Older blog entries for mikal (starting at number 925)

Upgrade problems with the new Fixed IP quota

In the last few weeks a new quota has been added to Nova covering Fixed IPs. This was done in response to LaunchPad bug 1125468, which was disclosed as CVE 2013-1838.

To be honest I think there are some things the vulnerability management team learned the hard way with this disclosure. For example, we didn't realize that we needed to update python-novaclient to allow users to set the quota, or that adding a quota would require changes in Horizon. Both of these errors have been corrected.

More importanly, the default value of the new quota was set to 10. I made this decision based on the default value of the instances quota coupled with a desire to protect deployments from denial of service. However, this decision combined with a failure to explicitly call out the new quota in the release notes for the Folsom stable release have resulted in some deployers experiencing upgrade problems. This was drawn to our attention by LaunchPad bug 1161190.

We have therefore moved to set the default quota for fixed IPs to unlimited. If you want to protect yourself from a potential DoS, then you should seriously consider changing this default value in your deployment. This can be done with the quota_fixed_ips flag. The code reviews implementing this change are either merged, or under review depending on the release. At the time of writing this Havana and Grizzly have a fix merged, with Folsom and Essex still under review.

I think this experience also reinforces the importance of testing all upgrades in a lab environment before doing them in production.

Sorry for any inconvenience caused.

Tags for this post: openstack nova quota fixed_ip vmt cve denial_of_service
Related posts: Further adventures with base images in OpenStack; Havana Nova PTL elections; Openstack compute node cleanup

Comment

Syndicated 2013-03-30 16:11:00 from stillhq.com : Mikal, a geek from Canberra living in Silicon Valley (no blather posts)

Havana Nova PTL elections

This is just a quick reminder that there are only a couple more days to vote in the Nova PTL elections for the Havana cycle. If you're eligible to vote, you should have a voting URL in your email.

The candidates:

• Russell Bryant -- announcement
• Michael Still -- announcement

The incumbent PTL, Vishvananda Ishaya, has chosen not to run.

Rackspace is hiring OpenStack developers, let me know if you want to know more.

Tags for this post: openstack nova ptl election havana
Related posts: Further adventures with base images in OpenStack; Openstack compute node cleanup

Comment

Syndicated 2013-03-13 08:34:00 from stillhq.com : Mikal, a geek from Canberra living in Silicon Valley (no blather posts)

Roanoke, Virginia

This is by far the smallest US town I've been to, so I found it quite exciting. I think I need to come back in summer when there are some leaves as well.

                                       

See more thumbnails

Tags for this post: events pictures 20130310 photo

Comment

Syndicated 2013-03-12 07:13:00 from stillhq.com : Mikal, a geek from Canberra living in Silicon Valley (no blather posts)

Redshirts

ISBN: 9780765334797 LibraryThing

I was super excited to get my hands on the latest John Scalzi book because I've really liked his previous stuff. Unfortunately while this book is fun I feel that the underlying concept is pretty weak... Its more of a toy boy than something which makes you think, which is a disappointment to me. Don't get me wrong, the overall execution is good, but the book feels lazily plotted, much like a badly done Harry Harrison does. So, if that sort of thing annoys you, give this one a miss. Tags for this post: book john_scalzi exploration comedy space Related posts: Dirk Gentley's Holistic Detective Agency; So Long, and Thanks For All the Fish ; The Restaurant at the End of the Universe ; Military satellites fly north-south, commercial satellites fly east-west?; The Man in the Rubber Mask; Bill The Galactic Hero ; Colony; Bill the Galactic Hero on the Planet of Bottled Brains; Ohhh, space junk; Russian scavengers life off abandoned space junk; The Light Fantastic; Starbound; The Hitchhikers Guide to the Galaxy ; Better Than Life; Bill the Galactic Hero Series; Marsbound; And Another Thing; Bingo!; Have I mentioned that I'm a big Smithsonian fan?; Life, the Universe and Everything ; Red Dwarf

Comment

Syndicated 2013-02-14 01:08:00 from stillhq.com : Mikal, a geek from Canberra living in Silicon Valley (no blather posts)

I give you Fidel, the slightly questionable LCA2013 organizer

I love this outfit. He looks so disastrously dodgy. Luckily for me, Jeff did a great job of handling our accommodation requirements for the week of the conference.

             

Tags for this post: conference lca2013 pictures 20130125 photo

Comment

Syndicated 2013-02-11 22:45:00 from stillhq.com : Mikal, a geek from Canberra living in Silicon Valley (no blather posts)

Pictures from Catie and Pete's engagement party

This is how I spent Sunday afternoon. I can think of worse ways to spend time.

                                       

See more thumbnails

Tags for this post: events pictures 20130210 photo

Comment

Syndicated 2013-02-11 22:32:00 from stillhq.com : Mikal, a geek from Canberra living in Silicon Valley (no blather posts)

Yet more lca2013 setup

Some bag stuffing, move AV setup, and network kit starts appearing.

                                       

See more thumbnails

Tags for this post: conference lca2013 pictures 20130124-lca2013 photo

Comment

Syndicated 2013-01-24 13:29:00 from stillhq.com : Mikal, a geek from Canberra living in Silicon Valley (no blather posts)

linux.conf.au 2013 setup

   

Tags for this post: conference lca2013 pictures 20130123 photo

Comment

Syndicated 2013-01-22 21:01:00 from stillhq.com : Mikal, a geek from Canberra living in Silicon Valley (no blather posts)

Pool

It was hot the other day, so we went for a swim. Notice how hard I am working on the conference in these shots.

               

Tags for this post: blog pictures 20130111 photo

Comment

Syndicated 2013-01-18 15:52:00 from stillhq.com : Mikal, a geek from Canberra living in Silicon Valley (no blather posts)

Earthbound

ISBN: 9781937007836 LibraryThing

This is the third book in the Marsbound series. The Others have just turned off all electronics on Earth, and now we need to survive. One problem with this book is that it jumps straight into the action -- I had to go back and re-read Marsbound and Starbound in order to understand what was happening in this book. That was ok because those two books are excellent, and I enjoyed re-reading them. In fact, those two are probably a little better than this one. Overall Earthbound is pretty dark, and there isn't a lot of hope presented -- its just a series of scenes where the main characters attempt to deal with an all powerful adversary. Perhaps if the Others weren't so powerful this would be a better book, because you just know that everyone is doomed. I also respect authors who are willing to kill off lead characters, but that happens a lot in this book, which sort of bothered me. Perhaps that's what combat is really like though -- people you have an attachment to just stop being there. There's no warning or explanation. The end of this book isn't very satisfying. There better be a sequel or I'm going to be annoyed. Tags for this post: book joe_haldeman mars aliens exploration space_travel first_contact marsbound post_apocalypse combat Related posts: Starbound; Marsbound; Rendezvous With Rama; Red Mars; Mars: A Survival Guide; Camouflage ; The Coming; The Apocalypse Troll; Death Bringer; Battlefields Beyond Tomorrow ; East of the Sun, West of the Moon; The Moon Is A Harsh Mistress; Agent to the Stars; Runner; The Ship Who Sang ; Bolos 1: Honor of the Regiment; Iron Master; Cloud Warrior; Amtrak Wars; The Accidental Time Machine ; Earth Thunder

Comment

Syndicated 2013-01-18 15:11:00 from stillhq.com : Mikal, a geek from Canberra living in Silicon Valley (no blather posts)