Re: [Openstack] [Nova] What is the correct way to provide Windows instance password for user?

2014-01-20 Thread Juerg Haefliger 
On Tue, Jan 21, 2014 at 3:15 AM, jeffty  wrote:
>
> Thanks Joe, It really helps.
>
> Will check them to find the proper way.
>
> Thanks.
>
> On 1/19/2014 3:32 PM, Joe Topjian wrote:
> > Hello,
> >
> > We've used this in the past:
> >
> > https://github.com/jordanrinke/openstack
> >
> > It allows a user to type in an Administrator password in the Post Config
> > text box when launching an instance in Horizon. The password is then
> > retrieved when Windows first boots via the metadata service.
> >
> > We stopped using it for two reasons, though:
> >
> > 1. The password was permanently stored in the metadata server
> > 2. There was no (default) way to let the user know that the password
> > they chose was not a strong enough password
> >
> > We now just have users connect to the VNC console and set the password
> > upon first boot.
> >
> > There have been a few discussions over the past year on the
> > openstack-operators list about the cloudbase Windows cloud-init service.
> > I think one or two people have been able to get the password injection
> > portion working. It might be worth a shot to search the archives:
> >
> > http://www.gossamer-threads.com/lists/openstack/operators/
> >
> > Joe
> >
> >
> > On Sun, Jan 19, 2014 at 4:21 AM, jeffty  > > wrote:
> >
> > Thanks Jacob.
> >
> > Is there any openstack API guide for send instance password while
> > launch it?
> >
> > Thanks.
> >
> > On 1/19/2014 11:08 AM, Jacob Godin wrote:
> > > Yes, they must input a password every time. It's within Windows,
they
> > > must use the console.
> > >
> > > Sent from my mobile device
> > >
> > > On Jan 18, 2014 10:51 PM, "jeffty"  > 
> > > >>
> > wrote:
> > >
> > > Thanks Jacob.
> > >
> > > Then the user must input a password for every windows
instance he
> > > launched?
> > >
> > > In other word different instance owns different password even
> > they are
> > > launched at the same time? e.g. Input 3 while launching
> > instance in
> > > Horizon portal for this windows image.
> > >
> > > If yes, how to send this password to the instance in portal?
> > That should
> > > be implemented by meta service.
> > >
> > > If no, all of the instances have the same default password,
right?
> > >
> > >
> > > On 1/19/2014 10:02 AM, Jacob Godin wrote:
> > > > We've used sysprep to have the administrator provide a
password
> > > when the
> > > > instance is first booted.
> > >

We use a simple powershell script that generates a random Administrator
password on first boot, pulls the SSH key from the metadata server,
encrypts the password with the key and writes the encrypted password to the
serial port.

The user retrieves the encrypted password through the nova console-log and
decrypts it with his private key. The image is setup such that the user is
prompted to change the (random) password the first time he logs into the
instance.

...Juerg



> >
> > ___
> > Mailing list:
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > Post to : openstack@lists.openstack.org
> > 
> > Unsubscribe :
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >
> >
>
>
> ___
> Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe :
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] [Nova] What is the correct way to provide Windows instance password for user?

2014-01-21 Thread Juerg Haefliger 
On Tue, Jan 21, 2014 at 10:23 AM, jeffty  wrote:
>
> Me 2:)
>
> Another question, how does customer decrypt the string with his private
key?
>
> It requires that he has an environment with OpenSSL installed?

Yes, you need OpenSSL inside the Windows instance to encrypt the password
and also in the env where you want to decrypt it.

To encrypt (in Unix notation):

ssh-keygen -e -m pkcs8 -f  > id_rsa.pub8
enc_pw=$(echo 'MyRandomPassword' | openssl rsautl -encrypt -inkey
id_rsa.pub8 -pubin | openssl enc -base64)

To decrypt:

echo $enc_pw | openssl enc -base64 -d | openssl rsautl -decrypt -inkey 

...Juerg



> On 1/21/2014 3:44 PM, Georgios Dimitrakakis wrote:
> > Indeed this is very interesting!
> > I would also like to see it if possible!
> >
> > Best,
> >
> > G.
> >
> > On Tue, 21 Jan 2014 08:22:44 +0100, Joe Topjian wrote:
> >> Hi Juerg,
> >>
> >> Thats a really creative way of setting the password. Are you able to
> >> share your powershell script?
> >>
> >> Thanks,
> >> Joe
> >>
> >> On Tue, Jan 21, 2014 at 8:15 AM, Juerg Haefliger  wrote:
> >>
> >>> On Tue, Jan 21, 2014 at 3:15 AM, jeffty wrote:
> >>>>
> >>>> Thanks Joe, It really helps.
> >>> >
> >>>> Will check them to find the proper way.
> >>> >
> >>>> Thanks.
> >>>>
> >>>> On 1/19/2014 3:32 PM, Joe Topjian wrote:
> >>>> > Hello,
> >>>> >
> >>>> > Weve used this in the past:
> >>>> >
> >>>> > https://github.com/jordanrinke/openstack [2]
> >>> > >
> >>>> > It allows a user to type in an Administrator password in the
> >>> Post Config
> >>>> > text box when launching an instance in Horizon. The password is
> >>> then
> >>>> > retrieved when Windows first boots via the metadata service.
> >>> > >
> >>>> > We stopped using it for two reasons, though:
> >>>> >
> >>>> > 1. The password was permanently stored in the metadata server
> >>>> > 2. There was no (default) way to let the user know that the
> >>> password
> >>> > > they chose was not a strong enough password
> >>>> >
> >>>> > We now just have users connect to the VNC console and set the
> >>> password
> >>>> > upon first boot.
> >>>> >
> >>>> > There have been a few discussions over the past year on the
> >>> > > openstack-operators list about the cloudbase Windows cloud-init
> >>> service.
> >>>> > I think one or two people have been able to get the password
> >>> injection
> >>>> > portion working. It might be worth a shot to search the
> >>> archives:
> >>> > >
> >>>> > http://www.gossamer-threads.com/lists/openstack/operators/ [3]
> >>>> >
> >>>> > Joe
> >>>> >
> >>>> >
> >>> > > On Sun, Jan 19, 2014 at 4:21 AM, jeffty > > wrote:
> >>>> >
> >>>> > Thanks Jacob.
> >>>> >
> >>>> > Is there any openstack API guide for send instance
> >>> password while
> >>> > > launch it?
> >>>> >
> >>>> > Thanks.
> >>>> >
> >>>> > On 1/19/2014 11:08 AM, Jacob Godin wrote:
> >>>> > > Yes, they must input a password every time. Its within
> >>> Windows, they
> >>> > > > must use the console.
> >>>> > >
> >>>> > > Sent from my mobile device
> >>>> > >
> >>>> > > On Jan 18, 2014 10:51 PM, "jeffty" >
> >>>> > > >
> >>> > > wrote:
> >>>> > >
> >>>> > > Thanks Jacob.
> >>>> > >
> >>>> > > Then the user must input a password for every
> >>> windows instance he
> >>>> > > launched?
> >>> > > >
> >>>> > > In other word different instance owns different
> >>> password even
> >>>> > they are
> >>>> > > launched at the s

Re: [Openstack] [Nova] What is the correct way to provide Windows instance password for user?

2014-01-22 Thread Juerg Haefliger 
On Tue, Jan 21, 2014 at 8:22 AM, Joe Topjian  wrote:
>
> Hi Juerg,
>
> That's a really creative way of setting the password. Are you able to
share your powershell script?

Sorry, missed this request earlier. Need to check with legal (sigh).

..Juerg


> Thanks,
> Joe
>
>
> On Tue, Jan 21, 2014 at 8:15 AM, Juerg Haefliger  wrote:
>>
>>
>> On Tue, Jan 21, 2014 at 3:15 AM, jeffty  wrote:
>> >
>> > Thanks Joe, It really helps.
>> >
>> > Will check them to find the proper way.
>> >
>> > Thanks.
>> >
>> > On 1/19/2014 3:32 PM, Joe Topjian wrote:
>> > > Hello,
>> > >
>> > > We've used this in the past:
>> > >
>> > > https://github.com/jordanrinke/openstack
>> > >
>> > > It allows a user to type in an Administrator password in the Post
Config
>> > > text box when launching an instance in Horizon. The password is then
>> > > retrieved when Windows first boots via the metadata service.
>> > >
>> > > We stopped using it for two reasons, though:
>> > >
>> > > 1. The password was permanently stored in the metadata server
>> > > 2. There was no (default) way to let the user know that the password
>> > > they chose was not a strong enough password
>> > >
>> > > We now just have users connect to the VNC console and set the
password
>> > > upon first boot.
>> > >
>> > > There have been a few discussions over the past year on the
>> > > openstack-operators list about the cloudbase Windows cloud-init
service.
>> > > I think one or two people have been able to get the password
injection
>> > > portion working. It might be worth a shot to search the archives:
>> > >
>> > > http://www.gossamer-threads.com/lists/openstack/operators/
>> > >
>> > > Joe
>> > >
>> > >
>> > > On Sun, Jan 19, 2014 at 4:21 AM, jeffty > > > <mailto:wantwater...@gmail.com>> wrote:
>> > >
>> > > Thanks Jacob.
>> > >
>> > > Is there any openstack API guide for send instance password while
>> > > launch it?
>> > >
>> > > Thanks.
>> > >
>> > > On 1/19/2014 11:08 AM, Jacob Godin wrote:
>> > > > Yes, they must input a password every time. It's within
Windows, they
>> > > > must use the console.
>> > > >
>> > > > Sent from my mobile device
>> > > >
>> > > > On Jan 18, 2014 10:51 PM, "jeffty" > > > <mailto:wantwater...@gmail.com>
>> > > > <mailto:wantwater...@gmail.com <mailto:wantwater...@gmail.com
>>>
>> > > wrote:
>> > > >
>> > > > Thanks Jacob.
>> > > >
>> > > > Then the user must input a password for every windows
instance he
>> > > > launched?
>> > > >
>> > > > In other word different instance owns different password
even
>> > > they are
>> > > > launched at the same time? e.g. Input 3 while launching
>> > > instance in
>> > > > Horizon portal for this windows image.
>> > > >
>> > > > If yes, how to send this password to the instance in
portal?
>> > > That should
>> > > > be implemented by meta service.
>> > > >
>> > > > If no, all of the instances have the same default
password, right?
>> > > >
>> > > >
>> > > > On 1/19/2014 10:02 AM, Jacob Godin wrote:
>> > > > > We've used sysprep to have the administrator provide a
password
>> > > > when the
>> > > > > instance is first booted.
>> > > >
>>
>> We use a simple powershell script that generates a random Administrator
password on first boot, pulls the SSH key from the metadata server,
encrypts the password with the key and writes the encrypted password to the
serial port.
>>
>> The user retrieves the encrypted password through the nova console-log
and decrypts it with his private key. The image is setup such that the user
is prompted to change the (random) password the first time he logs into the
instance.
>>
>> ...Juerg
>>
>>
>>
>> > >
>> > > ___
>> > > Mailing list:
>> > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> > > Post to : openstack@lists.openstack.org
>> > > <mailto:openstack@lists.openstack.org>
>> > > Unsubscribe :
>> > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> > >
>> > >
>> >
>> >
>> > ___
>> > Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> > Post to : openstack@lists.openstack.org
>> > Unsubscribe :
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] [Nova] What is the correct way to provide Windows instance password for user?

2014-01-23 Thread Juerg Haefliger 
Here it is. I'm not a PowerShell expert so go easy on me :-)

...Juerg


#
# Copyright (c) 2014 Hewlett-Packard Development Company, L.P.
#
# Author: Juerg Haefliger 
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
# 02110-1301 USA
#
# Simple powershell script that runs at startup and provides the following
# functionality.
#   1) Generate a random password
#   2) Set the Administrator password
#   3) Pull the public SSH key from the Nova metadata server
#   4) Encrypt the random password with the public SSH key
#   5) Write the encrypted password to the serial port (console log)
#

$metadata_url = "http://169.254.169.254/2009-04-04/meta-data";

$id_rsa_dir  = "C:\Users\Administrator\.ssh"
$id_rsa_pub  = $id_rsa_dir + "\id_rsa.pub"
$id_rsa_pub8 = $id_rsa_dir + "\id_rsa.pub8"

Function Log([string] $text)
{
$now = Get-Date -format "MMM dd HH:mm:ss"
$console.WriteLine($now + " " + $env:Computername + ": [cloud-init] " +
   $text)
}

Function CloudInit()
{
$script:console = New-Object System.IO.Ports.SerialPort `
COM1,115200,None,8,One
$console.Open()
Log("Starting")
}

Function CloudExit()
{
Log("Done")
$console.Close()
exit
}

Function Out([string] $text)
{
$console.WriteLine($text)
}

Function WaitForMetadataService()
{
log("Connect to metadata service")
$client = New-Object Net.WebClient
for ($i = 1; $i -le 10; $i++) {
if ($i -gt 1) {
Start-Sleep -s ($i * 2)
log("Connect to metadata service (" + $i + ". try)")
}
$tmp = $client.DownloadString($metadata_url)
if ($?) {
return
}
}
log("Giving up")
CloudExit
}

Function GetLocalHostname()
{
log("Get local hostname")
$client = New-Object Net.WebClient
$val = $client.DownloadString($metadata_url + "/local-hostname")
return $val
}

Function GetPublicSshKey()
{
log("Get public SSH key")
if (!(Test-Path $id_rsa_dir)) {
New-Item -type directory -path $id_rsa_dir
}
$client = New-Object Net.WebClient
$val = $client.DownloadString($metadata_url +
  "/public-keys/0/openssh-key")
$val | Out-File -encoding ascii -filePath $id_rsa_pub
ssh-keygen -e -P "dummy" -m pkcs8 -f $id_rsa_pub | Out-File `
-encoding ascii -filePath $id_rsa_pub8
}

Function GenerateRandomPassword([int] $length)
{
log("Generate random password")
Add-Type -AssemblyName System.Web
$val = [System.Web.Security.Membership]::GeneratePassword($length, 4)
return $val
}

Function EncryptPassword([string] $secret)
{
log("Encrypt random password")
$temp_file = [System.IO.Path]::GetTempFileName()
$secret | openssl rsautl -encrypt -inkey $id_rsa_pub8 -pubin `
-out $temp_file
$val = openssl enc -base64 -in $temp_file
Remove-Item $temp_file
return $val
}

Function SetAdministratorPassword([string] $secret)
{
log("Set Administrator password")
[adsi] $admin = "WinNT://" + $env:Computername + "/Administrator"
$admin.SetPassword($secret)
}

Function PrintEncryptedPassword([string[]] $secret)
{
Out("-BEGIN BASE64-ENCODED ENCRYPTED PASSWORD-")
foreach ($line in $secret) {
Out($line)
}
Out("-END BASE64-ENCODED ENCRYPTED PASSWORD-")
}

CloudInit

if (Test-Path $id_rsa_pub) {
Log("Nothing to do")
CloudExit
}

$plain_pw = GenerateRandomPassword(12)
SetAdministratorPassword($plain_pw)

WaitForMetadataService
GetPublicSshKey

$encrypted_pw = EncryptPassword($plain_pw)
PrintEncryptedPassword($encrypted_pw)

CloudExit





On Thu, Jan 23, 2014 at 9:52 AM, Clark, Robert Graham
wrote:

> On Thu Jan 23 07:54:23 2014, Juerg Haefliger wrote:
> > On Tue, Jan 21, 2014 at 8:22 AM, Joe Topjian  > <mailto:j...@topjian.net>> wrote:
> > >
> > > Hi Juerg,
> > >
> > > That's a really creative way of setting the password. Are you able
> > to share your powershell script?
> >
> > Sorry, missed this request earlier. Need to check with legal (sigh).
> >
> > ..Juerg
> >
> >
> > > Thanks,
> > > Joe
> > >
> > >
> > > On Tue, Jan 21, 2014 at 8:15 AM, Juerg Haefliger  > <mailto:jue...@gmail.com>> wrote:
> > >>
> > >>
> > >> On Tue, Jan 21, 20

[Openstack] Announcing Dwarf - OpenStack API on top of libvirt/kvm

2014-03-06 Thread Juerg Haefliger 
Hi all,

I have this little pet project of mine that reached a state where it might
be useful to others.

Dwarf is a simple service, that provides support for a subset of the
OpenStack API on top of a locally running libvirt daemon (with KVM in the
back). The main driver for this is to have a somewhat simple and isolated
environment to test OpenStack guest images and as such, it supports
importing images and keypairs and booting instances and some more.

There are lots of restrictions and short-comings and bugs too but if you
want to check it out, the source is here (along with some more
information): https://github.com/juergh/dwarf/

Pre-built packages for Ubuntu Precise and Saucy are available from my PPA:
https://launchpad.net/~juergh/+archive/dwarf

Comments, feedback, bug reports and suggestions are more than welcome.

Enjoy
...Juerg
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] [Nova] Admin pass injection in launch libvirt/kvm instance

2014-06-25 Thread Juerg Haefliger 
On Wed, Jun 25, 2014 at 9:07 AM, Wangpan  wrote:
>
> Hi all,
>
> I debug the process of libvirt admin password injection, I found
everything is OK before the instance is booting up,
> the /etc/shadow is modified normally, such as:
> Wangpan@10-120-120-7:/tmp/openstack-vfs-localfsX_J5ke/etc$ sudo cat shadow
> root:$1$n1j7WavS$FYuXUja3LSUvwOT8yqyt2/:15822:0:9:7:::
> daemon:*:15822:0:9:7:::
> bin:*:15822:0:9:7:::
> ...
>
> but after the instance is running up, I login it by ssh+keypair, I cat
this file again, it is changed like this:
> root@t1:~# cat /etc/shadow
> root:!$1$n1j7WavS$FYuXUja3LSUvwOT8yqyt2/:15822:0:9:7:::
> daemon:*:15822:0:9:7:::
> bin:*:15822:0:9:7:::
>
> the difference is:
> root:$1$n1j7WavS$FYuXUja3LSUvwOT8yqyt2/:15822:0:9:7:::  (before
running up)
> root:!$1$n1j7WavS$FYuXUja3LSUvwOT8yqyt2/:15822:0:9:7::: (after
running up)
> you can find that a '!' prefix is added to the encrypted password, if I
remove it, then I can login the instance by VNC successfully!
> I don't know what happened? anyone can help me?

What image is this?

Probably cloud-init locking the root password. Check /etc/cloud/cloud.cfg
for:
lock_passwd: True

...Juerg


> thanks!
>
>
> 2014-06-25 14:57 (UTC+8)
> Wangpan
>
> - Original Message -
> > From: CôngTT 
> > To: "Thang Pham"
> > Sent: 2014-06-25 12:21
> > Subject: Re: [Openstack] [Nova] Admin pass injection in launch
libvirt/kvm instance
>
> Hi  Thang Pham and all !
>
> I am using KVM on OpenStack Havana , OpenStack Icehouse  , And inject
admin password OK.  SURE 100%
>
>
> Step 1 : Edit /etc/nova/nova.conf
>
> [DEFAULT ]
> 
>
> libvirt_inject_password=True
> enable_instance_password = True
>
>
> Step 22:
> If you use image cirros, ubuntu  downloading from Internet, then you
will modify /etc/ssh/sshd_config to disable authentication private key
(rsa): (Example Ubuntu 13.10)
>
>
> #Line 15 Un-comment
> UsePrivilegeSeparation yes
>
> #Line 30: Comment 30
> #RSAAuthentication no
>
> #Line 31
> PubkeyAuthentication no
>
> #Line 51
> PasswordAuthentication yes
>
>
>
> Besides, You can create image for GLANCE by yourself.
>
> Note: On KVM not support reset password. You can see
https://wiki.openstack.org/wiki/HypervisorSupportMatrix
>
> Good luck for U !
>
> P/S: Thắng: Tính năng này là tính năng chèn password ngay khi khởi tạo
máy, mình thực hiện tốt trên KVM
>
> tu0ng_c0ng
>
> On Wed, Jun 25, 2014 at 10:48 AM, Thang Pham 
wrote:
>>
>> Hi Wangpan,
>>
>> Injecting admin password is not implemented or supported in libvirt/kvm.
 I believe only Xen supports it.
>>
>> Regards,
>> Thang
>>
>>
>> On Tue, Jun 24, 2014 at 11:36 PM, Wangpan 
wrote:
>>>
>>> Hi all,
>>>
>>> I want to inject admin password to a libvirt/kvm instance, and I enable
the config libvirt_inject_password=true on the compute node,
>>> I also find the /etc/shadow file in the instance is changed, but when I
use the adminPass to login the instance from vnc, it is failed.
>>> I find that the admin password is encrypted in
nova/virt/disk/api.py:_set_password() method,
>>> evenif I encrypt my adminPass and replace the root password in
/etc/shadow manually, I can't login the instance with vnc.
>>>
>>> My questions are:
>>> 1) Does this admin password injection function of libvirt driver
useable? In other words, my issue is a bug or not?
>>> 2) Are there some special details I was losing sight of? such as any
configs should change?
>>> 3) Is this function depends on the libc version?
>>>
>>> BTW, I'm using stable havana and booting a debian7 instance, and this
is the admin guide page of this function:
>>>
http://docs.openstack.org/admin-guide-cloud/content/admin-password-injection.html
>>>
>>> thanks!
>>>
>>> 2014-06-25 11:16 (UTC+8)
>>> Wangpan
>>>
>>> ___
>>> Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>> Post to : openstack@lists.openstack.org
>>> Unsubscribe :
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>
>>
>>
>> ___
>> Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> Post to : openstack@lists.openstack.org
>> Unsubscribe :
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>
>
>
> ___
> Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe :
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] Openstack image boot slow

2014-07-07 Thread Juerg Haefliger 
On Sun, Jul 6, 2014 at 2:47 PM, Nhan Cao  wrote:
>
> hi
> i see cache=none in /var/lib/instance/uuid-xx/libvirt.xml.
> how i set other default value such as: writethrough, writeback...
> thanks

/etc/nova/nova.conf:

# Specific cachemodes to use for different disk types e.g:
# "file=directsync","block=none" (list value)
#disk_cachemodes=

See nova/virt/libvirt/driver.py.


...Juerg


>
> 2014-07-06 19:36 GMT+07:00 Gary Kotton :
>
>> Hi,
>> This should be set by default. Please see
http://www.pixelbeat.org/docs/openstack_libvirt_images/
>> This may help
>> Thanks
>> Gary
>>
>> From: Nhan Cao 
>> Date: Sunday, July 6, 2014 at 3:31 PM
>> To: Gary Kotton 
>> Cc: "openstack@lists.openstack.org" 
>> Subject: Re: [Openstack] Openstack image boot slow
>>
>> hi,
>> thank for reply.
>> how i set cache of libvirt in nova.conf ?
>>
>>
>> 2014-07-06 19:26 GMT+07:00 Gary Kotton :
>>>
>>> Hi,
>>> The first boot is usually slow as the image needs to be cached. From
that moment on it should be a little quicker.
>>> Thanks
>>> gary
>>>
>>> From: Nhan Cao 
>>> Date: Sunday, July 6, 2014 at 3:06 PM
>>> To: "openstack@lists.openstack.org" 
>>> Subject: [Openstack] Openstack image boot slow
>>>
>>> hi guys,
>>> i created an images follow tutorial:
>>> http://docs.openstack.org/image-guide/content/centos-image.html
>>> but when i run it on my openstack lab, it boot very slow.
>>> can you tell me some tips to optimize image.
>>> Thanks!
>>
>>
>
>
> ___
> Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe :
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] Announcing Dwarf - OpenStack API on top of libvirt/kvm

2014-07-09 Thread Juerg Haefliger 
On Tue, Jul 8, 2014 at 3:25 PM, Curtis  wrote:
>
> On Thu, Mar 6, 2014 at 4:00 AM, Juerg Haefliger  wrote:
> > Hi all,
> >
> > I have this little pet project of mine that reached a state where it
might
> > be useful to others.
> >
> > Dwarf is a simple service, that provides support for a subset of the
> > OpenStack API on top of a locally running libvirt daemon (with KVM in
the
> > back). The main driver for this is to have a somewhat simple and
isolated
> > environment to test OpenStack guest images and as such, it supports
> > importing images and keypairs and booting instances and some more.
> >
> > There are lots of restrictions and short-comings and bugs too but if you
> > want to check it out, the source is here (along with some more
information):
> > https://github.com/juergh/dwarf/
> >
> > Pre-built packages for Ubuntu Precise and Saucy are available from my
PPA:
> > https://launchpad.net/~juergh/+archive/dwarf
> >
> > Comments, feedback, bug reports and suggestions are more than welcome.
>
> Hi Juerg,
>
> I wrote a blog post about using Dwarf here:
> http://serverascode.com/2014/07/07/dwarf-openstack.html

Nice! Thanks.


> I think it's a lot of fun and a good way to learn a bit about
> openstack apis, so thanks for putting dwarf together. :)

Good to hear that somebody finds it useful :-) Don't hesitate to file bugs
against it...

...Juerg


> Thanks,
> Curtis.
>
> >
> > Enjoy
> > ...Juerg
> >
> >
> > ___
> > Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > Post to : openstack@lists.openstack.org
> > Unsubscribe :
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >
>
>
>
> --
> Twitter: @serverascode
> Blog: serverascode.com
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] CentOS 6.5 cloud-init growpart/resizefs does not work on first boot.

2014-08-05 Thread Juerg Haefliger 
Hi,


On Wed, Aug 6, 2014 at 4:35 AM, sylecn  wrote:
>
> Hi stackers,
>
> I have come across this problem of growpart/resizefs not working with
CentOS 6.5 Cloud image on first boot.

Which kernel version are you running in the guest?


> Here is the relevant config in cloud.cfg
> ==
>
> growpart:
>   mode: auto
>   devices: ["/"]
> resize_rootfs: True
> resize_rootfs_tmp: /dev
>
> cloud_init_modules:
>  - bootcmd
>  - write-files
>  - growpart
>  - resizefs

Growpart called by cloud-init only works for kernels >3.8. Only newer
kernels support changing the partition size of a mounted partition. When
using an older kernel the resizing of the root partition happens in the
initrd stage before the root partition is mounted and the subsequent
cloud-init growpart run is a no-op.


> Here is the relevant log on first boot:
> 
> [CLOUDINIT] helpers.py[DEBUG]: Running config-growpart using lock
()
> [CLOUDINIT] util.py[DEBUG]: Running command ['growpart', '--help'] with
allowed return codes [0] (shell=False, capture=True)
> [CLOUDINIT] util.py[DEBUG]: Reading from /proc/1108/mountinfo
(quiet=False)
> [CLOUDINIT] util.py[DEBUG]: Read 521 bytes from /proc/1108/mountinfo
> [CLOUDINIT] util.py[DEBUG]: Reading from /sys/class/block/vda1/partition
(quiet=False)
> [CLOUDINIT] util.py[DEBUG]: Read 2 bytes from
/sys/class/block/vda1/partition
> [CLOUDINIT] util.py[DEBUG]: Reading from
/sys/devices/pci:00/:00:05.0/virtio2/block/vda/dev (quiet=False)
> [CLOUDINIT] util.py[DEBUG]: Read 6 bytes from
/sys/devices/pci:00/:00:05.0/virtio2/block/vda/dev
> [CLOUDINIT] util.py[DEBUG]: Running command ['growpart', '--dry-run',
'/dev/vda', '1'] with allowed return codes [0] (shell=False, capture=True)
> [CLOUDINIT] util.py[DEBUG]: Running command ['growpart', '/dev/vda', '1']
with allowed return codes [0] (shell=False, capture=True)
> [CLOUDINIT] util.py[DEBUG]: resize_devices took 0.076 seconds
> [CLOUDINIT] cc_growpart.py[DEBUG]: '/' NOCHANGE: no change necessary
(/dev/vda, 1)
> [CLOUDINIT] helpers.py[DEBUG]: Running config-resizefs using lock
()
> [CLOUDINIT] util.py[DEBUG]: Reading from /proc/1108/mountinfo
(quiet=False)
> [CLOUDINIT] util.py[DEBUG]: Read 521 bytes from /proc/1108/mountinfo
> [CLOUDINIT] cc_resizefs.py[DEBUG]: resize_info: dev=/dev/vda1 mnt_point=/
path=/
> [CLOUDINIT] cc_resizefs.py[DEBUG]: Resizing / (ext4) using resize2fs
/dev/vda1
> [CLOUDINIT] util.py[DEBUG]: Running command ('resize2fs', '/dev/vda1')
with allowed return codes [0] (shell=False, capture=True)
> [CLOUDINIT] util.py[DEBUG]: Resizing took 0.004 seconds
>
> In the base image, I have upgraded cloud-init to 0.7.4-1.el6, and
installed cloud-utils, cloud-initramfs-tools. After the first *reboot*,
growpart/resizefs does their job and the root file system is grown to disk
size.

There is no cloud-initramfs-tools package for CentOS. You need
cloud-utils-growpart and dracut-modules-growroot from EPEL6 for the initrd
based partition resizing.


> After a reboot, the relevant cloud-init logs:
> ===
> cc_growpart.py[DEBUG]: '/' NOCHANGE: no change necessary (/dev/vda, 1)
> util.py[DEBUG]: Resizing took 13.776 seconds
> cc_resizefs.py[DEBUG]: Resized root filesystem (type=ext4, val=True)

These are log messages from cloud-init's growpart run. Can you post the
boot messages from initrd growpart?


...Juerg



> I wish the growpart/resizefs happen on first boot, what can I do?
>
>
> --
> YY Inc. is hiring openstack and python developers. Interested? Check
http://soa.game.yy.com/jobs.html
>
> --
> Thanks,
> Yuanle
>
> ___
> Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe :
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] CentOS 6.5 cloud-init growpart/resizefs does not work on first boot.

2014-08-06 Thread Juerg Haefliger 
On Wed, Aug 6, 2014 at 9:11 AM, sylecn  wrote:
>
>
>
>
> On Wed, Aug 6, 2014 at 2:05 PM, Juerg Haefliger  wrote:
>>
>> Hi,
>>
>>
>> On Wed, Aug 6, 2014 at 4:35 AM, sylecn  wrote:
>> >
>> > Hi stackers,
>> >
>> > I have come across this problem of growpart/resizefs not working with
CentOS 6.5 Cloud image on first boot.
>>
>> Which kernel version are you running in the guest?
>>
>>
>>
>> > Here is the relevant config in cloud.cfg
>> > ==
>> >
>> > growpart:
>> >   mode: auto
>> >   devices: ["/"]
>> > resize_rootfs: True
>> > resize_rootfs_tmp: /dev
>> >
>> > cloud_init_modules:
>> >  - bootcmd
>> >  - write-files
>> >  - growpart
>> >  - resizefs
>>
>> Growpart called by cloud-init only works for kernels >3.8. Only newer
kernels support changing the partition size of a mounted partition. When
using an older kernel the resizing of the root partition happens in the
initrd stage before the root partition is mounted and the subsequent
cloud-init growpart run is a no-op.
>>
>>
>> > Here is the relevant log on first boot:
>> > 
>> > [CLOUDINIT] helpers.py[DEBUG]: Running config-growpart using lock
()
>> > [CLOUDINIT] util.py[DEBUG]: Running command ['growpart', '--help']
with allowed return codes [0] (shell=False, capture=True)
>> > [CLOUDINIT] util.py[DEBUG]: Reading from /proc/1108/mountinfo
(quiet=False)
>> > [CLOUDINIT] util.py[DEBUG]: Read 521 bytes from /proc/1108/mountinfo
>> > [CLOUDINIT] util.py[DEBUG]: Reading from
/sys/class/block/vda1/partition (quiet=False)
>> > [CLOUDINIT] util.py[DEBUG]: Read 2 bytes from
/sys/class/block/vda1/partition
>> > [CLOUDINIT] util.py[DEBUG]: Reading from
/sys/devices/pci:00/:00:05.0/virtio2/block/vda/dev (quiet=False)
>> > [CLOUDINIT] util.py[DEBUG]: Read 6 bytes from
/sys/devices/pci:00/:00:05.0/virtio2/block/vda/dev
>> > [CLOUDINIT] util.py[DEBUG]: Running command ['growpart', '--dry-run',
'/dev/vda', '1'] with allowed return codes [0] (shell=False, capture=True)
>> > [CLOUDINIT] util.py[DEBUG]: Running command ['growpart', '/dev/vda',
'1'] with allowed return codes [0] (shell=False, capture=True)
>> > [CLOUDINIT] util.py[DEBUG]: resize_devices took 0.076 seconds
>> > [CLOUDINIT] cc_growpart.py[DEBUG]: '/' NOCHANGE: no change necessary
(/dev/vda, 1)
>> > [CLOUDINIT] helpers.py[DEBUG]: Running config-resizefs using lock
()
>> > [CLOUDINIT] util.py[DEBUG]: Reading from /proc/1108/mountinfo
(quiet=False)
>> > [CLOUDINIT] util.py[DEBUG]: Read 521 bytes from /proc/1108/mountinfo
>> > [CLOUDINIT] cc_resizefs.py[DEBUG]: resize_info: dev=/dev/vda1
mnt_point=/ path=/
>> > [CLOUDINIT] cc_resizefs.py[DEBUG]: Resizing / (ext4) using resize2fs
/dev/vda1
>> > [CLOUDINIT] util.py[DEBUG]: Running command ('resize2fs', '/dev/vda1')
with allowed return codes [0] (shell=False, capture=True)
>> > [CLOUDINIT] util.py[DEBUG]: Resizing took 0.004 seconds
>> >
>> > In the base image, I have upgraded cloud-init to 0.7.4-1.el6, and
installed cloud-utils, cloud-initramfs-tools. After the first *reboot*,
growpart/resizefs does their job and the root file system is grown to disk
size.
>>
>> There is no cloud-initramfs-tools package for CentOS. You need
cloud-utils-growpart and dracut-modules-growroot from EPEL6 for the initrd
based partition resizing.
>>
>>
>> > After a reboot, the relevant cloud-init logs:
>> > ===
>> > cc_growpart.py[DEBUG]: '/' NOCHANGE: no change necessary (/dev/vda, 1)
>> > util.py[DEBUG]: Resizing took 13.776 seconds
>> > cc_resizefs.py[DEBUG]: Resized root filesystem (type=ext4, val=True)
>>
>> These are log messages from cloud-init's growpart run. Can you post the
boot messages from initrd growpart?
>>
>>
>> ...Juerg
>>
> Hi Juerg,
>
> I didn't know about initrd based growpart. I see both
cloud-utils-growpart and dracut-modules-growroot are installed in the base
image (via yum info).
> Do I need any config on kernel modules or build a special initrd to make
growpart work on first boot?

The initrd needs to be rebuilt after installing the dracut-modules-growroot.


> I didn't see growpart message in dmesg and kernel syslog
(/var/log/messages on the guest) in first boot and 2nd boot.
> /var/log/boot.log also has no information on that.

Re: [Openstack] Centos 7 root pasword

2014-10-15 Thread Juerg Haefliger 
On Wed, Oct 15, 2014 at 11:33 AM, Steven Hardy  wrote:
>
> On Tue, Oct 14, 2014 at 01:11:40PM +0530, Mridhul Pax wrote:
> >Hi Friends,
> >I have downloaded a centos 7 image from the following site and
created a
> >glance image. Im able to provison a server via that image and the
server
> >booted up fine. Any one know how to login to the server ?
> >I tried combinations like root/centos , centos/centos but no luck
> >I downloaded the QCOW2 image from the following link :
> >http://cloud.centos.org/centos/7/devel/

This being a CentOS question, you'd be better off asking for help on the
centos-devel mailing list. Anyways, there is no root and no password login
for CentOS cloud images. That's the case for most (CentOS, Fedora, Debian,
Ubuntu) community-built images which include the cloud-init package and
rely on a metadata service to provide a public SSH key for cloud-init to
fetch and inject into the instance. You need to create an SSH keypair in
OpenStack and specify the key name when launching an instance and then use
the private key to ssh to the instance, using user 'centos'.

...Juerg


> You've got some good suggestions already, bug FWIW I find virt-sysprep
> invaluable in these sort of situations:
>
>
http://rwmj.wordpress.com/2013/08/02/new-in-virt-sysprep-set-root-and-user-passwords/
>
> It can be used to (amongst other things) set a root password in a cloud
> image for debugging, or run a firstboot script to, for example, disable a
> troublesome service while you debug it.
>
> Steve
>
> ___
> Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe :
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack