from v1 in Kilo to the hybrid v1/v2 in Liberty, to full > v2 in Mitaka. I think we all realize there will be some amount of pain to > get to v2, but as long as that case for us existing cells users can be > handled in a somewhat sane way, I?m happy. > > Mike > > > > > > On 7/21/15, 8:45 AM, "Michael Still" wrote: > > >Heya, > > > >the nova developer mid-cycle meetup is happening this week. We've been > >talking through the operational impacts of cells v2, and thought it > >would be a good idea to mention them here and get your thoughts. > > > >First off, what is cells v2? The plan is that _every_ nova deployment > >will be running a new version of cells. The default will be a > >deployment of a single cell, which will have the impact that existing > >single cell deployments will end up having another mysql database that > >is required by cells. However, you wont be required to bring up any > >additional nova services at this point [1], as cells v2 lives inside > >the nova-api service. > > > >The advantage of this approach is that cells stops being a weird > >special case run by big deployments. We're forced to implement > >everything in cells, instead of the bits that a couple of bigger > >players cared enough about, and we're also forced to test it better. > >It also means that smaller deployments can grow into big deployments > >much more easily. Finally, it also simplifies the nova code, which > >will reduce our tech debt. > > > >This is a large block of work, so cells v2 wont be fully complete in > >Liberty. Cells v1 deployments will effective run both cells v2 and > >cells v1 for this release, with the cells v2 code thinking that there > >is a single very large cell. We'll continue the transition for cells > >v1 deployments to pure cells v2 in the M release. > > > >So what's the actual question? We're introducing an additional mysql > >database that every nova deployment will need to possess in Liberty. > >We talked through having this data be in the existing database, but > >that wasn't a plan that made us comfortable for various reasons. This > >means that operators would need to do two db_syncs instead of one > >during upgrades. We worry that this will be annoying to single cell > >deployments. > > > >We therefore propose the following: > > > > - all operators when they hit Liberty will need to add a new > >connection string to their nova.conf which configures this new mysql > >database, there will be a release note to remind you to do this. > > - we will add a flag which indicates if a db_sync should imply a sync > >of the cells database as well. The default for this flag will be true. > > > >This means that you can still do these syncs separately if you want, > >but we're not forcing you to remember to do it if you just want it to > >always happen at the same time. > > > >Does this sound acceptable? Or are we over thinking this? We'd > >appreciate your thoughts. > > > >Cheers, > >Michael > > > >1: there is some talk about having a separate pool of conductors to > >handle the cells database, but this wont be implemented in Liberty. > > > >-- > >Rackspace Australia > > > >_______________________________________________ > >OpenStack-operators mailing list > >OpenStack-operators at lists.openstack.org > >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > -------------- next part -------------- An HTML attachment was scrubbed... URL: From achebba at CDTA.DZ Wed Jul 22 13:20:13 2015 From: achebba at CDTA.DZ (Asmaa Chebba) Date: Wed, 22 Jul 2015 13:20:13 +0000 Subject: [Openstack-operators] Can't launch docker instance, Unexpected vif_type=binding_failed. Message-ID: Hi, I installed Docker with juno release on Ubuntu all compute/networking services are up and enabled, and I can add docker images with glance however, I can't launch an instance (stopped at spawning step) in the nova-compute log, I found : Instance failed to spawn InstanceDeployFailure: Cannot setup network: Unexpected vif_type=binding_failed and when verifying the neutron-server log: Failed to bind port 5d299cc9-e3f3-48a0-a80f-f204910a47e7 on host compute2 Any idea on how to solve this? I appriciate your help. Tahnks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mvanwink at rackspace.com Wed Jul 22 13:28:35 2015 From: mvanwink at rackspace.com (Matt Van Winkle) Date: Wed, 22 Jul 2015 13:28:35 +0000 Subject: [Openstack-operators] Nova cells v2 and operational impacts In-Reply-To: <89157602-7D85-4DA5-A9EA-542F327B0816@godaddy.com> References: <89157602-7D85-4DA5-A9EA-542F327B0816@godaddy.com> Message-ID: I think I primarily echo Mike's questions. For me, I'd like to see the "primary" DB in cells v2 only have the data necessary for the APIs to know which cell an instance is associate with - versus having to copy every detail from every cell DB. I do wonder, for those of us using cells v1, what that would mean in the interim versions (hopefully just L) and what the migration path would look like. As Mike said, as long as these are "sane", then my only other concern is hopefully removing the duplicated data. Thanks! Matt On 7/21/15 6:21 PM, "Mike Dorman" wrote: >Seems reasonable. > >For us already running v1, will we be creating another new cell database >for v2? Or will our existing v1 cell database become that second >database >under v2? > >Somewhat beyond the scope of this thread, but my main concern is the >acrobatics going from v1 in Kilo to the hybrid v1/v2 in Liberty, to full >v2 in Mitaka. I think we all realize there will be some amount of pain >to >get to v2, but as long as that case for us existing cells users can be >handled in a somewhat sane way, I?m happy. > >Mike > > > > > >On 7/21/15, 8:45 AM, "Michael Still" wrote: > >>Heya, >> >>the nova developer mid-cycle meetup is happening this week. We've been >>talking through the operational impacts of cells v2, and thought it >>would be a good idea to mention them here and get your thoughts. >> >>First off, what is cells v2? The plan is that _every_ nova deployment >>will be running a new version of cells. The default will be a >>deployment of a single cell, which will have the impact that existing >>single cell deployments will end up having another mysql database that >>is required by cells. However, you wont be required to bring up any >>additional nova services at this point [1], as cells v2 lives inside >>the nova-api service. >> >>The advantage of this approach is that cells stops being a weird >>special case run by big deployments. We're forced to implement >>everything in cells, instead of the bits that a couple of bigger >>players cared enough about, and we're also forced to test it better. >>It also means that smaller deployments can grow into big deployments >>much more easily. Finally, it also simplifies the nova code, which >>will reduce our tech debt. >> >>This is a large block of work, so cells v2 wont be fully complete in >>Liberty. Cells v1 deployments will effective run both cells v2 and >>cells v1 for this release, with the cells v2 code thinking that there >>is a single very large cell. We'll continue the transition for cells >>v1 deployments to pure cells v2 in the M release. >> >>So what's the actual question? We're introducing an additional mysql >>database that every nova deployment will need to possess in Liberty. >>We talked through having this data be in the existing database, but >>that wasn't a plan that made us comfortable for various reasons. This >>means that operators would need to do two db_syncs instead of one >>during upgrades. We worry that this will be annoying to single cell >>deployments. >> >>We therefore propose the following: >> >> - all operators when they hit Liberty will need to add a new >>connection string to their nova.conf which configures this new mysql >>database, there will be a release note to remind you to do this. >> - we will add a flag which indicates if a db_sync should imply a sync >>of the cells database as well. The default for this flag will be true. >> >>This means that you can still do these syncs separately if you want, >>but we're not forcing you to remember to do it if you just want it to >>always happen at the same time. >> >>Does this sound acceptable? Or are we over thinking this? We'd >>appreciate your thoughts. >> >>Cheers, >>Michael >> >>1: there is some talk about having a separate pool of conductors to >>handle the cells database, but this wont be implemented in Liberty. >> >>-- >>Rackspace Australia >> >>_______________________________________________ >>OpenStack-operators mailing list >>OpenStack-operators at lists.openstack.org >>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >_______________________________________________ >OpenStack-operators mailing list >OpenStack-operators at lists.openstack.org >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators From mikal at stillhq.com Wed Jul 22 13:56:41 2015 From: mikal at stillhq.com (Michael Still) Date: Wed, 22 Jul 2015 23:56:41 +1000 Subject: [Openstack-operators] Nova cells v2 and operational impacts In-Reply-To: <89157602-7D85-4DA5-A9EA-542F327B0816@godaddy.com> References: <89157602-7D85-4DA5-A9EA-542F327B0816@godaddy.com> Message-ID: Heya. On Wed, Jul 22, 2015 at 9:21 AM, Mike Dorman wrote: > Seems reasonable. > > For us already running v1, will we be creating another new cell database > for v2? Or will our existing v1 cell database become that second database > under v2? Yes. Cells v2 will require a new database, you wont be able to reuse your existing cells database. > Somewhat beyond the scope of this thread, but my main concern is the > acrobatics going from v1 in Kilo to the hybrid v1/v2 in Liberty, to full > v2 in Mitaka. I think we all realize there will be some amount of pain to > get to v2, but as long as that case for us existing cells users can be > handled in a somewhat sane way, I?m happy. I'm actually not too concerned about that bit, but then again I'm not the primary developer on cells v2 so I might be confused. I don't think we've documented the intended transition from cells v1 to cells v2 in M, but perhaps Andrew Laski can chime in? Michael -- Rackspace Australia From mikal at stillhq.com Wed Jul 22 13:57:42 2015 From: mikal at stillhq.com (Michael Still) Date: Wed, 22 Jul 2015 23:57:42 +1000 Subject: [Openstack-operators] Nova cells v2 and operational impacts In-Reply-To: References: <89157602-7D85-4DA5-A9EA-542F327B0816@godaddy.com> Message-ID: On Wed, Jul 22, 2015 at 5:12 PM, Daniel Comnea wrote: > Michael, > > Just to clear an assumption on my head: by new mysql database you mean a new > mysql instance? > > If is the latter one, how do you see the deployment to be with 2 mysql > instances (possible in different clusters)? Good question. That deployment question is up to you... Its entirely reasonable for a single cell deployment to use the same mysql servers though, so we're just talking about doing a "create database" here in that case. Michael -- Rackspace Australia From andrew at lascii.com Wed Jul 22 14:18:25 2015 From: andrew at lascii.com (andrew at lascii.com) Date: Wed, 22 Jul 2015 10:18:25 -0400 Subject: [Openstack-operators] Nova cells v2 and operational impacts Message-ID: <20150722141825.GC3024@crypt> >________________________________________ >From: Matt Van Winkle >Sent: Wednesday, July 22, 2015 9:28 AM >To: Mike Dorman; Michael Still; openstack-operators at lists.openstack.org >Cc: Andrew Laski >Subject: Re: [Openstack-operators] Nova cells v2 and operational impacts > >I think I primarily echo Mike's questions. For me, I'd like to see the >"primary" DB in cells v2 only have the data necessary for the APIs to know >which cell an instance is associate with - versus having to copy every >detail from every cell DB. I do wonder, for those of us using cells v1, >what that would mean in the interim versions (hopefully just L) and what >the migration path would look like. As Mike said, as long as these are >"sane", then my only other concern is hopefully removing the duplicated >data. There will be a little more data than just instance->cell associations but none of the data will be duplicated like in cells v1. For example, we'll be storing flavor data in the new api database because that's global and not particular to a cell and flavors will no longer be stored or used from within the cell database. As mentioned in another email it's a bit early to talk about the full migration path because we're not yet looking at multiple cell support in v2 so there's no way to migrate from v1. But in this interim period the hybrid v1/v2 deployment is going to have the global cell be a v2 cell with each current cell remaining untouched. > >Thanks! >Matt > >On 7/21/15 6:21 PM, "Mike Dorman" wrote: > >>Seems reasonable. >> >>For us already running v1, will we be creating another new cell database >>for v2? Or will our existing v1 cell database become that second >>database >>under v2? >> >>Somewhat beyond the scope of this thread, but my main concern is the >>acrobatics going from v1 in Kilo to the hybrid v1/v2 in Liberty, to full >>v2 in Mitaka. I think we all realize there will be some amount of pain >>to >>get to v2, but as long as that case for us existing cells users can be >>handled in a somewhat sane way, I?m happy. >> >>Mike >> >> >> >> >> >>On 7/21/15, 8:45 AM, "Michael Still" wrote: >> >>>Heya, >>> >>>the nova developer mid-cycle meetup is happening this week. We've been >>>talking through the operational impacts of cells v2, and thought it >>>would be a good idea to mention them here and get your thoughts. >>> >>>First off, what is cells v2? The plan is that _every_ nova deployment >>>will be running a new version of cells. The default will be a >>>deployment of a single cell, which will have the impact that existing >>>single cell deployments will end up having another mysql database that >>>is required by cells. However, you wont be required to bring up any >>>additional nova services at this point [1], as cells v2 lives inside >>>the nova-api service. >>> >>>The advantage of this approach is that cells stops being a weird >>>special case run by big deployments. We're forced to implement >>>everything in cells, instead of the bits that a couple of bigger >>>players cared enough about, and we're also forced to test it better. >>>It also means that smaller deployments can grow into big deployments >>>much more easily. Finally, it also simplifies the nova code, which >>>will reduce our tech debt. >>> >>>This is a large block of work, so cells v2 wont be fully complete in >>>Liberty. Cells v1 deployments will effective run both cells v2 and >>>cells v1 for this release, with the cells v2 code thinking that there >>>is a single very large cell. We'll continue the transition for cells >>>v1 deployments to pure cells v2 in the M release. >>> >>>So what's the actual question? We're introducing an additional mysql >>>database that every nova deployment will need to possess in Liberty. >>>We talked through having this data be in the existing database, but >>>that wasn't a plan that made us comfortable for various reasons. This >>>means that operators would need to do two db_syncs instead of one >>>during upgrades. We worry that this will be annoying to single cell >>>deployments. >>> >>>We therefore propose the following: >>> >>> - all operators when they hit Liberty will need to add a new >>>connection string to their nova.conf which configures this new mysql >>>database, there will be a release note to remind you to do this. >>> - we will add a flag which indicates if a db_sync should imply a sync >>>of the cells database as well. The default for this flag will be true. >>> >>>This means that you can still do these syncs separately if you want, >>>but we're not forcing you to remember to do it if you just want it to >>>always happen at the same time. >>> >>>Does this sound acceptable? Or are we over thinking this? We'd >>>appreciate your thoughts. >>> >>>Cheers, >>>Michael >>> >>>1: there is some talk about having a separate pool of conductors to >>>handle the cells database, but this wont be implemented in Liberty. >>> >>>-- >>>Rackspace Australia >>> >>>_______________________________________________ >>>OpenStack-operators mailing list >>>OpenStack-operators at lists.openstack.org >>>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >>_______________________________________________ >>OpenStack-operators mailing list >>OpenStack-operators at lists.openstack.org >>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > ----- End forwarded message ----- From andrew at lascii.com Wed Jul 22 14:19:48 2015 From: andrew at lascii.com (andrew at lascii.com) Date: Wed, 22 Jul 2015 10:19:48 -0400 Subject: [Openstack-operators] Fwd: Fwd: Re: Fw: Nova cells v2 and operational impacts Message-ID: <20150722141948.GD3024@crypt> > From: mikalstill at gmail.com on behalf of Michael Still > Sent: Wednesday, July 22, 2015 9:56 AM > To: Mike Dorman > Cc: openstack-operators at lists.openstack.org; Andrew Laski > Subject: Re: [Openstack-operators] Nova cells v2 and operational impacts > > Heya. > > On Wed, Jul 22, 2015 at 9:21 AM, Mike Dorman wrote: >> Seems reasonable. >> >> For us already running v1, will we be creating another new cell database >> for v2? Or will our existing v1 cell database become that second database >> under v2? > > Yes. Cells v2 will require a new database, you wont be able to reuse > your existing cells database. The direction we're going is that your databases within a cell will remain but the global database that cells v1 replicates data up into will be replaced by the new api database. > >> Somewhat beyond the scope of this thread, but my main concern is the >> acrobatics going from v1 in Kilo to the hybrid v1/v2 in Liberty, to full >> v2 in Mitaka. I think we all realize there will be some amount of pain to >> get to v2, but as long as that case for us existing cells users can be >> handled in a somewhat sane way, I?m happy. > > I'm actually not too concerned about that bit, but then again I'm not > the primary developer on cells v2 so I might be confused. I don't > think we've documented the intended transition from cells v1 to cells > v2 in M, but perhaps Andrew Laski can chime in? The transition path isn't fully determined and documented yet, but it will be sane for both current cells and non cells deployments. I personally will need to deal with the cells v1 to v2 transition so it will definitely be something that's thought about during development. It's too early to get into details because multiple cells support isn't being worked on in this cycle, but ideally the migration for cells v1 and non cells will be essentially the same except that cells v1 users may need to run an upgrade script in each cell vs just running it once. > > Michael > > -- > Rackspace Australia From raju.roks at gmail.com Wed Jul 22 17:45:48 2015 From: raju.roks at gmail.com (raju) Date: Wed, 22 Jul 2015 13:45:48 -0400 Subject: [Openstack-operators] Failed to start Initial cloud-init job (metadata service crawler) Message-ID: Hi All, I have created Ubuntu 15.4 cloud image in my openstack Icehouse, whenever I deploy instance using 15.04 image it does not get default route added Same image is working fine in Juno environment and and all the other images are working fine in Icehouse I see the below error in logs [1;31mFAILED[0m] Failed to start Initial cloud-init job (metadata service crawler). -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayoung at redhat.com Wed Jul 22 21:21:01 2015 From: ayoung at redhat.com (Adam Young) Date: Wed, 22 Jul 2015 17:21:01 -0400 Subject: [Openstack-operators] [puppet] Automating multi-domain Keystone configuration & user list command failure In-Reply-To: References: Message-ID: <55B0093D.8080909@redhat.com> On 07/17/2015 02:49 PM, Ken Johnson wrote: > Hey all, hoping that someone else might be running into this too... > Right now I'm in the process of trying to get Keystone deployed, set > up for v3 API usage, with multiple identity backends (specifically, a > SQL backed default domain for service accounts, and another backed by > LDAP for users). I've had luck so far using the Keystone module to get > as far as I can and then doing the not yet supported multi-domain bits > with lower level resources... But I'm running into one snag that I've > not yet been able to find a workaround for yet. > > During runs, after the multi-domain config has been laid down, I'm > seeing output like this where an attempt is made to see if the admin > user exists, then create the user if not. Polling of existing users > fails due to an authentication failure for the user list command, > which causes an attempt to create the already extant admin user, which > results in the resource failing and following actions being abandoned. > > -- > > Debug: Executing '/usr/bin/openstack user list --quiet --format csv > --long' > Error: Could not prefetch keystone_user provider 'openstack': Could > not authenticate. > Debug: Executing '/usr/bin/openstack user create --format shell > username --enable --password password --email username at domain --domain > domain' > Error: Execution of '/usr/bin/openstack user create --format shell > username --enable --password password --email username at domain --domain > domain' returned 1: ERROR: openstack Conflict occurred attempting to > store user - Duplicate Entry (HTTP 409) (Request-ID: > req-1ae18aaf-8a2c-42bd-a456-83303ec668b1) > Error: > /Stage[main]/Keystone::Roles::Admin/Keystone_user[openstack-keystone]/ensure: > change from absent to present failed: Execution of '/usr/bin/openstack > user create --format shell username --enable --password password > --email username at domain --domain domain' returned 1: ERROR: openstack > Conflict occurred attempting to store user - Duplicate Entry (HTTP > 409) (Request-ID: req-1ae18aaf-8a2c-42bd-a456-83303ec668b1) > Notice: > /Stage[main]/Keystone::Roles::Admin/Keystone_user_role[openstack-keystone at openstack]: > Dependency Keystone_user[openstack-keystone] has failures: true > Warning: > /Stage[main]/Keystone::Roles::Admin/Keystone_user_role[openstack-keystone at openstack]: > Skipping because of failed dependencies > > -- > > If I look in the Keystone logs I can see the authorization failure. > > -- > > 2015-07-17 10:40:52.922 5155 INFO keystone.common.wsgi [-] GET /users? > 2015-07-17 10:40:52.922 5155 WARNING keystone.common.controller [-] > RBAC: Bypassing authorization > 2015-07-17 10:40:52.924 5155 WARNING keystone.common.controller [-] > Invalid token found while getting domain ID for list request > 2015-07-17 10:40:52.925 5155 WARNING keystone.common.wsgi [-] > Authorization failed. The request you have made requires > authentication. from 127.0.0.1 This is not definitive, but I'll take you word on what you are doing. It would be good to confirm that this is in fact due to the ADMIN_TOKEN not having sufficient priviledges to execute the command. PLease file it as a bug, and we';ll look in to it. > > -- > > This only happens with multi-domain configuration in place. Checking > out the internals of Keystone, it looks like this happens because when > a list request is made in a multi-domain context the token used must > have a domain associated with it. Because the provider is using the > built in admin token, this domain association doesn't exist. At least, > I think that's what's going on, based on what I've read and explored > so far. > > Was wondering if anyone else had encountered this and come up with a > way around it. So far I'm not seeing any satisfying way of dealing > with this, but still poking around... > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -------------- next part -------------- An HTML attachment was scrubbed... URL: From prometheanfire at gentoo.org Thu Jul 23 04:54:58 2015 From: prometheanfire at gentoo.org (Matthew Thode) Date: Wed, 22 Jul 2015 23:54:58 -0500 Subject: [Openstack-operators] New Gentoo Openstack images. Message-ID: <55B073A2.2030208@gentoo.org> All of the issues that people reported should be fixed. If you have other issues, let me know. It looks like we will be making this (qemu) a catalyst target, so we should hopefully have these be official soon (and then it's in disk-image-builder fairly easily, either via stage4 (which I use for these) or the image itself. The list of closed bugs: https://github.com/prometheanfire/gentoo-cloud-prep/issues?q=is%3Aissue+is%3Aclosed http://gentoo.osuosl.org/experimental/amd64/openstack/ -- Matthew Thode (prometheanfire) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From ignaziocassano at gmail.com Thu Jul 23 08:49:50 2015 From: ignaziocassano at gmail.com (Ignazio Cassano) Date: Thu, 23 Jul 2015 10:49:50 +0200 Subject: [Openstack-operators] Kilo virtual machine stop to aquire dhcp address :-( Message-ID: Hi guys, I installed openstack kilo last week and it worked fine for some days. On yesterday my virtual machines stop to aquire dhcp address and if I set address manually they cannot ping either dhcp server or gateway. My environment is made up of: 1 controller node 1 neutron netork node 1 kvm computing node 2 object storage nodes 2 lvm iscsi block storage nodes If I run "neutron agent-list" on controller node it reports the following lines: +--------------------------------------+--------------------+-----------------+-------+----------------+---------------------------+ | id | agent_type | host | alive | admin_state_up | binary | +--------------------------------------+--------------------+-----------------+-------+----------------+---------------------------+ | 7e18abbf-8c6b-4463-9833-44b45dc7fec8 | Open vSwitch agent | OpStk-NetNode | :-) | True | neutron-openvswitch-agent | | 7e67678a-5eb1-4d8b-9a44-f084187ddb03 | Open vSwitch agent | OpStk-CompNode1 | :-) | True | neutron-openvswitch-agent | | 87ebbf56-8405-4b0d-84b4-a3ad7e3c7a0c | L3 agent | OpStk-NetNode | :-) | True | neutron-l3-agent | | ac6d21c3-ab38-451e-9393-9d38ea1058ec | DHCP agent | OpStk-NetNode | :-) | True | neutron-dhcp-agent | | ebb2b82e-1cba-4a69-b943-bf69e7c8a478 | Metadata agent | OpStk-NetNode | :-) | True | neutron-metadata-agent | +--------------------------------------+--------------------+-----------------+-------+----------------+---------------------------+ Could anyone help me ? Many thanks and regards Ignazio -------------- next part -------------- An HTML attachment was scrubbed... URL: From zhangjian2011 at cn.fujitsu.com Thu Jul 23 13:13:14 2015 From: zhangjian2011 at cn.fujitsu.com (zhangjian2011) Date: Thu, 23 Jul 2015 21:13:14 +0800 Subject: [Openstack-operators] How to deploy a bare-node with the kernel and ramdisk file from an existing OS using ironic Message-ID: <55B0E86A.2090909@cn.fujitsu.com> Hi Guys, I am using ironic to deploy bare node. And I wanted to deploy it with the kernel and ramdisk from an existing OS(vmlinuz and initramfs in /boot ). But failed, I am not sure it works or not by doing so. I got the following error message from the nova-conductor.log ------ 2015-07-23 16:45:22.301 2684 ERROR nova.scheduler.utils [req-c88443b1-df80-402d-a030-50d70f6aaa3c a9e9b92963934eeebf3e731240757e54 6c5fe0f608e94f2b82cc610b028da45d - - -] [instance: a4b0e52f-5732-445d-b817-10fbe9f2d214] Error from last host: ironic.fnst.com (node 94684b56-13bc-47fa-9235-4aa6b802d712): [u'Traceback (most recent call last):\n', u' File "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 2219, in _do_build_and_run_instance\n filter_properties)\n', u' File "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 2362, in _build_and_run_instance\n instance_uuid=instance.uuid, reason=six.text_type(e))\n', u'RescheduledException: Build of instance a4b0e52f-5732-445d-b817-10fbe9f2d214 was re-scheduled: Failed to provision instance a4b0e52f-5732-445d-b817-10fbe9f2d214: None\n'] 2015-07-23 16:45:22.314 2684 WARNING nova.scheduler.utils [req-c88443b1-df80-402d-a030-50d70f6aaa3c a9e9b92963934eeebf3e731240757e54 6c5fe0f608e94f2b82cc610b028da45d - - -] Failed to compute_task_build_instances: No valid host was found. There are not enough hosts available. Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/oslo_messaging/rpc/server.py", line 142, in inner return func(*args, **kwargs) File "/usr/lib/python2.7/site-packages/nova/scheduler/manager.py", line 86, in select_destinations filter_properties) got File "/usr/lib/python2.7/site-packages/nova/scheduler/filter_scheduler.py", line 80, in select_destinations raise exception.NoValidHost(reason=reason) NoValidHost: No valid host was found. There are not enough hosts available. 2015-07-23 16:45:22.314 2684 WARNING nova.scheduler.utils [req-c88443b1-df80-402d-a030-50d70f6aaa3c a9e9b92963934eeebf3e731240757e54 6c5fe0f608e94f2b82cc610b028da45d - - -] [instance: a4b0e52f-5732-445d-b817-10fbe9f2d214] Setting instance to ERROR state. ------- Can anyone help me? Regards, Jian From alvise.dorigo at pd.infn.it Thu Jul 23 13:54:15 2015 From: alvise.dorigo at pd.infn.it (Alvise Dorigo) Date: Thu, 23 Jul 2015 15:54:15 +0200 Subject: [Openstack-operators] Managing security incidents: how to find the guilty VM ? Message-ID: <55B0F207.5020400@pd.infn.it> Dear all Let's suppose that a user of an OpenStack based Cloud does something wrong/illegal on the internet, or a VM gets compromised and from that machine something wrong/illegal is done. In this case the local security contact persons could be notified after a while (days, weeks, even some months, when probably that VM doesn't exist anymore) that a "malicious operations" affecting some IP addresses-ports" was performed on date X from a machine with IP Y. The local security contact persons have then to find who created that VM, at least to prevent that . If the VM doesn't have a floating IP, the Y IP address that is exposed on the internet (and therefore the one that will be commuticated to the security people) is the one of the OpenStack router. Given the private IP of the machine we are able to find the UUID of the VM (even if this was already deleted) and then the id of the relevant user who created it. But the problem is how to find this private IP address. How this issue can be managed ? thanks. Alvise From emilien at redhat.com Thu Jul 23 14:06:22 2015 From: emilien at redhat.com (Emilien Macchi) Date: Thu, 23 Jul 2015 10:06:22 -0400 Subject: [Openstack-operators] [puppet][keystone] Creating Keystone users with a password in the puppet module (Kilo) throws error at second puppetrun In-Reply-To: References: Message-ID: <55B0F4DE.5020302@redhat.com> On 07/21/2015 05:07 AM, Van Leeuwen, Robert wrote: > Hi, > > I am using the Kilo puppet recipes to setup Kilo on Ubuntu 14.04 to test > the latest Puppet recipes with Vagrant. > I am creating an keystone admin user from within the puppet recipe. > Creating the keystone user works fine but the second puppetrun gives an > error whenever you set a password for the user you want to create. > Error: /Stage[main]/Keystone::Roles::Admin/Keystone_user[admin]: Could > not evaluate: Execution of '/usr/bin/openstack token issue --format > value' returned 1: ERROR: openstack The resource could not be found. > > * When you do not pass the password in the keystone_user native type it > does not throw an error. > * The first run will create the user successfully and set the password > * After sourcing the credentials file and running manually > "/usr/bin/openstack token issue --format value? also does not give an > error. > ( I could not immediately find where puppet decides this command is run > and with which credentials. ) > > Anyone hitting the same issue or knows what could be going wrong? Could you share your whole manifest, so we can reproduce it and quickly spot an eventual bug or error in configuration? Thanks, > Example puppet keystone user config which breaks after the second run: > keystone_user { 'admin': > password => $::openstack::config::keystone_admin_password, > #Removing this line fixes the issue > email => 'admin at openstack', > ensure => present, > enabled => True, > } > > Thx, > Robert van Leeuwen > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > -- Emilien Macchi -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: From salv.orlando at gmail.com Thu Jul 23 14:58:13 2015 From: salv.orlando at gmail.com (Salvatore Orlando) Date: Thu, 23 Jul 2015 15:58:13 +0100 Subject: [Openstack-operators] Kilo virtual machine stop to aquire dhcp address :-( In-Reply-To: References: Message-ID: When you manually setup IP addressing on the VMs, are they able to ping each other? The issue you are describing is compatible with a scenario where both the dhcp agent and the l3 agent on the same "network node", and that node gets disconnected from the rest of the fabric. This could be for several reasons. At the control plane level, the l2 agent might be not operating correctly (even if its reports an "up" status); at the data plane level instead l3 connectivity with the network node might be interrupted. The l2 agent log on the network node might be able to answer the question concerning whether dhcp and router interface are being wired correctly. Salvatore On 23 July 2015 at 09:49, Ignazio Cassano wrote: > Hi guys, > I installed openstack kilo last week and it worked fine for some days. > On yesterday my virtual machines stop to aquire dhcp address and if I set > address > manually they cannot ping either dhcp server or gateway. > > My environment is made up of: > > 1 controller node > 1 neutron netork node > 1 kvm computing node > 2 object storage nodes > 2 lvm iscsi block storage nodes > > If I run "neutron agent-list" on controller node it reports the following > lines: > > +--------------------------------------+--------------------+-----------------+-------+----------------+---------------------------+ > | id | agent_type | > host | alive | admin_state_up | binary | > > +--------------------------------------+--------------------+-----------------+-------+----------------+---------------------------+ > | 7e18abbf-8c6b-4463-9833-44b45dc7fec8 | Open vSwitch agent | > OpStk-NetNode | :-) | True | neutron-openvswitch-agent | > | 7e67678a-5eb1-4d8b-9a44-f084187ddb03 | Open vSwitch agent | > OpStk-CompNode1 | :-) | True | neutron-openvswitch-agent | > | 87ebbf56-8405-4b0d-84b4-a3ad7e3c7a0c | L3 agent | > OpStk-NetNode | :-) | True | neutron-l3-agent | > | ac6d21c3-ab38-451e-9393-9d38ea1058ec | DHCP agent | > OpStk-NetNode | :-) | True | neutron-dhcp-agent | > | ebb2b82e-1cba-4a69-b943-bf69e7c8a478 | Metadata agent | > OpStk-NetNode | :-) | True | neutron-metadata-agent | > > +--------------------------------------+--------------------+-----------------+-------+----------------+---------------------------+ > > Could anyone help me ? > > Many thanks and regards > Ignazio > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From openstackguru at gmail.com Thu Jul 23 14:57:04 2015 From: openstackguru at gmail.com (Openstack Guru) Date: Thu, 23 Jul 2015 10:57:04 -0400 Subject: [Openstack-operators] adding postinstall scripts in cloud init Message-ID: Hello every one, I would like to add some command's in cloud init to execute while building an instance. Please advice best way to accomplish this? Thanks in advance. -------------- next part -------------- An HTML attachment was scrubbed... URL: From klindgren at godaddy.com Thu Jul 23 15:38:33 2015 From: klindgren at godaddy.com (Kris G. Lindgren) Date: Thu, 23 Jul 2015 15:38:33 +0000 Subject: [Openstack-operators] adding postinstall scripts in cloud init In-Reply-To: References: Message-ID: Do you mean outside of the standard supplying user_data when the VM boots? Or do you mean that you (as the cloud provider) want every vm to always do x,y,z and to leave user_data open to your end users? ____________________________________________ Kris Lindgren Senior Linux Systems Engineer GoDaddy, LLC. From: Openstack Guru > Date: Thursday, July 23, 2015 at 8:57 AM To: "openstack-operators at lists.openstack.org" > Subject: [Openstack-operators] adding postinstall scripts in cloud init Hello every one, I would like to add some command's in cloud init to execute while building an instance. Please advice best way to accomplish this? Thanks in advance. -------------- next part -------------- An HTML attachment was scrubbed... URL: From Kevin.Fox at pnnl.gov Thu Jul 23 15:48:30 2015 From: Kevin.Fox at pnnl.gov (Fox, Kevin M) Date: Thu, 23 Jul 2015 15:48:30 +0000 Subject: [Openstack-operators] adding postinstall scripts in cloud init In-Reply-To: References: , Message-ID: <1A3C52DFCD06494D8528644858247BF01A2AB7BD@EX10MBOX03.pnnl.gov> Vendor data can do that. See the json metadata plugin to the nova metadata server and the vendor data section of cloud init. Thanks, Kevin ________________________________ From: Kris G. Lindgren Sent: Thursday, July 23, 2015 8:38:33 AM To: Openstack Guru; openstack-operators at lists.openstack.org Subject: Re: [Openstack-operators] adding postinstall scripts in cloud init Do you mean outside of the standard supplying user_data when the VM boots? Or do you mean that you (as the cloud provider) want every vm to always do x,y,z and to leave user_data open to your end users? ____________________________________________ Kris Lindgren Senior Linux Systems Engineer GoDaddy, LLC. From: Openstack Guru > Date: Thursday, July 23, 2015 at 8:57 AM To: "openstack-operators at lists.openstack.org" > Subject: [Openstack-operators] adding postinstall scripts in cloud init Hello every one, I would like to add some command's in cloud init to execute while building an instance. Please advice best way to accomplish this? Thanks in advance. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openstack at medberry.net Thu Jul 23 15:51:43 2015 From: openstack at medberry.net (David Medberry) Date: Thu, 23 Jul 2015 10:51:43 -0500 Subject: [Openstack-operators] adding postinstall scripts in cloud init In-Reply-To: References: Message-ID: Kris's answer is correct--use user_data unless you have a reason not to. You could "munge" the user_data if you wanted to do something additional. You could also "munge" the cloud-image you are using to do something custom and/or fork cloud-init. ref: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/4/html/End_User_Guide/user-data.html http://cloudinit.readthedocs.org/en/latest/topics/datasources.html http://cloudinit.readthedocs.org/en/latest/topics/examples.html Be the Guru, use the source! On Thu, Jul 23, 2015 at 9:57 AM, Openstack Guru wrote: > Hello every one, > > I would like to add some command's in cloud init to execute while building > an instance. Please advice best way to accomplish this? > > Thanks in advance. > > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ignaziocassano at gmail.com Thu Jul 23 15:52:30 2015 From: ignaziocassano at gmail.com (Ignazio Cassano) Date: Thu, 23 Jul 2015 17:52:30 +0200 Subject: [Openstack-operators] Kilo virtual machine stop to aquire dhcp address :-( In-Reply-To: References: Message-ID: Hi Salvatore, thank you for your answer When dhcp does not release an ip address the virtual machines cannot ping the gateway also if you assign them a static address. I deleted all subnets and I created only one subnet : now the virtualmachines installed from the standard cirros image do not aquire ip address but if you assign them the ip address displayed on the dashboard they can ping the gateway. Then, if I reboot one virtualmachine , it aquires the ip address, hostname and the mtu from dhcp. It is a very strange behaviour. A question (I do not know openvswitch): I saw openvswitch creates several ports either on network node or computer node. Some of these ports have a tag number (vlan ?). Must the port assigned to the gateway and the dhcp server for a subnet have the same tag number of the port assigned to a virtualmachine in the same subnet ? Regards 2015-07-23 16:58 GMT+02:00 Salvatore Orlando : > When you manually setup IP addressing on the VMs, are they able to ping > each other? > The issue you are describing is compatible with a scenario where both the > dhcp agent and the l3 agent on the same "network node", and that node gets > disconnected from the rest of the fabric. > > This could be for several reasons. At the control plane level, the l2 > agent might be not operating correctly (even if its reports an "up" > status); at the data plane level instead l3 connectivity with the network > node might be interrupted. The l2 agent log on the network node might be > able to answer the question concerning whether dhcp and router interface > are being wired correctly. > > Salvatore > > > On 23 July 2015 at 09:49, Ignazio Cassano > wrote: > >> Hi guys, >> I installed openstack kilo last week and it worked fine for some days. >> On yesterday my virtual machines stop to aquire dhcp address and if I set >> address >> manually they cannot ping either dhcp server or gateway. >> >> My environment is made up of: >> >> 1 controller node >> 1 neutron netork node >> 1 kvm computing node >> 2 object storage nodes >> 2 lvm iscsi block storage nodes >> >> If I run "neutron agent-list" on controller node it reports the following >> lines: >> >> +--------------------------------------+--------------------+-----------------+-------+----------------+---------------------------+ >> | id | agent_type | >> host | alive | admin_state_up | binary | >> >> +--------------------------------------+--------------------+-----------------+-------+----------------+---------------------------+ >> | 7e18abbf-8c6b-4463-9833-44b45dc7fec8 | Open vSwitch agent | >> OpStk-NetNode | :-) | True | neutron-openvswitch-agent | >> | 7e67678a-5eb1-4d8b-9a44-f084187ddb03 | Open vSwitch agent | >> OpStk-CompNode1 | :-) | True | neutron-openvswitch-agent | >> | 87ebbf56-8405-4b0d-84b4-a3ad7e3c7a0c | L3 agent | >> OpStk-NetNode | :-) | True | neutron-l3-agent | >> | ac6d21c3-ab38-451e-9393-9d38ea1058ec | DHCP agent | >> OpStk-NetNode | :-) | True | neutron-dhcp-agent | >> | ebb2b82e-1cba-4a69-b943-bf69e7c8a478 | Metadata agent | >> OpStk-NetNode | :-) | True | neutron-metadata-agent | >> >> +--------------------------------------+--------------------+-----------------+-------+----------------+---------------------------+ >> >> Could anyone help me ? >> >> Many thanks and regards >> Ignazio >> >> >> _______________________________________________ >> OpenStack-operators mailing list >> OpenStack-operators at lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From openstack at medberry.net Thu Jul 23 15:54:02 2015 From: openstack at medberry.net (David Medberry) Date: Thu, 23 Jul 2015 10:54:02 -0500 Subject: [Openstack-operators] adding postinstall scripts in cloud init In-Reply-To: <1A3C52DFCD06494D8528644858247BF01A2AB7BD@EX10MBOX03.pnnl.gov> References: <1A3C52DFCD06494D8528644858247BF01A2AB7BD@EX10MBOX03.pnnl.gov> Message-ID: Yep, vendor data is also covered in the cloud-init docs: http://cloudinit.readthedocs.org/en/latest/topics/datasources.html#vendor-data On Thu, Jul 23, 2015 at 10:48 AM, Fox, Kevin M wrote: > Vendor data can do that. See the json metadata plugin to the nova > metadata server and the vendor data section of cloud init. > > Thanks, > Kevin > > ------------------------------ > *From:* Kris G. Lindgren > *Sent:* Thursday, July 23, 2015 8:38:33 AM > *To:* Openstack Guru; openstack-operators at lists.openstack.org > *Subject:* Re: [Openstack-operators] adding postinstall scripts in cloud > init > > Do you mean outside of the standard supplying user_data when the VM > boots? Or do you mean that you (as the cloud provider) want every vm to > always do x,y,z and to leave user_data open to your end users? > ____________________________________________ > > Kris Lindgren > Senior Linux Systems Engineer > GoDaddy, LLC. > > > From: Openstack Guru > Date: Thursday, July 23, 2015 at 8:57 AM > To: "openstack-operators at lists.openstack.org" < > openstack-operators at lists.openstack.org> > Subject: [Openstack-operators] adding postinstall scripts in cloud init > > Hello every one, > > I would like to add some command's in cloud init to execute while > building an instance. Please advice best way to accomplish this? > > Thanks in advance. > > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From salv.orlando at gmail.com Thu Jul 23 17:26:55 2015 From: salv.orlando at gmail.com (Salvatore Orlando) Date: Thu, 23 Jul 2015 18:26:55 +0100 Subject: [Openstack-operators] Kilo virtual machine stop to aquire dhcp address :-( In-Reply-To: References: Message-ID: More comments inline. Salvatore On 23 July 2015 at 16:52, Ignazio Cassano wrote: > Hi Salvatore, thank you for your answer > When dhcp does not release an ip address the virtual machines cannot ping > the gateway also if you assign them > a static address. > > I deleted all subnets and I created only one subnet : now the > virtualmachines installed from the standard cirros image do not aquire ip > address but if you assign them the ip address displayed on the dashboard > they can ping the gateway. > Then, if I reboot one virtualmachine , it aquires the ip address, hostname > and the mtu from dhcp. It is a very strange behaviour. > This might indicate delays in setting up configurations in the network node. Rather than rebooting the VM you can just try to send more DHCPREQUEST with udhcpc from the cirros instance. If it eventually receives an address, a delay on the network node is the most likely issue. Nevertheless, this would hardly explain why you are unable to ping the gateway even with static addresses, as the router interface should be already up and configured (you should indeed be able to see it in the qrouter- namespace and also see a veth pair connecting that interface to the ovs bridge. > > A question (I do not know openvswitch): > I saw openvswitch creates several ports either on network node or computer > node. > Some of these ports have a tag number (vlan ?). > Must the port assigned to the gateway and the dhcp server for a subnet > have the same tag number of the port assigned to a virtualmachine in the > same subnet ? > The tag number is exclusively local to the host. Its purpose is to isolate traffic for different tenants within the same host. Traffic for the same logical network might be given distinct tags on distinct hosts. I hope I got your question right! > Regards > > 2015-07-23 16:58 GMT+02:00 Salvatore Orlando : > >> When you manually setup IP addressing on the VMs, are they able to ping >> each other? >> The issue you are describing is compatible with a scenario where both the >> dhcp agent and the l3 agent on the same "network node", and that node gets >> disconnected from the rest of the fabric. >> >> This could be for several reasons. At the control plane level, the l2 >> agent might be not operating correctly (even if its reports an "up" >> status); at the data plane level instead l3 connectivity with the network >> node might be interrupted. The l2 agent log on the network node might be >> able to answer the question concerning whether dhcp and router interface >> are being wired correctly. >> >> Salvatore >> >> >> On 23 July 2015 at 09:49, Ignazio Cassano >> wrote: >> >>> Hi guys, >>> I installed openstack kilo last week and it worked fine for some days. >>> On yesterday my virtual machines stop to aquire dhcp address and if I >>> set address >>> manually they cannot ping either dhcp server or gateway. >>> >>> My environment is made up of: >>> >>> 1 controller node >>> 1 neutron netork node >>> 1 kvm computing node >>> 2 object storage nodes >>> 2 lvm iscsi block storage nodes >>> >>> If I run "neutron agent-list" on controller node it reports the >>> following lines: >>> >>> +--------------------------------------+--------------------+-----------------+-------+----------------+---------------------------+ >>> | id | agent_type | >>> host | alive | admin_state_up | binary | >>> >>> +--------------------------------------+--------------------+-----------------+-------+----------------+---------------------------+ >>> | 7e18abbf-8c6b-4463-9833-44b45dc7fec8 | Open vSwitch agent | >>> OpStk-NetNode | :-) | True | neutron-openvswitch-agent | >>> | 7e67678a-5eb1-4d8b-9a44-f084187ddb03 | Open vSwitch agent | >>> OpStk-CompNode1 | :-) | True | neutron-openvswitch-agent | >>> | 87ebbf56-8405-4b0d-84b4-a3ad7e3c7a0c | L3 agent | >>> OpStk-NetNode | :-) | True | neutron-l3-agent | >>> | ac6d21c3-ab38-451e-9393-9d38ea1058ec | DHCP agent | >>> OpStk-NetNode | :-) | True | neutron-dhcp-agent | >>> | ebb2b82e-1cba-4a69-b943-bf69e7c8a478 | Metadata agent | >>> OpStk-NetNode | :-) | True | neutron-metadata-agent | >>> >>> +--------------------------------------+--------------------+-----------------+-------+----------------+---------------------------+ >>> >>> Could anyone help me ? >>> >>> Many thanks and regards >>> Ignazio >>> >>> >>> _______________________________________________ >>> OpenStack-operators mailing list >>> OpenStack-operators at lists.openstack.org >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ignaziocassano at gmail.com Thu Jul 23 17:35:50 2015 From: ignaziocassano at gmail.com (Ignazio Cassano) Date: Thu, 23 Jul 2015 19:35:50 +0200 Subject: [Openstack-operators] Kilo virtual machine stop to aquire dhcp address :-( In-Reply-To: References: Message-ID: Many thanks Il giorno 23/lug/2015 19:26, "Salvatore Orlando" ha scritto: > More comments inline. > > Salvatore > > On 23 July 2015 at 16:52, Ignazio Cassano > wrote: > >> Hi Salvatore, thank you for your answer >> When dhcp does not release an ip address the virtual machines cannot ping >> the gateway also if you assign them >> a static address. >> > >> I deleted all subnets and I created only one subnet : now the >> virtualmachines installed from the standard cirros image do not aquire ip >> address but if you assign them the ip address displayed on the dashboard >> they can ping the gateway. >> Then, if I reboot one virtualmachine , it aquires the ip address, >> hostname and the mtu from dhcp. It is a very strange behaviour. >> > > This might indicate delays in setting up configurations in the network > node. > Rather than rebooting the VM you can just try to send more DHCPREQUEST > with udhcpc from the cirros instance. > If it eventually receives an address, a delay on the network node is the > most likely issue. > > Nevertheless, this would hardly explain why you are unable to ping the > gateway even with static addresses, as the router interface should be > already up and configured (you should indeed be able to see it in the > qrouter- namespace and also see a veth pair connecting that > interface to the ovs bridge. > > >> >> A question (I do not know openvswitch): >> I saw openvswitch creates several ports either on network node or >> computer node. >> Some of these ports have a tag number (vlan ?). >> Must the port assigned to the gateway and the dhcp server for a subnet >> have the same tag number of the port assigned to a virtualmachine in the >> same subnet ? >> > > The tag number is exclusively local to the host. Its purpose is to isolate > traffic for different tenants within the same host. Traffic for the same > logical network might be given distinct tags on distinct hosts. > I hope I got your question right! > > >> Regards >> >> 2015-07-23 16:58 GMT+02:00 Salvatore Orlando : >> >>> When you manually setup IP addressing on the VMs, are they able to ping >>> each other? >>> The issue you are describing is compatible with a scenario where both >>> the dhcp agent and the l3 agent on the same "network node", and that node >>> gets disconnected from the rest of the fabric. >>> >>> This could be for several reasons. At the control plane level, the l2 >>> agent might be not operating correctly (even if its reports an "up" >>> status); at the data plane level instead l3 connectivity with the network >>> node might be interrupted. The l2 agent log on the network node might be >>> able to answer the question concerning whether dhcp and router interface >>> are being wired correctly. >>> >>> Salvatore >>> >>> >>> On 23 July 2015 at 09:49, Ignazio Cassano >>> wrote: >>> >>>> Hi guys, >>>> I installed openstack kilo last week and it worked fine for some days. >>>> On yesterday my virtual machines stop to aquire dhcp address and if I >>>> set address >>>> manually they cannot ping either dhcp server or gateway. >>>> >>>> My environment is made up of: >>>> >>>> 1 controller node >>>> 1 neutron netork node >>>> 1 kvm computing node >>>> 2 object storage nodes >>>> 2 lvm iscsi block storage nodes >>>> >>>> If I run "neutron agent-list" on controller node it reports the >>>> following lines: >>>> >>>> +--------------------------------------+--------------------+-----------------+-------+----------------+---------------------------+ >>>> | id | agent_type | >>>> host | alive | admin_state_up | binary | >>>> >>>> +--------------------------------------+--------------------+-----------------+-------+----------------+---------------------------+ >>>> | 7e18abbf-8c6b-4463-9833-44b45dc7fec8 | Open vSwitch agent | >>>> OpStk-NetNode | :-) | True | neutron-openvswitch-agent | >>>> | 7e67678a-5eb1-4d8b-9a44-f084187ddb03 | Open vSwitch agent | >>>> OpStk-CompNode1 | :-) | True | neutron-openvswitch-agent | >>>> | 87ebbf56-8405-4b0d-84b4-a3ad7e3c7a0c | L3 agent | >>>> OpStk-NetNode | :-) | True | neutron-l3-agent | >>>> | ac6d21c3-ab38-451e-9393-9d38ea1058ec | DHCP agent | >>>> OpStk-NetNode | :-) | True | neutron-dhcp-agent | >>>> | ebb2b82e-1cba-4a69-b943-bf69e7c8a478 | Metadata agent | >>>> OpStk-NetNode | :-) | True | neutron-metadata-agent | >>>> >>>> +--------------------------------------+--------------------+-----------------+-------+----------------+---------------------------+ >>>> >>>> Could anyone help me ? >>>> >>>> Many thanks and regards >>>> Ignazio >>>> >>>> >>>> _______________________________________________ >>>> OpenStack-operators mailing list >>>> OpenStack-operators at lists.openstack.org >>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >>>> >>>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mvanwink at rackspace.com Thu Jul 23 17:55:29 2015 From: mvanwink at rackspace.com (Matt Van Winkle) Date: Thu, 23 Jul 2015 17:55:29 +0000 Subject: [Openstack-operators] [Large Deployments Team] Meeting Reminder Message-ID: Just a quick reminder, as mentioned last week, we'll have a Large Deployments Team meeting in a few hours: 03:00 UTC 22:00 CDT 01:00 AEST See you all in #openstack-operators! Thanks! VW -------------- next part -------------- An HTML attachment was scrubbed... URL: From tom at openstack.org Thu Jul 23 18:40:29 2015 From: tom at openstack.org (Tom Fifield) Date: Thu, 23 Jul 2015 11:40:29 -0700 Subject: [Openstack-operators] Palo Alto Midcycle - agenda brainstorming In-Reply-To: References: <559F4A00.2060606@openstack.org> <55AA65F3.9070607@openstack.org> Message-ID: <55B1351D.3070007@openstack.org> Indeed it is. So, status update - we've got more than 150 folks registered at this stage, doing well on the list of working groups, but the "general" sessions are still slim pickings. Get in on https://etherpad.openstack.org/p/PAO-ops-meetup while you still can :) Regards, Tom On 18/07/15 10:11, Joe Topjian wrote: > Hi Tom, > > The list of General Session ideas is definitely shorter than past > meetups, but maybe that's a good sign! It could be that past burning > topics have been acknowledged and handled. > > If that's the case, does anyone have thoughts about extending the length > of Working Group sessions so there's more time to collaborate > face-to-face as a group? > > Joe > > On Sat, Jul 18, 2015 at 8:42 AM, Tom Fifield > wrote: > > Hi all, > > If you have some time in the next few days, please contribute to the > agenda planning. So far it's looking a bit light, and we need to > lock in moderators soon! > > > > ********************************************************************** > > > > Please propose session ideas on: > > > > https://etherpad.openstack.org/p/PAO-ops-meetup > > > > ensuring you read the new instructions to make sessions 'actionable'. > > > > > > ********************************************************************** > > > > Regards, > > > Tom > > On 09/07/15 21:28, Tom Fifield wrote: > > Hi all, > > As you've seen - the Ops mid-cycle will be in Palo Alto, August > 18&19, > and we need your help to work out what should be on the agenda. > > If you're new: note this is aimed at giving us a design-summit-style > place to congregate, swap best practices, ideas and give > feedback, and > is not a good place to learn about the basics of OpenStack. > > As usual, we're working to act on the feedback from all past > events to > make this one better than ever. One that we continue to work on > is the > need to see action happen as a result of this event, so please - > when > you are suggesting sessions in the below etherpad please try and > phrase > them in a way that will probably result in things happening > afterward. > > > ********************************************************************** > > Please propose session ideas on: > > https://etherpad.openstack.org/p/PAO-ops-meetup > > ensuring you read the new instructions to make sessions > 'actionable'. > > > ********************************************************************** > > > The room allocations are still being worked out (all hail > Allison!), but > the current thinking is that the general sessions will all be in the > morning of both days, and the working groups will be in the > afternoon - > similar to Philadelphia. We probably have a lot more space for > smaller > working groups this time. > > > More as it comes, and as always, further information about ops > meetups > and notes from the past can be found on the wiki @: > > https://wiki.openstack.org/wiki/Operations/Meetups > > Finally, don't forget to register ASAP: > http://www.eventbrite.com/e/openstack-ops-mid-cycle-meetup-tickets-17703258924 > ! > > > Regards, > > > Tom > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > From zhangjian2011 at cn.fujitsu.com Fri Jul 24 02:53:43 2015 From: zhangjian2011 at cn.fujitsu.com (zhangjian2011) Date: Fri, 24 Jul 2015 10:53:43 +0800 Subject: [Openstack-operators] How to deploy a bare-node with the kernel and ramdisk file from an existing OS using ironic In-Reply-To: <55B0E86A.2090909@cn.fujitsu.com> References: <55B0E86A.2090909@cn.fujitsu.com> Message-ID: <55B1A8B7.1060908@cn.fujitsu.com> Hi? Guys error message from the /var/log/messages in ironic server. How to solve it, any ideas? -------------- Jul 24 06:12:29 ironic ironic-conductor: 2015-07-24 06:12:29.042 1178 ERROR ironic.drivers.base [-] vendor_passthru failed with method pass_deploy_info Jul 24 06:12:29 ironic ironic-conductor: 2015-07-24 06:12:29.042 1178 TRACE ironic.drivers.base Traceback (most recent call last): Jul 24 06:12:29 ironic ironic-conductor: 2015-07-24 06:12:29.042 1178 TRACE ironic.drivers.base File "/usr/lib/python2.7/site-packages/ironic/drivers/base.py", line 516, in passthru_handler Jul 24 06:12:29 ironic ironic-conductor: 2015-07-24 06:12:29.042 1178 TRACE ironic.drivers.base return func(*args, **kwargs) Jul 24 06:12:29 ironic ironic-conductor: 2015-07-24 06:12:29.042 1178 TRACE ironic.drivers.base File "/usr/lib/python2.7/site-packages/ironic/conductor/task_manager.py", line 128, in wrapper Jul 24 06:12:29 ironic ironic-conductor: 2015-07-24 06:12:29.042 1178 TRACE ironic.drivers.base return f(*args, **kwargs) Jul 24 06:12:29 ironic ironic-conductor: 2015-07-24 06:12:29.042 1178 TRACE ironic.drivers.base File "/usr/lib/python2.7/site-packages/ironic/drivers/modules/pxe.py", line 598, in pass_deploy_info Jul 24 06:12:29 ironic ironic-conductor: 2015-07-24 06:12:29.042 1178 TRACE ironic.drivers.base uuid_dict = iscsi_deploy.continue_deploy(task, **kwargs) Jul 24 06:12:29 ironic ironic-conductor: 2015-07-24 06:12:29.042 1178 TRACE ironic.drivers.base File "/usr/lib/python2.7/site-packages/ironic/drivers/modules/iscsi_deploy.py", line 336, in continue_deploy Jul 24 06:12:29 ironic ironic-conductor: 2015-07-24 06:12:29.042 1178 TRACE ironic.drivers.base _fail_deploy(task, msg) Jul 24 06:12:29 ironic ironic-conductor: 2015-07-24 06:12:29.042 1178 TRACE ironic.drivers.base File "/usr/lib/python2.7/site-packages/ironic/drivers/modules/iscsi_deploy.py", line 301, in _fail_deploy Jul 24 06:12:29 ironic ironic-conductor: 2015-07-24 06:12:29.042 1178 TRACE ironic.drivers.base raise exception.InstanceDeployFailure(msg) Jul 24 06:12:29 ironic ironic-conductor: 2015-07-24 06:12:29.042 1178 TRACE ironic.drivers.base InstanceDeployFailure: Couldn't determine the UUID of the root partition or the disk identifier after deploying node 94684b56-13bc-47fa-9235-4aa6b802d712 Jul 24 06:12:29 ironic ironic-conductor: 2015-07-24 06:12:29.042 1178 TRACE ironic.drivers.base Jul 24 06:12:29 ironic ironic-conductor: Traceback (most recent call last): Jul 24 06:12:29 ironic ironic-conductor: File "/usr/lib/python2.7/site-packages/eventlet/hubs/hub.py", line 457, in fire_timers Jul 24 06:12:29 ironic ironic-conductor: timer() Jul 24 06:12:29 ironic ironic-conductor: File "/usr/lib/python2.7/site-packages/eventlet/hubs/timer.py", line 58, in __call__ Jul 24 06:12:29 ironic ironic-conductor: cb(*args, **kw) Jul 24 06:12:29 ironic ironic-conductor: File "/usr/lib/python2.7/site-packages/eventlet/greenthread.py", line 214, in main Jul 24 06:12:29 ironic ironic-conductor: result = function(*args, **kwargs) Jul 24 06:12:29 ironic ironic-conductor: File "/usr/lib/python2.7/site-packages/ironic/drivers/base.py", line 519, in passthru_handler Jul 24 06:12:29 ironic ironic-conductor: LOG.exception(passthru_logmessage, api_method) Jul 24 06:12:29 ironic ironic-conductor: File "/usr/lib/python2.7/site-packages/oslo_utils/excutils.py", line 85, in __exit__ Jul 24 06:12:29 ironic ironic-conductor: six.reraise(self.type_, self.value, self.tb) Jul 24 06:12:29 ironic ironic-conductor: File "/usr/lib/python2.7/site-packages/ironic/drivers/base.py", line 516, in passthru_handler Jul 24 06:12:29 ironic ironic-conductor: return func(*args, **kwargs) Jul 24 06:12:29 ironic ironic-conductor: File "/usr/lib/python2.7/site-packages/ironic/conductor/task_manager.py", line 128, in wrapper Jul 24 06:12:29 ironic ironic-conductor: return f(*args, **kwargs) Jul 24 06:12:29 ironic ironic-conductor: File "/usr/lib/python2.7/site-packages/ironic/drivers/modules/pxe.py", line 598, in pass_deploy_info Jul 24 06:12:29 ironic ironic-conductor: uuid_dict = iscsi_deploy.continue_deploy(task, **kwargs) Jul 24 06:12:29 ironic ironic-conductor: File "/usr/lib/python2.7/site-packages/ironic/drivers/modules/iscsi_deploy.py", line 336, in continue_deploy Jul 24 06:12:29 ironic ironic-conductor: _fail_deploy(task, msg) Jul 24 06:12:29 ironic ironic-conductor: File "/usr/lib/python2.7/site-packages/ironic/drivers/modules/iscsi_deploy.py", line 301, in _fail_deploy Jul 24 06:12:29 ironic ironic-conductor: raise exception.InstanceDeployFailure(msg) Jul 24 06:12:29 ironic ironic-conductor: InstanceDeployFailure: Couldn't determine the UUID of the root partition or the disk identifier after deploying node 94684b56-13bc-47fa-9235-4aa6b802d712 --------------- Regards, Jian On 07/23/2015 09:13 PM, zhangjian2011 wrote: > Hi Guys, > > I am using ironic to deploy bare node. > And I wanted to deploy it with the kernel and ramdisk from an existing > OS(vmlinuz and initramfs in /boot ). > But failed, I am not sure it works or not by doing so. > > I got the following error message from the nova-conductor.log > ------ > 2015-07-23 16:45:22.301 2684 ERROR nova.scheduler.utils > [req-c88443b1-df80-402d-a030-50d70f6aaa3c > a9e9b92963934eeebf3e731240757e54 6c5fe0f608e94f2b82cc610b028da45d - - > -] [instance: a4b0e52f-5732-445d-b817-10fbe9f2d214] Error from last > host: ironic.fnst.com (node 94684b56-13bc-47fa-9235-4aa6b802d712): > [u'Traceback (most recent call last):\n', u' File > "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 2219, > in _do_build_and_run_instance\n filter_properties)\n', u' File > "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 2362, > in _build_and_run_instance\n instance_uuid=instance.uuid, > reason=six.text_type(e))\n', u'RescheduledException: Build of instance > a4b0e52f-5732-445d-b817-10fbe9f2d214 was re-scheduled: Failed to > provision instance a4b0e52f-5732-445d-b817-10fbe9f2d214: None\n'] > 2015-07-23 16:45:22.314 2684 WARNING nova.scheduler.utils > [req-c88443b1-df80-402d-a030-50d70f6aaa3c > a9e9b92963934eeebf3e731240757e54 6c5fe0f608e94f2b82cc610b028da45d - - > -] Failed to compute_task_build_instances: No valid host was found. > There are not enough hosts available. > Traceback (most recent call last): > > File > "/usr/lib/python2.7/site-packages/oslo_messaging/rpc/server.py", line > 142, in inner > return func(*args, **kwargs) > > File "/usr/lib/python2.7/site-packages/nova/scheduler/manager.py", > line 86, in select_destinations > filter_properties) > got > File > "/usr/lib/python2.7/site-packages/nova/scheduler/filter_scheduler.py", > line 80, in select_destinations > raise exception.NoValidHost(reason=reason) > > NoValidHost: No valid host was found. There are not enough hosts > available. > > 2015-07-23 16:45:22.314 2684 WARNING nova.scheduler.utils > [req-c88443b1-df80-402d-a030-50d70f6aaa3c > a9e9b92963934eeebf3e731240757e54 6c5fe0f608e94f2b82cc610b028da45d - - > -] [instance: a4b0e52f-5732-445d-b817-10fbe9f2d214] Setting instance > to ERROR state. > ------- > > > Can anyone help me? > > > Regards, > Jian > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > From doc at aedo.net Fri Jul 24 03:55:10 2015 From: doc at aedo.net (Christopher Aedo) Date: Thu, 23 Jul 2015 20:55:10 -0700 Subject: [Openstack-operators] [app-catalog] Catalog roadmap and next steps Message-ID: We have been making some progress on improvements to the Community App Catalog, but this last month things have slowed down some. I wanted to send a note to the mailing list to get a conversation going about what we need to get on the roadmap, and hopefully get some folks committed to helping out. We had been discussing some of this on IRC, in addition to during the weekly scheduled meeting, but I am sure we'll get a broader group engaged by covering this via email. There are only a few blueprints noted at this time[1], but I plan to add several shortly. The blueprints I will add will cover the design/functionality gaps that we are facing right now. These include: -asset versions and exploring realistic ways to expose changes or updates to assets without requiring visitors to review the repo history -integrating glance as the back-end for holding catalog assets (which will help with search, sort and versions) -horizon integration (Kevin Fox has begun work on this already) -rating/scoring and comments/feedback for individual assets -"subscribing" to an asset so users can be notified of updates/changes -site -UI changes to accommodate more types of assets These alone represent a pretty good bit of work, but there's certainly room to get more done over the next few months. Considering the impact the catalog could have on OpenStack adoption, I'd love to get more feedback around the direction we're headed, and hopefully see better participation. (To that end if you'd like to catch us for a real-time conversation on IRC, please do #openstack-app-catalog). If you have any additional thoughts on things we could do to make the catalog even more meaningful, or have feedback on the tasks ahead please speak up :) This is meant to be a place to find all the things users of OpenStack clouds can do with their environments, so please help us make this into the world class showcase it can be! -Christopher [1]: https://blueprints.launchpad.net/app-catalog From mvanwink at rackspace.com Fri Jul 24 04:52:23 2015 From: mvanwink at rackspace.com (Matt Van Winkle) Date: Fri, 24 Jul 2015 04:52:23 +0000 Subject: [Openstack-operators] [Large Deployment Team] Meeting follow up Message-ID: Hello all, We had a great meeting this evening. I've posted minutes and follow-ups [1]. Please take some time to review them if you weren't able to make it. Thanks again to all who participated! One of the net things the LDT agreed to push on together was a common Cells V1 patch set to champion. We've started an etherpad to begin to collect the list of patches people are applying to get cells v1 working. Please take some time to add yours to [2]. If we have an LDT session in Palo Alto, we'll try to start weeding through it for the most common issues so we can begin our common patch set to champion. Please let me know if you have any questions. Thanks! VW [1] https://wiki.openstack.org/wiki/Meetings/LDT [2] https://etherpad.openstack.org/p/PAO-LDT-cells-patches -------------- next part -------------- An HTML attachment was scrubbed... URL: From mvanwink at rackspace.com Fri Jul 24 14:07:06 2015 From: mvanwink at rackspace.com (Matt Van Winkle) Date: Fri, 24 Jul 2015 14:07:06 +0000 Subject: [Openstack-operators] [Large Deployment Team] Anyone mind the meeting in August being on the 4th Thursday? Message-ID: Hey folks, Following the July meeting last night, I was looking ahead to next month and saw that the week we would normally have it is the same as the Ops mid-cycle. The meet up will be Tuesday and Wednesday, so given that some in LDT might be traveling on Thursday, it seemed best to bump it back a week. Any serious objections? Thanks! VW -------------- next part -------------- An HTML attachment was scrubbed... URL: From nicole at openstack.org Fri Jul 24 20:38:17 2015 From: nicole at openstack.org (Nicole Martinelli) Date: Fri, 24 Jul 2015 13:38:17 -0700 Subject: [Openstack-operators] =?utf-8?q?OpenStack_Community_Weekly_Newsle?= =?utf-8?b?dHRlciAoSnVseSAxNyDigJMgMjQp?= Message-ID: <55B2A239.7060509@openstack.org> OpenStack and cloud native applications: two peas in a data center pod OpenStack has shown the world that innovation with open technology can happen. Fast. In fact, it can happen at a pace never before seen in the history of the IT industry. Interoperability: DefCore, Refstack and You The OpenStack Foundation has created a set of requirements to ensure that the various products and services bearing the OpenStack marks achieve a high level of interoperability. This post from IBM OpenTech Team gives an overview of the whole machinery, how to test clouds and upload results to RefStack website. *IMPORTANT + TIME SENSITIVE*: * Vote now for OpenStack Tokyo Summit presentations o The deadline for voting is 11:59 p.m. Pacific Time Zone July 30, 2015. The Road to Tokyo * Registration is open * Tips for getting a travel grant to the next OpenStack Summit * Need a visa for the Tokyo Summit? Here?s what you need to know * Interested in being a Tokyo Summit Sponsor? Reports from Previous Events * Global community celebrates five years of OpenStack * Keystone mid-cycle recap for Liberty Relevant Conversations * Catalog roadmap and next steps * Streamlining of config options in nova * OpenStack Operators Midcycle ? agenda brainstorming Deadlines and Contributors Notifications * Full list of mid-cycle sprints (meetups) * Product WG Liberty Meetup: August 20-21-12, 2015 @Cisco, San Jose, CA * OpenStack Ops Mid-Cycle Meetup August 18, 2015, Palo Alto, CA Security Advisories and Notices * None this week Tips ?n Tricks * By Lo?c Dachary : Ceph integration tests made simple with OpenStack * By Sylvain Afchain : A journey of a packet within OpenContrail * By Matt Fischer : Keystone Token Revocations Cripple Validation Performance * By Spencer Smith : Creating A RancherOS Image for OpenStack * By Repose Ninja ? Hello World * By Sahdev Zala: How to move StackForge project to an existing OpenStack Program * By Ramon Acedo : Multiple Private Networks with Open vSwitch GRE Tunnels and Libvirt * By Operating Your OpenStack Cloud using Ansible * By Doug Hellmann : Keyword Bookmarks for OpenStack Developers Upcoming Events * Jul 28, 2015 OpenStack 5th Birthday ? Austin Austin, Texas, US * Jul 30 ? 31, 2015 DCD INTERNET San Francisco, CA, US Alan Clark, chairman of the board of the OpenStack Foundation, is speaking at the inauguration of StackingIT as part of DCD Internet . Free VIP passes are available to the first 150 people who send their details via email to info at datacenterdynamics.com quoting ?OpenStack? and providing their full name, job title, company name, address, phone and email. * Jul 31 2015 OpenStack Mini Conference Pycon, Brisbane, AU * Aug 07 ? 08, 2015 OpenStack Day India 2015 Bangalore, Karnataka, IN * Aug 10 ? 13, 2015 Gartner Catalyst Conference San Diego, CA, US * Aug 11, 2015 OpenStack Day Taiwan 2015 Taipei, TW * Aug 13 ? 14, 2015 OpenStack Collective Austin, TX, US * Aug 19 ? 21, 2015 China Liberty Hackathon Xian, Shanxi, CN * Aug 20, 2015 OpenStack Day Seattle 2015 Seattle, WA, US * Aug 25, 2015 OpenStack Trove Day 2015 San Jose, CA, US * Aug 26 ? 27, 2015 OpenStack Silicon Valley Mountain View, California, US * Aug 27, 2015 OpenStack Nova Deep Dive Meetup Cluj-Napoca, Cluj, RO * Sep 19, 2015 OpenStack Benelux Conference 2015 Bussum, NL * Sep 21 ? 24, 2015 Storage Developer Conference Santa Clara, CA, CA, US * Oct 04 ? 08, 2015 Gartner SymposiumITxpo Orlando, FL, US * Nov 05, 2015 #CloudBeerStockholm Stockholm, SE * Nov 15 ? 20, 2015 Supercomputing 15 Austin, TX, US Other News * Celebrating Kubernetes 1.0 and the future of container management on OpenStack * OpenStack at 5: The year in review * Kubernetes community lands 1.0 release * Brace yourself: Google joins OpenStack * Hybrid vs. Public ? Google Joins OpenStack /The weekly newsletter is a way for the community to learn about all the various activities occurring on a weekly basis. / -------------- next part -------------- An HTML attachment was scrubbed... URL: From ignaziocassano at gmail.com Sat Jul 25 05:28:09 2015 From: ignaziocassano at gmail.com (Ignazio Cassano) Date: Sat, 25 Jul 2015 07:28:09 +0200 Subject: [Openstack-operators] Stack with external vlan and intranet vlan In-Reply-To: References: Message-ID: Hy guys, I would like to setup a private cloud for my company with openstack kilo. I read openstack kilo documentation for centos 7 where the suggested scenario provides a configuration with an external vlan (internet), a managent vlan, a tunnel vlan and a stotage vlan. I would like to add a nic on the intranet vlian for install some virtual machines directly on my company network . Could anyhone help me with an example based on the following data? Storage vlan 500 external vlan 300 tunnel vlan 600 mgmt vlan 307 intranet vlan 308 Regards Ignazio -------------- next part -------------- An HTML attachment was scrubbed... URL: From antonio.s.messina at gmail.com Sat Jul 25 10:16:37 2015 From: antonio.s.messina at gmail.com (Antonio Messina) Date: Sat, 25 Jul 2015 12:16:37 +0200 Subject: [Openstack-operators] Stack with external vlan and intranet vlan In-Reply-To: References: Message-ID: Hi Ignazio, I did something similar, but it's not yet production so I don't know if there are any caveats or better solutions, maybe some neutron expert can tell us more. In principle you can create a neutron network on a specific vlan, assuming the compute nodes will have direct access to that vlan. neutron net-create intranet \ --provider:network_type vlan \ --provider:segmentation_id 308 \ --provider:physical_network vlannet neutron subnet-create intranet \ --name vlan308 \ 192.168.160.0/22 \ --no-gateway \ --disable-dhcp Now this network is not shared, so it will only be available in the current tenant, or if the user has the "admin" role. It also have no dhcp. In our case this is important because we already have a dhcp server running on our intranet, but I don't know if this is an actual problem, and if the dhcp-agent will just ignore DHCPREQUEST for unknown mac addresses. This also means that your VM will not get an IP automatically, but for me this is not a problem because it's a secondary interface and I will setup the IP address statically on those VMs. In order to start a VM with an interface on that network, you have to create a "port". You can also chose the IP adress: neutron port-create --fixed-ip subnet_id=ef600ffb-0cad-47ca-8ab2-e488b96a5e58,ip_address=192.168.163.1 --name vm1-vlan308 intranet (replace the id of the subnet with the correct one) then, you can start a VM using: nova boot [...] --nic port-id=6fa3a4a4-f840-4173-b00d-0cc5c9628d30 (replace the ID of the port with the correct one) Please note that by default neutron set up iptables rules for the VM port based on the IP assigned by neutron, so if you try to assign a different IP to the VM it will not work. .a. On Sat, Jul 25, 2015 at 7:28 AM, Ignazio Cassano wrote: > Hy guys, I would like to setup a private cloud for my company with openstack > kilo. > I read openstack kilo documentation for centos 7 where the suggested > scenario provides a configuration with an external vlan (internet), a > managent vlan, a tunnel vlan and a stotage vlan. > I would like to add a nic on the intranet vlian for install some virtual > machines directly on my company network . > Could anyhone help me with an example based on the following data? > Storage vlan 500 > external vlan 300 > tunnel vlan 600 > mgmt vlan 307 > intranet vlan 308 > > Regards > Ignazio > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > -- antonio.s.messina at gmail.com antonio.messina at uzh.ch +41 (0)44 635 42 22 S3IT: Service and Support for Science IT http://www.s3it.uzh.ch/ University of Zurich Winterthurerstrasse 190 CH-8057 Zurich Switzerland From ignaziocassano at gmail.com Sat Jul 25 10:38:35 2015 From: ignaziocassano at gmail.com (Ignazio Cassano) Date: Sat, 25 Jul 2015 12:38:35 +0200 Subject: [Openstack-operators] Stack with external vlan and intranet vlan In-Reply-To: References: Message-ID: You are very kind, thank you. I have only anothe doubt. When in a normal scenario you create the external net, you also create an openvswtch bridge (br-ex) on the network node and add the nic interface you have configuret for internet access. In our scenario we must have another interface in the intranet network : must we create a bridge and add the intranet interface? Must we modify any neutron configuration file to expose the new bridge ? Regards Ignazio Il giorno 25/lug/2015 12:16, "Antonio Messina" ha scritto: > Hi Ignazio, > > I did something similar, but it's not yet production so I don't know > if there are any caveats or better solutions, maybe some neutron > expert can tell us more. > > In principle you can create a neutron network on a specific vlan, > assuming the compute nodes will have direct access to that vlan. > > neutron net-create intranet \ > --provider:network_type vlan \ > --provider:segmentation_id 308 \ > --provider:physical_network vlannet > > neutron subnet-create intranet \ > --name vlan308 \ > 192.168.160.0/22 \ > --no-gateway \ > --disable-dhcp > > Now this network is not shared, so it will only be available in the > current tenant, or if the user has the "admin" role. > > It also have no dhcp. In our case this is important because we already > have a dhcp server running on our intranet, but I don't know if this > is an actual problem, and if the dhcp-agent will just ignore > DHCPREQUEST for unknown mac addresses. This also means that your VM > will not get an IP automatically, but for me this is not a problem > because it's a secondary interface and I will setup the IP address > statically on those VMs. > > In order to start a VM with an interface on that network, you have to > create a "port". You can also chose the IP adress: > > neutron port-create > --fixed-ip > subnet_id=ef600ffb-0cad-47ca-8ab2-e488b96a5e58,ip_address=192.168.163.1 > --name vm1-vlan308 intranet > > (replace the id of the subnet with the correct one) > > then, you can start a VM using: > > nova boot [...] --nic port-id=6fa3a4a4-f840-4173-b00d-0cc5c9628d30 > > (replace the ID of the port with the correct one) > > Please note that by default neutron set up iptables rules for the VM > port based on the IP assigned by neutron, so if you try to assign a > different IP to the VM it will not work. > > .a. > > On Sat, Jul 25, 2015 at 7:28 AM, Ignazio Cassano > wrote: > > Hy guys, I would like to setup a private cloud for my company with > openstack > > kilo. > > I read openstack kilo documentation for centos 7 where the suggested > > scenario provides a configuration with an external vlan (internet), a > > managent vlan, a tunnel vlan and a stotage vlan. > > I would like to add a nic on the intranet vlian for install some virtual > > machines directly on my company network . > > Could anyhone help me with an example based on the following data? > > Storage vlan 500 > > external vlan 300 > > tunnel vlan 600 > > mgmt vlan 307 > > intranet vlan 308 > > > > Regards > > Ignazio > > > > > > _______________________________________________ > > OpenStack-operators mailing list > > OpenStack-operators at lists.openstack.org > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > > > > > -- > antonio.s.messina at gmail.com > antonio.messina at uzh.ch +41 (0)44 635 42 22 > S3IT: Service and Support for Science IT http://www.s3it.uzh.ch/ > University of Zurich > Winterthurerstrasse 190 > CH-8057 Zurich Switzerland > -------------- next part -------------- An HTML attachment was scrubbed... URL: From antonio.s.messina at gmail.com Sat Jul 25 10:48:31 2015 From: antonio.s.messina at gmail.com (Antonio Messina) Date: Sat, 25 Jul 2015 12:48:31 +0200 Subject: [Openstack-operators] Stack with external vlan and intranet vlan In-Reply-To: References: Message-ID: On Sat, Jul 25, 2015 at 12:38 PM, Ignazio Cassano wrote: > You are very kind, thank you. > I have only anothe doubt. > When in a normal scenario you create the external net, you also create an > openvswtch bridge (br-ex) on the network node and add the nic interface > you have configuret for internet access. > In our scenario we must have another interface in the intranet network : > must we create a bridge and add the intranet interface? > Must we modify any neutron configuration file to expose the new bridge ? The standard configuration for vlan network applies. The setup I've describe does not use an external router, so you will not pass through the network node and will not use br-ex bridge. I'm using ml2 with openvswitch, so the relevant options for ml2_conf.ini are: [ml2] type_drivers = gre,vlan,vxlan mechanism_drivers = openvswitch [ml2_type_vlan] network_vlan_ranges = vlannet:1:4000 [ovs] bridge_mappings = vlannet:br-vlan br-vlan is an openvswitch bridge created on the compute node with: ovs-vsctl -- --may-exist add-br br-vlan ovs-vsctl -- --may-exist add-port br-vlan bond0 in my case, bond0 is an interface on the compute node in "trunk", so that packets are received with the vlan tag on the node. .a. -- antonio.s.messina at gmail.com antonio.messina at uzh.ch +41 (0)44 635 42 22 S3IT: Service and Support for Science IT http://www.s3it.uzh.ch/ University of Zurich Winterthurerstrasse 190 CH-8057 Zurich Switzerland From ignaziocassano at gmail.com Sat Jul 25 14:59:55 2015 From: ignaziocassano at gmail.com (Ignazio Cassano) Date: Sat, 25 Jul 2015 16:59:55 +0200 Subject: [Openstack-operators] Stack with external vlan and intranet vlan In-Reply-To: References: Message-ID: Thank you again. I am going to try a configuration liky you suggested. Ignazio Il giorno 25/lug/2015 12:48, "Antonio Messina" ha scritto: > On Sat, Jul 25, 2015 at 12:38 PM, Ignazio Cassano > wrote: > > You are very kind, thank you. > > I have only anothe doubt. > > When in a normal scenario you create the external net, you also create an > > openvswtch bridge (br-ex) on the network node and add the nic interface > > you have configuret for internet access. > > In our scenario we must have another interface in the intranet network : > > must we create a bridge and add the intranet interface? > > Must we modify any neutron configuration file to expose the new bridge ? > > The standard configuration for vlan network applies. The setup I've > describe does not use an external router, so you will not pass through > the network node and will not use br-ex bridge. > > I'm using ml2 with openvswitch, so the relevant options for ml2_conf.ini > are: > > [ml2] > type_drivers = gre,vlan,vxlan > mechanism_drivers = openvswitch > > [ml2_type_vlan] > network_vlan_ranges = vlannet:1:4000 > > [ovs] > bridge_mappings = vlannet:br-vlan > > br-vlan is an openvswitch bridge created on the compute node with: > > ovs-vsctl -- --may-exist add-br br-vlan > ovs-vsctl -- --may-exist add-port br-vlan bond0 > > in my case, bond0 is an interface on the compute node in "trunk", so > that packets are received with the vlan tag on the node. > > .a. > > -- > antonio.s.messina at gmail.com > antonio.messina at uzh.ch +41 (0)44 635 42 22 > S3IT: Service and Support for Science IT http://www.s3it.uzh.ch/ > University of Zurich > Winterthurerstrasse 190 > CH-8057 Zurich Switzerland > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ibravo at ltgfederal.com Sat Jul 25 15:23:04 2015 From: ibravo at ltgfederal.com (Ignacio Bravo) Date: Sat, 25 Jul 2015 11:23:04 -0400 Subject: [Openstack-operators] Deployment using c7000 and VFlex cards Message-ID: <5A194959-5A91-4421-9295-3B9D9CBA9F52@ltgfederal.com> Hi, We recently got our hands on an HP enclosure with 2 VFlex 10 as the interconnect backbone and a share of 16 bl460c G7 & G8 servers to deploy a production openstack environment. Our first thought is to use RDO Manager, a triple O based installer at rdoproject.org, to deploy the environment and was looking for best practices on how to deploy the network configuration on the backpane based on the several networks that need to be defined. We will be using CentOS as the base OS system. Any help will be appreciated. IB From sorrison at gmail.com Mon Jul 27 00:08:25 2015 From: sorrison at gmail.com (Sam Morrison) Date: Mon, 27 Jul 2015 10:08:25 +1000 Subject: [Openstack-operators] [Large Deployment Team] Anyone mind the meeting in August being on the 4th Thursday? In-Reply-To: References: Message-ID: <02A208CE-BAD9-49D8-9FD1-410F2E5505D6@gmail.com> Sounds good to me Sam > On 25 Jul 2015, at 12:07 am, Matt Van Winkle wrote: > > Hey folks, > Following the July meeting last night, I was looking ahead to next month and saw that the week we would normally have it is the same as the Ops mid-cycle. The meet up will be Tuesday and Wednesday, so given that some in LDT might be traveling on Thursday, it seemed best to bump it back a week. Any serious objections? > > Thanks! > VW > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -------------- next part -------------- An HTML attachment was scrubbed... URL: From sorrison at gmail.com Mon Jul 27 06:32:25 2015 From: sorrison at gmail.com (Sam Morrison) Date: Mon, 27 Jul 2015 16:32:25 +1000 Subject: [Openstack-operators] [puppet] module dependencies and different openstack versions Message-ID: <4218824C-98C9-438C-B6CC-A6926880E108@gmail.com> We currently use our own custom puppet modules to deploy openstack, I have been looking into the official openstack modules and have a few barriers to switching. We are looking at doing this at a project at a time but the modules have a lot of dependencies. Eg. they all depend on the keystone module and try to do things in keystone suck as create users, service endpoints etc. This is a pain as I don?t want it to mess with keystone (for one we don?t support setting endpoints via an API) but also we don?t want to move to the official keystone module at the same time. We have some custom keystone stuff which means we?ll may never move to the official keystone puppet module. The neutron module pulls in the vswitch module but we don?t use vswitch and it doesn?t seem to be a requirement of the module so maybe doesn?t need to be in metadata dependencies? It looks as if all the openstack puppet modules are designed to all be used at once? Does anyone else have these kind of issues? It would be great if eg. the neutron module would just manage neutron and not try and do things in nova, keystone, mysql etc. The other issue we have is that we have different services in openstack running different versions. Currently we have Kilo, Juno and Icehouse versions of different bits in the same cloud. It seems as if the puppet modules are designed just to manage one openstack version? Is there any thoughts on making it support different versions at the same time? Does this work? Thanks, Sam From blak111 at gmail.com Mon Jul 27 08:37:34 2015 From: blak111 at gmail.com (Kevin Benton) Date: Mon, 27 Jul 2015 02:37:34 -0600 Subject: [Openstack-operators] Can't launch docker instance, Unexpected vif_type=binding_failed. In-Reply-To: References: Message-ID: Is the neutron openvswitch agent running on host compute2? What do the logs say for the agent there? On Jul 22, 2015 07:22, "Asmaa Chebba" wrote: > Hi, > I installed Docker with juno release on Ubuntu > all compute/networking services are up and enabled, and I can add docker > images with glance however, I can't launch an instance (stopped at spawning > step) > in the nova-compute log, I found : > Instance failed to spawn > InstanceDeployFailure: Cannot setup network: Unexpected > vif_type=binding_failed > and when verifying the neutron-server log: > Failed to bind port 5d299cc9-e3f3-48a0-a80f-f204910a47e7 on host compute2 > > Any idea on how to solve this? > I appriciate your help. > Tahnks. > > > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From antonio.s.messina at gmail.com Mon Jul 27 09:50:03 2015 From: antonio.s.messina at gmail.com (Antonio Messina) Date: Mon, 27 Jul 2015 11:50:03 +0200 Subject: [Openstack-operators] Fwd: Managing security incidents: how to find the guilty VM ? In-Reply-To: References: <55B0F207.5020400@pd.infn.it> Message-ID: On Thu, Jul 23, 2015 at 3:54 PM, Alvise Dorigo wrote: > If the VM doesn't have a floating IP, the Y IP address that is exposed on > the internet (and therefore the one that will be commuticated to the > security people) is the one of the OpenStack router. > > Given the private IP of the machine we are able to find the UUID of the VM > (even if this was already deleted) and then the id of the relevant user who > created it. > But the problem is how to find this private IP address. Interesting: how do you do it? In Kilo, apparently, the ports are deleted also from the DB, do you have some sort of trigger? And how is the mapping between port and instance id done? For your question, I guess the only solution is to periodically save the output of "conntrack -L" on the network node, to be run *within* the router namespace. A possible solution (that I haven't tested yet), is to use ulogd https://home.regit.org/2014/02/logging-connection-tracking-event-with-ulogd/ .a. -- antonio.s.messina at gmail.com antonio.messina at uzh.ch +41 (0)44 635 42 22 S3IT: Service and Support for Science IT http://www.s3it.uzh.ch/ University of Zurich Winterthurerstrasse 190 CH-8057 Zurich Switzerland From amuller at redhat.com Mon Jul 27 13:13:24 2015 From: amuller at redhat.com (Assaf Muller) Date: Mon, 27 Jul 2015 09:13:24 -0400 (EDT) Subject: [Openstack-operators] Can't launch docker instance, Unexpected vif_type=binding_failed. In-Reply-To: References: Message-ID: <748236946.702964.1438002804611.JavaMail.zimbra@redhat.com> Also can you paste the configuration for both the OVS agent and your neutron server? Binding failure is almost always a configuration mismatch. ----- Original Message ----- > > > Is the neutron openvswitch agent running on host compute2? What do the logs > say for the agent there? > On Jul 22, 2015 07:22, "Asmaa Chebba" < achebba at cdta.dz > wrote: > > > > Hi, > I installed Docker with juno release on Ubuntu > all compute/networking services are up and enabled, and I can add docker > images with glance however, I can't launch an instance (stopped at spawning > step) > in the nova-compute log, I found : > Instance failed to spawn > InstanceDeployFailure: Cannot setup network: Unexpected > vif_type=binding_failed > and when verifying the neutron-server log: > Failed to bind port 5d299cc9-e3f3-48a0-a80f-f204910a47e7 on host compute2 > > Any idea on how to solve this? > I appriciate your help. > Tahnks. > > > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > From emilien at redhat.com Mon Jul 27 13:25:14 2015 From: emilien at redhat.com (Emilien Macchi) Date: Mon, 27 Jul 2015 09:25:14 -0400 Subject: [Openstack-operators] [puppet] module dependencies and different openstack versions In-Reply-To: <4218824C-98C9-438C-B6CC-A6926880E108@gmail.com> References: <4218824C-98C9-438C-B6CC-A6926880E108@gmail.com> Message-ID: <55B6313A.3000506@redhat.com> On 07/27/2015 02:32 AM, Sam Morrison wrote: > We currently use our own custom puppet modules to deploy openstack, I have been looking into the official openstack modules and have a few barriers to switching. > > We are looking at doing this at a project at a time but the modules have a lot of dependencies. Eg. they all depend on the keystone module and try to do things in keystone suck as create users, service endpoints etc. > > This is a pain as I don?t want it to mess with keystone (for one we don?t support setting endpoints via an API) but also we don?t want to move to the official keystone module at the same time. We have some custom keystone stuff which means we?ll may never move to the official keystone puppet module. Well, in that case it's going to be very hard for you to use the modules. Trying to give up forks and catch-up to upstream is really expensive and challenging (Fuel is currently working on this). What I suggest is: 1/ have a look at the diff between your manifests and upstream ones. 2/ try to use upstream modules with the maximum number of classes, and put the rest in a custom module (or a manifest somewhere). 3/ submit patches if you think we're missing something in the modules. > The neutron module pulls in the vswitch module but we don?t use vswitch and it doesn?t seem to be a requirement of the module so maybe doesn?t need to be in metadata dependencies? AFIK there is no conditional in metadata.json, so we need the module anyway. It should not cause any trouble to you, except if you have a custom 'vswitch' module. > > It looks as if all the openstack puppet modules are designed to all be used at once? Does anyone else have these kind of issues? It would be great if eg. the neutron module would just manage neutron and not try and do things in nova, keystone, mysql etc. We try to design our modules to work together because Puppet OpenStack is a single project composed of modules that are supposed to -together- deploy OpenStack. In your case, I would just install the module from source (git) and not trying to pull them from Puppetforge. > > The other issue we have is that we have different services in openstack running different versions. Currently we have Kilo, Juno and Icehouse versions of different bits in the same cloud. It seems as if the puppet modules are designed just to manage one openstack version? Is there any thoughts on making it support different versions at the same time? Does this work? 1/ you're running Kilo, Juno and Icehouse in the same cloud? Wow. You're brave! 2/ Puppet modules do not hardcode OpenStack packages version. Though our current master is targeting Liberty, but we have stable/kilo, stable/juno, etc. You can even disable the package dependency in most of the classes. I'm not sure this is an issue here, maybe a misunderstanding of how to use the modules. Good luck, -- Emilien Macchi -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: From mdorman at godaddy.com Mon Jul 27 14:50:59 2015 From: mdorman at godaddy.com (Mike Dorman) Date: Mon, 27 Jul 2015 14:50:59 +0000 Subject: [Openstack-operators] [Neutron] [Large Deployments Team] Discussion around routed networks Message-ID: I wanted to bring this to the attention of anybody who may have missed it on openstack-dev. Particularly the LDT team folks who have been talking about the routed networks/disparate L2 domains stuff [1] [2]. http://lists.openstack.org/pipermail/openstack-dev/2015-July/thread.html#70 028 This is a discussion stemming from Carl?s segmented, routed networks spec [3]. I think the ?ask? from operators has been somewhat well represented, but if others could review and chime in as appropriate, I think that could be useful. Also somewhat related is this patch [4] for better scheduling DHCP agents on the appropriate L2 segment. Might be worth a +1 if it would be useful to you as an operator. [1] https://bugs.launchpad.net/neutron/+bug/1458890 [2] https://etherpad.openstack.org/p/Network_Segmentation_Usecases [3] https://review.openstack.org/#/c/196812/ [4] https://review.openstack.org/#/c/205631/ From louis at kragniz.eu Mon Jul 27 16:29:44 2015 From: louis at kragniz.eu (Louis Taylor) Date: Mon, 27 Jul 2015 17:29:44 +0100 Subject: [Openstack-operators] [glance] Removal of Catalog Index Service from Glance In-Reply-To: <20150717185053.GA31373@gmail.com> References: <20150717185053.GA31373@gmail.com> Message-ID: <20150727162944.GA27196@gmail.com> On Fri, Jul 17, 2015 at 07:50:55PM +0100, Louis Taylor wrote: > Hi operators, > > In Kilo, we added the Catalog Index Service as an experimental API in Glance. > It soon became apparent this would be better suited as a separate project, so > it was split into the Searchlight project: > > https://wiki.openstack.org/wiki/Searchlight > > We've now started the process of removing the service from Glance for the > Liberty release. Since the service was originally had the status of being > experimental, we felt it would be okay to remove it without a cycle of > deprecation. > > Is this something that would cause issues for any existing deployments? If you > have any feelings about this one way or the other, feel free to share your > thoughts on this mailing list or in the review to remove the code: > > https://review.openstack.org/#/c/197043/ Some time has passed and no one has complained about this, so I propose we go ahead and remove it in liberty. Cheers, Louis -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: Digital signature URL: From ian.cordasco at RACKSPACE.COM Mon Jul 27 19:24:08 2015 From: ian.cordasco at RACKSPACE.COM (Ian Cordasco) Date: Mon, 27 Jul 2015 19:24:08 +0000 Subject: [Openstack-operators] [glance] Removal of Catalog Index Service from Glance In-Reply-To: <20150727162944.GA27196@gmail.com> References: <20150717185053.GA31373@gmail.com> <20150727162944.GA27196@gmail.com> Message-ID: On 7/27/15, 11:29, "Louis Taylor" wrote: >On Fri, Jul 17, 2015 at 07:50:55PM +0100, Louis Taylor wrote: >> Hi operators, >> >> In Kilo, we added the Catalog Index Service as an experimental API in >>Glance. >> It soon became apparent this would be better suited as a separate >>project, so >> it was split into the Searchlight project: >> >> https://wiki.openstack.org/wiki/Searchlight >> >> We've now started the process of removing the service from Glance for >>the >> Liberty release. Since the service was originally had the status of >>being >> experimental, we felt it would be okay to remove it without a cycle of >> deprecation. >> >> Is this something that would cause issues for any existing deployments? >>If you >> have any feelings about this one way or the other, feel free to share >>your >> thoughts on this mailing list or in the review to remove the code: >> >> https://review.openstack.org/#/c/197043/ > >Some time has passed and no one has complained about this, so I propose >we go >ahead and remove it in liberty. > >Cheers, >Louis +1 From sorrison at gmail.com Mon Jul 27 23:10:20 2015 From: sorrison at gmail.com (Sam Morrison) Date: Tue, 28 Jul 2015 09:10:20 +1000 Subject: [Openstack-operators] [puppet] module dependencies and different openstack versions In-Reply-To: <55B6313A.3000506@redhat.com> References: <4218824C-98C9-438C-B6CC-A6926880E108@gmail.com> <55B6313A.3000506@redhat.com> Message-ID: <4000C303-30D9-4345-8370-28D1A63D0DAE@gmail.com> > On 27 Jul 2015, at 11:25 pm, Emilien Macchi wrote: > > > > On 07/27/2015 02:32 AM, Sam Morrison wrote: >> We currently use our own custom puppet modules to deploy openstack, I have been looking into the official openstack modules and have a few barriers to switching. >> >> We are looking at doing this at a project at a time but the modules have a lot of dependencies. Eg. they all depend on the keystone module and try to do things in keystone suck as create users, service endpoints etc. >> >> This is a pain as I don?t want it to mess with keystone (for one we don?t support setting endpoints via an API) but also we don?t want to move to the official keystone module at the same time. We have some custom keystone stuff which means we?ll may never move to the official keystone puppet module. > > Well, in that case it's going to be very hard for you to use the > modules. Trying to give up forks and catch-up to upstream is really > expensive and challenging (Fuel is currently working on this). > > What I suggest is: > 1/ have a look at the diff between your manifests and upstream ones. > 2/ try to use upstream modules with the maximum number of classes, and > put the rest in a custom module (or a manifest somewhere). > 3/ submit patches if you think we're missing something in the modules. >> The neutron module pulls in the vswitch module but we don?t use vswitch and it doesn?t seem to be a requirement of the module so maybe doesn?t need to be in metadata dependencies? > > AFIK there is no conditional in metadata.json, so we need the module > anyway. It should not cause any trouble to you, except if you have a > custom 'vswitch' module. Yeah it would be nice if you could specify dependencies as well as recommended much like debian packages do. We use librarian-puppet to manage all our modules and you can?t disable it installing all the dependencies. But that is another issue? >> It looks as if all the openstack puppet modules are designed to all be used at once? Does anyone else have these kind of issues? It would be great if eg. the neutron module would just manage neutron and not try and do things in nova, keystone, mysql etc. > > We try to design our modules to work together because Puppet OpenStack > is a single project composed of modules that are supposed to -together- > deploy OpenStack. All the puppet modules we use are very modular (hence the name), the openstack modules aren?t at this stage. Ideally each module would be self contained and then if people wanted to deploy ?openstack? there could be an ?openstack? module that would pull in all the individual project modules and make them work together. It?s the first tip for writing a module listed at https://docs.puppetlabs.com/puppet/latest/reference/modules_fundamentals.html#tips I guess I?m just wondering if other people are having the same issue I am? and if so is there a way forward to make the puppet modules more modular or do I just stick with my own modules. > In your case, I would just install the module from source (git) and not > trying to pull them from Puppetforge. > >> >> The other issue we have is that we have different services in openstack running different versions. Currently we have Kilo, Juno and Icehouse versions of different bits in the same cloud. It seems as if the puppet modules are designed just to manage one openstack version? Is there any thoughts on making it support different versions at the same time? Does this work? > > 1/ you're running Kilo, Juno and Icehouse in the same cloud? Wow. You're > brave! We are a large deployment spanning multiple data centres and 1000+ hosts so upgrading in one big bang isn?t an option. I don?t think this is brave it is the norm for people running large openstack clouds in production. > 2/ Puppet modules do not hardcode OpenStack packages version. Though our > current master is targeting Liberty, but we have stable/kilo, > stable/juno, etc. You can even disable the package dependency in most of > the classes. The packages aren?t the issue it?s more the configs that get pushed out and so on, when config variables change location etc. with different versions this becomes hard. > I'm not sure this is an issue here, maybe a misunderstanding of how to > use the modules. > > Good luck, Thanks, Sam From josephbajin at gmail.com Mon Jul 27 23:28:27 2015 From: josephbajin at gmail.com (Joseph Bajin) Date: Mon, 27 Jul 2015 19:28:27 -0400 Subject: [Openstack-operators] [Ops Tools/Monitoring] Next Meeting - 7/29/15 - 10AM EST Message-ID: Operators, The next meeting of the Operator Tools and Monitoring working group is set for 7/29/15 (Wed.) at 10AM EST. We hold the meeting on IRC in the #openstack-meeting-4 room. You can see the logs from our previous meeting here: http://eavesdrop.openstack.org/meetings/operators_ops_tools_monitoring/2015/ We are looking for more support from the community. It does look like there is a lot of great topics that want to be addressed at the Mid-Cycle Meetup which is great! We hope to take what was discussed at both the Summit and the Mid-Cycle meeting and capitalize on ideas and support. Thanks Joe -------------- next part -------------- An HTML attachment was scrubbed... URL: From charlesboyo at gmail.com Tue Jul 28 00:46:25 2015 From: charlesboyo at gmail.com (Charles 'Boyo) Date: Tue, 28 Jul 2015 01:46:25 +0100 Subject: [Openstack-operators] Is the neutron port-security extension available for ML2 linux-bridge? Message-ID: Hello. I have an OpenStack Juno environment and I am trying to integrate my Nova instances with other physical machines on the same network. Neutron networking is based on ML2 linux-bridge plugin with VLAN segmentation. The security-groups feature is installing anti-spoof rules for non-instance traffic and DHCP server traffic. This is getting in the way of using virtual instances as routers and DHCP servers. The port-security extension is supposed to make it possible to disable the automatic iptables rules but attempts to use the port_security_enabled attribute while creating ports end with an error: Unrecognized attribute(s) 'port_security_enabled' (HTTP 400) (Request-ID: req-eb10a181-4109-40ca-ad54-2d3f2a82285a) The port-security extension was implemented for ML2 with OVS in Kilo but I cannot seem to find any similar implementation for linux-bridge. Please can you point me in the direction of similar functionality for ML2 with the linux-bridge mechanism driver? Or it is forbidden for any reason? Charles -------------- next part -------------- An HTML attachment was scrubbed... URL: From james.denton at rackspace.com Tue Jul 28 01:48:22 2015 From: james.denton at rackspace.com (James Denton) Date: Tue, 28 Jul 2015 01:48:22 +0000 Subject: [Openstack-operators] Is the neutron port-security extension available for ML2 linux-bridge? In-Reply-To: References: Message-ID: <1438048102271.68894@rackspace.com> Hi Charles, >> The port-security extension was implemented for ML2 with OVS in Kilo but I cannot seem to find any similar implementation for linux-bridge.? It also works with LinuxBridge in Kilo. To gain this functionality, you'll need to upgrade the environment from Juno to Kilo. To enable, in the /etc/neutron/plugins/ml2/ml2_conf.ini file, add the following under [ml2] and restart the neutron-server service: [ml2] ... extension_drivers = port_security James ________________________________ From: Charles 'Boyo Sent: Monday, July 27, 2015 7:46 PM To: openstack-operators at lists.openstack.org Subject: [Openstack-operators] Is the neutron port-security extension available for ML2 linux-bridge? Hello. I have an OpenStack Juno environment and I am trying to integrate my Nova instances with other physical machines on the same network. Neutron networking is based on ML2 linux-bridge plugin with VLAN segmentation. The security-groups feature is installing anti-spoof rules for non-instance traffic and DHCP server traffic. This is getting in the way of using virtual instances as routers and DHCP servers. The port-security extension is supposed to make it possible to disable the automatic iptables rules but attempts to use the port_security_enabled attribute while creating ports end with an error: Unrecognized attribute(s) 'port_security_enabled' (HTTP 400) (Request-ID: req-eb10a181-4109-40ca-ad54-2d3f2a82285a) The port-security extension was implemented for ML2 with OVS in Kilo but I cannot seem to find any similar implementation for linux-bridge. Please can you point me in the direction of similar functionality for ML2 with the linux-bridge mechanism driver? Or it is forbidden for any reason? Charles -------------- next part -------------- An HTML attachment was scrubbed... URL: From alvise.dorigo at pd.infn.it Tue Jul 28 07:17:02 2015 From: alvise.dorigo at pd.infn.it (Alvise Dorigo) Date: Tue, 28 Jul 2015 09:17:02 +0200 Subject: [Openstack-operators] Which is the correct way to set ha queues in RabbitMQ Message-ID: <55B72C6E.4040806@pd.infn.it> Hi, I read these two documents: http://docs.openstack.org/high-availability-guide/content/_configure_rabbitmq.html https://www.rdoproject.org/RabbitMQ To configure the queues in HA mode, the two docs suggests two slightly different commands; The first one says: rabbitmqctl set_policy ha-all '^(?!amq\.).*' '{"ha-mode": "all"}' while the second one says: rabbitmqctl set_policy HA '^(?!amq\.).*' '{"ha-mode": "all"}' "ha_all" vs. "HA". which one is correct ? thanks, Alvise -------------- next part -------------- An HTML attachment was scrubbed... URL: From charlesboyo at gmail.com Tue Jul 28 07:24:37 2015 From: charlesboyo at gmail.com (Charles 'Boyo) Date: Tue, 28 Jul 2015 08:24:37 +0100 Subject: [Openstack-operators] Is the neutron port-security extension available for ML2 linux-bridge? In-Reply-To: <1438048102271.68894@rackspace.com> References: <1438048102271.68894@rackspace.com> Message-ID: Thanks for the response James. >> The port-security extension was implemented for ML2 with OVS in Kilo > but I cannot seem to find any similar implementation for linux-bridge.? > > It also works with LinuxBridge in Kilo. To gain this functionality, you'll > need to upgrade the environment from Juno to Kilo. > Though I have never tried code patches to my environment before, I have to ask: is it possible to bring just enough of the changes in Kilo ML2 into the current Juno install? If so, how could I go about that? Charles -------------- next part -------------- An HTML attachment was scrubbed... URL: From vishalcdac07 at gmail.com Tue Jul 28 07:41:09 2015 From: vishalcdac07 at gmail.com (vishal yadav) Date: Tue, 28 Jul 2015 13:11:09 +0530 Subject: [Openstack-operators] [openstack-dev] Which is the correct way to set ha queues in RabbitMQ In-Reply-To: <55B72C6E.4040806@pd.infn.it> References: <55B72C6E.4040806@pd.infn.it> Message-ID: >> "ha_all" vs. "HA". >> which one is correct ? That's the policy name, you can name anything... Excerpt from 'man rabbitmqctl' ... set_policy [-p vhostpath] {name} {pattern} {definition} [priority] Sets a policy. name The name of the policy. pattern The regular expression, which when matches on a given resources causes the policy to apply. definition The definition of the policy, as a JSON term. In most shells you are very likely to need to quote this. priority The priority of the policy as an integer, defaulting to 0. Higher numbers indicate greater precedence. ... Regards, Vishal On Tue, Jul 28, 2015 at 12:47 PM, Alvise Dorigo wrote: > Hi, > I read these two documents: > > > http://docs.openstack.org/high-availability-guide/content/_configure_rabbitmq.html > > https://www.rdoproject.org/RabbitMQ > > To configure the queues in HA mode, the two docs suggests two slightly > different commands; > > The first one says: > > rabbitmqctl set_policy ha-all '^(?!amq\.).*' '{"ha-mode": "all"}' > > > while the second one says: > > rabbitmqctl set_policy HA '^(?!amq\.).*' '{"ha-mode": "all"}' > > > "ha_all" vs. "HA". > > which one is correct ? > > thanks, > > Alvise > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rovanleeuwen at ebay.com Tue Jul 28 07:43:57 2015 From: rovanleeuwen at ebay.com (Van Leeuwen, Robert) Date: Tue, 28 Jul 2015 07:43:57 +0000 Subject: [Openstack-operators] [puppet] module dependencies and different openstack versions In-Reply-To: <4218824C-98C9-438C-B6CC-A6926880E108@gmail.com> References: <4218824C-98C9-438C-B6CC-A6926880E108@gmail.com> Message-ID: > >We currently use our own custom puppet modules to deploy openstack, I >have been looking into the official openstack modules and have a few >barriers to switching. > >We are looking at doing this at a project at a time but the modules have >a lot of dependencies. Eg. they all depend on the keystone module and try >to do things in keystone suck as create users, service endpoints etc. > >This is a pain as I don?t want it to mess with keystone (for one we don?t >support setting endpoints via an API) but also we don?t want to move to >the official keystone module at the same time. We have some custom >keystone stuff which means we?ll may never move to the official keystone >puppet module. > >The neutron module pulls in the vswitch module but we don?t use vswitch >and it doesn?t seem to be a requirement of the module so maybe doesn?t >need to be in metadata dependencies? > >It looks as if all the openstack puppet modules are designed to all be >used at once? Does anyone else have these kind of issues? It would be >great if eg. the neutron module would just manage neutron and not try and >do things in nova, keystone, mysql etc. > > >The other issue we have is that we have different services in openstack >running different versions. Currently we have Kilo, Juno and Icehouse >versions of different bits in the same cloud. It seems as if the puppet >modules are designed just to manage one openstack version? Is there any >thoughts on making it support different versions at the same time? Does >this work? Hi, In my experience (I am setting up a new environment) the modules can be used ?stand-alone?. It is the OpenStack module itself that comes with a combined server example. The separate modules (nova, glance, etc) are very configurable and don?t necessarily need to setup e.g. keystone. >From the OpenStack module you can modify the profiles and it will not do the keystone stuff / database, etc.. E.g. Remove the ?:nova::keystone::auth? part in the nova profile. We use r10k to select which versions to install and it should be trivial to use Juno / Kilo stuff together (have not tested this myself). Regarding the vswich module I *guess* that that is regulated by the following: neutron/manifests/agents/ml2/ovs.pp: if $::neutron::params::ovs_agent_package So unsetting that variable should not pull the package. Cheers, Robert van Leeuwen From alvise.dorigo at pd.infn.it Tue Jul 28 07:45:16 2015 From: alvise.dorigo at pd.infn.it (Alvise Dorigo) Date: Tue, 28 Jul 2015 09:45:16 +0200 Subject: [Openstack-operators] [openstack-dev] Which is the correct way to set ha queues in RabbitMQ In-Reply-To: References: <55B72C6E.4040806@pd.infn.it> Message-ID: <55B7330C.8020303@pd.infn.it> thank you very much Vishal. A. On 28/07/2015 09:41, vishal yadav wrote: > >> "ha_all" vs. "HA". > >> which one is correct ? > > That's the policy name, you can name anything... > > Excerpt from 'man rabbitmqctl' > ... > set_policy [-p vhostpath] {name} {pattern} {definition} [priority] > Sets a policy. > > name > The name of the policy. > > pattern > The regular expression, which when matches on a given > resources causes the policy to apply. > > definition > The definition of the policy, as a JSON term. In most > shells you are very likely to need to quote this. > > priority > The priority of the policy as an integer, defaulting to > 0. Higher numbers indicate greater precedence. > ... > > Regards, > Vishal > > > On Tue, Jul 28, 2015 at 12:47 PM, Alvise Dorigo > > wrote: > > Hi, > I read these two documents: > > http://docs.openstack.org/high-availability-guide/content/_configure_rabbitmq.html > > https://www.rdoproject.org/RabbitMQ > > To configure the queues in HA mode, the two docs suggests two > slightly different commands; > > The first one says: > > rabbitmqctl set_policy ha-all '^(?!amq\.).*' '{"ha-mode": "all"}' > > > while the second one says: > > rabbitmqctl set_policy HA '^(?!amq\.).*' '{"ha-mode": "all"}' > > > "ha_all" vs. "HA". > > which one is correct ? > > thanks, > > Alvise > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: > OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From vishalcdac07 at gmail.com Tue Jul 28 07:46:26 2015 From: vishalcdac07 at gmail.com (vishal yadav) Date: Tue, 28 Jul 2015 13:16:26 +0530 Subject: [Openstack-operators] [openstack-dev] Which is the correct way to set ha queues in RabbitMQ In-Reply-To: <55B7330C.8020303@pd.infn.it> References: <55B72C6E.4040806@pd.infn.it> <55B7330C.8020303@pd.infn.it> Message-ID: You're welcome :) On Tue, Jul 28, 2015 at 1:15 PM, Alvise Dorigo wrote: > thank you very much Vishal. > > A. > > > On 28/07/2015 09:41, vishal yadav wrote: > > >> "ha_all" vs. "HA". > >> which one is correct ? > > That's the policy name, you can name anything... > > Excerpt from 'man rabbitmqctl' > ... > set_policy [-p vhostpath] {name} {pattern} {definition} [priority] > Sets a policy. > > name > The name of the policy. > > pattern > The regular expression, which when matches on a given > resources causes the policy to apply. > > definition > The definition of the policy, as a JSON term. In most > shells you are very likely to need to quote this. > > priority > The priority of the policy as an integer, defaulting to 0. > Higher numbers indicate greater precedence. > ... > > Regards, > Vishal > > > On Tue, Jul 28, 2015 at 12:47 PM, Alvise Dorigo > wrote: > >> Hi, >> I read these two documents: >> >> >> http://docs.openstack.org/high-availability-guide/content/_configure_rabbitmq.html >> >> https://www.rdoproject.org/RabbitMQ >> >> To configure the queues in HA mode, the two docs suggests two slightly >> different commands; >> >> The first one says: >> >> rabbitmqctl set_policy ha-all '^(?!amq\.).*' '{"ha-mode": "all"}' >> >> >> while the second one says: >> >> rabbitmqctl set_policy HA '^(?!amq\.).*' '{"ha-mode": "all"}' >> >> >> "ha_all" vs. "HA". >> >> which one is correct ? >> >> thanks, >> >> Alvise >> >> __________________________________________________________________________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: >> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From clsacramento at gmail.com Tue Jul 28 08:31:16 2015 From: clsacramento at gmail.com (Cynthia Lopes) Date: Tue, 28 Jul 2015 10:31:16 +0200 Subject: [Openstack-operators] [puppet] module dependencies and different openstack versions In-Reply-To: References: <4218824C-98C9-438C-B6CC-A6926880E108@gmail.com> Message-ID: Hi, I have same feedback as Robert, we use the openstack/puppet-[project] modules and they are quiet independent. We have our own module that integrates those modules as we need and we even deploy each service on different nodes so we need them to be independent and we could achieve it. Kind regards, Cynthia Lopes do Sacramento 2015-07-28 9:43 GMT+02:00 Van Leeuwen, Robert : > > > >We currently use our own custom puppet modules to deploy openstack, I > >have been looking into the official openstack modules and have a few > >barriers to switching. > > > >We are looking at doing this at a project at a time but the modules have > >a lot of dependencies. Eg. they all depend on the keystone module and try > >to do things in keystone suck as create users, service endpoints etc. > > > >This is a pain as I don?t want it to mess with keystone (for one we don?t > >support setting endpoints via an API) but also we don?t want to move to > >the official keystone module at the same time. We have some custom > >keystone stuff which means we?ll may never move to the official keystone > >puppet module. > > > >The neutron module pulls in the vswitch module but we don?t use vswitch > >and it doesn?t seem to be a requirement of the module so maybe doesn?t > >need to be in metadata dependencies? > > > >It looks as if all the openstack puppet modules are designed to all be > >used at once? Does anyone else have these kind of issues? It would be > >great if eg. the neutron module would just manage neutron and not try and > >do things in nova, keystone, mysql etc. > > > > > >The other issue we have is that we have different services in openstack > >running different versions. Currently we have Kilo, Juno and Icehouse > >versions of different bits in the same cloud. It seems as if the puppet > >modules are designed just to manage one openstack version? Is there any > >thoughts on making it support different versions at the same time? Does > >this work? > > > > Hi, > > In my experience (I am setting up a new environment) the modules can be > used ?stand-alone?. > It is the OpenStack module itself that comes with a combined server > example. > The separate modules (nova, glance, etc) are very configurable and don?t > necessarily need to setup e.g. keystone. > > From the OpenStack module you can modify the profiles and it will not do > the keystone stuff / database, etc.. > E.g. Remove the ?:nova::keystone::auth? part in the nova profile. > > We use r10k to select which versions to install and it should be trivial > to use Juno / Kilo stuff together (have not tested this myself). > > > Regarding the vswich module I *guess* that that is regulated by the > following: > neutron/manifests/agents/ml2/ovs.pp: if > $::neutron::params::ovs_agent_package > So unsetting that variable should not pull the package. > > Cheers, > Robert van Leeuwen > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > -------------- next part -------------- An HTML attachment was scrubbed... URL: From alvise.dorigo at pd.infn.it Tue Jul 28 08:43:39 2015 From: alvise.dorigo at pd.infn.it (Alvise Dorigo) Date: Tue, 28 Jul 2015 10:43:39 +0200 Subject: [Openstack-operators] [openstack-dev] Which is the correct way to set ha queues in RabbitMQ In-Reply-To: References: <55B72C6E.4040806@pd.infn.it> <55B7330C.8020303@pd.infn.it> Message-ID: <55B740BB.3000109@pd.infn.it> Hi Vishal, do you have a effective recipe to test if the rabbitmq's HA ? I've three instances of it; I've also nova, cinder and neutron configured with rabbit_ha_queues = true. Just restarting a rabbit instance seems not to be sufficient to test a real case scenario, is it ? any advice ? thanks, Alvise On 28/07/2015 09:46, vishal yadav wrote: > You're welcome :) > > On Tue, Jul 28, 2015 at 1:15 PM, Alvise Dorigo > > wrote: > > thank you very much Vishal. > > A. > > > On 28/07/2015 09:41, vishal yadav wrote: >> >> "ha_all" vs. "HA". >> >> which one is correct ? >> >> That's the policy name, you can name anything... >> >> Excerpt from 'man rabbitmqctl' >> ... >> set_policy [-p vhostpath] {name} {pattern} {definition} [priority] >> Sets a policy. >> >> name >> The name of the policy. >> >> pattern >> The regular expression, which when matches on a >> given resources causes the policy to apply. >> >> definition >> The definition of the policy, as a JSON term. In >> most shells you are very likely to need to quote this. >> >> priority >> The priority of the policy as an integer, >> defaulting to 0. Higher numbers indicate greater precedence. >> ... >> >> Regards, >> Vishal >> >> >> On Tue, Jul 28, 2015 at 12:47 PM, Alvise Dorigo >> > wrote: >> >> Hi, >> I read these two documents: >> >> http://docs.openstack.org/high-availability-guide/content/_configure_rabbitmq.html >> >> https://www.rdoproject.org/RabbitMQ >> >> To configure the queues in HA mode, the two docs suggests two >> slightly different commands; >> >> The first one says: >> >> rabbitmqctl set_policy ha-all '^(?!amq\.).*' '{"ha-mode": "all"}' >> >> >> while the second one says: >> >> rabbitmqctl set_policy HA '^(?!amq\.).*' '{"ha-mode": "all"}' >> >> >> "ha_all" vs. "HA". >> >> which one is correct ? >> >> thanks, >> >> Alvise >> >> __________________________________________________________________________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: >> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe >> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From achebba at CDTA.DZ Tue Jul 28 11:13:37 2015 From: achebba at CDTA.DZ (Asmaa Chebba) Date: Tue, 28 Jul 2015 11:13:37 +0000 Subject: [Openstack-operators] RE : Can't launch docker instance, Unexpected vif_type=binding_failed. In-Reply-To: <748236946.702964.1438002804611.JavaMail.zimbra@redhat.com> References: , <748236946.702964.1438002804611.JavaMail.zimbra@redhat.com> Message-ID: openvswitch agent is running and the logs in compute2 are as follow: 1. OVS-cleanup.log 2015-06-20 12:52:19.976 1529 INFO neutron.agent.ovs_cleanup_util [-] OVS cleanup completed successfully 2015-06-23 15:48:43.401 1332 INFO neutron.common.config [-] Logging enabled! 2015-06-23 15:48:43.893 1332 INFO neutron.agent.ovs_cleanup_util [-] Cleaning br-int 2015-06-23 15:48:44.520 1332 INFO neutron.agent.ovs_cleanup_util [-] OVS cleanup completed successfully 2015-06-24 11:49:21.423 1770 INFO neutron.common.config [-] Logging enabled! 2015-06-24 11:49:22.123 1770 INFO neutron.agent.ovs_cleanup_util [-] Cleaning br-int 2015-06-24 11:49:22.628 1770 INFO neutron.agent.ovs_cleanup_util [-] OVS cleanup completed successfully 2015-06-25 00:21:55.634 1337 INFO neutron.common.config [-] Logging enabled! 2015-06-25 00:21:56.858 1337 INFO neutron.agent.ovs_cleanup_util [-] Cleaning br-int 2015-06-25 00:21:57.900 1337 INFO neutron.agent.ovs_cleanup_util [-] OVS cleanup completed successfully 2015-07-07 16:43:42.608 1457 INFO neutron.common.config [-] Logging enabled! 2015-07-07 16:43:43.399 1457 INFO neutron.agent.ovs_cleanup_util [-] Cleaning br-int 2015-07-07 16:43:43.792 1457 INFO neutron.agent.ovs_cleanup_util [-] OVS cleanup completed successfully 2015-07-08 15:04:31.954 1351 INFO neutron.common.config [-] Logging enabled! 2015-07-08 15:04:32.888 1351 INFO neutron.agent.ovs_cleanup_util [-] Cleaning br-int 2015-07-08 15:04:33.235 1351 INFO neutron.agent.ovs_cleanup_util [-] OVS cleanup completed successfully 2015-07-20 13:25:20.300 1550 INFO neutron.common.config [-] Logging enabled! 2015-07-20 13:25:22.665 1550 INFO neutron.agent.ovs_cleanup_util [-] Cleaning br-int 2015-07-20 13:25:22.770 1550 INFO neutron.agent.ovs_cleanup_util [-] OVS cleanup completed succe 2. Openvswitch-agent.log 2015-07-28 13:23:29.151 4615 ERROR neutron.agent.linux.ovsdb_monitor [-] Error received from ovsdb monitor: 2015-07-28T11:23:29Z|00001|fatal_signal|WARN|terminating with signal 15 (Terminated) 2015-07-28 13:23:29.190 4615 ERROR neutron.agent.linux.utils [-] Command: ['ps', '--ppid', '4764', '-o', 'pid='] Exit code: 1 Stdout: '' Stderr: '' 2015-07-28 13:23:29.835 4615 CRITICAL neutron [req-dbf6bc78-c2df-4454-9e19-5f09bf688ee9 None] AssertionError: Trying to re-send() an already-triggered event. 2015-07-28 13:23:29.835 4615 TRACE neutron Traceback (most recent call last): 2015-07-28 13:23:29.835 4615 TRACE neutron File "/usr/bin/neutron-openvswitch-agent", line 10, in 2015-07-28 13:23:29.835 4615 TRACE neutron sys.exit(main()) 2015-07-28 13:23:29.835 4615 TRACE neutron File "/usr/lib/python2.7/dist-packages/neutron/plugins/openvswitch/agent/ovs_neutron_agent.py", line 1565, in main 2015-07-28 13:23:29.835 4615 TRACE neutron agent.daemon_loop() 2015-07-28 13:23:29.835 4615 TRACE neutron File "/usr/lib/python2.7/dist-packages/neutron/plugins/openvswitch/agent/ovs_neutron_agent.py", line 1485, in daemon_loop 2015-07-28 13:23:29.835 4615 TRACE neutron self.rpc_loop(polling_manager=pm) 2015-07-28 13:23:29.835 4615 TRACE neutron File "/usr/lib/python2.7/contextlib.py", line 24, in __exit__ 2015-07-28 13:23:29.835 4615 TRACE neutron self.gen.next() 2015-07-28 13:23:29.835 4615 TRACE neutron File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/polling.py", line 39, in get_polling_manager 2015-07-28 13:23:29.835 4615 TRACE neutron pm.stop() 2015-07-28 13:23:29.835 4615 TRACE neutron File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/polling.py", line 106, in stop 2015-07-28 13:23:29.835 4615 TRACE neutron self._monitor.stop() 2015-07-28 13:23:29.835 4615 TRACE neutron File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/async_process.py", line 89, in stop 2015-07-28 13:23:29.835 4615 TRACE neutron self._kill() 2015-07-28 13:23:29.835 4615 TRACE neutron File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/ovsdb_monitor.py", line 99, in _kill 2015-07-28 13:23:29.835 4615 TRACE neutron super(SimpleInterfaceMonitor, self)._kill(*args, **kwargs) 2015-07-28 13:23:29.835 4615 TRACE neutron File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/async_process.py", line 116, in _kill 2015-07-28 13:23:29.835 4615 TRACE neutron self._kill_event.send() 2015-07-28 13:23:29.835 4615 TRACE neutron File "/usr/lib/python2.7/dist-packages/eventlet/event.py", line 150, in send 2015-07-28 13:23:29.835 4615 TRACE neutron assert self._result is NOT_USED, 'Trying to re-send() an already-triggered event.' 2015-07-28 13:23:29.835 4615 TRACE neutron AssertionError: Trying to re-send() an already-triggered event. 2015-07-28 13:23:29.835 4615 TRACE neutron 2015-07-28 13:23:32.197 6195 INFO neutron.common.config [-] Logging enabled! 2015-07-28 13:23:33.005 6195 INFO oslo.messaging._drivers.impl_rabbit [-] Connecting to AMQP server on controller:5672 2015-07-28 13:23:33.120 6195 INFO oslo.messaging._drivers.impl_rabbit [-] Connected to AMQP server on controller:5672 2015-07-28 13:23:33.126 6195 INFO oslo.messaging._drivers.impl_rabbit [-] Connecting to AMQP server on controller:5672 2015-07-28 13:23:33.143 6195 INFO oslo.messaging._drivers.impl_rabbit [-] Connected to AMQP server on controller:5672 2015-07-28 13:23:34.287 6195 INFO oslo.messaging._drivers.impl_rabbit [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connecting to AMQP server on controller:5672 2015-07-28 13:23:34.304 6195 INFO oslo.messaging._drivers.impl_rabbit [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connected to AMQP server on controller:5672 2015-07-28 13:23:34.315 6195 INFO oslo.messaging._drivers.impl_rabbit [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connecting to AMQP server on controller:5672 2015-07-28 13:23:34.321 6195 INFO oslo.messaging._drivers.impl_rabbit [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connected to AMQP server on controller:5672 2015-07-28 13:23:34.327 6195 INFO oslo.messaging._drivers.impl_rabbit [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connecting to AMQP server on controller:5672 2015-07-28 13:23:34.333 6195 INFO oslo.messaging._drivers.impl_rabbit [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connected to AMQP server on controller:5672 2015-07-28 13:23:34.338 6195 INFO oslo.messaging._drivers.impl_rabbit [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connecting to AMQP server on controller:5672 2015-07-28 13:23:34.344 6195 INFO oslo.messaging._drivers.impl_rabbit [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connected to AMQP server on controller:5672 2015-07-28 13:23:34.349 6195 INFO oslo.messaging._drivers.impl_rabbit [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connecting to AMQP server on controller:5672 2015-07-28 13:23:34.356 6195 INFO oslo.messaging._drivers.impl_rabbit [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connected to AMQP server on controller:5672 2015-07-28 13:23:34.360 6195 INFO neutron.plugins.openvswitch.agent.ovs_neutron_agent [req-15e7e089-2323-4101-811e-ff2537fe3c27 None] Agent initialized successfully, now running... 2015-07-28 13:23:34.367 6195 INFO neutron.plugins.openvswitch.agent.ovs_neutron_agent [req-15e7e089-2323-4101-811e-ff2537fe3c27 None] Agent out of sync with plugin! 2015-07-28 13:23:34.447 6195 INFO neutron.plugins.openvswitch.agent.ovs_neutron_agent [req-15e7e089-2323-4101-811e-ff2537fe3c27 None] Agent tunnel out of sync with plugin! 3. Openvswitch-agent.log.1 ==> 2015-07-26 12:15:51.431 4615 INFO neutron.agent.securitygroups_rpc [req-8d59b5d6-4b0f-4ced-a336-5a94159ac601 None] Security group member updated [u'b6692f4f-f96e-48eb-a796-8df11fb6c16b'] - And the result of ovs-vsctl show: 0a578213-5de5-48fd-923e-14b7b201c6c8 Bridge br-int fail_mode: secure Port br-int Interface br-int type: internal Port patch-tun Interface patch-tun type: patch options: {peer=patch-int} Bridge br-tun fail_mode: secure Port "gre-c0a80204" Interface "gre-c0a80204" type: gre options: {df_default="true", in_key=flow, local_ip="192.168.2.5", out_key=flow, remote_ip="192.168.2.4"} Port br-tun Interface br-tun type: internal Port patch-int Interface patch-int type: patch options: {peer=patch-tun} Port "gre-c0a80203" Interface "gre-c0a80203" type: gre options: {df_default="true", in_key=flow, local_ip="192.168.2.5", out_key=flow, remote_ip="192.168.2.3"} Port "gre-c0a80202" Interface "gre-c0a80202" type: gre options: {df_default="true", in_key=flow, local_ip="192.168.2.5", out_key=flow, remote_ip="192.168.2.2"} ovs_version: "2.0.2" As for the configuration, here is the files of neutron.conf: 1. ON compute [DEFAULT] verbose = True lock_path = $state_path/lock core_plugin = ml2 service_plugins = router auth_strategy = keystone allow_overlapping_ips = True rabbit_host=controller [agent] root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf [keystone_authtoken] auth_uri = http://controller:5000/v2.0 identity_uri = http://controller:35357 admin_tenant_name = service admin_user = neutron admin_password = PASSWORD [service_providers] service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default 2. ON controller [DEFAULT] verbose = True lock_path = $state_path/lock core_plugin = ml2 service_plugins = router auth_strategy = keystone allow_overlapping_ips = True agent_down_time = 1000 notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True nova_url = http://controller:8774/v2 nova_region_name = regionOne nova_admin_username = nova nova_admin_tenant_id =f41a56a0ca3d4ef982fadb9b2363c09f nova_admin_password = PASSWORD nova_admin_auth_url = http://controller:35357/v2.0 rabbit_host=controller rabbit_password=PASSWORD rpc_backend=rabbit [agent] root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf report_interval = 100 [keystone_authtoken] auth_uri = http://controller:5000/v2.0 identity_uri = http://controller:35357 admin_tenant_name = service admin_user = neutron admin_password = PASSWORD [database] connection = mysql://neutron:PASSWORD at controller/neutron [service_providers] service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default Thanks. ________________________________________ De : Assaf Muller [amuller at redhat.com] Date d'envoi : lundi 27 juillet 2015 15:13 ? : Kevin Benton Cc: Asmaa Chebba; OpenStack Operators Objet : Re: [Openstack-operators] Can't launch docker instance, Unexpected vif_type=binding_failed. Also can you paste the configuration for both the OVS agent and your neutron server? Binding failure is almost always a configuration mismatch. ----- Original Message ----- > > > Is the neutron openvswitch agent running on host compute2? What do the logs > say for the agent there? > On Jul 22, 2015 07:22, "Asmaa Chebba" < achebba at cdta.dz > wrote: > > > > Hi, > I installed Docker with juno release on Ubuntu > all compute/networking services are up and enabled, and I can add docker > images with glance however, I can't launch an instance (stopped at spawning > step) > in the nova-compute log, I found : > Instance failed to spawn > InstanceDeployFailure: Cannot setup network: Unexpected > vif_type=binding_failed > and when verifying the neutron-server log: > Failed to bind port 5d299cc9-e3f3-48a0-a80f-f204910a47e7 on host compute2 > > Any idea on how to solve this? > I appriciate your help. > Tahnks. > > > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > From flavio at redhat.com Tue Jul 28 14:05:18 2015 From: flavio at redhat.com (Flavio Percoco) Date: Tue, 28 Jul 2015 16:05:18 +0200 Subject: [Openstack-operators] [openstack-dev] [glance] Removal of Catalog Index Service from Glance In-Reply-To: References: <20150717185053.GA31373@gmail.com> <20150727162944.GA27196@gmail.com> Message-ID: <20150728140518.GE17296@redhat.com> On 27/07/15 19:24 +0000, Ian Cordasco wrote: > > >On 7/27/15, 11:29, "Louis Taylor" wrote: > >>On Fri, Jul 17, 2015 at 07:50:55PM +0100, Louis Taylor wrote: >>> Hi operators, >>> >>> In Kilo, we added the Catalog Index Service as an experimental API in >>>Glance. >>> It soon became apparent this would be better suited as a separate >>>project, so >>> it was split into the Searchlight project: >>> >>> https://wiki.openstack.org/wiki/Searchlight >>> >>> We've now started the process of removing the service from Glance for >>>the >>> Liberty release. Since the service was originally had the status of >>>being >>> experimental, we felt it would be okay to remove it without a cycle of >>> deprecation. >>> >>> Is this something that would cause issues for any existing deployments? >>>If you >>> have any feelings about this one way or the other, feel free to share >>>your >>> thoughts on this mailing list or in the review to remove the code: >>> >>> https://review.openstack.org/#/c/197043/ >> >>Some time has passed and no one has complained about this, so I propose >>we go >>ahead and remove it in liberty. >> >>Cheers, >>Louis > > >+1 Commented on the review! +2 > >__________________________________________________________________________ >OpenStack Development Mailing List (not for usage questions) >Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- @flaper87 Flavio Percoco -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From matt at nycresistor.com Tue Jul 28 15:08:42 2015 From: matt at nycresistor.com (matt) Date: Tue, 28 Jul 2015 11:08:42 -0400 Subject: [Openstack-operators] [openstack-dev] [glance] Removal of Catalog Index Service from Glance In-Reply-To: <20150728140518.GE17296@redhat.com> References: <20150717185053.GA31373@gmail.com> <20150727162944.GA27196@gmail.com> <20150728140518.GE17296@redhat.com> Message-ID: yeah that really didn't belong in glance at all. On Tue, Jul 28, 2015 at 10:05 AM, Flavio Percoco wrote: > On 27/07/15 19:24 +0000, Ian Cordasco wrote: > >> >> >> On 7/27/15, 11:29, "Louis Taylor" wrote: >> >> On Fri, Jul 17, 2015 at 07:50:55PM +0100, Louis Taylor wrote: >>> >>>> Hi operators, >>>> >>>> In Kilo, we added the Catalog Index Service as an experimental API in >>>> Glance. >>>> It soon became apparent this would be better suited as a separate >>>> project, so >>>> it was split into the Searchlight project: >>>> >>>> https://wiki.openstack.org/wiki/Searchlight >>>> >>>> We've now started the process of removing the service from Glance for >>>> the >>>> Liberty release. Since the service was originally had the status of >>>> being >>>> experimental, we felt it would be okay to remove it without a cycle of >>>> deprecation. >>>> >>>> Is this something that would cause issues for any existing deployments? >>>> If you >>>> have any feelings about this one way or the other, feel free to share >>>> your >>>> thoughts on this mailing list or in the review to remove the code: >>>> >>>> https://review.openstack.org/#/c/197043/ >>>> >>> >>> Some time has passed and no one has complained about this, so I propose >>> we go >>> ahead and remove it in liberty. >>> >>> Cheers, >>> Louis >>> >> >> >> +1 >> > > Commented on the review! +2 > > >> __________________________________________________________________________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: >> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > > -- > @flaper87 > Flavio Percoco > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdorman at godaddy.com Tue Jul 28 15:34:58 2015 From: mdorman at godaddy.com (Mike Dorman) Date: Tue, 28 Jul 2015 15:34:58 +0000 Subject: [Openstack-operators] [puppet] module dependencies and different openstack versions In-Reply-To: <4000C303-30D9-4345-8370-28D1A63D0DAE@gmail.com> References: <4218824C-98C9-438C-B6CC-A6926880E108@gmail.com> <55B6313A.3000506@redhat.com> <4000C303-30D9-4345-8370-28D1A63D0DAE@gmail.com> Message-ID: <9846D143-D7F5-4C13-91A2-48CA0AA93BFA@godaddy.com> We use the OpenStack modules, but glue everything together with a monolithic composition module (our own.) We do want to get to a place where we can upgrade/apply config/etc. each OpenStack component separately, but have?t tackled it yet. I think it will be possible, but will take some work. I have heard of a few others who have been working toward the same thing, though I don?t think there?s really anything concrete in the upstream modules yet. WRT the dependencies, we use r10k with a manually populated Puppetfile, so we don?t rely on the module metadata to determine which modules to pull in. That?s one way to get exactly what you want rather than all the dependency sprawl. Mike On 7/27/15, 5:10 PM, "Sam Morrison" wrote: > >> On 27 Jul 2015, at 11:25 pm, Emilien Macchi wrote: >> >> >> >> On 07/27/2015 02:32 AM, Sam Morrison wrote: >>> We currently use our own custom puppet modules to deploy openstack, I >>>have been looking into the official openstack modules and have a few >>>barriers to switching. >>> >>> We are looking at doing this at a project at a time but the modules >>>have a lot of dependencies. Eg. they all depend on the keystone module >>>and try to do things in keystone suck as create users, service >>>endpoints etc. >>> >>> This is a pain as I don?t want it to mess with keystone (for one we >>>don?t support setting endpoints via an API) but also we don?t want to >>>move to the official keystone module at the same time. We have some >>>custom keystone stuff which means we?ll may never move to the official >>>keystone puppet module. >> >> Well, in that case it's going to be very hard for you to use the >> modules. Trying to give up forks and catch-up to upstream is really >> expensive and challenging (Fuel is currently working on this). >> >> What I suggest is: >> 1/ have a look at the diff between your manifests and upstream ones. >> 2/ try to use upstream modules with the maximum number of classes, and >> put the rest in a custom module (or a manifest somewhere). >> 3/ submit patches if you think we're missing something in the modules. >>> The neutron module pulls in the vswitch module but we don?t use >>>vswitch and it doesn?t seem to be a requirement of the module so maybe >>>doesn?t need to be in metadata dependencies? >> >> AFIK there is no conditional in metadata.json, so we need the module >> anyway. It should not cause any trouble to you, except if you have a >> custom 'vswitch' module. > >Yeah it would be nice if you could specify dependencies as well as >recommended much like debian packages do. We use librarian-puppet to >manage all our modules and you can?t disable it installing all the >dependencies. But that is another issue? > >>> It looks as if all the openstack puppet modules are designed to all be >>>used at once? Does anyone else have these kind of issues? It would be >>>great if eg. the neutron module would just manage neutron and not try >>>and do things in nova, keystone, mysql etc. >> >> We try to design our modules to work together because Puppet OpenStack >> is a single project composed of modules that are supposed to -together- >> deploy OpenStack. > >All the puppet modules we use are very modular (hence the name), the >openstack modules aren?t at this stage. Ideally each module would be self >contained and then if people wanted to deploy ?openstack? there could be >an ?openstack? module that would pull in all the individual project >modules and make them work together. > >It?s the first tip for writing a module listed at >https://docs.puppetlabs.com/puppet/latest/reference/modules_fundamentals.h >tml#tips > >I guess I?m just wondering if other people are having the same issue I >am? and if so is there a way forward to make the puppet modules more >modular or do I just stick with my own modules. > >> In your case, I would just install the module from source (git) and not >> trying to pull them from Puppetforge. >> >>> >>> The other issue we have is that we have different services in >>>openstack running different versions. Currently we have Kilo, Juno and >>>Icehouse versions of different bits in the same cloud. It seems as if >>>the puppet modules are designed just to manage one openstack version? >>>Is there any thoughts on making it support different versions at the >>>same time? Does this work? >> >> 1/ you're running Kilo, Juno and Icehouse in the same cloud? Wow. You're >> brave! > >We are a large deployment spanning multiple data centres and 1000+ hosts >so upgrading in one big bang isn?t an option. I don?t think this is brave >it is the norm for people running large openstack clouds in production. > >> 2/ Puppet modules do not hardcode OpenStack packages version. Though our >> current master is targeting Liberty, but we have stable/kilo, >> stable/juno, etc. You can even disable the package dependency in most of >> the classes. > >The packages aren?t the issue it?s more the configs that get pushed out >and so on, when config variables change location etc. with different >versions this becomes hard. > >> I'm not sure this is an issue here, maybe a misunderstanding of how to >> use the modules. >> >> Good luck, > >Thanks, > >Sam > > >_______________________________________________ >OpenStack-operators mailing list >OpenStack-operators at lists.openstack.org >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators From blak111 at gmail.com Tue Jul 28 21:54:04 2015 From: blak111 at gmail.com (Kevin Benton) Date: Tue, 28 Jul 2015 14:54:04 -0700 Subject: [Openstack-operators] RE : Can't launch docker instance, Unexpected vif_type=binding_failed. In-Reply-To: References: <748236946.702964.1438002804611.JavaMail.zimbra@redhat.com> Message-ID: We also need to see the /etc/neutron/plugins/ml2/ml2_conf.ini from both because that has the physical network mappings. Also, I don't see anything obvious in the agent logs there. Can you include the portion surrounding the "Failed to bind port" message from the Neutron server log? On Tue, Jul 28, 2015 at 4:13 AM, Asmaa Chebba wrote: > openvswitch agent is running and the logs in compute2 are as follow: > > 1. OVS-cleanup.log > 2015-06-20 12:52:19.976 1529 INFO neutron.agent.ovs_cleanup_util [-] OVS > cleanup completed successfully > 2015-06-23 15:48:43.401 1332 INFO neutron.common.config [-] Logging > enabled! > 2015-06-23 15:48:43.893 1332 INFO neutron.agent.ovs_cleanup_util [-] > Cleaning br-int > 2015-06-23 15:48:44.520 1332 INFO neutron.agent.ovs_cleanup_util [-] OVS > cleanup completed successfully > 2015-06-24 11:49:21.423 1770 INFO neutron.common.config [-] Logging > enabled! > 2015-06-24 11:49:22.123 1770 INFO neutron.agent.ovs_cleanup_util [-] > Cleaning br-int > 2015-06-24 11:49:22.628 1770 INFO neutron.agent.ovs_cleanup_util [-] OVS > cleanup completed successfully > 2015-06-25 00:21:55.634 1337 INFO neutron.common.config [-] Logging > enabled! > 2015-06-25 00:21:56.858 1337 INFO neutron.agent.ovs_cleanup_util [-] > Cleaning br-int > 2015-06-25 00:21:57.900 1337 INFO neutron.agent.ovs_cleanup_util [-] OVS > cleanup completed successfully > 2015-07-07 16:43:42.608 1457 INFO neutron.common.config [-] Logging > enabled! > 2015-07-07 16:43:43.399 1457 INFO neutron.agent.ovs_cleanup_util [-] > Cleaning br-int > 2015-07-07 16:43:43.792 1457 INFO neutron.agent.ovs_cleanup_util [-] OVS > cleanup completed successfully > 2015-07-08 15:04:31.954 1351 INFO neutron.common.config [-] Logging > enabled! > 2015-07-08 15:04:32.888 1351 INFO neutron.agent.ovs_cleanup_util [-] > Cleaning br-int > 2015-07-08 15:04:33.235 1351 INFO neutron.agent.ovs_cleanup_util [-] OVS > cleanup completed successfully > 2015-07-20 13:25:20.300 1550 INFO neutron.common.config [-] Logging > enabled! > 2015-07-20 13:25:22.665 1550 INFO neutron.agent.ovs_cleanup_util [-] > Cleaning br-int > 2015-07-20 13:25:22.770 1550 INFO neutron.agent.ovs_cleanup_util [-] OVS > cleanup completed succe > > 2. Openvswitch-agent.log > 2015-07-28 13:23:29.151 4615 ERROR neutron.agent.linux.ovsdb_monitor [-] > Error received from ovsdb monitor: > 2015-07-28T11:23:29Z|00001|fatal_signal|WARN|terminating with signal 15 > (Terminated) > 2015-07-28 13:23:29.190 4615 ERROR neutron.agent.linux.utils [-] > Command: ['ps', '--ppid', '4764', '-o', 'pid='] > Exit code: 1 > Stdout: '' > Stderr: '' > 2015-07-28 13:23:29.835 4615 CRITICAL neutron > [req-dbf6bc78-c2df-4454-9e19-5f09bf688ee9 None] AssertionError: Trying to > re-send() an already-triggered event. > 2015-07-28 13:23:29.835 4615 TRACE neutron Traceback (most recent call > last): > 2015-07-28 13:23:29.835 4615 TRACE neutron File > "/usr/bin/neutron-openvswitch-agent", line 10, in > 2015-07-28 13:23:29.835 4615 TRACE neutron sys.exit(main()) > 2015-07-28 13:23:29.835 4615 TRACE neutron File > "/usr/lib/python2.7/dist-packages/neutron/plugins/openvswitch/agent/ovs_neutron_agent.py", > line 1565, in main > 2015-07-28 13:23:29.835 4615 TRACE neutron agent.daemon_loop() > 2015-07-28 13:23:29.835 4615 TRACE neutron File > "/usr/lib/python2.7/dist-packages/neutron/plugins/openvswitch/agent/ovs_neutron_agent.py", > line 1485, in daemon_loop > 2015-07-28 13:23:29.835 4615 TRACE neutron > self.rpc_loop(polling_manager=pm) > 2015-07-28 13:23:29.835 4615 TRACE neutron File > "/usr/lib/python2.7/contextlib.py", line 24, in __exit__ > 2015-07-28 13:23:29.835 4615 TRACE neutron self.gen.next() > 2015-07-28 13:23:29.835 4615 TRACE neutron File > "/usr/lib/python2.7/dist-packages/neutron/agent/linux/polling.py", line 39, > in get_polling_manager > 2015-07-28 13:23:29.835 4615 TRACE neutron pm.stop() > 2015-07-28 13:23:29.835 4615 TRACE neutron File > "/usr/lib/python2.7/dist-packages/neutron/agent/linux/polling.py", line > 106, in stop > 2015-07-28 13:23:29.835 4615 TRACE neutron self._monitor.stop() > 2015-07-28 13:23:29.835 4615 TRACE neutron File > "/usr/lib/python2.7/dist-packages/neutron/agent/linux/async_process.py", > line 89, in stop > 2015-07-28 13:23:29.835 4615 TRACE neutron self._kill() > 2015-07-28 13:23:29.835 4615 TRACE neutron File > "/usr/lib/python2.7/dist-packages/neutron/agent/linux/ovsdb_monitor.py", > line 99, in _kill > 2015-07-28 13:23:29.835 4615 TRACE neutron > super(SimpleInterfaceMonitor, self)._kill(*args, **kwargs) > 2015-07-28 13:23:29.835 4615 TRACE neutron File > "/usr/lib/python2.7/dist-packages/neutron/agent/linux/async_process.py", > line 116, in _kill > 2015-07-28 13:23:29.835 4615 TRACE neutron self._kill_event.send() > 2015-07-28 13:23:29.835 4615 TRACE neutron File > "/usr/lib/python2.7/dist-packages/eventlet/event.py", line 150, in send > 2015-07-28 13:23:29.835 4615 TRACE neutron assert self._result is > NOT_USED, 'Trying to re-send() an already-triggered event.' > 2015-07-28 13:23:29.835 4615 TRACE neutron AssertionError: Trying to > re-send() an already-triggered event. > 2015-07-28 13:23:29.835 4615 TRACE neutron > 2015-07-28 13:23:32.197 6195 INFO neutron.common.config [-] Logging > enabled! > 2015-07-28 13:23:33.005 6195 INFO oslo.messaging._drivers.impl_rabbit [-] > Connecting to AMQP server on controller:5672 > 2015-07-28 13:23:33.120 6195 INFO oslo.messaging._drivers.impl_rabbit [-] > Connected to AMQP server on controller:5672 > 2015-07-28 13:23:33.126 6195 INFO oslo.messaging._drivers.impl_rabbit [-] > Connecting to AMQP server on controller:5672 > 2015-07-28 13:23:33.143 6195 INFO oslo.messaging._drivers.impl_rabbit [-] > Connected to AMQP server on controller:5672 > 2015-07-28 13:23:34.287 6195 INFO oslo.messaging._drivers.impl_rabbit > [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connecting to AMQP server on > controller:5672 > 2015-07-28 13:23:34.304 6195 INFO oslo.messaging._drivers.impl_rabbit > [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connected to AMQP server on > controller:5672 > 2015-07-28 13:23:34.315 6195 INFO oslo.messaging._drivers.impl_rabbit > [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connecting to AMQP server on > controller:5672 > 2015-07-28 13:23:34.321 6195 INFO oslo.messaging._drivers.impl_rabbit > [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connected to AMQP server on > controller:5672 > 2015-07-28 13:23:34.327 6195 INFO oslo.messaging._drivers.impl_rabbit > [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connecting to AMQP server on > controller:5672 > 2015-07-28 13:23:34.333 6195 INFO oslo.messaging._drivers.impl_rabbit > [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connected to AMQP server on > controller:5672 > 2015-07-28 13:23:34.338 6195 INFO oslo.messaging._drivers.impl_rabbit > [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connecting to AMQP server on > controller:5672 > 2015-07-28 13:23:34.344 6195 INFO oslo.messaging._drivers.impl_rabbit > [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connected to AMQP server on > controller:5672 > 2015-07-28 13:23:34.349 6195 INFO oslo.messaging._drivers.impl_rabbit > [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connecting to AMQP server on > controller:5672 > 2015-07-28 13:23:34.356 6195 INFO oslo.messaging._drivers.impl_rabbit > [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connected to AMQP server on > controller:5672 > 2015-07-28 13:23:34.360 6195 INFO > neutron.plugins.openvswitch.agent.ovs_neutron_agent > [req-15e7e089-2323-4101-811e-ff2537fe3c27 None] Agent initialized > successfully, now running... > 2015-07-28 13:23:34.367 6195 INFO > neutron.plugins.openvswitch.agent.ovs_neutron_agent > [req-15e7e089-2323-4101-811e-ff2537fe3c27 None] Agent out of sync with > plugin! > 2015-07-28 13:23:34.447 6195 INFO > neutron.plugins.openvswitch.agent.ovs_neutron_agent > [req-15e7e089-2323-4101-811e-ff2537fe3c27 None] Agent tunnel out of sync > with plugin! > > > 3. Openvswitch-agent.log.1 ==> > 2015-07-26 12:15:51.431 4615 INFO neutron.agent.securitygroups_rpc > [req-8d59b5d6-4b0f-4ced-a336-5a94159ac601 None] Security group member > updated [u'b6692f4f-f96e-48eb-a796-8df11fb6c16b'] > > > - And the result of ovs-vsctl show: > > 0a578213-5de5-48fd-923e-14b7b201c6c8 > Bridge br-int > fail_mode: secure > Port br-int > Interface br-int > type: internal > Port patch-tun > Interface patch-tun > type: patch > options: {peer=patch-int} > Bridge br-tun > fail_mode: secure > Port "gre-c0a80204" > Interface "gre-c0a80204" > type: gre > options: {df_default="true", in_key=flow, > local_ip="192.168.2.5", out_key=flow, remote_ip="192.168.2.4"} > Port br-tun > Interface br-tun > type: internal > Port patch-int > Interface patch-int > type: patch > options: {peer=patch-tun} > Port "gre-c0a80203" > Interface "gre-c0a80203" > type: gre > options: {df_default="true", in_key=flow, > local_ip="192.168.2.5", out_key=flow, remote_ip="192.168.2.3"} > Port "gre-c0a80202" > Interface "gre-c0a80202" > type: gre > options: {df_default="true", in_key=flow, > local_ip="192.168.2.5", out_key=flow, remote_ip="192.168.2.2"} > ovs_version: "2.0.2" > > As for the configuration, here is the files of neutron.conf: > > 1. ON compute > [DEFAULT] > verbose = True > lock_path = $state_path/lock > core_plugin = ml2 > service_plugins = router > auth_strategy = keystone > allow_overlapping_ips = True > rabbit_host=controller > > [agent] > root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf > > [keystone_authtoken] > auth_uri = http://controller:5000/v2.0 > identity_uri = http://controller:35357 > admin_tenant_name = service > admin_user = neutron > admin_password = PASSWORD > > [service_providers] > > service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default > > service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default > > 2. ON controller > [DEFAULT] > verbose = True > lock_path = $state_path/lock > core_plugin = ml2 > service_plugins = router > auth_strategy = keystone > allow_overlapping_ips = True > agent_down_time = 1000 > notify_nova_on_port_status_changes = True > notify_nova_on_port_data_changes = True > nova_url = http://controller:8774/v2 > nova_region_name = regionOne > nova_admin_username = nova > nova_admin_tenant_id =f41a56a0ca3d4ef982fadb9b2363c09f > nova_admin_password = PASSWORD > nova_admin_auth_url = http://controller:35357/v2.0 > rabbit_host=controller > rabbit_password=PASSWORD > rpc_backend=rabbit > > [agent] > root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf > report_interval = 100 > > [keystone_authtoken] > auth_uri = http://controller:5000/v2.0 > identity_uri = http://controller:35357 > admin_tenant_name = service > admin_user = neutron > admin_password = PASSWORD > > [database] > connection = mysql://neutron:PASSWORD at controller/neutron > > [service_providers] > > service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default > > service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default > > Thanks. > ________________________________________ > De : Assaf Muller [amuller at redhat.com] > Date d'envoi : lundi 27 juillet 2015 15:13 > ? : Kevin Benton > Cc: Asmaa Chebba; OpenStack Operators > Objet : Re: [Openstack-operators] Can't launch docker instance, Unexpected > vif_type=binding_failed. > > Also can you paste the configuration for both the OVS agent and your > neutron server? Binding failure is almost always a configuration mismatch. > > ----- Original Message ----- > > > > > > Is the neutron openvswitch agent running on host compute2? What do the > logs > > say for the agent there? > > On Jul 22, 2015 07:22, "Asmaa Chebba" < achebba at cdta.dz > wrote: > > > > > > > > Hi, > > I installed Docker with juno release on Ubuntu > > all compute/networking services are up and enabled, and I can add docker > > images with glance however, I can't launch an instance (stopped at > spawning > > step) > > in the nova-compute log, I found : > > Instance failed to spawn > > InstanceDeployFailure: Cannot setup network: Unexpected > > vif_type=binding_failed > > and when verifying the neutron-server log: > > Failed to bind port 5d299cc9-e3f3-48a0-a80f-f204910a47e7 on host compute2 > > > > Any idea on how to solve this? > > I appriciate your help. > > Tahnks. > > > > > > > > > > _______________________________________________ > > OpenStack-operators mailing list > > OpenStack-operators at lists.openstack.org > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > > > > > _______________________________________________ > > OpenStack-operators mailing list > > OpenStack-operators at lists.openstack.org > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > > -- Kevin Benton -------------- next part -------------- An HTML attachment was scrubbed... URL: From 16189455 at qq.com Wed Jul 29 00:44:35 2015 From: 16189455 at qq.com (=?gb18030?B?09q94A==?=) Date: Wed, 29 Jul 2015 08:44:35 +0800 Subject: [Openstack-operators] [neutron][extra-dhcp-opt]How to use extra-dhcp-opt when the opt_name="static-route" and opt_name="classless-static-route"? Message-ID: Hi all, When using the extr-dhcp-opt, I find the function works well when opt_name="mtu" and opt_name="router". The vm created will use the assigned mtu value or the assigned gateway. But when I create port using --extra-dhcp-opt opt_name="static-route",opt_value="192.168.0.0/24 2.2.2.2" the vm won't use this route. The opt_name="classless-static-route" shows the same result.Do i use them in the wrong way? Any suggestion will be grateful. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From meghalgosalia at gmail.com Wed Jul 29 01:05:30 2015 From: meghalgosalia at gmail.com (Meghal .B. Gosalia) Date: Tue, 28 Jul 2015 18:05:30 -0700 Subject: [Openstack-operators] [nova] Quota per flavor, availability zone or a combination Message-ID: A lot of us have had use cases where a cloud-admin wanted to set - 1. Quota per flavor 2. Quota per Availability Zone 3. Quota per flavor_az (flavor and availability zone) All of these use cases requires an update to the quota module. Currently, quota module only tracks static resources like core, ram, disk which are hardcoded in the quota module. All quota calculations during quota commit is made using static resources. If we need the ability to set "Quota per X", we need the ability to add a quota resource dynamically during quota-update. So, Vliobh Meshram, Josh Harlow and myself have been working on a spec to support dynamic quota resources in nova, which will staisfy all use cases above. Here is the link to the spec - https://review.openstack.org/#/c/206160/ This spec talks about 1. Providing capability to create dynamic quota resource 2. Update metadata (flavor and AZ) for dynamic quota resource 3. Incrementing/Decrementing dynamic quota resource value during instance creation and deletion. It would be great if we could get input from dev and operators on the spec. This is a problem that we have been trying hard at Yahoo to solve and we would love to get your feedback. Operators mailing list was not included in my email (sent yesterday) to dev mailing list. So, sending this email to operators mailing list. Thanks, Meghal -------------- next part -------------- An HTML attachment was scrubbed... URL: From tom at openstack.org Wed Jul 29 05:28:57 2015 From: tom at openstack.org (Tom Fifield) Date: Wed, 29 Jul 2015 13:28:57 +0800 Subject: [Openstack-operators] [tags] Meeting this week In-Reply-To: <55A7AD7E.7030201@openstack.org> References: <5590CC1D.1010809@openstack.org> <55A76707.1050008@maishsk.com> <55A768AA.2040005@openstack.org> <55A78954.5070707@maishsk.com> <55A7AD7E.7030201@openstack.org> Message-ID: <55B86499.9080805@openstack.org> Hi all, I think it's probably a good idea to have a meeting in our scheduled slot 1400 UTC on Thurs 30th July. I'll actually be in Beijing at the time, but I've planned to be there, but it something goes wrong, it would be great if someone could run the meeting. I think a good discussion topic is what you'd like to do for the mid-cycle ops event as we'll likely have a 90 minute in-person session. Regards, Tom On 16/07/15 21:11, Tom Fifield wrote: > OK, if there isn't soon an outpouring of support for this meeting, I > think it's best cancelled :) > > > On 16/07/15 18:37, Maish Saidel-Keesing wrote: >> I would prefer to defer today's meeting >> >> On 07/16/15 11:17, Tom Fifield wrote: >>> Hi, >>> >>> According to the logs from last week, which are sadly in yet another >>> directory: http://eavesdrop.openstack.org/meetings/_operator_tags/ , we >>> do have a meeting this week, but the only agenda item (Jamespage & >>> markbaker - thoughts on packaging) didn't pan out since markbaker wasn't >>> available. >>> >>> Is there interest for a meeting, and any proposed topics? ops:ha? >>> >>> Regards, >>> >>> >>> Tom >>> >>> >>> >>> On 16/07/15 16:10, Maish Saidel-Keesing wrote: >>>> Are we having a meeting today at 14:00 UTC? >>>> >>>> On 06/29/15 07:39, Tom Fifield wrote: >>>>> Hi, >>>>> >>>>> As noted last meeting, we didn't get even half way through out agenda, >>>>> so we will meet this week as well. >>>>> >>>>> So, join us this Thursday Jul 2nd 1400 UTC in #openstack-meeting on >>>>> freenode >>>>> (http://www.timeanddate.com/worldclock/fixedtime.html?iso=20150702T1400 >>>>> ) >>>>> >>>>> To kick off with agenda item #4: >>>>> https://etherpad.openstack.org/p/ops-tags-June-2015 >>>>> >>>>> Previous meeting notes can be found at: >>>>> http://eavesdrop.openstack.org/meetings/ops_tags/2015/ >>>>> >>>>> >>>>> Regards, >>>>> >>>>> >>>>> Tom >>>>> >> > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > From siv.devops at gmail.com Wed Jul 29 05:39:44 2015 From: siv.devops at gmail.com (pra devOPS) Date: Tue, 28 Jul 2015 22:39:44 -0700 Subject: [Openstack-operators] Cinder volume on lvm volume Message-ID: Hi All: I have lvm volume "/dev/mapper/centos-images on " allinOne installation (Cenots7, openstack icehouse) machine. I wanted to make this to configure in cinder to get ebs for instances. Can i do that? is there any document apart to do the same? Any references will be highly appreciated. Thanks, Dev -------------- next part -------------- An HTML attachment was scrubbed... URL: From achebba at CDTA.DZ Wed Jul 29 08:36:22 2015 From: achebba at CDTA.DZ (Asmaa Chebba) Date: Wed, 29 Jul 2015 08:36:22 +0000 Subject: [Openstack-operators] RE : RE : Can't launch docker instance, Unexpected vif_type=binding_failed. In-Reply-To: References: <748236946.702964.1438002804611.JavaMail.zimbra@redhat.com> , Message-ID: 1. ml2_conf.ini in controller: [ml2] type_drivers = flat,gre tenant_network_types = gre mechanism_drivers = openvswitch [ml2_type_gre] tunnel_id_ranges = 1:1000 [securitygroup] enable_security_group = True enable_ipset = True firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver 2. ml2_conf.ini in compute2: [ml2] type_drivers = flat,gre tenant_network_types = gre mechanism_drivers = openvswitch [ml2_type_gre] tunnel_id_ranges = 1:1000 [securitygroup] enable_security_group = True enable_ipset = True firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver [ovs] local_ip = 192.168.2.5 enable_tunneling = True [agent] tunnel_types = gre 3. nova-compute.log in compute2: 2015-07-29 11:13:50.857 5166 WARNING novadocker.virt.docker.driver [-] [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] Cannot setup network: Unexpected vif_type=binding_failed 2015-07-29 11:13:50.857 5166 TRACE novadocker.virt.docker.driver [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] Traceback (most recent call last): 2015-07-29 11:13:50.857 5166 TRACE novadocker.virt.docker.driver [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] File "/usr/local/lib/python2.7/dist-packages/novadocker/virt/docker/driver.py", line 367, in _start_container 2015-07-29 11:13:50.857 5166 TRACE novadocker.virt.docker.driver [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] self.plug_vifs(instance, network_info) 2015-07-29 11:13:50.857 5166 TRACE novadocker.virt.docker.driver [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] File "/usr/local/lib/python2.7/dist-packages/novadocker/virt/docker/driver.py", line 187, in plug_vifs 2015-07-29 11:13:50.857 5166 TRACE novadocker.virt.docker.driver [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] self.vif_driver.plug(instance, vif) 2015-07-29 11:13:50.857 5166 TRACE novadocker.virt.docker.driver [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] File "/usr/local/lib/python2.7/dist-packages/novadocker/virt/docker/vifs.py", line 63, in plug 2015-07-29 11:13:50.857 5166 TRACE novadocker.virt.docker.driver [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] _("Unexpected vif_type=%s") % vif_type) 2015-07-29 11:13:50.857 5166 TRACE novadocker.virt.docker.driver [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] NovaException: Unexpected vif_type=binding_failed 2015-07-29 11:13:50.857 5166 TRACE novadocker.virt.docker.driver [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] 2015-07-29 11:13:51.050 5166 ERROR nova.compute.manager [-] [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] Instance failed to spawn 2015-07-29 11:13:51.050 5166 TRACE nova.compute.manager [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] Traceback (most recent call last): 2015-07-29 11:13:51.050 5166 TRACE nova.compute.manager [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] File "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 2267, in _build_resources 2015-07-29 11:13:51.050 5166 TRACE nova.compute.manager [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] yield resources 2015-07-29 11:13:51.050 5166 TRACE nova.compute.manager [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] File "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 2137, in _build_and_run_instance 2015-07-29 11:13:51.050 5166 TRACE nova.compute.manager [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] block_device_info=block_device_info) 2015-07-29 11:13:51.050 5166 TRACE nova.compute.manager [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] File "/usr/local/lib/python2.7/dist-packages/novadocker/virt/docker/driver.py", line 404, in spawn 2015-07-29 11:13:51.050 5166 TRACE nova.compute.manager [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] self._start_container(container_id, instance, network_info) 2015-07-29 11:13:51.050 5166 TRACE nova.compute.manager [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] File "/usr/local/lib/python2.7/dist-packages/novadocker/virt/docker/driver.py", line 376, in _start_container 2015-07-29 11:13:51.050 5166 TRACE nova.compute.manager [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] instance_id=instance['name']) 2015-07-29 11:13:51.050 5166 TRACE nova.compute.manager [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] InstanceDeployFailure: Cannot setup network: Unexpected vif_type=binding_failed 2015-07-29 11:13:51.050 5166 TRACE nova.compute.manager [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] 2015-07-29 11:13:51.051 5166 AUDIT nova.compute.manager [req-156ad821-5880-4560-83f1-e9a2efb4b4c6 None] [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] Terminating instance 2015-07-29 11:13:51.186 5166 INFO nova.scheduler.client.report [-] Compute_service record updated for ('compute2', 'compute2') 4. the log file for neutron server: 2015-07-29 11:13:45.726 2282 INFO neutron.wsgi [req-67398b60-ab27-49aa-8d9d-24c750252d7c None] 192.168.1.2 - - [29/Jul/2015 11:13:45] "GET /v2.0/quotas/50d58b42ce7043ac8f37d564fe1fb11c.json HTTP/1.1" 200 324 0.011199 2015-07-29 11:13:45.727 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44772) 2015-07-29 11:13:45.733 2282 INFO neutron.wsgi [req-a267604f-ece6-49e6-8a45-ef6927ec332b None] 192.168.1.2 - - [29/Jul/2015 11:13:45] "GET /v2.0/floatingips.json?tenant_id=50d58b42ce7043ac8f37d564fe1fb11c HTTP/1.1" 200 486 0.005865 2015-07-29 11:13:45.734 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44773) 2015-07-29 11:13:45.754 2282 INFO neutron.wsgi [req-ed3a8c6a-dad4-4ecf-87d0-39fc1fec36a0 None] 192.168.1.2 - - [29/Jul/2015 11:13:45] "GET /v2.0/ports.json?tenant_id=50d58b42ce7043ac8f37d564fe1fb11c HTTP/1.1" 200 202 0.019193 2015-07-29 11:13:45.822 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44778) 2015-07-29 11:13:45.839 2282 INFO neutron.wsgi [req-7082cb8b-ae14-42bc-a89d-ae01b4baca1e None] 192.168.1.2 - - [29/Jul/2015 11:13:45] "GET /v2.0/security-groups.json?tenant_id=50d58b42ce7043ac8f37d564fe1fb11c HTTP/1.1" 200 1726 0.016275 2015-07-29 11:13:45.839 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44779) 2015-07-29 11:13:45.854 2282 INFO neutron.wsgi [req-c827316c-c221-4584-adb2-8e72518cab76 None] 192.168.1.2 - - [29/Jul/2015 11:13:45] "GET /v2.0/networks.json?shared=False&tenant_id=50d58b42ce7043ac8f37d564fe1fb11c HTTP/1.1" 200 567 0.014127 2015-07-29 11:13:45.855 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44780) 2015-07-29 11:13:45.870 2282 INFO neutron.wsgi [req-6cb9959c-c6ac-4292-8fb1-233e5a73f716 None] 192.168.1.2 - - [29/Jul/2015 11:13:45] "GET /v2.0/subnets.json HTTP/1.1" 200 1057 0.013845 2015-07-29 11:13:45.871 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44781) 2015-07-29 11:13:45.883 2282 INFO neutron.wsgi [req-b23f256c-c0da-4f33-9584-5af6629498d7 None] 192.168.1.2 - - [29/Jul/2015 11:13:45] "GET /v2.0/networks.json?shared=True HTTP/1.1" 200 205 0.010787 2015-07-29 11:13:45.883 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44782) 2015-07-29 11:13:45.905 2282 INFO neutron.wsgi [req-f7c7b372-68ee-41cb-8399-37ae3bc05cce None] 192.168.1.2 - - [29/Jul/2015 11:13:45] "GET /v2.0/subnets.json HTTP/1.1" 200 1057 0.021410 2015-07-29 11:13:46.008 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44786) 2015-07-29 11:13:46.033 2282 INFO neutron.wsgi [req-582f1c4f-c444-48cd-80a2-1f0f4ba4596c None] 192.168.1.2 - - [29/Jul/2015 11:13:46] "GET /v2.0/networks.json?id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a HTTP/1.1" 200 567 0.023761 2015-07-29 11:13:46.034 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44787) 2015-07-29 11:13:46.056 2282 INFO neutron.wsgi [req-2f1431be-5471-4885-bbb8-d365915700e6 None] 192.168.1.2 - - [29/Jul/2015 11:13:46] "GET /v2.0/ports.json?tenant_id=50d58b42ce7043ac8f37d564fe1fb11c HTTP/1.1" 200 202 0.021720 2015-07-29 11:13:46.057 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44788) 2015-07-29 11:13:46.066 2282 INFO neutron.wsgi [req-852b259c-a4f9-4fd0-ab4f-69675ab05c91 None] 192.168.1.2 - - [29/Jul/2015 11:13:46] "GET /v2.0/quotas/50d58b42ce7043ac8f37d564fe1fb11c.json HTTP/1.1" 200 324 0.008286 2015-07-29 11:13:46.501 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44792) 2015-07-29 11:13:46.568 2282 INFO neutron.wsgi [req-8fc74135-478c-4b8f-b127-090f045243f2 None] 192.168.1.2 - - [29/Jul/2015 11:13:46] "GET /v2.0/ports.json?device_id=52c3d98f-f99c-4d42-969b-16308cbf9db4 HTTP/1.1" 200 202 0.062276 2015-07-29 11:13:46.569 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44793) 2015-07-29 11:13:46.623 2282 INFO neutron.wsgi [req-74a5b5e9-2987-484a-9446-4c3068245fce None] 192.168.1.2 - - [29/Jul/2015 11:13:46] "GET /v2.0/ports.json?device_id=52c3d98f-f99c-4d42-969b-16308cbf9db4 HTTP/1.1" 200 202 0.049072 2015-07-29 11:13:46.629 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44794) 2015-07-29 11:13:46.661 2282 INFO neutron.wsgi [req-cc535e01-8235-43d8-a006-8899a2e96898 None] 192.168.1.2 - - [29/Jul/2015 11:13:46] "GET /v2.0/floatingips.json?tenant_id=50d58b42ce7043ac8f37d564fe1fb11c HTTP/1.1" 200 486 0.030780 2015-07-29 11:13:46.662 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44795) 2015-07-29 11:13:46.726 2282 INFO neutron.wsgi [req-f669276f-7903-4ed9-932a-80bdd4dcc92a None] 192.168.1.2 - - [29/Jul/2015 11:13:46] "GET /v2.0/ports.json?tenant_id=50d58b42ce7043ac8f37d564fe1fb11c HTTP/1.1" 200 202 0.062313 2015-07-29 11:13:46.728 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44796) 2015-07-29 11:13:46.772 2282 INFO neutron.wsgi [req-ffd06ea1-2948-4262-9d7f-ffacea08c9fd None] 192.168.1.2 - - [29/Jul/2015 11:13:46] "GET /v2.0/networks.json HTTP/1.1" 200 922 0.042526 2015-07-29 11:13:46.776 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44797) 2015-07-29 11:13:46.827 2282 INFO neutron.wsgi [req-76b565f1-1408-444c-9e01-249681d0db94 None] 192.168.1.2 - - [29/Jul/2015 11:13:46] "GET /v2.0/subnets.json HTTP/1.1" 200 1057 0.045493 2015-07-29 11:13:47.025 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44802) 2015-07-29 11:13:47.031 2282 INFO neutron.wsgi [req-60c28771-ea8b-41fc-8d7e-e0a2f6b4fa8c None] 192.168.1.2 - - [29/Jul/2015 11:13:47] "GET /v2.0/extensions.json HTTP/1.1" 200 4302 0.004599 2015-07-29 11:13:48.183 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44810) 2015-07-29 11:13:48.247 2282 INFO neutron.wsgi [req-e0ee1b8b-5dd5-4b7a-8dd8-bcdccb2cd946 None] 192.168.1.2 - - [29/Jul/2015 11:13:48] "GET /v2.0/ports.json?device_id=52c3d98f-f99c-4d42-969b-16308cbf9db4 HTTP/1.1" 200 202 0.059973 2015-07-29 11:13:48.777 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44814) 2015-07-29 11:13:48.801 2282 INFO neutron.wsgi [req-7dab3b7a-b876-4305-a7df-f3819628c780 None] 192.168.1.2 - - [29/Jul/2015 11:13:48] "GET /v2.0/extensions.json HTTP/1.1" 200 4302 0.023134 2015-07-29 11:13:48.883 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52168) 2015-07-29 11:13:48.916 2282 INFO neutron.wsgi [req-d8548754-2e87-469d-8a14-d0f6732f08ef None] 192.168.1.5 - - [29/Jul/2015 11:13:48] "GET /v2.0/networks.json?id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a HTTP/1.1" 200 591 0.030698 2015-07-29 11:13:49.012 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52169) 2015-07-29 11:13:49.032 2282 INFO neutron.wsgi [req-95b856ab-583a-47c1-8678-ae7cc6a2eb44 None] 192.168.1.5 - - [29/Jul/2015 11:13:49] "GET /v2.0/security-groups.json?tenant_id=50d58b42ce7043ac8f37d564fe1fb11c HTTP/1.1" 200 1750 0.018625 2015-07-29 11:13:49.034 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52170) 2015-07-29 11:13:49.044 2282 INFO neutron.wsgi [req-07c3cd68-ccf6-4798-a4bb-72c0bc839374 None] 192.168.1.5 - - [29/Jul/2015 11:13:49] "GET /v2.0/extensions.json HTTP/1.1" 200 4326 0.008670 2015-07-29 11:13:49.695 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52172) 2015-07-29 11:13:49.718 2282 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): controller 2015-07-29 11:13:49.874 2282 INFO neutron.quota [req-09e4579c-2e95-4bd9-a580-d26b256e977f None] Loaded quota_driver: . 2015-07-29 11:13:50.000 2282 WARNING neutron.plugins.ml2.managers [req-09e4579c-2e95-4bd9-a580-d26b256e977f None] Failed to bind port 6b6b034d-ea2e-410a-9ff2-2e7fd8765a86 on host compute2 2015-07-29 11:13:50.056 2282 INFO neutron.wsgi [req-09e4579c-2e95-4bd9-a580-d26b256e977f None] 192.168.1.5 - - [29/Jul/2015 11:13:50] "POST /v2.0/ports.json HTTP/1.1" 201 916 0.360514 2015-07-29 11:13:50.061 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52173) 2015-07-29 11:13:50.082 2282 INFO neutron.wsgi [req-c8e5a4f2-639b-45b9-a8b3-2fe6ec0cb7e6 None] 192.168.1.5 - - [29/Jul/2015 11:13:50] "GET /v2.0/ports.json?tenant_id=50d58b42ce7043ac8f37d564fe1fb11c&device_id=52c3d98f-f99c-4d42-969b-16308cbf9db4 HTTP/1.1" 200 914 0.019967 2015-07-29 11:13:50.085 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52174) 2015-07-29 11:13:50.089 2282 INFO neutron.wsgi [req-e042a3b6-9091-4e38-ad13-6927e9918813 None] 192.168.1.5 - - [29/Jul/2015 11:13:50] "GET /v2.0/floatingips.json?fixed_ip_address=10.1.160.133&port_id=6b6b034d-ea2e-410a-9ff2-2e7fd8765a86 HTTP/1.1" 200 232 0.003693 2015-07-29 11:13:50.092 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52175) 2015-07-29 11:13:50.103 2282 INFO neutron.wsgi [req-d1a9dadb-58e9-40f8-b3f3-bcabb2b95988 None] 192.168.1.5 - - [29/Jul/2015 11:13:50] "GET /v2.0/subnets.json?id=1a112b9c-1e4f-4545-bed0-1878a768c37f HTTP/1.1" 200 651 0.008960 2015-07-29 11:13:50.106 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52176) 2015-07-29 11:13:50.121 2282 INFO neutron.wsgi [req-e30bd2a2-df50-4338-b636-ee86c7e66ef6 None] 192.168.1.5 - - [29/Jul/2015 11:13:50] "GET /v2.0/ports.json?network_id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a&device_owner=network%3Adhcp HTTP/1.1" 200 226 0.014181 2015-07-29 11:13:52.239 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44818) 2015-07-29 11:13:52.262 2282 INFO neutron.wsgi [req-05b5c451-9605-4c2e-87a0-44b06e6fc3ee None] 192.168.1.2 - - [29/Jul/2015 11:13:52] "GET /v2.0/ports.json?device_id=52c3d98f-f99c-4d42-969b-16308cbf9db4 HTTP/1.1" 200 890 0.022315 2015-07-29 11:13:52.263 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44819) 2015-07-29 11:13:52.280 2282 INFO neutron.wsgi [req-e6de32dc-0111-43af-83f8-e0f6e2e35ca8 None] 192.168.1.2 - - [29/Jul/2015 11:13:52] "GET /v2.0/security-groups.json?id=b6692f4f-f96e-48eb-a796-8df11fb6c16b HTTP/1.1" 200 1726 0.016793 2015-07-29 11:13:52.566 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44823) 2015-07-29 11:13:52.575 2282 INFO neutron.wsgi [req-86c923c4-10d8-4bba-8c42-2831dc71e24e None] 192.168.1.2 - - [29/Jul/2015 11:13:52] "GET /v2.0/extensions.json HTTP/1.1" 200 4302 0.006609 2015-07-29 11:14:39.861 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44827) 2015-07-29 11:14:39.863 2282 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): controller 2015-07-29 11:14:39.943 2282 INFO neutron.wsgi [req-5e169013-35a4-4007-a88e-3a2883032115 None] 192.168.1.2 - - [29/Jul/2015 11:14:39] "GET /v2.0/ports.json?device_id=52c3d98f-f99c-4d42-969b-16308cbf9db4 HTTP/1.1" 200 890 0.080995 2015-07-29 11:14:39.944 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44829) 2015-07-29 11:14:39.961 2282 INFO neutron.wsgi [req-a30f0167-bf79-486b-a244-ce72fdcc578e None] 192.168.1.2 - - [29/Jul/2015 11:14:39] "GET /v2.0/security-groups.json?id=b6692f4f-f96e-48eb-a796-8df11fb6c16b HTTP/1.1" 200 1726 0.016655 2015-07-29 11:14:47.805 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52180) 2015-07-29 11:14:47.824 2282 INFO neutron.wsgi [req-26fcbb1e-8f5d-4b80-8063-5b7c6eb10931 None] 192.168.1.5 - - [29/Jul/2015 11:14:47] "GET /v2.0/ports.json?tenant_id=50d58b42ce7043ac8f37d564fe1fb11c&device_id=52c3d98f-f99c-4d42-969b-16308cbf9db4 HTTP/1.1" 200 914 0.016296 2015-07-29 11:14:47.860 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52181) 2015-07-29 11:14:47.873 2282 INFO neutron.wsgi [req-1cec59ae-94d8-42a8-8e0e-b34d52a3374f None] 192.168.1.5 - - [29/Jul/2015 11:14:47] "GET /v2.0/networks.json?id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a HTTP/1.1" 200 591 0.011921 2015-07-29 11:14:47.877 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52182) 2015-07-29 11:14:47.881 2282 INFO neutron.wsgi [req-8e626a77-f43b-4f61-b20f-b38d7d1a5146 None] 192.168.1.5 - - [29/Jul/2015 11:14:47] "GET /v2.0/floatingips.json?fixed_ip_address=10.1.160.133&port_id=6b6b034d-ea2e-410a-9ff2-2e7fd8765a86 HTTP/1.1" 200 232 0.003802 2015-07-29 11:14:47.885 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52183) 2015-07-29 11:14:47.900 2282 INFO neutron.wsgi [req-49973dc1-0a89-4fdf-95d4-ba8fef19e17c None] 192.168.1.5 - - [29/Jul/2015 11:14:47] "GET /v2.0/subnets.json?id=1a112b9c-1e4f-4545-bed0-1878a768c37f HTTP/1.1" 200 651 0.014417 2015-07-29 11:14:47.904 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52184) 2015-07-29 11:14:47.916 2282 INFO neutron.wsgi [req-79cfac25-0924-4ce7-a8a6-7f37470916d3 None] 192.168.1.5 - - [29/Jul/2015 11:14:47] "GET /v2.0/ports.json?network_id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a&device_owner=network%3Adhcp HTTP/1.1" 200 226 0.011559 2015-07-29 11:15:48.069 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52192) 2015-07-29 11:15:48.085 2282 INFO neutron.wsgi [req-66b7b2f5-7831-4bb1-8c7d-1aba23ff0ee6 None] 192.168.1.5 - - [29/Jul/2015 11:15:48] "GET /v2.0/ports.json?tenant_id=50d58b42ce7043ac8f37d564fe1fb11c&device_id=52c3d98f-f99c-4d42-969b-16308cbf9db4 HTTP/1.1" 200 914 0.013526 2015-07-29 11:15:48.118 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52193) 2015-07-29 11:15:48.128 2282 INFO neutron.wsgi [req-6924da74-2d7d-4625-97b9-0d2f2bf03dd5 None] 192.168.1.5 - - [29/Jul/2015 11:15:48] "GET /v2.0/networks.json?id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a HTTP/1.1" 200 591 0.009445 2015-07-29 11:15:48.132 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52194) 2015-07-29 11:15:48.137 2282 INFO neutron.wsgi [req-0388024a-9477-4f0d-95cf-9c07618b3de7 None] 192.168.1.5 - - [29/Jul/2015 11:15:48] "GET /v2.0/floatingips.json?fixed_ip_address=10.1.160.133&port_id=6b6b034d-ea2e-410a-9ff2-2e7fd8765a86 HTTP/1.1" 200 232 0.004223 2015-07-29 11:15:48.141 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52195) 2015-07-29 11:15:48.151 2282 INFO neutron.wsgi [req-86da4d41-863c-46ef-80b0-781801054186 None] 192.168.1.5 - - [29/Jul/2015 11:15:48] "GET /v2.0/subnets.json?id=1a112b9c-1e4f-4545-bed0-1878a768c37f HTTP/1.1" 200 651 0.010079 2015-07-29 11:15:48.155 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52196) 2015-07-29 11:15:48.167 2282 INFO neutron.wsgi [req-1bd0ed0b-0e4c-463a-a146-2cf49994e697 None] 192.168.1.5 - - [29/Jul/2015 11:15:48] "GET /v2.0/ports.json?network_id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a&device_owner=network%3Adhcp HTTP/1.1" 200 226 0.010833 2015-07-29 11:16:19.500 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44841) 2015-07-29 11:16:19.502 2282 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): controller 2015-07-29 11:16:19.536 2282 INFO neutron.wsgi [req-9510288d-4a7c-4531-9d78-0fa7e74ee89c None] 192.168.1.2 - - [29/Jul/2015 11:16:19] "GET /v2.0/ports.json?device_id=52c3d98f-f99c-4d42-969b-16308cbf9db4 HTTP/1.1" 200 890 0.035511 2015-07-29 11:16:19.537 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44843) 2015-07-29 11:16:19.552 2282 INFO neutron.wsgi [req-c1e6bffc-daba-463c-86c0-1fcd3d44facc None] 192.168.1.2 - - [29/Jul/2015 11:16:19] "GET /v2.0/security-groups.json?id=b6692f4f-f96e-48eb-a796-8df11fb6c16b HTTP/1.1" 200 1726 0.014557 2015-07-29 11:16:19.615 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44846) 2015-07-29 11:16:19.617 2282 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): controller 2015-07-29 11:16:19.646 2282 INFO neutron.wsgi [req-62f1f6f6-7dd8-4e93-b922-aa198bd931e8 None] 192.168.1.2 - - [29/Jul/2015 11:16:19] "GET /v2.0/lb/vips.json HTTP/1.1" 404 242 0.030132 2015-07-29 11:16:19.658 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44848) 2015-07-29 11:16:19.660 2282 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): controller 2015-07-29 11:16:19.690 2282 INFO neutron.wsgi [req-24cf8dfb-b61f-4eeb-afed-e3f5f99d2cff None] 192.168.1.2 - - [29/Jul/2015 11:16:19] "GET /v2.0/vpn/ipsec-site-connections.json HTTP/1.1" 404 242 0.029553 2015-07-29 11:16:19.708 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44851) 2015-07-29 11:16:19.710 2282 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): controller 2015-07-29 11:16:19.734 2282 INFO neutron.wsgi [req-5ff18460-0bd9-4fc3-9857-9622d902e664 None] 192.168.1.2 - - [29/Jul/2015 11:16:19] "GET /v2.0/lb/members.json HTTP/1.1" 404 242 0.024793 2015-07-29 11:16:19.742 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44853) 2015-07-29 11:16:19.744 2282 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): controller 2015-07-29 11:16:19.774 2282 INFO neutron.wsgi [req-1a5319c1-8a0c-45e3-b7a2-82420f0ff8de None] 192.168.1.2 - - [29/Jul/2015 11:16:19] "GET /v2.0/fw/firewall_policies.json HTTP/1.1" 404 242 0.029860 2015-07-29 11:16:19.816 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44858) 2015-07-29 11:16:19.819 2282 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): controller 2015-07-29 11:16:19.848 2282 INFO neutron.wsgi [req-42e9d62f-ac71-4742-b7e4-c48248402acf None] 192.168.1.2 - - [29/Jul/2015 11:16:19] "GET /v2.0/floatingips.json?tenant_id=f41a56a0ca3d4ef982fadb9b2363c09f HTTP/1.1" 200 208 0.029809 2015-07-29 11:16:19.849 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44860) 2015-07-29 11:16:19.868 2282 INFO neutron.wsgi [req-167f740f-6079-4aa9-8516-9875aa7aab73 None] 192.168.1.2 - - [29/Jul/2015 11:16:19] "GET /v2.0/networks.json?router%3Aexternal=True HTTP/1.1" 200 567 0.018023 2015-07-29 11:16:19.869 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44861) 2015-07-29 11:16:19.893 2282 INFO neutron.wsgi [req-58b47d7e-9dea-410d-93e6-000dd36d4246 None] 192.168.1.2 - - [29/Jul/2015 11:16:19] "GET /v2.0/ports.json?tenant_id=f41a56a0ca3d4ef982fadb9b2363c09f HTTP/1.1" 200 202 0.023137 2015-07-29 11:16:19.894 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44862) 2015-07-29 11:16:19.896 2282 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): controller 2015-07-29 11:16:19.927 2282 INFO neutron.wsgi [req-9d43819e-d21e-4454-b79d-20969f786185 None] 192.168.1.2 - - [29/Jul/2015 11:16:19] "GET /v2.0/lb/health_monitors.json HTTP/1.1" 404 242 0.032373 2015-07-29 11:16:19.936 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44865) 2015-07-29 11:16:19.939 2282 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): controller 2015-07-29 11:16:19.959 2282 INFO neutron.wsgi [req-0033d040-b116-4279-9ccb-ba59a17632e1 None] 192.168.1.2 - - [29/Jul/2015 11:16:19] "GET /v2.0/lb/pools.json HTTP/1.1" 404 242 0.021986 2015-07-29 11:16:20.108 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44872) 2015-07-29 11:16:20.111 2282 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): controller 2015-07-29 11:16:20.631 2282 INFO neutron.wsgi [req-0140c578-f7e2-48c1-ab49-28bc4243e80c None] 192.168.1.2 - - [29/Jul/2015 11:16:20] "GET /v2.0/vpn/vpnservices.json HTTP/1.1" 404 242 0.521097 2015-07-29 11:16:20.633 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44874) 2015-07-29 11:16:20.635 2282 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): controller 2015-07-29 11:16:20.659 2282 INFO neutron.wsgi [req-1e3557e2-1e9e-473f-ab78-d6b23f775582 None] 192.168.1.2 - - [29/Jul/2015 11:16:20] "GET /v2.0/fw/firewalls.json HTTP/1.1" 404 242 0.024444 2015-07-29 11:16:41.473 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52203) 2015-07-29 11:16:41.495 2282 INFO neutron.wsgi [req-02c46b3a-d857-4f74-9399-d36e1d645a48 None] 192.168.1.5 - - [29/Jul/2015 11:16:41] "GET /v2.0/ports.json?tenant_id=50d58b42ce7043ac8f37d564fe1fb11c&device_id=52c3d98f-f99c-4d42-969b-16308cbf9db4 HTTP/1.1" 200 914 0.020610 2015-07-29 11:16:41.539 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52204) 2015-07-29 11:16:41.554 2282 INFO neutron.wsgi [req-9008ebf3-55f2-41f2-90dd-69dfabbe0c95 None] 192.168.1.5 - - [29/Jul/2015 11:16:41] "GET /v2.0/networks.json?id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a HTTP/1.1" 200 591 0.013880 2015-07-29 11:16:41.556 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52205) 2015-07-29 11:16:41.560 2282 INFO neutron.wsgi [req-7c60e467-ed25-46f5-9712-051c111de617 None] 192.168.1.5 - - [29/Jul/2015 11:16:41] "GET /v2.0/floatingips.json?fixed_ip_address=10.1.160.133&port_id=6b6b034d-ea2e-410a-9ff2-2e7fd8765a86 HTTP/1.1" 200 232 0.003210 2015-07-29 11:16:41.563 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52206) 2015-07-29 11:16:41.570 2282 INFO neutron.wsgi [req-47a52ffe-97db-4006-98eb-6942076c9359 None] 192.168.1.5 - - [29/Jul/2015 11:16:41] "GET /v2.0/subnets.json?id=1a112b9c-1e4f-4545-bed0-1878a768c37f HTTP/1.1" 200 651 0.006393 2015-07-29 11:16:41.572 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52207) 2015-07-29 11:16:41.583 2282 INFO neutron.wsgi [req-c2ba26b5-b04a-4fc8-8ac5-d75ad7af3592 None] 192.168.1.5 - - [29/Jul/2015 11:16:41] "GET /v2.0/ports.json?network_id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a&device_owner=network%3Adhcp HTTP/1.1" 200 226 0.010027 2015-07-29 11:17:43.804 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52210) 2015-07-29 11:17:43.851 2282 INFO neutron.wsgi [req-b88a23df-b8b4-454b-8d06-98644c782285 None] 192.168.1.5 - - [29/Jul/2015 11:17:43] "GET /v2.0/ports.json?tenant_id=50d58b42ce7043ac8f37d564fe1fb11c&device_id=52c3d98f-f99c-4d42-969b-16308cbf9db4 HTTP/1.1" 200 914 0.046248 2015-07-29 11:17:43.947 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52211) 2015-07-29 11:17:43.973 2282 INFO neutron.wsgi [req-474f1a60-81c1-455d-85ed-174469b3cd63 None] 192.168.1.5 - - [29/Jul/2015 11:17:43] "GET /v2.0/networks.json?id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a HTTP/1.1" 200 591 0.020573 2015-07-29 11:17:43.979 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52212) 2015-07-29 11:17:43.984 2282 INFO neutron.wsgi [req-14700758-13ef-4568-810e-f2de0fb722ef None] 192.168.1.5 - - [29/Jul/2015 11:17:43] "GET /v2.0/floatingips.json?fixed_ip_address=10.1.160.133&port_id=6b6b034d-ea2e-410a-9ff2-2e7fd8765a86 HTTP/1.1" 200 232 0.004114 2015-07-29 11:17:43.987 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52213) 2015-07-29 11:17:44.003 2282 INFO neutron.wsgi [req-f97125da-3b2d-4ca4-843d-f9e81674c553 None] 192.168.1.5 - - [29/Jul/2015 11:17:44] "GET /v2.0/subnets.json?id=1a112b9c-1e4f-4545-bed0-1878a768c37f HTTP/1.1" 200 651 0.015765 2015-07-29 11:17:44.007 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52214) 2015-07-29 11:17:44.038 2282 INFO neutron.wsgi [req-65821d2a-df42-40b1-ae3b-003c8d89383e None] 192.168.1.5 - - [29/Jul/2015 11:17:44] "GET /v2.0/ports.json?network_id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a&device_owner=network%3Adhcp HTTP/1.1" 200 226 0.030204 2015-07-29 11:18:44.469 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52215) 2015-07-29 11:18:44.485 2282 INFO neutron.wsgi [req-8d360b7a-654b-42fd-b0c3-09dc77d41333 None] 192.168.1.5 - - [29/Jul/2015 11:18:44] "GET /v2.0/ports.json?tenant_id=50d58b42ce7043ac8f37d564fe1fb11c&device_id=52c3d98f-f99c-4d42-969b-16308cbf9db4 HTTP/1.1" 200 914 0.015145 2015-07-29 11:18:44.569 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52216) 2015-07-29 11:18:44.581 2282 INFO neutron.wsgi [req-f89e6f2f-0c8d-404a-8ccc-1b0d530258e9 None] 192.168.1.5 - - [29/Jul/2015 11:18:44] "GET /v2.0/networks.json?id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a HTTP/1.1" 200 591 0.012024 2015-07-29 11:18:44.586 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52217) 2015-07-29 11:18:44.592 2282 INFO neutron.wsgi [req-4664aa8f-10be-4681-a714-4e1dfad4a943 None] 192.168.1.5 - - [29/Jul/2015 11:18:44] "GET /v2.0/floatingips.json?fixed_ip_address=10.1.160.133&port_id=6b6b034d-ea2e-410a-9ff2-2e7fd8765a86 HTTP/1.1" 200 232 0.004817 2015-07-29 11:18:44.595 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52218) 2015-07-29 11:18:44.604 2282 INFO neutron.wsgi [req-9580f303-fe21-4226-b239-bf4e5f96da1a None] 192.168.1.5 - - [29/Jul/2015 11:18:44] "GET /v2.0/subnets.json?id=1a112b9c-1e4f-4545-bed0-1878a768c37f HTTP/1.1" 200 651 0.008424 2015-07-29 11:18:44.608 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52219) 2015-07-29 11:18:44.636 2282 INFO neutron.wsgi [req-f1b70c57-6cf4-451d-9d14-64923125154d None] 192.168.1.5 - - [29/Jul/2015 11:18:44] "GET /v2.0/ports.json?network_id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a&device_owner=network%3Adhcp HTTP/1.1" 200 226 0.025100 2015-07-29 11:19:46.465 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52220) 2015-07-29 11:19:46.480 2282 INFO neutron.wsgi [req-5f6ba9a0-8931-4b88-93aa-44fec4cfe0ea None] 192.168.1.5 - - [29/Jul/2015 11:19:46] "GET /v2.0/ports.json?tenant_id=50d58b42ce7043ac8f37d564fe1fb11c&device_id=52c3d98f-f99c-4d42-969b-16308cbf9db4 HTTP/1.1" 200 914 0.013275 2015-07-29 11:19:46.517 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52221) 2015-07-29 11:19:46.540 2282 INFO neutron.wsgi [req-c79a619e-6b96-42c0-97c8-cc49346cc899 None] 192.168.1.5 - - [29/Jul/2015 11:19:46] "GET /v2.0/networks.json?id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a HTTP/1.1" 200 591 0.019459 2015-07-29 11:19:46.542 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52222) 2015-07-29 11:19:46.548 2282 INFO neutron.wsgi [req-b07438d7-209d-4ef9-9471-7114fd206c0d None] 192.168.1.5 - - [29/Jul/2015 11:19:46] "GET /v2.0/floatingips.json?fixed_ip_address=10.1.160.133&port_id=6b6b034d-ea2e-410a-9ff2-2e7fd8765a86 HTTP/1.1" 200 232 0.004430 2015-07-29 11:19:46.550 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52223) 2015-07-29 11:19:46.569 2282 INFO neutron.wsgi [req-9e0a2047-0a88-453e-a74a-3521562ca7ce None] 192.168.1.5 - - [29/Jul/2015 11:19:46] "GET /v2.0/subnets.json?id=1a112b9c-1e4f-4545-bed0-1878a768c37f HTTP/1.1" 200 651 0.013845 2015-07-29 11:19:46.573 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52224) 2015-07-29 11:19:46.595 2282 INFO neutron.wsgi [req-764e383d-0c73-4272-9742-7a8ccbe517f9 None] 192.168.1.5 - - [29/Jul/2015 11:19:46] "GET /v2.0/ports.json?network_id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a&device_owner=network%3Adhcp HTTP/1.1" 200 226 0.019091 2015-07-29 11:20:46.467 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52225) 2015-07-29 11:20:46.483 2282 INFO neutron.wsgi [req-ebbeb3e6-19c7-4605-9afc-325c05372134 None] 192.168.1.5 - - [29/Jul/2015 11:20:46] "GET /v2.0/ports.json?tenant_id=50d58b42ce7043ac8f37d564fe1fb11c&device_id=52c3d98f-f99c-4d42-969b-16308cbf9db4 HTTP/1.1" 200 914 0.015388 2015-07-29 11:20:46.559 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52226) 2015-07-29 11:20:46.583 2282 INFO neutron.wsgi [req-4a0cdc3e-2738-4100-8126-98d1eb54bcfb None] 192.168.1.5 - - [29/Jul/2015 11:20:46] "GET /v2.0/networks.json?id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a HTTP/1.1" 200 591 0.023044 2015-07-29 11:20:46.591 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52227) 2015-07-29 11:20:46.597 2282 INFO neutron.wsgi [req-e9b58bde-5639-4a67-81e8-5dfb2b4405dd None] 192.168.1.5 - - [29/Jul/2015 11:20:46] "GET /v2.0/floatingips.json?fixed_ip_address=10.1.160.133&port_id=6b6b034d-ea2e-410a-9ff2-2e7fd8765a86 HTTP/1.1" 200 232 0.005366 2015-07-29 11:20:46.600 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52228) 2015-07-29 11:20:46.615 2282 INFO neutron.wsgi [req-dae26f14-a50b-4ab2-8bfc-65a40bd21df6 None] 192.168.1.5 - - [29/Jul/2015 11:20:46] "GET /v2.0/subnets.json?id=1a112b9c-1e4f-4545-bed0-1878a768c37f HTTP/1.1" 200 651 0.014688 2015-07-29 11:20:46.618 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52229) 2015-07-29 11:20:46.636 2282 INFO neutron.wsgi [req-85fe5752-b628-4c3c-a00d-903b3c811fab None] 192.168.1.5 - - [29/Jul/2015 11:20:46] "GET /v2.0/ports.json?network_id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a&device_owner=network%3Adhcp HTTP/1.1" 200 226 0.016777 ________________________________ De : Kevin Benton [blak111 at gmail.com] Date d'envoi : mardi 28 juillet 2015 23:54 ? : Asmaa Chebba Cc: Assaf Muller; OpenStack Operators Objet : Re: RE : [Openstack-operators] Can't launch docker instance, Unexpected vif_type=binding_failed. We also need to see the /etc/neutron/plugins/ml2/ml2_conf.ini from both because that has the physical network mappings. Also, I don't see anything obvious in the agent logs there. Can you include the portion surrounding the "Failed to bind port" message from the Neutron server log? On Tue, Jul 28, 2015 at 4:13 AM, Asmaa Chebba > wrote: openvswitch agent is running and the logs in compute2 are as follow: 1. OVS-cleanup.log 2015-06-20 12:52:19.976 1529 INFO neutron.agent.ovs_cleanup_util [-] OVS cleanup completed successfully 2015-06-23 15:48:43.401 1332 INFO neutron.common.config [-] Logging enabled! 2015-06-23 15:48:43.893 1332 INFO neutron.agent.ovs_cleanup_util [-] Cleaning br-int 2015-06-23 15:48:44.520 1332 INFO neutron.agent.ovs_cleanup_util [-] OVS cleanup completed successfully 2015-06-24 11:49:21.423 1770 INFO neutron.common.config [-] Logging enabled! 2015-06-24 11:49:22.123 1770 INFO neutron.agent.ovs_cleanup_util [-] Cleaning br-int 2015-06-24 11:49:22.628 1770 INFO neutron.agent.ovs_cleanup_util [-] OVS cleanup completed successfully 2015-06-25 00:21:55.634 1337 INFO neutron.common.config [-] Logging enabled! 2015-06-25 00:21:56.858 1337 INFO neutron.agent.ovs_cleanup_util [-] Cleaning br-int 2015-06-25 00:21:57.900 1337 INFO neutron.agent.ovs_cleanup_util [-] OVS cleanup completed successfully 2015-07-07 16:43:42.608 1457 INFO neutron.common.config [-] Logging enabled! 2015-07-07 16:43:43.399 1457 INFO neutron.agent.ovs_cleanup_util [-] Cleaning br-int 2015-07-07 16:43:43.792 1457 INFO neutron.agent.ovs_cleanup_util [-] OVS cleanup completed successfully 2015-07-08 15:04:31.954 1351 INFO neutron.common.config [-] Logging enabled! 2015-07-08 15:04:32.888 1351 INFO neutron.agent.ovs_cleanup_util [-] Cleaning br-int 2015-07-08 15:04:33.235 1351 INFO neutron.agent.ovs_cleanup_util [-] OVS cleanup completed successfully 2015-07-20 13:25:20.300 1550 INFO neutron.common.config [-] Logging enabled! 2015-07-20 13:25:22.665 1550 INFO neutron.agent.ovs_cleanup_util [-] Cleaning br-int 2015-07-20 13:25:22.770 1550 INFO neutron.agent.ovs_cleanup_util [-] OVS cleanup completed succe 2. Openvswitch-agent.log 2015-07-28 13:23:29.151 4615 ERROR neutron.agent.linux.ovsdb_monitor [-] Error received from ovsdb monitor: 2015-07-28T11:23:29Z|00001|fatal_signal|WARN|terminating with signal 15 (Terminated) 2015-07-28 13:23:29.190 4615 ERROR neutron.agent.linux.utils [-] Command: ['ps', '--ppid', '4764', '-o', 'pid='] Exit code: 1 Stdout: '' Stderr: '' 2015-07-28 13:23:29.835 4615 CRITICAL neutron [req-dbf6bc78-c2df-4454-9e19-5f09bf688ee9 None] AssertionError: Trying to re-send() an already-triggered event. 2015-07-28 13:23:29.835 4615 TRACE neutron Traceback (most recent call last): 2015-07-28 13:23:29.835 4615 TRACE neutron File "/usr/bin/neutron-openvswitch-agent", line 10, in 2015-07-28 13:23:29.835 4615 TRACE neutron sys.exit(main()) 2015-07-28 13:23:29.835 4615 TRACE neutron File "/usr/lib/python2.7/dist-packages/neutron/plugins/openvswitch/agent/ovs_neutron_agent.py", line 1565, in main 2015-07-28 13:23:29.835 4615 TRACE neutron agent.daemon_loop() 2015-07-28 13:23:29.835 4615 TRACE neutron File "/usr/lib/python2.7/dist-packages/neutron/plugins/openvswitch/agent/ovs_neutron_agent.py", line 1485, in daemon_loop 2015-07-28 13:23:29.835 4615 TRACE neutron self.rpc_loop(polling_manager=pm) 2015-07-28 13:23:29.835 4615 TRACE neutron File "/usr/lib/python2.7/contextlib.py", line 24, in __exit__ 2015-07-28 13:23:29.835 4615 TRACE neutron self.gen.next() 2015-07-28 13:23:29.835 4615 TRACE neutron File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/polling.py", line 39, in get_polling_manager 2015-07-28 13:23:29.835 4615 TRACE neutron pm.stop() 2015-07-28 13:23:29.835 4615 TRACE neutron File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/polling.py", line 106, in stop 2015-07-28 13:23:29.835 4615 TRACE neutron self._monitor.stop() 2015-07-28 13:23:29.835 4615 TRACE neutron File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/async_process.py", line 89, in stop 2015-07-28 13:23:29.835 4615 TRACE neutron self._kill() 2015-07-28 13:23:29.835 4615 TRACE neutron File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/ovsdb_monitor.py", line 99, in _kill 2015-07-28 13:23:29.835 4615 TRACE neutron super(SimpleInterfaceMonitor, self)._kill(*args, **kwargs) 2015-07-28 13:23:29.835 4615 TRACE neutron File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/async_process.py", line 116, in _kill 2015-07-28 13:23:29.835 4615 TRACE neutron self._kill_event.send() 2015-07-28 13:23:29.835 4615 TRACE neutron File "/usr/lib/python2.7/dist-packages/eventlet/event.py", line 150, in send 2015-07-28 13:23:29.835 4615 TRACE neutron assert self._result is NOT_USED, 'Trying to re-send() an already-triggered event.' 2015-07-28 13:23:29.835 4615 TRACE neutron AssertionError: Trying to re-send() an already-triggered event. 2015-07-28 13:23:29.835 4615 TRACE neutron 2015-07-28 13:23:32.197 6195 INFO neutron.common.config [-] Logging enabled! 2015-07-28 13:23:33.005 6195 INFO oslo.messaging._drivers.impl_rabbit [-] Connecting to AMQP server on controller:5672 2015-07-28 13:23:33.120 6195 INFO oslo.messaging._drivers.impl_rabbit [-] Connected to AMQP server on controller:5672 2015-07-28 13:23:33.126 6195 INFO oslo.messaging._drivers.impl_rabbit [-] Connecting to AMQP server on controller:5672 2015-07-28 13:23:33.143 6195 INFO oslo.messaging._drivers.impl_rabbit [-] Connected to AMQP server on controller:5672 2015-07-28 13:23:34.287 6195 INFO oslo.messaging._drivers.impl_rabbit [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connecting to AMQP server on controller:5672 2015-07-28 13:23:34.304 6195 INFO oslo.messaging._drivers.impl_rabbit [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connected to AMQP server on controller:5672 2015-07-28 13:23:34.315 6195 INFO oslo.messaging._drivers.impl_rabbit [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connecting to AMQP server on controller:5672 2015-07-28 13:23:34.321 6195 INFO oslo.messaging._drivers.impl_rabbit [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connected to AMQP server on controller:5672 2015-07-28 13:23:34.327 6195 INFO oslo.messaging._drivers.impl_rabbit [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connecting to AMQP server on controller:5672 2015-07-28 13:23:34.333 6195 INFO oslo.messaging._drivers.impl_rabbit [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connected to AMQP server on controller:5672 2015-07-28 13:23:34.338 6195 INFO oslo.messaging._drivers.impl_rabbit [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connecting to AMQP server on controller:5672 2015-07-28 13:23:34.344 6195 INFO oslo.messaging._drivers.impl_rabbit [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connected to AMQP server on controller:5672 2015-07-28 13:23:34.349 6195 INFO oslo.messaging._drivers.impl_rabbit [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connecting to AMQP server on controller:5672 2015-07-28 13:23:34.356 6195 INFO oslo.messaging._drivers.impl_rabbit [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connected to AMQP server on controller:5672 2015-07-28 13:23:34.360 6195 INFO neutron.plugins.openvswitch.agent.ovs_neutron_agent [req-15e7e089-2323-4101-811e-ff2537fe3c27 None] Agent initialized successfully, now running... 2015-07-28 13:23:34.367 6195 INFO neutron.plugins.openvswitch.agent.ovs_neutron_agent [req-15e7e089-2323-4101-811e-ff2537fe3c27 None] Agent out of sync with plugin! 2015-07-28 13:23:34.447 6195 INFO neutron.plugins.openvswitch.agent.ovs_neutron_agent [req-15e7e089-2323-4101-811e-ff2537fe3c27 None] Agent tunnel out of sync with plugin! 3. Openvswitch-agent.log.1 ==> 2015-07-26 12:15:51.431 4615 INFO neutron.agent.securitygroups_rpc [req-8d59b5d6-4b0f-4ced-a336-5a94159ac601 None] Security group member updated [u'b6692f4f-f96e-48eb-a796-8df11fb6c16b'] - And the result of ovs-vsctl show: 0a578213-5de5-48fd-923e-14b7b201c6c8 Bridge br-int fail_mode: secure Port br-int Interface br-int type: internal Port patch-tun Interface patch-tun type: patch options: {peer=patch-int} Bridge br-tun fail_mode: secure Port "gre-c0a80204" Interface "gre-c0a80204" type: gre options: {df_default="true", in_key=flow, local_ip="192.168.2.5", out_key=flow, remote_ip="192.168.2.4"} Port br-tun Interface br-tun type: internal Port patch-int Interface patch-int type: patch options: {peer=patch-tun} Port "gre-c0a80203" Interface "gre-c0a80203" type: gre options: {df_default="true", in_key=flow, local_ip="192.168.2.5", out_key=flow, remote_ip="192.168.2.3"} Port "gre-c0a80202" Interface "gre-c0a80202" type: gre options: {df_default="true", in_key=flow, local_ip="192.168.2.5", out_key=flow, remote_ip="192.168.2.2"} ovs_version: "2.0.2" As for the configuration, here is the files of neutron.conf: 1. ON compute [DEFAULT] verbose = True lock_path = $state_path/lock core_plugin = ml2 service_plugins = router auth_strategy = keystone allow_overlapping_ips = True rabbit_host=controller [agent] root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf [keystone_authtoken] auth_uri = http://controller:5000/v2.0 identity_uri = http://controller:35357 admin_tenant_name = service admin_user = neutron admin_password = PASSWORD [service_providers] service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default 2. ON controller [DEFAULT] verbose = True lock_path = $state_path/lock core_plugin = ml2 service_plugins = router auth_strategy = keystone allow_overlapping_ips = True agent_down_time = 1000 notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True nova_url = http://controller:8774/v2 nova_region_name = regionOne nova_admin_username = nova nova_admin_tenant_id =f41a56a0ca3d4ef982fadb9b2363c09f nova_admin_password = PASSWORD nova_admin_auth_url = http://controller:35357/v2.0 rabbit_host=controller rabbit_password=PASSWORD rpc_backend=rabbit [agent] root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf report_interval = 100 [keystone_authtoken] auth_uri = http://controller:5000/v2.0 identity_uri = http://controller:35357 admin_tenant_name = service admin_user = neutron admin_password = PASSWORD [database] connection = mysql://neutron:PASSWORD at controller/neutron [service_providers] service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default Thanks. ________________________________________ De : Assaf Muller [amuller at redhat.com] Date d'envoi : lundi 27 juillet 2015 15:13 ? : Kevin Benton Cc: Asmaa Chebba; OpenStack Operators Objet : Re: [Openstack-operators] Can't launch docker instance, Unexpected vif_type=binding_failed. Also can you paste the configuration for both the OVS agent and your neutron server? Binding failure is almost always a configuration mismatch. ----- Original Message ----- > > > Is the neutron openvswitch agent running on host compute2? What do the logs > say for the agent there? > On Jul 22, 2015 07:22, "Asmaa Chebba" < achebba at cdta.dz > wrote: > > > > Hi, > I installed Docker with juno release on Ubuntu > all compute/networking services are up and enabled, and I can add docker > images with glance however, I can't launch an instance (stopped at spawning > step) > in the nova-compute log, I found : > Instance failed to spawn > InstanceDeployFailure: Cannot setup network: Unexpected > vif_type=binding_failed > and when verifying the neutron-server log: > Failed to bind port 5d299cc9-e3f3-48a0-a80f-f204910a47e7 on host compute2 > > Any idea on how to solve this? > I appriciate your help. > Tahnks. > > > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > -- Kevin Benton -------------- next part -------------- An HTML attachment was scrubbed... URL: From aishwarya.adyanthaya at accenture.com Wed Jul 29 11:42:12 2015 From: aishwarya.adyanthaya at accenture.com (aishwarya.adyanthaya at accenture.com) Date: Wed, 29 Jul 2015 11:42:12 +0000 Subject: [Openstack-operators] Chef cookbook Message-ID: Hi, I've integrated chef with openstack and needed to work on the cookbooks. I wanted to upload a docker and mysql cookbook in specific to the chef-dashboard. I've gone through the supermarket of the chef.io but I just ended up confused. Moreover, when I tried uploading the cookbook it either gave me an error. Could some give me the steps as to how to proceed from the point of bringing the cookbooks to the node, uploading it and adding it to the run list. Thank you! ________________________________ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. ______________________________________________________________________________________ www.accenture.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From achebba at CDTA.DZ Wed Jul 29 14:25:04 2015 From: achebba at CDTA.DZ (Asmaa Chebba) Date: Wed, 29 Jul 2015 14:25:04 +0000 Subject: [Openstack-operators] RE : RE : Can't launch docker instance, Unexpected vif_type=binding_failed. In-Reply-To: References: <748236946.702964.1438002804611.JavaMail.zimbra@redhat.com> , , Message-ID: I could finally launch the instance. The error was due to the use of the external network (flat). however, when using gre network, the spawning is done successfully. Thanks for your help. ________________________________ De : Asmaa Chebba Date d'envoi : mercredi 29 juillet 2015 10:36 ? : Kevin Benton Cc: Assaf Muller; OpenStack Operators Objet : RE : RE : [Openstack-operators] Can't launch docker instance, Unexpected vif_type=binding_failed. 1. ml2_conf.ini in controller: [ml2] type_drivers = flat,gre tenant_network_types = gre mechanism_drivers = openvswitch [ml2_type_gre] tunnel_id_ranges = 1:1000 [securitygroup] enable_security_group = True enable_ipset = True firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver 2. ml2_conf.ini in compute2: [ml2] type_drivers = flat,gre tenant_network_types = gre mechanism_drivers = openvswitch [ml2_type_gre] tunnel_id_ranges = 1:1000 [securitygroup] enable_security_group = True enable_ipset = True firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver [ovs] local_ip = 192.168.2.5 enable_tunneling = True [agent] tunnel_types = gre 3. nova-compute.log in compute2: 2015-07-29 11:13:50.857 5166 WARNING novadocker.virt.docker.driver [-] [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] Cannot setup network: Unexpected vif_type=binding_failed 2015-07-29 11:13:50.857 5166 TRACE novadocker.virt.docker.driver [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] Traceback (most recent call last): 2015-07-29 11:13:50.857 5166 TRACE novadocker.virt.docker.driver [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] File "/usr/local/lib/python2.7/dist-packages/novadocker/virt/docker/driver.py", line 367, in _start_container 2015-07-29 11:13:50.857 5166 TRACE novadocker.virt.docker.driver [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] self.plug_vifs(instance, network_info) 2015-07-29 11:13:50.857 5166 TRACE novadocker.virt.docker.driver [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] File "/usr/local/lib/python2.7/dist-packages/novadocker/virt/docker/driver.py", line 187, in plug_vifs 2015-07-29 11:13:50.857 5166 TRACE novadocker.virt.docker.driver [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] self.vif_driver.plug(instance, vif) 2015-07-29 11:13:50.857 5166 TRACE novadocker.virt.docker.driver [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] File "/usr/local/lib/python2.7/dist-packages/novadocker/virt/docker/vifs.py", line 63, in plug 2015-07-29 11:13:50.857 5166 TRACE novadocker.virt.docker.driver [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] _("Unexpected vif_type=%s") % vif_type) 2015-07-29 11:13:50.857 5166 TRACE novadocker.virt.docker.driver [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] NovaException: Unexpected vif_type=binding_failed 2015-07-29 11:13:50.857 5166 TRACE novadocker.virt.docker.driver [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] 2015-07-29 11:13:51.050 5166 ERROR nova.compute.manager [-] [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] Instance failed to spawn 2015-07-29 11:13:51.050 5166 TRACE nova.compute.manager [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] Traceback (most recent call last): 2015-07-29 11:13:51.050 5166 TRACE nova.compute.manager [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] File "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 2267, in _build_resources 2015-07-29 11:13:51.050 5166 TRACE nova.compute.manager [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] yield resources 2015-07-29 11:13:51.050 5166 TRACE nova.compute.manager [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] File "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 2137, in _build_and_run_instance 2015-07-29 11:13:51.050 5166 TRACE nova.compute.manager [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] block_device_info=block_device_info) 2015-07-29 11:13:51.050 5166 TRACE nova.compute.manager [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] File "/usr/local/lib/python2.7/dist-packages/novadocker/virt/docker/driver.py", line 404, in spawn 2015-07-29 11:13:51.050 5166 TRACE nova.compute.manager [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] self._start_container(container_id, instance, network_info) 2015-07-29 11:13:51.050 5166 TRACE nova.compute.manager [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] File "/usr/local/lib/python2.7/dist-packages/novadocker/virt/docker/driver.py", line 376, in _start_container 2015-07-29 11:13:51.050 5166 TRACE nova.compute.manager [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] instance_id=instance['name']) 2015-07-29 11:13:51.050 5166 TRACE nova.compute.manager [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] InstanceDeployFailure: Cannot setup network: Unexpected vif_type=binding_failed 2015-07-29 11:13:51.050 5166 TRACE nova.compute.manager [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] 2015-07-29 11:13:51.051 5166 AUDIT nova.compute.manager [req-156ad821-5880-4560-83f1-e9a2efb4b4c6 None] [instance: 52c3d98f-f99c-4d42-969b-16308cbf9db4] Terminating instance 2015-07-29 11:13:51.186 5166 INFO nova.scheduler.client.report [-] Compute_service record updated for ('compute2', 'compute2') 4. the log file for neutron server: 2015-07-29 11:13:45.726 2282 INFO neutron.wsgi [req-67398b60-ab27-49aa-8d9d-24c750252d7c None] 192.168.1.2 - - [29/Jul/2015 11:13:45] "GET /v2.0/quotas/50d58b42ce7043ac8f37d564fe1fb11c.json HTTP/1.1" 200 324 0.011199 2015-07-29 11:13:45.727 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44772) 2015-07-29 11:13:45.733 2282 INFO neutron.wsgi [req-a267604f-ece6-49e6-8a45-ef6927ec332b None] 192.168.1.2 - - [29/Jul/2015 11:13:45] "GET /v2.0/floatingips.json?tenant_id=50d58b42ce7043ac8f37d564fe1fb11c HTTP/1.1" 200 486 0.005865 2015-07-29 11:13:45.734 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44773) 2015-07-29 11:13:45.754 2282 INFO neutron.wsgi [req-ed3a8c6a-dad4-4ecf-87d0-39fc1fec36a0 None] 192.168.1.2 - - [29/Jul/2015 11:13:45] "GET /v2.0/ports.json?tenant_id=50d58b42ce7043ac8f37d564fe1fb11c HTTP/1.1" 200 202 0.019193 2015-07-29 11:13:45.822 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44778) 2015-07-29 11:13:45.839 2282 INFO neutron.wsgi [req-7082cb8b-ae14-42bc-a89d-ae01b4baca1e None] 192.168.1.2 - - [29/Jul/2015 11:13:45] "GET /v2.0/security-groups.json?tenant_id=50d58b42ce7043ac8f37d564fe1fb11c HTTP/1.1" 200 1726 0.016275 2015-07-29 11:13:45.839 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44779) 2015-07-29 11:13:45.854 2282 INFO neutron.wsgi [req-c827316c-c221-4584-adb2-8e72518cab76 None] 192.168.1.2 - - [29/Jul/2015 11:13:45] "GET /v2.0/networks.json?shared=False&tenant_id=50d58b42ce7043ac8f37d564fe1fb11c HTTP/1.1" 200 567 0.014127 2015-07-29 11:13:45.855 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44780) 2015-07-29 11:13:45.870 2282 INFO neutron.wsgi [req-6cb9959c-c6ac-4292-8fb1-233e5a73f716 None] 192.168.1.2 - - [29/Jul/2015 11:13:45] "GET /v2.0/subnets.json HTTP/1.1" 200 1057 0.013845 2015-07-29 11:13:45.871 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44781) 2015-07-29 11:13:45.883 2282 INFO neutron.wsgi [req-b23f256c-c0da-4f33-9584-5af6629498d7 None] 192.168.1.2 - - [29/Jul/2015 11:13:45] "GET /v2.0/networks.json?shared=True HTTP/1.1" 200 205 0.010787 2015-07-29 11:13:45.883 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44782) 2015-07-29 11:13:45.905 2282 INFO neutron.wsgi [req-f7c7b372-68ee-41cb-8399-37ae3bc05cce None] 192.168.1.2 - - [29/Jul/2015 11:13:45] "GET /v2.0/subnets.json HTTP/1.1" 200 1057 0.021410 2015-07-29 11:13:46.008 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44786) 2015-07-29 11:13:46.033 2282 INFO neutron.wsgi [req-582f1c4f-c444-48cd-80a2-1f0f4ba4596c None] 192.168.1.2 - - [29/Jul/2015 11:13:46] "GET /v2.0/networks.json?id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a HTTP/1.1" 200 567 0.023761 2015-07-29 11:13:46.034 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44787) 2015-07-29 11:13:46.056 2282 INFO neutron.wsgi [req-2f1431be-5471-4885-bbb8-d365915700e6 None] 192.168.1.2 - - [29/Jul/2015 11:13:46] "GET /v2.0/ports.json?tenant_id=50d58b42ce7043ac8f37d564fe1fb11c HTTP/1.1" 200 202 0.021720 2015-07-29 11:13:46.057 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44788) 2015-07-29 11:13:46.066 2282 INFO neutron.wsgi [req-852b259c-a4f9-4fd0-ab4f-69675ab05c91 None] 192.168.1.2 - - [29/Jul/2015 11:13:46] "GET /v2.0/quotas/50d58b42ce7043ac8f37d564fe1fb11c.json HTTP/1.1" 200 324 0.008286 2015-07-29 11:13:46.501 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44792) 2015-07-29 11:13:46.568 2282 INFO neutron.wsgi [req-8fc74135-478c-4b8f-b127-090f045243f2 None] 192.168.1.2 - - [29/Jul/2015 11:13:46] "GET /v2.0/ports.json?device_id=52c3d98f-f99c-4d42-969b-16308cbf9db4 HTTP/1.1" 200 202 0.062276 2015-07-29 11:13:46.569 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44793) 2015-07-29 11:13:46.623 2282 INFO neutron.wsgi [req-74a5b5e9-2987-484a-9446-4c3068245fce None] 192.168.1.2 - - [29/Jul/2015 11:13:46] "GET /v2.0/ports.json?device_id=52c3d98f-f99c-4d42-969b-16308cbf9db4 HTTP/1.1" 200 202 0.049072 2015-07-29 11:13:46.629 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44794) 2015-07-29 11:13:46.661 2282 INFO neutron.wsgi [req-cc535e01-8235-43d8-a006-8899a2e96898 None] 192.168.1.2 - - [29/Jul/2015 11:13:46] "GET /v2.0/floatingips.json?tenant_id=50d58b42ce7043ac8f37d564fe1fb11c HTTP/1.1" 200 486 0.030780 2015-07-29 11:13:46.662 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44795) 2015-07-29 11:13:46.726 2282 INFO neutron.wsgi [req-f669276f-7903-4ed9-932a-80bdd4dcc92a None] 192.168.1.2 - - [29/Jul/2015 11:13:46] "GET /v2.0/ports.json?tenant_id=50d58b42ce7043ac8f37d564fe1fb11c HTTP/1.1" 200 202 0.062313 2015-07-29 11:13:46.728 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44796) 2015-07-29 11:13:46.772 2282 INFO neutron.wsgi [req-ffd06ea1-2948-4262-9d7f-ffacea08c9fd None] 192.168.1.2 - - [29/Jul/2015 11:13:46] "GET /v2.0/networks.json HTTP/1.1" 200 922 0.042526 2015-07-29 11:13:46.776 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44797) 2015-07-29 11:13:46.827 2282 INFO neutron.wsgi [req-76b565f1-1408-444c-9e01-249681d0db94 None] 192.168.1.2 - - [29/Jul/2015 11:13:46] "GET /v2.0/subnets.json HTTP/1.1" 200 1057 0.045493 2015-07-29 11:13:47.025 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44802) 2015-07-29 11:13:47.031 2282 INFO neutron.wsgi [req-60c28771-ea8b-41fc-8d7e-e0a2f6b4fa8c None] 192.168.1.2 - - [29/Jul/2015 11:13:47] "GET /v2.0/extensions.json HTTP/1.1" 200 4302 0.004599 2015-07-29 11:13:48.183 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44810) 2015-07-29 11:13:48.247 2282 INFO neutron.wsgi [req-e0ee1b8b-5dd5-4b7a-8dd8-bcdccb2cd946 None] 192.168.1.2 - - [29/Jul/2015 11:13:48] "GET /v2.0/ports.json?device_id=52c3d98f-f99c-4d42-969b-16308cbf9db4 HTTP/1.1" 200 202 0.059973 2015-07-29 11:13:48.777 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44814) 2015-07-29 11:13:48.801 2282 INFO neutron.wsgi [req-7dab3b7a-b876-4305-a7df-f3819628c780 None] 192.168.1.2 - - [29/Jul/2015 11:13:48] "GET /v2.0/extensions.json HTTP/1.1" 200 4302 0.023134 2015-07-29 11:13:48.883 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52168) 2015-07-29 11:13:48.916 2282 INFO neutron.wsgi [req-d8548754-2e87-469d-8a14-d0f6732f08ef None] 192.168.1.5 - - [29/Jul/2015 11:13:48] "GET /v2.0/networks.json?id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a HTTP/1.1" 200 591 0.030698 2015-07-29 11:13:49.012 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52169) 2015-07-29 11:13:49.032 2282 INFO neutron.wsgi [req-95b856ab-583a-47c1-8678-ae7cc6a2eb44 None] 192.168.1.5 - - [29/Jul/2015 11:13:49] "GET /v2.0/security-groups.json?tenant_id=50d58b42ce7043ac8f37d564fe1fb11c HTTP/1.1" 200 1750 0.018625 2015-07-29 11:13:49.034 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52170) 2015-07-29 11:13:49.044 2282 INFO neutron.wsgi [req-07c3cd68-ccf6-4798-a4bb-72c0bc839374 None] 192.168.1.5 - - [29/Jul/2015 11:13:49] "GET /v2.0/extensions.json HTTP/1.1" 200 4326 0.008670 2015-07-29 11:13:49.695 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52172) 2015-07-29 11:13:49.718 2282 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): controller 2015-07-29 11:13:49.874 2282 INFO neutron.quota [req-09e4579c-2e95-4bd9-a580-d26b256e977f None] Loaded quota_driver: . 2015-07-29 11:13:50.000 2282 WARNING neutron.plugins.ml2.managers [req-09e4579c-2e95-4bd9-a580-d26b256e977f None] Failed to bind port 6b6b034d-ea2e-410a-9ff2-2e7fd8765a86 on host compute2 2015-07-29 11:13:50.056 2282 INFO neutron.wsgi [req-09e4579c-2e95-4bd9-a580-d26b256e977f None] 192.168.1.5 - - [29/Jul/2015 11:13:50] "POST /v2.0/ports.json HTTP/1.1" 201 916 0.360514 2015-07-29 11:13:50.061 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52173) 2015-07-29 11:13:50.082 2282 INFO neutron.wsgi [req-c8e5a4f2-639b-45b9-a8b3-2fe6ec0cb7e6 None] 192.168.1.5 - - [29/Jul/2015 11:13:50] "GET /v2.0/ports.json?tenant_id=50d58b42ce7043ac8f37d564fe1fb11c&device_id=52c3d98f-f99c-4d42-969b-16308cbf9db4 HTTP/1.1" 200 914 0.019967 2015-07-29 11:13:50.085 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52174) 2015-07-29 11:13:50.089 2282 INFO neutron.wsgi [req-e042a3b6-9091-4e38-ad13-6927e9918813 None] 192.168.1.5 - - [29/Jul/2015 11:13:50] "GET /v2.0/floatingips.json?fixed_ip_address=10.1.160.133&port_id=6b6b034d-ea2e-410a-9ff2-2e7fd8765a86 HTTP/1.1" 200 232 0.003693 2015-07-29 11:13:50.092 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52175) 2015-07-29 11:13:50.103 2282 INFO neutron.wsgi [req-d1a9dadb-58e9-40f8-b3f3-bcabb2b95988 None] 192.168.1.5 - - [29/Jul/2015 11:13:50] "GET /v2.0/subnets.json?id=1a112b9c-1e4f-4545-bed0-1878a768c37f HTTP/1.1" 200 651 0.008960 2015-07-29 11:13:50.106 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52176) 2015-07-29 11:13:50.121 2282 INFO neutron.wsgi [req-e30bd2a2-df50-4338-b636-ee86c7e66ef6 None] 192.168.1.5 - - [29/Jul/2015 11:13:50] "GET /v2.0/ports.json?network_id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a&device_owner=network%3Adhcp HTTP/1.1" 200 226 0.014181 2015-07-29 11:13:52.239 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44818) 2015-07-29 11:13:52.262 2282 INFO neutron.wsgi [req-05b5c451-9605-4c2e-87a0-44b06e6fc3ee None] 192.168.1.2 - - [29/Jul/2015 11:13:52] "GET /v2.0/ports.json?device_id=52c3d98f-f99c-4d42-969b-16308cbf9db4 HTTP/1.1" 200 890 0.022315 2015-07-29 11:13:52.263 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44819) 2015-07-29 11:13:52.280 2282 INFO neutron.wsgi [req-e6de32dc-0111-43af-83f8-e0f6e2e35ca8 None] 192.168.1.2 - - [29/Jul/2015 11:13:52] "GET /v2.0/security-groups.json?id=b6692f4f-f96e-48eb-a796-8df11fb6c16b HTTP/1.1" 200 1726 0.016793 2015-07-29 11:13:52.566 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44823) 2015-07-29 11:13:52.575 2282 INFO neutron.wsgi [req-86c923c4-10d8-4bba-8c42-2831dc71e24e None] 192.168.1.2 - - [29/Jul/2015 11:13:52] "GET /v2.0/extensions.json HTTP/1.1" 200 4302 0.006609 2015-07-29 11:14:39.861 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44827) 2015-07-29 11:14:39.863 2282 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): controller 2015-07-29 11:14:39.943 2282 INFO neutron.wsgi [req-5e169013-35a4-4007-a88e-3a2883032115 None] 192.168.1.2 - - [29/Jul/2015 11:14:39] "GET /v2.0/ports.json?device_id=52c3d98f-f99c-4d42-969b-16308cbf9db4 HTTP/1.1" 200 890 0.080995 2015-07-29 11:14:39.944 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44829) 2015-07-29 11:14:39.961 2282 INFO neutron.wsgi [req-a30f0167-bf79-486b-a244-ce72fdcc578e None] 192.168.1.2 - - [29/Jul/2015 11:14:39] "GET /v2.0/security-groups.json?id=b6692f4f-f96e-48eb-a796-8df11fb6c16b HTTP/1.1" 200 1726 0.016655 2015-07-29 11:14:47.805 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52180) 2015-07-29 11:14:47.824 2282 INFO neutron.wsgi [req-26fcbb1e-8f5d-4b80-8063-5b7c6eb10931 None] 192.168.1.5 - - [29/Jul/2015 11:14:47] "GET /v2.0/ports.json?tenant_id=50d58b42ce7043ac8f37d564fe1fb11c&device_id=52c3d98f-f99c-4d42-969b-16308cbf9db4 HTTP/1.1" 200 914 0.016296 2015-07-29 11:14:47.860 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52181) 2015-07-29 11:14:47.873 2282 INFO neutron.wsgi [req-1cec59ae-94d8-42a8-8e0e-b34d52a3374f None] 192.168.1.5 - - [29/Jul/2015 11:14:47] "GET /v2.0/networks.json?id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a HTTP/1.1" 200 591 0.011921 2015-07-29 11:14:47.877 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52182) 2015-07-29 11:14:47.881 2282 INFO neutron.wsgi [req-8e626a77-f43b-4f61-b20f-b38d7d1a5146 None] 192.168.1.5 - - [29/Jul/2015 11:14:47] "GET /v2.0/floatingips.json?fixed_ip_address=10.1.160.133&port_id=6b6b034d-ea2e-410a-9ff2-2e7fd8765a86 HTTP/1.1" 200 232 0.003802 2015-07-29 11:14:47.885 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52183) 2015-07-29 11:14:47.900 2282 INFO neutron.wsgi [req-49973dc1-0a89-4fdf-95d4-ba8fef19e17c None] 192.168.1.5 - - [29/Jul/2015 11:14:47] "GET /v2.0/subnets.json?id=1a112b9c-1e4f-4545-bed0-1878a768c37f HTTP/1.1" 200 651 0.014417 2015-07-29 11:14:47.904 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52184) 2015-07-29 11:14:47.916 2282 INFO neutron.wsgi [req-79cfac25-0924-4ce7-a8a6-7f37470916d3 None] 192.168.1.5 - - [29/Jul/2015 11:14:47] "GET /v2.0/ports.json?network_id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a&device_owner=network%3Adhcp HTTP/1.1" 200 226 0.011559 2015-07-29 11:15:48.069 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52192) 2015-07-29 11:15:48.085 2282 INFO neutron.wsgi [req-66b7b2f5-7831-4bb1-8c7d-1aba23ff0ee6 None] 192.168.1.5 - - [29/Jul/2015 11:15:48] "GET /v2.0/ports.json?tenant_id=50d58b42ce7043ac8f37d564fe1fb11c&device_id=52c3d98f-f99c-4d42-969b-16308cbf9db4 HTTP/1.1" 200 914 0.013526 2015-07-29 11:15:48.118 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52193) 2015-07-29 11:15:48.128 2282 INFO neutron.wsgi [req-6924da74-2d7d-4625-97b9-0d2f2bf03dd5 None] 192.168.1.5 - - [29/Jul/2015 11:15:48] "GET /v2.0/networks.json?id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a HTTP/1.1" 200 591 0.009445 2015-07-29 11:15:48.132 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52194) 2015-07-29 11:15:48.137 2282 INFO neutron.wsgi [req-0388024a-9477-4f0d-95cf-9c07618b3de7 None] 192.168.1.5 - - [29/Jul/2015 11:15:48] "GET /v2.0/floatingips.json?fixed_ip_address=10.1.160.133&port_id=6b6b034d-ea2e-410a-9ff2-2e7fd8765a86 HTTP/1.1" 200 232 0.004223 2015-07-29 11:15:48.141 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52195) 2015-07-29 11:15:48.151 2282 INFO neutron.wsgi [req-86da4d41-863c-46ef-80b0-781801054186 None] 192.168.1.5 - - [29/Jul/2015 11:15:48] "GET /v2.0/subnets.json?id=1a112b9c-1e4f-4545-bed0-1878a768c37f HTTP/1.1" 200 651 0.010079 2015-07-29 11:15:48.155 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52196) 2015-07-29 11:15:48.167 2282 INFO neutron.wsgi [req-1bd0ed0b-0e4c-463a-a146-2cf49994e697 None] 192.168.1.5 - - [29/Jul/2015 11:15:48] "GET /v2.0/ports.json?network_id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a&device_owner=network%3Adhcp HTTP/1.1" 200 226 0.010833 2015-07-29 11:16:19.500 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44841) 2015-07-29 11:16:19.502 2282 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): controller 2015-07-29 11:16:19.536 2282 INFO neutron.wsgi [req-9510288d-4a7c-4531-9d78-0fa7e74ee89c None] 192.168.1.2 - - [29/Jul/2015 11:16:19] "GET /v2.0/ports.json?device_id=52c3d98f-f99c-4d42-969b-16308cbf9db4 HTTP/1.1" 200 890 0.035511 2015-07-29 11:16:19.537 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44843) 2015-07-29 11:16:19.552 2282 INFO neutron.wsgi [req-c1e6bffc-daba-463c-86c0-1fcd3d44facc None] 192.168.1.2 - - [29/Jul/2015 11:16:19] "GET /v2.0/security-groups.json?id=b6692f4f-f96e-48eb-a796-8df11fb6c16b HTTP/1.1" 200 1726 0.014557 2015-07-29 11:16:19.615 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44846) 2015-07-29 11:16:19.617 2282 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): controller 2015-07-29 11:16:19.646 2282 INFO neutron.wsgi [req-62f1f6f6-7dd8-4e93-b922-aa198bd931e8 None] 192.168.1.2 - - [29/Jul/2015 11:16:19] "GET /v2.0/lb/vips.json HTTP/1.1" 404 242 0.030132 2015-07-29 11:16:19.658 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44848) 2015-07-29 11:16:19.660 2282 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): controller 2015-07-29 11:16:19.690 2282 INFO neutron.wsgi [req-24cf8dfb-b61f-4eeb-afed-e3f5f99d2cff None] 192.168.1.2 - - [29/Jul/2015 11:16:19] "GET /v2.0/vpn/ipsec-site-connections.json HTTP/1.1" 404 242 0.029553 2015-07-29 11:16:19.708 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44851) 2015-07-29 11:16:19.710 2282 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): controller 2015-07-29 11:16:19.734 2282 INFO neutron.wsgi [req-5ff18460-0bd9-4fc3-9857-9622d902e664 None] 192.168.1.2 - - [29/Jul/2015 11:16:19] "GET /v2.0/lb/members.json HTTP/1.1" 404 242 0.024793 2015-07-29 11:16:19.742 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44853) 2015-07-29 11:16:19.744 2282 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): controller 2015-07-29 11:16:19.774 2282 INFO neutron.wsgi [req-1a5319c1-8a0c-45e3-b7a2-82420f0ff8de None] 192.168.1.2 - - [29/Jul/2015 11:16:19] "GET /v2.0/fw/firewall_policies.json HTTP/1.1" 404 242 0.029860 2015-07-29 11:16:19.816 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44858) 2015-07-29 11:16:19.819 2282 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): controller 2015-07-29 11:16:19.848 2282 INFO neutron.wsgi [req-42e9d62f-ac71-4742-b7e4-c48248402acf None] 192.168.1.2 - - [29/Jul/2015 11:16:19] "GET /v2.0/floatingips.json?tenant_id=f41a56a0ca3d4ef982fadb9b2363c09f HTTP/1.1" 200 208 0.029809 2015-07-29 11:16:19.849 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44860) 2015-07-29 11:16:19.868 2282 INFO neutron.wsgi [req-167f740f-6079-4aa9-8516-9875aa7aab73 None] 192.168.1.2 - - [29/Jul/2015 11:16:19] "GET /v2.0/networks.json?router%3Aexternal=True HTTP/1.1" 200 567 0.018023 2015-07-29 11:16:19.869 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44861) 2015-07-29 11:16:19.893 2282 INFO neutron.wsgi [req-58b47d7e-9dea-410d-93e6-000dd36d4246 None] 192.168.1.2 - - [29/Jul/2015 11:16:19] "GET /v2.0/ports.json?tenant_id=f41a56a0ca3d4ef982fadb9b2363c09f HTTP/1.1" 200 202 0.023137 2015-07-29 11:16:19.894 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44862) 2015-07-29 11:16:19.896 2282 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): controller 2015-07-29 11:16:19.927 2282 INFO neutron.wsgi [req-9d43819e-d21e-4454-b79d-20969f786185 None] 192.168.1.2 - - [29/Jul/2015 11:16:19] "GET /v2.0/lb/health_monitors.json HTTP/1.1" 404 242 0.032373 2015-07-29 11:16:19.936 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44865) 2015-07-29 11:16:19.939 2282 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): controller 2015-07-29 11:16:19.959 2282 INFO neutron.wsgi [req-0033d040-b116-4279-9ccb-ba59a17632e1 None] 192.168.1.2 - - [29/Jul/2015 11:16:19] "GET /v2.0/lb/pools.json HTTP/1.1" 404 242 0.021986 2015-07-29 11:16:20.108 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44872) 2015-07-29 11:16:20.111 2282 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): controller 2015-07-29 11:16:20.631 2282 INFO neutron.wsgi [req-0140c578-f7e2-48c1-ab49-28bc4243e80c None] 192.168.1.2 - - [29/Jul/2015 11:16:20] "GET /v2.0/vpn/vpnservices.json HTTP/1.1" 404 242 0.521097 2015-07-29 11:16:20.633 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.2', 44874) 2015-07-29 11:16:20.635 2282 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): controller 2015-07-29 11:16:20.659 2282 INFO neutron.wsgi [req-1e3557e2-1e9e-473f-ab78-d6b23f775582 None] 192.168.1.2 - - [29/Jul/2015 11:16:20] "GET /v2.0/fw/firewalls.json HTTP/1.1" 404 242 0.024444 2015-07-29 11:16:41.473 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52203) 2015-07-29 11:16:41.495 2282 INFO neutron.wsgi [req-02c46b3a-d857-4f74-9399-d36e1d645a48 None] 192.168.1.5 - - [29/Jul/2015 11:16:41] "GET /v2.0/ports.json?tenant_id=50d58b42ce7043ac8f37d564fe1fb11c&device_id=52c3d98f-f99c-4d42-969b-16308cbf9db4 HTTP/1.1" 200 914 0.020610 2015-07-29 11:16:41.539 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52204) 2015-07-29 11:16:41.554 2282 INFO neutron.wsgi [req-9008ebf3-55f2-41f2-90dd-69dfabbe0c95 None] 192.168.1.5 - - [29/Jul/2015 11:16:41] "GET /v2.0/networks.json?id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a HTTP/1.1" 200 591 0.013880 2015-07-29 11:16:41.556 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52205) 2015-07-29 11:16:41.560 2282 INFO neutron.wsgi [req-7c60e467-ed25-46f5-9712-051c111de617 None] 192.168.1.5 - - [29/Jul/2015 11:16:41] "GET /v2.0/floatingips.json?fixed_ip_address=10.1.160.133&port_id=6b6b034d-ea2e-410a-9ff2-2e7fd8765a86 HTTP/1.1" 200 232 0.003210 2015-07-29 11:16:41.563 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52206) 2015-07-29 11:16:41.570 2282 INFO neutron.wsgi [req-47a52ffe-97db-4006-98eb-6942076c9359 None] 192.168.1.5 - - [29/Jul/2015 11:16:41] "GET /v2.0/subnets.json?id=1a112b9c-1e4f-4545-bed0-1878a768c37f HTTP/1.1" 200 651 0.006393 2015-07-29 11:16:41.572 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52207) 2015-07-29 11:16:41.583 2282 INFO neutron.wsgi [req-c2ba26b5-b04a-4fc8-8ac5-d75ad7af3592 None] 192.168.1.5 - - [29/Jul/2015 11:16:41] "GET /v2.0/ports.json?network_id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a&device_owner=network%3Adhcp HTTP/1.1" 200 226 0.010027 2015-07-29 11:17:43.804 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52210) 2015-07-29 11:17:43.851 2282 INFO neutron.wsgi [req-b88a23df-b8b4-454b-8d06-98644c782285 None] 192.168.1.5 - - [29/Jul/2015 11:17:43] "GET /v2.0/ports.json?tenant_id=50d58b42ce7043ac8f37d564fe1fb11c&device_id=52c3d98f-f99c-4d42-969b-16308cbf9db4 HTTP/1.1" 200 914 0.046248 2015-07-29 11:17:43.947 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52211) 2015-07-29 11:17:43.973 2282 INFO neutron.wsgi [req-474f1a60-81c1-455d-85ed-174469b3cd63 None] 192.168.1.5 - - [29/Jul/2015 11:17:43] "GET /v2.0/networks.json?id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a HTTP/1.1" 200 591 0.020573 2015-07-29 11:17:43.979 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52212) 2015-07-29 11:17:43.984 2282 INFO neutron.wsgi [req-14700758-13ef-4568-810e-f2de0fb722ef None] 192.168.1.5 - - [29/Jul/2015 11:17:43] "GET /v2.0/floatingips.json?fixed_ip_address=10.1.160.133&port_id=6b6b034d-ea2e-410a-9ff2-2e7fd8765a86 HTTP/1.1" 200 232 0.004114 2015-07-29 11:17:43.987 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52213) 2015-07-29 11:17:44.003 2282 INFO neutron.wsgi [req-f97125da-3b2d-4ca4-843d-f9e81674c553 None] 192.168.1.5 - - [29/Jul/2015 11:17:44] "GET /v2.0/subnets.json?id=1a112b9c-1e4f-4545-bed0-1878a768c37f HTTP/1.1" 200 651 0.015765 2015-07-29 11:17:44.007 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52214) 2015-07-29 11:17:44.038 2282 INFO neutron.wsgi [req-65821d2a-df42-40b1-ae3b-003c8d89383e None] 192.168.1.5 - - [29/Jul/2015 11:17:44] "GET /v2.0/ports.json?network_id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a&device_owner=network%3Adhcp HTTP/1.1" 200 226 0.030204 2015-07-29 11:18:44.469 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52215) 2015-07-29 11:18:44.485 2282 INFO neutron.wsgi [req-8d360b7a-654b-42fd-b0c3-09dc77d41333 None] 192.168.1.5 - - [29/Jul/2015 11:18:44] "GET /v2.0/ports.json?tenant_id=50d58b42ce7043ac8f37d564fe1fb11c&device_id=52c3d98f-f99c-4d42-969b-16308cbf9db4 HTTP/1.1" 200 914 0.015145 2015-07-29 11:18:44.569 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52216) 2015-07-29 11:18:44.581 2282 INFO neutron.wsgi [req-f89e6f2f-0c8d-404a-8ccc-1b0d530258e9 None] 192.168.1.5 - - [29/Jul/2015 11:18:44] "GET /v2.0/networks.json?id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a HTTP/1.1" 200 591 0.012024 2015-07-29 11:18:44.586 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52217) 2015-07-29 11:18:44.592 2282 INFO neutron.wsgi [req-4664aa8f-10be-4681-a714-4e1dfad4a943 None] 192.168.1.5 - - [29/Jul/2015 11:18:44] "GET /v2.0/floatingips.json?fixed_ip_address=10.1.160.133&port_id=6b6b034d-ea2e-410a-9ff2-2e7fd8765a86 HTTP/1.1" 200 232 0.004817 2015-07-29 11:18:44.595 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52218) 2015-07-29 11:18:44.604 2282 INFO neutron.wsgi [req-9580f303-fe21-4226-b239-bf4e5f96da1a None] 192.168.1.5 - - [29/Jul/2015 11:18:44] "GET /v2.0/subnets.json?id=1a112b9c-1e4f-4545-bed0-1878a768c37f HTTP/1.1" 200 651 0.008424 2015-07-29 11:18:44.608 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52219) 2015-07-29 11:18:44.636 2282 INFO neutron.wsgi [req-f1b70c57-6cf4-451d-9d14-64923125154d None] 192.168.1.5 - - [29/Jul/2015 11:18:44] "GET /v2.0/ports.json?network_id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a&device_owner=network%3Adhcp HTTP/1.1" 200 226 0.025100 2015-07-29 11:19:46.465 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52220) 2015-07-29 11:19:46.480 2282 INFO neutron.wsgi [req-5f6ba9a0-8931-4b88-93aa-44fec4cfe0ea None] 192.168.1.5 - - [29/Jul/2015 11:19:46] "GET /v2.0/ports.json?tenant_id=50d58b42ce7043ac8f37d564fe1fb11c&device_id=52c3d98f-f99c-4d42-969b-16308cbf9db4 HTTP/1.1" 200 914 0.013275 2015-07-29 11:19:46.517 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52221) 2015-07-29 11:19:46.540 2282 INFO neutron.wsgi [req-c79a619e-6b96-42c0-97c8-cc49346cc899 None] 192.168.1.5 - - [29/Jul/2015 11:19:46] "GET /v2.0/networks.json?id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a HTTP/1.1" 200 591 0.019459 2015-07-29 11:19:46.542 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52222) 2015-07-29 11:19:46.548 2282 INFO neutron.wsgi [req-b07438d7-209d-4ef9-9471-7114fd206c0d None] 192.168.1.5 - - [29/Jul/2015 11:19:46] "GET /v2.0/floatingips.json?fixed_ip_address=10.1.160.133&port_id=6b6b034d-ea2e-410a-9ff2-2e7fd8765a86 HTTP/1.1" 200 232 0.004430 2015-07-29 11:19:46.550 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52223) 2015-07-29 11:19:46.569 2282 INFO neutron.wsgi [req-9e0a2047-0a88-453e-a74a-3521562ca7ce None] 192.168.1.5 - - [29/Jul/2015 11:19:46] "GET /v2.0/subnets.json?id=1a112b9c-1e4f-4545-bed0-1878a768c37f HTTP/1.1" 200 651 0.013845 2015-07-29 11:19:46.573 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52224) 2015-07-29 11:19:46.595 2282 INFO neutron.wsgi [req-764e383d-0c73-4272-9742-7a8ccbe517f9 None] 192.168.1.5 - - [29/Jul/2015 11:19:46] "GET /v2.0/ports.json?network_id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a&device_owner=network%3Adhcp HTTP/1.1" 200 226 0.019091 2015-07-29 11:20:46.467 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52225) 2015-07-29 11:20:46.483 2282 INFO neutron.wsgi [req-ebbeb3e6-19c7-4605-9afc-325c05372134 None] 192.168.1.5 - - [29/Jul/2015 11:20:46] "GET /v2.0/ports.json?tenant_id=50d58b42ce7043ac8f37d564fe1fb11c&device_id=52c3d98f-f99c-4d42-969b-16308cbf9db4 HTTP/1.1" 200 914 0.015388 2015-07-29 11:20:46.559 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52226) 2015-07-29 11:20:46.583 2282 INFO neutron.wsgi [req-4a0cdc3e-2738-4100-8126-98d1eb54bcfb None] 192.168.1.5 - - [29/Jul/2015 11:20:46] "GET /v2.0/networks.json?id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a HTTP/1.1" 200 591 0.023044 2015-07-29 11:20:46.591 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52227) 2015-07-29 11:20:46.597 2282 INFO neutron.wsgi [req-e9b58bde-5639-4a67-81e8-5dfb2b4405dd None] 192.168.1.5 - - [29/Jul/2015 11:20:46] "GET /v2.0/floatingips.json?fixed_ip_address=10.1.160.133&port_id=6b6b034d-ea2e-410a-9ff2-2e7fd8765a86 HTTP/1.1" 200 232 0.005366 2015-07-29 11:20:46.600 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52228) 2015-07-29 11:20:46.615 2282 INFO neutron.wsgi [req-dae26f14-a50b-4ab2-8bfc-65a40bd21df6 None] 192.168.1.5 - - [29/Jul/2015 11:20:46] "GET /v2.0/subnets.json?id=1a112b9c-1e4f-4545-bed0-1878a768c37f HTTP/1.1" 200 651 0.014688 2015-07-29 11:20:46.618 2282 INFO neutron.wsgi [-] (2282) accepted ('192.168.1.5', 52229) 2015-07-29 11:20:46.636 2282 INFO neutron.wsgi [req-85fe5752-b628-4c3c-a00d-903b3c811fab None] 192.168.1.5 - - [29/Jul/2015 11:20:46] "GET /v2.0/ports.json?network_id=2f9ce38e-28cd-4a42-b76d-e8cc072fca5a&device_owner=network%3Adhcp HTTP/1.1" 200 226 0.016777 ________________________________ De : Kevin Benton [blak111 at gmail.com] Date d'envoi : mardi 28 juillet 2015 23:54 ? : Asmaa Chebba Cc: Assaf Muller; OpenStack Operators Objet : Re: RE : [Openstack-operators] Can't launch docker instance, Unexpected vif_type=binding_failed. We also need to see the /etc/neutron/plugins/ml2/ml2_conf.ini from both because that has the physical network mappings. Also, I don't see anything obvious in the agent logs there. Can you include the portion surrounding the "Failed to bind port" message from the Neutron server log? On Tue, Jul 28, 2015 at 4:13 AM, Asmaa Chebba > wrote: openvswitch agent is running and the logs in compute2 are as follow: 1. OVS-cleanup.log 2015-06-20 12:52:19.976 1529 INFO neutron.agent.ovs_cleanup_util [-] OVS cleanup completed successfully 2015-06-23 15:48:43.401 1332 INFO neutron.common.config [-] Logging enabled! 2015-06-23 15:48:43.893 1332 INFO neutron.agent.ovs_cleanup_util [-] Cleaning br-int 2015-06-23 15:48:44.520 1332 INFO neutron.agent.ovs_cleanup_util [-] OVS cleanup completed successfully 2015-06-24 11:49:21.423 1770 INFO neutron.common.config [-] Logging enabled! 2015-06-24 11:49:22.123 1770 INFO neutron.agent.ovs_cleanup_util [-] Cleaning br-int 2015-06-24 11:49:22.628 1770 INFO neutron.agent.ovs_cleanup_util [-] OVS cleanup completed successfully 2015-06-25 00:21:55.634 1337 INFO neutron.common.config [-] Logging enabled! 2015-06-25 00:21:56.858 1337 INFO neutron.agent.ovs_cleanup_util [-] Cleaning br-int 2015-06-25 00:21:57.900 1337 INFO neutron.agent.ovs_cleanup_util [-] OVS cleanup completed successfully 2015-07-07 16:43:42.608 1457 INFO neutron.common.config [-] Logging enabled! 2015-07-07 16:43:43.399 1457 INFO neutron.agent.ovs_cleanup_util [-] Cleaning br-int 2015-07-07 16:43:43.792 1457 INFO neutron.agent.ovs_cleanup_util [-] OVS cleanup completed successfully 2015-07-08 15:04:31.954 1351 INFO neutron.common.config [-] Logging enabled! 2015-07-08 15:04:32.888 1351 INFO neutron.agent.ovs_cleanup_util [-] Cleaning br-int 2015-07-08 15:04:33.235 1351 INFO neutron.agent.ovs_cleanup_util [-] OVS cleanup completed successfully 2015-07-20 13:25:20.300 1550 INFO neutron.common.config [-] Logging enabled! 2015-07-20 13:25:22.665 1550 INFO neutron.agent.ovs_cleanup_util [-] Cleaning br-int 2015-07-20 13:25:22.770 1550 INFO neutron.agent.ovs_cleanup_util [-] OVS cleanup completed succe 2. Openvswitch-agent.log 2015-07-28 13:23:29.151 4615 ERROR neutron.agent.linux.ovsdb_monitor [-] Error received from ovsdb monitor: 2015-07-28T11:23:29Z|00001|fatal_signal|WARN|terminating with signal 15 (Terminated) 2015-07-28 13:23:29.190 4615 ERROR neutron.agent.linux.utils [-] Command: ['ps', '--ppid', '4764', '-o', 'pid='] Exit code: 1 Stdout: '' Stderr: '' 2015-07-28 13:23:29.835 4615 CRITICAL neutron [req-dbf6bc78-c2df-4454-9e19-5f09bf688ee9 None] AssertionError: Trying to re-send() an already-triggered event. 2015-07-28 13:23:29.835 4615 TRACE neutron Traceback (most recent call last): 2015-07-28 13:23:29.835 4615 TRACE neutron File "/usr/bin/neutron-openvswitch-agent", line 10, in 2015-07-28 13:23:29.835 4615 TRACE neutron sys.exit(main()) 2015-07-28 13:23:29.835 4615 TRACE neutron File "/usr/lib/python2.7/dist-packages/neutron/plugins/openvswitch/agent/ovs_neutron_agent.py", line 1565, in main 2015-07-28 13:23:29.835 4615 TRACE neutron agent.daemon_loop() 2015-07-28 13:23:29.835 4615 TRACE neutron File "/usr/lib/python2.7/dist-packages/neutron/plugins/openvswitch/agent/ovs_neutron_agent.py", line 1485, in daemon_loop 2015-07-28 13:23:29.835 4615 TRACE neutron self.rpc_loop(polling_manager=pm) 2015-07-28 13:23:29.835 4615 TRACE neutron File "/usr/lib/python2.7/contextlib.py", line 24, in __exit__ 2015-07-28 13:23:29.835 4615 TRACE neutron self.gen.next() 2015-07-28 13:23:29.835 4615 TRACE neutron File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/polling.py", line 39, in get_polling_manager 2015-07-28 13:23:29.835 4615 TRACE neutron pm.stop() 2015-07-28 13:23:29.835 4615 TRACE neutron File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/polling.py", line 106, in stop 2015-07-28 13:23:29.835 4615 TRACE neutron self._monitor.stop() 2015-07-28 13:23:29.835 4615 TRACE neutron File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/async_process.py", line 89, in stop 2015-07-28 13:23:29.835 4615 TRACE neutron self._kill() 2015-07-28 13:23:29.835 4615 TRACE neutron File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/ovsdb_monitor.py", line 99, in _kill 2015-07-28 13:23:29.835 4615 TRACE neutron super(SimpleInterfaceMonitor, self)._kill(*args, **kwargs) 2015-07-28 13:23:29.835 4615 TRACE neutron File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/async_process.py", line 116, in _kill 2015-07-28 13:23:29.835 4615 TRACE neutron self._kill_event.send() 2015-07-28 13:23:29.835 4615 TRACE neutron File "/usr/lib/python2.7/dist-packages/eventlet/event.py", line 150, in send 2015-07-28 13:23:29.835 4615 TRACE neutron assert self._result is NOT_USED, 'Trying to re-send() an already-triggered event.' 2015-07-28 13:23:29.835 4615 TRACE neutron AssertionError: Trying to re-send() an already-triggered event. 2015-07-28 13:23:29.835 4615 TRACE neutron 2015-07-28 13:23:32.197 6195 INFO neutron.common.config [-] Logging enabled! 2015-07-28 13:23:33.005 6195 INFO oslo.messaging._drivers.impl_rabbit [-] Connecting to AMQP server on controller:5672 2015-07-28 13:23:33.120 6195 INFO oslo.messaging._drivers.impl_rabbit [-] Connected to AMQP server on controller:5672 2015-07-28 13:23:33.126 6195 INFO oslo.messaging._drivers.impl_rabbit [-] Connecting to AMQP server on controller:5672 2015-07-28 13:23:33.143 6195 INFO oslo.messaging._drivers.impl_rabbit [-] Connected to AMQP server on controller:5672 2015-07-28 13:23:34.287 6195 INFO oslo.messaging._drivers.impl_rabbit [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connecting to AMQP server on controller:5672 2015-07-28 13:23:34.304 6195 INFO oslo.messaging._drivers.impl_rabbit [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connected to AMQP server on controller:5672 2015-07-28 13:23:34.315 6195 INFO oslo.messaging._drivers.impl_rabbit [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connecting to AMQP server on controller:5672 2015-07-28 13:23:34.321 6195 INFO oslo.messaging._drivers.impl_rabbit [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connected to AMQP server on controller:5672 2015-07-28 13:23:34.327 6195 INFO oslo.messaging._drivers.impl_rabbit [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connecting to AMQP server on controller:5672 2015-07-28 13:23:34.333 6195 INFO oslo.messaging._drivers.impl_rabbit [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connected to AMQP server on controller:5672 2015-07-28 13:23:34.338 6195 INFO oslo.messaging._drivers.impl_rabbit [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connecting to AMQP server on controller:5672 2015-07-28 13:23:34.344 6195 INFO oslo.messaging._drivers.impl_rabbit [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connected to AMQP server on controller:5672 2015-07-28 13:23:34.349 6195 INFO oslo.messaging._drivers.impl_rabbit [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connecting to AMQP server on controller:5672 2015-07-28 13:23:34.356 6195 INFO oslo.messaging._drivers.impl_rabbit [req-15e7e089-2323-4101-811e-ff2537fe3c27 ] Connected to AMQP server on controller:5672 2015-07-28 13:23:34.360 6195 INFO neutron.plugins.openvswitch.agent.ovs_neutron_agent [req-15e7e089-2323-4101-811e-ff2537fe3c27 None] Agent initialized successfully, now running... 2015-07-28 13:23:34.367 6195 INFO neutron.plugins.openvswitch.agent.ovs_neutron_agent [req-15e7e089-2323-4101-811e-ff2537fe3c27 None] Agent out of sync with plugin! 2015-07-28 13:23:34.447 6195 INFO neutron.plugins.openvswitch.agent.ovs_neutron_agent [req-15e7e089-2323-4101-811e-ff2537fe3c27 None] Agent tunnel out of sync with plugin! 3. Openvswitch-agent.log.1 ==> 2015-07-26 12:15:51.431 4615 INFO neutron.agent.securitygroups_rpc [req-8d59b5d6-4b0f-4ced-a336-5a94159ac601 None] Security group member updated [u'b6692f4f-f96e-48eb-a796-8df11fb6c16b'] - And the result of ovs-vsctl show: 0a578213-5de5-48fd-923e-14b7b201c6c8 Bridge br-int fail_mode: secure Port br-int Interface br-int type: internal Port patch-tun Interface patch-tun type: patch options: {peer=patch-int} Bridge br-tun fail_mode: secure Port "gre-c0a80204" Interface "gre-c0a80204" type: gre options: {df_default="true", in_key=flow, local_ip="192.168.2.5", out_key=flow, remote_ip="192.168.2.4"} Port br-tun Interface br-tun type: internal Port patch-int Interface patch-int type: patch options: {peer=patch-tun} Port "gre-c0a80203" Interface "gre-c0a80203" type: gre options: {df_default="true", in_key=flow, local_ip="192.168.2.5", out_key=flow, remote_ip="192.168.2.3"} Port "gre-c0a80202" Interface "gre-c0a80202" type: gre options: {df_default="true", in_key=flow, local_ip="192.168.2.5", out_key=flow, remote_ip="192.168.2.2"} ovs_version: "2.0.2" As for the configuration, here is the files of neutron.conf: 1. ON compute [DEFAULT] verbose = True lock_path = $state_path/lock core_plugin = ml2 service_plugins = router auth_strategy = keystone allow_overlapping_ips = True rabbit_host=controller [agent] root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf [keystone_authtoken] auth_uri = http://controller:5000/v2.0 identity_uri = http://controller:35357 admin_tenant_name = service admin_user = neutron admin_password = PASSWORD [service_providers] service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default 2. ON controller [DEFAULT] verbose = True lock_path = $state_path/lock core_plugin = ml2 service_plugins = router auth_strategy = keystone allow_overlapping_ips = True agent_down_time = 1000 notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True nova_url = http://controller:8774/v2 nova_region_name = regionOne nova_admin_username = nova nova_admin_tenant_id =f41a56a0ca3d4ef982fadb9b2363c09f nova_admin_password = PASSWORD nova_admin_auth_url = http://controller:35357/v2.0 rabbit_host=controller rabbit_password=PASSWORD rpc_backend=rabbit [agent] root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf report_interval = 100 [keystone_authtoken] auth_uri = http://controller:5000/v2.0 identity_uri = http://controller:35357 admin_tenant_name = service admin_user = neutron admin_password = PASSWORD [database] connection = mysql://neutron:PASSWORD at controller/neutron [service_providers] service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default Thanks. ________________________________________ De : Assaf Muller [amuller at redhat.com] Date d'envoi : lundi 27 juillet 2015 15:13 ? : Kevin Benton Cc: Asmaa Chebba; OpenStack Operators Objet : Re: [Openstack-operators] Can't launch docker instance, Unexpected vif_type=binding_failed. Also can you paste the configuration for both the OVS agent and your neutron server? Binding failure is almost always a configuration mismatch. ----- Original Message ----- > > > Is the neutron openvswitch agent running on host compute2? What do the logs > say for the agent there? > On Jul 22, 2015 07:22, "Asmaa Chebba" < achebba at cdta.dz > wrote: > > > > Hi, > I installed Docker with juno release on Ubuntu > all compute/networking services are up and enabled, and I can add docker > images with glance however, I can't launch an instance (stopped at spawning > step) > in the nova-compute log, I found : > Instance failed to spawn > InstanceDeployFailure: Cannot setup network: Unexpected > vif_type=binding_failed > and when verifying the neutron-server log: > Failed to bind port 5d299cc9-e3f3-48a0-a80f-f204910a47e7 on host compute2 > > Any idea on how to solve this? > I appriciate your help. > Tahnks. > > > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > -- Kevin Benton -------------- next part -------------- An HTML attachment was scrubbed... URL: From caius.howcroft at gmail.com Wed Jul 29 14:36:20 2015 From: caius.howcroft at gmail.com (Caius Howcroft) Date: Wed, 29 Jul 2015 10:36:20 -0400 Subject: [Openstack-operators] Ceph backed 'boot from volume' downloading image Message-ID: Hi, We (bloomberg) are preparing to roll out kilo into production and one thing is causing a lot of grief. I wonder if anyone else has encountered it. We run BCPC (https://github.com/bloomberg/chef-bcpc) which is ceph backed. When we boot an instance from volume the cinder create volume from image function ( https://github.com/openstack/cinder/blob/stable/kilo/cinder/volume/drivers/rbd.py#L850) ends up pulling the entire image through the glance API, so lots of tenants doing this creates quite a bit of load on our API nodes. We were confused why it did this, when its way more efficient to go directly via rbd clone, we created a patch and tested and it seems to work just fine (and an order of magnitude faster) https://github.com/bloomberg/chef-bcpc/pull/742 So, the question is: what are other ceph backed installations doing ? Caius -- Caius Howcroft @caiushowcroft http://www.linkedin.com/in/caius From matt at nycresistor.com Wed Jul 29 14:53:33 2015 From: matt at nycresistor.com (matt) Date: Wed, 29 Jul 2015 10:53:33 -0400 Subject: [Openstack-operators] Ceph backed 'boot from volume' downloading image In-Reply-To: References: Message-ID: Caius why not submit that patch to openstack review for cinder? I'm sure more than a few of us would be glad to voice our desire for it or something much like it to land in liberty. -Matt On Wed, Jul 29, 2015 at 10:36 AM, Caius Howcroft wrote: > Hi, > > We (bloomberg) are preparing to roll out kilo into production and one > thing is causing a lot of grief. I wonder if anyone else has > encountered it. > > We run BCPC (https://github.com/bloomberg/chef-bcpc) which is ceph > backed. When we boot an instance from volume the cinder create volume > from image function ( > > https://github.com/openstack/cinder/blob/stable/kilo/cinder/volume/drivers/rbd.py#L850 > ) > ends up pulling the entire image through the glance API, so lots of > tenants doing this creates quite a bit of load on our API nodes. > > We were confused why it did this, when its way more efficient to go > directly via rbd clone, we created a patch and tested and it seems to > work just fine (and an order of magnitude faster) > https://github.com/bloomberg/chef-bcpc/pull/742 > > So, the question is: what are other ceph backed installations doing ? > > Caius > > > -- > Caius Howcroft > @caiushowcroft > http://www.linkedin.com/in/caius > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mvanwink at rackspace.com Wed Jul 29 15:39:16 2015 From: mvanwink at rackspace.com (Matt Van Winkle) Date: Wed, 29 Jul 2015 15:39:16 +0000 Subject: [Openstack-operators] [Large Deployment Team] Anyone mind the meeting in August being on the 4th Thursday? In-Reply-To: <02A208CE-BAD9-49D8-9FD1-410F2E5505D6@gmail.com> References: <02A208CE-BAD9-49D8-9FD1-410F2E5505D6@gmail.com> Message-ID: Since there doesn't seem to be any concern, I've made it official and updated the Next meeting section here https://wiki.openstack.org/wiki/Meetings/LDT#Agenda_for_next_meeting "See" you all on the 27th. Thanks! VW From: Sam Morrison > Date: Sunday, July 26, 2015 7:08 PM To: Matt Van Winkle > Cc: "openstack-operators at lists.openstack.org" > Subject: Re: [Openstack-operators] [Large Deployment Team] Anyone mind the meeting in August being on the 4th Thursday? Sounds good to me Sam On 25 Jul 2015, at 12:07 am, Matt Van Winkle > wrote: Hey folks, Following the July meeting last night, I was looking ahead to next month and saw that the week we would normally have it is the same as the Ops mid-cycle. The meet up will be Tuesday and Wednesday, so given that some in LDT might be traveling on Thursday, it seemed best to bump it back a week. Any serious objections? Thanks! VW _______________________________________________ OpenStack-operators mailing list OpenStack-operators at lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -------------- next part -------------- An HTML attachment was scrubbed... URL: From wateringcan at gmail.com Wed Jul 29 16:07:32 2015 From: wateringcan at gmail.com (Matt Thompson) Date: Wed, 29 Jul 2015 17:07:32 +0100 Subject: [Openstack-operators] [os-ansible-deployment][openstack-ansible] Ceph / OpenStack Integration Message-ID: Hi All, We've got an open blueprint [1] on the os-ansible-deployment project to add the ability to configure Cinder / Glance / Nova to use an existing Ceph storage backend. The implementation [2] is in flight and has seen some thorough reviews already, but we welcome anyone with Ceph / OpenStack experience to have a look and to let us know if there is anything that can be improved upon. For those without Ceph experience, we'd also appreciate help with the testing of the different components to identify any edge cases. While we currently do not include playbooks to deploy a Ceph storage cluster in os-ansible-deployment itself, we've been using Sebastien's roles [3] which have been working well and are relatively painless to get going. If you've got any questions on getting the review [2] tested or getting a Ceph storage cluster set up for testing purposes, please swing by #openstack-ansible on Freenode and let us know. We've got core members in different timezones, so there's usually someone around to answer questions. Lastly, thanks to Serge (svg) for all the work he's put into the implementation [2] -- we hope to get this merged soon! :) Thanks, Matt (mattt) [1] https://blueprints.launchpad.net/openstack-ansible/+spec/ceph-block-devices [2] https://review.openstack.org/#/c/181957 [3] https://github.com/ceph/ceph-ansible -------------- next part -------------- An HTML attachment was scrubbed... URL: From maishsk at maishsk.com Wed Jul 29 16:27:00 2015 From: maishsk at maishsk.com (Maish Saidel-Keesing) Date: Wed, 29 Jul 2015 09:27:00 -0700 Subject: [Openstack-operators] [all] OpenStack voting by the numbers Message-ID: <55B8FED4.5040303@maishsk.com> Some of my thoughts on the Voting process. http://technodrone.blogspot.com/2015/07/openstack-summit-voting-by-numbers.html Guess which category has the most number of submissions?? ;) -- Best Regards, Maish Saidel-Keesing From openstack at medberry.net Wed Jul 29 16:36:25 2015 From: openstack at medberry.net (David Medberry) Date: Wed, 29 Jul 2015 10:36:25 -0600 Subject: [Openstack-operators] [all] OpenStack voting by the numbers In-Reply-To: <55B8FED4.5040303@maishsk.com> References: <55B8FED4.5040303@maishsk.com> Message-ID: Nice writeup maish! very nice. On Wed, Jul 29, 2015 at 10:27 AM, Maish Saidel-Keesing wrote: > Some of my thoughts on the Voting process. > > > http://technodrone.blogspot.com/2015/07/openstack-summit-voting-by-numbers.html > > Guess which category has the most number of submissions?? > ;) > > -- > Best Regards, > Maish Saidel-Keesing > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jdurgin at redhat.com Wed Jul 29 18:31:38 2015 From: jdurgin at redhat.com (Josh Durgin) Date: Wed, 29 Jul 2015 11:31:38 -0700 Subject: [Openstack-operators] Ceph backed 'boot from volume' downloading image In-Reply-To: References: Message-ID: <55B91C0A.10607@redhat.com> Hi Caius, This has existed in the rbd cinder driver since volume-to-image was added: https://github.com/openstack/cinder/blob/stable/kilo/cinder/volume/drivers/rbd.py#L823 Cinder falls back to doing the full copy if glance doesn't report the location, or it's not marked as raw format. If glance doesn't have show_image_direct_url = True, or cinder doesn't have glance_api_version = 2, cinder won't be able to do the clone. See http://ceph.com/docs/master/rbd/rbd-openstack/#configure-openstack-to-use-ceph for more details. Josh On 07/29/2015 07:36 AM, Caius Howcroft wrote: > Hi, > > We (bloomberg) are preparing to roll out kilo into production and one > thing is causing a lot of grief. I wonder if anyone else has > encountered it. > > We run BCPC (https://github.com/bloomberg/chef-bcpc) which is ceph > backed. When we boot an instance from volume the cinder create volume > from image function ( > https://github.com/openstack/cinder/blob/stable/kilo/cinder/volume/drivers/rbd.py#L850) > ends up pulling the entire image through the glance API, so lots of > tenants doing this creates quite a bit of load on our API nodes. > > We were confused why it did this, when its way more efficient to go > directly via rbd clone, we created a patch and tested and it seems to > work just fine (and an order of magnitude faster) > https://github.com/bloomberg/chef-bcpc/pull/742 > > So, the question is: what are other ceph backed installations doing ? From klindgren at godaddy.com Wed Jul 29 18:55:02 2015 From: klindgren at godaddy.com (Kris G. Lindgren) Date: Wed, 29 Jul 2015 18:55:02 +0000 Subject: [Openstack-operators] Make libguestfs available on pypi Message-ID: We are packaging nova in a venv so that we can run some kilo code on top of some cent6 nodes (default python install is 2.6) (additionally we are working on replacing the cent6 nodes with a newer os, but when you have a large number of machines - things take time). We are using python27 software collections and pretty much everything is working. But the issue is that libguestfs is not able to be installed in a venv via normal means (pip install). I would like to make the request that libguestfs get added to pypi. The following bug has already been created over a year ago [1], and it looks like most of the work on the libguestfs side is already done [2]. It seems something about a complaint of licensing per the bug report. [1] - https://bugzilla.redhat.com/show_bug.cgi?id=1075594 [2] - https://github.com/libguestfs/libguestfs/commit/fcbfc4775fa2a44020974073594a745ca420d614 ____________________________________________ Kris Lindgren Senior Linux Systems Engineer GoDaddy, LLC. -------------- next part -------------- An HTML attachment was scrubbed... URL: From erent at skyatlas.com Wed Jul 29 13:01:34 2015 From: erent at skyatlas.com (=?UTF-8?B?RXJlbiBUw7xya2F5?=) Date: Wed, 29 Jul 2015 16:01:34 +0300 Subject: [Openstack-operators] Which Puppet Modules To Use? Message-ID: <55B8CEAE.9080005@skyatlas.com> Hello, There are a number of puppet modules for deploying OpenStack. So far, I've seen modules in puppetlabs, stackforge, and mirantis. Which one do you guys use and suggest? I know that every module is merged into "big tent" [0] but still, I'm curious as modules outside of the big tent seem to be developed as well. Regards, [0] https://wiki.openstack.org/wiki/Puppet -- Eren T?rkay, System Administrator https://skyatlas.com/ | +90 850 885 0357 Yildiz Teknik Universitesi Davutpasa Kampusu Teknopark Bolgesi, D2 Blok No:107 Esenler, Istanbul Pk.34220 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From openstack at medberry.net Wed Jul 29 19:13:23 2015 From: openstack at medberry.net (David Medberry) Date: Wed, 29 Jul 2015 13:13:23 -0600 Subject: [Openstack-operators] [Openstack] [all] OpenStack voting by the numbers In-Reply-To: <82EDA06B185D5C43A005A9A344C34B2708D99353@G9W0760.americas.hpqcorp.net> References: <55B8FED4.5040303@maishsk.com> <82EDA06B185D5C43A005A9A344C34B2708D99353@G9W0760.americas.hpqcorp.net> Message-ID: This is just different projects. The vote numbers won't be public for a day or two, if ever. The votes don't fully determine what gets selected. The Track Chairpeople make those final calls. On Wed, Jul 29, 2015 at 12:44 PM, Perry, Sean wrote: > Where are the actual vote numbers? How did you acquire them? You list > popularity but do not describe a method or provide proof. > > > -----Original Message----- > > From: Maish Saidel-Keesing [mailto:maishsk at maishsk.com] > > Sent: Wednesday, July 29, 2015 9:27 AM > > To: openstack-operators at lists.openstack.org; > > openstack at lists.openstack.org > > Subject: [Openstack] [all] OpenStack voting by the numbers > > > > Some of my thoughts on the Voting process. > > > > http://technodrone.blogspot.com/2015/07/openstack-summit-voting-by- > > numbers.html > > > > Guess which category has the most number of submissions?? > > ;) > > > > -- > > Best Regards, > > Maish Saidel-Keesing > > > > _______________________________________________ > > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > Post to : openstack at lists.openstack.org > > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack at lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > -------------- next part -------------- An HTML attachment was scrubbed... URL: From caius.howcroft at gmail.com Wed Jul 29 19:24:27 2015 From: caius.howcroft at gmail.com (Caius Howcroft) Date: Wed, 29 Jul 2015 15:24:27 -0400 Subject: [Openstack-operators] Ceph backed 'boot from volume' downloading image In-Reply-To: <55B91C0A.10607@redhat.com> References: <55B91C0A.10607@redhat.com> Message-ID: ahh thank you, we will dig through our config again and see of something isn't right. On Wed, Jul 29, 2015 at 2:31 PM, Josh Durgin wrote: > Hi Caius, > > This has existed in the rbd cinder driver since volume-to-image was added: > > https://github.com/openstack/cinder/blob/stable/kilo/cinder/volume/drivers/rbd.py#L823 > > Cinder falls back to doing the full copy if glance doesn't report the > location, or it's not marked as raw format. > > If glance doesn't have show_image_direct_url = True, or cinder doesn't > have glance_api_version = 2, cinder won't be able to do the clone. See > > http://ceph.com/docs/master/rbd/rbd-openstack/#configure-openstack-to-use-ceph > > for more details. > > Josh > > > On 07/29/2015 07:36 AM, Caius Howcroft wrote: >> >> Hi, >> >> We (bloomberg) are preparing to roll out kilo into production and one >> thing is causing a lot of grief. I wonder if anyone else has >> encountered it. >> >> We run BCPC (https://github.com/bloomberg/chef-bcpc) which is ceph >> backed. When we boot an instance from volume the cinder create volume >> from image function ( >> >> https://github.com/openstack/cinder/blob/stable/kilo/cinder/volume/drivers/rbd.py#L850) >> ends up pulling the entire image through the glance API, so lots of >> tenants doing this creates quite a bit of load on our API nodes. >> >> We were confused why it did this, when its way more efficient to go >> directly via rbd clone, we created a patch and tested and it seems to >> work just fine (and an order of magnitude faster) >> https://github.com/bloomberg/chef-bcpc/pull/742 >> >> So, the question is: what are other ceph backed installations doing ? > > -- Caius Howcroft @caiushowcroft http://www.linkedin.com/in/caius From maishsk at maishsk.com Wed Jul 29 19:37:26 2015 From: maishsk at maishsk.com (Maish Saidel-Keesing) Date: Wed, 29 Jul 2015 12:37:26 -0700 Subject: [Openstack-operators] [Openstack] [all] OpenStack voting by the numbers In-Reply-To: References: <55B8FED4.5040303@maishsk.com> <82EDA06B185D5C43A005A9A344C34B2708D99353@G9W0760.americas.hpqcorp.net> Message-ID: <55B92B76.206@maishsk.com> Hi Sean. The numbers were mined from the web pages by taking each and every submission up for voting, by category, and counting how many sessions were submitted and then ranking them. It is not a popularity contest - but more an interesting way of how I see what the numbers are saying. These are not results of how many people actually voted - as David said below, but how sessions were submitted for the voting process. The number of votes a session receives is not made public - and I am not really sure exactly how much influence the actual votes have on the selection process. (As David stated below) You are more than welcome to look over the raw data [1] On 07/29/15 12:13, David Medberry wrote: > This is just different projects. The vote numbers won't be public for > a day or two, if ever. The votes don't fully determine what gets > selected. The Track Chairpeople make those final calls. > > On Wed, Jul 29, 2015 at 12:44 PM, Perry, Sean > wrote: > > Where are the actual vote numbers? How did you acquire them? You > list popularity but do not describe a method or provide proof. > > > -----Original Message----- > > From: Maish Saidel-Keesing [mailto:maishsk at maishsk.com > ] > > Sent: Wednesday, July 29, 2015 9:27 AM > > To: openstack-operators at lists.openstack.org > ; > > openstack at lists.openstack.org > > Subject: [Openstack] [all] OpenStack voting by the numbers > > > > Some of my thoughts on the Voting process. > > > > http://technodrone.blogspot.com/2015/07/openstack-summit-voting-by- > > numbers.html > > > > Guess which category has the most number of submissions?? > > ;) > > > > -- > > Best Regards, > > Maish Saidel-Keesing > > > > > [1] http://paste.openstack.org/show/406304/ -- Best Regards, Maish Saidel-Keesing -------------- next part -------------- An HTML attachment was scrubbed... URL: From joe at topjian.net Wed Jul 29 19:38:25 2015 From: joe at topjian.net (Joe Topjian) Date: Wed, 29 Jul 2015 13:38:25 -0600 Subject: [Openstack-operators] Compressed Images Message-ID: Hello, In the "Create An Image" page of Horizon, it says the following: Currently only images available via an HTTP URL are supported. The image location must be accessible to the Image Service. Compressed image binaries are supported (.zip and .tar.gz.) Either I have something misconfigured, the text does not apply to *all* images, or the text is wrong. If I upload a QCOW2 image that has been zipped, gzip'd, or tar'd and gzip'd, the image is saved but instances fail to boot because of "no bootable device". Does Glance need configured a certain way to accept compressed files? Is there something on Horizon's side that needs configured? Do I need to use a different disk format other than QCOW2 when creating the image? Thanks, Joe -------------- next part -------------- An HTML attachment was scrubbed... URL: From jasghar at chef.io Wed Jul 29 19:45:49 2015 From: jasghar at chef.io (JJ Asghar) Date: Wed, 29 Jul 2015 14:45:49 -0500 Subject: [Openstack-operators] Chef cookbook In-Reply-To: References: Message-ID: <55B92D6D.8060406@chef.io> The best place to start is probably knife-openstack[1]. It'll do the integration you have with your chef server and bootstrap machines on your cloud. If you're receiving errors attempting to upload could you past some of them in a gist or something so we can take a look? If you haven't done it yet, i strongly suggest here[2] it'll walk you through your questions about getting cookbooks onto your nodes and leveraging them there. [1]: https://github.com/chef/knife-openstack [2]: http://learn.chef.io/ Best Regards, JJ Asghar c: 512.619.0722 t: @jjasghar irc: j^2 On 7/29/15 6:42 AM, dishware.adyanthaya at accenture.com wrote: > > Hi, > > > > I?ve integrated chef with openstack and needed to work on the > cookbooks. I wanted to upload a docker and mysql cookbook in specific > to the chef-dashboard. > > > > I?ve gone through the supermarket of the chef.io but I just ended up > confused. Moreover, when I tried uploading the cookbook it either gave > me an error. Could some give me the steps as to how to proceed from > the point of bringing the cookbooks to the node, uploading it and > adding it to the run list. > > > > Thank you! > > > ------------------------------------------------------------------------ > > This message is for the designated recipient only and may contain > privileged, proprietary, or otherwise confidential information. If you > have received it in error, please notify the sender immediately and > delete the original. Any other use of the e-mail by you is prohibited. > Where allowed by local law, electronic communications with Accenture > and its affiliates, including e-mail and instant messaging (including > content), may be scanned by our systems for the purposes of > information security and assessment of internal compliance with > Accenture policy. > ______________________________________________________________________________________ > > www.accenture.com > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -------------- next part -------------- An HTML attachment was scrubbed... URL: From richard at raseley.com Wed Jul 29 20:01:31 2015 From: richard at raseley.com (Richard Raseley) Date: Wed, 29 Jul 2015 13:01:31 -0700 Subject: [Openstack-operators] Which Puppet Modules To Use? In-Reply-To: <55B8CEAE.9080005@skyatlas.com> References: <55B8CEAE.9080005@skyatlas.com> Message-ID: <55B9311B.9060101@raseley.com> On 07/29/2015 06:01 AM, Eren T?rkay wrote: > There are a number of puppet modules for deploying OpenStack. So far, I've seen > modules in puppetlabs, stackforge, and mirantis. Which one do you guys use and > suggest? I know that every module is merged into "big tent" [0] but still, I'm > curious as modules outside of the big tent seem to be developed as well. Here at Puppet, we make use of the modules in the official OpenStack Puppet Modules[0] project (formerly part of StackForge). As I understand it Fuel is aligning towards using these as well. The ones under the 'puppetlabs' name are either deprecated or are intended to function as a working example of a composition layer (the Puppet code you write to 'glue' the other modules together). Regards, Richard Raseley Systems Operations Engineer @ Puppet Labs [0] - https://forge.puppetlabs.com/openstack -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: From matt at nycresistor.com Wed Jul 29 20:32:31 2015 From: matt at nycresistor.com (Matt Joyce) Date: Wed, 29 Jul 2015 20:32:31 +0000 Subject: [Openstack-operators] Compressed Images In-Reply-To: References: Message-ID: <1D945FC3-2645-42E8-865D-D4DCE11534C6@nycresistor.com> It might be a function of apache compression ? On July 29, 2015 3:38:25 PM EDT, Joe Topjian wrote: >Hello, > >In the "Create An Image" page of Horizon, it says the following: > >Currently only images available via an HTTP URL are supported. The >image >location must be accessible to the Image Service. Compressed image >binaries >are supported (.zip and .tar.gz.) > >Either I have something misconfigured, the text does not apply to *all* >images, or the text is wrong. > >If I upload a QCOW2 image that has been zipped, gzip'd, or tar'd and >gzip'd, the image is saved but instances fail to boot because of "no >bootable device". > >Does Glance need configured a certain way to accept compressed files? >Is >there something on Horizon's side that needs configured? Do I need to >use a >different disk format other than QCOW2 when creating the image? > >Thanks, >Joe > > >------------------------------------------------------------------------ > >_______________________________________________ >OpenStack-operators mailing list >OpenStack-operators at lists.openstack.org >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jesse.pretorius at gmail.com Wed Jul 29 21:04:04 2015 From: jesse.pretorius at gmail.com (Jesse Pretorius) Date: Wed, 29 Jul 2015 22:04:04 +0100 Subject: [Openstack-operators] [os-ansible-deployment][openstack-ansible] Release review/bug list for tomorrow's meeting Message-ID: Hi everyone, We need some support for reviews and bug updates, ideally before the next meeting at 16:00 UTC tomorrow as per https://wiki.openstack.org/wiki/Meetings/openstack-ansible#Agenda_for_next_meeting The following reviews are in-flight and are important for the upcoming releases, and therefore there is a need for more reviews and in some cases backports once the master patches have landed: https://review.openstack.org/#/q/starredby:%22Jesse+Pretorius%22+project:stackforge/os-ansible-deployment,n,z The upcoming releases (this weekend) are: Kilo: https://launchpad.net/openstack-ansible/+milestone/11.1.0 Juno: https://launchpad.net/openstack-ansible/+milestone/10.1.11 I?d appreciate it if everyone could take a look at the reviews ? some of which need to be rebased/changed - and the bugs that are not yet ?In Progress? and decide whether the solutions for the bugs will make it or not in time for the release. We?ll discuss everything in the list in the meeting and decide on the best course of action. -- Jesse Pretorius IRC: odyssey4me -------------- next part -------------- An HTML attachment was scrubbed... URL: From alopgeek at gmail.com Wed Jul 29 22:38:39 2015 From: alopgeek at gmail.com (Abel Lopez) Date: Wed, 29 Jul 2015 15:38:39 -0700 Subject: [Openstack-operators] Compressed Images In-Reply-To: References: Message-ID: That's an interesting find. I've only ever assumed "compressed image" to mean qcow2 (with or without compression in qcow2, both are pretty small compared to raw) I can imagine that '.zip and .tar.gz' might have applied to raw, which can be quite large, but ultimately, you're probably right and found text that needs updating. > On Jul 29, 2015, at 12:38 PM, Joe Topjian wrote: > > Hello, > > In the "Create An Image" page of Horizon, it says the following: > > Currently only images available via an HTTP URL are supported. The image location must be accessible to the Image Service. Compressed image binaries are supported (.zip and .tar.gz.) > > Either I have something misconfigured, the text does not apply to *all* images, or the text is wrong. > > If I upload a QCOW2 image that has been zipped, gzip'd, or tar'd and gzip'd, the image is saved but instances fail to boot because of "no bootable device". > > Does Glance need configured a certain way to accept compressed files? Is there something on Horizon's side that needs configured? Do I need to use a different disk format other than QCOW2 when creating the image? > > Thanks, > Joe > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 496 bytes Desc: Message signed with OpenPGP using GPGMail URL: From doc at aedo.net Wed Jul 29 23:08:00 2015 From: doc at aedo.net (Christopher Aedo) Date: Wed, 29 Jul 2015 16:08:00 -0700 Subject: [Openstack-operators] [app-catalog] IRC Meeting Thursday July 30th at 17:00UTC Message-ID: Hello! Our next OpenStack App Catalog meeting will take place this Thursday July 20th at 17:00 UTC in #openstack-meeting-3 The agenda can be found here: https://wiki.openstack.org/wiki/Meetings/app-catalog Please add agenda items if there's anything specific you would like to discuss. For this weeks meeting my primary intention is to discuss the roadmap, everything we'd like to accomplish before the next summit, and determine who all will be helping get it done. Please join us if you can! -Christopher From prometheanfire at gentoo.org Thu Jul 30 01:32:20 2015 From: prometheanfire at gentoo.org (Matthew Thode) Date: Wed, 29 Jul 2015 20:32:20 -0500 Subject: [Openstack-operators] release of openstack-kilo 2015.1.1 (gentoo) Message-ID: <55B97EA4.5060002@gentoo.org> Just got done finishing up the release (for those of you not using the live ebuilds, which I highly recommend). I've also added pre-install testing to nova. Let me know if you have issues. -- Matthew Thode (prometheanfire) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From siv.devops at gmail.com Thu Jul 30 02:56:35 2015 From: siv.devops at gmail.com (pra devOPS) Date: Wed, 29 Jul 2015 19:56:35 -0700 Subject: [Openstack-operators] docker for icehouse heat pluign Message-ID: Hi All: I have installed the docker pluign on icehouse on Centos 7. I had installed heat and docker plugin , While I am restarting the heat after installing the docker pluing . openstack-heat-engine does not start, I get below in the engine.log. Failed to import module heat.engine.plugins.heat_docker.resources.docker_container No Module oslog.log. Will installing oslo.log heps ? Or whats the error about heat_docker container. Any help on this is much appreciated. Thanks, Dev -------------- next part -------------- An HTML attachment was scrubbed... URL: From maishsk at maishsk.com Thu Jul 30 03:29:46 2015 From: maishsk at maishsk.com (Maish Saidel-Keesing) Date: Wed, 29 Jul 2015 20:29:46 -0700 Subject: [Openstack-operators] [tags] Meeting this week In-Reply-To: <55B86499.9080805@openstack.org> References: <5590CC1D.1010809@openstack.org> <55A76707.1050008@maishsk.com> <55A768AA.2040005@openstack.org> <55A78954.5070707@maishsk.com> <55A7AD7E.7030201@openstack.org> <55B86499.9080805@openstack.org> Message-ID: <55B99A2A.3090003@maishsk.com> I will probably be in flight at that time - so I am sorry but I Will not be able to join. On 07/28/15 22:28, Tom Fifield wrote: > Hi all, > > I think it's probably a good idea to have a meeting in our scheduled > slot 1400 UTC on Thurs 30th July. > > I'll actually be in Beijing at the time, but I've planned to be there, > but it something goes wrong, it would be great if someone could run > the meeting. I think a good discussion topic is what you'd like to do > for the mid-cycle ops event as we'll likely have a 90 minute in-person > session. > > > Regards, > > > Tom > > On 16/07/15 21:11, Tom Fifield wrote: >> OK, if there isn't soon an outpouring of support for this meeting, I >> think it's best cancelled :) >> >> >> On 16/07/15 18:37, Maish Saidel-Keesing wrote: >>> I would prefer to defer today's meeting >>> >>> On 07/16/15 11:17, Tom Fifield wrote: >>>> Hi, >>>> >>>> According to the logs from last week, which are sadly in yet another >>>> directory: http://eavesdrop.openstack.org/meetings/_operator_tags/ >>>> , we >>>> do have a meeting this week, but the only agenda item (Jamespage & >>>> markbaker - thoughts on packaging) didn't pan out since markbaker >>>> wasn't >>>> available. >>>> >>>> Is there interest for a meeting, and any proposed topics? ops:ha? >>>> >>>> Regards, >>>> >>>> >>>> Tom >>>> >>>> >>>> >>>> On 16/07/15 16:10, Maish Saidel-Keesing wrote: >>>>> Are we having a meeting today at 14:00 UTC? >>>>> >>>>> On 06/29/15 07:39, Tom Fifield wrote: >>>>>> Hi, >>>>>> >>>>>> As noted last meeting, we didn't get even half way through out >>>>>> agenda, >>>>>> so we will meet this week as well. >>>>>> >>>>>> So, join us this Thursday Jul 2nd 1400 UTC in #openstack-meeting on >>>>>> freenode >>>>>> (http://www.timeanddate.com/worldclock/fixedtime.html?iso=20150702T1400 >>>>>> >>>>>> ) >>>>>> >>>>>> To kick off with agenda item #4: >>>>>> https://etherpad.openstack.org/p/ops-tags-June-2015 >>>>>> >>>>>> Previous meeting notes can be found at: >>>>>> http://eavesdrop.openstack.org/meetings/ops_tags/2015/ >>>>>> >>>>>> >>>>>> Regards, >>>>>> >>>>>> >>>>>> Tom >>>>>> >>> >> >> >> _______________________________________________ >> OpenStack-operators mailing list >> OpenStack-operators at lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -- Best Regards, Maish Saidel-Keesing From aishwarya.adyanthaya at accenture.com Thu Jul 30 04:22:08 2015 From: aishwarya.adyanthaya at accenture.com (aishwarya.adyanthaya at accenture.com) Date: Thu, 30 Jul 2015 04:22:08 +0000 Subject: [Openstack-operators] ssh inside instance Message-ID: Hi, I've launched two instances from my openstack dashboard. Firstly I created instance one, where I generated a key through the ssh-keygen command, pasting the public key contents to import key in the access and security. Using this key I launched second instance. I want to be able to ssh the second instance from my first instance. Could someone tell me how to work it out? Thank you, Aishwarya Adyanthaya ________________________________ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. ______________________________________________________________________________________ www.accenture.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From erent at skyatlas.com Thu Jul 30 07:25:50 2015 From: erent at skyatlas.com (=?windows-1252?Q?Eren_T=FCrkay?=) Date: Thu, 30 Jul 2015 10:25:50 +0300 Subject: [Openstack-operators] Which Puppet Modules To Use? In-Reply-To: <55B9311B.9060101@raseley.com> References: <55B8CEAE.9080005@skyatlas.com> <55B9311B.9060101@raseley.com> Message-ID: <55B9D17E.5010608@skyatlas.com> On 29-07-2015 23:01, Richard Raseley wrote: > Here at Puppet, we make use of the modules in the official OpenStack > Puppet Modules[0] project (formerly part of StackForge). As I understand > it Fuel is aligning towards using these as well. The ones under the > 'puppetlabs' name are either deprecated or are intended to function as a > working example of a composition layer (the Puppet code you write to > 'glue' the other modules together). Thank you for your reply. I guess I will be using official puppet modules as you stated and I believe the source for those modules are hosted in github repository: https://github.com/openstack?utf8=%E2%9C%93&query=puppet > Regards, > > Richard Raseley Regards, -- Eren T?rkay, System Administrator https://skyatlas.com/ | +90 850 885 0357 Yildiz Teknik Universitesi Davutpasa Kampusu Teknopark Bolgesi, D2 Blok No:107 Esenler, Istanbul Pk.34220 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From Neil.Jerram at metaswitch.com Thu Jul 30 08:08:27 2015 From: Neil.Jerram at metaswitch.com (Neil Jerram) Date: Thu, 30 Jul 2015 08:08:27 +0000 Subject: [Openstack-operators] ssh inside instance Message-ID: <20150730080825.5701712.56891.2524@metaswitch.com> Hi Aishwarya, The basic requirement here is that anyone - which really means a combination of a computer or instance, plus a user on that computer/instance - needs to have the private key that matches the public key that is installed on the target instance. You've asked about logging in from your first instance ?- let's call it A - so you need to save the private key in a file on A - let's call it private_key - and give it 600 permissions: chmod 600 private_key Then you can use this key with SSH like this: ssh -i private_key USER at OTHER-INSTANCE Hope that helps. Regards, Neil From: aishwarya.adyanthaya at accenture.com Sent: Thursday, 30 July 2015 05:24 To: openstack-operators at lists.openstack.org Subject: [Openstack-operators] ssh inside instance Hi, I?ve launched two instances from my openstack dashboard. Firstly I created instance one, where I generated a key through the ssh-keygen command, pasting the public key contents to import key in the access and security. Using this key I launched second instance. I want to be able to ssh the second instance from my first instance. Could someone tell me how to work it out? Thank you, Aishwarya Adyanthaya ________________________________ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. ______________________________________________________________________________________ www.accenture.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From aishwarya.adyanthaya at accenture.com Thu Jul 30 08:14:21 2015 From: aishwarya.adyanthaya at accenture.com (aishwarya.adyanthaya at accenture.com) Date: Thu, 30 Jul 2015 08:14:21 +0000 Subject: [Openstack-operators] ssh inside instance In-Reply-To: <20150730080825.5701712.56891.2524@metaswitch.com> References: <20150730080825.5701712.56891.2524@metaswitch.com> Message-ID: <753e8e6402fe4cada2bdb706ed7ec6fc@CO2PR42MB188.048d.mgd.msft.net> Hi Neil, I did the same as you have suggested. I have created an instance A and generated a private_key, giving it 600 permission. Using the key I launched the instance B but when I ssh from the instance A after a while it reads: Read from socket failed: Connection timed out I even tried with ssh ?v hostname to test on one the machine outside openstack and the instance. root at new:/home/ubuntu# ssh -v new OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to new [10.x.x.x] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH_6.6.1* compat 0x04000000 debug1: SSH2_MSG_KEXINIT sent Read from socket failed: Connection timed out So this is what I?m getting again. Thank you, Aishwarya From: Neil Jerram [mailto:Neil.Jerram at metaswitch.com] Sent: Thursday, July 30, 2015 1:38 PM To: Adyanthaya, Aishwarya; openstack-operators at lists.openstack.org Subject: Re: [Openstack-operators] ssh inside instance Hi Aishwarya, The basic requirement here is that anyone - which really means a combination of a computer or instance, plus a user on that computer/instance - needs to have the private key that matches the public key that is installed on the target instance. You've asked about logging in from your first instance ?- let's call it A - so you need to save the private key in a file on A - let's call it private_key - and give it 600 permissions: chmod 600 private_key Then you can use this key with SSH like this: ssh -i private_key USER at OTHER-INSTANCE Hope that helps. Regards, Neil From: aishwarya.adyanthaya at accenture.com Sent: Thursday, 30 July 2015 05:24 To: openstack-operators at lists.openstack.org Subject: [Openstack-operators] ssh inside instance Hi, I?ve launched two instances from my openstack dashboard. Firstly I created instance one, where I generated a key through the ssh-keygen command, pasting the public key contents to import key in the access and security. Using this key I launched second instance. I want to be able to ssh the second instance from my first instance. Could someone tell me how to work it out? Thank you, Aishwarya Adyanthaya ________________________________ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. ______________________________________________________________________________________ www.accenture.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From 16189455 at qq.com Thu Jul 30 11:08:17 2015 From: 16189455 at qq.com (=?gb18030?B?09q94A==?=) Date: Thu, 30 Jul 2015 19:08:17 +0800 Subject: [Openstack-operators] [neutron]How to use external_net? Message-ID: Hi all, I find that if setting the value of router:external=True for a net(example: neutron net-update netID --router:external=True) Users in other tenants could allocate floating IP from this net(example: neutron floatingip-create netID). But how could this floating IP bind to a VM created by the user from other tenants? The network is unreachable. Or do I misunderstand the function? Thanks, Yu -------------- next part -------------- An HTML attachment was scrubbed... URL: From abhishek.talwar at tcs.com Thu Jul 30 11:20:34 2015 From: abhishek.talwar at tcs.com (Abhishek Talwar) Date: Thu, 30 Jul 2015 16:50:34 +0530 Subject: [Openstack-operators] [kilo-multinode] Live-Migration Error Message-ID: An HTML attachment was scrubbed... URL: From rpodolyaka at mirantis.com Thu Jul 30 12:36:25 2015 From: rpodolyaka at mirantis.com (Roman Podoliaka) Date: Thu, 30 Jul 2015 15:36:25 +0300 Subject: [Openstack-operators] [kilo-multinode] Live-Migration Error In-Reply-To: References: Message-ID: Check you can ping the destination host using the host name - compute1-VirtualBox - as this is what Nova passes to libvirt when doing live migration. On Thu, Jul 30, 2015 at 2:20 PM, Abhishek Talwar wrote: > Hi, > > I have a multinode OpenStack kilo setup with 2 compute nodes, a controller > and a network node. I am trying to migrate a Vm from host to the other, but > there is a migration failure and the VM stays on the same host. > > I can ping between the compute nodes, and I have set libvirt to listen mode. > Using the following steps: > > Modify /etc/libvirt/libvirtd.conf. before : #listen_tls = 0 after : > listen_tls = 0 > > before : #listen_tcp = 1 after : listen_tcp = 1 > > add: auth_tcp = "none" > > Modify /etc/init/libvirt-bin.conf. before : exec /usr/sbin/libvirtd -d after > : exec /usr/sbin/libvirtd -d -l -l is short for ?listen > > Modify /etc/default/libvirt-bin. before :libvirtd_opts=" -d" after > :libvirtd_opts=" -d -l" > > Restart libvirt. After executing the command, ensure that libvirt is > successfully restarted. $ stop libvirt-bin && start libvirt-bin $ ps -ef | > grep libvirt > > Nova compute(Compute) logs: > > 2015-07-30 10:05:56.928 2101 ERROR nova.virt.libvirt.driver [-] [instance: > e8a310e6-3682-44fd-93b2-4e2564de047d] Live Migration failure: operation > failed: Failed to connect to remote libvirt URI > qemu+tcp://compute1-VirtualBox/system: Unable to resolve address > 'compute1-VirtualBox' service '16509': Name or service not known 2015-07-30 > 10:05:57.029 2101 ERROR nova.virt.libvirt.driver [-] [instance: > e8a310e6-3682-44fd-93b2-4e2564de047d] Migration operation has aborted > > > =====-----=====-----===== > Notice: The information contained in this e-mail > message and/or attachments to it may contain > confidential or privileged information. If you are > not the intended recipient, any dissemination, use, > review, distribution, printing or copying of the > information contained in this e-mail message > and/or attachments to it are strictly prohibited. If > you have received this communication in error, > please notify us by reply e-mail or telephone and > immediately and permanently delete the message > and any attachments. Thank you > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > From jean-daniel.bonnetot at ovh.net Thu Jul 30 13:06:22 2015 From: jean-daniel.bonnetot at ovh.net (Jean-Daniel Bonnetot) Date: Thu, 30 Jul 2015 15:06:22 +0200 Subject: [Openstack-operators] Nova VMware driver don't know to deal with VMWare vSphere 5.5 API bugs Message-ID: <600441D2-4B3D-45C2-B12E-A797BE753B32@ovh.net> Hi Ops, I deployed with OSAD and now I try to plug my compute node on vSphere with the nova vmware driver. After configuring the nova-compute to point on my vSphere, I start nova-compute and ? BOOM :/ After some debugs, here what I found: 1. logs: http://pastebin.com/wx5JDVrd 2. I go deeper dumping some variables, I saw this hit: https://myinfra/sdk/vim.wsdl 3. the headers of the response doesn?t announce the gzip format returned (VMware bug !!!) 4. anyway, the client doesn?t manage http compression As I don?t manage vSphere upgrade, I need to find an other solution. Do you know if it?s possible to specify in the driver to build request without compression? -- Jean-Daniel @pilgrimstack From alvise.dorigo at pd.infn.it Thu Jul 30 13:07:49 2015 From: alvise.dorigo at pd.infn.it (Alvise Dorigo) Date: Thu, 30 Jul 2015 15:07:49 +0200 Subject: [Openstack-operators] Problem in Ceilometer's alarm-evaluator Message-ID: <55BA21A5.4000204@pd.infn.it> Hi, I've just installed Ceilometer on an test infrastructure with a controller node (which is also network node) e a compute node. Just after starting the ceilometer services, I see an error in the alarm-evaluator.log: 2015-07-30 14:59:54.113 4061 ERROR ceilometer.alarm.service [-] alarm evaluation cycle failed 2015-07-30 14:59:54.113 4061 TRACE ceilometer.alarm.service Traceback (most recent call last): 2015-07-30 14:59:54.113 4061 TRACE ceilometer.alarm.service File "/usr/lib/python2.6/site-packages/ceilometer/alarm/service.py", line 91, in _evaluate_assigned_alarms 2015-07-30 14:59:54.113 4061 TRACE ceilometer.alarm.service alarms = self._assigned_alarms() 2015-07-30 14:59:54.113 4061 TRACE ceilometer.alarm.service File "/usr/lib/python2.6/site-packages/ceilometer/alarm/service.py", line 134, in _assigned_alarms 2015-07-30 14:59:54.113 4061 TRACE ceilometer.alarm.service 'value': True}]) 2015-07-30 14:59:54.113 4061 TRACE ceilometer.alarm.service File "/usr/lib/python2.6/site-packages/ceilometerclient/v2/alarms.py", line 71, in list 2015-07-30 14:59:54.113 4061 TRACE ceilometer.alarm.service return self._list(options.build_url(self._path(), q)) 2015-07-30 14:59:54.113 4061 TRACE ceilometer.alarm.service File "/usr/lib/python2.6/site-packages/ceilometerclient/common/base.py", line 58, in _list 2015-07-30 14:59:54.113 4061 TRACE ceilometer.alarm.service resp, body = self.api.json_request('GET', url) 2015-07-30 14:59:54.113 4061 TRACE ceilometer.alarm.service File "/usr/lib/python2.6/site-packages/ceilometerclient/common/http.py", line 191, in json_request 2015-07-30 14:59:54.113 4061 TRACE ceilometer.alarm.service resp, body_iter = self._http_request(url, method, **kwargs) 2015-07-30 14:59:54.113 4061 TRACE ceilometer.alarm.service File "/usr/lib/python2.6/site-packages/ceilometerclient/common/http.py", line 151, in _http_request 2015-07-30 14:59:54.113 4061 TRACE ceilometer.alarm.service resp = conn.getresponse() 2015-07-30 14:59:54.113 4061 TRACE ceilometer.alarm.service File "/usr/lib64/python2.6/httplib.py", line 990, in getresponse 2015-07-30 14:59:54.113 4061 TRACE ceilometer.alarm.service response.begin() 2015-07-30 14:59:54.113 4061 TRACE ceilometer.alarm.service File "/usr/lib64/python2.6/httplib.py", line 391, in begin 2015-07-30 14:59:54.113 4061 TRACE ceilometer.alarm.service version, status, reason = self._read_status() 2015-07-30 14:59:54.113 4061 TRACE ceilometer.alarm.service File "/usr/lib64/python2.6/httplib.py", line 355, in _read_status 2015-07-30 14:59:54.113 4061 TRACE ceilometer.alarm.service raise BadStatusLine(line) 2015-07-30 14:59:54.113 4061 TRACE ceilometer.alarm.service BadStatusLine 2015-07-30 14:59:54.113 4061 TRACE ceilometer.alarm.service which is quite useless, unless one know well the code. All the other log files are OK. Here you can find the ceilometer.conf's content on the controller node: http://pastebin.com/WkSJmwwZ And here the ceilometer.conf in the compute node: http://pastebin.com/Vzd3ZW0g Any idea about the cause of that error, or something I could do to obtain a more helpful error message ? thanks, A. From john.griffith at solidfire.com Thu Jul 30 17:58:00 2015 From: john.griffith at solidfire.com (John Griffith) Date: Thu, 30 Jul 2015 11:58:00 -0600 Subject: [Openstack-operators] [Openstack] [all] OpenStack voting by the numbers In-Reply-To: References: <55B8FED4.5040303@maishsk.com> Message-ID: On Wed, Jul 29, 2015 at 10:36 AM, David Medberry wrote: > Nice writeup maish! very nice. > > On Wed, Jul 29, 2015 at 10:27 AM, Maish Saidel-Keesing < > maishsk at maishsk.com> wrote: > >> Some of my thoughts on the Voting process. >> >> >> http://technodrone.blogspot.com/2015/07/openstack-summit-voting-by-numbers.html >> >> Guess which category has the most number of submissions?? >> ;) >> >> -- >> Best Regards, >> Maish Saidel-Keesing >> >> _______________________________________________ >> OpenStack-operators mailing list >> OpenStack-operators at lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> > > > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack at lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > Well, I would expect most people attending the Summit would be most interested in a general category like "Operations". Most of the audience here I think would naturally be most interested in "how to deploy and manage"; that just makes sense I think and I don't know that anybody would argue that. I'm sort of confused how this correlates to "the operator community providing feedback", unless I'm misinterpreting some of your writing here. While there are some great talks about deploying and operating an OpenStack cloud in there, I wouldn't make the general assumption that these are "Operators giving feedback". A quick glance, it appears that the bulk of the talks are vendors talking about their monitoring and deployment tools which IMO is different than "the voice of the operators". This is in my opinion sort of expected make up of the talks at the summit these days. Just my two cents, great write up, just a grain of salt so to speak. Thanks, John -------------- next part -------------- An HTML attachment was scrubbed... URL: From stefano at openstack.org Thu Jul 30 19:22:43 2015 From: stefano at openstack.org (Stefano Maffulli) Date: Thu, 30 Jul 2015 12:22:43 -0700 Subject: [Openstack-operators] [all] OpenStack voting by the numbers In-Reply-To: <55B8FED4.5040303@maishsk.com> References: <55B8FED4.5040303@maishsk.com> Message-ID: <55BA7983.40602@openstack.org> On 07/29/2015 09:27 AM, Maish Saidel-Keesing wrote: > Some of my thoughts on the Voting process. Excellent conversation starter, Maish. One piece that attracted my attention on your post is: Community and How to Contribute. Way down there in at the bottom. Is that because people already know how to do it? Because people have given up on trying? My gut answer to the question 'why so few' is because there is nothing to sell in that area. Except maybe for companies that want to be identified as 'thought leaders', there is no strong incentive to present in that area. Consider also that there is a separate track called 'Community' that IMO overlaps with 'How to contribute': summing these two submissions you get 78 proposals, on par with 'Apps' and 'Related OSS Projects'. In any case, 36 proposals for 'How to contribute' and 5 or 6 spots usually requires making plenty tough choices for track chairs, too :) /stef From mikal at stillhq.com Thu Jul 30 20:27:22 2015 From: mikal at stillhq.com (Michael Still) Date: Fri, 31 Jul 2015 06:27:22 +1000 Subject: [Openstack-operators] Nova VMware driver don't know to deal with VMWare vSphere 5.5 API bugs In-Reply-To: <600441D2-4B3D-45C2-B12E-A797BE753B32@ovh.net> References: <600441D2-4B3D-45C2-B12E-A797BE753B32@ovh.net> Message-ID: I think it would be a good idea to post this to openstack-dev so the vmware driver team sees it. Use a [nova][vmware] subject line to ensure you get their attention! Hope this helps, Michael On Thu, Jul 30, 2015 at 11:06 PM, Jean-Daniel Bonnetot < jean-daniel.bonnetot at ovh.net> wrote: > Hi Ops, > > I deployed with OSAD and now I try to plug my compute node on vSphere with > the nova vmware driver. > After configuring the nova-compute to point on my vSphere, I start > nova-compute and ? BOOM :/ > > After some debugs, here what I found: > 1. logs: http://pastebin.com/wx5JDVrd > 2. I go deeper dumping some variables, I saw this hit: > https://myinfra/sdk/vim.wsdl > 3. the headers of the response doesn?t announce the gzip format returned > (VMware bug !!!) > 4. anyway, the client doesn?t manage http compression > > As I don?t manage vSphere upgrade, I need to find an other solution. > > Do you know if it?s possible to specify in the driver to build request > without compression? > > > -- > Jean-Daniel > @pilgrimstack > > > > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > -- Rackspace Australia -------------- next part -------------- An HTML attachment was scrubbed... URL: From dsneddon at redhat.com Thu Jul 30 20:40:19 2015 From: dsneddon at redhat.com (Dan Sneddon) Date: Thu, 30 Jul 2015 13:40:19 -0700 Subject: [Openstack-operators] [neutron][extra-dhcp-opt]How to use extra-dhcp-opt when the opt_name="static-route" and opt_name="classless-static-route"? In-Reply-To: References: Message-ID: <55BA8BB3.5040504@redhat.com> On 07/28/2015 05:44 PM, ?? wrote: > Hi all, > When using the extr-dhcp-opt, I find the function works well when > opt_name="mtu" and opt_name="router". The vm created will use the > assigned mtu value or the assigned gateway. But when I create port using > --extra-dhcp-opt > opt_name="static-route",opt_value="192.168.0.0/24 2.2.2.2" > the vm won't use this route. The opt_name="classless-static-route" > shows the same result.Do i use them in the wrong way? > > Any suggestion will be grateful. > Thank you. > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > I'm not sure why the command isn't working the way you expect it to, but there is another way to add routes to the Neutron DHCP server. You can set the routes on the subnet directly: neutron subnet-update ?host-routes type=dict list=true destination=192.168.0.0/24,nexthop=2.2.2.2 That should work, give it a try. -- Dan Sneddon | Principal OpenStack Engineer dsneddon at redhat.com | redhat.com/openstack 650.254.4025 | dsneddon:irc @dxs:twitter From joe at topjian.net Thu Jul 30 20:45:50 2015 From: joe at topjian.net (Joe Topjian) Date: Thu, 30 Jul 2015 14:45:50 -0600 Subject: [Openstack-operators] Compressed Images In-Reply-To: References: Message-ID: Sounds good. I'll open a bug :) On Wed, Jul 29, 2015 at 4:38 PM, Abel Lopez wrote: > That's an interesting find. > I've only ever assumed "compressed image" to mean qcow2 (with or without > compression in qcow2, both are pretty small compared to raw) > I can imagine that '.zip and .tar.gz' might have applied to raw, which can > be quite large, but ultimately, you're probably right and found text that > needs updating. > > > On Jul 29, 2015, at 12:38 PM, Joe Topjian wrote: > > > > Hello, > > > > In the "Create An Image" page of Horizon, it says the following: > > > > Currently only images available via an HTTP URL are supported. The image > location must be accessible to the Image Service. Compressed image binaries > are supported (.zip and .tar.gz.) > > > > Either I have something misconfigured, the text does not apply to *all* > images, or the text is wrong. > > > > If I upload a QCOW2 image that has been zipped, gzip'd, or tar'd and > gzip'd, the image is saved but instances fail to boot because of "no > bootable device". > > > > Does Glance need configured a certain way to accept compressed files? Is > there something on Horizon's side that needs configured? Do I need to use a > different disk format other than QCOW2 when creating the image? > > > > Thanks, > > Joe > > _______________________________________________ > > OpenStack-operators mailing list > > OpenStack-operators at lists.openstack.org > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From davanum at gmail.com Thu Jul 30 21:15:51 2015 From: davanum at gmail.com (Davanum Srinivas) Date: Thu, 30 Jul 2015 17:15:51 -0400 Subject: [Openstack-operators] Nova VMware driver don't know to deal with VMWare vSphere 5.5 API bugs In-Reply-To: References: <600441D2-4B3D-45C2-B12E-A797BE753B32@ovh.net> Message-ID: Jean-Daniel, Want to try the caching wsdl locally trick? https://wiki.openstack.org/wiki/NovaVMware/Documentation#cache_wsdl_locally -- dims On Thu, Jul 30, 2015 at 4:27 PM, Michael Still wrote: > I think it would be a good idea to post this to openstack-dev so the vmware > driver team sees it. Use a [nova][vmware] subject line to ensure you get > their attention! > > Hope this helps, > Michael > > On Thu, Jul 30, 2015 at 11:06 PM, Jean-Daniel Bonnetot > wrote: >> >> Hi Ops, >> >> I deployed with OSAD and now I try to plug my compute node on vSphere with >> the nova vmware driver. >> After configuring the nova-compute to point on my vSphere, I start >> nova-compute and ? BOOM :/ >> >> After some debugs, here what I found: >> 1. logs: http://pastebin.com/wx5JDVrd >> 2. I go deeper dumping some variables, I saw this hit: >> https://myinfra/sdk/vim.wsdl >> 3. the headers of the response doesn?t announce the gzip format returned >> (VMware bug !!!) >> 4. anyway, the client doesn?t manage http compression >> >> As I don?t manage vSphere upgrade, I need to find an other solution. >> >> Do you know if it?s possible to specify in the driver to build request >> without compression? >> >> >> -- >> Jean-Daniel >> @pilgrimstack >> >> >> >> >> >> _______________________________________________ >> OpenStack-operators mailing list >> OpenStack-operators at lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > > > > -- > Rackspace Australia > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > -- Davanum Srinivas :: https://twitter.com/dims From caius.howcroft at gmail.com Fri Jul 31 01:30:11 2015 From: caius.howcroft at gmail.com (Caius Howcroft) Date: Fri, 31 Jul 2015 01:30:11 -0000 Subject: [Openstack-operators] What are people using for configuration management? Puppet? Chef? Other? In-Reply-To: References: Message-ID: <201F7270-CF44-4401-9C30-F521BA453149@gmail.com> We have been heavy users of chef and its okay. Personally I like using ansible for config management for openstack. There are many reasons for this, but perhaps one that is very specific to openstack is that ansible is agnostic about choice the choice of language which modules are written in (but it does provide more help for things written in python). In chef your LWRP have to be written in ruby (and the ruby distributed with chef to boot). For openstack interaction I much prefer using the openstack python-XXXclient that trying to get ruby Fog library to do things like host aggs. Caius > On Mar 26, 2015, at 12:40 PM, Forrest Flagg wrote: > > Hi all, > > Getting ready to install a Juno or Kilo cloud and was wondering what people are using for configuration management to deploy openstack. Are you using Puppet, Chef, something else? What was the decision process for making your choice? > > Thanks, > > Forrest > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators From abhishek.talwar at tcs.com Fri Jul 31 11:05:04 2015 From: abhishek.talwar at tcs.com (Abhishek Talwar) Date: Fri, 31 Jul 2015 16:35:04 +0530 Subject: [Openstack-operators] [kilo-muktinode] [ubuntu cloud images] Message-ID: An HTML attachment was scrubbed... URL: From vedprakash.nimbalkar at gmail.com Fri Jul 31 11:24:05 2015 From: vedprakash.nimbalkar at gmail.com (Vedprakash Nimbalkar) Date: Fri, 31 Jul 2015 16:54:05 +0530 Subject: [Openstack-operators] [kilo-muktinode] [ubuntu cloud images] In-Reply-To: References: Message-ID: You can install ubuntu or any of the *nix flavor on outside of openstack (Like VirtualBox). And copy that .qcow2 at "/tmp/images/" and use this command to import it into openstack.. "glance image-create --name "Centos 7.2" --is-public true --disk-format qcow2 --container-format bare --file Centos-64.qcow2 " You have to install cloud-init package before importing image in openstack. This is the way I was using to copy our customize images in openstack. On Fri, Jul 31, 2015 at 4:35 PM, Abhishek Talwar wrote: > Hi, > > > I have a multinode kilo OpenStack setup with a controller node, network > node and 2 compute nodes. I have installed a cirros image with the > following steps: > > 1. Create a temporary local directory: > > $ mkdir /tmp/images > > 1. Download the source image into it: > > $ wget -P /tmp/images http://download.cirros-cloud.net/0.3.... > > > 1. Upload the image to the Image service using the QCOW2 disk format, > bare container format, and public visibility so all projects can access it: > > $ glance image-create --name "cirros-0.3.4-x86_64" --file > /tmp/images/cirros-0.3.4-x86_64-disk.img \ --disk-format qcow2 > --container-format bare --visibility public --progress > > Now I want to install an Ubuntu image on my setup and boot VM's with it. > So what would be the desired steps for that. > > I have checked this link *"http://docs.openstack.org/image-guide/content/ubuntu-image.html > "* but > couldnt get through. > > =====-----=====-----===== > Notice: The information contained in this e-mail > message and/or attachments to it may contain > confidential or privileged information. If you are > not the intended recipient, any dissemination, use, > review, distribution, printing or copying of the > information contained in this e-mail message > and/or attachments to it are strictly prohibited. If > you have received this communication in error, > please notify us by reply e-mail or telephone and > immediately and permanently delete the message > and any attachments. Thank you > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From onetown at gmail.com Fri Jul 31 11:24:53 2015 From: onetown at gmail.com (stephen leung) Date: Fri, 31 Jul 2015 19:24:53 +0800 Subject: [Openstack-operators] [kilo-muktinode] [ubuntu cloud images] In-Reply-To: References: Message-ID: You can find ubuntu cloud image at https://cloud-images.ubuntu.com/ Follow the same steps as cirros, except you have to launch ubuntu instances with ssh keypair. > On Jul 31, 2015, at 7:05 PM, Abhishek Talwar wrote: > > Hi, > > > > I have a multinode kilo OpenStack setup with a controller node, network node and 2 compute nodes. I have installed a cirros image with the following steps: > > Create a temporary local directory: > $ mkdir /tmp/images > > Download the source image into it: > $ wget -P /tmp/images http://download.cirros-cloud.net/0.3.... > Upload the image to the Image service using the QCOW2 disk format, bare container format, and public visibility so all projects can access it: > $ glance image-create --name "cirros-0.3.4-x86_64" --file /tmp/images/cirros-0.3.4-x86_64-disk.img \ --disk-format qcow2 --container-format bare --visibility public --progress > > Now I want to install an Ubuntu image on my setup and boot VM's with it. So what would be the desired steps for that. > > I have checked this link "http://docs.openstack.org/image-guide/content/ubuntu-image.html" but couldnt get through. > > =====-----=====-----===== > Notice: The information contained in this e-mail > message and/or attachments to it may contain > confidential or privileged information. If you are > not the intended recipient, any dissemination, use, > review, distribution, printing or copying of the > information contained in this e-mail message > and/or attachments to it are strictly prohibited. If > you have received this communication in error, > please notify us by reply e-mail or telephone and > immediately and permanently delete the message > and any attachments. Thank you > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -------------- next part -------------- An HTML attachment was scrubbed... URL: From onetown at gmail.com Fri Jul 31 11:27:57 2015 From: onetown at gmail.com (stephen leung) Date: Fri, 31 Jul 2015 19:27:57 +0800 Subject: [Openstack-operators] [kilo-muktinode] [ubuntu cloud images] In-Reply-To: References: Message-ID: You can find ubuntu cloud image at https://cloud-images.ubuntu.com/ Follow the same steps as cirros, except you have to launch ubuntu instances with ssh keypair. > On Jul 31, 2015, at 7:05 PM, Abhishek Talwar > wrote: > > Hi, > > > > I have a multinode kilo OpenStack setup with a controller node, network node and 2 compute nodes. I have installed a cirros image with the following steps: > > Create a temporary local directory: > $ mkdir /tmp/images > > Download the source image into it: > $ wget -P /tmp/images http://download.cirros-cloud.net/0.3.... > Upload the image to the Image service using the QCOW2 disk format, bare container format, and public visibility so all projects can access it: > $ glance image-create --name "cirros-0.3.4-x86_64" --file /tmp/images/cirros-0.3.4-x86_64-disk.img \ --disk-format qcow2 --container-format bare --visibility public --progress > > Now I want to install an Ubuntu image on my setup and boot VM's with it. So what would be the desired steps for that. > > I have checked this link "http://docs.openstack.org/image-guide/content/ubuntu-image.html " but couldnt get through. > > =====-----=====-----===== > Notice: The information contained in this e-mail > message and/or attachments to it may contain > confidential or privileged information. If you are > not the intended recipient, any dissemination, use, > review, distribution, printing or copying of the > information contained in this e-mail message > and/or attachments to it are strictly prohibited. If > you have received this communication in error, > please notify us by reply e-mail or telephone and > immediately and permanently delete the message > and any attachments. Thank you > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -------------- next part -------------- An HTML attachment was scrubbed... URL: From marcin.iwinski at gmail.com Fri Jul 31 11:34:29 2015 From: marcin.iwinski at gmail.com (Marcin Iwinski) Date: Fri, 31 Jul 2015 13:34:29 +0200 Subject: [Openstack-operators] [kilo-muktinode] [ubuntu cloud images] In-Reply-To: References: Message-ID: Hi Abhishek, You can download the OpenStack/EC2 ready ubuntu 14.04 directly from apps.openstack.org?by executing the glance command used here: http://apps.openstack.org/#tab=glance-images&asset=Ubuntu%20Trusty%2014 alternatively, if you don't want to upload directly from the Internet you can download the image (direct link is also mentioned on the above website) locally and upload it to glance as you did with cirros.? --? Marcin Iwinski Sent with Airmail On 31 Jul 2015 at 13:10:05, Abhishek Talwar (abhishek.talwar at tcs.com) wrote: Hi, I have a multinode kilo OpenStack setup with a controller node, network node and 2 compute nodes. I have installed a cirros image with the following steps: Create a temporary local directory: $ mkdir /tmp/images Download the source image into it: $ wget -P /tmp/images http://download.cirros-cloud.net/0.3.... Upload the image to the Image service using the QCOW2 disk format, bare container format, and public visibility so all projects can access it: $ glance image-create --name "cirros-0.3.4-x86_64" --file /tmp/images/cirros-0.3.4-x86_64-disk.img \ --disk-format qcow2 --container-format bare --visibility public --progress Now I want to install an Ubuntu image on my setup and boot VM's with it. So what would be the desired steps for that. I have checked this link "http://docs.openstack.org/image-guide/content/ubuntu-image.html" but couldnt get through. =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you _______________________________________________ OpenStack-operators mailing list OpenStack-operators at lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -------------- next part -------------- An HTML attachment was scrubbed... URL: From salv.orlando at gmail.com Fri Jul 31 12:25:40 2015 From: salv.orlando at gmail.com (Salvatore Orlando) Date: Fri, 31 Jul 2015 14:25:40 +0200 Subject: [Openstack-operators] ssh inside instance In-Reply-To: <753e8e6402fe4cada2bdb706ed7ec6fc@CO2PR42MB188.048d.mgd.msft.net> References: <20150730080825.5701712.56891.2524@metaswitch.com> <753e8e6402fe4cada2bdb706ed7ec6fc@CO2PR42MB188.048d.mgd.msft.net> Message-ID: Why are you focusing on authentication issues when it seems you have either a sshd config issue or a connectivity problem? Indeed your ssh handshake is stopping quite early - see below: debug1: Connecting to 192.168.1.250 [192.168.1.250] port 22. debug1: Connection established. debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.6 debug1: match: OpenSSH_5.6 pat OpenSSH_5* compat 0x0c000000 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-sha1 none debug1: kex: client->server aes128-ctr hmac-sha1 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<7680<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: debug1: Host '192.168.1.250' is known and matches the RSA host key. debug1: Found key in /home/salvatore/.ssh/known_hosts:21 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/salvatore/.ssh/id_rsa debug1: Authentications that can continue: publickey,keyboard-interactive Your instance seem to not be receiving back SSH2_MSG_KEXINIT. Note: this question is more suitable for ask.openstack.org than for this ML imho. Salvatore On 30 July 2015 at 10:14, wrote: > Hi Neil, > > > > I did the same as you have suggested. I have created an instance A and > generated a private_key, giving it 600 permission. Using the key I launched > the instance B but when I ssh from the instance A after a while it reads: > > > > Read from socket failed: Connection timed out > > > > I even tried with ssh ?v hostname to test on one the machine outside > openstack and the instance. > > > > root at new:/home/ubuntu# ssh -v new > > OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014 > > debug1: Reading configuration data /etc/ssh/ssh_config > > debug1: /etc/ssh/ssh_config line 19: Applying options for * > > debug1: Connecting to new [10.x.x.x] port 22. > > debug1: Connection established. > > debug1: permanently_set_uid: 0/0 > > debug1: identity file /root/.ssh/id_rsa type -1 > > debug1: identity file /root/.ssh/id_rsa-cert type -1 > > debug1: identity file /root/.ssh/id_dsa type -1 > > debug1: identity file /root/.ssh/id_dsa-cert type -1 > > debug1: identity file /root/.ssh/id_ecdsa type -1 > > debug1: identity file /root/.ssh/id_ecdsa-cert type -1 > > debug1: identity file /root/.ssh/id_ed25519 type -1 > > debug1: identity file /root/.ssh/id_ed25519-cert type -1 > > debug1: Enabling compatibility mode for protocol 2.0 > > debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 > > debug1: Remote protocol version 2.0, remote software version > OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 > > debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH_6.6.1* compat > 0x04000000 > > debug1: SSH2_MSG_KEXINIT sent > > > > Read from socket failed: Connection timed out > > > > So this is what I?m getting again. > > > > Thank you, > > Aishwarya > > > > *From:* Neil Jerram [mailto:Neil.Jerram at metaswitch.com] > *Sent:* Thursday, July 30, 2015 1:38 PM > *To:* Adyanthaya, Aishwarya; openstack-operators at lists.openstack.org > *Subject:* Re: [Openstack-operators] ssh inside instance > > > > Hi Aishwarya, > > > > The basic requirement here is that anyone - which really means a > combination of a computer or instance, plus a user on that > computer/instance - needs to have the private key that matches the public > key that is installed on the target instance. > > > > You've asked about logging in from your first instance ?- let's call it A > - so you need to save the private key in a file on A - let's call it > private_key - and give it 600 permissions: > > > > chmod 600 private_key > > > > Then you can use this key with SSH like this: > > > > ssh -i private_key USER at OTHER-INSTANCE > > > > Hope that helps. > > > > Regards, > > Neil > > > > *From: *aishwarya.adyanthaya at accenture.com > > *Sent: *Thursday, 30 July 2015 05:24 > > *To: *openstack-operators at lists.openstack.org > > *Subject: *[Openstack-operators] ssh inside instance > > > > Hi, > > > > I?ve launched two instances from my openstack dashboard. Firstly I created > instance one, where I generated a key through the ssh-keygen command, > pasting the public key contents to import key in the access and security. > Using this key I launched second instance. > > > > I want to be able to ssh the second instance from my first instance. Could > someone tell me how to work it out? > > > > Thank you, > > Aishwarya Adyanthaya > > > ------------------------------ > > > This message is for the designated recipient only and may contain > privileged, proprietary, or otherwise confidential information. If you have > received it in error, please notify the sender immediately and delete the > original. Any other use of the e-mail by you is prohibited. Where allowed > by local law, electronic communications with Accenture and its affiliates, > including e-mail and instant messaging (including content), may be scanned > by our systems for the purposes of information security and assessment of > internal compliance with Accenture policy. > > ______________________________________________________________________________________ > > www.accenture.com > > > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jesse.pretorius at gmail.com Fri Jul 31 12:40:13 2015 From: jesse.pretorius at gmail.com (Jesse Pretorius) Date: Fri, 31 Jul 2015 13:40:13 +0100 Subject: [Openstack-operators] [openstack-dev] [openstack-ansible] [os-ansible-deployment] Kilo -> Liberty Upgrade Problems In-Reply-To: References: Message-ID: I'm adding openstack-operators too as this is a discussion that I think it would be useful to have their input for. On 30 July 2015 at 19:18, Ian Cordasco wrote: > Hey all, > > As you may have seen elsewhere on openstack-dev, OpenStack is changing the > versioning for the service projects. This means our previous upgrade > solution will not continue to work. For context, one of our project's > goals is to have in-place upgrades be a reality. Previously, using our > repository (package) mirror doing: > > # pip install -U {{servicename}} > > Was perfectly fine. The problem will now occur that 2015.1.0 (kilo) is > more recent than any of the new service version numbers (as far as pip is > concerned). This would be resolved if the release management team for > OpenStack properly used an epoch to indicate that the versioning scheme is > fundamentally different and something like Glance 8.0.0 should sort after > Glance 2015.1.0, but they won't (for reasons that you can read in earlier > threads on this list). > Yes. This is going to cause quite a few headaches I'm sure. > So, in order to satisfy the goal of in-place upgrades, we need a way > around this. Currently, we use a tool called 'yaprt' to build wheels and > repository indices for our project. This tool can (and currently does) > create reports of the built files and exports those reports as JSON. We > can use this to know the version generated for a service and then instead > do: > > # pip install {{servicename}}=={{yaprt_generated_version}} > > This will force pip to ignore the fact that the existing (kilo) > installation is actually supposed to sort as more recent because you're > telling it to install a very specific version. This will likely need to be > our upgrade path going forward unless we also require operators to clear > out their existing repository mirror of packages with Kilo versions (and > then we can go back to relying on pip's version sorting semantics to do > pip install -U {{servicename}}). > So what would the resulting version be? Would the python wheel be 2016.x.x or would the file simply be named that so that we're sitting with this workaround for only one cycle and future cycles can revert to the previous process? > This is, at the moment, the seemingly simplest way to work around the > brokenness that is the upstream versioning change. > > If you can think of a different way of approaching this, we'd love to hear > it. If not, Kevin or myself will probably start working on this approach > in a week or two so it's ready for when Liberty is actually released and > we can start testing upgrades from the kilo branch to master (which is > currently tracking liberty). > This is not a fun problem to have to solve, but it seems a reasonable solution. Whatever we do I'd prefer to see it as a solution that we only have to carry for one cycle so that all versioning matches upstream from then on. If that's not possible then some sort of epoch-style workaround like this may just be something we have to live with. -------------- next part -------------- An HTML attachment was scrubbed... URL: From Kevin.Fox at pnnl.gov Fri Jul 31 15:28:19 2015 From: Kevin.Fox at pnnl.gov (Fox, Kevin M) Date: Fri, 31 Jul 2015 15:28:19 +0000 Subject: [Openstack-operators] [kilo-muktinode] [ubuntu cloud images] In-Reply-To: References: Message-ID: <1A3C52DFCD06494D8528644858247BF01A2B0611@EX10MBOX03.pnnl.gov> You can find ubuntu images in the app catalog. For example: http://apps.openstack.org/#tab=glance-images&asset=Ubuntu%20Trusty%2014 Thanks, Kevin ________________________________ From: Abhishek Talwar [abhishek.talwar at tcs.com] Sent: Friday, July 31, 2015 4:05 AM To: openstack-operators Subject: [Openstack-operators] [kilo-muktinode] [ubuntu cloud images] Hi, I have a multinode kilo OpenStack setup with a controller node, network node and 2 compute nodes. I have installed a cirros image with the following steps: 1. Create a temporary local directory: $ mkdir /tmp/images 1. Download the source image into it: $ wget -P /tmp/images http://download.cirros-cloud.net/0.3.... 1. Upload the image to the Image service using the QCOW2 disk format, bare container format, and public visibility so all projects can access it: $ glance image-create --name "cirros-0.3.4-x86_64" --file /tmp/images/cirros-0.3.4-x86_64-disk.img \ --disk-format qcow2 --container-format bare --visibility public --progress Now I want to install an Ubuntu image on my setup and boot VM's with it. So what would be the desired steps for that. I have checked this link "http://docs.openstack.org/image-guide/content/ubuntu-image.html" but couldnt get through. =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you -------------- next part -------------- An HTML attachment was scrubbed... URL: From antonio.s.messina at gmail.com Fri Jul 31 15:48:19 2015 From: antonio.s.messina at gmail.com (Antonio Messina) Date: Fri, 31 Jul 2015 17:48:19 +0200 Subject: [Openstack-operators] Managing security incidents: how to find the guilty VM ? In-Reply-To: References: <55B0F207.5020400@pd.infn.it> Message-ID: I've tested briefly ulogd, and it basically works. The only issue is that the "ulogd" daemon needs to run on the qrouter- namespace, therefore neutron should start ulogd daemon on a router namespace whenever is created (and deleted whenever the router is deleted). Alternative solutions: a) in case neutron supports "triggers" (but I don't think so), e.g. shell commands that are executed whenever a namespace is created, startup of ulogd could be executed by the trigger b) update rootwrap IpFilter to use a wrapper around ip instead of "ip". The wrapper should know what to do: run ulogd if "ip netns add" is called, kill it if "ip netns delete" is called c) [UGLY]: run a cron every tot seconds to ensure every qrouter- namespace has an instance of ulogd running on it. Other suggestions? .a. On Mon, Jul 27, 2015 at 11:50 AM, Antonio Messina wrote: > On Thu, Jul 23, 2015 at 3:54 PM, Alvise Dorigo wrote: >> If the VM doesn't have a floating IP, the Y IP address that is exposed on >> the internet (and therefore the one that will be commuticated to the >> security people) is the one of the OpenStack router. >> >> Given the private IP of the machine we are able to find the UUID of the VM >> (even if this was already deleted) and then the id of the relevant user who >> created it. >> But the problem is how to find this private IP address. > > Interesting: how do you do it? In Kilo, apparently, the ports are > deleted also from the DB, do you have some sort of trigger? And how is > the mapping between port and instance id done? > > For your question, I guess the only solution is to periodically save > the output of "conntrack -L" on the network node, to be run *within* > the router namespace. > > A possible solution (that I haven't tested yet), is to use ulogd > https://home.regit.org/2014/02/logging-connection-tracking-event-with-ulogd/ > > .a. > > -- > antonio.s.messina at gmail.com > antonio.messina at uzh.ch +41 (0)44 635 42 22 > S3IT: Service and Support for Science IT http://www.s3it.uzh.ch/ > University of Zurich > Winterthurerstrasse 190 > CH-8057 Zurich Switzerland -- antonio.s.messina at gmail.com antonio.messina at uzh.ch +41 (0)44 635 42 22 S3IT: Service and Support for Science IT http://www.s3it.uzh.ch/ University of Zurich Winterthurerstrasse 190 CH-8057 Zurich Switzerland From antonio.s.messina at gmail.com Fri Jul 31 17:29:14 2015 From: antonio.s.messina at gmail.com (Antonio Messina) Date: Fri, 31 Jul 2015 19:29:14 +0200 Subject: [Openstack-operators] Managing security incidents: how to find the guilty VM ? In-Reply-To: References: <55B0F207.5020400@pd.infn.it> Message-ID: It seems I'm currently the only one interested on this topic, but I will update the list anyway :) I was able to implement solution b) quite easily by: * installing ulogd2 on the network nodes * modify rootwrap.d/*.filter, replacing for all "IpFilter" commands "ip" with "/usr/local/sbin/ip_neutron_wrapper" script The "ip_neutron_wrapper" script is a wrapper around "ip" that basically check if a router namespace is created or deleted, and in case starts/stop ulogd on that namespace. It's pretty simple: #!/bin/bash # This wrapper is used to ensure an instance of ulogd daemon is # running on each router namespace that is created. ULOGD=/usr/sbin/ulogd if [ "$1" == "netns" -a "$2" == "add" ] then # A new namespace is created. # Run the requested command. ip $@ rc=$? ns=$3 # Check if we are creating a router namespace if [ -n "$ns" ] && expr match $ns qrouter- >& /dev/null then # Router namespace. Run ulogd ip netns exec $ns $ULOGD -d -p /run/ulogd.$ns.pid -u ulog fi exit $rc elif [ "$1" == "netns" -a "$2" == "delete" ] then # Namespace deleted, *first* kill ulogd, then remove the namespace ns=$3 if [ -n "$ns" -a -f /run/ulogd.$ns.pid ] then kill $(cat /run/ulogd.$ns.pid) fi exec ip $@ else exec ip $@ fi This seems to work, but I haven't done any extensive testing. Cheers, Antonio On Fri, Jul 31, 2015 at 5:48 PM, Antonio Messina wrote: > I've tested briefly ulogd, and it basically works. > > The only issue is that the "ulogd" daemon needs to run on the > qrouter- namespace, therefore neutron should start ulogd daemon > on a router namespace whenever is created (and deleted whenever the > router is deleted). > > Alternative solutions: > > a) in case neutron supports "triggers" (but I don't think so), e.g. > shell commands that are executed whenever a namespace is created, > startup of ulogd could be executed by the trigger > b) update rootwrap IpFilter to use a wrapper around ip instead of > "ip". The wrapper should know what to do: run ulogd if "ip netns add" > is called, kill it if "ip netns delete" is called > c) [UGLY]: run a cron every tot seconds to ensure every qrouter- > namespace has an instance of ulogd running on it. > > Other suggestions? > > .a. > > > On Mon, Jul 27, 2015 at 11:50 AM, Antonio Messina > wrote: >> On Thu, Jul 23, 2015 at 3:54 PM, Alvise Dorigo wrote: >>> If the VM doesn't have a floating IP, the Y IP address that is exposed on >>> the internet (and therefore the one that will be commuticated to the >>> security people) is the one of the OpenStack router. >>> >>> Given the private IP of the machine we are able to find the UUID of the VM >>> (even if this was already deleted) and then the id of the relevant user who >>> created it. >>> But the problem is how to find this private IP address. >> >> Interesting: how do you do it? In Kilo, apparently, the ports are >> deleted also from the DB, do you have some sort of trigger? And how is >> the mapping between port and instance id done? >> >> For your question, I guess the only solution is to periodically save >> the output of "conntrack -L" on the network node, to be run *within* >> the router namespace. >> >> A possible solution (that I haven't tested yet), is to use ulogd >> https://home.regit.org/2014/02/logging-connection-tracking-event-with-ulogd/ >> >> .a. >> >> -- >> antonio.s.messina at gmail.com >> antonio.messina at uzh.ch +41 (0)44 635 42 22 >> S3IT: Service and Support for Science IT http://www.s3it.uzh.ch/ >> University of Zurich >> Winterthurerstrasse 190 >> CH-8057 Zurich Switzerland > > > > -- > antonio.s.messina at gmail.com > antonio.messina at uzh.ch +41 (0)44 635 42 22 > S3IT: Service and Support for Science IT http://www.s3it.uzh.ch/ > University of Zurich > Winterthurerstrasse 190 > CH-8057 Zurich Switzerland -- antonio.s.messina at gmail.com antonio.messina at uzh.ch +41 (0)44 635 42 22 S3IT: Service and Support for Science IT http://www.s3it.uzh.ch/ University of Zurich Winterthurerstrasse 190 CH-8057 Zurich Switzerland From doc at aedo.net Fri Jul 31 18:12:59 2015 From: doc at aedo.net (Christopher Aedo) Date: Fri, 31 Jul 2015 11:12:59 -0700 Subject: [Openstack-operators] [app-catalog] App Catalog IRC meeting minutes - 7/30/2015 Message-ID: This week we had a great meeting, and have had a lot of good conversations flowing on the IRC channel. We're solidifying the next steps on our roadmap, and Kevin Fox has made great progress on creating a Horizon panel to allow users to browse the catalog from Horizon as well as provide a one-click fetch of assets. One other major change we are discussing is incorporating the voting and feedback used in ask.openstack.org in order to provide users of the App Catalog a way to upvote their favorite assets (and downvote problematic ones), and add comments around any specific asset. As always, please join us on IRC (#openstack-app-catalog) or speak up on the mailing list if there are things you would like to see, or additions that would help improve the App Catalog! ================================= #openstack-meeting-3: app-catalog ================================= Meeting started by docaedo at 17:00:33 UTC. The full logs are available at http://eavesdrop.openstack.org/meetings/app_catalog/2015/app_catalog.2015-07-30-17.00.log.html Meeting summary --------------- * rollcall (docaedo, 17:00:52) * Status updates (docaedo) (docaedo, 17:03:33) * LINK: https://review.openstack.org/194875 (docaedo, 17:03:51) * LINK: https://review.openstack.org/#/c/207253/ (docaedo, 17:04:48) * LINK: https://youtu.be/9TlPhmml-T8 :) (kfox1111, 17:07:26) * All about the roadmap (docaedo, 17:15:01) * LINK: http://lists.openstack.org/pipermail/openstack-dev/2015-July/070423.html (docaedo, 17:16:53) * LINK: https://github.com/kfox1111/apps-catalog-ui/ (kfox1111, 17:21:20) * LINK: https://en.wikipedia.org/wiki/Disqus yep, these guys (kzaitsev_mb, 17:30:37) * ACTION: discuss/consider using ask.openstack.org code for voting/comments (docaedo, 17:39:29) * App Catalog Horizon Plugin Update (kfox1111) (docaedo, 17:44:00) * LINK: https://youtu.be/9TlPhmml-T8 (kfox1111, 17:45:56) * LINK: https://github.com/kfox1111/apps-catalog-ui/ (kfox1111, 17:46:10) * LINK: https://review.openstack.org/#/c/206773/ (kzaitsev_mb, 17:46:12) * Other Horizon Plugins (kfox1111) (docaedo, 17:55:33) Meeting ended at 18:01:16 UTC. Action items, by person ----------------------- * openstack * discuss/consider using ask.openstack.org code for voting/comments People present (lines said) --------------------------- * kfox1111 (91) * docaedo (72) * j^2 (26) * rhagarty_ (26) * kzaitsev_mb (25) * kzaitsev_ip (3) * openstack (3) Generated by `MeetBot`_ 0.1.4 From jesse.pretorius at gmail.com Fri Jul 31 18:24:28 2015 From: jesse.pretorius at gmail.com (Jesse Pretorius) Date: Fri, 31 Jul 2015 19:24:28 +0100 Subject: [Openstack-operators] [os-ansible-deployment][openstack-ansible] Release review/bug list for tomorrow's meeting In-Reply-To: References: Message-ID: On 29 July 2015 at 22:04, Jesse Pretorius wrote: > The following reviews are in-flight and are important for the upcoming > releases, and therefore there is a need for more reviews and in some cases > backports once the master patches have landed: > https://review.openstack.org/#/q/starredby:%22Jesse+Pretorius%22+project:stackforge/os-ansible-deployment,n,z > > The upcoming releases (this weekend) are: > > Kilo: https://launchpad.net/openstack-ansible/+milestone/11.1.0 > Unfortunately we have had to postpone the release for 11.1.0 until Monday as we have missed our deadline for several key patches merging. The entire available core team agreed that this would be best in the #openstack-ansible channel. It'd be better for us all to have a bit more time to review the final list of patches, especially considering several of them are quite substantial. We'll revisit this on Monday - please continue to review if you have a moment to do so before then. -------------- next part -------------- An HTML attachment was scrubbed... URL: