[Openstack] install keystone +download data script

Hi Dear All Is another URL for downloading data script from https://github.com/EmilienM/openstack-grizzly-guide/raw/master/scripts/keystone-data.sh because of error :Page Not Found !!! Thanks ___ Mailing list: https://launchpad.net/~openstack Post to

Re: [Openstack] install keystone +download data script

Try this form of the URL: https://raw.github.com/EmilienM/openstack-folsom-guide/master/scripts/keystone-data.sh On May 14, 2013, at 12:18 AM, Mahzad Zahedi wrote: > Hi Dear All > > Is another URL for downloading data script from > https://github.com/EmilienM/openstack-grizzly-guide/raw/maste

Re: [Openstack] install keystone +download data script

To clarify, this is the devstack trunk version of the file: https://github.com/openstack-dev/devstack/blob/master/files/keystone_data.sh It is referenced by the official OpenStack developer documentation: http://docs.openstack.org/developer/keystone/installing.html The Folsom version of the scr

[Openstack] [OPENSTACK] VMs don't start on host machine reboot (Grizzly over Ubuntu 13.04)

Hello, I recently installed Grizzly (single-node) on Ubuntu 13.04 on x86 64 bit having two physical NICs. I posted about the networking issues that I was facing after the installation in an earlier post. Well, while I was debugging the networking issue, I came across a more serious issue -- my host

Re: [Openstack] [OPENSTACK] VMs don't start on host machine reboot (Grizzly over Ubuntu 13.04)

seems like the roog disk is not a bootable device, you may need to check the vda/xvda device in libvirt XML config file is bootable or not. 2013-05-14 Wangpan 发件人：Nikhil Mittal 发送时间：2013-05-14 15:59 主题：[Openstack] [OPENSTACK] VMs don't start on host machine reboot (Grizzly over Ubuntu 13.0

Re: [Openstack] [OPENSTACK] VMs don't start on host machine reboot (Grizzly over Ubuntu 13.04)

Wang, I guess you are referring to to the instance specific XML file under /etc/libvirt/qemu. It has the following section having 'vda': === /usr/bin/kvm === Can you specify what exactly I need to chang

Re: [Openstack] [OPENSTACK] VMs don't start on host machine reboot (Grizzly over Ubuntu 13.04)

Nikhil What the 'qemu-img info /var/lib/nova/instances/a562a6c9-9253-4f22-8076-344e855f713d/disk' command say? Zhi Yan On Tue, May 14, 2013 at 5:43 PM, Nikhil Mittal wrote: > Wang, > I guess you are referring to to the instance specific XML file under > /etc/libvirt/qemu. It has the following

Re: [Openstack] [OPENSTACK] VMs don't start on host machine reboot (Grizzly over Ubuntu 13.04)

Here it is: === image: /var/lib/nova/instances/a562a6c9-9253-4f22-8076-344e855f713d/disk file format: qcow2 virtual size: 160G (171798691840 bytes) disk size: 200K cluster_size: 65536 backing file: /var/lib/nova/instances/_base/6a2ba9ce1da1fbdc28a3da86332cb65193a2bf96 === BT

[Openstack] nova-consoleauth timeout

Hi, I am having some problems with starting a novnc console. When I try to connect on the URL generated by "nova get-vnc-console", it is stuck with a "Starting VNC handshake" message. After a while, it will show "Failed to connect to server (code: 1006)". I am using nova-consoleauth with qpid. Di

[Openstack] security blueprint related to os binaries

Hi, I've added a blueprint https://blueprints.launchpad.net/hacking/+spec/absolute-paths-of-os-binaries Please, take a look and let's discuss it if it makes sense. Thank you Stas. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@

[Openstack] [Grizzly] NoneType object unsubscriptable while setting up keystone

Greetings, I am currently trying to install Grizzly on a single node running Red Hat Enterprise Linux Server release 6.4, using RedHat's RDO repository (http://repos.fedorapeople.org/repos/openstack/openstack-grizzly/epel-6/). The related keystone RPM is openstack-keystone-2013.1-1.el6.no

Re: [Openstack] security blueprint related to os binaries

Err, sounds like a lot of work to make the code more fragile. If you want to be paranoid about launching the right command, do it by sanity-checking $PATH, not by hardcoding the path of all the executables you call. On Tue, May 14, 2013 at 5:56 AM, Stanislav Pugachev < spugac...@griddynamics.com

[Openstack] keystone

I have followed basic install guide openstack on ubuntu (grizzy) so for configuration keystone first, I have created openrc File and added below lines into it: export OS_TENANT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=password export OS_AUTH_URL="http://localhost:5000/v2.0/"; expor

Re: [Openstack] security blueprint related to os binaries

Why do you think code will become more fragile? It will be more defended. How $PATH checking will help if someone will change the binary? And it is not so much work to do here. On Tue, May 14, 2013 at 3:36 PM, Victor Lowther wrote: > Err, sounds like a lot of work to make the code more fragile.

[Openstack] install glance+ error

# apt-get install -y glance glance-api glance-registry python-glanceclient glance-common Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: python-glance python-json-patch python-json-pointer python-jsonschema

Re: [Openstack] install glance+ error

Just  append into /etc/apt/apt.conf.d/70debconf the following line:APT::Get::AllowUnauthenticated "true";and relaunch the upgrade then the install, you should be goodRegards, Razique Mahroua - Nuage & Corazique.mahr...@gmail.comTel : +33 9 72 37 94 15 Le 14 mai 2013 à 15:22, Mahzad Zahedi

[Openstack] TempUrl werking

Onze tempurl configuratie in de objectstore blijkt niet zo eenvoudig te werken. De oorzaak is dat we de URL van de objectstore vereenvoudigen, maar de originele (complexe) url gebruikt wordt voor de hash-berekening. Op zich werkt het, maar mensen die niet zelf ooit een swift cluster hebben gebo

Re: [Openstack] centos5.5_64bit image for openstack

Could you please give a better instruction on how I cam make .img from qcow2? PS: sorry for sending the mail twice On 12 May 2013 13:00, Ray Sun wrote: > Rakespace provide a lot of openstack images here: > > https://github.com/rackerjoe/oz-image-build > > You can create your own image followed

Re: [Openstack] keystone

Looks like you have typos in x.sh On 05/14/2013 08:43 AM, Mahzad Zahedi wrote: I have followed basic install guide openstack on ubuntu (grizzy) so for configuration keystone first, I have created openrc File and added below lines into it: export OS_TENANT_NAME=admin export OS_USERNAME=admin

[Openstack] Compute node with xenserver

Hi ! I have 1) Controller on Ubuntu 12.04 LTS (used devstack) 2) Node Compute on Ubuntu 12.04 LTS with KVM hypervisor (used devstack) And i would like to have a node compute on xenserver. But i don't know how to do it. Can you help me and say me the steps to do it, please ? -- regards, Alexan

Re: [Openstack] Compute node with xenserver

Hi Alexandre, Interesting question! I'd suggest you follow the devstack installation guide at https://wiki.openstack.org/wiki/XenServer/DevStack. There is a handy script there which makes installation of devstack on an existing XenServer or other XenAPI host very straight forward. It would a

Re: [Openstack] security blueprint related to os binaries

On 14/05/13 12:02, Stanislav Pugachev wrote: Hi, I've added a blueprint https://blueprints.launchpad.net/hacking/+spec/absolute-paths-of-os-binaries Please, take a look and let's discuss it if it makes sense. Thank you Stas. Am I correct in thinking that, if the attacker is able to modify $PATH

Re: [Openstack] security blueprint related to os binaries

I think it will become more fragile because (despite over a decade of trying to standardize these things), not all the distros put their binaries in the same places -- for example, I have seen brctl live in /sbin, /usr/sbin, and /usr/bin. It is much easier to sanity-check (or allow for customizatio

[Openstack] Cinder's LVM vg creation when installing Grizzly

Hi, I have questions regarding this part of the Grizzly install guide that's up on github: . Finally, don't forget to create a volumegroup and name it cinder-volumes: . dd if=/dev/zero of=cinder-volumes bs=1 count=0 seek=2G . losetup /dev/loop2 cinder-volumes .

Re: [Openstack] Cinder's LVM vg creation when installing Grizzly

On Tue, May 14, 2013 at 9:06 AM, Chris Bartels wrote: > Hi, > > ** ** > > I have questions regarding this part of the Grizzly install guide that’s > up on github: > > ** ** > > **· **Finally, don't forget to create a volumegroup and name it > cinder-volumes: > > **· **

Re: [Openstack] Cinder's LVM vg creation when installing Grizzly

Hi, please see my answers below Razique Mahroua - Nuage & Corazique.mahr...@gmail.comTel : +33 9 72 37 94 15 Le 14 mai 2013 à 17:06, "Chris Bartels" a écrit :Hi, I have questions regarding this part of the Grizzly install guide that’s up on github: · Finally,

Re: [Openstack] New code name for networks

Not sure if this has been proposed before or even it is at all feasible, but how about changing the last/first letter? Quantum -> QuantuS, QuantuN, Cuantum...? There are a plenty of options to go by. On Mon, May 13, 2013 at 5:28 PM, Monty Taylor wrote: > > > On 05/13/2013 11:03 AM, Doug Hellma

Re: [Openstack] security blueprint related to os binaries

Attacker can put binary in /usr/local/bin for example. on ubuntu that path located before /usr/bin. We could create some templates with absolute paths to binaries for each distro (deb-based, rhel-based) and auto-detect them. On Tue, May 14, 2013 at 3:36 PM, Victor Lowther wrote: > Err, sounds l

Re: [Openstack] security blueprint related to os binaries

On Tue, 2013-05-14 at 18:38 +0300, Vasiliy Khomenko wrote: > Attacker can put binary in /usr/local/bin for example. on ubuntu that > path located before /usr/bin. If the attacker has write access to /usr/local/bin, it's already game over; I don't see what we can do to nova that can mitigate someth

Re: [Openstack] Compute node with xenserver

Thanks for your reply Bob. Ok now i have a xenserver with a domU. I have followed this doc : https://github.com/openstack-dev/devstack/blob/master/tools/xen/README.md But now how to indicate that this xenserver is the compute node of my Controller on Ubuntu 12.04 LTS (used devstack) ? Alex 2013

Re: [Openstack] security blueprint related to os binaries

Agree. Hardcoding full pathnames is a bad practice in general. On 5/14/13 11:50 AM, "Kevin L. Mitchell" wrote: >On Tue, 2013-05-14 at 18:38 +0300, Vasiliy Khomenko wrote: >> Attacker can put binary in /usr/local/bin for example. on ubuntu that >> path located before /usr/bin. > >If the attacke

Re: [Openstack] Compute node with xenserver

Hi Alex, There appear to be conflicting (or partially incomplete) guides for this at http://devstack.org/guides/multinode-lab.html and at http://devstack.org/localrc.html. There is full documentation on the stack script and which settings you need to consider for multi host (search for multi)

Re: [Openstack] security blueprint related to os binaries

from the security point of view its not so bad practice On Tue, May 14, 2013 at 6:57 PM, Wyllys Ingersoll < wyllys.ingers...@evault.com> wrote: > Agree. Hardcoding full pathnames is a bad practice in general. > > > On 5/14/13 11:50 AM, "Kevin L. Mitchell" > wrote: > > >On Tue, 2013-05-14 at 18

Re: [Openstack] security blueprint related to os binaries

What attack does hardcoding a path to a specific executable protect against? On the downside, It makes the code far less portable, harder to maintain, and less flexible in the face of alternative directory structures and system configurations. From: Stanislav Pugachev mailto:spugac...@griddy

Re: [Openstack] keystone

The "SERVICE_TOKEN" is not a password; it should either be a valid token that you've generated using credentials + keystone token-get, or the value of keystone.conf's static admin_token option. I'm not familiar with x.sh so I don't know if you should remove SERVICE_* env vars or the OS_* ones, but

Re: [Openstack] security blueprint related to os binaries

If an attacker can put a binary in /usr/local/bin, they already have root and we are doomed anyways. If you are still worried about it, reorder PATH so that /usr/local/whatever comes last instead of first. On Tue, May 14, 2013 at 10:38 AM, Vasiliy Khomenko < vkhome...@griddynamics.com> wrote: >

Re: [Openstack] security blueprint related to os binaries

On Tue, May 14, 2013 at 9:25 AM, Mac Innes, Kiall wrote: > On 14/05/13 12:02, Stanislav Pugachev wrote: > Hi, > I've added a blueprint > https://blueprints.launchpad.net/hacking/+spec/absolute-paths-of-os-binaries > Please, take a look and let's discuss it if it makes sense. > Thank you > Stas. >

[Openstack] Distributed CPU/Memory

I just discovered ScaleMP, with their ability to consolidate CPU cores & memory from across the network to create large VMs out of disparate server nodes & was wondering if there was anyone working on something similar with OpenStack. Has anyone heard of such a thing? Google doesn't say much on the

Re: [Openstack] security blueprint related to os binaries

Kevin L. Mitchell wrote: > On Tue, 2013-05-14 at 18:38 +0300, Vasiliy Khomenko wrote: >> Attacker can put binary in /usr/local/bin for example. on ubuntu that >> path located before /usr/bin. > > If the attacker has write access to /usr/local/bin, it's already game > over; I don't see what we can

[Openstack] [metering] Ceilometer plugin for VM provisioning metrics

Hello. The task I'm trying to implement is gather provisioning metrics from OpenStack VMs using Ceilometer. Precisely, I need to provide time of execution for the provisioning tasks *scheduling, **spawning, networking *via Ceilometer. After reading Ceilometer and Nova documentation I figured out

Re: [Openstack] AuthN/AuthZ

*bump* Here's the tl;dr version: - How have other folks handled integration of OpenStack with existing authN/authZ infrastructures? I'm particularly interested in the automatic mapping of existing LDAP groups to roles/tenants within openstack. - Are there plans to add support for the auth plugins

Re: [Openstack] ConnectQuantum to VLAN-tagged physical network

Hi Yiting, It doesn't mean you *have* to use vconfig, but that's how I configured this set of nodes. I will try with ovs-vsctl alone once I set up a new node for the cluster. Some articles you may find useful: http://blog.scottlowe.org/2012/10/04/some-insight-into-open-vswitch-configuration/ http

Re: [Openstack] provision of dynamic flavor

"Openstack" wrote on 05/08/2013 06:29:02 AM: > From: Pratik Gadiya > To: "openstack@lists.launchpad.net" , > Date: 05/08/2013 06:30 AM > Subject: [Openstack] provision of dynamic flavor > Sent by: "Openstack" > > Hi All, > > I want to provide dynamic flavors to user according to his/her > speci

Re: [Openstack] nova-consoleauth timeout

I did more digging and found the following: 2013-05-15 13:56:25.881 AUDIT nova.consoleauth.manager [req-71725790-fe8d-4919-87aa-d5e0ce9870a7 None None] Checking Token: 2a276401-9cfd-4dee-a811-3ab9460b76dc, True) 2013-05-15 13:56:25.882 DEBUG nova.openstack.common.rpc.amqp [req-71725790-fe8d-4919-8