Re: [Openstack] error while restarting glance-api

[Arindam Choudhury]

Hi,

It resolved.

The command needed to be issued is:

service openstack-glance-api restart

Date: Tue, 2 Apr 2013 18:52:22 +0200
From: cazzaniga.san...@gmail.com
To: openstack@lists.launchpad.net
Subject: Re: [Openstack] error while restarting glance-api

Le 02/04/2013 18:48, Arindam Choudhury a écrit :
> Hi,
> I am installing openstack folsom in fedora 18. I am following the online
> documentation.
> 
> While configuring  glance, i am having this problem:
> 
> #service glance-api restart
> Redirecting to /bin/systemctl restart  glance-api.service
> Failed to issue method call: Unit glance-api.service failed to load: No
> such file or directory. See system logs and 'systemctl status
> glance-api.service' for details.
> # systemctl status glance-api.service
> glance-api.service
>   Loaded: error (Reason: No such file or directory)
>   Active: inactive (dead)
> 
> How to resolve this issue? Any help will be highly appreciated.
> 
> 
 
Hi,
 
Did you have a look at journalctl to see what happened?
 
 
-- 
Sandro Cazzaniga
Jabber: kha...@jabber.fr
Twitter: @Kharec
 

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp   
  ___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Security concern with vncserver_listen 0.0.0.0 and multi_host

[Sam Stoelinga]

Hi,

We are using folsom with nova-networking multi_host=True, which means that
every host has direct access to the internet. In our environment that also
meant that every host had it's own public ip(office ip).

We set it to 0.0.0.0 because we needed to support live-migration and
changed to multi_host later so the config was still there.

Related documentation:
http://docs.openstack.org/trunk/openstack-compute/admin/content/important-nova-compute-options.html

But this is a big security problem, because it will make the instances
accessible to everybody who can reach an compute node.

We solved it by running nova-novncproxy on every compute node and setting
the vncserver_listen to 127.0.0.1. How did other people solve this problem?
Is this ok? Didn't see any documentation about this.

I think this problem is an obvious problem that people should notice
themself, but we were just switching to multi_host mode so overlooked this
small configuration.

To prevent this happening to somebody else we could do the following:
1. In the documentation explicitly tell the user that when you enable
multi_host that you can't use vncserver_listen=0.0.0.0
2. Do some sanity checks on nova.conf options, if we notice that
vncserver_listen: 0.0.0.0 and multi_host true, we don't allow starting the
nova-compute service and give a clear error message saying that it's stupid
to do something like that and what the user should do instead.

Regards,
Sam Stoelinga
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Security concern with vncserver_listen 0.0.0.0 and multi_host

[Mac Innes, Kiall]

On 03/04/13 11:03, Sam Stoelinga wrote:
> To prevent this happening to somebody else we could do the following:
> 1. In the documentation explicitly tell the user that when you enable
> multi_host that you can't use vncserver_listen=0.0.0.0
> 2. Do some sanity checks on nova.conf options, if we notice that
> vncserver_listen: 0.0.0.0 and multi_host true, we don't allow starting
> the nova-compute service and give a clear error message saying that it's
> stupid to do something like that and what the user should do instead.

I'm probably missing something here, but would a simple firewall not work?

#2 seems drastic to me, and #1 could be amended to mention the need for 
a firewall instead..

Kiall Mac Innes
HP Cloud Services - DNSaaS

Mobile:   +353 86 345 9333
Landline: +353 1 524 2177
GPG:  E9498407

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] CY13-Q1 Community Analysis — OpenStack vs OpenNebula vs Eucalyptus vs CloudStack

[Thierry Carrez]

Qingye Jiang (John) wrote:
> I saw Jay's suggestion on removing review.openstack.org from the git domain 
> analysis. Can you shed some light on how this system works? Is this system 
> shadowing more real code contributors?

"Merge commits" are created in git history when branches are merged.
They appear as having two parent commits. In OpenStack, our Gerrit
review system automatically creates them when merging into master, so
jenk...@review.openstack.org appears as the author of all of them.

Other projects include those as well (see
https://github.com/apache/incubator-cloudstack/commit/987604216728aa42756c55290495ad55b7449cf3
or
https://github.com/eucalyptus/eucalyptus/commit/df0432f2c5319b1e41122755b701ddab9b802852),
but they appear under the name of the person who manually pushed them.

So I would just go with Jay's suggestion and exclude the
review.openstack.org domain from the domain analysis.

-- 
Thierry Carrez (ttx)
Release Manager, OpenStack

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] CY13-Q1 Community Analysis — OpenStack vs OpenNebula vs Eucalyptus vs CloudStack

[Daniel P. Berrange]

On Wed, Apr 03, 2013 at 12:15:21PM +0200, Thierry Carrez wrote:
> Qingye Jiang (John) wrote:
> > I saw Jay's suggestion on removing review.openstack.org from the git domain 
> > analysis. Can you shed some light on how this system works? Is this system 
> > shadowing more real code contributors?
> 
> "Merge commits" are created in git history when branches are merged.
> They appear as having two parent commits. In OpenStack, our Gerrit
> review system automatically creates them when merging into master, so
> jenk...@review.openstack.org appears as the author of all of them.

NB you don't need to exclude based on author name. You can simply ask
git for the history, without merges using 'git log --no-merges'

Regards,
Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] error when trying to start glance api

[Arindam Choudhury]

Hi,

I am trying to install openstack folsom on fedora 18 using openstack install 
guide.

i changed the /etc/glance/glance-api.conf as mentioned.

Then I did:

systemctl enable /usr/lib/systemd/system/openstack-glance-api.service

and when I try to start the service:

service openstack-glance-api status
Redirecting to /bin/systemctl status  openstack-glance-api.service
openstack-glance-api.service - OpenStack Image Service (code-named Glance) API 
server
  Loaded: loaded (/usr/lib/systemd/system/openstack-glance-api.service; 
enabled)
  Active: failed (Result: exit-code) since Wed 2013-04-03 12:00:57 CEST; 4s 
ago
 Process: 2121 ExecStart=/usr/bin/glance-api --config-file 
/etc/glance/glance-api.conf (code=exited, status=1/FAILURE)

Apr 03 12:00:57 aopcach.uab.es systemd[1]: Started OpenStack Image Service 
(code-named Glance) API server.
Apr 03 12:00:57 aopcach.uab.es glance-api[2121]: No handlers could be found for 
logger "glance"
Apr 03 12:00:57 aopcach.uab.es systemd[1]: openstack-glance-api.service: main 
process exited, code=exited, status=1/FAILURE
Apr 03 12:00:57 aopcach.uab.es systemd[1]: Unit openstack-glance-api.service 
entered failed state


and when I try to do it manually:

/usr/bin/glance-api --config-file /etc/glance/glance-api.conf
Traceback (most recent call last):
  File "/usr/bin/glance-api", line 52, in 
config.parse_args()
  File "/usr/lib/python2.7/site-packages/glance/common/config.py", line 72, in 
parse_args
default_config_files=default_config_files)
  File "/usr/lib/python2.7/site-packages/glance/openstack/common/cfg.py", line 
1026, in __call__
self._parse_config_files()
  File "/usr/lib/python2.7/site-packages/glance/openstack/common/cfg.py", line 
1496, in _parse_config_files
raise ConfigFilesNotFoundError(not_read_ok)
glance.openstack.common.cfg.ConfigFilesNotFoundError: Failed to read some 
config files: /etc/glance/glance-api.conf


and

glance index
ID   Name   Disk Format 
 Container Format Size  
 -- 
  --
Error communicating with http://XX.XX.XX.XX:9292 [Errno 111] Connection refused




my /etc/glance/glance-api.conf:

[DEFAULT]
verbose = True
debug = False
default_store = file
bind_host = 0.0.0.0
bind_port = 9292
log_file = /var/log/glance/api.log
backlog = 4096
sql_connection = mysql://glance:gla...@xx.xx.xx.xx/glance
sql_idle_timeout = 3600
workers = 1
# = Syslog Options 
use_syslog = False
#  Registry Options ===
registry_host = 0.0.0.0
registry_port = 9191
registry_client_protocol = http
#  Notification System Options =
notifier_strategy = noop
rabbit_host = localhost
rabbit_port = 5672
rabbit_use_ssl = false
rabbit_userid = guest
rabbit_password = guest
rabbit_virtual_host = /
rabbit_notification_exchange = glance
rabbit_notification_topic = glance_notifications
rabbit_durable_queues = False
qpid_notification_exchange = glance
qpid_notification_topic = glance_notifications
qpid_host = localhost
qpid_port = 5672
qpid_username =
qpid_password =
qpid_sasl_mechanisms =
qpid_reconnect_timeout = 0
qpid_reconnect_limit = 0
qpid_reconnect_interval_min = 0
qpid_reconnect_interval_max = 0
qpid_reconnect_interval = 0
qpid_heartbeat = 5
qpid_protocol = tcp
qpid_tcp_nodelay = True
#  Filesystem Store Options 
filesystem_store_datadir = /var/lib/glance/images/
#  Swift Store Options ===
swift_store_auth_version = 2
swift_store_auth_address = 127.0.0.1:5000/v2.0/
swift_store_user = jdoe:jdoe
swift_store_key = a86850deb2742ec3cb41518e26aa2d89
swift_store_container = glance
swift_store_create_container_on_put = False
swift_store_large_object_size = 5120
swift_store_large_object_chunk_size = 200
swift_enable_snet = False
#  S3 Store Options =
s3_store_host = 127.0.0.1:8080/v1.0/
s3_store_access_key = <20-char AWS access key>
s3_store_secret_key = <40-char AWS secret key>
s3_store_bucket = glance
s3_store_create_bucket_on_put = False
#  RBD Store Options =
rbd_store_ceph_conf = /etc/ceph/ceph.conf
rbd_store_user = glance
rbd_store_pool = images
rbd_store_chunk_size = 8
#  Delayed Delete Options =
delayed_delete = False
scrub_time = 43200
scrubber_datadir = /var/lib/glance/scrubber
# === Image Cache Options =
image_cache_dir = /var/lib/glance/image-cache/

[keystone_authtoken]
auth_host = 127.0.0.1
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = glance

[paste_deploy]
config_file = /etc/glance/glance-api-paste.ini
flavor = keystone

   

Re: [Openstack] Security concern with vncserver_listen 0.0.0.0 and multi_host

[Sam Stoelinga]

No you aren't missing something, a firewall would be probably be enough if
we didn't change nova :P I also feel that #2 is too drastic now, but #1
should be done I guess.

I didn't mention something before about why we can't use a firewall for
this: We did some dirty changes to enable spice and disabled auto_port for
both vnc and spice, so people can access their virtual machines using spice
with a password on a specific port. The company I work for was already
using this since the E version and in our next version we will start to use
the official spice implementation of openstack. Our current version has
possible bugs also.

Disabling all ports isn't an option in our current state because we still
want to enable spice. We currently have a prefixed range of ports reserved
for spice 3 to 4 that should be accessible from the outside. Those
parts may be used by VNC and/or spice currently (We have disabled autoport
of vnc and spice and let them use the prefixed range).




On Wed, Apr 3, 2013 at 6:11 PM, Mac Innes, Kiall  wrote:

> On 03/04/13 11:03, Sam Stoelinga wrote:
> > To prevent this happening to somebody else we could do the following:
> > 1. In the documentation explicitly tell the user that when you enable
> > multi_host that you can't use vncserver_listen=0.0.0.0
> > 2. Do some sanity checks on nova.conf options, if we notice that
> > vncserver_listen: 0.0.0.0 and multi_host true, we don't allow starting
> > the nova-compute service and give a clear error message saying that it's
> > stupid to do something like that and what the user should do instead.
>
> I'm probably missing something here, but would a simple firewall not work?
>
> #2 seems drastic to me, and #1 could be amended to mention the need for
> a firewall instead..
>
> Kiall Mac Innes
> HP Cloud Services - DNSaaS
>
> Mobile:   +353 86 345 9333
> Landline: +353 1 524 2177
> GPG:  E9498407
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] error when trying to start glance api

[arindam]

Hi Robert, 
Thanks for your reply. Now I am going to do a fresh install again. This time 
using the redhat instructions. So, I cannot report you any feedback.




Sent from Samsung tablet

 Original message 
From: Robert Parrott  
Date: 03/04/2013  15:03  (GMT+01:00) 
To: Arindam Choudhury  
Cc: openstack@lists.launchpad.net 
Subject: Re: [Openstack] error when trying to start glance api 
 
Arindam,

This looks like a file permissions issue. What user are you when  you
try to start the service, what are the permissions and ownership of
the config file, and what are the permissions on the log file
specified in the config file.

Rob


On Wed, Apr 3, 2013 at 6:30 AM, Arindam Choudhury  wrote:
> Hi,
>
> I am trying to install openstack folsom on fedora 18 using openstack install
> guide.
>
> i changed the /etc/glance/glance-api.conf as mentioned.
>
> Then I did:
>
> systemctl enable /usr/lib/systemd/system/openstack-glance-api.service
>
> and when I try to start the service:
>
> service openstack-glance-api status
> Redirecting to /bin/systemctl status  openstack-glance-api.service
> openstack-glance-api.service - OpenStack Image Service (code-named Glance)
> API server
>   Loaded: loaded (/usr/lib/systemd/system/openstack-glance-api.service;
> enabled)
>   Active: failed (Result: exit-code) since Wed 2013-04-03 12:00:57 CEST;
> 4s ago
>  Process: 2121 ExecStart=/usr/bin/glance-api --config-file
> /etc/glance/glance-api.conf (code=exited, status=1/FAILURE)
>
> Apr 03 12:00:57 aopcach.uab.es systemd[1]: Started OpenStack Image Service
> (code-named Glance) API server.
> Apr 03 12:00:57 aopcach.uab.es glance-api[2121]: No handlers could be found
> for logger "glance"
> Apr 03 12:00:57 aopcach.uab.es systemd[1]: openstack-glance-api.service:
> main process exited, code=exited, status=1/FAILURE
> Apr 03 12:00:57 aopcach.uab.es systemd[1]: Unit openstack-glance-api.service
> entered failed state
>
>
> and when I try to do it manually:
>
> /usr/bin/glance-api --config-file /etc/glance/glance-api.conf
> Traceback (most recent call last):
>   File "/usr/bin/glance-api", line 52, in 
> config.parse_args()
>   File "/usr/lib/python2.7/site-packages/glance/common/config.py", line 72,
> in parse_args
> default_config_files=default_config_files)
>   File "/usr/lib/python2.7/site-packages/glance/openstack/common/cfg.py",
> line 1026, in __call__
> self._parse_config_files()
>   File "/usr/lib/python2.7/site-packages/glance/openstack/common/cfg.py",
> line 1496, in _parse_config_files
> raise ConfigFilesNotFoundError(not_read_ok)
> glance.openstack.common.cfg.ConfigFilesNotFoundError: Failed to read some
> config files: /etc/glance/glance-api.conf
>
>
> and
>
> glance index
> ID   Name   Disk
> Format  Container Format Size
>  --
>   --
> Error communicating with http://XX.XX.XX.XX:9292 [Errno 111] Connection
> refused
>
>
>
>
> my /etc/glance/glance-api.conf:
>
> [DEFAULT]
> verbose = True
> debug = False
> default_store = file
> bind_host = 0.0.0.0
> bind_port = 9292
> log_file = /var/log/glance/api.log
> backlog = 4096
> sql_connection = mysql://glance:gla...@xx.xx.xx.xx/glance
> sql_idle_timeout = 3600
> workers = 1
> # = Syslog Options 
> use_syslog = False
> #  Registry Options ===
> registry_host = 0.0.0.0
> registry_port = 9191
> registry_client_protocol = http
> #  Notification System Options =
> notifier_strategy = noop
> rabbit_host = localhost
> rabbit_port = 5672
> rabbit_use_ssl = false
> rabbit_userid = guest
> rabbit_password = guest
> rabbit_virtual_host = /
> rabbit_notification_exchange = glance
> rabbit_notification_topic = glance_notifications
> rabbit_durable_queues = False
> qpid_notification_exchange = glance
> qpid_notification_topic = glance_notifications
> qpid_host = localhost
> qpid_port = 5672
> qpid_username =
> qpid_password =
> qpid_sasl_mechanisms =
> qpid_reconnect_timeout = 0
> qpid_reconnect_limit = 0
> qpid_reconnect_interval_min = 0
> qpid_reconnect_interval_max = 0
> qpid_reconnect_interval = 0
> qpid_heartbeat = 5
> qpid_protocol = tcp
> qpid_tcp_nodelay = True
> #  Filesystem Store Options 
> filesystem_store_datadir = /var/lib/glance/images/
> #  Swift Store Options ===
> swift_store_auth_version = 2
> swift_store_auth_address = 127.0.0.1:5000/v2.0/
> swift_store_user = jdoe:jdoe
> swift_store_key = a86850deb2742ec3cb41518e26aa2d89
> swift_store_container = glance
> swift_store_create_container_on_put = False
> swift_store_large_object_size = 5120
> swift_store_large_object_chunk_size = 200
> swift_enable_snet = False
> #  S3 Store Options ===

Re: [Openstack] error when trying to start glance api

[Mark Lehrer]

glance.openstack.common.cfg.ConfigFilesNotFoundError: Failed to read some 
config files: /etc/glance/glance-api.conf


What are the permissions on this file?  The glance user will need to be able to 
read it.

Mark

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] [Quantum] Anybody implemented DMZ?

[David Kang]

 Hi,

 We are trying to set up Quantum network for non-DMZ and DMZ networks.
The cloud has both non-DMZ networks and a DMZ network.
We need to route traffic from DMZ network to a specific router before it reaches
anywhere else in non-DMZ networks.
However, Quantum Network Node routes the traffic between DMZ network and
non-DMZ network within itself by default.
Have anybody configured Quantum for this case?
Any help will be appreciated.
We are using Quantum linuxbridge-agent.

 Thanks,
 David

-- 
--
Dr. Dong-In "David" Kang
Computer Scientist
USC/ISI

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] error when trying to start glance api

[Romil Gupta]

Hi,
I think there is some issue with glance-api service
pls do ,
$ glance-api --debug

and get the log stack for the corresponding error thn post it here for the
solution.

And also check your all keystone,rabbitmq  and mysql service is working
properly or not!


On Wed, Apr 3, 2013 at 7:15 PM, Mark Lehrer  wrote:

>
>
>  glance.openstack.common.cfg.**ConfigFilesNotFoundError: Failed to read
>> some config files: /etc/glance/glance-api.conf
>>
>
> What are the permissions on this file?  The glance user will need to be
> able to read it.
>
> Mark
>
>
> __**_
> Mailing list: 
> https://launchpad.net/~**openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : 
> https://launchpad.net/~**openstack
> More help   : 
> https://help.launchpad.net/**ListHelp
>



-- 
*Thanks & Regards,*
*Romil Gupta
M.Tech (CSE), Manipal
Intern@ HP ISO,Bangalore
Contact No. : 8880414133*
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] DHCP lease not accepted when libvirt_use_virtio_for_bridges=true

[Lorin Hochstein]

On Fri, Mar 22, 2013 at 11:55 PM, Lorin Hochstein
wrote:

>
> On Thu, Mar 21, 2013 at 12:00 PM, Vishvananda Ishaya <
> vishvana...@gmail.com> wrote:
>
>> Well phooey:
>>
>>  987 if network_ref['multi_host']:
>>  988 _add_dhcp_mangle_rule(dev)
>>
>> The mangle rule is only added my nova-network in multihost mode.
>>
>> Can you verify whether or not adding the rule on the compute or network
>> node fixes it?
>>
>> That way we can either remove the check on multi_host or add it in
>> plug_vif on the
>> compute host.
>>
>>
>
> I'll check on this and get back to you.
>
> As an aside, note that we're *not* running with the vhost-net kernel
> module loaded, and the mangle rule only gets applied if this module is
> loaded:
>
>
> https://github.com/openstack/nova/blob/master/nova/network/linux_net.py#L885
>
> 884   def _add_dhcp_mangle_rule(dev):
> 885   if not os.path.exists('/dev/vhost-net'):
> 886  return
>
> So, either this situation can occur even without vhost-net, or I'm hitting
> a different issue.
>
>
>
>> BTW:
>>
>>  iptables -D POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM
 --checksum-fill

>>>
>>
>> that should be -A not -D
>>
>>
> D'oh! I'll make sure that's correct when I do the testing.
>
>
>

OK, I've tested this again, and I'm having the same problem. I'm able to
get DHCP addresses for Ubuntu instances, but not CentOS ones. If I do a
"tcpdump" on the "vnetX" interface, I can see the DHCP request and replies.

listening on vnet1, link-type EN10MB (Ethernet), capture size 65535 bytes

14:20:15.124839 IP 10.40.0.2.68 > 255.255.255.255.67: BOOTP/DHCP, Request
from fa:16:3e:6b:d3:44, length 300

14:20:48.204962 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request
from fa:16:3e:5a:e9:f9, length 300

14:20:48.205023 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request
from fa:16:3e:5a:e9:f9, length 300

14:20:48.205596 IP 10.40.0.1.67 > 10.40.0.6.68: BOOTP/DHCP, Reply, length
320

But if I do the tcpdump on eth0 inside the CentOS instances, I don't see
the DHCP reply packets. They aren't making it from vnet1 to eth0.

This is Folsom with nova-network, running in FlatDHCP, non-multi host, on
Ubuntu12.04.

I tried adding the iptables rule, but alas, it didn't resolve my issue.

iptables -A POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM
--checksum-fill

Here are the various things I've tried

* Adding the checksum rule to iptables nova-network node
* Adding the checksum rule to the nova-compute node
* Setting libvirt_use_virtio_for_bridge to "yes" and "no" (restarting
nova-compute, re-launching instances)
* With and without vhost_net loaded in nova-compute (restarting
nova-compute, re-launching instances)
* Disabling ipv6 inside of the CentOS guest

If I VNC into the instance and put a static IP on it, like this, it still
doesn't have connectivity to the outside:

ip addr add 10.40.0.2/16 broadcast 10.40.255.255 dev eth0

Since it works with Ubuntu but not CentOS guests, on the same compute node,
I assume there's something about the configuration of the CentOS guest that
isn't working properly with my setup. But, at this point, I'm really
stumped.


Lorin


> Lorin
>
>
>
>
>> Vish
>>
>> On Mar 20, 2013, at 1:43 PM, Lorin Hochstein 
>> wrote:
>>
>>
>> On Wed, Mar 20, 2013 at 4:15 PM, Nathanael Burton <
>> nathanael.i.bur...@gmail.com> wrote:
>>
>>> On Wed, Mar 20, 2013 at 3:51 PM, Lorin Hochstein <
>>> lo...@nimbisservices.com> wrote:
>>>
 I'm doing a Folsom deployment with FlatDHCP (not multihost).

 When I try to boot a quantal image, the instance doesn't pick up the
 DHCP lease. I've confirmed that dnsmasq is sending out the DHCPOFFER, and I
 can see by tcpdump on the compute host that the DHCP packets are making it
 to the vnet0 interface.


 Note that I tried adding this iptables rule as mentioned here <
 https://github.com/mseknibilel/OpenStack-Folsom-Install-guide/issues/14>,
 but that didn't resolve it.

 iptables -D POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM
 --checksum-fill



 However, the problem goes away if I change this setting on the compute
 hosts in /etc/nova/nova.conf

 libvirt_use_virtio_for_bridges=true

 to:

libvirt_use_virtio_for_bridges=false


 Anybody know what would cause this?


 I'm on Ubuntu 12.04 with the cloud-archive packages, with KVM as the
 hypervisor


 You didn't restart nova-network without killing and restarting dnsmasq,
>>> did you?
>>>
>>> Nate
>>>
>>>
>>>
>> Of course not! (Well, maybe...). But just tried again, killing dnsmasq
>> and restarting nova-network doesn't seem to help. I'm guessing the issue is
>> confined to the compute node, and since I'm not running multihost, I don't
>> think I even need to restart nova-network each time I make a virtio-related
>> change on the compute node...
>>
>> Lorin
>>
>>
>> --
>> Lorin Hochstein
>> Lead Architect - Cl

[Openstack] [Nova] Creating instances with custom UUIDs

[Rafael Rosa]

Hi,

In our OpenStack installation we have an issue when creating new instances,
we need to execute some long running processes before calling "nova boot"
and the call blocks for the end user for a while. We would like to return
"immediately" to the caller with a final instance UUID and do the work on
the background, but it's only generated when during actual instance
creation, which is a no go in our situation.

I read the proposed
https://blueprints.launchpad.net/nova/+spec/launch-instances-async blueprint,
and I agree with Vish's take, the cleanest way would be to create the job
construct and return a 202+URI, but it would not solve our situation, the
calling system has some restrictions on pooling for updates and even
creating callbacks that we could use to update them once the instance was
created.

With all these restrictions in mind, one solution would be to allow a
"--custom-instance-uuid=abc123" option. According to our spikes, we would
only need to make sure that the param value would find its way into
base_options (
https://github.com/openstack/nova/blob/a17d03c43f1f118c4a1e16e092cd0a570f0f1694/nova/compute/api.py#L570)
as "uuid=" to make it work, there would be no need to change
code after this point. To prevent misuse we could add a configuration
option to allow/deny this parameter, perhaps restricting it to admin users,
but once https://blueprints.launchpad.net/nova/+spec/db-enforce-unique-keys is
implemented I don't believe this would be a big issue.

I would like to have some opinions on this before spending time
implementing it, feedback on how to improve it, overlooked issues and
alternatives are super welcome.

Thanks,
Rafael Rosa Fu
grokpodcast.com 
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Nova] Creating instances with custom UUIDs

[Michael Still]

On Thu, Apr 4, 2013 at 9:16 AM, Rafael Rosa  wrote:
> Hi,
>
> In our OpenStack installation we have an issue when creating new instances,
> we need to execute some long running processes before calling "nova boot"
> and the call blocks for the end user for a while. We would like to return
> "immediately" to the caller with a final instance UUID and do the work on
> the background, but it's only generated when during actual instance
> creation, which is a no go in our situation.

The instance_create database call already accepts an instance UUID as
an argument, so that bit looks like it should work out well for you.
So, I guess this is mostly a case of working out how you want the API
to work.

Personally, I would have no problem with something like this, so long
as we could somehow "reserve" the instance UUID so that another caller
doesn't try and create an instance with the same UUID while you're
doing your slow thing.

Cheers,
Michael

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Nova] Creating instances with custom UUIDs

[Rafael Rosa]

API wise I was thinking about something like "nova boot
--custom-instance-uuid ABC..." or something like that. To avoid problems
with any current implementation I would set it to disabled by default and
add a config option to enable it.

As for collisions, my take is that if you're passing a custom UUID you know
what you're doing and is generating them in a way that won't be duplicated.
Just by using standard UUID generators the possibility of collisions are
really really small.

Thanks for the feeback :)

Rafael Rosa Fu


2013/4/3 Michael Still 

> On Thu, Apr 4, 2013 at 9:16 AM, Rafael Rosa 
> wrote:
> > Hi,
> >
> > In our OpenStack installation we have an issue when creating new
> instances,
> > we need to execute some long running processes before calling "nova boot"
> > and the call blocks for the end user for a while. We would like to return
> > "immediately" to the caller with a final instance UUID and do the work on
> > the background, but it's only generated when during actual instance
> > creation, which is a no go in our situation.
>
> The instance_create database call already accepts an instance UUID as
> an argument, so that bit looks like it should work out well for you.
> So, I guess this is mostly a case of working out how you want the API
> to work.
>
> Personally, I would have no problem with something like this, so long
> as we could somehow "reserve" the instance UUID so that another caller
> doesn't try and create an instance with the same UUID while you're
> doing your slow thing.
>
> Cheers,
> Michael
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Nova] Creating instances with custom UUIDs

[Chris Behrens]

I'm having a hard time understanding the original problem.  nova boot should 
return in milliseconds.  There's no blocking on provisioning.

- Chris

On Apr 3, 2013, at 8:32 PM, Rafael Rosa  wrote:

> API wise I was thinking about something like "nova boot 
> --custom-instance-uuid ABC..." or something like that. To avoid problems with 
> any current implementation I would set it to disabled by default and add a 
> config option to enable it.
> 
> As for collisions, my take is that if you're passing a custom UUID you know 
> what you're doing and is generating them in a way that won't be duplicated. 
> Just by using standard UUID generators the possibility of collisions are 
> really really small.
> 
> Thanks for the feeback :)
> 
> Rafael Rosa Fu
> 
> 
> 2013/4/3 Michael Still 
>> On Thu, Apr 4, 2013 at 9:16 AM, Rafael Rosa  wrote:
>> > Hi,
>> >
>> > In our OpenStack installation we have an issue when creating new instances,
>> > we need to execute some long running processes before calling "nova boot"
>> > and the call blocks for the end user for a while. We would like to return
>> > "immediately" to the caller with a final instance UUID and do the work on
>> > the background, but it's only generated when during actual instance
>> > creation, which is a no go in our situation.
>> 
>> The instance_create database call already accepts an instance UUID as
>> an argument, so that bit looks like it should work out well for you.
>> So, I guess this is mostly a case of working out how you want the API
>> to work.
>> 
>> Personally, I would have no problem with something like this, so long
>> as we could somehow "reserve" the instance UUID so that another caller
>> doesn't try and create an instance with the same UUID while you're
>> doing your slow thing.
>> 
>> Cheers,
>> Michael
> 
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Issues in nova-vncproxy installation

[Muhammad Kazim]

Hi,

I have installed openstack diablo. All services are installed correctly and
running except nova-vncprxoy.
I get the following error while installing nova-vncprxoy:


root@ubuntu:/home/habiba# apt-get install nova-vncproxy

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
nova-vncproxy
0 upgraded, 1 newly installed, 0 to remove and 360 not upgraded.
Need to get 4,402 B of archives.
After this operation, 74.8 kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
nova-vncproxy
Install these packages without verification [y/N]? y
Get:1 http://us.archive.ubuntu.com/u... precise-updates/main nova-vncproxy
all 2012.1.3+stable-20120827-4d2a4afe-0ubuntu1.2 [4,402 B]
Fetched 297 B in 0s (1,052 B/s)

Failed to fetch http://us.archive.ubuntu.com/u... Size mismatch
E: Unable to fetch some archives, maybe run apt-get update or try with
--fix-missing?
--
I am unable to locate and install "novncproxy" and "vncproxy" and as a
result, cannot access the VM instances of openstack.
Kindly suggest some way to solve this issue.

Regards
M Kazim
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Billing Plugin with Openstack cloud folsom in Ubuntu 12.04

[Rajesh Upadhayay]

Hi Team,

Please help me to get billing tab in Open stack Cloud Folsom dashboard as I am 
using Ubuntu 12.04 and I tried nova_billing/Horizon billing from github but no 
success. It seems these packages are for RHEL/Fedora/Centos.
Please provide me your guidance to get this done in my current cloud as I need 
complete POC ASAP. Please help me and guide how I can configure billing option 
in Folsom.



Thanks
Rajesh Upadhayay

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] CY13-Q1 Community Analysis — OpenStack vs OpenNebula vs Eucalyptus vs CloudStack

[Qingye Jiang (John)]

Thanks a lot for the hints. This is very helpful.

John

在 2013-4-3，下午6:29，Daniel P. Berrange  写道：

> On Wed, Apr 03, 2013 at 12:15:21PM +0200, Thierry Carrez wrote:
>> Qingye Jiang (John) wrote:
>>> I saw Jay's suggestion on removing review.openstack.org from the git domain 
>>> analysis. Can you shed some light on how this system works? Is this system 
>>> shadowing more real code contributors?
>> 
>> "Merge commits" are created in git history when branches are merged.
>> They appear as having two parent commits. In OpenStack, our Gerrit
>> review system automatically creates them when merging into master, so
>> jenk...@review.openstack.org appears as the author of all of them.
> 
> NB you don't need to exclude based on author name. You can simply ask
> git for the history, without merges using 'git log --no-merges'
> 
> Regards,
> Daniel
> -- 
> |: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
> |: http://libvirt.org  -o- http://virt-manager.org :|
> |: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
> |: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|
> 
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp