Re: [openstack-dev] Python overhead for rootwrap

Joe Gordon wrote: > Having rootwrap on by default makes nova-network scale very poorly by > default. Which doesn't sound like a good default, but not sure if no > rootwrap is a better default. If it boils down to that choice, by default I would pick security over performance. >> It will require

Re: [openstack-dev] Python overhead for rootwrap

On 2 August 2013 20:05, Thierry Carrez wrote: > It was a bit of a maintenance nightmare (the file was maintained in > every distribution rather than centrally in openstack). Another issue > was that we shipped the same sudoers for every combination of nodes, > allowing for example nova-api to run

Re: [openstack-dev] [Stackalytics] 0.1 release [metrics]

On Fri, 2013-07-26 at 07:40 -0700, Thierry Carrez wrote: > Stefano Maffulli wrote: > > On 07/23/2013 07:25 AM, Roman Prykhodchenko wrote: > >> I still think counting lines of code is evil because it might encourage > >> some developers to write longer code just for statistics. > > > > Data becomes

[openstack-dev] OpenStack Requirements

Hello, I'd like you to do a OpenStack Requirements code review. The reason I send this request is another patch of mine is depends on whether this one patch get approved. Please visit https://review.openstack.org/#/c/38429/ Regards and best wishes, Yijing Zhang

Re: [openstack-dev] Python overhead for rootwrap

Robert Collins wrote: > On 2 August 2013 20:05, Thierry Carrez wrote: > >> It was a bit of a maintenance nightmare (the file was maintained in >> every distribution rather than centrally in openstack). Another issue >> was that we shipped the same sudoers for every combination of nodes, >> allowi

Re: [openstack-dev] OpenStack Requirements

Yijing Zhang writes: > Hello, > > I'd like you to do a OpenStack Requirements code review. The reason I send > this request is another patch of mine is depends on whether this one patch > get approved. > > Please visit https://review.openstack.org/#/c/38429/ > > I am new here. Is it required to

Re: [openstack-dev] Python overhead for rootwrap

On Thu, 2013-07-25 at 14:40 -0600, Mike Wilson wrote: > In my opinion: > > 1. Stop using rootwrap completely and get strong argument checking support > into sudo (regex). > 2. Some sort of long lived rootwrap process, either forked by the service > that want's to shell out or a general purpose roo

Re: [openstack-dev] Python overhead for rootwrap

On Fri, Aug 02, 2013 at 10:58:11AM +0100, Mark McLoughlin wrote: > On Thu, 2013-07-25 at 14:40 -0600, Mike Wilson wrote: > > In my opinion: > > > > 1. Stop using rootwrap completely and get strong argument checking support > > into sudo (regex). > > 2. Some sort of long lived rootwrap process, eit

Re: [openstack-dev] OpenStack Requirements

On 08/02/2013 05:18 AM, Noorul Islam K M wrote: Yijing Zhang writes: Hello, I'd like you to do a OpenStack Requirements code review. The reason I send this request is another patch of mine is depends on whether this one patch get approved. Please visit https://review.openstack.org/#/c/38429/

[openstack-dev] [Climate] New architecture vision

Howdy, everyone! I'm really glad to announce some great news about Climate project started some time ago - OpenStack Reservation service. It was created to meet needs of full hosts reservation according to this

Re: [openstack-dev] [Ceilometer] Alarming should be outside of Ceilometer as a separate package.

On Thu, Aug 1, 2013 at 8:52 PM, Sandy Walsh wrote: > > > On 08/01/2013 07:22 PM, Doug Hellmann wrote: > > > > > > > > On Thu, Aug 1, 2013 at 10:31 AM, Sandy Walsh > > wrote: > > > > Hey y'all, > > > > I've had a little thorn in my claw on this topic for a

Re: [openstack-dev] [Ceilometer] Ceilometer and nova compute cells

On Thu, Aug 1, 2013 at 7:36 PM, Sam Morrison wrote: > > On 31/07/2013, at 6:45 PM, Julien Danjou wrote: > > > On Wed, Jul 31 2013, Sam Morrison wrote: > > > > Hi Sam, > > > >> Does everything that gets stored in the datastore go through the > >> ceilometer.collector.metering queue? > > > > If yo

Re: [openstack-dev] [Ceilometer] Ceilometer and nova compute cells

On Fri, Aug 02 2013, Doug Hellmann wrote: > I'm not certain any new code needs to be written. Couldn't we configure the > pipeline in the cell to send the data directly upstream to the central > collector, instead of having it pass through a collector in the cell? That would need the RPC layer to

Re: [openstack-dev] Python overhead for rootwrap

Hi On 2 August 2013 11:15, Daniel P. Berrange wrote: > better is really missing the bigger picture. In Linux, there has been > a move away from use of sudo or similar approaches, towards the idea > of having privileged separated services. So if you wanted todo stuff > I think it would be fair t

Re: [openstack-dev] Python overhead for rootwrap

Daniel P. Berrange wrote: > On Fri, Aug 02, 2013 at 10:58:11AM +0100, Mark McLoughlin wrote: >> On Thu, 2013-07-25 at 14:40 -0600, Mike Wilson wrote: >>> In my opinion: >>> >>> 1. Stop using rootwrap completely and get strong argument checking support >>> into sudo (regex). >>> 2. Some sort of long

[openstack-dev] [Neutron] OVS Agent and OF bridges

Hi, As I understand, current OVS Quantum agent is assuming that there are two Openflow bridges (br-int and br-tun). "br_tun", I think, is introduced to take care of overlay tunnels. With flow based tunnel selection and tunnel parameters definition, I think br-tun is no longer required. Remo

Re: [openstack-dev] Python overhead for rootwrap

On Fri, Aug 02, 2013 at 12:50:08PM +0100, Chris Jones wrote: > Hi > > On 2 August 2013 11:15, Daniel P. Berrange wrote: > > > better is really missing the bigger picture. In Linux, there has been > > a move away from use of sudo or similar approaches, towards the idea > > of having privileged se

Re: [openstack-dev] [Ceilometer] Ceilometer and nova compute cells

On Fri, Aug 2, 2013 at 7:47 AM, Julien Danjou wrote: > On Fri, Aug 02 2013, Doug Hellmann wrote: > > > I'm not certain any new code needs to be written. Couldn't we configure > the > > pipeline in the cell to send the data directly upstream to the central > > collector, instead of having it pass

Re: [openstack-dev] [qa] How to apply submit Nova v3 API tempest tests

On 08/02/2013 01:23 AM, Christopher Yeoh wrote: Hi, Matthew Trenish brought up an issue on one of the proposed Nova V3 API tempest tests: > So I get why you do things this way. But, unlike nova we aren't going to be able to do part1 > being a straight copy and paste. Doing so will double the

Re: [openstack-dev] [Neutron] OVS Agent and OF bridges

On Aug 2, 2013, at 7:02 AM, Addepalli Srini-B22160 wrote: > > Hi, > > As I understand, current OVS Quantum agent is assuming that there are two > Openflow bridges (br-int and br-tun). > > “br_tun”, I think, is introduced to take care of overlay tunnels. > > With flow based tunnel selectio

Re: [openstack-dev] Python overhead for rootwrap

Hi On 2 August 2013 13:14, Daniel P. Berrange wrote: > for managing VMs. Nova isn't using as much as it could do though. Nova > isn't using any of libvirt's storage or network related APIs currently, > which could obsolete some of its uses of rootwrap. That certainly sounds like a useful thing

Re: [openstack-dev] [Ceilometer] Alarming should be outside of Ceilometer as a separate package.

On 08/02/2013 08:38 AM, Doug Hellmann wrote: > > > > On Thu, Aug 1, 2013 at 8:52 PM, Sandy Walsh > wrote: > > > > On 08/01/2013 07:22 PM, Doug Hellmann wrote: > > > > > > > > On Thu, Aug 1, 2013 at 10:31 AM, Sandy Walsh > mailto:san

Re: [openstack-dev] [Glance] images tasks API -- final call for comments

Hi Paul, There wasn't a follow up on the mailing list (actually, I guess this is it!). Basically, we discussed Jay's points in the glance meetings and on irc, and decided to stick with this approach. I think the final exchange in that thread sums it up, he understands why we're proposing to d

[openstack-dev] [Ceilometer] Looking for some help understanding default meters

Hey all, I've been poking around to get an understanding of what some of these default meters mean in the course of researching this Glance bug (https://bugs.launchpad.net/ceilometer/+bug/1201701). I was wondering if anyone could explain to me what the instance meter is. The unit 'instance' sor

Re: [openstack-dev] Python overhead for rootwrap

On 08/02/2013 07:52 AM, Thierry Carrez wrote: > Daniel P. Berrange wrote: >> On Fri, Aug 02, 2013 at 10:58:11AM +0100, Mark McLoughlin wrote: >>> On Thu, 2013-07-25 at 14:40 -0600, Mike Wilson wrote: In my opinion: 1. Stop using rootwrap completely and get strong argument checking su

Re: [openstack-dev] Python overhead for rootwrap

I would like to do this because it will let me grind out details I need to cover for other tasks, but I'm in danger of over committing myself. How fast do you want it done? ... because that is a big job ... # Shawn Hartsock Russell Bryant wrote: On 08/02/2013 07:52 AM, Thierry Carrez wrote: >

Re: [openstack-dev] [qa] How to apply submit Nova v3 API tempest tests

On Fri, 02 Aug 2013 09:29:48 -0400 David Kranz wrote: > On 08/02/2013 01:23 AM, Christopher Yeoh wrote: > > times we run these tests in > > > the gate once this gets merged. I think it would be best to go > > > about > > this as smaller patches in a > > > longer series, just adding the v3 tests,

[openstack-dev] [climate] Mirantis proposal to extend Climate to support virtual resources reservation

Dear All, There has been some discussions recently about project Climate on Stackforge which aim is to provide host reservation services. This project is somehow related to https://wiki.openstack.org/wiki/WholeHostAllocation in that Climate intends to deal with the reservation part of dedicat

Re: [openstack-dev] [Ceilometer] Alarming should be outside of Ceilometer as a separate package.

> On 08/01/2013 07:22 PM, Doug Hellmann wrote: > > > > > > > > On Thu, Aug 1, 2013 at 10:31 AM, Sandy Walsh > > wrote: > > > > Hey y'all, > > > > I've had a little thorn in my claw on this topic for a while and > > thought > > I'd ask the lar

Re: [openstack-dev] [taskflow] Taskflow Video Tutorial

Hi Jessica! Unfortunately, I'm getting "This account's public links are generating too much traffic and have been temporarily disabled!" when I go to that link... Is there an alternate location? I'm quite curious about the task flow library and am looking forward to watching the vid :) Bes

[openstack-dev] [Infra] New "Bug" tags in commit messages

Hi, Anthony Dodd has recently implemented some cool new features that we discussed at the summit -- driving more automation from commit messages. Here's what you need to know to use the new features: Use header style references when referencing a bug in your commit log. The following styles are n

Re: [openstack-dev] [Infra] New "Bug" tags in commit messages

On Fri, Aug 2, 2013 at 6:00 PM, James E. Blair wrote: > [2] https://wiki.openstack.org/wiki/GitCommitMessages Cool new stuff, I think this page may need to get updated. Chmouel. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://l

Re: [openstack-dev] [taskflow] Taskflow Video Tutorial

Yes - sorry about that. Wasn't thinking ahead when I uploaded the video. :p You can view it on youtube here: http://www.youtube.com/watch?v=SJLc3U-KYxQ On Aug 2, 2013, at 10:49 AM, Jay Pipes mailto:jaypi...@gmail.com>> wrote: Hi Jessica! Unfortunately, I'm getting "This account's public lin

Re: [openstack-dev] [Infra] New "Bug" tags in commit messages

On Fri, 2013-08-02 at 09:00 -0700, James E. Blair wrote: > Hi, > > Anthony Dodd has recently implemented some cool new features that we > discussed at the summit -- driving more automation from commit messages. > Here's what you need to know to use the new features: > > Use header style reference

Re: [openstack-dev] [Infra] New "Bug" tags in commit messages

On 13-08-02 12:13 PM, Mark McLoughlin wrote: On Fri, 2013-08-02 at 09:00 -0700, James E. Blair wrote: Hi, Anthony Dodd has recently implemented some cool new features that we discussed at the summit -- driving more automation from commit messages. Here's what you need to know to use the new fea

Re: [openstack-dev] [Ceilometer] Alarming should be outside of Ceilometer as a separate package.

On 08/02/2013 12:27 PM, Eoghan Glynn wrote: > >> On 08/01/2013 07:22 PM, Doug Hellmann wrote: >>> >>> >>> >>> On Thu, Aug 1, 2013 at 10:31 AM, Sandy Walsh >> > wrote: >>> >>> Hey y'all, >>> >>> I've had a little thorn in my claw on this topic for a while

Re: [openstack-dev] [Neutron] devstack + neutron fails on firewall_driver

Following up on my own thread, the fix can be integrated into ./stack.sh by adding this to the localrc: > # FIXES: https://bugs.launchpad.net/neutron/+bug/1206013 > OSLOCFG_REPO=https://github.com/openstack/oslo.config.git > OSLOCFG_BRANCH=1.2.0a3 If you've already run stack, might have to set

Re: [openstack-dev] [taskflow] Taskflow Video Tutorial

Thanks much! On 08/02/2013 12:06 PM, Jessica Lucci wrote: Yes - sorry about that. Wasn't thinking ahead when I uploaded the video. :p You can view it on youtube here: http://www.youtube.com/watch?v=SJLc3U-KYxQ * * On Aug 2, 2013, at 10:49 AM, Jay Pipes mailto:jaypi...@gmail.com>> wrote: H

Re: [openstack-dev] Python overhead for rootwrap

> Any solution where you need to modify sudoers every time the code > changes is painful, because there is only one sudo configuration on a > machine and it's owned by root. Hmm? At least on ubuntu there is a default /etc/sudoers.d directory, where we could land per-service files like nova-compute

Re: [openstack-dev] [Nova] Review request: Blurprint of API validation

On 07/09/2013 07:45 AM, Ken'ichi Ohmichi wrote: > > Hi, > > The blueprint "nova-api-validation-fw" has not been approved yet. > I hope the core patch of this blueprint is merged to Havana-2, > because of completing comprehensive API validation of Nova v3 API > for Havana release. What should we d

[openstack-dev] [UX] - Voting for New UX Discussion Tool Started

Hi folks, UX community for OpenStack (https://plus.google.com/u/0/communities/100954512393463248122) is looking for new place for UX related discussions. Current format of Google+ is bringing us lot of issues, which we are trying to resolve with new tool, where developers/designers can ask UX

Re: [openstack-dev] [Nova] Review request: Blurprint of API validation

On Fri, Aug 2, 2013 at 4:35 PM, Russell Bryant wrote: > On 07/09/2013 07:45 AM, Ken'ichi Ohmichi wrote: > > > > Hi, > > > > The blueprint "nova-api-validation-fw" has not been approved yet. > > I hope the core patch of this blueprint is merged to Havana-2, > > because of completing comprehensive

Re: [openstack-dev] [Nova] Review request: Blurprint of API validation

On 08/02/2013 05:13 PM, Doug Hellmann wrote: > When we discussed this earlier, there was concern about moving to a > completely new toolset for the new API in Havana because of other > changes going on at the same time (something to do with extensions, > IIRC). I agreed it made sense to stick with

[openstack-dev] [nova][glance] Future of nova's image API

Hi All, even though Glance, has been pulled out of Nova years ago, Nova still has a images API that proxies back to Glance. Since Nova is in the process of creating a new, V3, API, we know have a chance to re-evaluate this API. * Do we still need this in Nova, is there any reason to not just use

[openstack-dev] [Ceilometer] Event API Access Controls

Hello, I'm currently implementing the event api blueprint[0], and am wondering what access controls we should impose on the event api. The purpose of the blueprint is to provide a StackTach equivalent in the ceilometer api. I believe that StackTach is used as an internal tool which end with no acce

Re: [openstack-dev] Keystone Split Backend LDAP Question

Hello, With some minor tweaking of the keystone common/ldap/core.py file, I have been able to authenticate and get an unscoped token for a user from an LDAP Enterprise Directory. I want to continue testing but I have some questions that need to be answered before I can continue. 1. Do I

[openstack-dev] Enabling neutron gating

Hi Folks It looks like neutron gating error improves as much as non-neutron gating one, so I would like to suggest to enable neturon-gating again. This is 12 hours failure rate in 2013-08-01. gate-tempest-devstack-vm-full:18.75% gate-tempest-devstack-vm-neutron:13.21% There are graphs [1] netu

Re: [openstack-dev] [Nova] Review request: Blurprint of API validation

On Fri, Aug 2, 2013 at 5:19 PM, Russell Bryant wrote: > On 08/02/2013 05:13 PM, Doug Hellmann wrote: > > When we discussed this earlier, there was concern about moving to a > > completely new toolset for the new API in Havana because of other > > changes going on at the same time (something to do

Re: [openstack-dev] [Ironic] Nomination to add Chris Krelle to ironic core

It's official -- welcome, Chris! On Wed, Jul 31, 2013 at 6:57 PM, Wentian Jiang wrote: > Chris +1 > > > On Thu, Aug 1, 2013 at 4:17 AM, Joe Gordon wrote: > >> +1 >> >> >> On Wed, Jul 31, 2013 at 9:41 AM, Lucas Alvares Gomes < >> lucasago...@gmail.com> wrote: >> >>> +1 >>> >>> On Wed, Jul 31, 20

Re: [openstack-dev] [Neutron] devstack + neutron fails on firewall_driver

On 08/02/2013 01:06 PM, James Kyle wrote: > Following up on my own thread, the fix can be integrated into > ../stack.sh by adding this to the localrc: > >> # FIXES: https://bugs.launchpad.net/neutron/+bug/1206013 >> OSLOCFG_REPO=https://github.com/openstack/oslo.config.git >> OSLOCFG_BRANCH=1.2.

Re: [openstack-dev] [nova][glance] Future of nova's image API

On 08/02/2013 05:23 PM, Joe Gordon wrote: > Hi All, > > even though Glance, has been pulled out of Nova years ago, Nova still > has a images API that proxies back to Glance. Since Nova is in the > process of creating a new, V3, API, we know have a chance to re-evaluate > this API. > > * Do we

[openstack-dev] [Neutron] FWaaS: Support for explicit commit

Hi All, In Neutron Firewall as a Service (FWaaS), we currently support an implicit commit mode, wherein a change made to a firewall_rule is propagated immediately to all the firewalls that use this rule (via the firewall_policy association), and the rule gets applied in the backend firewalls. This

Re: [openstack-dev] [nova][glance] Future of nova's image API

Hi Joe, ​ ​Am on my phone so can't find the links at the moment but there was some discussion around this when working out what we should leave out of the v3 api. Some people had concerns about exposing the glance api publicly and so wanted to retain the images support in Nova. ​ ​So the con

Re: [openstack-dev] [Nova] Review request: Blurprint of API validation

On Sat, Aug 3, 2013 at 9:16 AM, Doug Hellmann mailto:doug.hellm...@dreamhost.com";>> wrote: On Fri, Aug 2, 2013 at 5:19 PM, Russell Bryant wrote: On 08/02/2013 05:13 PM, Doug Hellmann wrote: > When we discussed this earlier, there was concern about moving to a > completely new toolset for th

Re: [openstack-dev] Python overhead for rootwrap

On Fri, Aug 2, 2013 at 10:33 AM, Dan Smith wrote: > > Any solution where you need to modify sudoers every time the code > > changes is painful, because there is only one sudo configuration on a > > machine and it's owned by root. > > Hmm? At least on ubuntu there is a default /etc/sudoers.d direc