OpenStack status

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hey,

Here's our latest update:

  http://fedoraproject.org/wiki/OpenStack_status_report_2012-03-20

Thanks to Pádraig for his help pulling this one together. Hopefully,
with Pádraig's help, these updates will become much more regular :)

We've decided to push these to the wiki instead of just by email.
Historical archives are here:

  http://fedoraproject.org/wiki/OpenStack_status_reports

Cheers,
Mark.

(appended below for convenience)

OpenStack status report 2012 03 20

= Test Day =

We held a [[Test_Day:2012-03-08_OpenStack_Test_Day|test day for
OpenStack Essex in Fedora 17 on March 8]].

The event was fairly well attended with 11 people reporting their test
results on the wiki page.

The set of test cases we used were heavily based on the
[[Test_Day:2011-10-20_OpenStack_Test_Day|Fedora 16 Test Day]] but
included testing Keystone, Horizon and Quantum (with openvswitch)
integration. We also had instructions detailing how to run the Tempest
test suite. Finally, for the first time, we had a Fedora 16 guest image
that everyone could download and use for testing.

Running through the various tests highlighted some of the implications
of using keystone authentication e.g.

# <code>nova-manage</code>'s user and project commands become obsolete
# Equivalent of <code>nova-manage project zipfile</code> is non-trivial
# <code>nova-manage image convert</code> doesn't work anymore, you need
to use glance directly

Worryingly, we hit a number of serious SELinux issues e.g.

# [https://bugzilla.redhat.com/801299 #801299 - AVC when first starting
mysqld]
# [https://bugzilla.redhat.com/801330 #801330 - AVC denials starting
OpenStack glance services]
# [https://bugzilla.redhat.com/801352 #801352 - SELinux policy for
OpenStack's new nova-cert service]
# [https://bugzilla.redhat.com/801746 #801746 - SELinux AVC denial
executing from /tmp]
# [https://bugzilla.redhat.com/760055 #760055 - SELinux policy for
keystone]

Horizon mostly "just worked", which is really great. We did file a
number of bugs, though:

# [https://bugzilla.redhat.com/801745 #801745 - intermittent database
connection errors]
# [https://bugzilla.redhat.com/801690 #801690 - horizon: download ec2
credentials fails]
# [https://bugzilla.redhat.com/801688 #801688 - horizon: cannot delete a
user or project]
# [https://bugzilla.redhat.com/801686 #801686 - horizon: failed to
detach or delete a volume]
# [https://bugzilla.redhat.com/801685 #801685 - horizon: no VNC console]
# [https://bugzilla.redhat.com/801684 #801684 - horizon: action
dropdowns don't appear to work]
# [https://bugzilla.redhat.com/801208 #801208 - tenant chooser doesn't
work]

Some other bugs filed include:

# [https://bugzilla.redhat.com/803354 #803354 - keystone returns 500
errors after a while]
# [https://bugzilla.redhat.com/801452 #801452 - euca-describe-instances
does not show IP addresses]
# [https://bugzilla.redhat.com/801312 #801312 - webob deprecation
warnings]
# [https://bugzilla.redhat.com/801302 #801302 - sqlalchemy-migrate
warnings during openstack-nova-db-setup]
# [https://bugzilla.redhat.com/801366 #801366 - [API] Invalid
X-Auth-Token breaks API service]
# [https://bugzilla.redhat.com/800704 #800704 - keystone endpoint-list
tracebacks]

We also stumbled across this cheeky little libvirt regression introduced
by switching to systemd:

# [https://bugzilla.redhat.com/802475 #802475 - libvirt in a VM
occasionally brings up 'default' network when it shouldn't, kills vm
networking]

One idea for future improvement is for us to use a dedicated yum
repository for the test day to remove any ambiguity about which updates
have been pushed to the mirrors and to allow us to quickly push out
fixes on the day itself.

= Fedora 17 =

== Essex Release Progress ==

The [https://lists.launchpad.net/openstack/msg08173.html essex-4
milestone] was released on March 1 and quickly pushed into Fedora 17, as
was [https://lists.launchpad.net/openstack/msg08445.html swift 1.4.7]
and [https://lists.launchpad.net/openstack/msg08197.html Quantum
essex-4].

The Essex release now enters its release candidates phase in the lead up
to the final release on April 5.

So far, [https://lists.launchpad.net/openstack/msg08855.html Nova rc1]
and [https://lists.launchpad.net/openstack/msg08806.html Quantum rc1]
have been released, and Swift has tagged its
[https://launchpad.net/swift/+milestone/1.4.8 1.4.8 release].

== Getting Started Wiki ==

In preparation for the Fedora 17 release, we have updated the
[[Getting_started_with_OpenStack_Nova]] wiki page and moved it to
[[Getting_started_with_OpenStack_on_Fedora_17]].

The new instructions include details on how to use Keystone
authentication and the Horizon dashboard.

Also [[Quantum]] installation and troubleshooting steps have been
prepared
for testing nova and quantum in a multi-node setup using openvswitch as
a plugin.


== F-17 Package Updates ==

Since the last status report, the following notable updates have been
pushed to F-17:

*
[http://admin.fedoraproject.org/updates/openstack-nova-2012.1-0.7.e4.fc17 openstack-nova-2012.1-0.7.e4.fc17]
*# update to essex-4
*# switch to new <code>.ini</code> style conf file format
*# depend on [https://bugzilla.redhat.com/788485 new bridge-utils
package]
*
[http://admin.fedoraproject.org/updates/openstack-nova-2012.1-0.8.e4.fc17 openstack-nova-2012.1-0.8.e4.fc17]
*# support non-blocking libvirt operations
*# suppress power state errors
*# fix [https://bugzilla.redhat.com/801791 nova-compute failing to
start]
*# fix [https://bugzilla.redhat.com/801302 sqlalchemy-migrate warnings
during openstack-nova-db-setup]
*# fix [https://bugzilla.redhat.com/803905 osapi v1.1 returns errors
when getting server status]
*
[http://admin.fedoraproject.org/updates/openstack-glance-2012.1-0.5.e4.fc17 openstack-glance-2012.1-0.5.e4.fc17]
*# Update to essex-4
*# Require pyxattr rather than python-xattr
*# Add python-iso8601 dependency
*
[http://admin.fedoraproject.org/updates/openstack-keystone-2012.1-0.9.e4.fc17 openstack-keystone-2012.1-0.9.e4.fc17]
*# Update to essex-4
*
[http://admin.fedoraproject.org/updates/openstack-keystone-2012.1-0.10.e4.fc17 openstack-keystone-2012.1-0.10.e4.fc17]
*# [http://bugzilla.redhat.com/800704 Change default catalog backend to
sql]
*# Add missing keystoneclient dep
*# Add openstack-config-set script
*
[http://admin.fedoraproject.org/updates/python-django-horizon-2012.1-0.1.rc1.fc17 python-django-horizon-2012.1-0.1.rc1.fc17]
*# Update to RC1 snapshot
*# Change default URL to <code>http://localhost/dashboard</code>
*# Fix [https://bugzilla.redhat.com/788567 static content]
*
[http://admin.fedoraproject.org/updates/openstack-quantum-2012.1-0.3.e4.fc17 openstack-quantum-2012.1-0.3.e4.fc17]
*# Depend on Open vSwitch
*
[http://admin.fedoraproject.org/updates/openstack-quantum-2012.1-0.5.e4.fc17 openstack-quantum-2012.1-0.3.e5.fc17]
*# Update to Essex RC1 candidate tarball

== Open vSwitch Package Review ==

Chris Wight and Dan Berrange worked [https://bugzilla.redhat.com/799171
openvswitch through the review process].

[[Features/Open_vSwitch|Open vSwitch]] is a major Fedora 17 feature that
is going to be hugely beneficial to OpenStack and Quantum in Fedora.
Very exciting!

== Multiple Instances of Swift Services ==

When swift moved from SysV init to systemd, we lost the ability to
launch multiple instances of the same service on a machine.

Derek stumbled across systemd's "instances" support and we'll soon
re-instate this support. See [https://bugzilla.redhat.com/805149
#805149] for more details.

== Keystone LDAP Support ==

Adam Young had his [https://review.openstack.org/4362 LDAP backend]
merged into keystone for essex-4.

Adam blogged about
[http://adam.younglogic.com/2012/02/freeipa-keystone-ldap/ using
keystone's LDAP driver with FreeIPA].

= Misc Fedora News =

== F-16 Guest Images ==

Dan Berrange
[http://www.spinics.net/linux/fedora/fedora-cloud/msg01304.html posted a
F-16 guest image] which can be used with OpenStack.

The image is based on the Fedora EC2 images, includes cloud-init and is
a 200Mb download.

== Essex Preview Repo For F-16 ==

Alan Pevec has started maintaining a
[https://fedoraproject.org/wiki/Getting_started_with_OpenStack_on_Fedora_17#Preview_Repository_for_Fedora_16 "preview" repository for Essex on Fedora 16].

If you're running Fedora 16 and you want to try out the Essex release,
this is the repo for you!

Also Steve Dake
[http://oss-us-1.clusterlabs.org/pipermail/pcmk-cloud/2012-March/000709.html summarized steps] for updating the OpenStack Diablo release to Essex on Fedora 16.

== Devstack F-16 Support ==

Russell Bryant has been hard at working improving devstack's F-16
support in his
[https://github.com/russellb/devstack/commits/fedora-support
fedora-support branch in github]. This branch also adds support for
using Qpid instead of RabbitMQ.

== Keystone Fedora PAM Support ==

Russell also added [https://review.openstack.org/5365 PAM authentication
support] for Keystone in Fedora.

== Fedora Support in Puppet Labs Recipes ==

Derek Higgins has been working on adding Fedora support to Puppet Labs'
recipes for OpenStack.

Support was [Nova
https://github.com/derekhiggins/puppetlabs-nova/commit/e66e5ab added to
Nova]. Work
[https://github.com/derekhiggins/puppetlabs-swift/commits/fedora_testing
is underway for Swift]. And a whole bunch of dependent modules are also
gaining Fedora support.

These recipes are used by [http://smokestack.openstack.org upstream's
Smokestack instance] when testing on Fedora.

== iSCSI tgtd Issue With Systemd ==

A recent systemd update caused tgtd to hang for 5 minutes on startup.
[http://pkgs.fedoraproject.org/gitweb/?p=scsi-target-utils.git;a=commitdiff;h=768f6dc6d71756a Derek pushed this simple fix] for the problem.

== cloud-init and OpenStack ==

We're now testing cloud-init with OpenStack a bit more. Pádraig Brady
and Joe Brue filed these bugs:

# [https://bugzilla.redhat.com/795998 #795998 - run-parts is run with
the non-existent --regex option]
# [https://bugzilla.redhat.com/750979 #750979 - cloud-init scripts do
not make hostname changes permanent in /etc/sysconfig/network]

and both have been fixed in recent updates.

== Broken python-boto Update ==

OpenStack folks identified a [https://bugzilla.redhat.com/804041 serious
python-boto issue] before update hit stable.

= Upstream News =

== OpenStack Governance Elections ==

The OpenStack project held its spring governance elections recently and
elected  technical leads for Nova, Swift, Glance, Keystone and Horizon.
Two new members of the Project Policy Board were also elected.

Two Fedora developers - Mark McLoughlin and Eoghan Glynn - were
nominated for positions but, despite a hard-fought and emotional
campaign, neither were elected. Next time!

== Rewritten libvirt Driver XML Generation ==

Dan Berrange has posted a
[https://lists.launchpad.net/openstack/msg08408.html massive patch set
to Nova] for comments. The patches replaces Nova's usage of Cheetah
templates for generating libvirt XML with a safer approach of
de-serializing a DOM.

Since this is such a large change, it will not be proposed until Folsom
opens up.

Dan also had these interesting fixes merged lately:

# [https://review.openstack.org/5043 Remove the <acpi/> feature from
UML/LXC guests]
# [https://review.openstack.org/5076 Simply & unify console handling for
libvirt drivers]
# [https://review.openstack.org/5147 Use cache='none' for all disks]

== libvirt Driver Image Handling ==

Pádraig continued improving the libvirt driver's image handling with
these fixes:

# [https://review.openstack.org/5442 ensure atomic manipulation of
libvirt disk images]
# [https://review.openstack.org/5456 allow the compute service to start
with missing libvirt disks]

== libvirt Issue Fixed in F-16, Broken in Ubuntu Oneric ==

[https://lists.launchpad.net/openstack/msg08581.html This report of a
libvirt issue with OpenStack] is rather interesting. It turns out that
this was an issue found upstream, fixed in Fedora 16 but is still broken
in Ubuntu Oneric.

Kudos to our libvirt package maintainers!

== Rootwrap in Quantum ==

Rootwrap is a helper script added to Nova in Essex to help lock down the
sudo commands that Nova can run. Bob Kukura has now
[https://bugs.launchpad.net/quantum/+bug/948467 added rootwrap to
Quantum] and, while doing so, ensured that the Quantum agents no longer
need to run as root.

= Blogs etc. = 

== Keystone Blog Posts ==

Adam also blogged on some other topics related to keystone:

#
[http://adam.younglogic.com/2012/03/keystone-should-move-to-apache-httpd/ Keystone should move to Apache HTTPD]
# [http://adam.younglogic.com/2012/03/pki-for-keystone/ PKI for
Keystone]
# [http://adam.younglogic.com/2012/03/hateoas-openstack-keystone/
HATEOAS Openstack Keystone]

== OpenStack, Deltacloud and CIMI ==

Marios Andreou, a developer on the deltacloud project, wrote
[http://www.mariosandreou.com/deltacloud/cloud_API/2012/03/05/openstack-cimi-networking.html this interesting blog post on OpenStack Networking and CIMI].

[http://dmtf.org/standards/cloud CIMI] is a cloud API standard being
developed by the DMTF and supported by the deltacloud project.

_______________________________________________
cloud mailing list
cloud@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/cloud
[Index of Archives]     [Fedora General Discussion]     [Older Fedora Users Archive]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Big List of Linux Books]     [Yosemite News]     [Linux Apps]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]

  Powered by Linux