[openstack-dev] [Stable][Nova] VMware NSXv Support

2015-08-05 Thread Gary Kotton
Hi, In the Kilo cycle a Neutron driver was added for supporting the Vmware NSXv plugin. This required patches in Nova to enable the plugin to work with Nova. These patches finally landed yesterday. I have back ported them to stable/kilo as the Neutron driver is unable to work without these in st

Re: [openstack-dev] [Cinder] A possible solution for HA Active-Active

2015-08-05 Thread Flavio Percoco
On 04/08/15 23:39 -0700, Mike Perez wrote: On Tue, Aug 4, 2015 at 7:47 PM, Morgan Fainberg wrote: On Tue, Aug 4, 2015 at 1:43 AM, Gorka Eguileor wrote: On Tue, Aug 04, 2015 at 05:47:44AM +1000, Morgan Fainberg wrote: > > > On Aug 4, 2015, at 01:42, Fox, Kevin M wrote: > > > > I'm usually f

Re: [openstack-dev] [Cinder] A possible solution for HA Active-Active

2015-08-05 Thread Philipp Marek
> >Well, is it already decided that Pacemaker would be chosen to provide HA in > >Openstack? There's been a talk "Pacemaker: the PID 1 of Openstack" IIRC. > > > >I know that Pacemaker's been pushed aside in an earlier ML post, but IMO > >there's already *so much* been done for HA in Pacemaker that

Re: [openstack-dev] [Neutron] Common Base class for agents

2015-08-05 Thread Sean M. Collins
On Wed, Aug 05, 2015 at 01:42:20AM EDT, Sukhdev Kapur wrote: > We discussed this in ML2 sub-team meeting last week and felt the best > approach is to implement this agent in a separate repo. > > There is already an on-going effort/plan for modular L2 agent. This agent > would be a perfect candidat

[openstack-dev] [nova] Adding "Project_id" to the display list when using nova server-group-list

2015-08-05 Thread Zhenyu Zheng
Hi All, Currently, when using command: nova server-group-list, server groups' project id will not be displayed. As the admin user can use option "--all-projects" to list server groups in all projects, it will be really difficult to identify which serer group belongs to which project. It will be be

Re: [openstack-dev] [python-neutronclient][neutron] sub-project client extensions

2015-08-05 Thread Mohankumar N
Hi Fawad, If I understood your question correctly , here some ways to do [1] you want to extend your client side packages . you can include entry point in “setup.cfg” https://review.openstack.org/#/c/200065/1/setup.cfg [2] To extend python-neutronclient base packages , you can add in “re

Re: [openstack-dev] [Keystone][Fernet] HA SQL backend for Fernet keys

2015-08-05 Thread Adam Heczko
Hi, I believe that Barbican keystore for signing keys was discussed earlier. I'm not sure if that's best idea since Barbican relies on Keystone authN/authZ. That's why this mechanism should be considered rather as "out of band" to Keystone/OS API and is rather devops task. regards, Adam On We

Re: [openstack-dev] [Neutron] Common Base class for agents

2015-08-05 Thread Andreas Scheuring
Sukhdev, last week I spent some time to figure out the current state of modular l2 agent design and discussion. I got the impression it's not in a good shape! So I personally don't think that it makes any sense to start with a modular l2 agent prototype and in the worst case throw it all away, as

Re: [openstack-dev] [Cinder] A possible solution for HA Active-Active

2015-08-05 Thread Gorka Eguileor
On Tue, Aug 04, 2015 at 08:30:17AM -0700, Joshua Harlow wrote: > Duncan Thomas wrote: > >On 3 August 2015 at 20:53, Clint Byrum >> wrote: > > > >Excerpts from Devananda van der Veen's message of 2015-08-03 > >08:53:21 -0700: > >Also on a side note, I think Cind

Re: [openstack-dev] [Cinder] A possible solution for HA Active-Active

2015-08-05 Thread Gorka Eguileor
On Tue, Aug 04, 2015 at 08:40:13AM -0700, Joshua Harlow wrote: > Clint Byrum wrote: > >Excerpts from Devananda van der Veen's message of 2015-08-03 08:53:21 -0700: > >>On Mon, Aug 3, 2015 at 8:41 AM Joshua Harlow wrote: > >> > >>>Clint Byrum wrote: > Excerpts from Gorka Eguileor's message of 2

Re: [openstack-dev] [python-neutronclient][neutron] sub-project client extensions

2015-08-05 Thread Fawad Khaliq
Thanks Mohankumar. Option #1 is exactly what I was looking for and that should work. Thanks a lot! Fawad Khaliq On Wed, Aug 5, 2015 at 12:36 PM, Mohankumar N wrote: > Hi Fawad, > > > > If I understood your question correctly , here some ways to do > > > > [1] you want to extend your client si

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-05 Thread David Chadwick
Hi Jamie On 05/08/2015 00:46, Jamie Lennox wrote: > > > - Original Message - >> From: "Steve Martinelli" To: "OpenStack >> Development Mailing List (not for usage questions)" >> Sent: Wednesday, August 5, 2015 >> 3:59:34 AM Subject: Re: [openstack-dev] [Keystone] [Horizon] >> Federated

Re: [openstack-dev] [Stable][Nova] VMware NSXv Support

2015-08-05 Thread Kuvaja, Erno
Hi Gary, While I do understand the interest to get this functionality included, I really fail to see how it would comply with the Stable Branch Policy: https://wiki.openstack.org/wiki/StableBranch#Stable_branch_policy Obviously the last say is on stable-maint-core, but normally new features are

Re: [openstack-dev] [CI]How to set proxy for nodepool

2015-08-05 Thread Xie, Xianshan
Hi Ramy, Thanks for your patience. I have tried your suggestion, but it did not work for me. According to the log, this element has already ran in the chroot before the pip commands are executed. So, in theory, the pip command would run behind this proxy, but the connection errors are still rais

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-05 Thread David Chadwick
On 04/08/2015 18:59, Steve Martinelli wrote: > Right, but that API is/should be protected. If we want to list IdPs > *before* authenticating a user, we either need: 1) a new API for listing > public IdPs or 2) a new policy that doesn't protect that API. Hi Steve yes this was my understanding of

Re: [openstack-dev] [Stable][Nova] VMware NSXv Support

2015-08-05 Thread Gary Kotton
Hi, Thanks for the comments. I agree with you that this does not comply with the policy. I wanted to raise the issue as whoever is going to use the Neutron driver with stable/kilo will need these patches. I will update the plugin wiki indicating that these two patches are required to get it work

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-05 Thread David Chadwick
On 04/08/2015 17:51, Lin Hua Cheng wrote: > Hi David, > > There was a similar effort in Kilo to design the flow in the login page > for federated login[1]. WebSSO feature[2] was implemented in Kilo, it > allows the user to perform federated login by selecting an IdP > protocol. This have test

Re: [openstack-dev] [mistral] BPMN support

2015-08-05 Thread ITZIKOWITZ, Noy (Noy)
Thanks Dmitri! From: Dmitri Zimine Reply-To: "OpenStack Development Mailing List (not for usage questions)" Date: Tuesday, August 4, 2015 at 22:14 To: "OpenStack Development Mailing List (not for usage questions)" Subject: Re: [openstack-dev] [mistral] BPMN support Hi Noy, The short answer is No

[openstack-dev] [nova][FFE] Feature Freeze Exception Request

2015-08-05 Thread Sajeesh Cimson Sasi
Hello, I would like to request feature freeze exception for the implementation of Nested Quota Driver for Nova, which does the quota management of nested projects. Blueprint https://blueprints.launchpad.net/nova/+spec/nested-quota-driver-api Addr

[openstack-dev] [third-party-ci]Issue with running "noop-check-communication"

2015-08-05 Thread Eduard Matei
Hi, We're in the process of rebuilding the Jenkins CI for Cinder and i'm stuck at testing the "noop" job. I've setup using the latest changes from os-ext-testing and os-ext-testing-data using project-config, jjb and dib and i have a jenkins running which has the 2 jobs defined and i have 3 slaves

[openstack-dev] [puppet][keystone] To always use or not use domain name?

2015-08-05 Thread Gilles Dubreuil
While working on trust provider for the Keystone (V3) puppet module, a question about using domain names came up. Shall we allow or not to use names without specifying the domain name in the resource call? I have this trust case involving a trustor user, a trustee user and a project. For each us

Re: [openstack-dev] [Cinder] A possible solution for HA Active-Active

2015-08-05 Thread Jeremy Stanley
On 2015-08-05 09:10:30 +0200 (+0200), Philipp Marek wrote: [...] > Pacemaker is *the* Linux HA Stack. [...] Can you expand on this assertion? It doesn't look to me like it's part of the Linux source tree and I see strong evidence to suggest it's released and distributed completely separately from

Re: [openstack-dev] [Cinder] A possible solution for HA Active-Active

2015-08-05 Thread Philipp Marek
> [...] > > Pacemaker is *the* Linux HA Stack. > [...] > > Can you expand on this assertion? It doesn't look to me like it's > part of the Linux source tree and I see strong evidence to suggest > it's released and distributed completely separately from the kernel. If you read "Linux" as "GNU/Linux

[openstack-dev] [Tricircle]Weekly Team Meeting 2015.08.05 Agenda

2015-08-05 Thread Zhipeng Huang
Hi Team, As usual we will have weekly meeting today starting UTC1300. The agenda today is to address the AIs left in the last meeting: 1. update the doc for how to work with KeyStone, joehuang 2. gampel check what mistral supports and which taskflow we want in the reference implementati

[openstack-dev] [Fuel][Plugins] Using DriverLog as the Fuel Plugins registry

2015-08-05 Thread Irina Povolotskaya
Hi, If you are now developing a plugin for Fuel, please feel free to use DriverLog to add an entry for your plugin. You can find details instructions on how to do that here [1]. If something seems unclear to you, feel free to request more details. Thanks. [1] https://wiki.openstack.org/wiki/Dri

Re: [openstack-dev] [Stable][Nova] VMware NSXv Support

2015-08-05 Thread Ihar Hrachyshka
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, I think Erno made a valid point here. If that would touch only vmware code, that could be an option to consider. But it looks like both patches are very invasive, and they are not just enabling features that are already in the tree, but introduc

[openstack-dev] [Ironic] weekly subteam status report

2015-08-05 Thread Ruby Loo
Hi, Following is the subteam report for Ironic. As usual, this is pulled directly from the Ironic whiteboard[0] and formatted. Bugs (dtantsur) As of Mon, Aug 3 (diff with July 27) - Open: 142 (-5). 8 new (+2), 48 in progress (-5), 0 critical, 11 high and 8 incomplete - Nova bugs with

Re: [openstack-dev] [Keystone][Fernet] HA SQL backend for Fernet keys

2015-08-05 Thread Lance Bragstad
On Wed, Aug 5, 2015 at 2:38 AM, Adam Heczko wrote: > Hi, I believe that Barbican keystore for signing keys was discussed > earlier. > I'm not sure if that's best idea since Barbican relies on Keystone > authN/authZ. > Correct. Once we find a solution for that problem it would be interesting to w

Re: [openstack-dev] [all] Does OpenStack need a common solution for DLM?

2015-08-05 Thread Mike Perez
On 21:14 Aug 04, Joshua Harlow wrote: > I can start a cross-project spec tomorrow if people feel that is > useful, it may be slightly opinionated (I am one of the cores that > works on https://kazoo.readthedocs.org/ so I am going be slightly > biased for obvious reasons). http://lists.openstack.or

Re: [openstack-dev] [Cinder] A possible solution for HA Active-Active

2015-08-05 Thread Mike Perez
On 17:03 Aug 05, Flavio Percoco wrote: > That said, you may want to sync with Joshua since he's going to work > on a cross-project spec as well (as he mentioned in the other > thread).[0] http://lists.openstack.org/pipermail/openstack-dev/2015-August/071441.html -- Mike Perez

[openstack-dev] [Ironic] Was there a meeting yesterday (August 4, 2015 at 0500 UTC)

2015-08-05 Thread Ruby Loo
Hi, Was there an ironic meeting yesterday (August 4, 2015 at 0500 UTC)? I don't see any meeting logs from then. --ruby __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.o

Re: [openstack-dev] [Security] Would people see a value in the cve-check-tool? (Reshetova, Elena)

2015-08-05 Thread McPeak, Travis
(Merging thread from security ML) Bandit probably isn¹t the correct integration point for this - cve-check has its own analysis procedures while Bandit uses Python AST. Also I see the use workflows being different. For Bandit a developer/gate wants to check a specific code snippet whereas for cve

Re: [openstack-dev] [Cinder] A possible solution for HA Active-Active

2015-08-05 Thread Jeremy Stanley
On 2015-08-05 14:36:37 +0200 (+0200), Philipp Marek wrote: > > [...] > > > Pacemaker is *the* Linux HA Stack. > > [...] > > > > Can you expand on this assertion? It doesn't look to me like it's > > part of the Linux source tree and I see strong evidence to suggest > > it's released and distributed

Re: [openstack-dev] [keystone] policy issues when generating trusts with different clients

2015-08-05 Thread michael mccune
On 08/05/2015 02:34 AM, Steve Martinelli wrote: I think this is happening because the last "session" created was based off of trustee_auth. Try creating 2 sessions, one for each user (trustor and trustee). Maybe Jamie will chime in. thanks for the reply Steve, i will give that a try. my underst

[openstack-dev] [trove][qa][stable] gate-trove-functional-dsvm-mysql needs some stable branch love

2015-08-05 Thread Matt Riedemann
Trove changes on the stable branches are blocked on bug 1479358 [1] because a change was made to fix trove-integration on master for liberty but didn't take into account that those scripts are branchless and therefore need to work on stable/kilo and stable/juno as well, where we have capped ver

Re: [openstack-dev] [Cinder] Quobyte Cinder Driver revert?

2015-08-05 Thread Robert Döbbelin
Hi all! Thank you Mike for proposing the revert of the revert. Today I prepared a change that tackles the docstring issues. As being new to the OpenStack development process, I didn't manage to upload it to Gerrit today. Most likely I'll get it uploaded tomorrow. Best regards, Robert Doebbelin 2

Re: [openstack-dev] [Cinder] A possible solution for HA Active-Active

2015-08-05 Thread Philipp Marek
> > > [...] > > > > Pacemaker is *the* Linux HA Stack. > > > [...] > > > > > > Can you expand on this assertion? It doesn't look to me like it's > > > part of the Linux source tree and I see strong evidence to suggest > > > it's released and distributed completely separately from the kernel. > >

Re: [openstack-dev] [trove][qa][stable] gate-trove-functional-dsvm-mysql needs some stable branch love

2015-08-05 Thread Amrith Kumar
Matt, Nikhil was working on it late into the night last night. I'll continue to work with him today and try and get this wrestled to the ground. -amrith -Original Message- From: Matt Riedemann [mailto:mrie...@linux.vnet.ibm.com] Sent: Wednesday, August 05, 2015 6:57 PM To: OpenStack D

Re: [openstack-dev] [Ironic] Was there a meeting yesterday (August 4, 2015 at 0500 UTC)

2015-08-05 Thread Michael Davies
Only a few people turned up (including me who was late) so no meeting was held. Hope this helps, Michael... On Wed, Aug 5, 2015 at 10:43 PM, Ruby Loo wrote: > Hi, > > Was there an ironic meeting yesterday (August 4, 2015 at 0500 UTC)? I > don't see any meeting logs from then. > > --ruby > > __

Re: [openstack-dev] [Ironic] Was there a meeting yesterday (August 4, 2015 at 0500 UTC)

2015-08-05 Thread Ramakrishnan G
There wasn't one. Some of us waited in the meeting room to see if someone turns up, but I just got very very few (almost none) responses. On Wed, Aug 5, 2015 at 7:02 PM, Michael Davies wrote: > Only a few people turned up (including me who was late) so no meeting was > held. > > Hope this helps

Re: [openstack-dev] [Ironic] Was there a meeting yesterday (August 4, 2015 at 0500 UTC)

2015-08-05 Thread Jim Rollenhagen
On Wed, Aug 05, 2015 at 09:13:18AM -0400, Ruby Loo wrote: > Hi, > > Was there an ironic meeting yesterday (August 4, 2015 at 0500 UTC)? I don't > see any meeting logs from then. There was not. http://eavesdrop.openstack.org/irclogs/%23openstack-ironic/%23openstack-ironic.2015-08-04.log.html#t201

Re: [openstack-dev] [heat][ec2tokens] Questions about ec2tokens under keystone v3 api.

2015-08-05 Thread Andrey Pavlov
As I saw heat`s ec2tokens can work only with keystone v2 URL. It happens because keystone has different responses for v2 and v3 versions for token request by ec2 credentials. I found same problem in our ec2api project and keystonemiddleware project. For example: Patch for our ec2api project will b

Re: [openstack-dev] [keystone] policy issues when generating trusts with different clients

2015-08-05 Thread michael mccune
On 08/05/2015 02:34 AM, Steve Martinelli wrote: I think this is happening because the last "session" created was based off of trustee_auth. Try creating 2 sessions, one for each user (trustor and trustee). Maybe Jamie will chime in. just as a followup, i tried creating new Session objects for e

Re: [openstack-dev] [Cinder] A possible solution for HA Active-Active

2015-08-05 Thread Jeremy Stanley
On 2015-08-05 15:31:03 +0200 (+0200), Philipp Marek wrote: > > > > [...] > > > > > Pacemaker is *the* Linux HA Stack. > > > > [...] > > > > > > > > Can you expand on this assertion? It doesn't look to me like it's > > > > part of the Linux source tree and I see strong evidence to suggest > > > > i

Re: [openstack-dev] [Neutron] Common Base class for agents

2015-08-05 Thread Kyle Mestery
I definitely don't think this work should start in a new repository. As Sean and Andreas have said, I think the changes should be done in-tree rather than creating another repository for this work. On Wed, Aug 5, 2015 at 2:42 AM, Andreas Scheuring < scheu...@linux.vnet.ibm.com> wrote: > Sukhdev,

Re: [openstack-dev] [Cinder] A possible solution for HA Active-Active

2015-08-05 Thread Philipp Marek
> > Well, SUSE and Redhat (7) use Pacemaker by default, Debian/Ubuntu have it > > (along with others)... > > > > That gives it quite some market share, wouldn't you think? > > > > Yes, I guess the "most popular" meaning is a good match here. > > I see, so in the same way that "nano is *the* Lin

Re: [openstack-dev] [Security] Would people see a value in the cve-check-tool? (Reshetova, Elena)

2015-08-05 Thread Jeremy Stanley
On 2015-08-05 13:14:40 + (+), McPeak, Travis wrote: [...] > The only concern that I have is the requisite database. > Downloading a 500MB + CVE database for the jobs could become > painful. We could either keep the CVE database on each node in > the test pool or download it at the start of

Re: [openstack-dev] [third-party-ci]Issue with running "noop-check-communication"

2015-08-05 Thread Asselin, Ramy
Hi Eduard, There seems to be a bug regarding running jobs on master [1]. Try running it on a slave instead. Ramy [1] https://github.com/rasselin/os-ext-testing/blob/master/README.md#running-jobs-on-jenkins-master From: Eduard Matei [mailto:eduard.ma...@cloudfounders.com] Sent: Wednesday, Augu

Re: [openstack-dev] [pbr] [stable] [infra] How to generate .Z version increments on stable/liberty commits

2015-08-05 Thread Alan Pevec
>> > > > To give you an idea, if we enabled that for Kilo we'd be at Nova >> > > > 11.0.80 >> > > > (kilo) and Nova 10.0.218 (juno). >> > > I am not a fan of doing this second option at all. We would be polluting >> > > the ref space of our repos with redundant information making the output >> > >

Re: [openstack-dev] [CI]How to set proxy for nodepool

2015-08-05 Thread Asselin, Ramy
HI Xiexs, “Also, I’ve found some of the infra project-config elements don’t work in my environment and aren’t needed as they’re specific to infra. For those, simply comment out the portions that don’t work. I didn’t notice any negative side-effects.” This one you need to skip because you don’t

Re: [openstack-dev] [Cinder] A possible solution for HA Active-Active

2015-08-05 Thread Jeremy Stanley
On 2015-08-05 15:48:52 +0200 (+0200), Philipp Marek wrote: [...] > How many cluster stack alternatives can you see in SUSE? > How many cluster stack alternatives are available in _every_ major > distribution? I think it depends a lot on how you define "cluster stack" and whether the solution to th

Re: [openstack-dev] [Tricircle]Weekly Team Meeting 2015.08.05 Agenda

2015-08-05 Thread Zhipeng Huang
Thanks for everyone attending the meeting, minutes could be found here: http://eavesdrop.openstack.org/meetings/tricircle/2015/tricircle.2015-08-05-13.00.html On Wed, Aug 5, 2015 at 8:37 PM, Zhipeng Huang wrote: > Hi Team, > > As usual we will have weekly meeting today starting UTC1300. The age

[openstack-dev] [app-catalog] IRC Meeting Thursday August 6th at 17:00UTC

2015-08-05 Thread Christopher Aedo
Hello! Our next OpenStack App Catalog meeting will take place this Thursday August 6th at 17:00 UTC in #openstack-meeting-3 The agenda can be found here: https://wiki.openstack.org/wiki/Meetings/app-catalog Please add agenda items if there's anything specific you would like to discuss. Please jo

Re: [openstack-dev] [Cinder] A possible solution for HA Active-Active

2015-08-05 Thread Clint Byrum
Excerpts from Philipp Marek's message of 2015-08-05 00:10:30 -0700: > > > >Well, is it already decided that Pacemaker would be chosen to provide HA in > > >Openstack? There's been a talk "Pacemaker: the PID 1 of Openstack" IIRC. > > > > > >I know that Pacemaker's been pushed aside in an earlier ML

Re: [openstack-dev] [Security] Would people see a value in the cve-check-tool? (Reshetova, Elena)

2015-08-05 Thread Ian Cordasco
On 8/5/15, 08:14, "McPeak, Travis" wrote: >(Merging thread from security ML) > >Bandit probably isn¹t the correct integration point for this - cve-check >has its own analysis procedures while >Bandit uses Python AST. Also I see the use workflows being different. >For Bandit a developer/gate wa

Re: [openstack-dev] [puppet][keystone] To always use or not use domain name?

2015-08-05 Thread Adam Young
On 08/05/2015 08:16 AM, Gilles Dubreuil wrote: While working on trust provider for the Keystone (V3) puppet module, a question about using domain names came up. Shall we allow or not to use names without specifying the domain name in the resource call? I have this trust case involving a trustor

[openstack-dev] [sahara] update methods

2015-08-05 Thread michael mccune
hey all, the recent discussions[1] on updating resources through the rest api has got me thinking that it might be worthwhile to convert the few methods we have implemented to use PATCH instead of PUT. we are starting to create a bifurcation in the api regarding updates. the new suspend/resu

Re: [openstack-dev] [Security] Would people see a value in the cve-check-tool? (Reshetova, Elena)

2015-08-05 Thread Jeremy Stanley
On 2015-08-05 15:04:15 + (+), Ian Cordasco wrote: > One point of clarification. Not every project has to opt into > global-requirements so this isn't necessarily true. Also with the > merging of the stackforge and openstack namespaces, it'll be > harder to distinguish when a project is or i

Re: [openstack-dev] [Security] Would people see a value in the cve-check-tool? (Reshetova, Elena)

2015-08-05 Thread Clark Boylan
On Wed, Aug 5, 2015, at 08:22 AM, Jeremy Stanley wrote: > On 2015-08-05 15:04:15 + (+), Ian Cordasco wrote: > > One point of clarification. Not every project has to opt into > > global-requirements so this isn't necessarily true. Also with the > > merging of the stackforge and openstack nam

Re: [openstack-dev] [Ironic] Was there a meeting yesterday (August 4, 2015 at 0500 UTC)

2015-08-05 Thread Ruby Loo
On 5 August 2015 at 09:35, Jim Rollenhagen wrote: > On Wed, Aug 05, 2015 at 09:13:18AM -0400, Ruby Loo wrote: > > Hi, > > > > Was there an ironic meeting yesterday (August 4, 2015 at 0500 UTC)? I > don't > > see any meeting logs from then. > > There was not. > > > http://eavesdrop.openstack.org/i

Re: [openstack-dev] [Ironic] weekly subteam status report

2015-08-05 Thread Ruby Loo
Hi, Oops, my bad. To be clear, there was no ironic meeting this week. But if there had been, this is what the subteams would have reported :) --ruby On 5 August 2015 at 09:05, Ruby Loo wrote: > Hi, > > Following is the subteam report for Ironic. As usual, this is pulled > directly from the Ir

Re: [openstack-dev] [neutron] VLAN aware VMs: Current status?

2015-08-05 Thread Ildikó Váncsa
Hi Kyle, First of all, sorry for the late response. We are working on the design and implementation, the first patches are planned to be up by the end of this week. We could surely use more hands as it is quite a large amount of work that this blueprint requires. If there are any Neutron exper

Re: [openstack-dev] [Security] Would people see a value in the cve-check-tool? (Reshetova, Elena)

2015-08-05 Thread Reshetova, Elena
> The only concern that I have is the requisite database. Downloading a 500MB + CVE database for the jobs could become painful. We could either keep the CVE database on each node in the test pool or download it at the start of each cve-check job. I¹d >be curious what the infra wizards have to sa

Re: [openstack-dev] [Security] Would people see a value in the cve-check-tool? (Reshetova, Elena)

2015-08-05 Thread Jeremy Stanley
On 2015-08-05 08:28:27 -0700 (-0700), Clark Boylan wrote: > We already track it in the requirements repo itself [0]. Not sure if we > need an additional tracking method. > > [0] > https://git.openstack.org/cgit/openstack/requirements/tree/projects.txt That tracks repos which get reqs sync proposa

Re: [openstack-dev] [Cinder] Quobyte Cinder Driver revert?

2015-08-05 Thread Mike Perez
On 14:37 Aug 03, Matt Riedemann wrote: > I guess there isn't a quobyte connector in os-brick yet, but just a > reminder that there is a libvirt volume driver in nova for talking to > quobyte [1]. It'd be good to get a heads up on the nova side when > the cinder team is removing drivers so that we

Re: [openstack-dev] [Security] Would people see a value in the cve-check-tool? (Reshetova, Elena)

2015-08-05 Thread Jeremy Stanley
On 2015-08-05 16:08:16 + (+), Reshetova, Elena wrote: [...] > Actually the database is downloaded only once ( thefirst time) and > then only database diffs are downloaded, which is much faster. I > don't know enough about your node setup (do you fully clean up > each node between the builds

Re: [openstack-dev] [Security] Would people see a value in the cve-check-tool? (Reshetova, Elena)

2015-08-05 Thread Clint Byrum
Excerpts from Reshetova, Elena's message of 2015-08-05 09:08:16 -0700: > > The only concern that I have is the requisite database. Downloading a > 500MB + CVE database for the jobs could become painful. We could either > keep the CVE database on each node in the test pool or download it at the >

Re: [openstack-dev] [Security] Would people see a value in the cve-check-tool? (Reshetova, Elena)

2015-08-05 Thread Jeremy Stanley
On 2015-08-05 15:22:29 + (+), Jeremy Stanley wrote: [...] > Now that we've dissolved more of those arbitrary distinctions, this > seems like a great opportunity for tracking with a governance tag. > I'll go ahead and propose one later today if I get a spare moment. Actually, I take that ba

Re: [openstack-dev] [Security] Would people see a value in the cve-check-tool? (Reshetova, Elena)

2015-08-05 Thread Jeremy Stanley
On 2015-08-05 09:54:52 -0700 (-0700), Clint Byrum wrote: > Doesn't this feel like a job for AFS? Maintain the db there, and let the > nodes access it as-needed? I guess it depends on whether the tool needs to read the entire database to perform its queries (in which case using AFS would be basical

Re: [openstack-dev] [nova] Thoughts on things that don't make freeze cutoffs

2015-08-05 Thread John Garbutt
On 4 August 2015 at 21:23, Matt Riedemann wrote: > > > On 8/4/2015 8:47 AM, Sahid Orentino Ferdjaoui wrote: >> >> On Tue, Aug 04, 2015 at 12:54:34PM +0200, Thierry Carrez wrote: >>> >>> John Garbutt wrote: [...] Personally I find a mix of coding and reviewing good to keep a decent >

Re: [openstack-dev] [sahara] update methods

2015-08-05 Thread Luigi Toscano
On Wednesday 05 of August 2015 11:14:13 michael mccune wrote: > hey all, > > the recent discussions[1] on updating resources through the rest api has > got me thinking that it might be worthwhile to convert the few methods > we have implemented to use PATCH instead of PUT. > > we are starting to

Re: [openstack-dev] [Neutron] Common Base class for agents

2015-08-05 Thread Sukhdev Kapur
Sounds good. As long as proper due-diligence is done and there are is no duplication of effort, it make sense. Thanks -Sukhdev On Wed, Aug 5, 2015 at 12:42 AM, Andreas Scheuring < scheu...@linux.vnet.ibm.com> wrote: > Sukhdev, > last week I spent some time to figure out the current state of mod

Re: [openstack-dev] [Neutron] Common Base class for agents

2015-08-05 Thread Sukhdev Kapur
Hey Kyle, A concern was raised that this may create issue of breakages/instability in other agents at the late stage of the release cycle - hence I proposed a separate repo. But, if a proper due-diligence is done and the core team has a plan to deal with this, sounds like a good plan to me. regar

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-05 Thread Dolph Mathews
On Wed, Aug 5, 2015 at 5:39 AM, David Chadwick wrote: > > > On 04/08/2015 18:59, Steve Martinelli wrote: > > Right, but that API is/should be protected. If we want to list IdPs > > *before* authenticating a user, we either need: 1) a new API for listing > > public IdPs or 2) a new policy that doe

Re: [openstack-dev] [Nova] Non-priority Feature Freeze is Tomorrow (July 30th)

2015-08-05 Thread John Garbutt
On 31 July 2015 at 11:05, John Garbutt wrote: > On 30 July 2015 at 09:56, John Garbutt wrote: >> On 29 July 2015 at 19:20, John Garbutt wrote: >>> Hi, >>> >>> Tomorrow is: Non-priority Feature Freeze >>> >>> What does this mean? Well... >>> >>> * bug fixes: no impact, still free to merge >>> * p

Re: [openstack-dev] [Neutron] Common Base class for agents

2015-08-05 Thread Kevin Benton
Well we can always develop the new framework and wait until the start of the next cycle to swap over the existing agents if it doesn't look stable enough. On Wed, Aug 5, 2015 at 1:36 PM, Sukhdev Kapur wrote: > Hey Kyle, > > A concern was raised that this may create issue of breakages/instability

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-05 Thread Steve Martinelli
Some folks said that they'd prefer not to list all associated idps, which i can understand. Actually, I like jamie's suggestion of just making horizon a bit smarter, and expecting the values in the horizon settings (idp+protocol) Thanks, Steve Martinelli OpenStack Keystone Core From: Dolph

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-05 Thread Lance Bragstad
On Wed, Aug 5, 2015 at 1:02 PM, Steve Martinelli wrote: > Some folks said that they'd prefer not to list all associated idps, which > i can understand. > > Actually, I like jamie's suggestion of just making horizon a bit smarter, > and expecting the values in the horizon settings (idp+protocol) >

[openstack-dev] [TripleO] [Puppet] Deploying OpenStack with Puppet modules on Docker with Heat

2015-08-05 Thread Dan Prince
Hi, There is a lot of interest in getting support for container based deployment within TripleO and many different ideas and opinions on how to go about doing that. One idea on the table is to use Heat to help orchestrate the deployment of docker containers. This would work similar to our tripleo

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-05 Thread Thai Q Tran
<<< text/html; charset=UTF-8: Unrecognized >>> __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailma

Re: [openstack-dev] [TripleO] [Puppet] [kolla] Deploying OpenStack with Puppet modules on Docker with Heat

2015-08-05 Thread Ryan Hallisey
Tagging kolla so the kolla community also sees it. Pardon the top posting. -Ryan - Original Message - From: "Dan Prince" To: "openstack-dev" Sent: Wednesday, August 5, 2015 2:29:13 PM Subject: [openstack-dev] [TripleO] [Puppet] Deploying OpenStack with Puppet modules on Docker with Hea

[openstack-dev] Bandit 0.13.0 released

2015-08-05 Thread McPeak, Travis
Today we released Bandit version 0.13.0 which includes the following features and enhancements: Plugins now registered as entry points Improved Bandit run speed Added a confidence filter option Added timestamp to JSON report New plugin to detect Try, Except, Pass Improved detection for hardcoded /

Re: [openstack-dev] [sahara] update methods

2015-08-05 Thread michael mccune
On 08/05/2015 01:31 PM, Luigi Toscano wrote: Isn't this an API change, which would require an API bump? A reason more to keep it working as it is with 1.x and go fast to 2.0. thanks Luigi, that's fair. i'll hold off on this until we can bump to 2.0. it also means i need to get a move on with t

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-05 Thread Dolph Mathews
On Wed, Aug 5, 2015 at 1:02 PM, Steve Martinelli wrote: > Some folks said that they'd prefer not to list all associated idps, which > i can understand. > Why? > > > Actually, I like jamie's suggestion of just making horizon a bit smarter, > and expecting the values in the horizon settings (idp+p

[openstack-dev] [neutron][dvr] Removing fip namespace when restarting L3 agent.

2015-08-05 Thread Korzeniewski, Artur
Hi all, During testing of Neutron upgrades, I have found that restarting the L3 agent in DVR mode is causing the VM network downtime for configured floating IP. The lockdown is visible when pinging the VM from external network, 2-3 pings are lost. The responsible place in code is: DVR: destroy fi

Re: [openstack-dev] [pbr] [stable] [infra] How to generate .Z version increments on stable/liberty commits

2015-08-05 Thread Doug Hellmann
Excerpts from Alan Pevec's message of 2015-08-05 16:14:32 +0200: > >> > > > To give you an idea, if we enabled that for Kilo we'd be at Nova > >> > > > 11.0.80 > >> > > > (kilo) and Nova 10.0.218 (juno). > >> > > I am not a fan of doing this second option at all. We would be > >> > > polluting >

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-05 Thread David Lyle
Forcing Horizon to duplicate Keystone settings just makes everything much harder to configure and much more fragile. Exposing whitelisted, or all, IdPs makes much more sense. On Wed, Aug 5, 2015 at 1:33 PM, Dolph Mathews wrote: > On Wed, Aug 5, 2015 at 1:02 PM, Steve Martinelli > wrote: > >> So

Re: [openstack-dev] [neutron][dvr] Removing fip namespace when restarting L3 agent.

2015-08-05 Thread Fox, Kevin M
Thats troubling... We are considering using DVR soon, and we have to restart neutron-openvswitch-agent and openstack-nova-compute periodically go get them to talk to rabbit again Thanks, Kevin From: Korzeniewski, Artur [artur.korzeniew...@intel.com] Sent: Wed

Re: [openstack-dev] [all] Does OpenStack need a common solution for DLM?

2015-08-05 Thread Joshua Harlow
Flavio Percoco wrote: On 04/08/15 21:14 -0700, Joshua Harlow wrote: Morgan Fainberg wrote: On Tue, Aug 4, 2015 at 8:44 AM, Joshua Harlow mailto:harlo...@outlook.com>> wrote: Flavio Percoco wrote: On 03/08/15 19:48 +0200, Gorka Eguileor wrote: On Mon, Aug 03, 2015 at 03:42:48PM +, Fox,

Re: [openstack-dev] [trove][qa][stable] gate-trove-functional-dsvm-mysql needs some stable branch love

2015-08-05 Thread Nikhil Manchanda
Hi Matt: Yes, this is on my radar and something I'm actively looking at. Hope to have a solution here for this pretty soon. Appreciate the help with this and the review you put up to get the stable branch unblocked! Cheers, Nikhil On Wed, Aug 5, 2015 at 6:33 AM, Amrith Kumar wrote: > Matt, >

[openstack-dev] [Fuel] Meeting 8/6

2015-08-05 Thread Andrew Woodward
Please note the IRC meeting is scheduled for 16:00 UTC Tomorrow in #openstack-meeting-alt Please review meeting agenda and update if there is something you wish to discuss. https://etherpad.openstack.org/p/fuel-weekly-meeting-agenda -- -- Andrew Woodward Mirantis Fuel Community Ambassador

[openstack-dev] [cinder] Deadlines for Liberty Blueprint/specs

2015-08-05 Thread Mike Perez
* Spec/blueprint approval deadline: July 28th [1] * Code attached to an approved blueprint/spec must be submitted and passing jenkins before: August 24th * Feature Code freeze: September 1st [1] After September 1st, we will only be accepting bug fixes and focusing on testing Cinder. [1] - http:

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-05 Thread Jamie Lennox
- Original Message - > From: "David Lyle" > To: "OpenStack Development Mailing List (not for usage questions)" > > Sent: Thursday, August 6, 2015 5:52:40 AM > Subject: Re: [openstack-dev] [Keystone] [Horizon] Federated Login > > Forcing Horizon to duplicate Keystone settings just make

Re: [openstack-dev] [puppet][keystone] To always use or not use domain name?

2015-08-05 Thread Jamie Lennox
- Original Message - > From: "Adam Young" > To: openstack-dev@lists.openstack.org > Sent: Thursday, August 6, 2015 1:03:55 AM > Subject: Re: [openstack-dev] [puppet][keystone] To always use or not use > domain name? > > On 08/05/2015 08:16 AM, Gilles Dubreuil wrote: > > While working o

[openstack-dev] [Heat] RPC API versioning

2015-08-05 Thread Zane Bitter
We've been talking about this since before summit without much consensus. I think a large part of the problem is that very few people have deep knowledge of both Heat and Versioned Objects. However, I think we are at a point where we should be able to settle on an approach at least for the API<

Re: [openstack-dev] [puppet][keystone] To always use or not use domain name?

2015-08-05 Thread Gilles Dubreuil
On 06/08/15 10:16, Jamie Lennox wrote: > > > - Original Message - >> From: "Adam Young" >> To: openstack-dev@lists.openstack.org >> Sent: Thursday, August 6, 2015 1:03:55 AM >> Subject: Re: [openstack-dev] [puppet][keystone] To always use or not use >> domain name? >> >> On 08/05/2015

Re: [openstack-dev] [TripleO] [Puppet] [kolla] Deploying OpenStack with Puppet modules on Docker with Heat

2015-08-05 Thread Steven Dake (stdake)
On 8/5/15, 11:33 AM, "Ryan Hallisey" wrote: >Tagging kolla so the kolla community also sees it. >Pardon the top posting. > >-Ryan Ryan, Super appreciated I may have missed this in my deluge of mail - please keep doing that - or if it involves kolla please tag as kolla as I read that folder oft

Re: [openstack-dev] [TripleO] [Puppet] [kolla] Deploying OpenStack with Puppet modules on Docker with Heat

2015-08-05 Thread Steven Dake (stdake)
Apologies for top post, but I just wanted to point out in the config-external examples I am aware /opt/kolla is the wrong directory to configure from (it should be /var/lib/kolla or something similar) and we will fix this during l3. Regards -steve On 8/5/15, 6:53 PM, "Steven Dake (stdake)" wrot

Re: [openstack-dev] [TripleO] [Puppet] Deploying OpenStack with Puppet modules on Docker with Heat

2015-08-05 Thread Sam Yaple
On Wed, Aug 5, 2015 at 1:29 PM, Dan Prince wrote: > ...snip... > -The external config file mechanism for Kolla containers only seems to > support a single config file. Some services (Neutron) can have multiple > files. Could we extend the external config support to use multiple > files? > > Yes

Re: [openstack-dev] [keystone] policy issues when generating trusts with different clients

2015-08-05 Thread Jamie Lennox
Hey Mike, I think it could be one of the hacks that are in place to try and keep compatibility with the old and new way of using the client is returning the wrong thing. Compare the output of trustor.user_id and trustor_auth.get_user_id(sess). For me trustor.user_id is None which will make se

  1   2   >