Ask Your Question

tim-bell's profile - activity

2016-08-04 02:38:35 -0600 answered a question Nova Cells: Question about Networking and Storage

At CERN, we have now deployed cells and Neutron. We have a single Neutron instance across all the cells. Given that we are migrating from Nova network to Neutron without disruption for the users, we are testing this out with a number of cells first. Our Neutron configuration is relatively simple however, just using linux bridge and provider networks for the moment. However, the more sophisticated configurations should work too.

2015-06-25 08:03:28 -0600 received badge  Famous Question (source)
2015-06-17 10:30:29 -0600 received badge  Nice Question (source)
2015-02-09 10:08:05 -0600 commented answer how to use keyring?

We've tried following these steps in the wiki in the past but not succeeded in storing the password in the keyring. Does anyone have a step by step demo ?

2015-02-09 10:08:05 -0600 received badge  Commentator
2015-02-09 10:06:23 -0600 commented question OpenStack integration with BMC Remedy or Service Now

At CERN, we use SNOW as well. While we have a simple button which has 'report a problem', there is no counter which shows that there has been activity on your reported problems. It would be a great feature if activity on a service element related to the cloud would give you a '1' (or more).

2015-02-09 10:03:51 -0600 commented answer Is there any way to find the creation date of a tenant?

Could you give more details on the use case ? I think adding a created_at would be a useful function (sometimes it is easy to forget) but a concrete use case could lead to an enhancement request.

2015-01-30 05:23:52 -0600 answered a question How to set up a Federation in Openstack Juno?

For an introduction to Federation and OpenStack, there have been some blogs ( ) and videos ( )

The configuration documentation is at

2015-01-14 09:35:23 -0600 received badge  Nice Question (source)
2015-01-14 01:15:33 -0600 answered a question Is nagios built in openstack ?

Packstack includes Nagios and some monitoring sensors. OpenStack itself does not propose a monitoring solution, although ceilometer has a concept of alarms, you would need a lot more to monitor OpenStack.

The OpenStack operations guide ( ) has a chapter on monitoring.

There is a Monitoring Working group starting following the last summit ( ) and a github repository where people are sharing their various problems etc. at

Some of the monitoring projects also include OpenStack monitoring packs such as Zenoss.

2015-01-09 02:19:45 -0600 received badge  Notable Question (source)
2015-01-08 12:57:16 -0600 answered a question Can you restrict a user or tenant to a Cinder volume type?

You can set a quota for the different cinder types. However, they would still be listed on the horizon panel and with the CLIs.

There is a blueprint for private cinder types. At CERN, we do not wish to make public all of the different volume types we have since some are dedicated for particular projects. Details at

2015-01-01 12:18:32 -0600 received badge  Popular Question (source)
2015-01-01 12:18:32 -0600 received badge  Famous Question (source)
2015-01-01 12:18:32 -0600 received badge  Notable Question (source)
2014-12-22 05:20:15 -0600 asked a question How to use the guest agent and fsfreeze for a snapshot ?

I'm trying to get the guest agent working on OpenStack.

I have enabled the guest agent using the property

| Property 'hw_qemu_guest_agent' | yes |

The VM has the qemu guest agent installed

rpm -qa | grep guest


The service has been started

/bin/systemctl status qemu-guest-agent.service qemu-guest-agent.service - QEMU Guest Agent Loaded: loaded (/usr/lib/systemd/system/qemu-guest-agent.service; static) Active: active (running) since Sun 2014-12-21 17:45:32 CET; 18h ago Main PID: 1066 (qemu-ga) CGroup: /system.slice/qemu-guest-agent.service └─1066 /usr/bin/qemu-ga --method=virtio-serial --path=/dev/virtio-ports/org.qemu.guest_agent.0 --bla...

Dec 21 17:45:32 timhwag144 systemd[1]: Started QEMU Guest Agent.

However, when I run the nova image-create command, I do not get any entry in /var/log/qemu-ga to show that fsfreeze has been run.

Any suggestions ? I could not find any documentation on how to do fsfreeze with QEMU GA other than the blueprints implementing the function.

2014-12-22 00:47:56 -0600 received badge  Famous Question (source)
2014-11-18 19:30:52 -0600 received badge  Popular Question (source)
2014-10-21 06:46:04 -0600 received badge  Popular Question (source)
2014-10-21 06:46:04 -0600 received badge  Notable Question (source)
2014-09-20 05:50:00 -0600 received badge  Nice Answer (source)
2014-09-20 04:54:42 -0600 asked a question Setting virtio-blk-data-plane on QEMU cmdline

Can anyone advise how to set the virt-blk-data-plane argument on QEMU commands launched by OpenStack ?

I need to get to

qemu -drive if=none,id=drive0,cache=none,aio=native,format=raw,file=path/to/disk.img \
 -device virtio-blk,drive=drive0,scsi=off,config-wce=off,x-data-plane=on
2014-09-02 02:17:47 -0600 received badge  Good Question (source)
2014-06-28 07:04:21 -0600 answered a question Developing simple Puppet Module for Havana ceilometer

Have you had a look at the puppetlabs modules ? The openstack ones are pretty good.

2014-06-23 04:17:50 -0600 received badge  Nice Question (source)
2014-06-23 03:39:31 -0600 received badge  Famous Question (source)
2014-06-23 03:39:31 -0600 received badge  Notable Question (source)
2014-06-23 03:39:31 -0600 received badge  Popular Question (source)
2014-06-20 06:48:24 -0600 asked a question Service cinder-backup could not be found on packstack

I'm running Icehouse using packstack.

Using the standard installation and trying to use cinder backup, I get the error below.

$ cinder backup-create 462a8eb8-c97e-4c22-8ed4-c004bfd5e3b7
ERROR: Service cinder-backup could not be found. (HTTP 500) (Request-ID: req-87ab1b55-90a1-4d9f-9949-586ca021cf9c)

I have tried restarting the cinder services but this does not improve the situation.

According to the backup.log, it is registered

2014-06-20 13:26:56.015 15040 INFO cinder.backup.manager [req-c7456385-e84e-4205-ac6e-2658aae31cef - - - - -] Cleaning up incomplete backup operations.
2014-06-20 13:26:56.016 15040 DEBUG cinder.openstack.common.lockutils [req-c7456385-e84e-4205-ac6e-2658aae31cef - - - - -] Got semaphore "dbapi_backend" for method "__get_backend"... inner /usr/lib/python2.6/site-packages/cinder/openstack/common/
2014-06-20 13:26:56.326 15040 DEBUG cinder.service [-] Creating RPC server for service cinder-backup start /usr/lib/python2.6/site-packages/cinder/
2014-06-20 13:26:56.327 15040 DEBUG stevedore.extension [-] found extension EntryPoint.parse('blocking = oslo.messaging._executors.impl_blocking:BlockingExecutor') _load_plugins /usr/lib/python2.6/site-packages/stevedore/
2014-06-20 13:26:56.327 15040 DEBUG stevedore.extension [-] found extension EntryPoint.parse('eventlet = oslo.messaging._executors.impl_eventlet:EventletExecutor') _load_plugins /usr/lib/python2.6/site-packages/stevedore/
2014-06-05 07:25:41 -0600 received badge  Famous Question (source)
2014-05-20 11:47:52 -0600 answered a question 100000-scale virtual machine, how to do?

The blog at http://openstack-in-production.blogsp... gives details on the CERN's 65K core cloud. There are also good talks at the last summit from Rackspace, HP and Paypal on scaling an OpenStack cloud.

2014-05-06 12:51:02 -0600 asked a question How to change a VM user_id ?

In nova show, a VM is listed with the user_id of its owner.

Is there a mechanism for the user_id to be changed ?

Is this something that a user can be given the role to do themselves ?

2014-04-19 01:39:21 -0600 answered a question Mixing versions: ceilometer Havana version running along other components on Grizzly

At CERN, we ran this configuration for a few months as we needed the latest set of fixes in ceilometer. It seemed to work collecting data.

2014-03-29 06:56:17 -0600 answered a question I/OP's in openstack

cinder has the ability to define a volume with a set of limits on the number of IOPS. See for an example using ceph as a backend.

2014-03-27 15:03:10 -0600 received badge  Good Answer (source)
2014-03-26 19:10:23 -0600 received badge  Necromancer (source)
2014-03-26 12:01:56 -0600 answered a question Can Keystone accept external SAML or oAUTH tokens

There is some ongoing work to support SAML. There are a number of blueprints created and the initial server side implementation made it into Icehouse. client side will follow.

The notes from the Icehouse summit are at

2014-03-24 10:44:19 -0600 received badge  Nice Answer (source)
2014-03-23 09:46:18 -0600 answered a question RDO: Keystone dies after 1 - 3 days, can't login into horizon dashboard

There are some socket issues with keystone in the original havana release. Bug chain is at . This is now being backported to stable Havana so should appear in RDO when the next stable release is out.

2014-02-27 01:38:41 -0600 answered a question Can you install Nova client in Cygwin?

You can also run the OpenStack clients natively on Windows. For installation details, see http://information-technology.web.cer...

2014-02-26 01:17:16 -0600 answered a question Openstack across multiple datacenters

Have a look at the availability zone and regions feature of OpenStack. These provide features such as you are looking for.

See .

2014-02-19 11:39:38 -0600 received badge  Nice Answer (source)
2014-02-14 01:36:14 -0600 answered a question ldap with 100k user Horizon dashboard not letting edit projects

There is an option to filter the user list if you do not need to give all 110,000 users access to the cloud. See for some examples.

We use this at CERN so that users can self-service sign up to the cloud service and this keeps the list to a more manageable size.

2014-01-30 00:14:52 -0600 answered a question What is the purpose of LDAP groups to Keystone?

We use LDAP groups at CERN to assign sets of people to roles. Since there are many IT applications and filesystems which need controlling and securing, a single place to manage people's responsibilities is a necessity.

Thus, someone who is part of our hardware maintenance team is part of a group. This group is given a role in OpenStack which allows them to open the console of virtual machines, suspend/resume, etc. The members of this group are also given some sudo rights on the hypervisors which is set by Puppet from the same LDAP source.

Thus, we manage membership of a group in LDAP and use Keystone to define the role associated with that group of users.

2014-01-25 02:19:00 -0600 answered a question Are there distance limitations in physical OpenStack architecture ?

The CERN cloud is split between Geneva and Hungary (around 1,300 Kms). We use cells to maintain localisation of message queue traffic so that the Budapest centre has a cell with around 600 servers and the Geneva site has 3 cells, each with over 700 servers.

We have not seen significant impacts of distance using this approach although we are still working to tune ceilometer configurations as this can be quite latency dependent over the WAN lines and the keystone service is in Geneva.

2014-01-04 03:10:41 -0600 answered a question policy management

If you only requirement is to upload images for tenants, you could have a look at image sharing ( ). You build the images, upload them to your jenkins building tenant and then share the images with the appropriate projects.

2013-12-19 11:48:25 -0600 received badge  Enthusiast
2013-12-18 06:33:19 -0600 commented question How can I hide an image in glance ?

yes, close it

2013-12-18 06:30:28 -0600 received badge  Notable Question (source)
2013-12-17 13:02:23 -0600 answered a question Want to build cloud using Openstack

If you have experience with Red Hat, RDO is a good option and can get a simple cloud in a box running in 20 minutes. See .