I just want to make sure that everyone knows that the LCA2014 call for proposals is open. There are two calls this time around -- a call for proposals and a call for miniconfs. The call for proposals closes on 6 July, so you don't have heaps of time left to submit something. So, if you're interested in speaking at linux.conf.au 2014, in Perth between 6 and 10 January 2014 you should hit up those CFPs now!
Nova has supported listing the fixed ips for a single host for a while. Well, except for that time we broke it by removing the database call it used and not noticing. My change to fix that situation has just landed, so this should now work again. To list the fixed ips used on a host, do something like: nova-manage fixed list hostname I will propose a backport to grizzly for this now.
I should start out by saying that because OpenStack is an open source project, it is hard to know exactly what will land in Havana -- the developers are volunteers, and sometimes things get in the way of them doing the work they intended. However, these are the notes I wrote up on the high points of the summit for me -- I didn't see all the same sessions as other nova developers, so hopefully others will pitch in with their notes as well. Scheduler The scheduler seems to be a point of planned work for a lot of people in this release, with talk about having more scheduling code in the common library, and of adding new filter types. There is definite interest in being able to schedule by methods we don't currently support -- things like rack or PDU diversity, or trying to collocate a tenants machines together. HP is also interested in being able to sell dedicated machines to tenants -- in other words, they would guarantee that only one tenants instances appeared on a machine in return for a fee. At the moment this requires setting up a host aggregate for the tenant. Feeding additional data…
I just gave my presentation at the Havana Conference about how to get started with OpenStack development. A few people asked for my slide deck, so I am posting it here. The talk was taped, and I am sure some more formal release will happen in the future, but I wanted to get this out there for the people who had asked for it.
Last week with the help of the lovely openstack-infra people, I discovered that you can have a local cache of pip downloads. This speeds up rebuilding test environments when you need to jump between branches with different dependencies. Its as simple as chucking something like: export PIP_DOWNLOAD_CACHE=~/cache/pip ...into your .bashrc or equivalent.
LaunchPad bug 1013893 asked nicely if the drop action for iptables rules created by nova-network could be configured. The idea here is that you might want to do something other than a plain old drop -- for example logging before dropping. This has now been implemented in Havana. To configure the drop action, set the iptables_drop_action to the name of an already existing iptables target. Creating this target is not managed by nova, and you'll need to do it on every compute node. When iptables creates or deletes rules on compute nodes it will now use this new target. There's a bit of an upgrade problem here in that this will stop nova from deleting rules which use the old hard coded drop target. However, if an instance is torn down then all of its tables are torn down as well and rules will be deleted correctly, so this is only a problem if a security group is changed while the instance is running. It occurs to me that we can do better here, so I've sent off this review to handle the case where a rule is being removed and used the default drop action. For safety, I would…
In the last few weeks a new quota has been added to Nova covering Fixed IPs. This was done in response to LaunchPad bug 1125468, which was disclosed as CVE 2013-1838. To be honest I think there are some things the vulnerability management team learned the hard way with this disclosure. For example, we didn't realize that we needed to update python-novaclient to allow users to set the quota, or that adding a quota would require changes in Horizon. Both of these errors have been corrected. More importanly, the default value of the new quota was set to 10. I made this decision based on the default value of the instances quota coupled with a desire to protect deployments from denial of service. However, this decision combined with a failure to explicitly call out the new quota in the release notes for the Folsom stable release have resulted in some deployers experiencing upgrade problems. This was drawn to our attention by LaunchPad bug 1161190. We have therefore moved to set the default quota for fixed IPs to unlimited. If you want to protect yourself from a potential DoS, then you should seriously consider changing this default value in your deployment.…
This is just a quick reminder that there are only a couple more days to vote in the Nova PTL elections for the Havana cycle. If you're eligible to vote, you should have a voting URL in your email. The candidates: Russell Bryant -- announcement Michael Still -- announcement The incumbent PTL, Vishvananda Ishaya, has chosen not to run.
I was super excited to get my hands on the latest John Scalzi book because I've really liked his previous stuff. Unfortunately while this book is fun I feel that the underlying concept is pretty weak... Its more of a toy boy than something which makes you think, which is a disappointment to me. Don't get me wrong, the overall execution is good, but the book feels lazily plotted, much like a badly done Harry Harrison does. So, if that sort of thing annoys you, give this one a miss.
This is the third book in the Marsbound series. The Others have just turned off all electronics on Earth, and now we need to survive. One problem with this book is that it jumps straight into the action -- I had to go back and re-read Marsbound and Starbound in order to understand what was happening in this book. That was ok because those two books are excellent, and I enjoyed re-reading them. In fact, those two are probably a little better than this one. Overall Earthbound is pretty dark, and there isn't a lot of hope presented -- its just a series of scenes where the main characters attempt to deal with an all powerful adversary. Perhaps if the Others weren't so powerful this would be a better book, because you just know that everyone is doomed. I also respect authors who are willing to kill off lead characters, but that happens a lot in this book, which sort of bothered me. Perhaps that's what combat is really like though -- people you have an attachment to just stop being there. There's no warning or explanation. The end of this book isn't very satisfying. There better be a sequel…