Wednesday, 2010-11-03

« Tuesday, 2010-11-02 Index Thursday, 2010-11-04 »
*** DubLo7 has quit IRC00:00
*** gaveen has joined #openstack00:00
pvoalekibango: you're having an internet conference now : )00:00
pvo247/36500:01
alekibango?00:01
alekibangoaha :)hehe00:01
pvoa little less focused, I'll give you that.00:01
*** dysinger has joined #openstack00:02
zaitcevGuys, how am I supposed to create containers in Swift?00:04
zaitcevThe CF programmer guide says PUT /<api version>/<account>/<container>00:04
*** devx has quit IRC00:05
zaitcevShould I replace this with PUT to http://lembas.zaitcev.lan:8080/v1/AUTH_6b5b14fcdf75449a855dafdc62cdbfcf/test/newcont ?00:05
Orman_alekiango: What conference?00:05
alekibangothe one you are in00:05
alekibango:)00:05
Orman_Oh haha ok.00:05
Orman_I am going to add more tonight to the notes00:07
*** Cybodog has joined #openstack00:07
*** joearnold has quit IRC00:10
*** elasticdog has joined #openstack00:12
zaitcevThe iwhd seems to be doing http://lembas.zaitcev.lan:8080/v1/AUTH_6b5b14fcdf75449a855dafdc62cdbfcf/newcont, e.g. it assumes that account is encoded into base URL.00:13
mdiverwhile uploading bundle, I'm getting a permission denied, EC2_* all set..00:14
mdiverany idea ?00:14
Orman_Hmmm permission error00:15
Orman_Code please. ;)00:15
*** jc_smith has quit IRC00:16
*** grizzletooth has joined #openstack00:16
mdiver<!-- ERR_CONNECT_FAIL -->00:16
*** cole has joined #openstack00:25
coleyo00:26
coleneed someone on ubuntu 10.10 (physical box) to test out a script for me00:27
*** dragondm has quit IRC00:31
*** mmalgeri has quit IRC00:35
*** khussein has quit IRC00:38
*** gaveen has quit IRC00:43
*** iammartian has quit IRC00:47
*** mdomsch has joined #openstack00:49
mdiverI'm getting error : Couldn't get IP, using 127.0.0.100:49
mdiverI'm starting each process by hand.00:49
mdiverdo I have to set any variable to set IP Address ?00:50
vishymdiver: there is a patch in for that, utils.get_my_ip() is failing01:00
vishyyou can modify the method to just always use 127.0.0.101:00
vishyit needs an active internet connection to work under the current implementation01:01
mdivervishy:  I c.01:01
mdiverI'm in a intranet01:01
mdivernot internet access.01:01
mdiverI've setup a http_proxy01:01
vishymdiver: but if you are patient it will timeout and give you the message, but i don't have the patience01:01
mdivervishy: I see.01:01
mdivervishy: I'm able to create project, however not able to publish it..01:02
vishyhttps://code.launchpad.net/~zulcss/nova/nova-lp-66822901:02
vishythat is a fix01:02
vishywhat do you mean publish?01:03
mdivervishy: euca-upload-budle01:04
mdiver..bundle..01:04
mdivereuca-upload-bundle -m /tmp/kernel.manifest.xml -b mybucket01:04
vishydo you have nova-objectstore running?01:05
mdivervishy: It complains saying that "permission denied."01:05
vishyand do you have S3_* set properly?01:05
mdiverit is running and listening on *:333301:05
mdiverS3_URL=http://127.0.0.1:333301:06
mdivervishy: just S3_URL01:06
mdivervishy: I've sourced the novarc , I've got EC2_*01:07
vishyand where do you get permission denied?01:07
vishyin the objectstore log?01:07
mdiverI've got on the stdout running euca-upload01:08
creihtzaitcev: That part should be the same01:08
*** schisamo has quit IRC01:08
creihtwhere the account is the account hash you had above and then the container name01:08
mdivervishy: let me check...01:08
vishyok, see if you can find the log for objectstore01:08
vishyperhaps buckets path is set to a directory with the wrong perms?01:08
mdiverhttp://127.0.0.1:333301:09
mdiverConnection to 127.0.0.1 failed01:09
mdivervishy: however.. the port is on listening, ran a telnet 3333 and it is connecting..01:10
mdivervishy: maybe that http_proxy ?01:10
vishywhacky01:10
mdivervishy: disable iptables01:10
vishygood idea01:11
colemdiver, what version of ubuntu are you running?01:11
vishyyou could also try using the ip of the machine instead of lo01:11
mdivercole: I'm running Centos5.501:11
mdivervishy: how  can I set that ?  on the nova-manage.conf ?01:11
vishyawesome that so many people are getting it running on centos01:11
vishyno just change S3_URL env variable01:11
mdivergot it.01:12
vishyor pass it on the command line to euca-upload01:12
vishy-U <url>01:12
colei've written an installer for Ubuntu 10.10 that makes things super simple..maybe i'll do the same for Centos01:13
vishycole: nice, is it a script like novascript?01:14
vishyhttp://github.com/vishvananda/novascript01:14
alekibangocole: can u share it?01:14
alekibangoi would like to look01:14
colevishy, no, more complete I think...basically takes soren's install instructions on the wiki and automates all of them01:14
mdivervishy: r you the one who wrote nova.sh ?01:15
vishyah, ok.  Not sure how up to date those instructions are01:15
alekibangomdiver: he is01:15
vishymdiver: yes01:15
colei should say01:15
mdivervishy: congrats on that.01:15
alekibangoyes it helpes mych vishy01:15
vishyyw guys01:15
colemore complete for 10.10...doesn't work for other releases so novascript has some advantages01:15
alekibangoheh my fingers are drunk prolly01:15
vishydid it for myself, glad it is useful01:16
alekibangovishy: u bet it is01:16
vishyok guys I'm out01:16
alekibangobut you should make USE_VENV working again :)01:16
vishygl mdiver01:16
Orman_Everyone is welcomed to help us out at01:16
mdivervishy: tks, have a good one.01:16
vishyalekibango: yeah i removed it since you need ppa for libvirt anyway, figured might as well use the packages for everything01:16
Orman_http://etherpad.openstack.org/NovaSecurityNotes\01:16
alekibangovishy, orman: i talked about some arch picture diagram, i will try to complete it now and give you for comments, ok?01:17
alekibangothen i will try another views :)01:17
alekibangovishy: it worked for me on debian01:17
alekibangoi just had to install few more packages iirc01:17
alekibangoebtables etc01:17
alekibangoon debian i dont use ppa, i used src01:17
colerebooting vm01:18
*** cole has quit IRC01:19
*** mdiver has left #openstack01:20
Orman_alekibango: Ok man sounds great and I can't wait to see it.01:20
Orman_* Orman crosses his fingers. ;P01:21
*** ArdRigh has joined #openstack01:31
*** dysinger has quit IRC01:33
*** metcalfc has quit IRC01:46
*** DubLo7 has joined #openstack01:58
*** rds__ has quit IRC02:00
*** mdomsch has quit IRC02:01
*** metoikos has joined #openstack02:07
*** kevnfx has joined #openstack02:10
*** jdarcy has joined #openstack02:13
*** neogenix has joined #openstack02:15
*** jdarcy has quit IRC02:15
*** kevnfx has quit IRC02:21
Orman_alekibango: Did you read the Virtual guest02:28
alekibangonot today :) sorry i lag a lot02:28
Orman_+pbot added some new stuff yesterday to it in purple.02:28
Orman_+pvot02:28
creihtpvo02:29
Orman_Thank you02:29
pvoyeppo02:29
creihtyou don't have to include the + :)02:29
Orman_Ok02:29
*** DubLo7 has quit IRC02:33
*** hazmat has quit IRC02:33
*** mmalgeri has joined #openstack02:35
*** miclorb_ has quit IRC02:40
*** pvo has quit IRC02:41
*** metcalfc has joined #openstack02:45
alekibangoOrman_: edited few things02:47
alekibangostriken == candidate for deletion02:47
*** ddumitriu has quit IRC02:50
Orman_alekibango: Ok I will look.02:54
*** miclorb_ has joined #openstack02:58
Orman_alekibango:So instead of making policies you want us to develop more design diagrams right?03:00
Orman_alekivango: Am I following you correctly? :D03:00
alekibangoOrman_: i would say so :)03:08
alekibangomaybe not even design diagrams03:08
alekibangobut identify goals03:09
alekibangoreal, goals03:09
alekibangowe all know that we want to be sure to have data safe. we want guest users to not worry about data03:09
Orman_Yes,but I still think design diagrams would help out devs.03:09
alekibangoOrman_: yes03:09
alekibangobut we cant move forward without identifying goals03:10
Orman_Yes, data protection should work behind the scenes if it can afford to.03:10
alekibangoit would be very good to express them all before starting with policies and technical tools03:10
Orman_Right03:10
alekibangootherwise we will bake in some unneeded or crazy stuff, like war on terror03:11
alekibango(which creates terror rather then solves the problem)03:11
alekibangouh my english teacher would commit ritual suicide after reading my nightly chats03:11
alekibango:D03:12
Orman_Your english is good.03:13
Orman_alekibango: Don't doubt yourself.03:13
Orman_;)03:13
alekibangoit would be good to express our security goals in simple to understand terms03:13
alekibangolike i did - give users reasons to not worry about theirs data stored in cloud...03:14
alekibango:)03:14
alekibangoand make this list short and clear03:14
alekibango<20 items03:14
Orman_Right, paradon my policies I just am a designer at heart. :)03:14
alekibangolike design tenets03:14
Orman_Right03:14
alekibangoOrman_: i see why you are tempted to go there03:14
Orman_alekibango: I am just a designer,but not a dev.03:15
Orman_Security designer or doc03:15
Orman_writer03:15
alekibangoOrman_: noone can do all03:15
Orman_alekibango: You are so right.03:16
*** dysinger has joined #openstack03:16
Orman_I had a professor really make a Intro To Software class hard for me.03:16
alekibangoThe skillful employer of men will employ the wise man, the brave man, the covetous man, and the stupid man. For the wise man delights in establishing his merit, the brave man likes to show his courage in action, the covetous man is quick at seizing advantages, and the stupid man has no fear of death.03:17
alekibangoi love the last part :)03:17
Orman_alekibango: Me too.03:17
alekibangoyou can gues which book i am quoting03:17
alekibango:))03:17
Orman_alekibango: Had there been a blueprint filled that lets data protection run in the background?03:18
alekibangonot sure, try searching in blueprints03:18
Orman_Ok03:18
Orman_It just popped into m mind. ;))03:18
alekibangosecurity means protection from all kinds of PROBLEMS :)03:19
Orman_alekibango: Let me guess hmmm.......The Art Of War?03:19
alekibangoOrman_: yes, the commented version03:19
Orman_Cool03:19
Orman_You love your war history don' you?03:20
Orman_;P03:20
alekibangoOrman_: i am as much into current art of war03:20
Orman_*don't03:20
Orman_Ok03:20
Orman_Have you seen the Last Samuri?03:20
*** kashyapc has joined #openstack03:20
alekibangonot sure, prolly yes03:20
Orman_With Tom Cruise and some other dude. ;03:20
Orman_;)03:21
alekibangoah, seen it03:21
Orman_I love that movie. It one of my all time favorites.03:21
Orman_Anyways I am going to search for that blueprint03:21
alekibangoone of my favs are brazil (the uncut version)03:21
Orman_Hmm have not seen that one.03:22
alekibangorobert de niro plays hacker there03:22
alekibangoreall hacker with real hardware03:22
alekibango(tubes)03:22
Orman_* Orman gets excited when he starts to search. ;P03:22
alekibangoi have been reading also screenplay, its really treasure03:22
Orman_Cool03:22
Orman_Ah cool.03:23
alekibangoor 'wag the dog'03:23
Orman_My bother wants to be a film director.03:23
*** Cybodog has quit IRC03:23
alekibangohm we should not talk OT that much here :D03:23
Orman_Haha03:24
Orman_I know03:24
Orman_Back to topic.03:24
*** metcalfc has quit IRC03:24
alekibangohttp://www.imdb.com/title/tt0088846/  -brazil, but the uncut version is maybe 1983, not sure now03:24
Orman_https://blueprints.launchpad.net/openstack?searchtext=data+protection+in+the+backgroud03:25
Orman_alekibango: This is my second favorite movie: http://www.imdb.com/title/tt1375666/03:26
alekibangodid you see surrogates?03:27
Orman_No03:27
Orman_Good?03:27
alekibangowell, i found most movies to be propaganda03:28
alekibangoand this one also is03:28
alekibangobut really interesting one03:28
alekibangotalks about dangers of robotics :)03:28
Orman_Like iRobot.03:29
alekibangosimilar quality, right03:29
Orman_Did you see that link I sent you03:29
Orman_https://blueprints.launchpad.net/openstack?searchtext=data+protection+in+the+backgroud03:29
alekibangoyou are searching too much03:29
alekibangokeywords03:29
alekibangohttps://blueprints.launchpad.net/nova/+spec/request-objectstores-validation-inside-ec2-group03:30
Orman_That's my old one which isn't good.03:30
alekibangohow do you imagine the new one03:30
alekibangoto work03:31
Orman_The data protection one I proposed a few minutes ago?03:31
alekibangohow do you 'protect' data?03:31
Orman_Still finalizing all of it.03:32
Orman_What I meant is protecting the data in the background so the user does not see it.03:32
Orman_Your opinion?03:32
alekibangohow 'protecting'? with guns, tanks, chopters?03:33
alekibango:D03:33
alekibangohttp://www.youtube.com/watch?v=RqtUI4XfhMM&feature=fvst03:34
Orman_Haha no just by running different security features in the background03:34
alekibangolike what?03:34
*** grizzletooth has quit IRC03:34
alekibangoi just cant imagine such feature03:35
Orman_I don;t know if that's my kind of movie.03:35
alekibangoheh, its surely different one03:35
Orman_In opinion it's strange.03:36
alekibangoyes!03:36
alekibangoits crazy03:36
alekibango:D03:36
alekibangoi have seen it 5 times already and i still have unanswered questions, even after reading screenplay03:37
Orman_Do you agree with that movie?03:37
alekibangono03:37
Orman_Ok good because I don't either.03:37
alekibangoi rarely agree with ideas03:37
alekibangoi mean 100%03:37
Orman_I meant just the acts that I saw in the trailer03:38
alekibangoOrman_: those are just bits... which cannot explain depths of it03:38
Orman_Anyways03:38
alekibangoits really deep movie03:38
Orman_I bet.03:39
alekibangomany layers...03:39
alekibangoand creepy posters!03:39
Orman_Ok03:39
Orman_Yep definitely not my type of movie03:40
Orman_haha03:40
alekibangobut it tells you something about the society03:40
Orman_Yeah03:40
alekibangoabout how crazy it gets03:40
alekibangoeven if the crazy one in the movie is the hero03:40
Orman_We better get back on topic03:40
alekibangolike "Suspiction breeds confidence"03:43
alekibangooh no, mistake03:43
alekibangoright, its here http://www.architecture.uwaterloo.ca/faculty_projects/terri/madness/McCallum/Brazil_2.html03:44
alekibangothats example of crazy security measures03:44
*** miclorb_ has quit IRC03:44
alekibangoand the movie is full of such03:44
Orman_Do you like the movie?03:44
alekibangoBe Safe: Be Suspcious.03:44
alekibangoDon’t Suspect a Friend, Report Him.03:45
alekibango:)03:45
alekibangoOrman_: it could serve to you as example of what security taken from wrong end might do03:46
Orman_Right03:46
alekibangomistake in printing leads to arrest of wrong man, who is tortured  (pays for his own inprisonment and torture), dies....03:47
alekibangoOrman_: if you have read 1984, this is very close theme03:47
alekibangobut having different view on the source of the problem03:47
Orman_I don't like movie, do you/03:48
alekibangothis is full movie 1984  http://video.google.com/videoplay?docid=-5464625623984168940#03:48
Orman_I get what your saying though.03:48
alekibangoalso animal farm is great http://video.google.com/videoplay?docid=-5464625623984168940#docid=-915341221380291941603:49
*** khussein has joined #openstack03:49
alekibangoalso talkign about security03:49
alekibangosee those, it might help you get things straight :)03:49
alekibangoOrman_: i cant really say  i love some movie totally...03:50
alekibangobut they sometimes give important testimony03:50
alekibangolike 1984 does03:50
alekibangobut reading book is much, much better in this case03:52
Orman_Ok03:52
Orman_So back on topic.03:53
Orman_highlight goals first and then go from there03:53
alekibangogoals + architecture, policies, tools+realisation03:53
*** metcalfc has joined #openstack03:54
Orman_Ok04:01
Orman_alekibango: Do you think we have enough goals yet?04:02
Orman_alekibango: Diagram close to being finished?04:06
Orman_alekibango: Diagram close to being finished?:D04:06
Orman_two times04:06
alekibangoOrman_:  no we imho do not have all goals04:07
alekibangomaybe half04:07
alekibangoand we need to edit them to make short reading04:07
alekibangonot long04:07
Orman_Ok04:08
*** jakedahn has joined #openstack04:08
*** AimanA is now known as HouseAway04:08
Orman_alekibango: I can04:09
Orman_alekibango: I can't wait to see the diagram.04:09
Orman_:)04:09
*** jc_smith has joined #openstack04:09
Orman_Hoping for tonight,but I will understand if not. :D04:09
alekibangoOrman_: oh man :)04:09
*** mmalgeri has quit IRC04:09
*** krish has joined #openstack04:10
*** jc_smith has quit IRC04:10
*** jc_smith has joined #openstack04:12
Orman_I do think that new data protection fetaures should be in place as well as storage04:14
*** miclorb_ has joined #openstack04:14
*** kevnfx has joined #openstack04:17
*** ArdRigh has quit IRC04:19
Orman_alekibango: I'd say it;s been a very sucessful week so far for our Nova Security Notes. ;D04:21
Orman_A lot of contributions,but there is still more work to be done.04:22
*** pvo has joined #openstack04:25
*** ChanServ sets mode: +v pvo04:25
*** omidhdl1 has joined #openstack04:45
*** metcalfc has quit IRC05:00
*** ranjib has joined #openstack05:00
ranjibhello everyone05:01
*** ioso_ has quit IRC05:09
*** ioso has joined #openstack05:09
Orman_Hey renjib05:11
Orman_Are you a dev?05:11
*** BK_man has quit IRC05:13
*** eldarnugaev has joined #openstack05:15
ranjiborman: yes, im from ThoughtWorks05:25
Orman_Ok05:25
Orman_I am one of the security doc writers on here. :)05:25
Orman_Nice to meat you.05:25
khusseinOrman_: Do the security doc include anything about authentication?05:26
ranjibmeet  u mean ? :-D05:26
Orman_khussein: We are just outlining the goals right now for security.05:27
khusseins/do/does05:27
Orman_  http://etherpad.openstack.org/NovaSecurityNotes05:27
Orman_ranjib: I just mean that I am glad to talk to you,05:28
Orman_:)05:28
ranjib:-05:28
ranjibOrman : im pleased to meet u too ..05:28
Orman_:)05:28
Orman_khussein: Feel free to edit anything or add your thoughts to the notes.05:29
Orman_We are looking for more developers to help us out with writing the goals.05:30
khusseinOrman_: I am trying to understand the scope of that document first.05:30
Orman_Ok05:30
Orman_We're just writing the goals right now.05:30
khusseinThe reason I bring this up is because I have submitted this blueprint a few days ago https://blueprints.launchpad.net/nova/+spec/openstack-authn05:30
khusseinAnd when you mentioned security doc, I wanted to make sure that I am not missing anything.05:31
Orman_We are taking authentication into the mix as well.05:32
Orman_khussein: Your authentication idea is very interesting.05:34
khusseinIn my mind, there is no one GREAT authentication protocol. Developers and/or businesses will have different authentication needs to their systems.05:35
khusseinSome may use standards, some may not, others may use full Identity Management Systems to handle authentication.05:35
Orman_Righgt05:36
Orman_Like OpenId05:36
khusseinThe blueprint proposes a way to allow openstack services to be easily pluggable and configurable to work with ANY of these authentication mechanisms.05:36
Orman_Feel free to add it to the goals at the top. :D05:36
*** pvo has quit IRC05:37
khusseinI am proposing a protocol between a "auth component" and openstack service. The auth component can go and talk to any "embedded" or external IdM system. After it does its own thing, and the user is authenticated, it passes through the request down to the openstack service using the protocol proposed.05:37
*** miclorb_ has quit IRC05:38
Orman_Ah ok do you have something in place to help protect against abusive actions in the authentication blueprint?05:38
*** zaitcev has quit IRC05:39
Orman_Khussein: Do you have design diagrams or just plain diagrams to help explain your proposal?05:40
khusseinSo, the blueprint spec defines multiple ways of deploying the auth component. In non of them a user can talk directly to the service without being authenticated.05:40
khusseinThe service will always redirect that request back to the auth component if the user isn't authenticated. If he is, the auth component passes that request through, or it doesn't even need to be in the way at all.05:41
khusseinYes, the diagrams are in the specs of the blueprint.05:41
khusseinIt is all currently in a pdf file in http://wiki.openstack.org/openstack-authn05:41
khusseinI have also attached a reference implementation to the protocol to kinda demo the idea.05:41
Orman_What I mean is if a user trys to request authentication several times then it they get redirected back to the authentication component right?05:42
khusseinYes. All authentication requests have to go through the authentication component.05:42
khusseinHandling abusive behavior is entirely up to the implementation of the auth component. I chose to make this out of scope at this point.05:43
khusseinBut we can definitely reassess if we think is necessary.05:43
Orman_Ok, so really and truly a kind of abusive attack like that would be protected in your authentication idea?05:43
ranjibkhussein: agree,even we use RSA backed CAS as an SSO . redirection is something will definitely need ...f05:44
Orman_Ok05:44
khusseinYeah absolutely. I am planning on attending the summit and willing to discuss this as far as we need to :). I believe it is a very crucial component and it is almost the first component to get re-invented every single time devs start a new service.05:45
khusseinAnd I am also against standardizing on one authentication protocol. Ideally, we should leave that design choice to the service operators. The service should be generic enough to accept any of them.05:46
khusseinBut yeah, pls take a look at the pdf at http://wiki.openstack.org/openstack-authn and let me know if you have any early feedback that we can accommodate before the sumit.05:47
Orman_Ok05:47
ranjibok05:47
Orman_I have a few blueprints I need to do still.05:47
khusseinThanks guys, you are awesome :).05:47
Orman_khussein: Well thanks for contributing to the project.05:49
Orman_I'd like you to add your idea to the notes.05:49
khusseinOrman_: I have added it to the goals. Let me know if it needs a bit more clarification or if I need to put the links too.05:49
Orman_khussein: Ok I will look05:50
*** Avant has joined #openstack05:50
Orman_khussein: That's very good and straight to the point. I like it. ;D05:51
khusseinOrman_: That's how we do it ;) .. haha .. thanks man.05:52
Orman_Np05:52
Orman_khussein: Not to be weird here,but where are you located?05:52
khusseinI work at Rackspace, in Austin, TX.05:53
Orman_Ah nice105:53
Orman_!!!05:53
Orman_;)05:53
openstackOrman_: Error: "!!" is not a valid command.05:53
Orman_haha05:54
khusseinHow about you?05:54
Orman_I hope to work at Rackspace one day or Nasa.05:54
Orman_I live around the Tampa Bay area in Florida.05:54
khusseinOh OK, cool. I have visited a few times. It is good "meeting" you :).05:56
Orman_You too man05:56
Orman_Your going to the summit so be sure to spread your idea and possibly if you could please spread out Nova Security Note efforts.05:56
Orman_Or even just spread the security.05:57
khusseinYeah, sure. I just recently started joining the project and the IRC channel. So, I am still getting to used to everything. But definitely there is a big push and consensus from the industry on the need to address some of these security related topics.05:58
Orman_Exactly05:59
khusseinI am sure it won't be a problem spreading the word throughout the sumit.05:59
Orman_Yeah05:59
Orman_I am new here too.06:00
Orman_I am in college right now and working to make mark on the Cloud Computing industry via security. ;)06:00
khusseinThat's great! I wish you best of luck my friend.06:02
Orman_:)06:02
Orman_khussein: Thank you my dear friend.06:02
Orman_Will you be on here tomorrow?06:02
khusseinYes sir.06:02
Avanthi guys, anyone tried installing nova on multiple nodes yet?06:02
Orman_Avnt: Hey06:03
Orman_Avant: No, I think other have been thinking about it.06:03
Orman_I don't think anyone's done it yet.06:04
AvantOrman: thanks for the info.06:04
vishyAvant: sure people have06:04
Orman_Avant: I am one of the security doc writers and security blueprint guys. ;)06:05
Orman_Ok06:05
Orman_Well then they have06:05
Orman_Thanks vishy. ;)06:05
Orman_I wasn't sure since I am new here. ;)06:05
vishyAvant: http://wiki.openstack.org/NovaInstall/MultipleServer06:05
vishythere are some instructions that were made by people trying it out06:06
vishypiken's company has a 30+ node install using centos06:06
Avantvishy: glad to hear that.. I'm getting stuck at a point where the instance boots up ok, but isnt visible to the outside world.. I know of atleast one other stacker who has got the same issue.. i read his comments on this channel06:06
vishynasa has a large deployment using ubuntu06:06
vishyavant: define outside world...06:07
vishyif you are using VlanNetworkManager (the default), then your switch has to support host-managed vlans06:08
Avantvishy: I cant ping the launched instance from the host, or from any other box on the same subnet06:08
Avantvishy: I m using Flat network manager06:08
vishyah interesting06:08
vishywith injected ips?06:08
*** f4m8_ is now known as f4m806:08
vishywhat ips are you giving to the instances?06:09
Avantyes.06:09
vishyin the private range?06:09
*** rdw has quit IRC06:09
vishyhave you set up security groups to allow access?06:09
*** Xenith has quit IRC06:10
*** Xenith has joined #openstack06:10
*** rdw has joined #openstack06:10
Avantso, our controller and node are on : 10.12.1.187, and 10.12.1.188. we give 10.12.1.400 ** to our instances.. all of these, ofccourse are our internal network ip's06:10
*** Ryan_Lane has joined #openstack06:11
Avantvishy: we havent setup any security groups.. any pointers on what needs to be done to set those up?06:12
vishyah sure06:12
vishyeuca-authorize -P tcp -p 22 default06:12
vishyeyca-authorize -P icmp -t -1:-1 default06:13
vishywill allow ssh and ping06:13
Avantah ok. and this needs to happen on the controller or on the compute node?06:13
vishyit is through the api06:13
vishys/eyca/euca06:13
vishyinstances start in the default sec group if unspecified06:14
vishyand you can authorize after the fact06:14
Avantok. thanks. will try that06:15
vishybut this should also be necessary on a single node install06:15
vishyiirc06:15
vishymaybe there is something to do with the gateway being on the same host as the vms that bypasses the firewall rules...06:16
Avantperhaps. I didnt need to do this for the single node install06:16
*** Xenith has quit IRC06:18
*** Xenith has joined #openstack06:18
*** schisamo has joined #openstack06:19
ranjibvishy: we haven't executed the euca-authorize on our single node setup , still it worked smoothly. we were able to ping n ssh into the instanses06:19
ranjibvishy: when we separated the controller and copute node.. we were able to execute the euca-run-instanes .. but we were not able to ping /ssh into those instances06:20
ranjibvishy: we tried both vlan as well as flatmanager , but nothing worked. the vnet interfaces in the compute node were not getting any ip (4 or 6).06:21
vishyah06:22
Avantranjib: <vishy>:if you are using VlanNetworkManager (the default), then your switch has to support host-managed vlans06:22
vishyranjib, i bet the problem is DHCP_IP06:22
ranjibvishy: we are wondering if we need to configure our main switches ... it seems the vlan interfaces are not speaking to each other06:22
ranjibhmm..06:23
vishyranjib: yes for Vlan mode you have to enable host-managed vlans06:23
vishyon the switch06:23
vishy(not all switches support this)06:23
ranjib we have juniper l2 and extreme l3 , i know we can fix it there ...06:24
vishythere is also an assumption in the firewall rules that the dhcp server is the same as the gateway06:25
vishy468         # Assume that the gateway also acts as the dhcp server.06:25
vishy469         dhcp_server = network['gateway']06:25
vishyif you don't have the dhcp server on that ip, you will not get ips06:25
vishyfor your instances06:26
ranjibin the compute node, the gate way should be the ip of the controller right? which runs dnsmasq, hence canact as dhcp too ?06:26
ranjiband what about the flat network manager? that should work smoothly.. right. we have network of 10.12..0.0/16  subnet.. so i setup the compute network with 10.12.70.0/24,06:26
ranjibvishy: by the way me and avant are in the same group :-)06:34
*** jc_smith has quit IRC06:36
edayvishy: hey! nice seeing you.. for a sec there :)06:37
vishyeday: yeah, i didn't know you were around06:37
vishyrumors of maybe coworking on thursday?06:37
vishyranjib: in flatdhcp that should be the case06:38
*** metoikos has quit IRC06:38
vishybut i have to say i don't know if anyone has actually tested it multinode06:38
*** kashyapc has quit IRC06:39
edayvishy: yeah, I'm hanging out down in SC for a month or so (minus the summit next week). I used to live in SC so am visitng friends06:39
vishyif you are using flat dhcp or vlan you should get lease messages in the nova-network log06:39
vishyeday: awesome06:39
Orman_Does anyone know if sandboxing is built into Nova?06:40
edayvishy: I just jesse is going to se me up with a pass to get into nasa on Thu to work with you guys06:40
vishyranjib: as well as messages from dnsmasq in syslog somewhere06:40
edayvishy: so, yeah, after the summit we can hang out and work too (probably needed with the distributed data work)06:40
vishyeday: sounds like an excellent idea06:40
vishyOrman_: define sandboxing06:41
Orman_Well like making virtual guests contained so a user can't attack or access another users virtual guest.06:42
Orman_Containing06:43
vishyin vlan mode they are isolated06:44
vishyby project06:44
Orman_Only in vlan mode,but not all the other modes?06:45
vishyflat mode there is no isolation per project, but everything is isolated by security groups at the host level06:45
vishyso only explicitly opened ports can be accessed06:46
Orman_So my idea of a new sandboxing feature would not work because the host isolates it.06:46
*** guigui has joined #openstack06:47
Orman_vishy: So my idea of sandboxing probably wouldn't work?06:49
vishyi don't know exactly what more sandboxing you want?06:49
Orman_I just really first wanted to know if sandboxing existed already,but I really would like to have a universal sandboxing feature that could sandbox every mode.06:50
*** khussein has left #openstack06:51
Orman_vishy: Vlan's and etc06:51
vishyyeah, the issue is that you have to allow access from somewhere06:51
vishyor the instance is useless06:51
vishyso security groups allow you to be as specific as you want, you could only allow access from one specific ip for example.06:52
Orman_vishy: Just so I understand you I would have to allow an instance or access from one specific location in order for my sandboxing proposal to even be considered?06:53
Orman_vishy: Becuase you need something open for the users to access.06:54
Orman_* because06:54
vishyno.  I'm saying i don't see what additions sandboxing would have over what already is implemented in security groups06:54
vishyby default everything is blocked06:54
Orman_Ok06:54
Orman_Then the problem in fixed then and no need for my idea.06:55
vishyi think so.06:55
Orman_Ok I just wanted to make sure.06:55
Orman_Ok thanks.06:55
Orman_I wanted to check before I go about and waste time writing up a blueprint tomorrow.06:56
Orman_vishy: do you know if there is something in place that protects the data while running in the background of Nova?06:58
vishywhat do you mean by data?07:00
vishyand protection of it?07:00
Orman_I mean like protecting the user's data without the user being a aware of it.07:01
vishyprotecting = snapshotting or backing it up?07:01
Orman_Sort of like a background process to help protect data without07:01
vishyor encryption? or?07:01
Orman_backing it up.07:02
vishyno there is nothing automatic like that.  One of the blueprints in is for instance snapshotting07:03
vishyand automatic snapshotting should be a feature in nova07:03
Orman_Do you think it would be worth it to add a blueprint for background data backup in Nova?07:04
Orman_vishy: I wonder if my idea I am proposing is similar to automatic snapshotting07:07
*** ibarrera has joined #openstack07:07
vishyOrman_: sounds like it07:09
Orman_Ok thank you07:10
Orman_I didn't want to take credit of your automatic snapshotting idea if mine was similar to it.07:11
Orman_:P07:11
*** allsystemsarego has joined #openstack07:13
Avantvishy: one problem tht i ve started seeing with security groups is, when I create an instance, using euca-run.. the instance isnt associated with the default security group.. select * from security_group_instance_association returns an empty set07:16
Orman_vishy: well thank you for all your answers to my questions and I will add the blueprint about the background data backup idea very soon.07:18
vishyAvant: woah, strange07:18
vishyOrman_: cool, np07:18
Orman_If it's alright with you I might rename it to automatic snapshotting.07:19
vishysure07:19
Orman_Ok thanks07:19
Orman_:)07:19
Avantso, although the rule is created properly, it probably has no effect because of the missing instance . I m now trying to explicitly specify group using -g07:19
Orman_One more question before I go vishy.07:19
vishyif you do eucz-describe-groups does it show the default?07:19
vishys/eucz/euca07:20
Orman_vishy: Does Swift have automatic snapshotting or a similar idea to what I;m proposing for data?07:20
Avantnope, even after explicitly specifying a security group, i dont see it in euca-describe either..07:20
vishyOrman_: not exactly, but it is replicated to 3 separate locations, so it should be automatically protecting data07:20
vishyAvant: so something funky is going on with sec groups07:21
Avantvishy: maybe thats what the problem is :)07:21
Avantumm. ok. is it worth trying flat + dhcp.. or does that leave only the vlan option07:21
Orman_Okay so nova is the only one that doesn't have it developed into it's architecture?07:21
vishyyeah07:21
Orman_Ok thanks07:22
Orman_vishy07:22
Orman_I am out07:22
Orman_guys.07:22
Orman_God bless you all and have a great rest of the night. ;)07:22
vishyAvant: so somehow ensure_default_group is failing i guess?07:22
vishyAvant: I'm not quite sure how that is possible07:22
vishyyou are using libvirt/kvm?07:23
Avantyes07:23
vishyif you select * from security_groups do you get the default group?07:24
Orman_bye guys and god bless you all07:24
Orman_:)07:24
*** Orman_ has quit IRC07:24
Avantvishy: yes the default is listed07:25
Avant2010-10-27 06:20:12 | NULL       | NULL       |       0 |  1 | default | default     | admin   | admin      | +---------------------+------------+------------+---------+----+07:25
vishyand you are doing euca-run-instance as admin07:25
vishyi don't really see how that oculd be failing...07:26
vishyhmmm07:26
vishywait, are you using current trunk?07:26
AvantINSTANCE        i-qldnjy        ami-l71y6iit    10.12.70.2      10.12.70.2      launching       mykey (admin, osnova04)     0               m1.small        2010-11-03 07:18:3807:27
Avantwe're just installing on ubuntu using the package installer07:28
Avantapt-get install nova-*07:28
vishyhmm07:30
vishyi see the problem if this is using current trunk07:31
vishynot sure when the last packeges were installed07:31
vishys/installed/created07:31
*** kashyapc has joined #openstack07:32
Avantwe can, conceivably, get the austin tar and try this config on that..07:32
vishycan you check nova/compute/manager.py and see if there is a method called create_instance07:32
Avantok07:32
vishystarts on line 7207:32
Avantyea the method's here07:34
*** stewart has quit IRC07:37
vishyok07:41
vishyso line 90 is your prob07:41
vishywhere it tries to get sec_groups from kwargs07:41
vishyit is already explicitly a kwarg07:41
vishysorry, line 91 that is07:43
vishyif you remove line 91 and restart nova-api sec groups should start working07:44
vishyif that does work, we need to file a bug and submit a patch07:44
vishyit would be awesome if you would be willing to do so07:44
vishyif not, i will go ahead and do it myself in the morning07:44
vishyright now it is bed time though07:45
*** Ryan_Lane has quit IRC07:45
vishyit appears that bug was introduced in one of the last couple of patches07:49
*** ramkrsna has joined #openstack08:06
*** ramkrsna has joined #openstack08:06
ranjibmdiver_: u thetre?08:07
*** metoikos has joined #openstack08:09
*** ar1 has joined #openstack08:17
*** dysinger has quit IRC08:18
*** ar1 has quit IRC08:21
*** stewart has joined #openstack08:27
*** miclorb_ has joined #openstack08:28
*** stewart has quit IRC08:35
*** stewart has joined #openstack08:44
*** eldarnugaev has left #openstack08:48
*** almaisan-away is now known as al-maisan08:49
*** kashyapc has quit IRC08:52
*** kashyapc has joined #openstack08:53
*** ptremblett has quit IRC08:57
Avantvishy: thanks for your help. sec groups started working after removing that line. I've also filed a bug under nova for this : Bug #67027809:03
uvirtbotLaunchpad bug 670278 in nova "new instance isnt associated with a security group by default" [Undecided,New] https://launchpad.net/bugs/67027809:03
ttxsoren: about the release process spec09:10
sorenttx: Yeah. I'd like to hear about that two-freeze thing you mentioned.09:10
uvirtbotNew bug: #670278 in nova "new instance isnt associated with a security group by default" [Undecided,New] https://launchpad.net/bugs/67027809:11
ttxI think we need a branch merge proposal freeze before feature freeze, to give time to review those09:11
ttxfeature freeze should be the time when branches are merged, not proposed.09:12
ttxsoren: but that's just a proposal09:12
sorenYeah. It wasn't entirely clear to me if filing the merge proposal before ff was ok or if it had to be actually merged before ff.09:12
ttxthat would clarify it09:12
ttxobviously getting a branch merge proposal freeze exception shouldn't be that hard before FF09:12
sorenRight.09:13
ttxsoren: but having and BMPF like one week before gives time for review and fixes before merging09:13
ttxs/and/a09:13
sorenDo you have a draft release schedule? that would help me get the overview.09:13
ttxso there is a release schedule BP as well, to discuss length of cycles and dates09:14
ttxsoren: my understanding was that we had to discuss and decide on it during the summit09:14
sorenSure.09:15
ttxsoren: but I can draft a few options, obviously09:15
ttxwill do this this week09:15
sorenIt would just help me understand your proposal if there was a full release schedule included in it with the various freezes and whatnot.09:15
ttxright09:15
sorenRight, great.09:15
sorenttx: Is the technical process of making the release going to be part of that spec, too?09:25
ttxsoren: yes09:25
sorenGreat.09:25
ttxI need to learn a lot in that area ;)09:25
sorenEveryone does.09:25
* soren included09:26
ttxit's a bit different from releasing a distribution.09:26
sorenYeah. Luckily, it's supposed to be simpler, I think.09:26
*** miclorb_ has quit IRC09:40
*** Avant has quit IRC09:40
*** ptremblett has joined #openstack09:57
*** schisamo has quit IRC10:03
*** burris has quit IRC10:12
*** burris has joined #openstack10:17
*** stewart has quit IRC10:25
*** arthurc has quit IRC10:26
*** arthurc has joined #openstack10:29
*** gustavomzw has joined #openstack10:39
*** ambo has left #openstack10:46
*** omidhdl1 has left #openstack10:47
*** krish has quit IRC10:48
*** ddumitriu has joined #openstack11:17
*** dizz has joined #openstack11:22
*** ramkrsna has quit IRC11:26
*** BK_man has joined #openstack11:29
*** krish has joined #openstack11:34
*** ctennis has quit IRC11:41
*** ddumitriu has quit IRC11:55
*** guynaor has quit IRC11:55
*** stewart has joined #openstack11:56
*** guynaor has joined #openstack11:58
*** kashyapc has quit IRC11:59
*** ctennis has joined #openstack12:02
*** ctennis has joined #openstack12:02
*** ddumitriu has joined #openstack12:05
*** metoikos has quit IRC12:08
*** metoikos has joined #openstack12:09
*** westmaas has joined #openstack12:23
*** kashyapc has joined #openstack12:30
*** mmalgeri has joined #openstack12:31
*** Podilarius has left #openstack12:38
*** ttx has quit IRC12:43
*** ttx has joined #openstack12:44
*** ttx has joined #openstack12:44
ranjibhas anybody faced any issue while installing m2crypto for python 2.6 on centos?12:44
ranjibi ended up in tampering the opensslconf header file.. wondering  if theres a cleaner solution12:45
*** mmalgeri has quit IRC12:50
zulDaviey: i was thinking of using ip addr show or something12:51
Davieyzul: I wonder if http://pypi.python.org/pypi/netifaces/ is the best idea... would provide cross platform support, but equally an extra depends12:52
Davieyzul: The current proposed method seems to rely on having the entry in /etc/hosts12:53
zulDaviey: right12:53
zuloh goody there is a ubuntu package for it12:55
dendrobateswelcome ttx12:57
*** allsystemsarego has quit IRC12:58
ttxdendrobates: hey!12:59
*** pvo has joined #openstack12:59
*** ChanServ sets mode: +v pvo12:59
*** pvo has quit IRC13:03
*** hazmat has joined #openstack13:03
*** jdarcy has joined #openstack13:04
*** krish has quit IRC13:10
pikenmorning all13:14
*** westmaas has quit IRC13:20
*** krish has joined #openstack13:22
dendrobatespiken: good morning:  and I assume you are in North America, where it is morning.13:23
dendrobatesor south america13:23
sorenDaviey: I had a patch that used:13:25
sorenip route get 8.8.8.813:25
*** kashyapc has quit IRC13:25
soren...and then grabbed the "src x.y.z.m" bit.13:25
*** kashyapc has joined #openstack13:26
*** burris has quit IRC13:27
*** krish has quit IRC13:27
zulsoren: yeah but thats not portable is it?13:28
sorenzul: It doesn't run on Windows, no.13:29
sorenzul: But hardly anything does.13:29
zulsoren: i was thinking more like freebsd13:29
sorenNo clue.13:29
zulor even the crazy people who run osx ;)13:30
zulsoren: http://alastairs-place.net/netifaces/13:30
sorenHow do we know which interfaces is the "public" one?13:32
*** burris has joined #openstack13:32
zulsoren: good question13:32
*** westmaas has joined #openstack13:33
*** mdiver has joined #openstack13:36
*** mdiver_ has joined #openstack13:36
*** mdiver has quit IRC13:40
*** mdiver_ is now known as mdiver13:40
*** ikk has left #openstack13:44
*** littleidea has joined #openstack13:51
pikendendrobates: no, south florida where it is too humid already to be night. lol13:52
*** pvo has joined #openstack13:54
*** ChanServ sets mode: +v pvo13:54
* soren headdesks13:59
*** iammartian has joined #openstack14:00
sorenzul, Daviey: Uh, guys... I worked out how to solve the socket thing..14:00
dendrobatesjaypipes: can you change maintainer to openstack-common  to ~openstack-administrators14:01
*** pvo_ has joined #openstack14:01
*** ChanServ sets mode: +v pvo_14:01
*** dizz is now known as dizz|away14:10
*** pvo_ has quit IRC14:12
*** iammartian has quit IRC14:12
*** pvo has quit IRC14:12
*** hazmat has quit IRC14:12
*** gustavomzw has quit IRC14:12
*** neogenix has quit IRC14:12
*** hggdh has quit IRC14:12
*** tomo_bot has quit IRC14:12
*** ChrisAM has quit IRC14:12
*** HouseAway has quit IRC14:12
*** cory_ has quit IRC14:12
*** Robi_ has quit IRC14:12
*** cclien has quit IRC14:12
*** redbo has quit IRC14:12
*** pquerna has quit IRC14:12
*** jk0 has quit IRC14:12
*** spy has quit IRC14:12
*** ddumitriu has quit IRC14:12
*** aimon has quit IRC14:12
*** jaypipes has quit IRC14:12
*** ivan has quit IRC14:12
*** exlt has quit IRC14:12
*** terje has quit IRC14:12
*** seats has quit IRC14:12
*** czajkowski has quit IRC14:12
*** burris has quit IRC14:12
*** that1dude has quit IRC14:12
*** wreese has quit IRC14:12
*** metoikos has quit IRC14:12
*** guigui has quit IRC14:12
*** morfeas has quit IRC14:12
*** comstud has quit IRC14:12
*** dubs has quit IRC14:12
*** PiotrSikora has quit IRC14:12
*** clayg has quit IRC14:12
*** fitzdsl has quit IRC14:12
*** dwight has quit IRC14:12
*** littleidea has quit IRC14:12
*** kashyapc has quit IRC14:12
*** guynaor has quit IRC14:12
*** spike has quit IRC14:12
*** openfly has quit IRC14:12
*** jfluhmann has quit IRC14:12
*** Phacops has quit IRC14:12
*** taihen has quit IRC14:12
*** notmyname has quit IRC14:12
*** karmabot has quit IRC14:12
*** _cerberus_ has quit IRC14:12
*** [ack]_ has quit IRC14:12
*** nevele has quit IRC14:12
*** ctennis has quit IRC14:12
*** zykes- has quit IRC14:12
*** infernix has quit IRC14:12
*** zul has quit IRC14:12
*** deshantm has quit IRC14:12
*** jtimberman has quit IRC14:12
*** Kdecherf has quit IRC14:12
*** btorch_ has quit IRC14:12
*** pandemicsyn has quit IRC14:12
*** ranjib has quit IRC14:12
*** ttx has quit IRC14:12
*** ioso has quit IRC14:12
*** perestrelka has quit IRC14:12
*** anotherjesse has quit IRC14:12
*** dagger has quit IRC14:12
*** kirkland has quit IRC14:12
*** bburhans has quit IRC14:12
*** mtaylor has quit IRC14:12
*** gholt has quit IRC14:12
*** annegentle has quit IRC14:12
*** soren has quit IRC14:12
*** Kami_ has quit IRC14:12
*** cruciform has quit IRC14:12
*** loglaunch has quit IRC14:12
*** tmarble has quit IRC14:12
*** Mr_T has quit IRC14:12
*** davidX- has quit IRC14:12
*** keekz has quit IRC14:12
*** ibarrera has quit IRC14:12
*** kevnfx has quit IRC14:12
*** Dweezahr has quit IRC14:12
*** dfg_ has quit IRC14:12
*** brainproxy has quit IRC14:12
*** cloud0 has quit IRC14:12
*** creiht has quit IRC14:12
*** letterj has quit IRC14:12
*** stuart_ has quit IRC14:12
*** screen-x has quit IRC14:12
*** deshantm_cosi has quit IRC14:12
*** sagi_ has quit IRC14:12
*** mattt has quit IRC14:12
*** lool has quit IRC14:12
*** anticw has quit IRC14:12
*** mdiver has quit IRC14:12
*** vishy has quit IRC14:12
*** devcamcar has quit IRC14:12
*** EdwinGrubbs has quit IRC14:12
*** londo has quit IRC14:12
*** chmouel has quit IRC14:12
*** dendrobates has quit IRC14:12
*** glange_ has quit IRC14:12
*** al-maisan has quit IRC14:12
*** FeliXdk has quit IRC14:12
*** dfg has quit IRC14:12
*** ianweller has quit IRC14:12
*** joschi has quit IRC14:12
*** eday has quit IRC14:12
*** tr3buchet has quit IRC14:12
*** jbarratt_ has quit IRC14:12
*** jdarcy has quit IRC14:12
*** arthurc has quit IRC14:12
*** ptremblett has quit IRC14:12
*** xtoddx has quit IRC14:12
*** sleepsonthefloor has quit IRC14:12
*** h1nch has quit IRC14:12
*** rbergeron has quit IRC14:12
*** DesiJat has quit IRC14:12
*** polvi has quit IRC14:12
*** cw has quit IRC14:12
*** alekibango has quit IRC14:12
*** termie has quit IRC14:12
*** arcane has quit IRC14:12
*** Daviey has quit IRC14:12
*** tsharju has quit IRC14:12
*** larissa has quit IRC14:12
*** jarrod has quit IRC14:12
*** jed has quit IRC14:12
*** michaeldreamhost has quit IRC14:12
*** uvirtbot has quit IRC14:12
*** klumpie has quit IRC14:12
*** rdw has quit IRC14:12
*** ohkus has quit IRC14:12
*** chromakode has quit IRC14:12
*** crazed has quit IRC14:12
*** holoway has quit IRC14:12
*** jeevan_ullas has quit IRC14:12
*** soosfarm has quit IRC14:12
*** elasticdog has quit IRC14:12
*** piken has quit IRC14:12
*** irahgel has quit IRC14:12
*** CodeBlock[s] has quit IRC14:12
*** f4m8 has quit IRC14:12
*** herki has quit IRC14:12
*** syah has quit IRC14:12
*** mjmac has quit IRC14:12
*** gdusbabek has quit IRC14:12
*** ChanServ has quit IRC14:12
*** rackerhacker has quit IRC14:20
*** rackerhacker has joined #openstack14:33
*** notmyname has joined #openstack14:33
*** arthurc has joined #openstack14:33
*** gondoi has joined #openstack14:33
*** pvo has joined #openstack14:33
*** iammartian has joined #openstack14:33
*** mdiver has joined #openstack14:33
*** burris has joined #openstack14:33
*** kashyapc has joined #openstack14:33
*** jdarcy has joined #openstack14:33
*** hazmat has joined #openstack14:33
*** ttx has joined #openstack14:33
*** metoikos has joined #openstack14:33
*** ddumitriu has joined #openstack14:33
*** ctennis has joined #openstack14:33
*** guynaor has joined #openstack14:33
*** ptremblett has joined #openstack14:33
*** ibarrera has joined #openstack14:33
*** rdw has joined #openstack14:33
*** ioso has joined #openstack14:33
*** ranjib has joined #openstack14:33
*** neogenix has joined #openstack14:33
*** elasticdog has joined #openstack14:33
*** perestrelka has joined #openstack14:33
*** hggdh has joined #openstack14:33
*** cruciform has joined #openstack14:33
*** xtoddx has joined #openstack14:33
*** vishy has joined #openstack14:33
*** sleepsonthefloor has joined #openstack14:33
*** devcamcar has joined #openstack14:33
*** anotherjesse has joined #openstack14:33
*** jed has joined #openstack14:33
*** Dweezahr has joined #openstack14:33
*** zykes- has joined #openstack14:33
*** spike has joined #openstack14:33
*** infernix has joined #openstack14:33
*** morfeas has joined #openstack14:33
*** comstud has joined #openstack14:33
*** openfly has joined #openstack14:33
*** aimon has joined #openstack14:33
*** alekibango has joined #openstack14:33
*** termie has joined #openstack14:33
*** al-maisan has joined #openstack14:33
*** jfluhmann has joined #openstack14:33
*** dfg_ has joined #openstack14:33
*** jaypipes has joined #openstack14:33
*** verne.freenode.net sets mode: +vvv notmyname pvo comstud14:33
*** zul has joined #openstack14:33
*** dagger has joined #openstack14:33
*** ivan has joined #openstack14:33
*** EdwinGrubbs has joined #openstack14:33
*** ohkus has joined #openstack14:33
*** exlt has joined #openstack14:33
*** czajkowski has joined #openstack14:33
*** arcane has joined #openstack14:33
*** tomo_bot has joined #openstack14:33
*** kirkland has joined #openstack14:33
*** ChrisAM has joined #openstack14:33
*** bburhans has joined #openstack14:33
*** londo has joined #openstack14:33
*** Phacops has joined #openstack14:33
*** brainproxy has joined #openstack14:33
*** mtaylor has joined #openstack14:33
*** that1dude has joined #openstack14:33
*** piken has joined #openstack14:33
*** Daviey has joined #openstack14:33
*** screen-x has joined #openstack14:33
*** gholt has joined #openstack14:33
*** eday has joined #openstack14:33
*** h1nch has joined #openstack14:33
*** dubs has joined #openstack14:33
*** DesiJat has joined #openstack14:33
*** cloud0 has joined #openstack14:33
*** spy has joined #openstack14:33
*** verne.freenode.net sets mode: +vvvo exlt mtaylor eday spy14:33
*** pquerna has joined #openstack14:33
*** redbo has joined #openstack14:33
*** Robi_ has joined #openstack14:33
*** cclien has joined #openstack14:33
*** cory_ has joined #openstack14:33
*** jk0 has joined #openstack14:33
*** HouseAway has joined #openstack14:33
*** chmouel has joined #openstack14:33
*** deshantm has joined #openstack14:33
*** irahgel has joined #openstack14:33
*** chromakode has joined #openstack14:33
*** PiotrSikora has joined #openstack14:33
*** tr3buchet has joined #openstack14:33
*** jtimberman has joined #openstack14:33
*** stuart_ has joined #openstack14:33
*** fitzdsl has joined #openstack14:33
*** rbergeron has joined #openstack14:33
*** creiht has joined #openstack14:33
*** verne.freenode.net sets mode: +vvvv spy redbo jk0 creiht14:33
*** wreese has joined #openstack14:33
*** annegentle has joined #openstack14:33
*** terje has joined #openstack14:33
*** davidX- has joined #openstack14:33
*** tsharju has joined #openstack14:33
*** clayg has joined #openstack14:33
*** letterj has joined #openstack14:33
*** soren has joined #openstack14:33
*** dendrobates has joined #openstack14:33
*** larissa has joined #openstack14:33
*** seats has joined #openstack14:33
*** glange_ has joined #openstack14:33
*** CodeBlock[s] has joined #openstack14:33
*** jarrod has joined #openstack14:33
*** taihen has joined #openstack14:33
*** loglaunch has joined #openstack14:33
*** michaeldreamhost has joined #openstack14:33
*** dwight has joined #openstack14:33
*** deshantm_cosi has joined #openstack14:33
*** uvirtbot has joined #openstack14:33
*** Kami_ has joined #openstack14:33
*** sagi_ has joined #openstack14:33
*** nevele has joined #openstack14:33
*** [ack]_ has joined #openstack14:33
*** _cerberus_ has joined #openstack14:33
*** karmabot has joined #openstack14:33
*** f4m8 has joined #openstack14:33
*** herki has joined #openstack14:33
*** pandemicsyn has joined #openstack14:33
*** verne.freenode.net sets mode: +vvvv soren dendrobates _cerberus_ pandemicsyn14:33
*** btorch_ has joined #openstack14:33
*** Kdecherf has joined #openstack14:33
*** FeliXdk has joined #openstack14:33
*** ianweller has joined #openstack14:33
*** klumpie has joined #openstack14:33
*** mattt has joined #openstack14:33
*** crazed has joined #openstack14:33
*** lool has joined #openstack14:33
*** anticw has joined #openstack14:33
*** jbarratt_ has joined #openstack14:33
*** dfg has joined #openstack14:33
*** polvi has joined #openstack14:33
*** tmarble has joined #openstack14:33
*** joschi has joined #openstack14:33
*** Mr_T has joined #openstack14:33
*** keekz has joined #openstack14:33
*** cw has joined #openstack14:33
*** holoway has joined #openstack14:33
*** syah has joined #openstack14:33
*** mjmac has joined #openstack14:33
*** gdusbabek has joined #openstack14:33
*** soosfarm has joined #openstack14:33
*** jeevan_ullas has joined #openstack14:33
*** ChanServ has joined #openstack14:33
*** verne.freenode.net sets mode: +o ChanServ14:33
*** mtaylor has quit IRC14:35
*** mtaylor has joined #openstack14:35
*** mtaylor has joined #openstack14:35
*** ChanServ sets mode: +v mtaylor14:35
*** Podilarius has joined #openstack14:35
*** caleb_ has joined #openstack14:37
notmynamenasa peoples: you need to have a chat with those JPL guys http://www.networkworld.com/community/blog/nasa-takes-cloud-computing-mars14:41
notmynametell them to use openstack, not amazon ;-)14:41
sorenDo we care at all about shipping stuff as eggs?14:41
sorenPersonally, I don't.14:41
neogenix*makes note for sorenstargetaudience*14:43
ranjibi dont know.. but this seems to be popular way in python world14:45
soren*g*14:45
ohkuswhy...wouldn't they want to use amazon?14:46
sorenohkus: You do know which channel this is?14:46
ranjibbecause you should eat your own dogfood14:46
ohkusyes of course...but one thing does not fit all14:47
notmynamebut...the cloud!! ;-)14:48
jaypipesdendrobates: yup14:48
ohkusif you want to go after someone go after netflix14:49
neogenixsoren: would eggs not give us cross distribution package deployment if we didn't package for a specific distribution package manager14:50
neogenixohkus: they may have requirements for network, or infrastructure layout, even possibly instance sizing, that may not fit with what amazon offers.14:50
*** ddumitriu has quit IRC14:50
neogenixohkus: if you have specific requirements, a lot of the time you build it :D14:51
ohkusneogenix: possibly but I'm guessing they chose Amazon based on their requirements so it must be a good fit for them14:52
ohkus%90 solution with little engineering can be the best solution14:52
*** abecc has joined #openstack14:52
*** blakeyeager has joined #openstack14:52
notmynameperhaps, but it's also kinda like some department inside of cannonical using windows instead of ubuntu14:52
neogenixohkus: certainly, sorry, I was thinking NASA, which is where I got confused :P14:52
* notmyname is thinking of nasa too14:53
neogenixohkus: you're right, if it's a fit for their model, then it's certainly something they should use.14:53
ohkusnotmyname: so.....there are people in Microsoft using iphones. You use the best tool for your application.14:53
neogenixohkus: in addition, today no one sells an openstack based service :) (compute, at least)14:53
*** abecc has joined #openstack14:53
sorenneogenix: That's the /theory/.14:54
neogenixsoren: back to eggs :P14:54
ohkusopenstack isn't proven.....Amazon is14:54
sorenneogenix: Uh, yeah, I was referring to your Egg comment :)14:55
neogenixsoren: oh, yes, well I think we should consider it14:55
neogenixsoren: I think that's a job for ttx14:55
neogenixsoren:  :P14:55
sorenOk, so why do we care about eggs?14:56
neogenixsoren: are we going to create packages for *every possible distribution*?14:56
sorenNo.14:56
sorenEvery possible distrubtion is.14:56
soren*distribution14:57
sorenIt's not our job.14:57
neogenixsoren: will eggs be more user friendly than source?14:57
sorenSo why would we create an egg that noone is going to use (because the distros provide packages)?14:57
*** rnirmal has joined #openstack14:57
pikensoren: eggs would make it easy so others can build packages for multiple distros that install the egg and use the systems resources to install dependencies14:57
jedvirtualenv, non-distro usages14:57
jedI can think of dozens of reasons to create eggs14:57
sorenpiken: what?14:57
neogenixsoren: ah, what piken said before i could type it.14:57
sorenjed: Plz to enumerate.14:58
ttxsoren: how costly is it to create eggs ?14:58
jedI'd be hesitant to call eggs the 'perfect' system, but being able to sidestep distro python is extremely important to a python developer14:58
neogenixjed: certainly.14:58
sorenttx: It adds a lot of complexity to how we deal with "resources" (like templates and other data files).14:58
*** khussein has joined #openstack14:58
pikensoren: eggs are easy to create with setuptools allowing setuptools to be used to create an rpm, dep, etc that installs the egg. This would make it easier to get the project into things like the ubuntu repo or the centos repo as it makes the process of packaging much easier on the project.14:59
jedyes - distros will appreciate an egg-generated package14:59
* soren cannot bring himself to be a catalyst for sidestepping distro packaging14:59
sorenpiken: It doesn't!14:59
sorenpiken: Distros don't use eggs.14:59
sorenjed: No. they. won't.14:59
jedeggs produce rpms and debs14:59
jedverye asily.14:59
sorenNo.14:59
pikensoren:, they don't but setuptools has built in functions to turn the egg into an rpm or deb.15:00
sorenYou build debs and rpms from the same source as eggs.15:00
*** Cybodog has joined #openstack15:00
sorenDistros don't build packages based on eggs. They build them based on source.15:00
neogenixsoren: maybe this is something that we should leave to a supply and demand?15:00
pikensetuptools wont build the rpm if it doesn't have an egg config. it is a flaw in it, but it is there.15:00
jedthat's what I meant to say, really. you're already writing setup.py to make RPM/debs, why not make the egg?15:00
jedsorry I made that unclear15:00
*** ppetraki has joined #openstack15:01
neogenixsoren: certainly, if there's a demand for eggs, we'd help have them built, right?15:01
sorenBecuase it brings lots of pain and suffering, extra dependencies and headaches.15:01
jedmore than RPMs and debs?15:01
sorenYes.15:01
sorenSupporting running out of a zipfile is a hassle.15:01
neogenixsoren: lol.15:01
soren?15:01
ttxsoren: if you asked me, I'd say "no", but I'm biased and would like to hear more from the other side15:02
alekibangoi dont think eggs are much more friendly over sources15:02
neogenixsoren: the running out of a zipfile comment.15:02
ttxsoren: i'll add it as a topic in the bexar-release-process session15:03
alekibangothe only thing egg can be nice is when we will upgrade live services by spreading eggs15:03
ttxi.e. deliverables15:03
neogenixsoren: got a picture of someone double clicking on a windows machine, and trying to run it in there.15:03
neogenixttx: good idea.15:03
* ttx adds a note to the blueprint whiteboard15:03
sorenneogenix: Sorry, why is that funny?15:04
*** pvo has quit IRC15:04
neogenixsoren: never mind, i'd have to explain a bit more on whom I saw clicking on it trying to run it from the zip file.15:04
*** pvo has joined #openstack15:04
*** ChanServ sets mode: +v pvo15:04
*** jed has left #openstack15:05
*** aliguori has joined #openstack15:05
*** littleidea has joined #openstack15:05
*** aliguori has quit IRC15:06
ttxneogenix: done @ https://blueprints.launchpad.net/openstack-devel/+spec/bexar-release-process15:06
*** dragondm has joined #openstack15:07
neogenixttx: I think it'd go hand in hand with the documentation, and a few other release deliverables, so that's the perfect place for it :)15:08
ranjibif we have rpms/debs in place .. chances are less one would use the eggs ..15:10
*** neogenix has quit IRC15:14
mdiverranjib: Yes, I've removed lockfile 0.9.* and installed 0.8.0 , works fine now. Thanks.15:14
*** Cybodog has quit IRC15:14
*** ptremblett_ has joined #openstack15:15
ranjibmdiver:  libvirt-python is working too?15:16
*** ptremblett has quit IRC15:17
*** ptremblett_ is now known as ptremblett15:17
*** ptremblett_ has joined #openstack15:21
*** ptremblett has quit IRC15:23
*** ptremblett_ is now known as ptremblett15:23
*** dendrobates is now known as dendro-afk15:32
* soren pauses for dinner15:32
*** Podilarius has quit IRC15:33
*** Cybodog has joined #openstack15:33
*** metcalfc has joined #openstack15:34
creihtfyi (for yall's information) If any of you are going to be in SA early for the conference, there is an airshow Saturday and Sunday at Lackland AFB15:35
creihthttp://www.lackland.af.mil/airshow/15:35
*** metcalfc has joined #openstack15:35
*** dendro-afk is now known as dendrobates15:38
pikenThat is funny. There is one at Homestead AFB not far from me that I am taking my 7 month old son and wife to Saturday. lol15:39
creiht:)15:39
annegentle'tis the season for flying upside down? :)15:39
creihtAnd watching for vapor :)15:40
creihthttp://www.flickr.com/photos/thethiers/4087873367/15:40
pikenlol. I have my batteries for my D90 and D300 charges along with 24GB of open high speed SD cards. So my flicker account will be riddled with pics late sunday night. lol15:40
annegentlewoah cool15:41
creihthehe... I look forward to this weekend every year :)15:41
pikenI will have to post them for you guys to see. Weird thing is the head liners at the show on the AFB are the Navy's Blue Angels. lll15:41
dendrobatesjaypipes: I can't schedule any blueprints filed against openstack-common, until you change the maintainer.15:41
pikens/lll/lol/15:41
creihtI have an oly E3 with my 50-200mm, and plenty of batteries ready :)15:41
creihtpiken: I actually go on Saturday by myself to take pics, then I go the next day with my wife and kids to just enjoy it :)15:42
pikenI wish I had the time too. lol15:42
pikenI get to test out my new 10-20 sigma wide angle though, so should be nice.15:43
creihtnice15:43
creihtI'll also have my oly pen with 20mm prime on the side for the static displays15:43
mdiverWhile euca-upload-bundle , I'm getting nova.exception.NotAuthorized, I've double checked that I'm passing -s , -a and the certificates,  where can I check for user info , nova-manage user export user_name ?15:47
*** caleb_ has quit IRC15:50
mdiver./objectstore/handler.py is launching the exception15:54
*** khussein_ has joined #openstack15:55
mdiverIs there a way of checking the HTTP Headers on the objectstore ?15:55
ttxdendrobates: refreshed http://wiki.openstack.org/Summit with an ODS process explanation15:56
ttxdendrobates: waiting on email to point everyone to it15:56
*** khussein has quit IRC15:58
*** khussein_ is now known as khussein15:58
*** Cybodog has quit IRC15:59
*** kevnfx has joined #openstack16:01
rackerhackerdendrobates: you around?16:06
*** dendrobates is now known as dendro-afk16:10
*** dendro-afk is now known as dendrobates16:11
*** grizzletooth has joined #openstack16:11
jaypipesdendrobates: done.16:17
jaypipesdendrobates: sorry about that16:17
* jaypipes still trying to wrap his head around the US electorate...16:17
dendrobatesjaypipes: we're all teabaggers now.16:18
jaypipesdendrobates: heh, don't get me started...16:19
dendrobatesjaypipes: we took our twins to vote with us.  I asked Gabby who to vote for.  Her choice "Chocolate!"16:20
jaypipesdendrobates: :)16:20
ttxdendrobates: can you spare 2min of your precious time to review http://wiki.openstack.org/Summit and let me know if anything is missing16:21
*** pvo_ has joined #openstack16:22
*** ChanServ sets mode: +v pvo_16:22
*** pvo has quit IRC16:24
*** pvo_ is now known as pvo16:24
*** ppetraki has quit IRC16:26
dendrobatesunfortunately, Chocolate was not a teaparty backed candidate so 4 years of Vanilla.  :)16:26
dendrobatesttx: I'm on it.16:26
*** jc_smith has joined #openstack16:30
*** ibarrera has quit IRC16:31
*** metoikos has quit IRC16:31
jaypipesttx: welcome aboard, btw! :)16:34
ttxjaypipes: thanks !16:34
edayttx: yes, welcome! are you going to make it to the summit?16:37
*** cole has joined #openstack16:38
ranjibany chance the summit can be webcasted  ?16:38
ttxeday: yep16:38
colei'll break out Qik on the evo :P16:39
coleis anyone on a clean ubuntu 10.10 box that does not yet have openstack on it?16:39
*** ranjib has quit IRC16:40
ttxcole: I wouldn't call my box "clean", but it doesn't have openstack on it. What is your question ?16:40
colettx: I wrote an install.sh for 10.10 to do a one step install..I'm on a VM and that wont work for obvious reasons.16:41
colelooking for someone willing to help test it16:41
ttxcole: I could spend a few cycles tomorrow morning on that16:42
dendrobatescole: Nova will run in a vm if you use uml.16:43
ttxcole: shoot me an email if you can't get it tested by someone else before your end of day (see pm for email)16:43
*** kashyapc has quit IRC16:43
*** joearnold has joined #openstack16:43
colettx: thx!16:43
dendrobatesttx: the page looks good16:44
coleden: I actually don't want to use it in a VM.  It's meant to replace the wiki's 100 steps with "Download and run"16:44
colei guess maybe i could modify to do either16:44
ttxdendrobates: ok, will send16:45
*** khussein has quit IRC16:48
*** Cybodog has joined #openstack16:48
*** khussein has joined #openstack16:48
*** infernix has quit IRC16:54
*** kashyapc has joined #openstack16:55
*** 36DAARAVK has joined #openstack17:02
*** infernix has joined #openstack17:04
*** pvo has quit IRC17:05
*** screen-x has quit IRC17:05
*** metcalfc has quit IRC17:07
*** metcalfc has joined #openstack17:09
*** kevnfx has quit IRC17:10
*** screen-x has joined #openstack17:10
Davieycole: Fancy pushing it somewhere?17:12
*** 36DAARAVK has quit IRC17:13
Davieycole: I started editing vishy's nova.sh script to use Ubuntu packages... but it's not finished... sounds like you are further along.17:13
*** Cybodog has quit IRC17:17
*** Orman has joined #openstack17:19
OrmanHey guys. ;)17:20
*** electroniceagle has joined #openstack17:23
jc_smithIs the reason we use the euca2ools and not ec2-api-tools because the ec2-api-tools require a EC2 SOAP interface?17:23
jc_smithand euca uses the REST one?17:24
*** schisamo has joined #openstack17:24
*** ppetraki has joined #openstack17:27
*** ppetraki has quit IRC17:28
*** silassewell has joined #openstack17:29
*** kashyapc has quit IRC17:29
*** westmaas has quit IRC17:33
*** allsystemsarego has joined #openstack17:33
Ormanalekibango: Hey man17:34
*** kw1 has joined #openstack17:36
*** dendrobates is now known as dendro-afk17:36
al-maisanjc_smith: I believe it is due to a licensing issue ..17:38
jc_smithI think I read though that the ec2 tools require a SOAP endpoint17:38
jc_smithwhich I assume excludes it from working against nova? because nova just has the REST endpoint?17:39
*** littleidea has quit IRC17:39
vishysoren: there is another patch that works even if you don't have public internet17:43
*** kashyapc has joined #openstack17:44
vishyDaviey: nova.sh uses ubuntu packages through the ppa.  Do you mean downloading the packages directly and using dpkg?17:47
*** dendro-afk is now known as dendrobates17:48
vishysoren: alternative solution that doesn't require specifying an ip?17:48
Davieyvishy: Hmm... unless i'm basing from an old version, it seemed yours heavily used easy_install or pip for satisfying depends?17:49
vishysoren: here http://bazaar.launchpad.net/~zulcss/nova/nova-lp-668229/revision/39017:49
vishyDaviey: yes that is an older version17:49
Davieyvishy: That solution is skewed in some situations, particularly if /etc/hosts is somewhat confused.17:50
vishyDaviey: i switched to all packages with last version, since we started requiring the ppa for the new version of libvirt anyway17:50
Davieydammit :)17:50
Davieyvishy: Where do you store it now?17:50
vishysame place17:51
vishyhttp://github.com/vishvananda/novascript17:51
Davieygreat, thanks17:51
Davieycole: Does yours do the same thing as vishy's?17:51
vishyDaviey: look at my name17:52
vishyDaviey: oh that is directed at cole...nm17:53
*** electroniceagle has quit IRC17:53
*** electroniceagle has joined #openstack17:54
Davieyvishy: I'm wondering if that script would benefit from being in lp:nova under contrib/ or something?  Meaning others can also contribute, and perhaps improving discoverability?17:54
vishyDaviey: seems reasonable17:54
*** joearnold has quit IRC17:55
vishythe thing is the script pulls from trunk to get the most recent code17:55
*** electroniceagle1 has joined #openstack17:55
*** pvo has joined #openstack17:56
*** ChanServ sets mode: +v pvo17:56
*** electroniceagle has quit IRC17:57
*** kw1 has left #openstack17:57
*** joearnold has joined #openstack17:58
Davieyvishy: yeah, so one fix for that is: bzr --no-plugins cat http://bazaar.launchpad.net/~hudson-openstack/nova/trunk/contrib/nova-dev-env.sh > nova.sh ; chmod +x nova.sh17:59
Davieyor similar17:59
vishymakes sense. I'll put in a merge proposal when i get a chance17:59
Davieyvishy: rocking!18:00
*** msinhore has joined #openstack18:00
OrmanI am putting together the automatic snapshotting blueprint for nova. ;)18:02
*** khussein has joined #openstack18:03
*** ctennis has quit IRC18:04
*** dragondm has quit IRC18:04
*** terje has quit IRC18:13
*** littleidea has joined #openstack18:13
*** al-maisan is now known as almaisan-away18:18
OrmanAre there any docs out there for snapshotting?18:24
OrmanI am trying to find some.18:24
*** daleolds has joined #openstack18:24
vishyguys: fix and test in for security group issue here https://code.launchpad.net/~vishvananda/nova/lp670278/+merge/3999818:24
*** cole has quit IRC18:25
vishyOrman: https://blueprints.launchpad.net/nova/+spec/snapshot-instance18:25
vishyOrman: http://wiki.openstack.org/SnapshottingInstanceVolume18:25
Ormanvishy: I am making the blueprint for the automatic snapshotting.18:25
*** westmaas has joined #openstack18:27
*** kw1 has joined #openstack18:29
*** kashyapc has quit IRC18:37
*** ptremblett has quit IRC18:41
Ormanvishy: Tell me if this is to confusing18:47
Ormanhttps://blueprints.launchpad.net/nova/+spec/automatic-snapshotting-in-nova18:47
mdivervishy: hope you're doing well.  I've installed nova running the Centos version18:49
*** kashyapc has joined #openstack18:49
mdivervishy: now I can see lots of Screen sockets, but for some reason there is no nova-* process running...18:50
dendrobatesOrman: do you just mean a scheduled non-interactive snapshot?18:50
dendrobatesor backup as they like to call it18:51
OrmanYes one that runs in the background.18:51
OrmanBackup18:51
Ormandendrobates: Yes, I hope my idea of such a feature is the first.18:53
mdiverCan I start nova-* process manually and put them on bg ?18:53
Ormandendrobates: should I call it something else.18:53
dendrobatesOrman: rackspace already has that concept.  check with pvo, to see if their is a duplicate blueprint18:53
Orman:(18:54
OrmanOk18:54
OrmanI was either talking to vishy or someone else about automatic snapshotting last night and I believe someone said there wasn't a automatic snapshotting in nova.18:56
OrmanI could have this wrong though.18:56
pvoOrman: not yet. Thats what we're going to build18:56
OrmanSo there is another blueprint you're saying?18:56
dendrobatesOrman: not yet, but to deploy nova at rackspace we will need to implement it.18:56
*** littleidea has quit IRC18:56
OrmanOk.....18:57
pvoOrman: there is another blueprint for snapshots18:57
OrmanOk no worries I'll delete mine18:57
*** dragondm has joined #openstack18:57
OrmanMy blueprint would be for automatic snapshots.18:59
OrmanHowever I see your point.19:00
pvoautomatic == scheduled ?19:00
pvohttps://blueprints.launchpad.net/nova/+spec/xs-snapshots19:00
OrmanYes19:00
OrmanOkay thanks guys I guess there is feature already for this.19:01
*** mdomsch has joined #openstack19:01
*** grizzletooth has left #openstack19:01
OrmanI delete mine now to help prevent any duplicates.19:01
*** westmaas has quit IRC19:03
*** joearnold has quit IRC19:04
*** littleidea has joined #openstack19:05
*** westmaas has joined #openstack19:14
Ormandendrobates: http://etherpad.openstack.org/NovaSecurityNotes19:14
OrmanWe have added more to it.19:14
vishymdiver: you can run them manually, yes.  I prefer to have mine in different screens19:15
dendrobatesOrman: looking19:17
*** electroniceagle1 has quit IRC19:17
OrmanOk19:18
*** electroniceagle has joined #openstack19:18
Ormandendrobates: some stuff will have to be scratched off,but we're trying to identify the goals first then implement the architecture. ;)19:19
Ormandendrobates: Feel free to add anything.19:19
*** westmaas has quit IRC19:23
*** HouseAway is now known as AimanA19:29
*** zaitcev has joined #openstack19:31
*** electroniceagle has quit IRC19:32
sorenvishy: My patch doesn't require public internet?19:33
vishysoren: yeah i figured that out after i posted19:33
sorenvishy: ...and doesn't require anything in particular from /etc/hosts (unlike the patch you referenced).19:33
vishysoren: ok19:33
*** jakedahn has joined #openstack19:34
*** jakedahn has joined #openstack19:34
sorenvishy: I also wasn't sure if the order in which gethostbyname_ex returned those IP's was guaranteed to be a particular way.19:34
vishysoren: I thought maybe you hadn't seen it19:34
sorenvishy: Hm... Although, I'm not sure what happens if you have no default gw (i.e. no route to 8.8.8.8).19:34
vishysoren: sounds like you have though :)19:34
*** westmaas has joined #openstack19:35
vishysoren: well it has to be better than what is in there now19:35
Ormandendrobates: We're are still in the process of adding new things to the notes.19:37
sorenvishy: It fails with ENETUNREACH. That's probably fine.19:37
sorenI honestly forget why we even need the public IP?19:37
vishydoes it fail immediately?19:37
sorenvishy: Yes.19:37
vishyyeah that is fine then19:37
vishythe delay is painful19:37
sorenYeah.19:38
sorenOh, it's for VPN.19:38
sorenHeh. So most of us never needed it :)19:38
*** pvo has quit IRC19:39
vishy:)19:39
vishyI have a bunch of vpn fixes that i will be proposing soon19:39
sorenvishy: anotherjesse mentioned you guys have puppet recipes.. Can you share them?19:39
*** littleidea has quit IRC19:40
*** electroniceagle has joined #openstack19:40
vishysoren: we're trying to figure out where the following items go: novatools, novascript, puppet recipes19:41
vishydirectory? branch? new project under openstack?19:42
sorenI'd say branch under nova. For now, at least.19:42
sorenMoving them later on is simple.19:42
sorenEr... What is novascript?19:42
vishysoren: ok, should we create a subdirectory called puppet?19:43
sorenI guess novatools is a fork euca2ools?19:43
vishynovascript is my install script19:43
sorenOh, that.19:43
vishyno novatools are scripts for hardware staging and a curses based nova-top19:43
vishybasically just management helper tools19:43
sorenvishy: Yeah, just stick 'em in ~anso/nova/puppet or whatnot.19:43
sorenvishy: We should probably have a contrib/ sort of thing in nova proper for stuff like nova-top.19:44
vishyperhaps we rename tools to contrib?19:44
alekibangoi like tools more19:44
sorenThis is getting philosophical :)19:45
sorenI was really just interested in getting my hand on those puppet recipes :)19:45
vishyi've written a couple of helpers like nova-mimic and nova-sshbin that are useful little tools as well19:45
vishysoren: ok we'll get them out before summit19:45
vishys/nova-sshbin/nova-sshvpn19:48
dendrobatesvishy: Daviey and the rest of the ubuntu devs are interested in the puppet recipes too19:48
*** ptremblett has joined #openstack19:55
Davieyoh, we very much are vishy... we have a couple of Ubuntu specifications for it... making it an optional core part of ubuntu server19:57
DavieyOne of the main steakholder stacks is openstack for it...19:58
Davieyanother one is hadoop.19:58
vishyDaviey: settled on puppet over chef?19:58
sorenvishy: We did that a while ago.19:59
Davieyvishy: I think we are going to focus more on puppet this cycle19:59
* dendrobates stays out of this one19:59
jc_smithare there any other ec2 command line tools that work with nova well other than euca2ool that people can recommend?19:59
Davieyalekibango: fwiw, tools sounds like something essential... where contrib, to me at least, is optional extras.. dainty little scripts etc.20:00
vishyDaviey: we like chef, but we can't really use opscode platform and I understand scaling chef server poroperly is not trivial20:00
sorenMan, this sucks. I had a really, really good idea while I was doing the dishes. Then my daughter did something funny and I lost my train of thought. Now I can't remember what this awesome idea was.20:00
dendrobatesha20:00
vishysoren: sharks with lazers?20:00
Davieyvishy: TBH, our team is more familiar with puppet... not that it should be the main reason, but we are more familar with it for a reason20:01
sorenvishy: No, this was a new idea. :)20:01
Daviey:)20:01
dendrobatessoren: dirty up some more dishes and then wash them.20:01
sorendendrobates: I tried.20:01
sorensrsly20:01
dendrobatesDaviey: there was a contentious UDS session in Barcelona titled puppet v. chef20:01
Davieysoren: If it helps, i have a stack of washing up that needs doing?20:01
*** electroniceagle has left #openstack20:01
sorenDaviey: Ship it over, test your luck.20:02
*** neogenix has joined #openstack20:02
Davieydendrobates: Sadly, my emacs vs vim blueprint was rejected for Dallas20:02
dendrobatesDaviey: as was my Christianity vs Atheism spec20:03
dendrobatesDaviey: AHHH, why does the summit software make me enter times in UTC, when it knows the timezone.20:04
*** pvo has joined #openstack20:04
*** ChanServ sets mode: +v pvo20:04
sorenAnd my "How much wood would a woodchuck chuck if a woodchuck could chuck wood" spec.20:04
Davieydendrobates: For creating slots, or setting the agenda?20:05
dendrobatesslots20:06
Davieydendrobates: there is a handy tool to help fix that..... :)20:06
dendrobatesDaviey: really?20:06
Davieyjust create it in $whatever, and run ./manage.py fixtimeoffset=+1 iirc to add one hour20:07
dendrobatesis there a tool to duplicate days, so you don;t have to reenter all the info20:07
Davieyno... TBH - with Ubuntu it's normally done with injecting raw SQL :(20:07
dendrobatesDaviey: I need to look into the manage.py functions20:07
DavieyHowever, one of the work items for this cycle is to create a script for generating days20:08
Davieyit's probably about 10 lines of code to have a script for duplicating days btw20:08
dendrobatesso...  I'm going to push the summit to 6pm like UDS does, any objections?  I would rather have longer days than more concurrent sessions20:09
neogenixdendrobates: no arguments here ;)20:10
*** ctennis has joined #openstack20:10
*** ctennis has joined #openstack20:10
dendrobatesmaybe we can get some beer brought up and start happy hour early :)20:10
sorendendrobates: I alrady created all the slots?20:10
sorendendrobates: I wrote a (fugly) script that did it.20:11
dendrobatessoren: I am changing them, to align with lunch and other known distractions20:11
sorendendrobates: Oh, changing existing ones?20:11
dendrobatessoren: I deleted most of them20:11
sorendendrobates: I see.20:12
jk0did someone say beer?20:12
msinhorehello all20:12
dendrobateshello20:13
msinhoreI'm investigating the openstack to use in a private cloud product. The XCP (Xen Cloud Platform) and XenServer is already supported?20:13
*** littleidea has joined #openstack20:14
*** jc_smith has quit IRC20:14
msinhoreIf you need some help with that I've a good xenapi knowledge20:14
msinhorehi dendrobates20:15
*** Orman has quit IRC20:15
dendrobatesmsinhore: citrix is involved and has written xenapi support for openstaxk20:15
Davieysoren: Your script, was it a management command?20:15
sorenDaviey: Nope.20:16
dendrobatesI bet he just shoved it into sqlite20:16
Davieysoren: wow, you are brave......20:16
sorenI used Django's ORM.20:16
sorenJust a couple of nested loops.20:16
dendrobatesDaviey: are these Managment commands documented somewhere?20:16
Davieydendrobates: docs aren't great... but you can get an idea from ./manage.py help20:17
sorenSomething like this: http://paste.openstack.org/show/92/20:17
sorenNot the exact thing I ran, but close.20:18
*** kevnfx has joined #openstack20:18
Davieysoren: that is largely what i had in mind for the management command20:18
sorenDaviey: It should use the start/end properties instead, though.20:19
Davieysoren: Have a look in summit/schedule/management/commands/  - if you are keen to create a decent createslots command20:19
sorenI'm not.20:23
soren:)20:23
sorenIt seems you are, though. Go on. You know you want to.20:23
msinhoreare you think in some integration with load-balancers like F5/big-ip, netscalers, etc… or it's to be out of the openstack source?20:24
sorenThere should be a law preventing people from not mentioning that name of a the file within the file. I spent forever grepping all over the place for lpupdate trying to find out where the heck it was defined until I realised there was a file named lpupdate.py.20:24
*** joearnold has joined #openstack20:25
*** littleidea has quit IRC20:25
*** littleidea has joined #openstack20:25
*** arthurc has quit IRC20:25
vishysoren: lol20:26
sorenDaviey: ..but I guess that's a remnant from when Scott was working on it. Hahah! Get it? Remnant?20:26
Davieysoren: hah20:26
Davieysoren: You should never have got involved with software development, clearly your expertise is being a comedian. :)20:27
*** littleidea has quit IRC20:30
dendrobatesmsinhore: I would expect us to do load balancing as a service at some point in the future, but with open source components20:32
msinhoredendrobates: It will be nice!  But I could write a third part software like a plugin to openstack for support proprietaries load balancer, right?20:41
neogenixmsinhore: my blueprint hopefully creates the foundation for that sort of connection.20:47
sorenDaviey: Nah, I wouldn't enjoy all the traveling.20:52
sorenDaviey: Oh, wait.20:52
soren:(20:52
dendrobatesmsinhore: of course20:53
*** jc_smith has joined #openstack20:54
mdivertrying to access http://localhost:8773 it gives me a 404, any Idea ???20:56
mdiverLooks like something is missing on the webserver20:56
mdiveranybody can help?20:56
dendrobatesif it gives you a 404 a webserver is running20:58
mdiverthat's correct.20:59
dendrobatessorry, I misread, I'm trying to do 3 things at once20:59
mdiverdendrobates:  it is running, however, I don't know if that nova-api is setup correctly21:00
pvomdiver: what do the api logs say?21:00
* soren takes a break21:00
pvoare you running in the foreground?21:00
mdiverpvo: bg21:01
mdiverpvo: put it on nohup21:01
mdiverpvo: I cant find nova-api.log , however I can see the nohup.out , which is given me 404 msgs21:02
*** Orman has joined #openstack21:03
mdiverpvo:  It outputs =>   " GET /services/Cloud/? [all the parameters...] HTTP/1.1"  40421:05
mdiverpvo: I've checked the URL using a browser and that ./services/Cloud does not exists..21:05
pvowhich api endpoint? openstack or aws?21:06
mdiverpvo: how do I check that ?21:06
pvohang on. I'm in a meeting right now.. : )21:07
mdiverpvo: Ok.21:07
mdiverpvo: I've got it.21:07
mdiverpvo:  I was starting the api instance wrongly...  I had to pass the .conf file which had the --FAKE_subdomain=ec221:08
*** westmaas has quit IRC21:09
*** msinhore has quit IRC21:11
*** pvo has quit IRC21:11
OrmanBack :d21:12
mdiverpvo: Thanks anyway.21:12
Orman::D21:12
creihtwhen are te election results supposed to be posted?21:15
*** littleidea has joined #openstack21:21
dendrobatescreiht: I have no idea21:22
*** spectorclan has joined #openstack21:24
mdiverall: issuing euca-upload-bundle <params..>  after a while I get =>   'module' object had no attribute 'provider'  ,  any idea ?21:25
spectorclanDevelopers - looking to sponsor conferences in 2011 from open source projects we use in OpenStack; any groups you want me to speak with?21:25
creihtspectorclan: pycon21:26
vishymdiver: wrong version of boto21:26
spectorclancreiht: Thanks21:26
vishyyou need 1.9b21:26
alekibangoDaviey, vishy: puppet or chef, please be so kind to put your ideas into  nova deployment, chapter  configuration management... we need your input21:26
edaymdiver: just FYI, that option was just removed in latest trunk and now it's there by default21:26
alekibangohttp://wiki.openstack.org/NovaDeploymentManual21:27
mdiverI'm running boto2.0b  , removing it..21:28
alekibangomdiver: yes, common mistake :)21:28
Ormanalekibango: Diagram21:32
Orman:)21:32
OrmanI need to make one21:32
Ormanmy self.21:32
*** gaveen has joined #openstack21:35
*** gaveen has joined #openstack21:35
*** miclorb_ has joined #openstack21:36
*** sagi_ has quit IRC21:40
mdiverIssuing euca-run-instances  , I'm getting   ValueError: No JSON object could be decoded21:40
mdiverany idea ?21:44
uvirtbotNew bug: #670648 in swift "Replicator bug in hash_suffix" [Undecided,New] https://launchpad.net/bugs/67064821:46
*** kevnfx has quit IRC21:48
*** dendrobates is now known as dendro-afk21:51
*** pothos_ has joined #openstack21:53
*** pothos has quit IRC21:54
*** pothos_ has quit IRC21:55
*** khussein has quit IRC21:55
*** pothos has joined #openstack21:55
*** spectorclan has quit IRC22:08
*** dysinger has joined #openstack22:08
*** abecc has quit IRC22:09
*** littleidea has quit IRC22:09
OrmanObject stores validation22:11
*** rlucio has joined #openstack22:11
uvirtbotNew bug: #670654 in nova "unittests hang on python 2.6.1" [Low,Fix committed] https://launchpad.net/bugs/67065422:12
mdiverIssuing euca-run-instances  , I'm getting  ValueError: No JSON object could be decoded, I can see a 400 HTTP code on the logs..  Any idea ?22:12
dysingerI'm rEAdy!22:13
Ormanhttps://blueprints.launchpad.net/nova/+spec/request-objectstores-validation-inside-ec2-group22:14
dysingerFYI hotwire has the crowne plaza in San Antonio for $119/night22:14
dysinger(next door to the conf)22:14
OrmanI am wondering if that's already a feature22:14
*** littleidea has joined #openstack22:14
*** littleidea has quit IRC22:15
*** ddumitriu has joined #openstack22:15
*** Cybodog has joined #openstack22:20
*** pvo has joined #openstack22:20
*** ChanServ sets mode: +v pvo22:20
OrmanAnyone know if this such a feature exists https://blueprints.launchpad.net/nova/+spec/request-objectstores-validation-inside-ec2-group22:20
OrmanProbably does22:21
*** allsystemsarego has quit IRC22:21
sorenWhat sort of validation?22:22
OrmanSecurity22:23
OrmanYou prpbably alreayd have such a feature22:23
Ormannever mind22:23
sorenI doubt it.22:23
sorenI still don't understand. What sort of validation? What would you scan for?22:23
OrmanWell, I was sort thinking of security threats to the data22:24
*** pvo has quit IRC22:24
sorenI can only repeat my question.22:25
*** ArdRigh has joined #openstack22:26
*** gaveen has joined #openstack22:31
*** dendro-afk is now known as dendrobates22:31
OrmanI should start the Swift security Notes22:31
OrmanWe already have the nova notes22:31
sorenWhat sort of stuff would you /specifically/ scan for? Examples?22:32
Ormansoren: Have you seen out Nova security Notes?22:33
sorenI may have.22:34
OrmanOr the docs22:34
Ormanhttp://etherpad.openstack.org/NovaSecurityNotes22:34
OrmanIt's still in progress22:34
OrmanWe could always use more developers helping us on the ighlevel goals.22:36
*** mdiver has quit IRC22:37
*** littleidea has joined #openstack22:37
Ormanvishy: Thanks for the note at the top.22:43
OrmanI think we have to many goals.22:44
*** littleidea has quit IRC22:44
OrmanWe have to think logically here.22:44
*** Cybodog has quit IRC22:47
OrmanWe have to many goals22:49
OrmanHave to think realistically.22:49
OrmanThans guys for helping22:49
OrmanThanks22:49
*** silassewell has quit IRC22:50
Ormanalekibango: We need to shorten the goal list.22:50
*** gondoi has quit IRC22:51
*** neogenix has quit IRC22:52
Ormanvishy: Thanks for the feedback ;)22:55
*** dragondm has quit IRC22:55
vishyOrman: np, i think the info about those topics is good, just that they should be in their own notes pages or the scope of the doc will be unmanageable22:56
*** dendrobates is now known as dendro-afk23:01
*** ddumitriu has quit IRC23:02
Ormanvishy: so you're saying to just have each goal in there own notes pages?23:07
OrmanThat's a not a bad idea and plus I am still curious about the sanboxing idea I had.23:07
*** vivk has joined #openstack23:07
OrmanHowever I know that idea is probably to similar to others.23:08
Ormanvishy, alekibango is the other contributor of the notes besides myself.23:08
creihtannegentle: I think I am mostly done with the swift multi-server install docs changes23:10
creihtI'm going to run through it tomrrow and make a couple of formatting changes23:10
creihtbut after that we should be good23:10
creihtI also want to add more to it, but I think it is good enough for a first rev23:11
vishyOrman: I'm saying that you should limit the SecurityNotes to things specifically about preventing and recovering from malicious users23:11
vishys/users/attacks23:12
OrmanRihgt23:17
termienice, sawzall got released open source23:17
termiehttp://code.google.com/p/szl/23:17
termiegood times in logville23:17
alekibangoi am not big contributor, i more like posted some questions :)   but vishy i do think that some effort should be put into those notes. But it should be written by developers, not by orman23:17
OrmanWell, I still would like to help out with the notes.23:18
alekibangohe can try but he really is missing different kind of knowledge you need to make it right. -- the kind most core devels knows...23:18
alekibangobut still i think his attempts might give value... especially if people will contribute23:19
kw1sawzall looks crazy23:19
alekibangowe need to start dialogs about security and we need to make some result of them23:20
alekibangosomething that will help users/admins and that will set policies and guides to developers23:20
Ormanalekibango: I have knowledge,but just certain parts I need help from others on.23:21
alekibangoOrman: i know you have some, but noone is enough in nova, even dendro sometimes doesnt have clue23:21
alekibango:)23:21
alekibangothats why we have to document it23:21
OrmanRight23:22
alekibangoeven if it looks not so nice right now23:22
alekibangothis needs to be reborn into better thing, sure... but it can be a start23:22
alekibangovishy: do you mean also preventing ddos attacks?23:23
alekibangoOrman: note: put that somewhere plz23:23
Ormanalekibango: I just wants us to be able to manage all of the goals.23:23
alekibango:)23:23
*** rnirmal has quit IRC23:23
*** blakeyeager_ has joined #openstack23:23
*** littleidea has joined #openstack23:24
*** blakeyeager_ has quit IRC23:24
alekibangoi am not sure how, but preventing dos atacks might be fun23:24
alekibango:D23:24
vishyalekibango: that isn't really useful in our particular use case, but ddos prevention against public api would be great.  I think it is up to users to manage their own vms23:24
alekibangovishy: i agree about vms23:24
alekibangoyes23:24
alekibangoOrman: user should have privacy and authority above his instances23:25
OrmanLets add that one.23:25
alekibangohe hasall responsibility23:25
Ormanalekiabngo: To an extent I agree.23:25
alekibangoOrman: you cant do his job, really.23:25
alekibangothat would create crazy police state like environment23:25
alekibangoOrman: thats why brazil might be inspiring movie... (yes its done in a way that you will not like some of that movie, like the torture...)23:26
OrmanRight23:26
alekibangobut thats the point23:26
alekibangowhole point of virtualization is giving him freedom and responsibility23:26
*** blakeyeager has quit IRC23:27
OrmanRight23:27
*** pvo has joined #openstack23:27
*** pvo has joined #openstack23:27
*** ChanServ sets mode: +v pvo23:27
alekibango(while protecting resources like cpu, disk, network bandwidth)23:27
alekibangoha, there is new security objective - protect resources against abuse :)23:27
*** mischer has joined #openstack23:28
alekibangolimiting, throttling,  linux security containers, etc23:28
OrmanThat's what I have been trying to say.23:28
alekibangoi c23:28
OrmanI am security doc wirter,but also a designer.23:29
alekibangoOrman: limiting, throttling, LXC  == tools. forget them for now :)23:29
alekibangorather think more about goals23:29
alekibango1) we want all users to feel safe23:29
OrmanSure23:29
alekibango2) in case hardware note goes down, we want to be able to continue operation23:30
alekibangohaving backup...23:30
alekibangoetc23:30
Orman2) protect them at all costs.23:30
alekibango think that means we need to integrate sheepdog or some other way to make reliable storage23:30
alekibangoand we need instant, live migration23:30
alekibangobut that is not security goals, thats ways, tools23:31
Ormansecurity tools will come23:31
alekibangoyes, but they should come only when we know we need them23:31
OrmanYes23:31
alekibangobecause they reduce KISS and sanity sometimes23:31
alekibangovishy: i hope you agree with me :)23:32
alekibangoOrman: ask this question: what is user afraid of?23:33
alekibango( imean the admin of instance)23:33
Ormandata theft23:33
alekibangobreach23:33
alekibangocrashed instance, unable to recover data23:33
alekibango....23:34
OrmanThey both fall undet those same categories23:34
alekibangoplease make list23:34
OrmanWhich is why the snapshotting would work great in nova23:34
alekibangoif we address all fears, we have not only nice technical docs, but also marketing feature23:34
alekibango(killer one)23:34
alekibangoOrman: i for example fear of silent data corruption23:35
OrmanRight I mean with my object stores validation one that protection from malicious ones23:35
*** kevnfx has joined #openstack23:35
alekibangoand i fear the cluster in cloud might burn down and then my data are lost23:35
Ormanmaking sure data is safe is the number one goal23:36
alekibango(whole building hit by napalm)23:36
Ormanvalidating incoming data as well23:36
alekibangothat means we need some distributed backup solution23:36
alekibangoOrman: how on earth you want validate data?23:36
OrmanI tried to propose that,but they are already working on one23:36
alekibangothe virtualization  protects the infrastructure from bad incoming data23:37
alekibango... should23:37
OrmanIt was just a though.23:37
alekibangoi dont know, maybe someone can break through xen or somthing23:37
alekibangoOrman: imho thats on user. you only should protect resources and reliability and operability23:38
alekibangodata integrity and privacy23:38
alekibangoyou can detect someone having open mail relay or sending mass spam, but thats another story23:39
Ormanlol23:39
alekibangoand its imho out of scope of infrastructure provider23:39
alekibangomaybe23:39
alekibangowell at least cloud provider...23:40
OrmanThe operability securty23:40
alekibango'social stability'  hehe, read (or see) brave new world :)23:42
alekibangoOrman: also note that brave new world nor 1984 were work of fiction. they both came from first hand knowledge23:43
OrmanNew iedas are coming to mined23:48
Ormanmind23:48
pvomtaylor: you around?23:53
Ormanalekibango: I just want to make sure all holes are filled.23:56
*** dendro-afk is now known as dendrobates23:57
*** matiu__ has joined #openstack23:59
« Tuesday, 2010-11-02 Index Thursday, 2010-11-04 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!