Re: [Openstack] [Openstack-operators] [nova] instance resource quota quesetions

Thanks Joe, that is very helpful. /Craig J From: Joe Topjian mailto:j...@topjian.net>> Date: Thursday, October 23, 2014 at 10:42 AM To: Craig Jellick mailto:cjell...@godaddy.com>> Cc: "openstack@lists.openstack.org<mailto:openstack@lists.openstack.org>" mailto:o

[Openstack] [nova] instance resource quota quesetions

Hello, I have a few questions regarding the instance resource quota feature in nova which is documented here: https://wiki.openstack.org/wiki/InstanceResourceQuota First, the section on disk IO states "IO throttling are handled by QEMU." Does this mean that this feature only works when the hype

[Openstack] [keystone] Session and expired tokens

Hi, I was reading up on the Sessions API here http://docs.openstack.org/developer/python-keystoneclient/using-sessions.html and am interested in using it to connect to other OpenStack services in a long running process. The process will live longer than the token expiration time. Does the Ses

Re: [Openstack] [openstack][keystone] Creating a "project admin" rule for keystone

Answering my own question. Looks like this will walk me through exactly what I want: http://adam.younglogic.com/2013/11/policy-enforcement-openstack/ /Craig J On 6/13/14 11:45 AM, "Craig Jellick" wrote: >We use AD as the identity backend and MySQL as the assignment backend,

Re: [Openstack] [openstack][keystone] Creating a "project admin" rule for keystone

We use AD as the identity backend and MySQL as the assignment backend, but I don't see how the backends would affect what I would want to do. Sent from my iPhone > On Jun 13, 2014, at 11:22 AM, "gustavo panizzo " > wrote: > >> On 06/13/2014 02:57 PM, Craig Jell

[Openstack] [openstack][keystone] Creating a "project admin" rule for keystone

Has anyone setup a "project admin" rule for keystone? Let me explain what I mean by that rule to be clear: it should allow a user to add and remove other users to projects to which he belongs. Meaning, as a project admin for project foo, I should be able to add/remove users to project foo, but no

Re: [Openstack] RabbitMQ, HAProxy, and OpenStack

queues get setup in an HA configuration with one master and two slaves. We're running Havana with Neutron configured with the ML2 driver and ovs plugin. /Craig J From: Jitendra Bhaskar mailto:jeetuind...@gmail.com>> Date: Tuesday, May 6, 2014 10:45 AM To: Craig Jellick mailto:cjel

[Openstack] RabbitMQ, HAProxy, and OpenStack

HI all, Does anyone have experience using HAProxy as a load balancer in front of a RabbitMQ cluster for OpenStack? We have this setup in our lab and it is very susceptible to queue disconnects. In particular, the neutron security group fanout queues (q-agent-notifier-security_group-update_fano

[Openstack] windows hypervisor comparison/evaluation

Hi, Does anyone have any insight into the pros and cons of Hyper-V vs KVM for hosting Windows VMs in OpenStack? Know of any in-depth comparisons or evauations? Thanks in advance! /Craig J ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/l

Re: [Openstack] devstack + ldap

o:bto...@us.ibm.com>> Date: Thursday, March 6, 2014 10:53 AM To: Dean Troyer mailto:dtro...@gmail.com>> Cc: Craig Jellick mailto:cjell...@godaddy.com>>, "openstack@lists.openstack.org<mailto:openstack@lists.openstack.org>" mailto:openstack@lists.openstack.org>

[Openstack] devstack + ldap

Hi, I cannot get devstack + ldap working. I've tried on Ubuntu and CentOS vms and in both cases I get a similar error: In Ubuntu: + ldapdelete -x -w test -D cn=Manager,dc=openstack,dc=org -H ldap://localhost -r dc=openstack,dc=org ldap_search: No such object (32) In CentOS, it's a bit more ver

Re: [Openstack] 回复： Python Design Patterns in OpenStack

I think you should take a look a this talk: http://blip.tv/pycon-us-videos-2009-2010-2011/the-lack-of-design-patterns-in-python-2091776 TL;DR: Things that require design patterns in a language like java are so simple in python that they aren't really discussed explicitly. /Craig J From: 卐天卍 <54l

[Openstack] image caching

Hi all, Currently, when we deploy a new image, the first VM deployment with that new image to any particular compute node takes longer than normal because the image is not yet "cached" on the node. Is there a mechanism for pre-caching/pushing new images to compute nodes? I'm thinking we could

Re: [Openstack] [neutron] neutron-server iterating over all security groups, not just those in the project

Hi all, Just in case someone else runs into this problem, we wanted to give an update on this as we've solved most of it. Long story short, when the neutorn's get_security_groups API is hit with an admin context, it attempts to get all security groups. Since we have so many security groups, th

Re: [Openstack] Odd Keystone Behaviour

If you're using the default policy.json file, this seems to be the expected behavior. The "list_user_projects" method has an access rule of "admin_or_owner". All the other calls you mentioned have a rule of "admin_required". So, I'd say that most likely the user you are using does not have the rol

Re: [Openstack] nova unique name generator middleware

Agreed Joshua, for us (and probably many others), a check against DNS would be the most important thing to check against. I'm less sure about whether Designate would be appropriate for us, due to our existing internal DNS infrastucture. Will look take a deeper look into though. /Craig J From: