[Openstack] Openstack Digest, Vol 18, Issue 3
Pradeep Tiwari
pradeeptiwari.mca at gmail.com
Wed Dec 3 13:24:56 UTC 2014
I want to know which method you are currently using for VM management in
bare metal(ironic) hypervisor. Can I get the code or algorithm.
On Dec 3, 2014 5:35 PM, <openstack-request at lists.openstack.org> wrote:
> Send Openstack mailing list submissions to
> openstack at lists.openstack.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> or, via email, send a message with subject or body 'help' to
> openstack-request at lists.openstack.org
>
> You can reach the person managing the list at
> openstack-owner at lists.openstack.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Openstack digest..."
>
>
> Today's Topics:
>
> 1. SSL Configuration (Georgios Dimitrakakis)
> 2. Horizon + vncproxy: ports 443+6080, and restrictive
> firewalls: best practise? (Don Waterloo)
> 3. Re: SSL Configuration (Robert van Leeuwen)
> 4. Re: SSL Configuration (Muhammed Salehi)
> 5. Re: SSL Configuration (Georgios Dimitrakakis)
> 6. Re: SSL Configuration (Rob Crittenden)
> 7. Re: SSL Configuration (Georgios Dimitrakakis)
> 8. (Juno) Swift Dashboard error (Amit Anand)
> 9. Re: SSL Configuration (Rob Crittenden)
> 10. Final Call for Participation: UCC 2014 London UK (Ashiq Anjum)
> 11. Re: (Juno) Swift Dashboard error (Don Waterloo)
> 12. nova missing network, neutron shows it ok (Don Waterloo)
> 13. Re: SSL Configuration (Ryan O'Hara)
> 14. Flat provider_network with vlan tagged interface or vlan
> provider_network with untagged interface (Abhijeet Rastogi)
> 15. Re: Poll: What are the top 3 topics for new OpenStack users
> and developers? (Stefano Maffulli)
> 16. Re: Flat provider_network with vlan tagged interface or vlan
> provider_network with untagged interface (Kevin Benton)
> 17. Re: Flat provider_network with vlan tagged interface or vlan
> provider_network with untagged interface (Abhijeet Rastogi)
> 18. nova compute service fail to start due to "Connection to the
> hypervisor is broken on host" (Du Jun)
> 19. Re: nova compute service fail to start due to "Connection to
> the hypervisor is broken on host" (Du Jun)
> 20. [openstack][icehouse][monitoring]-open source monitoring
> tools (Chinasubbareddy M)
> 21. Re: nova compute service fail to start due to "Connection to
> the hypervisor is broken on host" (Du Jun)
> 22. [Ceilometer] looking for alarm best practice - please help
> (Rao Dingyuan)
> 23. Re: [openstack][icehouse][monitoring]-open source monitoring
> tools (Venu Murthy)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 02 Dec 2014 15:52:52 +0200
> From: Georgios Dimitrakakis <giorgis at acmac.uoc.gr>
> To: <openstack at lists.openstack.org>
> Subject: [Openstack] SSL Configuration
> Message-ID: <e0e092c785b8a284e14a056a06937118 at acmac.uoc.gr>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> Hi!
>
> Can someone point me to the right direction on how to secure publicly
> available services (e.g. nova,keystone,glance) with an SSL certificate?
>
>
>
> Best regards,
>
>
> George
>
>
>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 2 Dec 2014 08:54:37 -0500
> From: Don Waterloo <don.waterloo at gmail.com>
> To: openstack at lists.openstack.org
> Subject: [Openstack] Horizon + vncproxy: ports 443+6080, and
> restrictive firewalls: best practise?
> Message-ID:
> <CAKrvkGepwsaa6uF+=
> CTaWQr8UHfEfcVAnt-LTvj3j+J3mYXcCA at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> So my setup is pretty vanilla. Horizon runs on port 443 front-ended by
> nginx
> (all services on my system are ssl).
> On the same host runs vncproxy on port 6080 (ssl).
>
> The problem I run into is, in some environments, the local firewall only
> allows
> port 443 out (e.g. some guest wifi locations). This means that generally
> horizon works, but the console times out.
>
> Now of course I could force the users to VPN to somewhere and then use
> it, but that adds latency and complexity. I would prefer if I could find a
> way
> to run vncproxy through the nginx.
>
> Is anybody doing this? announcing the vncproxy on the same port as
> horizon? If so, how?
>
> I see that nginx (e.g. http://nginx.com/blog/websocket-nginx/) has some
> support
> for websocket proxy, but I was unsuccessful in getting this to work.
>
> Any suggestions from someone else who has hit this issue?
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.openstack.org/pipermail/openstack/attachments/20141202/75b02399/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 3
> Date: Tue, 2 Dec 2014 14:10:24 +0000
> From: Robert van Leeuwen <Robert.vanLeeuwen at spilgames.com>
> To: Georgios Dimitrakakis <giorgis at acmac.uoc.gr>,
> "openstack at lists.openstack.org" <openstack at lists.openstack.org>
> Subject: Re: [Openstack] SSL Configuration
> Message-ID:
> <79E00D9220302D448C1D59B5224ED12D8EC4F26F at EchoDB02.spil.local>
> Content-Type: text/plain; charset="us-ascii"
>
> > Can someone point me to the right direction on how to secure publicly
> > available services (e.g. nova,keystone,glance) with an SSL certificate?
>
> Hi,
>
> We offload this task to our load-balancer solution.
> (assuming you can live with unencrypted traffic between lb and the
> services)
>
> Makes management of ssl in general a lot easier since it is just one
> location to setup and maintain.
> Since you probably want a load balancer anyway to make the endpoints HA it
> makes sense to also use it for this.
> We use a commercial solution but a quick google tells me you can also do
> this with haproxy ;)
>
> Cheers,
> Robert van Leeuwen
>
>
>
> ------------------------------
>
> Message: 4
> Date: Tue, 2 Dec 2014 17:49:24 +0330
> From: Muhammed Salehi <salehi1994 at gmail.com>
> To: Georgios Dimitrakakis <giorgis at acmac.uoc.gr>
> Cc: "openstack at lists.openstack.org" <openstack at lists.openstack.org>
> Subject: Re: [Openstack] SSL Configuration
> Message-ID:
> <
> CANs1bxE0hooy9bWKfmRwNYDq6yij7302vSBvgdb2ajHjZRX_RA at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi.
> Do you want to serve https instead http ? Or you want to encrypt all of the
> communications between these components?
> For the first problem the solution is : Search about how to serve and https
> with apache or passenger.
>
> On Tue, Dec 2, 2014 at 5:22 PM, Georgios Dimitrakakis <
> giorgis at acmac.uoc.gr>
> wrote:
>
> > Hi!
> >
> > Can someone point me to the right direction on how to secure publicly
> > available services (e.g. nova,keystone,glance) with an SSL certificate?
> >
> >
> >
> > Best regards,
> >
> >
> > George
> >
> >
> > _______________________________________________
> > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/
> > openstack
> > Post to : openstack at lists.openstack.org
> > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/
> > openstack
> >
>
>
>
> --
> -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: GnuPG v1
>
> mQENBFRX8IoBCADCn76BbNN5m/GwP1rWaOvZMYfdm4Tv9oJehK7zAAzrHPZOaV/i
> kdxG6LGadCGh/uTWoos441A8MKN/GufruEz1jvR+rgamD0oiTdRHTXz3Wkzcd62y
> +U9pNLmYZyLUM1ebXXoxgmdNMGHvYLbdTIFgmxfIthKzRx9vd5WQGnsg/gFLTcdY
> cWd5/THfkImJUHmjLAOepcewQcODijTp27xMwK354SG0BwbWroGAj5AVRqXqD6Qg
> vO5zIgfMUsoOTMVF5WhAAf1xAjjGjEDi9EqeV1EVyO83s54gfAH/pWYV0K0RZvRw
> h96wxZVVmCq9Ys8aU8D+hOjEvkjHZPAd3uNXABEBAAG0NFNleXllZCBNdWhhbW1l
> ZCBTYWRlZ2ggU2FsZWhpIDxzYWxlaGkxOTk0QGdtYWlsLmNvbT6JAT4EEwECACgF
> AlRX8IoCGwMFCQHhM4AGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEKs5CKNB
> Z6zv/JQIALd5MnRhvAatGl/HcTYrm/S2Vsp3LgvC6R/w2uNiTm9tfSf596+2flF7
> xgWUdROZ5O7s188oWiZRNb88XjdMMJtl0KpNpxLbYRyNPZL0klAps46Wlmy3fr8m
> 7RdovLSy2QtmFtEAsXfYyXmLGB4PeexqYyfcXYhfP1W4kyTScBRUZ4SuFWDhBvvZ
> 8vHHhWjiPVFvgi1cX3rwqtzp4eYFTHeH8QhKDeDk3760XVMk+jl+kvzqUzwh5V6+
> SJs63YoiTSXyk37844NOGvYDHsupDO0R4O+YBwcZLxah/nqfTodfAnsmOA6W6oOy
> lnVOH4IwrfcoVyjjqIlLWGws7BkPN6+5AQ0EVFfwigEIALLGTAxtT7lLuywmNTaq
> hqpUtYsOWx7Cxjj1tVfG3bN/PbW+nKFvfyJkURYVyjn4z7GHLVCrYIr9ixhBRFcz
> zmHuMkxMEr5u/m+H8CSsZ02V81v6+1uM2NvPxCYCUqDxEbcPrs8XrmPZGINY2Fya
> XLpljTh06s1vdBAk32Wxy2Vz6Ii6pQD5WDgrdgDOgpTTlPdIxg9eq6yZi+GMJj/4
> 28Rt6HJhGaqGXN0bCPQ78tQygcY4EDQwpkToWxLCizsj1+9XFwwjnOQON/FNsAT7
> g+XsVQJKfGmRe2QuRJ9oqSK6pi16O7VXg6bAw1dLsEmNoSto1ofy7DVTqqSlEG2o
> N0MAEQEAAYkBJQQYAQIADwUCVFfwigIbDAUJAeEzgAAKCRCrOQijQWes7xemB/92
> 1PRHt24/hfCKR86aCnZk8bzNP+HDeewHXmFLEk9Hk7k2kuo6zVLjPnMA4M9rgOwh
> W5EYhyVpNWKnzzhMwyCGz0J7doK2HYRXJKez1RErLW4GPLzM+4sfY5pWBAjDY62e
> 1Tz1ay+fS3CLh4zCCZYqraHKa6PJYYp9Bz3NRj3xkFtkcLspNq4DkiEBPJVLIPko
> OkVOpBuNpj1YDSZZXwM8HzDMvJc1qgAVxWk56BjePrx8SHfDah1UQqZst4dWeepJ
> 0E2xj4H+WMrIW/3btSTVdlr4zPFwGQ9qE2CcbDJJhH68U9eve3njEPDFiu1TS/f5
> Tt1scwgVintCWdVX9BS2
> =cxjk
> -----END PGP PUBLIC KEY BLOCK-----
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.openstack.org/pipermail/openstack/attachments/20141202/f44d254b/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 5
> Date: Tue, 02 Dec 2014 17:01:10 +0200
> From: Georgios Dimitrakakis <giorgis at acmac.uoc.gr>
> To: <openstack at lists.openstack.org>
> Subject: Re: [Openstack] SSL Configuration
> Message-ID: <c68ab1e623c60faddcadccec9c57dcad at acmac.uoc.gr>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> @Robert: I don't have a load-balancer for this deployment. Just
> controller, cinder and compute nodes.
>
>
>
> What I would like to do is to secure the public endpoints for Keystone,
> Glance, Nova, Cinder with SSL and the EC2 API.
>
> That would be sufficient for the moment.
>
> Is it OK if I just change the respective *.conf files or should I do
> something more? Should the changes at the *.conf files be propagated on
> all nodes?
>
>
> All the best,
>
> George
>
>
>
> On Tue, 2 Dec 2014 17:49:24 +0330, Muhammed Salehi wrote:
> > Hi.
> > Do you want to serve https instead http ? Or you want to encrypt all
> > of the communications between these components?
> > For the first problem the solution is : Search about how to serve and
> > https with apache or passenger.
> >
> > On Tue, Dec 2, 2014 at 5:22 PM, Georgios Dimitrakakis wrote:
> >
> >> Hi!
> >>
> >> Can someone point me to the right direction on how to secure
> >> publicly available services (e.g. nova,keystone,glance) with an SSL
> >> certificate?
> >>
> >> Best regards,
> >>
> >> George
> >>
> >> _______________________________________________
> >> Mailing list:
> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [1]
> >> Post to? ? ?: openstack at lists.openstack.org [2]
> >> Unsubscribe :
> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [3]
> >
> > --
> >
> > -----BEGIN PGP PUBLIC KEY BLOCK-----
> > Version: GnuPG v1
> >
> > mQENBFRX8IoBCADCn76BbNN5m/GwP1rWaOvZMYfdm4Tv9oJehK7zAAzrHPZOaV/i
> > kdxG6LGadCGh/uTWoos441A8MKN/GufruEz1jvR+rgamD0oiTdRHTXz3Wkzcd62y
> > +U9pNLmYZyLUM1ebXXoxgmdNMGHvYLbdTIFgmxfIthKzRx9vd5WQGnsg/gFLTcdY
> > cWd5/THfkImJUHmjLAOepcewQcODijTp27xMwK354SG0BwbWroGAj5AVRqXqD6Qg
> > vO5zIgfMUsoOTMVF5WhAAf1xAjjGjEDi9EqeV1EVyO83s54gfAH/pWYV0K0RZvRw
> > h96wxZVVmCq9Ys8aU8D+hOjEvkjHZPAd3uNXABEBAAG0NFNleXllZCBNdWhhbW1l
> > ZCBTYWRlZ2ggU2FsZWhpIDxzYWxlaGkxOTk0QGdtYWlsLmNvbT6JAT4EEwECACgF
> > AlRX8IoCGwMFCQHhM4AGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEKs5CKNB
> > Z6zv/JQIALd5MnRhvAatGl/HcTYrm/S2Vsp3LgvC6R/w2uNiTm9tfSf596+2flF7
> > xgWUdROZ5O7s188oWiZRNb88XjdMMJtl0KpNpxLbYRyNPZL0klAps46Wlmy3fr8m
> > 7RdovLSy2QtmFtEAsXfYyXmLGB4PeexqYyfcXYhfP1W4kyTScBRUZ4SuFWDhBvvZ
> > 8vHHhWjiPVFvgi1cX3rwqtzp4eYFTHeH8QhKDeDk3760XVMk+jl+kvzqUzwh5V6+
> > SJs63YoiTSXyk37844NOGvYDHsupDO0R4O+YBwcZLxah/nqfTodfAnsmOA6W6oOy
> > lnVOH4IwrfcoVyjjqIlLWGws7BkPN6+5AQ0EVFfwigEIALLGTAxtT7lLuywmNTaq
> > hqpUtYsOWx7Cxjj1tVfG3bN/PbW+nKFvfyJkURYVyjn4z7GHLVCrYIr9ixhBRFcz
> > zmHuMkxMEr5u/m+H8CSsZ02V81v6+1uM2NvPxCYCUqDxEbcPrs8XrmPZGINY2Fya
> > XLpljTh06s1vdBAk32Wxy2Vz6Ii6pQD5WDgrdgDOgpTTlPdIxg9eq6yZi+GMJj/4
> > 28Rt6HJhGaqGXN0bCPQ78tQygcY4EDQwpkToWxLCizsj1+9XFwwjnOQON/FNsAT7
> > g+XsVQJKfGmRe2QuRJ9oqSK6pi16O7VXg6bAw1dLsEmNoSto1ofy7DVTqqSlEG2o
> > N0MAEQEAAYkBJQQYAQIADwUCVFfwigIbDAUJAeEzgAAKCRCrOQijQWes7xemB/92
> > 1PRHt24/hfCKR86aCnZk8bzNP+HDeewHXmFLEk9Hk7k2kuo6zVLjPnMA4M9rgOwh
> > W5EYhyVpNWKnzzhMwyCGz0J7doK2HYRXJKez1RErLW4GPLzM+4sfY5pWBAjDY62e
> > 1Tz1ay+fS3CLh4zCCZYqraHKa6PJYYp9Bz3NRj3xkFtkcLspNq4DkiEBPJVLIPko
> > OkVOpBuNpj1YDSZZXwM8HzDMvJc1qgAVxWk56BjePrx8SHfDah1UQqZst4dWeepJ
> > 0E2xj4H+WMrIW/3btSTVdlr4zPFwGQ9qE2CcbDJJhH68U9eve3njEPDFiu1TS/f5
> > Tt1scwgVintCWdVX9BS2
> > =cxjk
> > -----END PGP PUBLIC KEY BLOCK-----
> >
> >
> > Links:
> > ------
> > [1] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > [2] mailto:openstack at lists.openstack.org
> > [3] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > [4] mailto:giorgis at acmac.uoc.gr
>
>
>
>
> ------------------------------
>
> Message: 6
> Date: Tue, 02 Dec 2014 10:31:30 -0500
> From: Rob Crittenden <rcritten at redhat.com>
> To: Georgios Dimitrakakis <giorgis at acmac.uoc.gr>,
> openstack at lists.openstack.org
> Subject: Re: [Openstack] SSL Configuration
> Message-ID: <547DDB52.5030006 at redhat.com>
> Content-Type: text/plain; charset=UTF-8
>
> Georgios Dimitrakakis wrote:
> > @Robert: I don't have a load-balancer for this deployment. Just
> > controller, cinder and compute nodes.
> >
> >
> >
> > What I would like to do is to secure the public endpoints for Keystone,
> > Glance, Nova, Cinder with SSL and the EC2 API.
> >
> > That would be sufficient for the moment.
> >
> > Is it OK if I just change the respective *.conf files or should I do
> > something more? Should the changes at the *.conf files be propagated on
> > all nodes?
>
> It is a bit more complicated than that.
>
> You can either secure things natively or use a TLS proxy (hardware or
> something like haproxy or stud). Native SSL is generally frowned upon
> since the assumption is that performance will be terrible due to the
> python GIL.
>
> What you do with haproxy or stud is to modify the port that the services
> normally listen on (in devstack we simply add 1 to each of the ports)
> and configure the proxy to listen on the "standard" ports for each service.
>
> You also need secure endpoints defined in keystone for everything. If
> you've got an existing installation you'll need to try to convert it.
>
> I've been toying with SSL in devstack and documented some experiments I
> did including converting Keystone to use native SSL,
> http://blog-rcritten.rhcloud.com/?p=5 and subsequently converting nova,
> glance and cinder in the same install
> http://blog-rcritten.rhcloud.com/?p=26
>
> This is for native SSL, which as I said is generally frowned up, but I
> was just toying after all. The process should be similar for a proxy.
>
> rob
>
> >
> >
> > All the best,
> >
> > George
> >
> >
> >
> > On Tue, 2 Dec 2014 17:49:24 +0330, Muhammed Salehi wrote:
> >> Hi.
> >> Do you want to serve https instead http ? Or you want to encrypt all
> >> of the communications between these components?
> >> For the first problem the solution is : Search about how to serve and
> >> https with apache or passenger.
> >>
> >> On Tue, Dec 2, 2014 at 5:22 PM, Georgios Dimitrakakis wrote:
> >>
> >>> Hi!
> >>>
> >>> Can someone point me to the right direction on how to secure
> >>> publicly available services (e.g. nova,keystone,glance) with an SSL
> >>> certificate?
> >>>
> >>> Best regards,
> >>>
> >>> George
> >>>
> >>> _______________________________________________
> >>> Mailing list:
> >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [1]
> >>> Post to : openstack at lists.openstack.org [2]
> >>> Unsubscribe :
> >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [3]
> >>
> >> --
> >>
> >> -----BEGIN PGP PUBLIC KEY BLOCK-----
> >> Version: GnuPG v1
> >>
> >> mQENBFRX8IoBCADCn76BbNN5m/GwP1rWaOvZMYfdm4Tv9oJehK7zAAzrHPZOaV/i
> >> kdxG6LGadCGh/uTWoos441A8MKN/GufruEz1jvR+rgamD0oiTdRHTXz3Wkzcd62y
> >> +U9pNLmYZyLUM1ebXXoxgmdNMGHvYLbdTIFgmxfIthKzRx9vd5WQGnsg/gFLTcdY
> >> cWd5/THfkImJUHmjLAOepcewQcODijTp27xMwK354SG0BwbWroGAj5AVRqXqD6Qg
> >> vO5zIgfMUsoOTMVF5WhAAf1xAjjGjEDi9EqeV1EVyO83s54gfAH/pWYV0K0RZvRw
> >> h96wxZVVmCq9Ys8aU8D+hOjEvkjHZPAd3uNXABEBAAG0NFNleXllZCBNdWhhbW1l
> >> ZCBTYWRlZ2ggU2FsZWhpIDxzYWxlaGkxOTk0QGdtYWlsLmNvbT6JAT4EEwECACgF
> >> AlRX8IoCGwMFCQHhM4AGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEKs5CKNB
> >> Z6zv/JQIALd5MnRhvAatGl/HcTYrm/S2Vsp3LgvC6R/w2uNiTm9tfSf596+2flF7
> >> xgWUdROZ5O7s188oWiZRNb88XjdMMJtl0KpNpxLbYRyNPZL0klAps46Wlmy3fr8m
> >> 7RdovLSy2QtmFtEAsXfYyXmLGB4PeexqYyfcXYhfP1W4kyTScBRUZ4SuFWDhBvvZ
> >> 8vHHhWjiPVFvgi1cX3rwqtzp4eYFTHeH8QhKDeDk3760XVMk+jl+kvzqUzwh5V6+
> >> SJs63YoiTSXyk37844NOGvYDHsupDO0R4O+YBwcZLxah/nqfTodfAnsmOA6W6oOy
> >> lnVOH4IwrfcoVyjjqIlLWGws7BkPN6+5AQ0EVFfwigEIALLGTAxtT7lLuywmNTaq
> >> hqpUtYsOWx7Cxjj1tVfG3bN/PbW+nKFvfyJkURYVyjn4z7GHLVCrYIr9ixhBRFcz
> >> zmHuMkxMEr5u/m+H8CSsZ02V81v6+1uM2NvPxCYCUqDxEbcPrs8XrmPZGINY2Fya
> >> XLpljTh06s1vdBAk32Wxy2Vz6Ii6pQD5WDgrdgDOgpTTlPdIxg9eq6yZi+GMJj/4
> >> 28Rt6HJhGaqGXN0bCPQ78tQygcY4EDQwpkToWxLCizsj1+9XFwwjnOQON/FNsAT7
> >> g+XsVQJKfGmRe2QuRJ9oqSK6pi16O7VXg6bAw1dLsEmNoSto1ofy7DVTqqSlEG2o
> >> N0MAEQEAAYkBJQQYAQIADwUCVFfwigIbDAUJAeEzgAAKCRCrOQijQWes7xemB/92
> >> 1PRHt24/hfCKR86aCnZk8bzNP+HDeewHXmFLEk9Hk7k2kuo6zVLjPnMA4M9rgOwh
> >> W5EYhyVpNWKnzzhMwyCGz0J7doK2HYRXJKez1RErLW4GPLzM+4sfY5pWBAjDY62e
> >> 1Tz1ay+fS3CLh4zCCZYqraHKa6PJYYp9Bz3NRj3xkFtkcLspNq4DkiEBPJVLIPko
> >> OkVOpBuNpj1YDSZZXwM8HzDMvJc1qgAVxWk56BjePrx8SHfDah1UQqZst4dWeepJ
> >> 0E2xj4H+WMrIW/3btSTVdlr4zPFwGQ9qE2CcbDJJhH68U9eve3njEPDFiu1TS/f5
> >> Tt1scwgVintCWdVX9BS2
> >> =cxjk
> >> -----END PGP PUBLIC KEY BLOCK-----
> >>
> >>
> >> Links:
> >> ------
> >> [1] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >> [2] mailto:openstack at lists.openstack.org
> >> [3] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >> [4] mailto:giorgis at acmac.uoc.gr
> >
> >
> > _______________________________________________
> > Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > Post to : openstack at lists.openstack.org
> > Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
>
>
> ------------------------------
>
> Message: 7
> Date: Tue, 02 Dec 2014 18:07:03 +0200
> From: Georgios Dimitrakakis <giorgis at acmac.uoc.gr>
> To: Rob Crittenden <rcritten at redhat.com>
> Cc: openstack at lists.openstack.org
> Subject: Re: [Openstack] SSL Configuration
> Message-ID: <e7b1301361cb49ec55553942be3732b5 at acmac.uoc.gr>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> Hi Rob!
>
> Thanks for you detailed explanation.
> Just a few more questions to clarify things....
>
> So if I decide to go natively is it sufficient to follow the steps on
> the two blog posts? Do I have to do anything more than that? I am
> specifically interested in EC2 which is excluded.....Can we foresee the
> impact on the performance and why is that?
>
>
> If I decide to go with HAProxy (no hardware proxy available) do I still
> have to change the endpoints to httpS or changing the ports is
> sufficient? Do you happen to know where can I find more info regarding
> this?
>
>
> All the best,
>
>
> George
>
>
>
> On Tue, 02 Dec 2014 10:31:30 -0500, Rob Crittenden wrote:
> > Georgios Dimitrakakis wrote:
> >> @Robert: I don't have a load-balancer for this deployment. Just
> >> controller, cinder and compute nodes.
> >>
> >>
> >>
> >> What I would like to do is to secure the public endpoints for
> >> Keystone,
> >> Glance, Nova, Cinder with SSL and the EC2 API.
> >>
> >> That would be sufficient for the moment.
> >>
> >> Is it OK if I just change the respective *.conf files or should I do
> >> something more? Should the changes at the *.conf files be propagated
> >> on
> >> all nodes?
> >
> > It is a bit more complicated than that.
> >
> > You can either secure things natively or use a TLS proxy (hardware or
> > something like haproxy or stud). Native SSL is generally frowned upon
> > since the assumption is that performance will be terrible due to the
> > python GIL.
> >
> > What you do with haproxy or stud is to modify the port that the
> > services
> > normally listen on (in devstack we simply add 1 to each of the ports)
> > and configure the proxy to listen on the "standard" ports for each
> > service.
> >
> > You also need secure endpoints defined in keystone for everything. If
> > you've got an existing installation you'll need to try to convert it.
> >
> > I've been toying with SSL in devstack and documented some experiments
> > I
> > did including converting Keystone to use native SSL,
> > http://blog-rcritten.rhcloud.com/?p=5 and subsequently converting
> > nova,
> > glance and cinder in the same install
> > http://blog-rcritten.rhcloud.com/?p=26
> >
> > This is for native SSL, which as I said is generally frowned up, but
> > I
> > was just toying after all. The process should be similar for a proxy.
> >
> > rob
> >
> >>
> >>
> >> All the best,
> >>
> >> George
> >>
> >>
> >>
> >> On Tue, 2 Dec 2014 17:49:24 +0330, Muhammed Salehi wrote:
> >>> Hi.
> >>> Do you want to serve https instead http ? Or you want to encrypt
> >>> all
> >>> of the communications between these components?
> >>> For the first problem the solution is : Search about how to serve
> >>> and
> >>> https with apache or passenger.
> >>>
> >>> On Tue, Dec 2, 2014 at 5:22 PM, Georgios Dimitrakakis wrote:
> >>>
> >>>> Hi!
> >>>>
> >>>> Can someone point me to the right direction on how to secure
> >>>> publicly available services (e.g. nova,keystone,glance) with an
> >>>> SSL
> >>>> certificate?
> >>>>
> >>>> Best regards,
> >>>>
> >>>> George
> >>>>
> >>>> _______________________________________________
> >>>> Mailing list:
> >>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [1]
> >>>> Post to : openstack at lists.openstack.org [2]
> >>>> Unsubscribe :
> >>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [3]
> >>>
> >>> --
> >>>
> >>> -----BEGIN PGP PUBLIC KEY BLOCK-----
> >>> Version: GnuPG v1
> >>>
> >>> mQENBFRX8IoBCADCn76BbNN5m/GwP1rWaOvZMYfdm4Tv9oJehK7zAAzrHPZOaV/i
> >>> kdxG6LGadCGh/uTWoos441A8MKN/GufruEz1jvR+rgamD0oiTdRHTXz3Wkzcd62y
> >>> +U9pNLmYZyLUM1ebXXoxgmdNMGHvYLbdTIFgmxfIthKzRx9vd5WQGnsg/gFLTcdY
> >>> cWd5/THfkImJUHmjLAOepcewQcODijTp27xMwK354SG0BwbWroGAj5AVRqXqD6Qg
> >>> vO5zIgfMUsoOTMVF5WhAAf1xAjjGjEDi9EqeV1EVyO83s54gfAH/pWYV0K0RZvRw
> >>> h96wxZVVmCq9Ys8aU8D+hOjEvkjHZPAd3uNXABEBAAG0NFNleXllZCBNdWhhbW1l
> >>> ZCBTYWRlZ2ggU2FsZWhpIDxzYWxlaGkxOTk0QGdtYWlsLmNvbT6JAT4EEwECACgF
> >>> AlRX8IoCGwMFCQHhM4AGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEKs5CKNB
> >>> Z6zv/JQIALd5MnRhvAatGl/HcTYrm/S2Vsp3LgvC6R/w2uNiTm9tfSf596+2flF7
> >>> xgWUdROZ5O7s188oWiZRNb88XjdMMJtl0KpNpxLbYRyNPZL0klAps46Wlmy3fr8m
> >>> 7RdovLSy2QtmFtEAsXfYyXmLGB4PeexqYyfcXYhfP1W4kyTScBRUZ4SuFWDhBvvZ
> >>> 8vHHhWjiPVFvgi1cX3rwqtzp4eYFTHeH8QhKDeDk3760XVMk+jl+kvzqUzwh5V6+
> >>> SJs63YoiTSXyk37844NOGvYDHsupDO0R4O+YBwcZLxah/nqfTodfAnsmOA6W6oOy
> >>> lnVOH4IwrfcoVyjjqIlLWGws7BkPN6+5AQ0EVFfwigEIALLGTAxtT7lLuywmNTaq
> >>> hqpUtYsOWx7Cxjj1tVfG3bN/PbW+nKFvfyJkURYVyjn4z7GHLVCrYIr9ixhBRFcz
> >>> zmHuMkxMEr5u/m+H8CSsZ02V81v6+1uM2NvPxCYCUqDxEbcPrs8XrmPZGINY2Fya
> >>> XLpljTh06s1vdBAk32Wxy2Vz6Ii6pQD5WDgrdgDOgpTTlPdIxg9eq6yZi+GMJj/4
> >>> 28Rt6HJhGaqGXN0bCPQ78tQygcY4EDQwpkToWxLCizsj1+9XFwwjnOQON/FNsAT7
> >>> g+XsVQJKfGmRe2QuRJ9oqSK6pi16O7VXg6bAw1dLsEmNoSto1ofy7DVTqqSlEG2o
> >>> N0MAEQEAAYkBJQQYAQIADwUCVFfwigIbDAUJAeEzgAAKCRCrOQijQWes7xemB/92
> >>> 1PRHt24/hfCKR86aCnZk8bzNP+HDeewHXmFLEk9Hk7k2kuo6zVLjPnMA4M9rgOwh
> >>> W5EYhyVpNWKnzzhMwyCGz0J7doK2HYRXJKez1RErLW4GPLzM+4sfY5pWBAjDY62e
> >>> 1Tz1ay+fS3CLh4zCCZYqraHKa6PJYYp9Bz3NRj3xkFtkcLspNq4DkiEBPJVLIPko
> >>> OkVOpBuNpj1YDSZZXwM8HzDMvJc1qgAVxWk56BjePrx8SHfDah1UQqZst4dWeepJ
> >>> 0E2xj4H+WMrIW/3btSTVdlr4zPFwGQ9qE2CcbDJJhH68U9eve3njEPDFiu1TS/f5
> >>> Tt1scwgVintCWdVX9BS2
> >>> =cxjk
> >>> -----END PGP PUBLIC KEY BLOCK-----
> >>>
> >>>
> >>> Links:
> >>> ------
> >>> [1] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >>> [2] mailto:openstack at lists.openstack.org
> >>> [3] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >>> [4] mailto:giorgis at acmac.uoc.gr
> >>
> >>
> >> _______________________________________________
> >> Mailing list:
> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >> Post to : openstack at lists.openstack.org
> >> Unsubscribe :
> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
> --
>
>
>
> ------------------------------
>
> Message: 8
> Date: Tue, 2 Dec 2014 11:50:46 -0500
> From: Amit Anand <aanand at viimed.com>
> To: openstack at lists.openstack.org
> Subject: [Openstack] (Juno) Swift Dashboard error
> Message-ID:
> <CAAvmQasGgG0iPWEzvOah9mpV2oSb4OXaCG5Lh8A_2M8+T=
> JjoQ at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi all,
>
> Thank you all for your help earlier getting through my issues - it looks
> like I have more or less a functioning environment! I do have one error
> which Im getting and have no idea why as I do not see anything in
> /var/log/messages on why this is occurring. Basically when I click on "View
> Details" on an Object I get this popup error from the Dashboard:
>
> "Danger: An error has occurred. Please try again later." (screenshot below)
>
> But if I click on the View Details of the container all comes up fine. I
> can then take the URL and add the name of the file im trying to access and
> works just fine. Anyone have any ideas?
>
> [image: Inline image 4]
>
>
> Thanks! Also I as you can see we are trying video streaming from our
> development stack so any pointers on that would be very much appreciated!!
>
> Amit
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.openstack.org/pipermail/openstack/attachments/20141202/a3028b1f/attachment-0001.html
> >
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: image.png
> Type: image/png
> Size: 148167 bytes
> Desc: not available
> URL: <
> http://lists.openstack.org/pipermail/openstack/attachments/20141202/a3028b1f/attachment-0001.png
> >
>
> ------------------------------
>
> Message: 9
> Date: Tue, 02 Dec 2014 13:31:39 -0500
> From: Rob Crittenden <rcritten at redhat.com>
> To: Georgios Dimitrakakis <giorgis at acmac.uoc.gr>
> Cc: openstack at lists.openstack.org
> Subject: Re: [Openstack] SSL Configuration
> Message-ID: <547E058B.5040304 at redhat.com>
> Content-Type: text/plain; charset=UTF-8
>
> Georgios Dimitrakakis wrote:
> > Hi Rob!
> >
> > Thanks for you detailed explanation.
> > Just a few more questions to clarify things....
> >
> > So if I decide to go natively is it sufficient to follow the steps on
> > the two blog posts? Do I have to do anything more than that? I am
> > specifically interested in EC2 which is excluded.....Can we foresee the
> > impact on the performance and why is that?
>
> I haven't done much with EC2 so I can't say with any authority. You
> might check how it is configured in devstack for some pointers.
>
> The presumed problem with native SSL is that due to the GIL only one
> request can effectively be served at a time. I don't know that anyone
> has actually tested that but at the Atlanta summit whenever I brought up
> native SSL most everyone recoiled. Things will be different if/when all
> services run in Apache.
>
> > If I decide to go with HAProxy (no hardware proxy available) do I still
> > have to change the endpoints to httpS or changing the ports is
> > sufficient? Do you happen to know where can I find more info regarding
> > this?
>
> By my understanding, yes. If anything looks up the endpoints in Keystone
> and they get back http endpoints then you get an in-the-clear request to
> your proxy listening on SSL, so nothing will work. I don't know how the
> guys with hardware handle it.
>
> I'd recommend toying with this in devstack to get a feel for how things
> would work. You can add ENABLED_SERVICES+=,tls-proxy to local.conf and
> it will set things up using stud as the proxy. You'll be able to see how
> the endpoints get set up and what the configuration files will look like.
>
> The biggest pain right now with using SSL is distributing and using the
> CA certificate. You'll be tempted to use --insecure. Avoid that
> temptation if at all possible. Ubuntu/Fedora/RHEL/CentOS (and perhaps
> Debian, I didn't check) all have a way of publishing the CA certificate
> centrally. That can alleviate many of the problems on the server and
> clients.
>
> rob
>
> >
> >
> > All the best,
> >
> >
> > George
> >
> >
> >
> > On Tue, 02 Dec 2014 10:31:30 -0500, Rob Crittenden wrote:
> >> Georgios Dimitrakakis wrote:
> >>> @Robert: I don't have a load-balancer for this deployment. Just
> >>> controller, cinder and compute nodes.
> >>>
> >>>
> >>>
> >>> What I would like to do is to secure the public endpoints for Keystone,
> >>> Glance, Nova, Cinder with SSL and the EC2 API.
> >>>
> >>> That would be sufficient for the moment.
> >>>
> >>> Is it OK if I just change the respective *.conf files or should I do
> >>> something more? Should the changes at the *.conf files be propagated on
> >>> all nodes?
> >>
> >> It is a bit more complicated than that.
> >>
> >> You can either secure things natively or use a TLS proxy (hardware or
> >> something like haproxy or stud). Native SSL is generally frowned upon
> >> since the assumption is that performance will be terrible due to the
> >> python GIL.
> >>
> >> What you do with haproxy or stud is to modify the port that the services
> >> normally listen on (in devstack we simply add 1 to each of the ports)
> >> and configure the proxy to listen on the "standard" ports for each
> >> service.
> >>
> >> You also need secure endpoints defined in keystone for everything. If
> >> you've got an existing installation you'll need to try to convert it.
> >>
> >> I've been toying with SSL in devstack and documented some experiments I
> >> did including converting Keystone to use native SSL,
> >> http://blog-rcritten.rhcloud.com/?p=5 and subsequently converting nova,
> >> glance and cinder in the same install
> >> http://blog-rcritten.rhcloud.com/?p=26
> >>
> >> This is for native SSL, which as I said is generally frowned up, but I
> >> was just toying after all. The process should be similar for a proxy.
> >>
> >> rob
> >>
> >>>
> >>>
> >>> All the best,
> >>>
> >>> George
> >>>
> >>>
> >>>
> >>> On Tue, 2 Dec 2014 17:49:24 +0330, Muhammed Salehi wrote:
> >>>> Hi.
> >>>> Do you want to serve https instead http ? Or you want to encrypt all
> >>>> of the communications between these components?
> >>>> For the first problem the solution is : Search about how to serve and
> >>>> https with apache or passenger.
> >>>>
> >>>> On Tue, Dec 2, 2014 at 5:22 PM, Georgios Dimitrakakis wrote:
> >>>>
> >>>>> Hi!
> >>>>>
> >>>>> Can someone point me to the right direction on how to secure
> >>>>> publicly available services (e.g. nova,keystone,glance) with an SSL
> >>>>> certificate?
> >>>>>
> >>>>> Best regards,
> >>>>>
> >>>>> George
> >>>>>
> >>>>> _______________________________________________
> >>>>> Mailing list:
> >>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [1]
> >>>>> Post to : openstack at lists.openstack.org [2]
> >>>>> Unsubscribe :
> >>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [3]
> >>>>
> >>>> --
> >>>>
> >>>> -----BEGIN PGP PUBLIC KEY BLOCK-----
> >>>> Version: GnuPG v1
> >>>>
> >>>> mQENBFRX8IoBCADCn76BbNN5m/GwP1rWaOvZMYfdm4Tv9oJehK7zAAzrHPZOaV/i
> >>>> kdxG6LGadCGh/uTWoos441A8MKN/GufruEz1jvR+rgamD0oiTdRHTXz3Wkzcd62y
> >>>> +U9pNLmYZyLUM1ebXXoxgmdNMGHvYLbdTIFgmxfIthKzRx9vd5WQGnsg/gFLTcdY
> >>>> cWd5/THfkImJUHmjLAOepcewQcODijTp27xMwK354SG0BwbWroGAj5AVRqXqD6Qg
> >>>> vO5zIgfMUsoOTMVF5WhAAf1xAjjGjEDi9EqeV1EVyO83s54gfAH/pWYV0K0RZvRw
> >>>> h96wxZVVmCq9Ys8aU8D+hOjEvkjHZPAd3uNXABEBAAG0NFNleXllZCBNdWhhbW1l
> >>>> ZCBTYWRlZ2ggU2FsZWhpIDxzYWxlaGkxOTk0QGdtYWlsLmNvbT6JAT4EEwECACgF
> >>>> AlRX8IoCGwMFCQHhM4AGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEKs5CKNB
> >>>> Z6zv/JQIALd5MnRhvAatGl/HcTYrm/S2Vsp3LgvC6R/w2uNiTm9tfSf596+2flF7
> >>>> xgWUdROZ5O7s188oWiZRNb88XjdMMJtl0KpNpxLbYRyNPZL0klAps46Wlmy3fr8m
> >>>> 7RdovLSy2QtmFtEAsXfYyXmLGB4PeexqYyfcXYhfP1W4kyTScBRUZ4SuFWDhBvvZ
> >>>> 8vHHhWjiPVFvgi1cX3rwqtzp4eYFTHeH8QhKDeDk3760XVMk+jl+kvzqUzwh5V6+
> >>>> SJs63YoiTSXyk37844NOGvYDHsupDO0R4O+YBwcZLxah/nqfTodfAnsmOA6W6oOy
> >>>> lnVOH4IwrfcoVyjjqIlLWGws7BkPN6+5AQ0EVFfwigEIALLGTAxtT7lLuywmNTaq
> >>>> hqpUtYsOWx7Cxjj1tVfG3bN/PbW+nKFvfyJkURYVyjn4z7GHLVCrYIr9ixhBRFcz
> >>>> zmHuMkxMEr5u/m+H8CSsZ02V81v6+1uM2NvPxCYCUqDxEbcPrs8XrmPZGINY2Fya
> >>>> XLpljTh06s1vdBAk32Wxy2Vz6Ii6pQD5WDgrdgDOgpTTlPdIxg9eq6yZi+GMJj/4
> >>>> 28Rt6HJhGaqGXN0bCPQ78tQygcY4EDQwpkToWxLCizsj1+9XFwwjnOQON/FNsAT7
> >>>> g+XsVQJKfGmRe2QuRJ9oqSK6pi16O7VXg6bAw1dLsEmNoSto1ofy7DVTqqSlEG2o
> >>>> N0MAEQEAAYkBJQQYAQIADwUCVFfwigIbDAUJAeEzgAAKCRCrOQijQWes7xemB/92
> >>>> 1PRHt24/hfCKR86aCnZk8bzNP+HDeewHXmFLEk9Hk7k2kuo6zVLjPnMA4M9rgOwh
> >>>> W5EYhyVpNWKnzzhMwyCGz0J7doK2HYRXJKez1RErLW4GPLzM+4sfY5pWBAjDY62e
> >>>> 1Tz1ay+fS3CLh4zCCZYqraHKa6PJYYp9Bz3NRj3xkFtkcLspNq4DkiEBPJVLIPko
> >>>> OkVOpBuNpj1YDSZZXwM8HzDMvJc1qgAVxWk56BjePrx8SHfDah1UQqZst4dWeepJ
> >>>> 0E2xj4H+WMrIW/3btSTVdlr4zPFwGQ9qE2CcbDJJhH68U9eve3njEPDFiu1TS/f5
> >>>> Tt1scwgVintCWdVX9BS2
> >>>> =cxjk
> >>>> -----END PGP PUBLIC KEY BLOCK-----
> >>>>
> >>>>
> >>>> Links:
> >>>> ------
> >>>> [1] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >>>> [2] mailto:openstack at lists.openstack.org
> >>>> [3] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >>>> [4] mailto:giorgis at acmac.uoc.gr
> >>>
> >>>
> >>> _______________________________________________
> >>> Mailing list:
> >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >>> Post to : openstack at lists.openstack.org
> >>> Unsubscribe :
> >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >
> > --
>
>
>
>
> ------------------------------
>
> Message: 10
> Date: Tue, 2 Dec 2014 20:04:51 +0000
> From: Ashiq Anjum <Ashiq.Anjum at cern.ch>
> To: "openstack at lists.openstack.org" <openstack at lists.openstack.org>,
> "openstack-hpc at lists.openstack.org"
> <openstack-hpc at lists.openstack.org>
> Subject: [Openstack] Final Call for Participation: UCC 2014 London UK
> Message-ID:
> <38B80DE7DF51A943BD4434E10300831491A001BA at CERNXCHG74.cern.ch>
> Content-Type: text/plain; charset="Windows-1252"
>
> Dear All,
>
> The final conference programme for UCC 2014, being held in London from
> December 8-11 2014, is available at:
>
> http://computing.derby.ac.uk/ucc2014/conference-programme/
>
> http://computing.derby.ac.uk/ucc2014/wp-content/uploads/2014/12/UCC-2014-Conference-Foldout-Programme.pdf
>
> We have some very interesting keynote speakers, tutorials and workshops
> this year.
>
> The notable names and their talks include the following:
>
> 1. Enabling Cloud Computing at Hyper-Scale: Kenji Takeda, Microsoft
> 2. Cloud Native Cost Optimization: Adrian Cockcroft, Battery Ventures
> (prev. Netflix, eBay, Sun)
> 3. A Few Control Issues in Warehouse-scale Computing: John Wilkes, Google
> 4. Rack-Scale Computers and the Cloud: Ant Rowstron, Microsoft
> 5. Joe Baguley, Chief Technology Officer, EMEA, VMware
> 6. Professor Yike Guo, Imperial College London
> 7. Actors in the Cloud: Supporting Security, Scalability and Availability
> , Gul Agha, University of Illinois at Urbana-Champaign, USA
> 8. Clinical Intelligence & Integration: Tackling Large Data Analytics in
> Real-Time, Oliver Vettel and Andreas Koop, Roche Diagnostics
>
> Panel Discussion: How adaptive should our infrastructure (networks, data
> centres etc.) be to support next generation Clouds?
>
> Alan Sill; Open Grid Forum (OGF)
> Joe Baguley; VMWare
> John Wilken; Google
> Erik Elmroth; Ume? University (UMU)
> Gul Agha; University of Illinois at Urbana-Champaign
>
> UCC 2014 Tutorials
> 1. Azure Machine Learning for Research, Kenji Takeda
> 2. Model-Driven Management of Multi-Cloud Applications, Danilo Ardagna
> 3. The Intercloud Architecture and Project, David R. Bernstein
> 4. Distributed Data Storage: From Dispersed Files to Stealth Databases,
> Josef Spillner, Johannes M?ller,
> 5. Software Development in Cloud: An Experiential Study with CMS, Chandra
> Sekaran K,
> 6. Data Analysis with R, Shruti Kohli, Shruti Kohli
> 6. Microsoft Azure for Research, Kenji Takeda
> 7. Autonomic Clouds, Omer Rana and Manish Parashar, Omer F. Rana
> 8. Help Clinical Intelligence take the next step using state-of-the art
> in-memory analytics, Oliver Vettel and Andreas Koop
> 9. CRISTAL : Designing Traceable Cloud-based Systems, Richard McClatchey,
> Andrew Branson
>
> UCC 2014 Workshops
> 1. International Symposium on Big Data Computing 2014 ? BDC 2014
> 2. 6th Cloud Control Workshop ? CloudControl6
> 3. Cloud Federation Management: Identity, Resources and Applications
> Workshop ? CFM 2014
> 4. Workshops on Standards and Pre-Standards Topics in Clouds, Big Data and
> Data Analytics ? SCBDA 2014
> 5. ITaaU Network+ Symposium ? ITaaU 2014
> 6. Clouds and eScience Applications Management Workshop ? CloudAM 2014
> 7. Crowdsourcing and Gamification in the Cloud Workshop ? CGCloud 2014
> 8. Re-computability in the Cloud Workshop ? Re-computability 2014
> 9. Advances in CC Legislation, Accountability, Security and Privacy
> Workshop ? CLASP 2014
> 10. Trust in Cloud Computing Workshop ? IWTCC 2014
> 11. Green Cloud Computing Workshop ? GCC 2014
> 12. Smart City Clouds: Technologies, Systems and Applications Workshop ?
> SCCTSA 2014
> 13. Cloud Automation, Intelligent Management and Scalability Workshop ?
> CAIMS 2014
> 14. Cyber-physical Cloud Computing Workshop ? CPCC 2014
> 15. Network Virtualization and SDN for Cloud Data Centres Workshop
> 16. Big Data, Intelligence Management and Analytics Workshop ? BDIMA
> 17. Big Data and Social Networking Management and Security Workshop
> 18. Education in the Cloud Workshop ? EC 2014
> 19. EGI Federated Cloud Workshop
> 20. Plugfest: Cloud Interoperability Event
>
> UCC 2014 Registration
>
> To register please visit:
> http://www.derby.ac.uk/enterprisecentre/events/ucc/book/
>
> Best regards
> Ashiq Anjum
>
>
> Organising Chair UCC 2014 -- http://computing.derby.ac.uk/ucc2014/
>
> Dr. Ashiq Anjum
> Reader in Distributed Computing
> Distributed and Intelligent Systems (DISYS) research centre
> School of Computing and Mathematics
> University of Derby
> Room E510
> Kedleston Road
> Derby, UK
> DE22 1GB
> ashiq.anjum at cern.ch & a.anjum at derby.ac.uk
> +44 (0) 1332 591881 & 44 (0) 772 4017071
> http://www.derby.ac.uk/staff/ashiq-anjum/
>
>
>
>
> ------------------------------
>
> Message: 11
> Date: Tue, 2 Dec 2014 18:43:01 -0500
> From: Don Waterloo <don.waterloo at gmail.com>
> To: Amit Anand <aanand at viimed.com>
> Cc: openstack at lists.openstack.org
> Subject: Re: [Openstack] (Juno) Swift Dashboard error
> Message-ID:
> <
> CAKrvkGdkBP15ag+jFVoeMMdT8oc4y0n8Ouz2rmxvfMA9+9qAig at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> On 2 December 2014 at 11:50, Amit Anand <aanand at viimed.com> wrote:
>
> > Hi all,
> >
> > Thank you all for your help earlier getting through my issues - it looks
> > like I have more or less a functioning environment! I do have one error
> > which Im getting and have no idea why as I do not see anything in
> > /var/log/messages on why this is occurring. Basically when I click on
> "View
> > Details" on an Object I get this popup error from the Dashboard:
> >
> > "Danger: An error has occurred. Please try again later." (screenshot
> below)
> >
> > But if I click on the View Details of the container all comes up fine. I
> > can then take the URL and add the name of the file im trying to access
> and
> > works just fine. Anyone have any ideas?
> >
> >
> I had this problem. the 'danger' is a bootstrap thing, an error has occured
> (e.g. a 500 error) on an ajax call.
>
> for me, i turned on logging in horizon, and found that i was
>
> ERROR 2014-12-02 23:14:10,608 base 36395 140110630778624 Error while
> checking action permissions.
> Traceback (most recent call last):
> File "/usr/lib/python2.7/dist-packages/horizon/tables/base.py", line
> 1234, in _filter_action
> return action._allowed(request, datum) and row_matched
> File "/usr/lib/python2.7/dist-packages/horizon/tables/actions.py", line
> 136, in _allowed
> self.allowed(request, datum))
> File "./openstack_dashboard/dashboards/project/networks/tables.py", line
> 94, in allowed
> if usages['networks']['available'] <= 0:
> KeyError: 'available'
>
> e.g. there was no key 'available' in the usages. usages['networks'] has
> only part of the quota. I modified the code to be
> " if 'networks' in usages and 'available' in usages['networks'] and
> usages['networks']['available'] <= 0:"
> instead of
> " if usages['networks']['available'] <= 0:"
>
> but u can find your specific problem by enabling the horizon logging.
>
> I enabled logging as below in local_settings.py
> (/etc/openstack-dashboard/local_settings.py on Ubuntu).
>
> LOGGING = {
> ...
> 'file': {
> 'level': 'ERROR',
> 'class': 'logging.FileHandler',
> 'formatter': 'verbose',
> 'filename': '/var/log/horizon.log'
> },
> },
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.openstack.org/pipermail/openstack/attachments/20141202/38032547/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 12
> Date: Tue, 2 Dec 2014 19:12:01 -0500
> From: Don Waterloo <don.waterloo at gmail.com>
> To: openstack at lists.openstack.org
> Subject: [Openstack] nova missing network, neutron shows it ok
> Message-ID:
> <CAKrvkGfH2oaUOWra8yHAgDnd0+Y5FBpV6yeP11K7wLZ942q=
> 4g at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> I have an issue where nova is 'missing' the networks that are on some
> instances (they are really there, they work, I can see them in horizon
> topology)
>
> $ nova list
>
> +--------------------------------------+------------+--------+------------+-------------+----------------------------------+
> | ID | Name | Status | Task State |
> Power State | Networks |
>
> +--------------------------------------+------------+--------+------------+-------------+----------------------------------+
> | 4599b917-7b86-4195-a82a-e733bd8b041c | xxxxxx-pts | ACTIVE | - |
> Running | |
> | 4859d4ac-e2a5-4e5d-8f98-12ce2d3fd36d | xxxxxx-sde | ACTIVE | - |
> Running | |
> | c40f7e59-02a0-4c16-9544-c3a9940358d6 | xxxxxx-spb | ACTIVE | - |
> Running | xxxxxx-data-ctrl-net=172.16.1.10 |
> | 28b7a632-4f12-41fc-a917-3b19233701c2 | xxxxxx-vpn | ACTIVE | - |
> Running | |
>
> +--------------------------------------+------------+--------+------------+-------------+----------------------------------+
>
>
> Doing a 'neutron port-list' the port shows up:
>
> +--------------------------------------+-----------------+-------------------+------------------------------------------------------------------------------------+
> | id | name | mac_address
> | fixed_ips
> |
>
> +--------------------------------------+-----------------+-------------------+------------------------------------------------------------------------------------+
> | adc3b59f-e73c-4c94-9765-7c9fc2d210a3 | justin-pts-port |
> fa:16:3e:b2:3c:f7 | {"subnet_id": "994123b2-0386-49e4-b8b0-d952d925dff5",
> "ip_address": "172.16.1.13"} |
>
> ...
>
> I presume this indicates some problem on the api-pass-through that nova
> does to neutron (I am running neutron network, juno, ubuntu 14.10)
>
> the only clue to the mystery is found in the log file:
> 2014-12-02 23:57:37.787 20876 WARNING keystonemiddleware.auth_token [-]
> Authorization failed for token
> in nova-api.log
>
> why it would fail for one and not another i don't know.
>
> can someone suggest how to debug this? enabling verbose/debug in nova
> didn't really provide more info.
> in keystone-all.log, there is an awful lot of stuff about RBAC, its not
> obvious which line
> matters.
>
> something that surprises me, when i run 'neutron --debug net-list', i see
> it re-use my existing token.
> When i run 'nova --debug list', i see it get a new token *every time i run
> it* on the command
> line.
>
> a) why would nova not remember my token but neutron would?
> b) is this related to my problem?
> c) if you had this issue (and i have it for more than one user, and its not
> intermittent on a given instance), what would you look for?
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.openstack.org/pipermail/openstack/attachments/20141202/922ba7d4/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 13
> Date: Tue, 2 Dec 2014 18:27:06 -0600
> From: "Ryan O'Hara" <rohara at redhat.com>
> To: Rob Crittenden <rcritten at redhat.com>
> Cc: openstack at lists.openstack.org
> Subject: Re: [Openstack] SSL Configuration
> Message-ID: <20141203002706.GD32479 at redhat.com>
> Content-Type: text/plain; charset=us-ascii
>
> On Tue, Dec 02, 2014 at 01:31:39PM -0500, Rob Crittenden wrote:
> > Georgios Dimitrakakis wrote:
> > > Hi Rob!
> > >
> > > Thanks for you detailed explanation.
> > > Just a few more questions to clarify things....
> > >
> > > So if I decide to go natively is it sufficient to follow the steps on
> > > the two blog posts? Do I have to do anything more than that? I am
> > > specifically interested in EC2 which is excluded.....Can we foresee the
> > > impact on the performance and why is that?
> >
> > I haven't done much with EC2 so I can't say with any authority. You
> > might check how it is configured in devstack for some pointers.
> >
> > The presumed problem with native SSL is that due to the GIL only one
> > request can effectively be served at a time. I don't know that anyone
> > has actually tested that but at the Atlanta summit whenever I brought up
> > native SSL most everyone recoiled. Things will be different if/when all
> > services run in Apache.
> >
> > > If I decide to go with HAProxy (no hardware proxy available) do I still
> > > have to change the endpoints to httpS or changing the ports is
> > > sufficient? Do you happen to know where can I find more info regarding
> > > this?
> >
> > By my understanding, yes. If anything looks up the endpoints in Keystone
> > and they get back http endpoints then you get an in-the-clear request to
> > your proxy listening on SSL, so nothing will work. I don't know how the
> > guys with hardware handle it.
>
> This sounds about right. If you are terminating SSL in haproxy, the
> backend connection (from haproxy to the service) is still
> unencrypted. However, you can very easily tell haproxy to force HTTPS
> for any HTTP connection. In other words, if you connect to the service
> over HTTP, redirect to HTTPS.
>
> > I'd recommend toying with this in devstack to get a feel for how things
> > would work. You can add ENABLED_SERVICES+=,tls-proxy to local.conf and
> > it will set things up using stud as the proxy. You'll be able to see how
> > the endpoints get set up and what the configuration files will look like.
> >
> > The biggest pain right now with using SSL is distributing and using the
> > CA certificate. You'll be tempted to use --insecure. Avoid that
> > temptation if at all possible. Ubuntu/Fedora/RHEL/CentOS (and perhaps
> > Debian, I didn't check) all have a way of publishing the CA certificate
> > centrally. That can alleviate many of the problems on the server and
> > clients.
>
> Agreed.
>
> Ryan
>
> > rob
> >
> > >
> > >
> > > All the best,
> > >
> > >
> > > George
> > >
> > >
> > >
> > > On Tue, 02 Dec 2014 10:31:30 -0500, Rob Crittenden wrote:
> > >> Georgios Dimitrakakis wrote:
> > >>> @Robert: I don't have a load-balancer for this deployment. Just
> > >>> controller, cinder and compute nodes.
> > >>>
> > >>>
> > >>>
> > >>> What I would like to do is to secure the public endpoints for
> Keystone,
> > >>> Glance, Nova, Cinder with SSL and the EC2 API.
> > >>>
> > >>> That would be sufficient for the moment.
> > >>>
> > >>> Is it OK if I just change the respective *.conf files or should I do
> > >>> something more? Should the changes at the *.conf files be propagated
> on
> > >>> all nodes?
> > >>
> > >> It is a bit more complicated than that.
> > >>
> > >> You can either secure things natively or use a TLS proxy (hardware or
> > >> something like haproxy or stud). Native SSL is generally frowned upon
> > >> since the assumption is that performance will be terrible due to the
> > >> python GIL.
> > >>
> > >> What you do with haproxy or stud is to modify the port that the
> services
> > >> normally listen on (in devstack we simply add 1 to each of the ports)
> > >> and configure the proxy to listen on the "standard" ports for each
> > >> service.
> > >>
> > >> You also need secure endpoints defined in keystone for everything. If
> > >> you've got an existing installation you'll need to try to convert it.
> > >>
> > >> I've been toying with SSL in devstack and documented some experiments
> I
> > >> did including converting Keystone to use native SSL,
> > >> http://blog-rcritten.rhcloud.com/?p=5 and subsequently converting
> nova,
> > >> glance and cinder in the same install
> > >> http://blog-rcritten.rhcloud.com/?p=26
> > >>
> > >> This is for native SSL, which as I said is generally frowned up, but I
> > >> was just toying after all. The process should be similar for a proxy.
> > >>
> > >> rob
> > >>
> > >>>
> > >>>
> > >>> All the best,
> > >>>
> > >>> George
> > >>>
> > >>>
> > >>>
> > >>> On Tue, 2 Dec 2014 17:49:24 +0330, Muhammed Salehi wrote:
> > >>>> Hi.
> > >>>> Do you want to serve https instead http ? Or you want to encrypt all
> > >>>> of the communications between these components?
> > >>>> For the first problem the solution is : Search about how to serve
> and
> > >>>> https with apache or passenger.
> > >>>>
> > >>>> On Tue, Dec 2, 2014 at 5:22 PM, Georgios Dimitrakakis wrote:
> > >>>>
> > >>>>> Hi!
> > >>>>>
> > >>>>> Can someone point me to the right direction on how to secure
> > >>>>> publicly available services (e.g. nova,keystone,glance) with an SSL
> > >>>>> certificate?
> > >>>>>
> > >>>>> Best regards,
> > >>>>>
> > >>>>> George
> > >>>>>
> > >>>>> _______________________________________________
> > >>>>> Mailing list:
> > >>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [1]
> > >>>>> Post to : openstack at lists.openstack.org [2]
> > >>>>> Unsubscribe :
> > >>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [3]
> > >>>>
> > >>>> --
> > >>>>
> > >>>> -----BEGIN PGP PUBLIC KEY BLOCK-----
> > >>>> Version: GnuPG v1
> > >>>>
> > >>>> mQENBFRX8IoBCADCn76BbNN5m/GwP1rWaOvZMYfdm4Tv9oJehK7zAAzrHPZOaV/i
> > >>>> kdxG6LGadCGh/uTWoos441A8MKN/GufruEz1jvR+rgamD0oiTdRHTXz3Wkzcd62y
> > >>>> +U9pNLmYZyLUM1ebXXoxgmdNMGHvYLbdTIFgmxfIthKzRx9vd5WQGnsg/gFLTcdY
> > >>>> cWd5/THfkImJUHmjLAOepcewQcODijTp27xMwK354SG0BwbWroGAj5AVRqXqD6Qg
> > >>>> vO5zIgfMUsoOTMVF5WhAAf1xAjjGjEDi9EqeV1EVyO83s54gfAH/pWYV0K0RZvRw
> > >>>> h96wxZVVmCq9Ys8aU8D+hOjEvkjHZPAd3uNXABEBAAG0NFNleXllZCBNdWhhbW1l
> > >>>> ZCBTYWRlZ2ggU2FsZWhpIDxzYWxlaGkxOTk0QGdtYWlsLmNvbT6JAT4EEwECACgF
> > >>>> AlRX8IoCGwMFCQHhM4AGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEKs5CKNB
> > >>>> Z6zv/JQIALd5MnRhvAatGl/HcTYrm/S2Vsp3LgvC6R/w2uNiTm9tfSf596+2flF7
> > >>>> xgWUdROZ5O7s188oWiZRNb88XjdMMJtl0KpNpxLbYRyNPZL0klAps46Wlmy3fr8m
> > >>>> 7RdovLSy2QtmFtEAsXfYyXmLGB4PeexqYyfcXYhfP1W4kyTScBRUZ4SuFWDhBvvZ
> > >>>> 8vHHhWjiPVFvgi1cX3rwqtzp4eYFTHeH8QhKDeDk3760XVMk+jl+kvzqUzwh5V6+
> > >>>> SJs63YoiTSXyk37844NOGvYDHsupDO0R4O+YBwcZLxah/nqfTodfAnsmOA6W6oOy
> > >>>> lnVOH4IwrfcoVyjjqIlLWGws7BkPN6+5AQ0EVFfwigEIALLGTAxtT7lLuywmNTaq
> > >>>> hqpUtYsOWx7Cxjj1tVfG3bN/PbW+nKFvfyJkURYVyjn4z7GHLVCrYIr9ixhBRFcz
> > >>>> zmHuMkxMEr5u/m+H8CSsZ02V81v6+1uM2NvPxCYCUqDxEbcPrs8XrmPZGINY2Fya
> > >>>> XLpljTh06s1vdBAk32Wxy2Vz6Ii6pQD5WDgrdgDOgpTTlPdIxg9eq6yZi+GMJj/4
> > >>>> 28Rt6HJhGaqGXN0bCPQ78tQygcY4EDQwpkToWxLCizsj1+9XFwwjnOQON/FNsAT7
> > >>>> g+XsVQJKfGmRe2QuRJ9oqSK6pi16O7VXg6bAw1dLsEmNoSto1ofy7DVTqqSlEG2o
> > >>>> N0MAEQEAAYkBJQQYAQIADwUCVFfwigIbDAUJAeEzgAAKCRCrOQijQWes7xemB/92
> > >>>> 1PRHt24/hfCKR86aCnZk8bzNP+HDeewHXmFLEk9Hk7k2kuo6zVLjPnMA4M9rgOwh
> > >>>> W5EYhyVpNWKnzzhMwyCGz0J7doK2HYRXJKez1RErLW4GPLzM+4sfY5pWBAjDY62e
> > >>>> 1Tz1ay+fS3CLh4zCCZYqraHKa6PJYYp9Bz3NRj3xkFtkcLspNq4DkiEBPJVLIPko
> > >>>> OkVOpBuNpj1YDSZZXwM8HzDMvJc1qgAVxWk56BjePrx8SHfDah1UQqZst4dWeepJ
> > >>>> 0E2xj4H+WMrIW/3btSTVdlr4zPFwGQ9qE2CcbDJJhH68U9eve3njEPDFiu1TS/f5
> > >>>> Tt1scwgVintCWdVX9BS2
> > >>>> =cxjk
> > >>>> -----END PGP PUBLIC KEY BLOCK-----
> > >>>>
> > >>>>
> > >>>> Links:
> > >>>> ------
> > >>>> [1] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > >>>> [2] mailto:openstack at lists.openstack.org
> > >>>> [3] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > >>>> [4] mailto:giorgis at acmac.uoc.gr
> > >>>
> > >>>
> > >>> _______________________________________________
> > >>> Mailing list:
> > >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > >>> Post to : openstack at lists.openstack.org
> > >>> Unsubscribe :
> > >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > >
> > > --
> >
> >
> > _______________________________________________
> > Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > Post to : openstack at lists.openstack.org
> > Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
>
> ------------------------------
>
> Message: 14
> Date: Wed, 3 Dec 2014 08:02:23 +0530
> From: Abhijeet Rastogi <abhijeet.1989 at gmail.com>
> To: "openstack at lists.openstack.org" <openstack at lists.openstack.org>
> Subject: [Openstack] Flat provider_network with vlan tagged interface
> or vlan provider_network with untagged interface
> Message-ID:
> <
> CACXxYfx8mjwyGvMEGYo1YNqtKnEnL1HurZ-pKbk_0Xov0haJmQ at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hi everyone,
>
> This is a very basic doubt and I'm trying to understand this
> fundamental thing about creating networks in neutron. My ultimate goal
> is to have all instances contain just one interface and a public IP on
> them. Now, this public IP can only exist in a specific VLAN, lets say,
> they'll only exist on eth0.123 (the is a vlan tagged interface on the
> host and I can directly bind public IPs to them and they work
> perfectly). I'm using linux bridge + ML2 as the plugin for neutron.
>
> So, the ultimate goal will be something like:
>
> [root at compute1 ~]# brctl show
> bridge name bridge id STP enabled interfaces
> brq732eb7f9-16 8000.002590c6438e no eth0.123
>
> tap81474f06-29
>
>
> Now, with my limited knowledge, there are 2 ways of doing this:-
>
> 1. Create the vlan tagged interface manually and then setup "flat"
> provider networking with physical_interface_mappings set with
> eth0.123.
> 2. Use a "vlan" provider network and mention "123" as the vlan id in that.
>
> I observed that, both of these approaches eventually create the same
> kind of bridge configuration. Can anyone explain what's going on and
> when to use what? I'm sure I'm missing a key concept and I'll be glad
> if someone can clear that for me.
>
>
> --
> Cheers,
> Abhijeet Rastogi (shadyabhi)
>
>
>
> ------------------------------
>
> Message: 15
> Date: Tue, 02 Dec 2014 18:55:13 -0800
> From: Stefano Maffulli <stefano at openstack.org>
> To: openstack at lists.openstack.org
> Subject: Re: [Openstack] Poll: What are the top 3 topics for new
> OpenStack users and developers?
> Message-ID: <547E7B91.9090903 at openstack.org>
> Content-Type: text/plain; charset=UTF-8
>
> On 12/02/2014 12:56 AM, Venu Murthy wrote:
> > Great Initiative Mark,
> >
> > In the beginning of my openstack journey, being able to ssh/connect to
> > the VMs/Instances was the greatest challenge. After having spent several
> > months to debug such issues, I've posted one of the solutions here.
> >
> http://thenewstack.io/solving-a-common-beginners-problem-when-pinging-from-an-openstack-instance/
>
> Indeed, networking issues in guests are quite common by looking at the
> frequency of questions asked on https://ask.openstack.org.
>
> You can browse the most popular tags as a proxy of interesting topics:
>
> http://activity.openstack.org/dash/browser/qaforums-tags.html?page=2
>
> Venu: nice tutorial you have written. Have you considered adding it as
> an answer on Ask OpenStack?
>
> For example, a quite generic question like the one below would benefit
> from a detailed step by step tutorial like yours:
>
>
> https://ask.openstack.org/en/question/9183/cannot-login-ping-or-ssh-to-cirros-test-image/
>
> > http://www.venumurthy.com/2014/07/openstack-dashboard-horizon-error.html
>
> same here :) The advantage of Ask OpenStack is that its pages show up
> quite high on search engines.
>
> Thanks,
> Stef
>
>
>
> ------------------------------
>
> Message: 16
> Date: Tue, 2 Dec 2014 20:03:07 -0800
> From: Kevin Benton <blak111 at gmail.com>
> To: Abhijeet Rastogi <abhijeet.1989 at gmail.com>
> Cc: "openstack at lists.openstack.org" <openstack at lists.openstack.org>
> Subject: Re: [Openstack] Flat provider_network with vlan tagged
> interface or vlan provider_network with untagged interface
> Message-ID:
> <CAO_F6JNG0pGE7+-XNQ=pXjDGbq8_Lf7o=
> BcidT676ALNRyBBcA at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Setting up the interfaces manually and using a flat network doesn't scale
> well when you want to do it hundreds of times. Using ML2+linuxbridge will
> do the same thing in an automated fashion.
>
> On Tue, Dec 2, 2014 at 6:32 PM, Abhijeet Rastogi <abhijeet.1989 at gmail.com>
> wrote:
>
> > Hi everyone,
> >
> > This is a very basic doubt and I'm trying to understand this
> > fundamental thing about creating networks in neutron. My ultimate goal
> > is to have all instances contain just one interface and a public IP on
> > them. Now, this public IP can only exist in a specific VLAN, lets say,
> > they'll only exist on eth0.123 (the is a vlan tagged interface on the
> > host and I can directly bind public IPs to them and they work
> > perfectly). I'm using linux bridge + ML2 as the plugin for neutron.
> >
> > So, the ultimate goal will be something like:
> >
> > [root at compute1 ~]# brctl show
> > bridge name bridge id STP enabled interfaces
> > brq732eb7f9-16 8000.002590c6438e no eth0.123
> >
> > tap81474f06-29
> >
> >
> > Now, with my limited knowledge, there are 2 ways of doing this:-
> >
> > 1. Create the vlan tagged interface manually and then setup "flat"
> > provider networking with physical_interface_mappings set with
> > eth0.123.
> > 2. Use a "vlan" provider network and mention "123" as the vlan id in
> that.
> >
> > I observed that, both of these approaches eventually create the same
> > kind of bridge configuration. Can anyone explain what's going on and
> > when to use what? I'm sure I'm missing a key concept and I'll be glad
> > if someone can clear that for me.
> >
> >
> > --
> > Cheers,
> > Abhijeet Rastogi (shadyabhi)
> >
> > _______________________________________________
> > Mailing list:
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > Post to : openstack at lists.openstack.org
> > Unsubscribe :
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >
>
>
>
> --
> Kevin Benton
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.openstack.org/pipermail/openstack/attachments/20141202/17ce7445/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 17
> Date: Wed, 3 Dec 2014 09:40:36 +0530
> From: Abhijeet Rastogi <abhijeet.1989 at gmail.com>
> To: Kevin Benton <blak111 at gmail.com>
> Cc: "openstack at lists.openstack.org" <openstack at lists.openstack.org>
> Subject: Re: [Openstack] Flat provider_network with vlan tagged
> interface or vlan provider_network with untagged interface
> Message-ID:
> <
> CACXxYfxn+pTTL_jsRf+WRFrmCLziE-4ofGS7-ximomzXvOf4bg at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hey Kevin,
>
> Thanks for clearing that out. So, I essentially achieve the same
> thing. To summarize, if provider networks need vlan, it mostly makes
> sense to just use vlan and ditch trying to setup "flat" provider
> network.
>
> On Wed, Dec 3, 2014 at 9:33 AM, Kevin Benton <blak111 at gmail.com> wrote:
> > Setting up the interfaces manually and using a flat network doesn't scale
> > well when you want to do it hundreds of times. Using ML2+linuxbridge
> will do
> > the same thing in an automated fashion.
> >
> > On Tue, Dec 2, 2014 at 6:32 PM, Abhijeet Rastogi <
> abhijeet.1989 at gmail.com>
> > wrote:
> >>
> >> Hi everyone,
> >>
> >> This is a very basic doubt and I'm trying to understand this
> >> fundamental thing about creating networks in neutron. My ultimate goal
> >> is to have all instances contain just one interface and a public IP on
> >> them. Now, this public IP can only exist in a specific VLAN, lets say,
> >> they'll only exist on eth0.123 (the is a vlan tagged interface on the
> >> host and I can directly bind public IPs to them and they work
> >> perfectly). I'm using linux bridge + ML2 as the plugin for neutron.
> >>
> >> So, the ultimate goal will be something like:
> >>
> >> [root at compute1 ~]# brctl show
> >> bridge name bridge id STP enabled interfaces
> >> brq732eb7f9-16 8000.002590c6438e no eth0.123
> >>
> >> tap81474f06-29
> >>
> >>
> >> Now, with my limited knowledge, there are 2 ways of doing this:-
> >>
> >> 1. Create the vlan tagged interface manually and then setup "flat"
> >> provider networking with physical_interface_mappings set with
> >> eth0.123.
> >> 2. Use a "vlan" provider network and mention "123" as the vlan id in
> that.
> >>
> >> I observed that, both of these approaches eventually create the same
> >> kind of bridge configuration. Can anyone explain what's going on and
> >> when to use what? I'm sure I'm missing a key concept and I'll be glad
> >> if someone can clear that for me.
> >>
> >>
> >> --
> >> Cheers,
> >> Abhijeet Rastogi (shadyabhi)
> >>
> >> _______________________________________________
> >> Mailing list:
> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >> Post to : openstack at lists.openstack.org
> >> Unsubscribe :
> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >
> >
> >
> >
> > --
> > Kevin Benton
>
>
>
> --
> Cheers,
> Abhijeet Rastogi (shadyabhi)
>
>
>
> ------------------------------
>
> Message: 18
> Date: Wed, 3 Dec 2014 13:48:48 +0800
> From: Du Jun <dj199008 at gmail.com>
> To: "openstack at lists.openstack.org" <openstack at lists.openstack.org>
> Subject: [Openstack] nova compute service fail to start due to
> "Connection to the hypervisor is broken on host"
> Message-ID:
> <CABvddo7Lx747Vr95nUNMX4i=
> MFj+9QX6N5crSg0i5BJv6UQ1KA at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi all,
>
> I install devstack in ubuntu12.04 and upgrade libvirt 0.9.8 to 1.2.2. The
> libvirt version in my linux box is:
>
> dujun at dujun-OptiPlex-3020:~/devstack$ virsh -v
> 1.2.2
>
> And the error message in nova-cpu.log is such like that:
>
> 2014-12-03 11:00:13.007 ERROR nova.openstack.common.threadgroup [-]
> Connection to the hypervisor is broken on host: dujun-OptiPlex-3020
> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup Traceback
> (most recent call last):
> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> "/opt/stack/nova/nova/openstack/common/threadgroup.py", line 145, in wait
> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup
> x.wait()
> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> "/opt/stack/nova/nova/openstack/common/threadgroup.py", line 47, in wait
> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup return
> self.thread.wait()
> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> "/usr/local/lib/python2.7/dist-packages/eventlet/greenthread.py", line 173,
> in wait
> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup return
> self._exit_event.wait()
> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> "/usr/local/lib/python2.7/dist-packages/eventlet/event.py", line 121, in
> wait
> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup return
> hubs.get_hub().switch()
> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> "/usr/local/lib/python2.7/dist-packages/eventlet/hubs/hub.py", line 293, in
> switch
> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup return
> self.greenlet.switch()
> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> "/usr/local/lib/python2.7/dist-packages/eventlet/greenthread.py", line 212,
> in main
> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup result
> = function(*args, **kwargs)
> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> "/opt/stack/nova/nova/openstack/common/service.py", line 492, in
> run_service
> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup
> service.start()
> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> "/opt/stack/nova/nova/service.py", line 164, in start
> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup
> self.manager.init_host()
> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> "/opt/stack/nova/nova/compute/manager.py", line 1124, in init_host
> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup
> self.driver.init_host(host=self.host)
> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> "/opt/stack/nova/nova/virt/libvirt/driver.py", line 507, in init_host
> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup
> self._do_quality_warnings()
> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> "/opt/stack/nova/nova/virt/libvirt/driver.py", line 486, in
> _do_quality_warnings
> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup caps =
> self._get_host_capabilities()
> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> "/opt/stack/nova/nova/virt/libvirt/driver.py", line 2991, in
> _get_host_capabilities
> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup xmlstr
> = self._conn.getCapabilities()
> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> "/opt/stack/nova/nova/virt/libvirt/driver.py", line 543, in _get_connection
> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup raise
> exception.HypervisorUnavailable(host=CONF.host)
> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup
> HypervisorUnavailable: Connection to the hypervisor is broken on host:
> dujun-OptiPlex-3020
>
> I wonder why nova can't find the libvirt hypervisor since I have added
>
> compute_driver = libvirt.LibvirtDriver
>
> in /etc/nova/nova.conf.
>
> --
> Regards,
> Frank
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.openstack.org/pipermail/openstack/attachments/20141203/e7538280/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 19
> Date: Wed, 3 Dec 2014 13:50:03 +0800
> From: Du Jun <dj199008 at gmail.com>
> To: "openstack at lists.openstack.org" <openstack at lists.openstack.org>
> Subject: Re: [Openstack] nova compute service fail to start due to
> "Connection to the hypervisor is broken on host"
> Message-ID:
> <CABvddo4S4Hehr0E=
> R9-s_ZNhOL5395EfLFFTZiC+M70Zuid3iw at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> dujun at dujun-OptiPlex-3020:~$ nova hypervisor-list
> +----+---------------------+-------+--------+
> | ID | Hypervisor hostname | State | Status |
> +----+---------------------+-------+--------+
> +----+---------------------+-------+--------+
> dujun at dujun-OptiPlex-3020:~$ nova service-list
>
> +----+------------------+---------------------+----------+---------+-------+----------------------------+-----------------+
> | Id | Binary | Host | Zone | Status | State
> | Updated_at | Disabled Reason |
>
> +----+------------------+---------------------+----------+---------+-------+----------------------------+-----------------+
> | 1 | nova-conductor | dujun-OptiPlex-3020 | internal | enabled | up
> | 2014-12-03T03:09:32.000000 | - |
> | 2 | nova-cert | dujun-OptiPlex-3020 | internal | enabled | up
> | 2014-12-03T03:09:35.000000 | - |
> | 3 | nova-network | dujun-OptiPlex-3020 | internal | enabled | up
> | 2014-12-03T03:09:38.000000 | - |
> | 4 | nova-scheduler | dujun-OptiPlex-3020 | internal | enabled | up
> | 2014-12-03T03:09:41.000000 | - |
> | 5 | nova-consoleauth | dujun-OptiPlex-3020 | internal | enabled | up
> | 2014-12-03T03:09:40.000000 | - |
>
> +----+------------------+---------------------+----------+---------+-------+----------------------------+-----------------+
>
>
> 2014-12-03 13:48 GMT+08:00 Du Jun <dj199008 at gmail.com>:
>
> > Hi all,
> >
> > I install devstack in ubuntu12.04 and upgrade libvirt 0.9.8 to 1.2.2. The
> > libvirt version in my linux box is:
> >
> > dujun at dujun-OptiPlex-3020:~/devstack$ virsh -v
> > 1.2.2
> >
> > And the error message in nova-cpu.log is such like that:
> >
> > 2014-12-03 11:00:13.007 ERROR nova.openstack.common.threadgroup [-]
> > Connection to the hypervisor is broken on host: dujun-OptiPlex-3020
> > 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup Traceback
> > (most recent call last):
> > 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> > "/opt/stack/nova/nova/openstack/common/threadgroup.py", line 145, in wait
> > 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup
> > x.wait()
> > 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> > "/opt/stack/nova/nova/openstack/common/threadgroup.py", line 47, in wait
> > 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup
> return
> > self.thread.wait()
> > 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> > "/usr/local/lib/python2.7/dist-packages/eventlet/greenthread.py", line
> 173,
> > in wait
> > 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup
> return
> > self._exit_event.wait()
> > 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> > "/usr/local/lib/python2.7/dist-packages/eventlet/event.py", line 121, in
> > wait
> > 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup
> return
> > hubs.get_hub().switch()
> > 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> > "/usr/local/lib/python2.7/dist-packages/eventlet/hubs/hub.py", line 293,
> in
> > switch
> > 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup
> return
> > self.greenlet.switch()
> > 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> > "/usr/local/lib/python2.7/dist-packages/eventlet/greenthread.py", line
> 212,
> > in main
> > 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup
> result
> > = function(*args, **kwargs)
> > 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> > "/opt/stack/nova/nova/openstack/common/service.py", line 492, in
> run_service
> > 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup
> > service.start()
> > 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> > "/opt/stack/nova/nova/service.py", line 164, in start
> > 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup
> > self.manager.init_host()
> > 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> > "/opt/stack/nova/nova/compute/manager.py", line 1124, in init_host
> > 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup
> > self.driver.init_host(host=self.host)
> > 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> > "/opt/stack/nova/nova/virt/libvirt/driver.py", line 507, in init_host
> > 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup
> > self._do_quality_warnings()
> > 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> > "/opt/stack/nova/nova/virt/libvirt/driver.py", line 486, in
> > _do_quality_warnings
> > 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup caps
> =
> > self._get_host_capabilities()
> > 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> > "/opt/stack/nova/nova/virt/libvirt/driver.py", line 2991, in
> > _get_host_capabilities
> > 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup
> xmlstr
> > = self._conn.getCapabilities()
> > 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> > "/opt/stack/nova/nova/virt/libvirt/driver.py", line 543, in
> _get_connection
> > 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup raise
> > exception.HypervisorUnavailable(host=CONF.host)
> > 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup
> > HypervisorUnavailable: Connection to the hypervisor is broken on host:
> > dujun-OptiPlex-3020
> >
> > I wonder why nova can't find the libvirt hypervisor since I have added
> >
> > compute_driver = libvirt.LibvirtDriver
> >
> > in /etc/nova/nova.conf.
> >
> > --
> > Regards,
> > Frank
> >
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.openstack.org/pipermail/openstack/attachments/20141203/98f0ef78/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 20
> Date: Wed, 3 Dec 2014 06:42:31 +0000
> From: Chinasubbareddy M <chinasubbareddy_m at persistent.com>
> To: "openstack at lists.openstack.org" <openstack at lists.openstack.org>
> Subject: [Openstack] [openstack][icehouse][monitoring]-open source
> monitoring tools
> Message-ID:
> <
> SINPR04MB347CD40DD9B440619F0F4FFE67B0 at SINPR04MB347.apcprd04.prod.outlook.com
> >
>
> Content-Type: text/plain; charset="us-ascii"
>
> Hi ,
>
> We would like to enable monitoring for 15 node openstack production setup,
> want suggestions up on following open source monitoring tools. Please
> suggest,
>
>
> 1. Nagios and Cacti
>
> 2. AppDynamics
>
> 3. Zabbix and graphite
>
> 4. Ganglia
>
> It would be really helpful if you can suggest any other monitoring tools
> for openstack setup.
>
> Regards,
> Subbareddy,
> Persistent systems ltd.
>
> DISCLAIMER
> ==========
> This e-mail may contain privileged and confidential information which is
> the property of Persistent Systems Ltd. It is intended only for the use of
> the individual or entity to which it is addressed. If you are not the
> intended recipient, you are not authorized to read, retain, copy, print,
> distribute or use this message. If you have received this communication in
> error, please notify the sender and delete all copies of this message.
> Persistent Systems Ltd. does not accept any liability for virus infected
> mails.
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.openstack.org/pipermail/openstack/attachments/20141203/d0a41ee0/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 21
> Date: Wed, 3 Dec 2014 15:43:32 +0800
> From: Du Jun <dj199008 at gmail.com>
> To: "openstack at lists.openstack.org" <openstack at lists.openstack.org>
> Subject: Re: [Openstack] nova compute service fail to start due to
> "Connection to the hypervisor is broken on host"
> Message-ID:
> <
> CABvddo5K6OyGFmvo8csj4HukLvCTXg+9EeML7woBpMqNMiJDow at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Look at the log of libvirt or type the following command:
>
> virsh -c qemu:///system list
>
> Will get the error message:
>
> ERROR?authentication failed: polkit:
> polkit\56retains_authorization_after_challenge=1
> Authorization requires authentication but no agent is available.
>
> That's an issue of libvirt configuration.
>
> [SOLVED]
>
> uncomment
>
> auth_unix_rw = "none"
>
> in /etc/libvirt/libvirtd.conf and restart libvirt-bin.
>
> Hope this can be useful for those we have the same problem.
>
>
>
>
> 2014-12-03 13:50 GMT+08:00 Du Jun <dj199008 at gmail.com>:
>
> > dujun at dujun-OptiPlex-3020:~$ nova hypervisor-list
> > +----+---------------------+-------+--------+
> > | ID | Hypervisor hostname | State | Status |
> > +----+---------------------+-------+--------+
> > +----+---------------------+-------+--------+
> > dujun at dujun-OptiPlex-3020:~$ nova service-list
> >
> >
> +----+------------------+---------------------+----------+---------+-------+----------------------------+-----------------+
> > | Id | Binary | Host | Zone | Status |
> State
> > | Updated_at | Disabled Reason |
> >
> >
> +----+------------------+---------------------+----------+---------+-------+----------------------------+-----------------+
> > | 1 | nova-conductor | dujun-OptiPlex-3020 | internal | enabled | up
> > | 2014-12-03T03:09:32.000000 | - |
> > | 2 | nova-cert | dujun-OptiPlex-3020 | internal | enabled | up
> > | 2014-12-03T03:09:35.000000 | - |
> > | 3 | nova-network | dujun-OptiPlex-3020 | internal | enabled | up
> > | 2014-12-03T03:09:38.000000 | - |
> > | 4 | nova-scheduler | dujun-OptiPlex-3020 | internal | enabled | up
> > | 2014-12-03T03:09:41.000000 | - |
> > | 5 | nova-consoleauth | dujun-OptiPlex-3020 | internal | enabled | up
> > | 2014-12-03T03:09:40.000000 | - |
> >
> >
> +----+------------------+---------------------+----------+---------+-------+----------------------------+-----------------+
> >
> >
> > 2014-12-03 13:48 GMT+08:00 Du Jun <dj199008 at gmail.com>:
> >
> >> Hi all,
> >>
> >> I install devstack in ubuntu12.04 and upgrade libvirt 0.9.8 to 1.2.2.
> The
> >> libvirt version in my linux box is:
> >>
> >> dujun at dujun-OptiPlex-3020:~/devstack$ virsh -v
> >> 1.2.2
> >>
> >> And the error message in nova-cpu.log is such like that:
> >>
> >> 2014-12-03 11:00:13.007 ERROR nova.openstack.common.threadgroup [-]
> >> Connection to the hypervisor is broken on host: dujun-OptiPlex-3020
> >> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup
> Traceback
> >> (most recent call last):
> >> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> >> "/opt/stack/nova/nova/openstack/common/threadgroup.py", line 145, in
> wait
> >> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup
> >> x.wait()
> >> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> >> "/opt/stack/nova/nova/openstack/common/threadgroup.py", line 47, in wait
> >> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup
> >> return self.thread.wait()
> >> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> >> "/usr/local/lib/python2.7/dist-packages/eventlet/greenthread.py", line
> 173,
> >> in wait
> >> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup
> >> return self._exit_event.wait()
> >> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> >> "/usr/local/lib/python2.7/dist-packages/eventlet/event.py", line 121, in
> >> wait
> >> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup
> >> return hubs.get_hub().switch()
> >> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> >> "/usr/local/lib/python2.7/dist-packages/eventlet/hubs/hub.py", line
> 293, in
> >> switch
> >> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup
> >> return self.greenlet.switch()
> >> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> >> "/usr/local/lib/python2.7/dist-packages/eventlet/greenthread.py", line
> 212,
> >> in main
> >> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup
> >> result = function(*args, **kwargs)
> >> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> >> "/opt/stack/nova/nova/openstack/common/service.py", line 492, in
> run_service
> >> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup
> >> service.start()
> >> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> >> "/opt/stack/nova/nova/service.py", line 164, in start
> >> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup
> >> self.manager.init_host()
> >> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> >> "/opt/stack/nova/nova/compute/manager.py", line 1124, in init_host
> >> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup
> >> self.driver.init_host(host=self.host)
> >> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> >> "/opt/stack/nova/nova/virt/libvirt/driver.py", line 507, in init_host
> >> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup
> >> self._do_quality_warnings()
> >> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> >> "/opt/stack/nova/nova/virt/libvirt/driver.py", line 486, in
> >> _do_quality_warnings
> >> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup caps
> >> = self._get_host_capabilities()
> >> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> >> "/opt/stack/nova/nova/virt/libvirt/driver.py", line 2991, in
> >> _get_host_capabilities
> >> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup
> >> xmlstr = self._conn.getCapabilities()
> >> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup File
> >> "/opt/stack/nova/nova/virt/libvirt/driver.py", line 543, in
> _get_connection
> >> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup
> raise
> >> exception.HypervisorUnavailable(host=CONF.host)
> >> 2014-12-03 11:00:13.007 TRACE nova.openstack.common.threadgroup
> >> HypervisorUnavailable: Connection to the hypervisor is broken on host:
> >> dujun-OptiPlex-3020
> >>
> >> I wonder why nova can't find the libvirt hypervisor since I have added
> >>
> >> compute_driver = libvirt.LibvirtDriver
> >>
> >> in /etc/nova/nova.conf.
> >>
> >> --
> >> Regards,
> >> Frank
> >>
> >>
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.openstack.org/pipermail/openstack/attachments/20141203/87601387/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 22
> Date: Wed, 3 Dec 2014 15:43:56 +0800
> From: "Rao Dingyuan" <raodingyuan at chinacloud.com.cn>
> To: <openstack at lists.openstack.org>
> Subject: [Openstack] [Ceilometer] looking for alarm best practice -
> please help
> Message-ID: <153501d00ecc$e4da1880$ae8e4980$@chinacloud.com.cn>
> Content-Type: text/plain; charset="us-ascii"
>
> Hi folks,
>
>
>
> I wonder if anyone could share some best practice regarding to the usage of
> ceilometer alarm. We are using the alarm evaluation/notification of
> ceilometer and we don't feel very well of the way we use it. Below is our
> problem:
>
>
>
> ============================
>
> Scenario:
>
> When cpu usage or memory usage above a certain threshold, alerts should be
> displayed on admin's web page. There should be a 3 level alerts according
> to
> meter value, namely notice, warning, fatal. Notice means the meter value is
> between 50% ~ 70%, warning means between 70% ~ 85% and fatal means above
> 85%
>
> For example:
>
> * when one vm's cpu usage is 72%, an alert message should be displayed
> saying "Warning: vm[d9b7018b-06c4-4fba-8221-37f67f6c6b8c] cpu usage is
> above
> 70%".
>
> * when one vm's memory usage is 90%, another alert message should be
> created
> saying "Fatal: vm[d9b7018b-06c4-4fba-8221-37f67f6c6b8c] memory usage is
> above 85%"
>
>
>
> Our current Solution:
>
> We used ceilometer alarm evaluation/notification to implement this. To
> distinguish which VM and which meter is above what value, we've created one
> alarm for each VM by each condition. So, to monitor 1 VM, 6 alarms will be
> created because there are 2 meters and for each meter there are 3 levels.
> That means, if there are 100 VMs to be monitored, 600 alarms will be
> created.
>
>
>
> Problems:
>
> * The first problem is, when the number of meters increases, the number of
> alarms will be multiplied. For example, customer may want alerts on disk
> and
> network IO rates, and if we do that, there will be 4*3=12 alarms for each
> VM.
>
> * The second problem is, when one VM is created, multiple alarms will be
> created, meaning multiple http requests will be fired. In the case above, 6
> HTTP requests will be needed once a VM is created. And this number also
> increases as the number of meters goes up.
>
> =============================
>
>
>
> Do anyone have any suggestions?
>
>
>
>
>
>
>
> Best Regards!
>
> Kurt Rao
>
> _____
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.openstack.org/pipermail/openstack/attachments/20141203/cd81abdd/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 23
> Date: Wed, 3 Dec 2014 13:25:03 +0530
> From: Venu Murthy <venu.murthy at thoughtworks.com>
> To: Chinasubbareddy M <chinasubbareddy_m at persistent.com>
> Cc: "openstack at lists.openstack.org" <openstack at lists.openstack.org>
> Subject: Re: [Openstack] [openstack][icehouse][monitoring]-open source
> monitoring tools
> Message-ID:
> <CAA52WSd8uwbM5KO7C6hm2=-
> 1N0NdmrhwM2p+Qx1uuzEVcWjJ_A at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> While we wait for the experts to reply on the above, I wonder if Ceilometer
> at this point in time can monitor?
>
>
> Best regards,
> Venu
>
> [image: ThoughtWorks] <http://www.thoughtworks.com/>
> ---
> *?Excellence is never an accident. It is always the result of high
> intention, sincere effort, and intelligent execution.... ? Aristotle*
>
>
> On Wed, Dec 3, 2014 at 12:12 PM, Chinasubbareddy M <
> chinasubbareddy_m at persistent.com> wrote:
>
> > Hi ,
> >
> >
> >
> > We would like to enable monitoring for 15 node openstack production
> setup,
> > want suggestions up on following open source monitoring tools. Please
> > suggest,
> >
> >
> >
> > 1. Nagios and Cacti
> >
> > 2. AppDynamics
> >
> > 3. Zabbix and graphite
> >
> > 4. Ganglia
> >
> >
> >
> > It would be really helpful if you can suggest any other monitoring tools
> > for openstack setup.
> >
> >
> >
> > Regards,
> >
> > Subbareddy,
> >
> > Persistent systems ltd.
> >
> > DISCLAIMER ========== This e-mail may contain privileged and confidential
> > information which is the property of Persistent Systems Ltd. It is
> intended
> > only for the use of the individual or entity to which it is addressed. If
> > you are not the intended recipient, you are not authorized to read,
> retain,
> > copy, print, distribute or use this message. If you have received this
> > communication in error, please notify the sender and delete all copies of
> > this message. Persistent Systems Ltd. does not accept any liability for
> > virus infected mails.
> >
> > _______________________________________________
> > Mailing list:
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > Post to : openstack at lists.openstack.org
> > Unsubscribe :
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.openstack.org/pipermail/openstack/attachments/20141203/bd48a223/attachment-0001.html
> >
>
> ------------------------------
>
> _______________________________________________
> Openstack mailing list
> openstack at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
> End of Openstack Digest, Vol 18, Issue 3
> ****************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20141203/ae55858c/attachment.html>
More information about the Openstack
mailing list
